CN106921658A - A kind of router device safety protecting method and system - Google Patents
A kind of router device safety protecting method and system Download PDFInfo
- Publication number
- CN106921658A CN106921658A CN201710079278.6A CN201710079278A CN106921658A CN 106921658 A CN106921658 A CN 106921658A CN 201710079278 A CN201710079278 A CN 201710079278A CN 106921658 A CN106921658 A CN 106921658A
- Authority
- CN
- China
- Prior art keywords
- router
- visitor
- face
- module
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/168—Feature extraction; Face representation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Oral & Maxillofacial Surgery (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- General Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Human Computer Interaction (AREA)
- Biomedical Technology (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Collating Specific Patterns (AREA)
- Image Analysis (AREA)
Abstract
The invention discloses a kind of router device safety protecting method, including:Obtain visitor's facial image;Identification visitor's facial image, extracts face characteristic, and face characteristic is matched with the training face characteristic for prestoring, if can match, allows visitor to pass through router access network or remote bind;Otherwise, denied access person accesses or remote bind request.In addition router device security protection system is also disclosed, including at least one router, and the server being connected with router, also include being integrated in the image typing module in router or in the intelligent terminal being connected with router communication, server includes signal dispatcher module, memory module, face recognition module, and face recognition module is connected with signal dispatcher module, memory module respectively.Realize that routing device WIFI shares and apparatus bound using face recognition technology, effectively protected WIFI skeleton keys etc. present on market to crack the defect of router password.
Description
Technical field
The present invention relates to router field, more particularly to a kind of router device safety protecting method and system.
Background technology
2016 is the artificial intelligence first year, and " 13 " planning outline proposes " artificial intelligence " once first, will be intelligent hard
Part, artificial intelligence are classified as strategic industry development ranks.And especially intelligent router in Intelligent hardware, as broadband it is shared in extremely
It is crucial hinge, it is indispensable in smart home, user can be helped to realize the shared of network bandwidth resources.But existing skill
Seldom Intelligent routing guard system, application number/Patent No. CN200710099615 can be realized using artificial intelligence technology in art
Patent《Wireless adsl routers based on wapi》, there is provided the adsl router of WAPI standards, what compatible country proposed
WAPI encryption methods, can allow the more safe and reliable use Wi-Fi bandwidth resources of user to be shared.But the password of the invention
Cipher mode is complicated, and majority WIFI decomposers still are able to decryption, network intrusions is carried out to router, or carry out illegal
Handset binding.Additionally, when user forgets login password, it is necessary to restarter and carry out password and reset.
The content of the invention
The present invention provides a kind of router device safety protecting method and system, is used to solve protection system of the prior art
System defect, has effectively protected WIFI skeleton keys etc. present on market to crack the defect of router password, while user is no longer
Worry is forgotten to access WIFI passwords, the present invention, it is intended to realize that routing device WIFI is shared and equipment is tied up using face recognition technology
It is fixed, the security protection of enhanced routers equipment.
A kind of router device safety protecting method of the present invention, including step:
S100 obtains visitor's facial image;
S200 recognizes visitor's facial image, face characteristic is extracted, by the face characteristic and the training of human for prestoring
Face feature is matched, if can match, into step S300, otherwise, into step S400;
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
Face recognition technology is applied into Router Security protection above, effectively protects WIFI present on market omnipotent
Key etc. cracks the defect of router password, while user no longer worries to forget to access WIFI passwords, only needs brush face to be capable of achieving
Log in.Consumer's Experience is greatly enhanced.
Further, also including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test specimens
This;
S020 trains the figure of the user for allowing to access as training sample using the algorithm model of model conversion layer
As block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to the test
Sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
Typing allows the multiple images of the user for accessing network or remote bind to carry out learning training, obtains the image of user
Characteristic, is easy to set criterion.
Further, the step S200 includes step:
S210 carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains the visitor
The characteristic value of facial image block;
The characteristic value that S220 calculates the facial image block of the visitor is square with the training sample image characteristic value
Root error;
Whether S230 judges the root-mean-square error less than or equal to the level threshold value, if so, then enter step S300,
Otherwise enter step S400.
This programme employs Non-negative Matrix Factorization method and decomposition dimensionality reduction is carried out to facial image, introduces unsupervised canonical feature
Extraction scheme, extracts to face characteristic;By sub-space feature matching mechanisms, the user's face bound and connect will be allowed
Feature into base, characteristic matching is carried out with outer visitor.If the characteristic value of the facial image block of visitor and the training sample
The root-mean-square error of image feature value then allows the visitor being total to using the router less than or equal to the level threshold value for setting
Enjoy broadband resource or remote bind function.
Further, the step S010 includes:
S011 shoots the user for allowing to access network or remote bind by camera, obtains face image data, as
Training sample and test sample;
S012 sends to WEB server the face image data through load equalizer;
S013 is stored to HDFS the face image data by message queue Kafka clusters;
S014 flows real-time processing data by the Spark Streaming, and by the data output after treatment to RDS industry
Business database.
In WEB server, each single server storage is limited, therefore using HDFS (Hadoop
Distributed File System) integrated member file distribution systems, view data storage is in WEB server (cloud service
Device) in each server in.Load equalizer be responsible for human face data request be distributed in a service cluster can
With server get on storage process, Kafka is distributed post-subscription message system.It is initially developed by LinkedIn companies,
Kafka is one distributed, can be divided, persistent log services of redundancy backup.It is mainly for the treatment of active
Stream data.By using Kafka message systems in this programme, it is ensured that the accuracy of data transfer, loss of data is prevented.
Spark Streaming are a kind of real-time Computational frame of structure on Spark, and it extends Spark and processes extensive streaming
The ability of data.Data processing speed is enhanced by flowing real-time processing data using Spark Streaming, is reached in real time
It is required that.Data storage after treatment is easy in RDS (Remote Data Service remote date transmissions) Service Database
Face identification system is called.
Further, step is also included after the step S400:
S450 counts the visiting number of times of the visitor, judges whether the visiting number of times of the visitor is pre- more than the router
If count value, if so, then enter step S460;
The visitor is drawn in blacklist by S460, carries out invasion shielding.
Invasion shielding mechanism, the multiple invader of automatic defensive are set.
On the other hand, present invention also offers a kind of router device security protection system, including at least one router,
And the server being connected with the router, also including image typing module, described image typing module is integrated in router
Or in the intelligent terminal being connected with the router communication, for shooting typing facial image, wherein, the server
Including signal dispatcher module, memory module, face recognition module, the face recognition module receives and dispatches mould with described information respectively
Block, memory module are connected, and:
The router obtains visitor's facial image by described image typing module, and by visitor's face figure
Signal dispatcher module as being transferred to the server;
The face recognition module of the server recognizes visitor's facial image, face characteristic is extracted, by the people
The training face characteristic that face feature prestores with the memory module is matched, and matching result is received and dispatched into mould by described information
Block informs the router, if can match, the router allow the visitor by router access network or
Person's remote bind, otherwise, refuses Accessor Access's network or remote bind request.
Further, the face recognition module of the server includes training unit, wherein:
Described image typing module typing allows the multiple images of the user for accessing network or remote bind as the people
Face identification module is used for training sample and the test sample trained and test;
The training sample and test sample of described image typing module typing are transferred to the clothes by the router
The memory module of business device is stored;
The training unit using model conversion layer algorithm model training it is described as training sample allow access
The image block matrix of user, obtains same subscriber test sample image block eigenvalue and training sample image block eigenvalue, according to
The test sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
Further, the face recognition module of the server also includes recognition unit and judging unit, the identification list
Unit is connected with the training unit and judging unit respectively, wherein:
The recognition unit carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains institute
State the characteristic value of visitor's facial image block;
The recognition unit calculates the characteristic value and the training sample image feature of the facial image block of the visitor
The root-mean-square error of value;
The judging unit judges whether the root-mean-square error is less than or equal to the threshold value of the standard, and sentences described
Disconnected result informs the router by described information transceiver module, if the root-mean-square error is less than or equal to the standard
Threshold value, then the router permission visitor is by router access network or remote bind, otherwise, the refusal visit
The person of asking accesses network or remote bind request.
Further, the server also includes the data processing module being connected with the memory module, wherein, the clothes
Business device is WEB server, and:
The data processing module of the WEB server flows real-time processing visitor people by the Spark Streaming
Face image data, and the data after treatment are stored by the memory module.
Further, whether the visiting number of times of visitor described in the router statistics, judge the visiting number of times of the visitor
More than the default count value of the router, if so, the visitor then is drawn in into blacklist, invasion shielding is carried out.
It is of the invention compared with existing best technique, the present invention has the beneficial effect that:
1st, the access router WiFi technology of the cipher mode of password, the use of novelty of the present invention are input into for WPA etc.
Face recognition technology, carries out face matching, effectively makes up similar WIFI skeleton keys and cracks WIFI passwords, and then access router
Or carry out illegal handset binding operation.
2nd, the face recognition scheme that the invention is used, as the guard system of router, when user forgets Password, only needs
Will be by intelligent APP or intelligent router typing face information.
3 and artificial intelligence agreeing with background, integrated with industry development direction, it is the intelligence that there is password leakage with universality
Can the consistent methodology of hardware offer.
4th, creative introducing invasion shielding count value is proposed, Intelligent hardware business can help user certainly using the program
Move or shield foreign invaders manually.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to that will make needed for embodiment description
Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these accompanying drawings
His accompanying drawing.
Fig. 1 is the flow chart of router device safety protecting method embodiment one of the present invention;
Fig. 2 is another embodiment flow chart of router device safety protecting method of the present invention;
Fig. 3 is router device security protection system embodiment block diagram of the present invention;
Fig. 4 is that the system framework in router device security protection system embodiment of the present invention builds schematic diagram;
Fig. 5 is that the face in router device security protection system embodiment of the present invention asks real-time typing layer framework to be illustrated
Figure;
Fig. 6 is threshold value setting mechanism flow chart in router device safety protecting method embodiment of the present invention.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into
One step ground is described in detail, it is clear that described embodiment is only some embodiments of the invention, rather than whole implementation
Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made
All other embodiment, belongs to the scope of protection of the invention.
A kind of router device safety protecting method of the present invention, embodiment one is as shown in figure 1, including step:
S100 obtains visitor's facial image;
S200 recognizes visitor's facial image, face characteristic is extracted, by the face characteristic and the training of human for prestoring
Face feature is matched, if can match, into step S300, otherwise, into step S400;
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
The user's face characteristic bound and connect will be allowed to prestore storage in the present embodiment, spy is carried out with outer visitor's feature
Matching is levied, if can match, allows the user to use the shared bandwidth resources and remote bind function of the router.This implementation
Face recognition technology of the example based on artificial intelligence is combined with router, by face recognition technology, can be very good protection outer
Router is conducted interviews to invade visitor, takes the broadband resource of user, and remote handset bindings can be carried out.The present invention
There is good protective action to the means that skeleton key etc. cracks WIFI passwords.
Preferably, in above-described embodiment, also including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test specimens
This;
S020 trains the figure of the user for allowing to access as training sample using the algorithm model of model conversion layer
As block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to the test
Sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
Before recognition of face is carried out to visitor, the user of study permission network or remote bind need to be first trained (below
Abbreviation validated user) image.By the training of great amount of images, the face information to validated user carries out feature learning, training.Tool
Body, Algorithms of Non-Negative Matrix Factorization, NMF are employed, full name is non-negative matrix factorization, Chinese
It is " Non-negative Matrix Factorization ".The thought of NMF:V=WH (W weight matrix, H eigenmatrixes, V original matrixs), by calculating from original
Matrix extracts two different matrixes of weight and feature out.Belong to an algorithm for unsupervised learning, wherein restrictive condition just
It is that all elements in W and H will be more than 0.
The adaptable fields of NMF are very wide, and coming from its local characteristics to things has explanation well.In numerous applications
In, NMF can be used to find the characteristics of image in database, be easy to fast automatic identification application;It can be found that the semanteme of document
The degree of correlation, for information automatic indexing and extraction;Gene etc. can be recognized in DNA array analysis.We will be to this work one
A little descriptions substantially.But maximally effective is exactly image processing field, be image procossing Data Dimensionality Reduction and feature extraction one
Plant effective ways.Image includes substantial amounts of data in itself, and computer is typically deposited the information of image according to the form of matrix
Put, the identification, analysis and treatment for image are also to be carried out on the basis of matrix.These features enable NMF methods very
It is combined with image analysis processing well.
Model conversion layer:The image block nonnegative matrix collection V=[v of the user of the given user data for allowing to access1,
v2..., vm], vU, i∈Rm×n, give set matrix R=[r1, r2..., rm], rU, i∈ R, to may have access to WIFI or allow long-range work(
The user images block matrix that can be bound.Face recognition algorithms based on Non-negative Matrix Factorization, it is intended to structure forecast matrix
Obviously,It is made up of factor W, H of two low-ranks, intrinsic dimensionality is f.Its Mathematical Modeling is to minimize object function to scheme observation
As block matrix matrix is minimum with the minimum variance of the prediction matrix for allowing to access, its object function mathematical form is as follows:
Wherein, b is scoring linear bias, and mu is calibrated for constant.
The system uses face recognition technology, in essence, it is intended to which the original face information of typing is carried out into subspace
Feature learning, training, whether the WIFI or the face information of apparatus bound of carrying out to be identified is really to be reconstructed after with feature learning
Face information matched.The system given threshold discrimination technology, according to large-scale data trained values (same subscriber test specimens
The average root-mean-square error of this image value and training sample image value) set the level threshold value of judgement, subsequently to be known
Do not judge.
A kind of another embodiment of router device safety protecting method of the present invention, as shown in Fig. 2 including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test specimens
This;
S020 trains the figure of the user for allowing to access as training sample using the algorithm model of model conversion layer
As block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to the test
Sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
S100 obtains visitor's facial image;
S210 carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains the visitor
The characteristic value of facial image block;
The characteristic value that S220 calculates the facial image block of the visitor is square with the training sample image characteristic value
Root error;
Whether S230 judges the root-mean-square error less than or equal to the level threshold value, if so, then enter step S300,
Otherwise enter step S400.
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
In the present embodiment, after training the characteristic data value and threshold value that learn to get validated user, unknown access
Person equally can carry out decomposition cooling to the visitor when application is accessed using Non-negative Matrix Factorization method, extract facial image block
Feature, obtains the characteristic value of the facial image block of the visitor.Then the facial image block eigenvalue and instruction of the visitor are calculated
Whether the root-mean-square error of the face characteristic value of experienced validated user, judge the error less than or equal to level threshold value, if small
In or then judge that the visitor is validated user if being equal to, it is allowed to it passes through router access network or the remote bind road
By device, otherwise judge that the user is not validated user, refuse its request.
It is further preferred that the step S010 includes:
S011 shoots the user for allowing to access network or remote bind by camera, obtains face image data, as
Training sample and test sample;
S012 sends to WEB server the face image data through load equalizer;
S013 is stored to HDFS the face image data by message queue Kafka clusters;
S014 flows real-time processing data by the Spark Streaming, and by the data output after treatment to RDS industry
Business database.
Above-mentioned camera can be the camera on the built-in camera of router, or intelligent terminal, such as
The user directly logged in by APP can directly be imaged by mobile phone camera.The present invention is on the basis of router Intelligent hardware
On, the mobile phone A PP image input functions using mobile Internet of Things of novelty, with the ingenious combination of face recognition technology, can promote
The fast development of current Intelligent hardware.
Load equalizer is used to network request be distributed to available server in a service cluster up, these services
The cluster that device is constituted may be collectively referred to as Cloud Server or WEB server, in order to ensure data transfer accuracy, prevent data from losing
Lose, the present embodiment additionally uses the distributed message systems of Kafka, by message queue Kafka clusters by the facial image
Data storage is to HDFS.HDFS (Hadoop Distributed File System) is a distributed file system.Finally,
Additionally use the face request of Spark Streaming stream real-time processing visitors, compared to traditional batch processing, this programme
Real-time is higher, can acceleration treatment, real time processed images data.Data storage after treatment is in RDS (Remote Data
Service remote date transmissions) in Service Database, even if the benefit of RDS is wherein one server being out of order, also will not
The recognition of face of whole system is influenceed, can be by other server process.Data storage after treatment is in RDS Service Databases
In after give again face identification system be identified treatment.
Preferably, on the basis of any of the above-described embodiment, step is also included after the step S400:
S450 counts the visiting number of times of the visitor, judges whether the visiting number of times of the visitor is pre- more than the router
If count value, if so, then enter step S460;
The visitor is drawn in blacklist by S460, carries out invasion shielding.
The invention introduce invasion shielding count value, to exotic invasive, visitor counts, when count value reach it is pre-
If numerical value after, router carries out associated shield.Intelligent hardware business can help the shielding of user's automatic or manual using the program
Foreign invaders.
Based on same invention thought, present invention also offers a kind of router device security protection system, the system can
Using the safety protecting method in any of the above-described embodiment, specifically, as shown in figure 3, security protection system of the present invention is included extremely
A few router 200, and the server 300 being connected with the router 200, also including image typing module 100, the figure
As typing module 100 is integrated in router 200 or in the intelligent terminal communicated to connect with the router 200, use
In shooting typing facial image, wherein, the server 300 includes signal dispatcher module 310, memory module 330, recognition of face
Module 320, the face recognition module 320 is connected with described information transceiver module 310, memory module 330 respectively, and:
The router 200 obtains visitor's facial image by described image typing module 100, and by the visitor
Facial image is transferred to the signal dispatcher module 310 of the server 300;
The face recognition module 320 of the server 300 recognizes visitor's facial image, extracts face characteristic, will
The training face characteristic that the face characteristic prestores with the memory module 330 is matched, and by matching result by described
Signal dispatcher module 310 informs the router 200, if can match, the router 200 allows the visitor to lead to
Cross router 200 and access network or remote bind, otherwise, refuse Accessor Access's network or remote bind request.
By face recognition technology come the security protection of enhanced routers equipment, user need to only take the photograph by the way that router is built-in
As the APP on head or intelligent terminal carries out captured in real-time upload, router and its server using the camera for carrying
Complete the authentication of user, by with prestore allow to access network or bind the validated user image of the router compared
It is right, see whether belong to validated user therein, you can determine whether that there is access network or remote bind authority.By recognition of face
Technology is applied in the security protection of router, is solved and what majority WIFI decomposer energy decryptions were invaded network
Problem, additionally, user is when login password is forgotten, without restarter 200 and carries out password reset, only needs brush face
Certification is realized, it is simple and quick, effectively and safe.
Preferably, the face recognition module 320 of the server 300 includes training unit 321, wherein:
The typing of described image typing module 100 allows the multiple images of the user for accessing network or remote bind as described
Face recognition module 320 is used for training sample and the test sample trained and test;
Be transferred to for the training sample and test sample of the typing of described image typing module 100 by the router 200
The memory module 330 of the server 300 is stored;
The training unit 321 using model conversion layer algorithm model training it is described as training sample allow access
User image block matrix, obtain same subscriber test sample image block eigenvalue and training sample image block eigenvalue, root
According to the test sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, standard threshold is obtained
Value.
It is worth noting that, level threshold value here, is exactly not necessarily the test sample image block eigenvalue of same subscriber
With the average root-mean-square error of training sample image block eigenvalue, the simply reasonable set according to this average root-mean-square error
One level threshold value.Certainly, we also can just using this average root-mean-square error as level threshold value.
It is further preferred that the face recognition module 320 of the server 300 also includes recognition unit 322 and judges single
Unit 323, the recognition unit 322 is connected with the training unit 321 and judging unit 323 respectively, wherein:
The recognition unit 322 carries out decomposition dimensionality reduction using Non-negative Matrix Factorization method to visitor's facial image, obtains
Take the characteristic value of visitor's facial image block;
The characteristic value that the recognition unit 322 calculates the facial image block of the visitor is special with the training sample image
The root-mean-square error of value indicative;
The judging unit 323 judge the root-mean-square error whether less than or equal to the standard threshold value, and by institute
State judged result and the router 200 is informed by described information transceiver module 310, if the root-mean-square error is less than or equal to
The threshold value of the standard, then the router 200 allow the visitor to be accessed by router 200 network or remotely to tie up
It is fixed, otherwise, refuse Accessor Access's network or remote bind request.
The present embodiment is specifically described and the technical scheme of recognition of face is carried out by nonnegative matrix, including system training
Practise, the setting mechanism of threshold value and follow-up visitor's face judge identification.
Preferably, the server 300 also includes the data processing module 340 being connected with the memory module 330, its
In, the server 300 is WEB server, and:
The data processing module 340 of the WEB server flows real-time processing visitor by the Spark Streaming
Face image data, and the data after treatment are stored by the memory module 330.
In the present embodiment, server is WEB server 300, that is, Cloud Server, the server big equivalent to
Group, due to the not just router that we face, and the memory capacity of individual server is also limited, such as, if largely
Router when being required to typing and allowing to login user's face information of router access network or remote bind, then Ke Yitong
Overload balanced device is allocated, and assigns it to be processed in the different server in Cloud Server.In order to ensure number
According to accuracy, prevent loss of data, can introduce distributed information system, data are through message queue Kafka clusters by face
Data storage is to HDFS.Memory space can reasonably be utilized by HDFS.Finally, flowed by Spark Streaming real-time
Treatment face image data, and by the data storage after treatment in RDS Service Databases, it is easy to follow-up recognition of face to judge to adjust
With.
Preferably, in any of the above-described security protection system embodiment, also including:The router 200 counts the visit
Whether the person of asking comes to visit number of times, the visiting number of times of the visitor is judged more than the default count value of the router 200, if so, then
The visitor is drawn in into blacklist, invasion shielding is carried out.
Specifically, if visitor A attempts to access that network, if judging after entering recognition of face certification, the visitor A does not possess
Access rights, then the visiting number of times of visitor request will be recorded, notify that server end retains the face of the visitor
Information, the visitor often comes to visit once, will add up visiting number of times, if visiting number of times reached default count value when
Wait, the visitor A will be piped off and be shielded.
Last embodiment of the invention, router device security protection system of the invention uses safety of the invention
Means of defence, specifically, including the following aspects:
1st, guard system technology realizes layer:
Framework establishment schematic diagram is as shown in figure 4, implementing process and being:
A () opens router as user, the present invention will limit online or remote bind cell-phone number and carry out the people of remote-control
Face information is put in storage that (user directly logged in by APP can be direct by mobile phone camera by the router of built-in camera
Storage);
B () present invention is by operation system using face information typing to Service Database as face information to be identified.When
When user wishes to be surfed the Net by WIFI next time, it is only necessary to open camera function, typing face information, industry by mobile phone A PP
Business this face information of Input of Data;
C () is associated with face information to be identified, calculates according to the recognizer of face system, when identification progress
More than defined threshold scope, then user is allowed to access the router or carry out remote bind function.
2nd, face asks real-time typing layer framework map schematic diagram, specific as shown in Figure 5:
A () present invention is by face real time data typing through load equalizer to WEB server;
B (), to ensure data transfer accuracy, data are through message queue Kafka clusters by human face data storage value HDFS;
C () Spark Streaming flow real-time processing data, and by digital output value RDS Service Databases.
3rd, face system solution:
(1) model conversion layer:The image block nonnegative matrix collection V=[v of the user of the given user data for allowing to access1,
v2..., vm], vU, i∈Rm×n, give set matrix R=[r1, r2..., rm], rU, i∈ R, to may have access to WIFI or allow long-range work(
The user images block matrix that can be bound.Face recognition algorithms based on Non-negative Matrix Factorization, it is intended to structure forecast matrix
Obviously,It is made up of factor W, H of two low-ranks, intrinsic dimensionality is f.Its Mathematical Modeling is to minimize object function to scheme observation
As block matrix matrix is minimum with the minimum variance of the prediction matrix for allowing to access, its object function mathematical form is as follows:
Wherein, b is scoring linear bias, and mu is calibrated for constant.
(2) threshold value setting and setting count value mechanism
The system uses face recognition technology, in essence, it is intended to which the original face information of typing is carried out into subspace
Feature learning, training, whether the WIFI or the face information of apparatus bound of carrying out to be identified is really to be reconstructed after with feature learning
Face information matched.The system given threshold discrimination technology, given threshold (according to large-scale data trained values), when logical
Cross face identification system calculating threshold value (using the facial image characteristic block value of facial image block value to be identified and typing training,
Calculate average root-mean-square error ∝, as threshold value) less than or equal to regulation level threshold value φ, then allow user access WIFI or
Remote bind function is allowed, the user of the level threshold value φ for threshold value less than regulation carries out isolated user counting, router master
Can sets itself count value be used for protect multiple illegal invasion person, setting count value ∈ (system meeting of the system according to router master
Reference value is set), carry out invasion shielding, the multiple invader of automatic protection.Threshold value set mechanism flow chart as shown in fig. 6, including:
S610 reads facial image block value r to be identifiedu,i;
S620 calculates ru,iWith the face characteristic value w of the reconstruct of trainingu,khk,iAverage root-mean-square error;
Whether S630 judges the average root-mean-square error ∝ less than or equal to training threshold value (i.e. level threshold value) Φ, if
Then enter step S640, otherwise into step S650;
S640 allows user to access WIFI or remote bind;
S650 refuses the guest request, and the visitor is carried out to count μ times;
Whether S660 judges μ more than router master ga(u)ge devise a stratagem numerical value ∈;
If the counting μ values of the S670 visitors are devised a stratagem numerical value ∈ more than router master ga(u)ge, the visitor is shielded.
(3) the selected mechanism of facial image and Threshold-training:
A. the present invention needs the face number of advance typing
Router device guard system based on face recognition technology needs advance typing and trains face characteristic, so
Typing allows to access the user of WIFI or remote bind, it is necessary to typing multiple facial image.
B. the Threshold-training value φ of training in advance of the invention
Before the system is realized, the threshold value that can accurately distinguish different faces need to be gone out from magnanimity human face data concentration training.
The accuracy of the threshold value, has substantial connection with the size of data sample, and its strategy is:The sample of selected recognition of face to be trained
Collection, carries out large-scale training, and calculate the observation people that can recognize that identical face using the algorithm model of model conversion layer
Face image value and prediction facial image value average root-mean-square error, the threshold value φ that the value is judged as system, while calculating
The observation face value of non-equal facial image and average root-mean-square the error ∝, wherein φ of prediction facial image>∝.
Guard system face identification system realizes that layer false code is as follows:
The present invention provides a kind of smart routing devices guard system of the face recognition technology based on artificial intelligence, using people
Face identification technology, can be very good protection exotic invasive visitor and router is conducted interviews, and take the broadband resource of user, and can
Remote handset bindings can be carried out.The present invention has good protective action to the means that skeleton key etc. cracks WIFI passwords,
Additionally, the system is on the basis of router Intelligent hardware, the mobile phone A PP image typing work(using mobile Internet of Things of novelty
Can, with the ingenious combination of face recognition technology, the fast development of current Intelligent hardware can be promoted.
, but those skilled in the art once know basic creation although preferred embodiments of the present invention have been described
Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include excellent
Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention
God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of router device safety protecting method, it is characterised in that including step:
S100 obtains visitor's facial image;
S200 recognizes visitor's facial image, extracts face characteristic, and the face characteristic is special with the training face for prestoring
Levy and matched, if can match, into step S300, otherwise, into step S400;
S300 allows the visitor to pass through router access network or remote bind;
S400 refuses Accessor Access's network or remote bind request.
2. a kind of router device safety protecting method according to claim 1, it is characterised in that also including step:
The pre- typings of S010 allow the multiple images of the user for accessing network or remote bind as training sample and test sample;
S020 trains the image block of the user for allowing to access as training sample using the algorithm model of model conversion layer
Matrix, obtains same subscriber test sample image block eigenvalue and training sample image block eigenvalue, according to the test sample
Image block characteristics value and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
3. a kind of router device safety protecting method according to claim 2, it is characterised in that the step S200 bags
Include step:
S210 carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains visitor's face
The characteristic value of image block;
The root mean square of characteristic value and the training sample image characteristic value that S220 calculates the facial image block of the visitor is missed
Difference;
Whether S230 judges the root-mean-square error less than or equal to the level threshold value, if so, then enter step S300, otherwise
Into step S400.
4. a kind of router device safety protecting method according to claim 2, it is characterised in that the step S010 bags
Include:
S011 shoots the user for allowing to access network or remote bind by camera, face image data is obtained, as training
Sample and test sample;
S012 sends to WEB server the face image data through load equalizer;
S013 is stored to HDFS the face image data by message queue Kafka clusters;
S014 flows real-time processing data by the Spark Streaming, and by the data output after treatment to RDS business numbers
According to storehouse.
5. a kind of router device safety protecting method according to claim any one of 1-4, it is characterised in that described
Also include step after step S400:
S450 counts the visiting number of times of the visitor, judges whether the visiting number of times of the visitor is default more than the router
Count value, if so, then entering step S460;
The visitor is drawn in blacklist by S460, carries out invasion shielding.
6. a kind of router device security protection system, it is characterised in that including at least one router, and with the router
Connected server, also including image typing module, described image typing module be integrated in router or positioned at it is described
In the intelligent terminal of router communication connection, for shooting typing facial image, wherein, the server includes information transmit-receive mould
Block, memory module, face recognition module, the face recognition module are connected with described information transceiver module, memory module respectively,
And:
The router obtains visitor's facial image by described image typing module, and visitor's facial image is passed
It is defeated by the signal dispatcher module of the server;
The face recognition module of the server recognizes visitor's facial image, extracts face characteristic, and the face is special
Levy the training face characteristic prestored with the memory module to be matched, and matching result is accused by described information transceiver module
Know the router, if can match, the router allows the visitor by router access network or remote
Journey is bound, and otherwise, refuses Accessor Access's network or remote bind request.
7. a kind of router device security protection system according to claim 6, it is characterised in that the people of the server
Face identification module includes training unit, wherein:
Described image typing module typing allows the multiple images of the user for accessing network or remote bind to know as the face
Other module is used for training sample and the test sample trained and test;
The training sample and test sample of described image typing module typing are transferred to the server by the router
Memory module stored;
The training unit trains the user for allowing to access as training sample using the algorithm model of model conversion layer
Image block matrix, same subscriber test sample image block eigenvalue and training sample image block eigenvalue are obtained, according to described
Test sample image block eigenvalue and the average root-mean-square error of training sample image block eigenvalue, obtain level threshold value.
8. a kind of router device security protection system according to claim 7, it is characterised in that the people of the server
Face identification module also include recognition unit and judging unit, the recognition unit respectively with the training unit and judging unit phase
Connect, wherein:
The recognition unit carries out decomposition dimensionality reduction to visitor's facial image using Non-negative Matrix Factorization method, obtains the visit
The characteristic value of the person's of asking facial image block;
The recognition unit calculates the characteristic value and the training sample image characteristic value of the facial image block of the visitor
Root-mean-square error;
The judging unit judges whether the root-mean-square error is less than or equal to the threshold value of the standard, and judges to tie by described
Fruit informs the router by described information transceiver module, if the root-mean-square error is less than or equal to the threshold of the standard
Value, then the router permission visitor is by router access network or remote bind, otherwise, the refusal access
Person accesses network or remote bind request.
9. a kind of router device security protection system according to claim 7, it is characterised in that the server is also wrapped
The data processing module being connected with the memory module is included, wherein, the server is WEB server, and:
The data processing module of the WEB server flows real-time processing visitor's face figure by the Spark Streaming
As data, and the data after treatment are stored by the memory module.
10. a kind of router device security protection system according to claim any one of 6-9, it is characterised in that
Whether visitor described in the router statistics comes to visit number of times, judge the visiting number of times of the visitor more than the router
Default count value, if so, the visitor then is drawn in into blacklist, carries out invasion shielding.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079278.6A CN106921658A (en) | 2017-02-14 | 2017-02-14 | A kind of router device safety protecting method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079278.6A CN106921658A (en) | 2017-02-14 | 2017-02-14 | A kind of router device safety protecting method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106921658A true CN106921658A (en) | 2017-07-04 |
Family
ID=59453702
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710079278.6A Pending CN106921658A (en) | 2017-02-14 | 2017-02-14 | A kind of router device safety protecting method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106921658A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107302804A (en) * | 2017-08-09 | 2017-10-27 | 无锡北斗星通信息科技有限公司 | Adaptive WIFI link screening arrangements |
CN107733804A (en) * | 2017-11-06 | 2018-02-23 | 戴惠英 | Multifunctional monitoring type wireless router |
CN107995122A (en) * | 2017-12-08 | 2018-05-04 | 深圳市田言智能科技有限公司 | A kind of energy-conserving intelligent router |
CN107992798A (en) * | 2017-11-08 | 2018-05-04 | 广东格兰仕集团有限公司 | Utilize the application method of image recognition technology bound device |
CN113132372A (en) * | 2021-04-13 | 2021-07-16 | 深圳市奇虎智能科技有限公司 | Security monitoring method and system for networking equipment of router, storage medium and computer equipment |
CN117880564A (en) * | 2024-01-12 | 2024-04-12 | 江苏睿鸿网络技术股份有限公司 | Intelligent processing system for video application program access request |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060120604A1 (en) * | 2004-12-07 | 2006-06-08 | Samsung Electronics Co., Ltd. | Method and apparatus for detecting multi-view faces |
CN103294199A (en) * | 2013-06-09 | 2013-09-11 | 华东理工大学 | Silent information identifying system based on facial muscle sound signals |
CN103402203A (en) * | 2013-07-30 | 2013-11-20 | 深圳市中兴移动通信有限公司 | Biological recognition-based rapid access method and device |
CN204392290U (en) * | 2015-02-12 | 2015-06-10 | 厦门众联世纪科技有限公司 | A kind of recognition of face router |
CN106255109A (en) * | 2016-09-14 | 2016-12-21 | 上海斐讯数据通信技术有限公司 | Router purview certification method and system |
-
2017
- 2017-02-14 CN CN201710079278.6A patent/CN106921658A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060120604A1 (en) * | 2004-12-07 | 2006-06-08 | Samsung Electronics Co., Ltd. | Method and apparatus for detecting multi-view faces |
CN103294199A (en) * | 2013-06-09 | 2013-09-11 | 华东理工大学 | Silent information identifying system based on facial muscle sound signals |
CN103402203A (en) * | 2013-07-30 | 2013-11-20 | 深圳市中兴移动通信有限公司 | Biological recognition-based rapid access method and device |
CN204392290U (en) * | 2015-02-12 | 2015-06-10 | 厦门众联世纪科技有限公司 | A kind of recognition of face router |
CN106255109A (en) * | 2016-09-14 | 2016-12-21 | 上海斐讯数据通信技术有限公司 | Router purview certification method and system |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107302804A (en) * | 2017-08-09 | 2017-10-27 | 无锡北斗星通信息科技有限公司 | Adaptive WIFI link screening arrangements |
CN107302804B (en) * | 2017-08-09 | 2018-06-19 | 厦门久凌创新科技有限公司 | Adaptive WIFI link screening arrangements |
CN107733804A (en) * | 2017-11-06 | 2018-02-23 | 戴惠英 | Multifunctional monitoring type wireless router |
CN107733804B (en) * | 2017-11-06 | 2018-05-29 | 北京百卓网络技术有限公司 | Multifunctional monitoring type wireless router |
CN107992798A (en) * | 2017-11-08 | 2018-05-04 | 广东格兰仕集团有限公司 | Utilize the application method of image recognition technology bound device |
CN107995122A (en) * | 2017-12-08 | 2018-05-04 | 深圳市田言智能科技有限公司 | A kind of energy-conserving intelligent router |
CN113132372A (en) * | 2021-04-13 | 2021-07-16 | 深圳市奇虎智能科技有限公司 | Security monitoring method and system for networking equipment of router, storage medium and computer equipment |
CN117880564A (en) * | 2024-01-12 | 2024-04-12 | 江苏睿鸿网络技术股份有限公司 | Intelligent processing system for video application program access request |
CN117880564B (en) * | 2024-01-12 | 2024-06-11 | 江苏睿鸿网络技术股份有限公司 | Intelligent processing system for video application program access request |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106921658A (en) | A kind of router device safety protecting method and system | |
CN107770263A (en) | A kind of internet-of-things terminal safety access method and system based on edge calculations | |
CN104539598B (en) | A kind of improvement Tor secure anonymous network communicating system and method | |
CN112667717B (en) | Transformer substation inspection information processing method and device, computer equipment and storage medium | |
CN108306887A (en) | Internet of Things safety based on block chain protects system with data-privacy | |
CN109495476A (en) | A kind of data flow difference method for secret protection and system based on edge calculations | |
CN113225736B (en) | Unmanned aerial vehicle cluster node authentication method and device, storage medium and computer equipment | |
CN108810026A (en) | A kind of terminal device access authentication method and system based on edge calculations | |
Wang et al. | Disaster relief wireless networks: Challenges and solutions | |
CN111241561B (en) | User certifiable outsourcing image denoising method based on privacy protection | |
CN107454064A (en) | A kind of visitor's authentication method and system based on public number | |
CN107454040A (en) | The login method and device of application | |
CN108121902A (en) | Recognition of face identity Self-certified method and system | |
CN114024744A (en) | Information protection method and artificial intelligence platform based on cloud computing and block chain service | |
CN109995769A (en) | A kind of trans-regional full actual time safety management-control method of multi-tier Heterogeneous | |
Weng et al. | A lightweight anonymous authentication and secure communication scheme for fog computing services | |
US8386777B2 (en) | Method and equipment for controlling access to multicast IP flows | |
CN115802357B (en) | 5G distribution network feeder automation control method, device and storage medium | |
CN115134080B (en) | Data transmission method and device based on security encryption chip | |
CN106161499A (en) | Off-line acquisition system for WLAN | |
CN116170806B (en) | Smart power grid LWM2M protocol security access control method and system | |
CN107995616A (en) | The processing method and device of user behavior data | |
CN108183906B (en) | Time bank management method, server, terminal, storage medium and electronic device | |
CN116155592A (en) | AMI network intrusion detection method based on DCGAN federal semi-supervised learning | |
CN114124512B (en) | WeChat small program supervision method, system and equipment based on flow behavior analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170704 |