CN107154940A - A kind of Internet of Things vulnerability scanning system and scan method - Google Patents
A kind of Internet of Things vulnerability scanning system and scan method Download PDFInfo
- Publication number
- CN107154940A CN107154940A CN201710329513.0A CN201710329513A CN107154940A CN 107154940 A CN107154940 A CN 107154940A CN 201710329513 A CN201710329513 A CN 201710329513A CN 107154940 A CN107154940 A CN 107154940A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- flow
- scanning
- vulnerability scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/22—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
Abstract
The invention discloses a kind of Internet of Things vulnerability scanning system and scan method;Including:Flow sniffer, scanner, Internet of Things vulnerability scanning server and the Web visualization terminals being sequentially connected;The flow sniffer, for passively listening for the communication flows in environment of internet of things, and active transmitted traffic probe data packet;Flow sniffer is transferred to link layer after the physical layer flow in actual environment of internet of things, and decapsulation are handled using software-defined radio;The scanner, for handling the data on flows captured from flow sniffer, is additionally operable to construction packet and is sent to by flow sniffer in target environment of internet of things;Beneficial effects of the present invention:It is capable of the progress leak analysis of real-time online and provides the advantage of specific aim suggestion.
Description
Technical field
The present invention relates to a kind of Internet of Things vulnerability scanning system and scan method.
Background technology
The communication technology agreement that Internet of Things is mainly used at present is is wirelessly transferred, mainly including Wi-Fi, Bluetooth technology, low
Power consumption Bluetooth technology, ZigBee, Z-Wave and RFID.Compare more than Ethernet and to be communicated using optical fiber and wire message way, thing
The communication data of networking is directly exposed in air, thus be easier by invader attack, and Internet of things node by
The limitation of electricity, computing capability and storage capacity, all causes environment of internet of things to be subject to external attack indirectly.
In Internet of Things architectural framework, the sensing layer residing for smart machine is in the bottom, is also most basic aspect, this
The information security of individual aspect is most susceptible to threat.Sensing layer is during information is collected, main employing wireless sensor network
Network (WSN) and REID (RFID).The safety problem of thing network sensing layer is substantially WSN systems and RFID system
Safety problem, wherein sensing layer are easier by security threat.Simultaneously as wireless communication technology is for terminal user
Opaque (user is to the mechanism and implementation process of radio communication and does not know about), therefore, wireless communication technology and Internet of Things
All easily there is careless mistake in the configuration of terminal node, such as the setting of weak passwurd, and (such as Wi-Fi leads to for the wrong choice of transmission method
Encrypted during letter using WEP), open unnecessary port, low-power consumption bluetooth technology (BLE) without using randomization MAC
Address, Zigbee network do not use password default encryption etc. using safe mode, RFID tag, in originally fragile channel radio
Possibility of the Internet of Things by external threat has further been aggravated in letter.Therefore Internet of Things vulnerability scanning system is needed to carry out detectable substance
Leak in the presence of networked environment, and conductive suggestion is proposed for leak, help user or enterprise to improve itself Internet of Things
The security of environment.
Therefore the present invention compensate for conventional internet vulnerability scanners (wire message way for being confined to Ethernet agreements swept
Retouch) deficiency, and in Internet of Things security study field, the leakage of environment of internet of things can be completed there is presently no an effective system
Hole is scanned, therefore the present invention has novelty.
The detection method for radio sensing network leak has following three kinds at present:
1. manual audit's method:Communication protocol is analyzed by craft, the leak in the presence of it is found, and make pin
Prove that the test of property it is present, and then suggest improvements.This need researcher agreement is appreciated in particular that in itself and
With very strong analysis ability, and the substantial amounts of time is needed, and be off-line analysis, speed is slow and inefficiency.
2. simulated strike method:Directly (such as flood attack and Denial of Service attack) is attacked wireless network, from
And judging the leak present in wireless network, this method can not find that the institute in radio sensing network is leaky comprehensively, and
Wireless network can be impacted, influence the transmission quality of objective network, and the leak that agreement exists in itself can not be determined, no
With specific aim.
3. Black-box Testing method:A large amount of mistakes or exception packet, and then observed object are sent into objective network
Network can these packets of normal process or network whether collapse, so as to judge that objective network whether there is leak, the party
The same specific aim of method is not strong, inefficiency.
The content of the invention
The purpose of the present invention is exactly that there is provided a kind of Internet of Things vulnerability scanning system and scanning side in order to solve the above problems
Method, it has the deficiency for making up existing internet vulnerability scanners, it is adaptable to (Internet of Things ring in extensive commercialization environment of internet of things
Equipment in border is all market-oriented, i.e., can buy in the market), it is capable of the carry out leak analysis of real-time online and gives
Go out the advantage of specific aim suggestion.
To achieve these goals, the present invention is adopted the following technical scheme that:
A kind of Internet of Things vulnerability scanning system, including:Flow sniffer, scanner, the Internet of Things leak being sequentially connected are swept
Retouch server and Web visualization terminals;
The flow sniffer, for passively listening for the communication flows in environment of internet of things, and active transmitted traffic
Probe data packet;Flow sniffer handles the physical layer flow in actual environment of internet of things using software-defined radio, and solves
Link layer is transferred to after encapsulation;
The scanner, for handling the data on flows captured from flow sniffer, is additionally operable to construction packet and passes through
Flow sniffer is sent in target environment of internet of things;
The Internet of Things vulnerability scanning server, after analyzing the data that flow sniffer is sended over, passes through
Source address, destination address and data flow, form the topological diagram of targeted scans network, determine to receive and dispatch flow in environment of internet of things
Each internet of things equipment and Link State;Complete to internet of things equipment model and internet of things equipment system for use in carrying version type
Number identification, and then recognition result is compared with Internet of Things vulnerability scan, if it find that leak, then visual by Web
Change terminal to user's display scan result, and generate PDF document and be stored in document database;Flow is carried out by block diagram
Display in real time;The block diagram includes:The transmission of each equipment receives flow, control flow, management flow and data traffic;
The Web visualizes terminal, for by RESTful api interfaces be connected with Internet of Things leak server there is provided
There is provided in real time to link between equipment and equipment in environment of internet of things for the page operated with the server interaction of Internet of Things leak
Monitoring, and to user show environment of internet of things topological diagram, nodal information, link details and various scanning forms.
The scanner, including:At flow extraction module, flow information collection module, packet sending module and storage
Manage module;
The flow extraction module, including several are for the traffic scanning submodule of different agreement, each traffic scanning
The packet that submodule is all used in transmitted traffic detection data Packet capturing network, and capture is returned according to the packet of transmission
The packet returned, and Internet of Things vulnerability scanning server is sent to by packet sending module analyzed;
Each traffic scanning submodule is used to be scanned target device;Scanning is divided into active scan and drive sweep,
Active scan can send packet, and target network environment is impacted, and drive sweep and only capturing has been deposited in atmosphere
Radio, objective network will not be had any impact;
The flow information collection module, for recording useful information, the useful information includes:Flow sniffer is captured
The timestamp of the data frame of the position of flow, the data frame sign for capturing flow and capture flow.
The packet sending module, the packet for server to be generated is sent in target network environment, is received
The information of return, and receive the flow of flow extraction module capture.
The storage processing module, is collected for the data to flow extraction module and flow information collection module and deposits
Storage.
The Internet of Things vulnerability scanning server, including:Apps server and database server;
The apps server, is that core processing service module is used to connect scanner, Internet of Things leakage there is provided interface
Hole database and Web visualization terminals, not only undertake the scheduling of various data transfers and task, and each for Treatment Analysis
Data on flows is planted, allows modules being capable of coordinated operation.
The database server, flow and analysis result for storing capture, visualizes terminal inquiry for Web and divides
Analysis.
The nodal information includes:No. ID, manufacturer, MAC Address, frame sum, signal number, SSID.
The link details includes:Source address, destination address, frame sum, data total amount size.
The scanning form includes:Leak title, leak danger classes, leak brief introduction, leak bulletin, discovery time, leakage
Hole type.
A kind of Internet of Things vulnerability scanning method, including:
Step (a1):Web visualization terminals receive the vulnerability scanning request of user, and send the requests to vulnerability scanning clothes
Business device;
Step (a2):Vulnerability scanning server is analyzed request, the object of requirement analysis is extracted, according to requirement analysis
Object Selection vulnerability scanning mode, vulnerability scanning mode is sent to scanner;
Step (a3):The vulnerability scanning mode that scanner is sended over according to vulnerability scanning server, to flow sniffer
Send sniff instruction;
Step (a4):Flow sniffer carries out sniff to the flow of environment of internet of things, finally by the data of capture by sweeping
Retouch device and feed back to vulnerability scanning server, finally give and show in Web visualization terminal-pair scanning results.
A kind of vulnerability scanning method of wireless sense network, including:
Step (b1):Flow sniffer carries out packet capturing in data link layer, and Internet of Things vulnerability scanning server is to being captured
Packet analyze and obtain analysis result, the topological diagram of environment of internet of things is determined according to analysis result;
Step (b2):Internet of Things vulnerability scanning server is analyzed the frame of capture, analyses whether there is malicious attack
Mode;The leak of radio node is just analyzed with received data packet by self-defined transmission packet if existing;
Step (b3):The unit type and system version model of node are determined by scanning;
Step (b4):Determine that node whether there is security breaches by the comparison with Internet of Things vulnerability scan;Scanning
Equipment whether there is telnet back doors leak;
Step (b5):Scan node judges whether that Web logs in administration interface, and default username to node and close
Code is scanned;
Step (b6):Scan the unencrypted service device title that bluetooth equipment is opened;
Step (b7):Scan whether Zigbee equipment uses safe mode, and for the transmission of Zigbee equipment keys
Pattern is scanned.
The analysis result includes destination address, source address, frame type and subtype;
The topological diagram of the environment of internet of things includes the Link State between equipment and equipment.
A kind of vulnerability scanning method of radio frequency identification, including:
Analysis by Internet of Things vulnerability scanning server to leak, and TR models are created, scanning card is that may be present
Leak, and then provide corresponding opinion.
Step (c1):Type of card is scanned, judges whether to belong to M1 cards;
Step (c2):Judge whether scanning card ID is writeable;
Step (c3):Judge whether scanning card encryption key belongs to weak passwurd.
In environment of internet of things, such as one wired home or in a smart office.
The flow sniffer, to be arranged at the terminal of holding in environment of internet of things, the flow sniffer and visualization
Terminal device is configured in raspberry and sent on 3 platforms together, the flow for monitoring various agreements;The flow sniffer, including:
It is configured to listen for wireless network card, bluetooth sniffer, Zigbee sniffers or the RFID card reader of pattern;
Target device refers in the actual internet of things equipment in true environment, such as wired home or other intelligent environments,
Such as soho router, network security camera, Smoke Sensor, intelligent bulbs, medical monitoring equipment, capturing movement equipment
Using Wi-Fi, BLE, Zigbee, RFID communication smart machine.
For the different leaks of different agreement, there is the scan mode of a setting, can manually select for some
Leak or some equipment are scanned, it would however also be possible to employ acquiescence is swept to whole leaks in Internet of Things vulnerability scan
Retouch;
The flow extraction module, extracts the extraneous information of link layer data frame from the packet of capture, described extra
Information includes source address, destination address, the subtype of frame or current service identifiers collection SSID;The flow extraction module is also caught
Obtain the data cell of Internet and application layer;Different data frames is parsed in different agreements;
Beneficial effects of the present invention:The present invention is using a kind of (Real-Time) in real time and passively (Passive) and main
The scan mode that dynamic (Active) is combined scans leak, main scanning the physical layer above flow (link layer, Internet, biography
Defeated layer and application layer), scanning network will not be influenced too much, and substantially increase the efficiency of scanning analysis.And can
By the storage of all scan datas into database, while the scanned environment topology figure of generation and traffic statistics figure, after being more
Further work is laid the groundwork.
Brief description of the drawings
Fig. 1 is the system architecture schematic diagram of the present invention;
Fig. 2 is present invention specific implementation schematic diagram;
Fig. 3 is present system operational mode figure;
Fig. 4 is scanning process schematic diagram of the present invention;
Fig. 5 is server hierarchies Organization Chart of the present invention;
Fig. 6 is the TR models of scanning RFID leak propositions in the present invention;
The client-server that Fig. 7 is the present invention implements configuration diagram;
Fig. 8 is scanner inner function module figure of the invention.
Embodiment
The invention will be further described with embodiment below in conjunction with the accompanying drawings.
As shown in figs. 1-7, the device of an Internet of Things vulnerability scanning, including four modules, be broadly divided into flow sniffer,
Next four modules are introduced by scanner, server, Web visualization terminals:
1st, flow sniffer (Traffic Interceptor):Flow sniffer model provides a flexible bottom
The method of access to wireless communication.It is mainly used to the passive communication flows monitored in environment of internet of things, and less active is visited
Packet is surveyed, physics laminar flow amount is handled using currently a popular and lower-cost software defined radio, and decapsulate
After be transmitted to link layer, be precondition the data on flows bags of various agreements can be grabbed, the system is using at a kind of equipment
A kind of method of agreement is managed, therefore flow sniff equipment is smelt including being easily configured to the wireless network card of " listening mode ", bluetooth
Visit device, Zigbee sniffers and RFID card reader.For the flow of monitoring wireless communication passive in environment of internet of things, active
The a small amount of data on flows detection bag of transmission, after tested without interference with normal communication process, influence very small.
2nd, scanner (Scanner):Scanner module is broadly divided into flow extraction module, flow information collection module, number
According to bag sending module, processing module is stored, as shown in Figure 8.Flow extraction module includes one group of vulnerability scanner disposed
(according to the different scanning submodule write for different agreement, call submodule to be scanned target device, the module can
Expand, new scan method can be added thereto.), for sending the flow for detecting flow and collecting return, flow extracts mould
Block checks each packet captured by flow sniffer, and the thinking passively analyzed using vulnerability scanners parses each
The data (such as head and afterbody, head are used for determining the information such as the type of frame, and afterbody is used for determining whether frame is effective) caught,
And extract the extraneous information in frame, such as source address and destination address, the subtype (Sub-type) of frame and current
SSID (service identifiers collection), in addition to obtaining topmost data frame, to it is other it is several layers of also obtain corresponding useful information, and then
Targetedly analyzed.Different frames needs to be analyzed on the basis of different agreements, because parsing Bluetooth
LE frames differ markedly from parsing Wi-Fi frames and Zigbee frames, and other layers are also in this way, therefore at data traffic more than link layer
Reason will carry out different extractions according to different agreement.Upper layer data flow is also such.
In addition, information collection module have recorded some extra useful informations, and such as blocker (refers to flow sniff
Device) flow that is captured on which channel, the timestamp when size (bit number) and frame of the frame of capture are captured.
Packet sending module is mainly responsible for transmission vulnerability scanning system in active probe engineering and (refers to server module in itself
Application server) generation packet into target network environment, the information of return is carried out again by flow extraction module
Capture is extracted.
The information that processing module is mainly responsible for collecting flow extraction module and information collection module is stored, clothes are sent to
Database in business is stored, and by the packet arrested in scanning process with pcap forms or the file of txt forms
Being sent to background data base, (the system server includes application server and database server, refers in the middle part of database server
The database affixed one's name to).
3rd, Internet of Things vulnerability scanning server (Server), server module is divided into apps server submodule sum
According to storehouse server submodule, it is respectively intended to management scanner and is communicated and stored various data with visualized operation terminal
(such as vulnerability scan, the data on flows storage of capture, configuration file storage and result storage).The server passes through
RESTful api interfaces are connected with real-time display end, and the main file for being responsible for sending flow sniffer is further analyzed
Work, and equipped with MySQL database for storing the flow and analysis result of capture, terminal inquiry and analysis are visualized for Web.
The function of mainly completing has:The topological diagram of targeted scans network is formed, each equipment and its link is determined
State;The identification to scanning device concrete model and system for use in carrying version model is completed, so as to be compared with vulnerability database, is found
Leak, and be stored in user by visualizing client display scan result, and PDF document can be generated in database, side
Just checked after;Flow is carried out to show in real time by block diagram and (includes transmission reception flow, the controlling stream of each equipment
Amount, management flow and data traffic), conveniently do and further analyze;
Increased income leak database management module (Open comprising most important Internet of Things in Internet of Things vulnerability scanning server
Source Vulnerability Database Management), it is mainly used to the leak that storage has been found that, is used as scanning
When the database that contrasts;And an interface is externally provided, allows more project support persons to improve Internet of Things vulnerability database, and be
This sets the leak of administrator role, examination and approval project supporter or Internet of Things fan offer, and to leak according to agreement
(Wi-Fi, low-power consumption bluetooth (BLE), ZigBee, RFID) classifies, and vulnerability database is added after the completion of examination & approval, and notify leak to provide
Person.
4th, Web visualized operations module (Visualizer), passes through RESTful api interfaces and Internet of Things leak server
Be connected the page that operates there is provided server interaction there is provided in real time to equipment in environment of internet of things and between link monitoring,
And topological diagram, the details of node and the various scanning forms of environment of internet of things are shown to user.
Flowed present invention also offers a kind of method of Internet of Things vulnerability scanning, including a kind of vulnerability scanning method and scanning
Journey:
Vulnerability scanning method, this method mainly calls the scanning imaging system that scanner end has been disposed to different agreement by user
Equipment be scanned, return to scan text information, through server extraction and analysis and then return to user.
Vulnerability scanning has a fixed flow, select first leak scan mode (such as Wi-Fi, BLE, Zigbee,
RFID), then it is scanned, scanning result is provided by visualized operation interface after the completion of scanning and targetedly advised,
And generate the scan report of PDF format, and then generate to do after flow analysis block diagram is provided with and further analyze.
The invention mainly includes being scanned two kinds of common technology of Internet of things, including wireless sense network (WSN) and penetrates
Frequency recognizes the scanning of (RFID), as follows:
Wireless terminal device scan module:Packet capturing is carried out in data link layer by sniff instrument, the bag captured is entered
Row analysis (destination address, source address, frame type, subtype) come determine environment of internet of things topological diagram (it is determined that each equipment with
And between link circuit condition), and analyze frames of these captures and whether there is malicious attack mode, and then by making transmission data by oneself
Bag analyzes the leak of radio node with received data packet;By scan determine node unit type and version model by with
The comparison of vulnerability scan come determine node whether there is security breaches, scanning device whether there is telnet back doors leak, sweep
Retouch node and log in administration interface with the presence or absence of Web, and its default username password is scanned, scanning bluetooth equipment is opened
Whether unencrypted service title, scanning Zigbee equipment is swept using safe mode and the transmission mode for its key
Retouch.
The scan mode of RFID module:The invention RFID leak analysis and detection mode, first by leak
Analysis, and create TR models, scan card leak that may be present, and then provide corresponding opinion.
This patent Internet of Things vulnerability scanning core strategy:Scan instruction is sent to server, server by Web client
The specific vulnerability scanning application program being invoked on scanner is performed, and server, server are returned result to after the completion of scanning
Handle after the data and then returned to Web client.
Vulnerability database database table
Although above-mentioned the embodiment of the present invention is described with reference to accompanying drawing, not to present invention protection model
The limitation enclosed, one of ordinary skill in the art should be understood that on the basis of technical scheme those skilled in the art are not
Need to pay various modifications or deform still within protection scope of the present invention that creative work can make.
Claims (10)
1. a kind of Internet of Things vulnerability scanning system, it is characterized in that, including:Flow sniffer, scanner, the Internet of Things being sequentially connected
Vulnerability scanning server and Web visualization terminals;
The flow sniffer, for passively listening for the communication flows in environment of internet of things, and the detection of active transmitted traffic
Packet;Flow sniffer handles the physical layer flow in actual environment of internet of things using software-defined radio, and decapsulates
After be transferred to link layer;
The scanner, for handling the data on flows captured from flow sniffer, is additionally operable to construction packet and passes through flow
Sniffer is sent in target environment of internet of things;
The Internet of Things vulnerability scanning server, after analyzing the data that flow sniffer is sended over, by source
Location, destination address and data flow, form the topological diagram of targeted scans network, determine to receive and dispatch the every of flow in environment of internet of things
One internet of things equipment and Link State;Complete to internet of things equipment model and internet of things equipment system for use in carrying version model
Identification, and then recognition result is compared with Internet of Things vulnerability scan, if it find that leak, then visualized eventually by Web
Hold to user's display scan result, and generate PDF document and be stored in document database;Flow is carried out by block diagram real-time
Display;The block diagram includes:The transmission of each equipment receives flow, control flow, management flow and data traffic;
The Web visualizes terminal, for by RESTful api interfaces be connected with Internet of Things leak server there is provided with thing
Network leak server interaction operation the page there is provided in real time in environment of internet of things between equipment and equipment link prison
Survey, and to user show environment of internet of things topological diagram, nodal information, link details and various scanning forms.
2. a kind of Internet of Things vulnerability scanning system as claimed in claim 1, it is characterized in that,
The scanner, including:Flow extraction module, flow information collection module, packet sending module and storage processing mould
Block;
The flow extraction module, including several are for the traffic scanning submodule of different agreement, each traffic scanning submodule
The packet that block is all used in transmitted traffic detection data Packet capturing network, and capture is returned according to the packet of transmission
Packet, and Internet of Things vulnerability scanning server is sent to by packet sending module analyzed;
Each traffic scanning submodule is used to be scanned target device;Scanning is divided into active scan and drive sweep, actively
Scanning can send packet, and target network environment be impacted, and drive sweep and only capture what is existed in atmosphere
Radio, will not have any impact to objective network;
The flow information collection module, for recording useful information, the useful information includes:Flow sniffer captures flow
Position, capture flow data frame sign and capture flow data frame timestamp;
The packet sending module, the packet for server to be generated is sent in target network environment, is received and is returned
Information, and receive flow extraction module capture flow;
The storage processing module, storage is collected for the data to flow extraction module and flow information collection module.
3. a kind of Internet of Things vulnerability scanning system as claimed in claim 1, it is characterized in that,
The Internet of Things vulnerability scanning server, including:Apps server and database server;
The apps server, is that core processing service module is used to connect scanner, Internet of Things leak number there is provided interface
According to storehouse and Web visualization terminals, the scheduling of various data transfers and task is not only undertaken, and for the various streams of Treatment Analysis
Data are measured, allow modules being capable of coordinated operation;
The database server, flow and analysis result for storing capture, terminal inquiry and analysis are visualized for Web.
4. a kind of Internet of Things vulnerability scanning system as claimed in claim 1, it is characterized in that,
The nodal information includes:No. ID, manufacturer, MAC Address, frame sum, signal number, SSID;
The link details includes:Source address, destination address, frame sum, data total amount size;
The scanning form includes:Leak title, leak danger classes, leak brief introduction, leak bulletin, discovery time, leak class
Type.
5. a kind of Internet of Things vulnerability scanning system as claimed in claim 1, it is characterized in that,
The flow sniffer, to be arranged at the terminal of holding in environment of internet of things, the flow sniffer and visualization terminal
Equipment is configured in raspberry and sent on 3 platforms together, the flow for monitoring various agreements;The flow sniffer, including:By with
It is set to wireless network card, bluetooth sniffer, Zigbee sniffers or the RFID card reader of listening mode.
6. a kind of Internet of Things vulnerability scanning system as claimed in claim 2, it is characterized in that,
Target device refers in the actual internet of things equipment in true environment, such as wired home or other intelligent environments, for example
Soho router, network security camera, Smoke Sensor, intelligent bulbs, medical monitoring equipment, capturing movement equipment etc. are used
Wi-Fi, BLE, Zigbee, the smart machine of RFID communication.
7. a kind of Internet of Things vulnerability scanning system as claimed in claim 1, it is characterized in that,
For the different leaks of different agreement, there is the scan mode of a setting, allow to manually select for some leak
Or some equipment is scanned, also allow to be scanned whole leaks in Internet of Things vulnerability scan using acquiescence;
The flow extraction module, extracts the extraneous information of link layer data frame, the extraneous information from the packet of capture
Including source address, destination address, the subtype of frame or current service identifiers collection SSID;The flow extraction module also captures net
The data cell of network layers and application layer;Different data frames is parsed in different agreements.
8. a kind of Internet of Things vulnerability scanning method, it is characterized in that, including:
Step (a1):Web visualization terminals receive the vulnerability scanning request of user, and send the requests to vulnerability scanning service
Device;
Step (a2):Vulnerability scanning server is analyzed request, the object of requirement analysis is extracted, according to pair of requirement analysis
Mode as selecting vulnerability scanning, scanner is sent to by vulnerability scanning mode;
Step (a3):The vulnerability scanning mode that scanner is sended over according to vulnerability scanning server, sends to flow sniffer
Sniff is instructed;
Step (a4):Flow sniffer carries out sniff to the flow of environment of internet of things, and the data of capture finally are passed through into scanner
Vulnerability scanning server is fed back to, finally gives and shows in Web visualization terminal-pair scanning results.
9. a kind of vulnerability scanning method of wireless sense network, it is characterized in that, including:
Step (b1):Flow sniffer carries out packet capturing in data link layer, and Internet of Things vulnerability scanning server is to the number that is captured
Analyzed according to bag progress and obtain analysis result, the topological diagram of environment of internet of things is determined according to analysis result;
Step (b2):Internet of Things vulnerability scanning server is analyzed the frame of capture, analyses whether there is malicious attack mode;
The leak of radio node is just analyzed with received data packet by self-defined transmission packet if existing;
Step (b3):The unit type and system version model of node are determined by scanning;
Step (b4):Determine that node whether there is security breaches by the comparison with Internet of Things vulnerability scan;Scanning device
With the presence or absence of telnet back doors leak;
Step (b5):Scan node judges whether that Web logs in administration interface, and the default username and password of node are entered
Row scanning;
Step (b6):Scan the unencrypted service device title that bluetooth equipment is opened;
Step (b7):Scan whether Zigbee equipment uses safe mode, and for the transmission mode of Zigbee equipment keys
It is scanned.
10. a kind of vulnerability scanning method of radio frequency identification, it is characterized in that, including:
Analysis by Internet of Things vulnerability scanning server to leak, and TR models are created, card leak that may be present is scanned,
And then provide corresponding opinion;
Step (c1):Type of card is scanned, judges whether to belong to M1 cards;
Step (c2):Judge whether scanning card ID is writeable;
Step (c3):Judge whether scanning card encryption key belongs to weak passwurd.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710329513.0A CN107154940A (en) | 2017-05-11 | 2017-05-11 | A kind of Internet of Things vulnerability scanning system and scan method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710329513.0A CN107154940A (en) | 2017-05-11 | 2017-05-11 | A kind of Internet of Things vulnerability scanning system and scan method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107154940A true CN107154940A (en) | 2017-09-12 |
Family
ID=59794307
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710329513.0A Pending CN107154940A (en) | 2017-05-11 | 2017-05-11 | A kind of Internet of Things vulnerability scanning system and scan method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107154940A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107819758A (en) * | 2017-11-03 | 2018-03-20 | 北京知道未来信息技术有限公司 | A kind of IP Camera leak remote detecting method and device |
CN108063755A (en) * | 2017-11-08 | 2018-05-22 | 携程旅游信息技术(上海)有限公司 | vulnerability scanning method, system, storage medium and electronic equipment |
CN108574698A (en) * | 2018-06-14 | 2018-09-25 | 浙江远望信息股份有限公司 | A method of network safety prevention is carried out to Internet of things system |
CN108900351A (en) * | 2018-07-13 | 2018-11-27 | 中国科学院信息工程研究所 | The recognition methods of Intranet device type and device |
CN108989299A (en) * | 2018-07-03 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of monitoring method and system of internet of things equipment loophole |
CN109067763A (en) * | 2018-08-29 | 2018-12-21 | 阿里巴巴集团控股有限公司 | Safety detection method, equipment and device |
CN109547978A (en) * | 2018-12-06 | 2019-03-29 | 西安电子科技大学 | IoT intimacy protection system and method based on wireless flow filling |
CN109819469A (en) * | 2019-03-05 | 2019-05-28 | 武汉虹信通信技术有限责任公司 | Internet of Things sniff plateform system and its method based on multi-carrier |
CN111211940A (en) * | 2019-12-31 | 2020-05-29 | 杭州迪普科技股份有限公司 | Internet of things front-end equipment test system |
CN111614459A (en) * | 2020-05-29 | 2020-09-01 | 上海交通大学 | Side channel analysis method for BLE key negotiation protocol |
CN111756598A (en) * | 2020-06-23 | 2020-10-09 | 北京凌云信安科技有限公司 | Asset discovery method based on combination of active detection and flow analysis |
CN111427336B (en) * | 2020-05-08 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, device and equipment for industrial control system |
CN112640513A (en) * | 2020-12-04 | 2021-04-09 | 华为技术有限公司 | Method and device for detecting Bluetooth vulnerability attack |
CN112632559A (en) * | 2020-12-24 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Vulnerability automatic verification method, device, equipment and storage medium |
CN113678419A (en) * | 2019-01-30 | 2021-11-19 | 帕洛阿尔托网络(以色列分析)有限公司 | Port scan detection |
CN114817929A (en) * | 2022-04-19 | 2022-07-29 | 北京天防安全科技有限公司 | Method and device for dynamically tracking and processing vulnerability of Internet of things, electronic equipment and medium |
CN115086961A (en) * | 2022-05-16 | 2022-09-20 | 芯原微电子(上海)股份有限公司 | Wireless packet capturing method, system, device and medium based on user-defined filtering |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106161426A (en) * | 2016-06-08 | 2016-11-23 | 北京工业大学 | A kind of vulnerability scanning method being applied to industry Internet of Things |
-
2017
- 2017-05-11 CN CN201710329513.0A patent/CN107154940A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106161426A (en) * | 2016-06-08 | 2016-11-23 | 北京工业大学 | A kind of vulnerability scanning method being applied to industry Internet of Things |
Non-Patent Citations (3)
Title |
---|
李德兵等: "在线探测技术与应用", 《计算机与信息技术》 * |
王先锋等: "一种用于无线传感器网络的嗅探器", 《2009年中国高校通信类院系学术研讨会论文集》 * |
黄乐: "RFID系统安全研究及漏洞扫描工具设计", 《中国优秀硕士论文电子期刊网》 * |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107819758A (en) * | 2017-11-03 | 2018-03-20 | 北京知道未来信息技术有限公司 | A kind of IP Camera leak remote detecting method and device |
CN108063755A (en) * | 2017-11-08 | 2018-05-22 | 携程旅游信息技术(上海)有限公司 | vulnerability scanning method, system, storage medium and electronic equipment |
CN108063755B (en) * | 2017-11-08 | 2020-12-15 | 携程旅游信息技术(上海)有限公司 | Vulnerability scanning method, system, storage medium and electronic equipment |
CN108574698A (en) * | 2018-06-14 | 2018-09-25 | 浙江远望信息股份有限公司 | A method of network safety prevention is carried out to Internet of things system |
CN108574698B (en) * | 2018-06-14 | 2020-11-27 | 浙江远望信息股份有限公司 | Method for carrying out network security protection on Internet of things system |
CN108989299A (en) * | 2018-07-03 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of monitoring method and system of internet of things equipment loophole |
CN108900351A (en) * | 2018-07-13 | 2018-11-27 | 中国科学院信息工程研究所 | The recognition methods of Intranet device type and device |
CN109067763B (en) * | 2018-08-29 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Safety detection method, equipment and device |
WO2020042773A1 (en) * | 2018-08-29 | 2020-03-05 | 阿里巴巴集团控股有限公司 | Security detection method, apparatus and device |
CN109067763A (en) * | 2018-08-29 | 2018-12-21 | 阿里巴巴集团控股有限公司 | Safety detection method, equipment and device |
TWI716013B (en) * | 2018-08-29 | 2021-01-11 | 開曼群島商創新先進技術有限公司 | Safety detection method, equipment and device |
US11201886B2 (en) | 2018-08-29 | 2021-12-14 | Advanced New Technologies Co., Ltd. | Security detection method, device, and apparatus |
CN109547978A (en) * | 2018-12-06 | 2019-03-29 | 西安电子科技大学 | IoT intimacy protection system and method based on wireless flow filling |
CN113678419A (en) * | 2019-01-30 | 2021-11-19 | 帕洛阿尔托网络(以色列分析)有限公司 | Port scan detection |
CN113678419B (en) * | 2019-01-30 | 2023-06-23 | 帕洛阿尔托网络(以色列分析)有限公司 | Port scan detection |
CN109819469A (en) * | 2019-03-05 | 2019-05-28 | 武汉虹信通信技术有限责任公司 | Internet of Things sniff plateform system and its method based on multi-carrier |
CN111211940A (en) * | 2019-12-31 | 2020-05-29 | 杭州迪普科技股份有限公司 | Internet of things front-end equipment test system |
CN111427336B (en) * | 2020-05-08 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, device and equipment for industrial control system |
CN111614459A (en) * | 2020-05-29 | 2020-09-01 | 上海交通大学 | Side channel analysis method for BLE key negotiation protocol |
CN111614459B (en) * | 2020-05-29 | 2021-08-06 | 上海交通大学 | Side channel analysis method for BLE key negotiation protocol |
CN111756598A (en) * | 2020-06-23 | 2020-10-09 | 北京凌云信安科技有限公司 | Asset discovery method based on combination of active detection and flow analysis |
CN112640513B (en) * | 2020-12-04 | 2022-05-13 | 华为技术有限公司 | Method and device for detecting Bluetooth vulnerability attack |
CN112640513A (en) * | 2020-12-04 | 2021-04-09 | 华为技术有限公司 | Method and device for detecting Bluetooth vulnerability attack |
CN112632559A (en) * | 2020-12-24 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Vulnerability automatic verification method, device, equipment and storage medium |
CN114817929A (en) * | 2022-04-19 | 2022-07-29 | 北京天防安全科技有限公司 | Method and device for dynamically tracking and processing vulnerability of Internet of things, electronic equipment and medium |
CN115086961A (en) * | 2022-05-16 | 2022-09-20 | 芯原微电子(上海)股份有限公司 | Wireless packet capturing method, system, device and medium based on user-defined filtering |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107154940A (en) | A kind of Internet of Things vulnerability scanning system and scan method | |
CN102082690B (en) | Passive finding equipment and method of network topology | |
CN103200230B (en) | Based on the vulnerability scanning method of Mobile agent | |
Sivanathan et al. | Can we classify an iot device using tcp port scan? | |
CN108737417A (en) | A kind of vulnerability checking method towards industrial control system | |
CN108429637B (en) | System and method for dynamically detecting process layer network topology of intelligent substation | |
CN106603507A (en) | Method and system for automatically completing network security self checking | |
CN105227383B (en) | A kind of device of network topology investigation | |
Asrodia et al. | Network traffic analysis using packet sniffer | |
CN102244593A (en) | Network communication at unaddressed network devices | |
CN107493300A (en) | Network security protection system | |
CN107888605A (en) | A kind of Internet of Things cloud platform traffic security analysis method and system | |
CN103763695B (en) | Method for evaluating safety of internet of things | |
CN103840976B (en) | Communication means, light device and the network equipment | |
CN106341656A (en) | Video equipment monitoring method, device and system | |
CN108768691A (en) | Ethernet automated topology based on snmp protocol is found and cyclic position detecting system | |
CN106878241A (en) | Malice hot spot detecting method and system | |
CN106899978A (en) | A kind of wireless network attack localization method | |
CN107124715B (en) | Safety protection performance evaluation method suitable for electric power wireless private network terminal | |
CN109617972A (en) | A kind of connection method for building up, device, electronic equipment and storage medium | |
KR20120132086A (en) | System for detecting unauthorized AP and method for detecting thereof | |
CN107241461B (en) | MAC Address acquisition methods, gateway, network authentication apparatus and network system | |
CN208890823U (en) | It supports to realize the device for carrying out Network Isolation properties of product testing and control | |
CN206332851U (en) | A kind of discovery device for access point of going fishing | |
CN102957581A (en) | Network access detection system and network access detection method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170912 |
|
RJ01 | Rejection of invention patent application after publication |