CN108134780A - Based on the smart home security device security judgment method for improving decision Tree algorithms - Google Patents

Based on the smart home security device security judgment method for improving decision Tree algorithms Download PDF

Info

Publication number
CN108134780A
CN108134780A CN201711319190.3A CN201711319190A CN108134780A CN 108134780 A CN108134780 A CN 108134780A CN 201711319190 A CN201711319190 A CN 201711319190A CN 108134780 A CN108134780 A CN 108134780A
Authority
CN
China
Prior art keywords
decision tree
data
smart home
home security
pcap
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711319190.3A
Other languages
Chinese (zh)
Other versions
CN108134780B (en
Inventor
彭大芹
项磊
李司坤
谢金凤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201711319190.3A priority Critical patent/CN108134780B/en
Publication of CN108134780A publication Critical patent/CN108134780A/en
Application granted granted Critical
Publication of CN108134780B publication Critical patent/CN108134780B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及本发明提供了一种基于改进决策树算法的智能家居安防设备安全性判断方法,属于智能家居安防设备网络信息安全技术领域。本发明方法通过抓取Pcap数据包,分析数据包,训练决策树模型,提取控制命令数据,伪造传输数据,实现对智能家居安防设备的控制,进而判断其是否安全。本发明的建模充分利用了市场上主流的智能家居安防设备,能够为消费者判断市场上出现的智能安防设备的安全性提供一个可靠的技术支持。

The invention relates to a method for judging the safety of smart home security equipment based on an improved decision tree algorithm, which belongs to the technical field of network information security of smart home security equipment. The method of the invention captures Pcap data packets, analyzes the data packets, trains a decision tree model, extracts control command data, forges transmission data, realizes the control of the smart home security equipment, and then judges whether it is safe. The modeling of the present invention makes full use of mainstream smart home security equipment on the market, and can provide reliable technical support for consumers to judge the safety of intelligent security equipment appearing on the market.

Description

基于改进决策树算法的智能家居安防设备安全性判断方法Safety Judgment Method for Smart Home Security Equipment Based on Improved Decision Tree Algorithm

技术领域technical field

本发明属于智能家居安防设备网络信息安全技术领域,涉及基于改进决策树算法的智能家居安防设备安全性判断方法。The invention belongs to the technical field of network information security of smart home security equipment, and relates to a security judgment method for smart home security equipment based on an improved decision tree algorithm.

背景技术Background technique

近年来,随着物联网的快速发展,智能家居、智能安防等也深受消费者的喜爱。为满足各消费群体的需求,智能家居产品也各种各样,其中不乏有一些为缩小成本而降低产品质量的厂商。经调查市场上出现了很多未加密的智能安防产品,导致智能安防设备安全性不够,不能为消费者提供强有力的保障。In recent years, with the rapid development of the Internet of Things, smart home and smart security are also deeply loved by consumers. In order to meet the needs of various consumer groups, smart home products are also various, and some of them have reduced product quality in order to reduce costs. After investigation, there are many unencrypted smart security products in the market, resulting in insufficient security of smart security equipment and unable to provide strong protection for consumers.

发明内容Contents of the invention

有鉴于此,本发明的目的在于提供一种基于改进决策树算法的智能家居安防设备安全性判断方法,对智能安防设备安全性进行识别,为用户选择产品提供了很好的帮助。In view of this, the purpose of the present invention is to provide a security judgment method for smart home security equipment based on an improved decision tree algorithm, which can identify the security of intelligent security equipment and provide good help for users to choose products.

为达到上述目的,本发明提供如下技术方案:To achieve the above object, the present invention provides the following technical solutions:

基于改进决策树算法的智能家居安防设备安全性判断方法,该方法包含如下步骤:A method for judging the safety of smart home security equipment based on an improved decision tree algorithm, the method includes the following steps:

S1:构建wifi环境,通过控制智能家居安防设备,获取手机控制智能家居安防设备的Pcap数据包;S1: Build a wifi environment, and obtain the Pcap data packet of the smart home security device controlled by the mobile phone by controlling the smart home security device;

S2:分析抓取的Pcap数据包中传输层的TCP协议中携带的数据,对Pcap数据包进行过滤;S2: Analyze the data carried in the TCP protocol of the transport layer in the captured Pcap data packet, and filter the Pcap data packet;

S3:根据获取和分析的结果生成决策树的训练集和测试集;S3: Generate the training set and test set of the decision tree according to the obtained and analyzed results;

S4:利用训练集训练决策树模型,并利用测试集对决策树模型进行检验,确定改进的决策树模型;S4: Use the training set to train the decision tree model, and use the test set to test the decision tree model to determine the improved decision tree model;

S5:将训练好的改进的决策树模型对Pcap数据包中的控制命令数据是否加密进行判断,若为加密则判断智能家居安防设备安全性高,若为非加密则判断智能家居安防设备安全性低。S5: Use the trained improved decision tree model to judge whether the control command data in the Pcap data packet is encrypted. If it is encrypted, it is judged that the security of the smart home security device is high. If it is not encrypted, it is judged that the security of the smart home security device is high. Low.

进一步,步骤S1具体包含如下步骤:Further, step S1 specifically includes the following steps:

S11:通过个人电脑开启wifi热点;S11: Turn on the wifi hotspot through the personal computer;

S12:将手机和智能安防设备均连接至所述wifi热点;S12: Connect both the mobile phone and the smart security device to the wifi hotspot;

S13:通过手机登录APP对智能安防设备进行布防或撤防控制,并打开wireshark软件进行pcap数据包的抓取。S13: Log in to the APP through the mobile phone to arm or disarm the smart security device, and open the wireshark software to capture pcap data packets.

进一步,步骤S13中满足抓取过程中根据需要选择控制智能家居安防设备,同时保证抓取的时间大于20分钟。Further, in step S13, the smart home security device can be selected and controlled according to needs during the capturing process, while ensuring that the capturing time is greater than 20 minutes.

进一步,步骤S2具体包含如下步骤:Further, step S2 specifically includes the following steps:

S21:过滤掉Pcap数据包中非TCP协议数据帧;S21: filter out non-TCP protocol data frames in the Pcap data packet;

S22:判断TCP协议数据帧中数据data位长度是否大于0,过滤掉data位长度小于等于0的数据帧;S22: judging whether the data bit length in the TCP protocol data frame is greater than 0, and filtering out the data frames whose data bit length is less than or equal to 0;

S23:获取Pcap数据包中的时间戳,计算相近两帧的时间差,过滤掉时间差不固定的数据帧;S23: Obtain the timestamp in the Pcap data packet, calculate the time difference between two similar frames, and filter out the data frames whose time difference is not fixed;

S24:分析Pcap数据包剩余的数据帧,并记录IP及对应的data位数据长度。S24: Analyze the remaining data frames of the Pcap data packet, and record the IP and the corresponding data bit length.

进一步,步骤S4具体包含如下步骤:Further, step S4 specifically includes the following steps:

S41:假定训练集和测试集的样本总数为N个,每个样本均包含M个特征属性;S41: Assume that the total number of samples in the training set and the test set is N, and each sample contains M feature attributes;

S42:从N个样本中随机抽取N1个作为训练集,剩余N-N1个样本作为测试集;S42: Randomly select N1 samples from N samples as a training set, and the remaining N-N1 samples are used as a test set;

S43:根据训练集的N1个样本,生成决策树T;S43: Generate a decision tree T according to the N1 samples of the training set;

S44:将剩余测试集的N-N1样本对决策树T的精确度进行判断,若能够准确判断则输出决策树T为决策树模型,若不能准确判断,则将误差数据与等量的训练集的样本进行替换,形成新的测试集与训练集,重复步骤S43直至决策树T能够准确判断。S44: Judge the accuracy of the decision tree T from the N-N1 samples of the remaining test set, if it can be judged accurately, then output the decision tree T as a decision tree model, if it cannot be judged accurately, then compare the error data with the same amount of training set Replace the samples to form a new test set and training set, and repeat step S43 until the decision tree T can be accurately judged.

进一步,步骤S5具体包含如下步骤:Further, step S5 specifically includes the following steps:

S51:连续两次获取Pcap数据包中的控制命令数据;S51: Obtain the control command data in the Pcap data packet twice in a row;

S52:通过对两次抓取的控制命令数据进行字符串逐一匹配,对两次抓取的控制命令数据进行对比;S52: comparing the control command data captured twice by performing character string matching on the control command data captured twice;

S53:若两次的控制命令数据对比数据位变化的字节数小于10字节,且通过个人电脑伪造TCP数据能够对智能家居安防设备进行控制,则判断为非加密,且安全性低;S53: If the number of bytes of the two control command data compared with the data bit change is less than 10 bytes, and the smart home security device can be controlled by forging the TCP data through the personal computer, it is judged as non-encrypted and the security is low;

若两次的控制命令数据对比数据位变化的字节数大于等于10字节,且通过个人电脑伪造TCP数据不能对智能家居安防设备进行控制,则判断为加密,且安全性高。If the number of bytes changed by comparing the data bits of the two control command data is greater than or equal to 10 bytes, and the smart home security device cannot be controlled by forging TCP data through a personal computer, it is judged to be encrypted and has high security.

本发明的有益效果在于:本发明的方法一方面能够帮助消费者准确判断市场上智能家居安防设备的安全性,另一方面也能为特定政府部门监管智能家居市场提供技术支持。The beneficial effect of the present invention is that: on the one hand, the method of the present invention can help consumers to accurately judge the safety of smart home security equipment on the market, and on the other hand, can also provide technical support for specific government departments to supervise the smart home market.

附图说明Description of drawings

为了使本发明的目的、技术方案和有益效果更加清楚,本发明提供如下附图进行说明:In order to make the purpose, technical scheme and beneficial effect of the present invention clearer, the present invention provides the following drawings for illustration:

图1为本发明流程图;Fig. 1 is a flowchart of the present invention;

图2为经IP过滤的Pcap数据包示意图;Fig. 2 is the schematic diagram of the Pcap packet filtered by IP;

图3为抓取的Pcap文件基本格式示意图;Fig. 3 is the schematic diagram of the basic format of the captured Pcap file;

图4为提取智能家居安防设备控制命令的改进决策树模型图。Figure 4 is a diagram of an improved decision tree model for extracting control commands of smart home security equipment.

具体实施方式Detailed ways

下面将结合附图,对本发明的优选实施例进行详细的描述。The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

本发明根据wifi环境下获取的智能家居安防设备控制命令来判断其设备的安全性。智能家居安防设备的控制命令根据智能家居安防设备的品牌有着直接关系,需要获取其控制命令来判断该品牌是否值得购买。The present invention judges the safety of the device according to the control command of the smart home security device acquired in the wifi environment. The control commands of smart home security equipment are directly related to the brand of smart home security equipment, and it is necessary to obtain its control commands to judge whether the brand is worth buying.

下面结合附图与具体实施例对本发明作进一步说明:Below in conjunction with accompanying drawing and specific embodiment the present invention will be further described:

一种基于改进决策树算法对智能家居安防设备安全性识别方法。如图1是整个识别方法的流程图。A security identification method for smart home security equipment based on an improved decision tree algorithm. Figure 1 is a flow chart of the entire recognition method.

1、抓取wifi环境下智能家居安防设备的Pcap数据包。1. Capture the Pcap data packets of smart home security devices in the wifi environment.

2、过滤Pcap数据包,确定该环境下有哪些智能家居安防设备。2. Filter Pcap data packets to determine which smart home security devices exist in this environment.

3、建立决策树模型,对该Pcap数据包进行分析、识别3. Establish a decision tree model to analyze and identify the Pcap data packet

将个人电脑打开wifi热点模拟路由器,将手机、电脑和智能安防设备等都连接到该wifi热点上,用手机登录刻锐、小米等智能安防设备的APP,对设备进行布防或撤防控制,打开wireshark软件进行数据包的抓取,抓取过程中根据需要选择控制智能家居安防设备,同时保证抓取的时间大于20分钟以上,并将抓取数据包按照决策树模型的训练集和测试集进行分类。Turn on the wifi hotspot on the personal computer to simulate the router, connect the mobile phone, computer and smart security equipment to the wifi hotspot, log in the APP of Kerui, Xiaomi and other smart security equipment with the mobile phone, arm or disarm the device, and open wireshark The software captures the data packets. During the capture process, it chooses to control the smart home security equipment according to the needs, and at the same time ensures that the capture time is more than 20 minutes, and classifies the captured data packets according to the training set and test set of the decision tree model. .

根据连接在路由器上的IP,再根据智能家居安防设备定时与服务器进行交互的特点,然后确定哪个IP是智能家居安防设备的IP。如图2所示。很明确的显示了该设备的心跳数据,即重复发送并且data位长度大于0。According to the IP connected to the router, and according to the characteristics of the smart home security device interacting with the server regularly, then determine which IP is the IP of the smart home security device. as shown in picture 2. It clearly shows the heartbeat data of the device, that is, it is sent repeatedly and the data bit length is greater than 0.

根据Pcap数据包的结构,如图3所示。需要根据Pcap结构找到每个数据包中携带的时间戳,找到每个相对应的智能家居安防设备的心跳时间。According to the structure of the Pcap packet, as shown in Figure 3. It is necessary to find the time stamp carried in each data packet according to the Pcap structure, and find the heartbeat time of each corresponding smart home security device.

根据所抓取的数据建立决策树模型,分析该Pcap数据包中是否包含有相对应的控制命令,如图4所示。决策树模型为一个二叉树模型,Pcap文件的总时长是获取Pcap文件的第一帧和最后一帧时间戳的差值;传输层协议和帧数据大小(Frame_Data_size)是获取Pcap文件中每一帧的传输协议及数据帧大小;经过以上决策过滤,再提取每一帧的时间戳,根据IP地址进行分类,计算时间戳差值,找到时间戳差值固定的源IP和目的IP;将源IP和目的IP对换,在数据包中寻找含有信息的数据帧,再根据含有数据信息是否过多重复来判断是否为控制命令。Establish a decision tree model based on the captured data, and analyze whether the Pcap packet contains corresponding control commands, as shown in Figure 4. The decision tree model is a binary tree model, the total duration of the Pcap file is the difference between the first frame and the last frame timestamp of the Pcap file; the transport layer protocol and frame data size (Frame_Data_size) is the time stamp of each frame in the Pcap file Transmission protocol and data frame size; after the above decision filtering, extract the time stamp of each frame, classify according to the IP address, calculate the time stamp difference, find the source IP and destination IP with a fixed time stamp difference; combine the source IP and The destination IP is swapped, looking for the data frame containing information in the data packet, and then judging whether it is a control command according to whether the data information contained is too much repetition.

初始状态时,对wireshark获取的Pcap数据包进行软件过滤、分类;用训练集对决策树算法模型进行训练,再用测试集对训练后的决策树进行验证。训练集是通过测试多款市场主流产品获得(萤石、刻锐、小米等),对决策树模型进行训练,并将相关系列产品的数据包作为测试集测试决策树精度,然后进行比较,根据误差调整决策树算法,选取精确度最高的作为最终决策树。该改进算法的具体步骤描述如下:In the initial state, software filtering and classification are performed on the Pcap data packets obtained by wireshark; the decision tree algorithm model is trained with the training set, and then the trained decision tree is verified with the test set. The training set is obtained by testing a variety of mainstream products in the market (EZVIZ, Kerui, Xiaomi, etc.), trains the decision tree model, and uses the data packets of related series of products as the test set to test the accuracy of the decision tree, and then compares them according to The error-adjusted decision tree algorithm selects the one with the highest accuracy as the final decision tree. The specific steps of the improved algorithm are described as follows:

1)假定有样本数N个,每个样本都包含M个特征属性;1) Suppose there are N samples, and each sample contains M characteristic attributes;

2)从N个样本中随机抽取N1个作为训练集,剩余N-N1个样本作为测试集;2) Randomly select N1 samples from N samples as a training set, and the remaining N-N1 samples are used as a test set;

3)根据N个样本训练集,生成决策树T;3) Generate a decision tree T according to the N sample training set;

4)根据N-N1个样本测试集,对决策树T判断其精确度,若能够准确的判断,则输出决策树模型,若不能,则需将这些误差数据与等量的训练集样本进行替换,形成新的测试集与训练集,转步骤3)直至决策树T能够准确判断。4) According to the N-N1 sample test set, judge the accuracy of the decision tree T, if it can be judged accurately, then output the decision tree model, if not, you need to replace these error data with the same amount of training set samples , form a new test set and training set, go to step 3) until the decision tree T can be judged accurately.

根据对Pcap文件结构的分析、智能安防设备的数据分析及智能家居特定环境下Pcap数据包的抓取,能够建立决策树算法模型从抓取的Pcap数据包中找出该Pcap数据包中是否有智能安防设备,如果有,再根据智能安防设备的特性找出其控制命令,从而判断其安全性的高与低,智能安防设备的控制命令有布防和撤防两种。设备安全性的高低判定是根据数据是否加密,判断数据是否加密也就是对数据复杂度的判断,本发明采用的方法是连续获取两次控制命令,通过对比函数对两次数据进行对比,若两次对比数据位变化的字节数小于10字节,并且通过电脑伪造TCP数据能够实现控制,则判断为非加密,安全性较低,反之,判断为加密,安全性较高。According to the analysis of the Pcap file structure, the data analysis of the intelligent security equipment and the capture of the Pcap data packet in the specific environment of the smart home, a decision tree algorithm model can be established to find out whether there is a Pcap data packet in the captured Pcap data packet. If there is an intelligent security device, find out its control command according to the characteristics of the intelligent security device, so as to judge whether its security is high or low. The control commands of the intelligent security device include arming and disarming. The judgment of equipment security is based on whether the data is encrypted or not, and judging whether the data is encrypted is the judgment of the complexity of the data. The method adopted in the present invention is to obtain two control commands continuously, and compare the two data through a comparison function. If the number of bytes of the data bit change in the second comparison is less than 10 bytes, and the control can be realized by forging TCP data by computer, then it is judged as non-encrypted, and the security is low; otherwise, it is judged as encrypted, and the security is high.

最后说明的是,以上优选实施例仅用以说明发明的技术方案而非限制,尽管通过上述优选实施例已经对本发明进行了详细的描述,但本领域技术人员应当理解,可以在形式上和细节上对其作出各种各样的改变,而不偏离本发明权利要求书所限定的范围。Finally, it is noted that the above preferred embodiments are only used to illustrate the technical solutions of the invention and not limit them. Although the present invention has been described in detail through the above preferred embodiments, those skilled in the art should understand that it may be possible in form and details. Various changes can be made to it without departing from the scope defined by the claims of the present invention.

Claims (6)

1.基于改进决策树算法的智能家居安防设备安全性判断方法,其特征在于:该方法包含如下步骤:1. A method for judging the safety of smart home security equipment based on an improved decision tree algorithm, characterized in that: the method comprises the following steps: S1:构建wifi环境,通过控制智能家居安防设备,获取手机控制智能家居安防设备的Pcap数据包;S1: Build a wifi environment, and obtain the Pcap data packet of the smart home security device controlled by the mobile phone by controlling the smart home security device; S2:分析抓取的Pcap数据包中传输层的TCP协议中携带的数据,对Pcap数据包进行过滤;S2: Analyze the data carried in the TCP protocol of the transport layer in the captured Pcap data packet, and filter the Pcap data packet; S3:根据获取和分析的结果生成决策树的训练集和测试集;S3: Generate the training set and test set of the decision tree according to the obtained and analyzed results; S4:利用训练集训练决策树模型,并利用测试集对决策树模型进行检验,确定改进的决策树模型;S4: Use the training set to train the decision tree model, and use the test set to test the decision tree model to determine the improved decision tree model; S5:将训练好的改进的决策树模型对Pcap数据包中的控制命令数据是否加密进行判断,若为加密则判断智能家居安防设备安全性高,若为非加密则判断智能家居安防设备安全性低。S5: Use the trained improved decision tree model to judge whether the control command data in the Pcap data packet is encrypted. If it is encrypted, it is judged that the security of the smart home security device is high. If it is not encrypted, it is judged that the security of the smart home security device is high. Low. 2.根据权利要求1所述的基于改进决策树算法的智能家居安防设备安全性判断方法,其特征在于:步骤S1具体包含如下步骤:2. The method for judging the safety of smart home security equipment based on the improved decision tree algorithm according to claim 1, wherein: step S1 specifically comprises the following steps: S11:通过个人电脑开启wifi热点;S11: Turn on the wifi hotspot through the personal computer; S12:将手机和智能安防设备均连接至所述wifi热点;S12: Connect both the mobile phone and the smart security device to the wifi hotspot; S13:通过手机登录APP对智能安防设备进行布防或撤防控制,并打开wireshark软件进行pcap数据包的抓取。S13: Log in to the APP through the mobile phone to arm or disarm the smart security device, and open the wireshark software to capture pcap data packets. 3.根据权利要求2所述的基于改进决策树算法的智能家居安防设备安全性判断方法,其特征在于:步骤S13中满足抓取过程中根据需要选择控制智能家居安防设备,同时保证抓取的时间大于20分钟。3. The method for judging the safety of smart home security equipment based on the improved decision tree algorithm according to claim 2, characterized in that: in step S13, the smart home security equipment can be selected and controlled according to needs during the capture process, while ensuring the quality of the capture. The time is greater than 20 minutes. 4.根据权利要求2所述的基于改进决策树算法的智能家居安防设备安全性判断方法,其特征在于:步骤S2具体包含如下步骤:4. The method for judging the safety of smart home security equipment based on the improved decision tree algorithm according to claim 2, wherein: step S2 specifically comprises the following steps: S21:过滤掉Pcap数据包中非TCP协议数据帧;S21: filter out non-TCP protocol data frames in the Pcap data packet; S22:判断TCP协议数据帧中数据data位长度是否大于0,过滤掉data位长度小于等于0的数据帧;S22: judging whether the data bit length in the TCP protocol data frame is greater than 0, and filtering out the data frames whose data bit length is less than or equal to 0; S23:获取Pcap数据包中的时间戳,计算相近两帧的时间差,过滤掉时间差不固定的数据帧;S23: Obtain the timestamp in the Pcap data packet, calculate the time difference between two similar frames, and filter out the data frames whose time difference is not fixed; S24:分析Pcap数据包剩余的数据帧,并记录IP及对应的data位数据长度。S24: Analyze the remaining data frames of the Pcap data packet, and record the IP and the corresponding data bit length. 5.根据权利要求4所述的基于改进决策树算法的智能家居安防设备安全性判断方法,其特征在于:步骤S4具体包含如下步骤:5. The method for judging the safety of smart home security equipment based on the improved decision tree algorithm according to claim 4, wherein: step S4 specifically comprises the following steps: S41:假定训练集和测试集的样本总数为N个,每个样本均包含M个特征属性;S41: Assume that the total number of samples in the training set and the test set is N, and each sample contains M feature attributes; S42:从N个样本中随机抽取N1个作为训练集,剩余N-N1个样本作为测试集;S42: Randomly select N1 samples from N samples as a training set, and the remaining N-N1 samples are used as a test set; S43:根据训练集的N1个样本,生成决策树T;S43: Generate a decision tree T according to the N1 samples of the training set; S44:将剩余测试集的N-N1样本对决策树T的精确度进行判断,若能够准确判断则输出决策树T为决策树模型,若不能准确判断,则将误差数据与等量的训练集的样本进行替换,形成新的测试集与训练集,重复步骤S43直至决策树T能够准确判断。S44: Judge the accuracy of the decision tree T from the N-N1 samples of the remaining test set, if it can be judged accurately, then output the decision tree T as a decision tree model, if it cannot be judged accurately, then compare the error data with the same amount of training set Replace the samples to form a new test set and training set, and repeat step S43 until the decision tree T can be accurately judged. 6.根据权利要求5所述的基于改进决策树算法的智能家居安防设备安全性判断方法,其特征在于:步骤S5具体包含如下步骤:6. The method for judging the safety of smart home security equipment based on the improved decision tree algorithm according to claim 5, wherein step S5 specifically includes the following steps: S51:连续两次获取Pcap数据包中的控制命令数据;S51: Obtain the control command data in the Pcap data packet twice in a row; S52:通过对两次抓取的控制命令数据进行字符串逐一匹配,对两次抓取的控制命令数据进行对比;S52: comparing the control command data captured twice by performing character string matching on the control command data captured twice; S53:若两次的控制命令数据对比数据位变化的字节数小于10字节,且通过个人电脑伪造TCP数据能够对智能家居安防设备进行控制,则判断为非加密,且安全性低;S53: If the number of bytes of the two control command data compared with the data bit change is less than 10 bytes, and the smart home security device can be controlled by forging the TCP data through the personal computer, it is judged as non-encrypted and the security is low; 若两次的控制命令数据对比数据位变化的字节数大于等于10字节,且通过个人电脑伪造TCP数据不能对智能家居安防设备进行控制,则判断为加密,且安全性高。If the number of bytes changed by comparing the data bits of the two control command data is greater than or equal to 10 bytes, and the smart home security device cannot be controlled by forging TCP data through a personal computer, it is judged to be encrypted and has high security.
CN201711319190.3A 2017-12-12 2017-12-12 Security judgment method of smart home security equipment based on improved decision tree algorithm Active CN108134780B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711319190.3A CN108134780B (en) 2017-12-12 2017-12-12 Security judgment method of smart home security equipment based on improved decision tree algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711319190.3A CN108134780B (en) 2017-12-12 2017-12-12 Security judgment method of smart home security equipment based on improved decision tree algorithm

Publications (2)

Publication Number Publication Date
CN108134780A true CN108134780A (en) 2018-06-08
CN108134780B CN108134780B (en) 2021-03-16

Family

ID=62390116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711319190.3A Active CN108134780B (en) 2017-12-12 2017-12-12 Security judgment method of smart home security equipment based on improved decision tree algorithm

Country Status (1)

Country Link
CN (1) CN108134780B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112859620A (en) * 2019-11-12 2021-05-28 西门子(中国)有限公司 Safety protection method and device, smart home system and computer readable medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811444A (en) * 2015-04-02 2015-07-29 谢杰涛 Secure cloud control method and system
CN104994076A (en) * 2015-06-01 2015-10-21 广东电网有限责任公司信息中心 Machine-learning-based daily access model implementation method and system
CN105306463A (en) * 2015-10-13 2016-02-03 电子科技大学 Modbus TCP intrusion detection method based on support vector machine
US20170034485A1 (en) * 2015-03-07 2017-02-02 SkyBell Technologies, Inc. Garage door communication systems and methods
CN106792877A (en) * 2016-12-27 2017-05-31 无锡十月中宸科技有限公司 Information capture system and wifi camouflage methods based on wifi route signals
US20170201531A1 (en) * 2016-01-07 2017-07-13 Korea Internet & Security Agency Abnormal behavior detection system using quadratic analysis of entire use behavior pattern during personalized connection period
CN109104441A (en) * 2018-10-24 2018-12-28 上海交通大学 A kind of detection system and method for the encryption malicious traffic stream based on deep learning

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170034485A1 (en) * 2015-03-07 2017-02-02 SkyBell Technologies, Inc. Garage door communication systems and methods
CN104811444A (en) * 2015-04-02 2015-07-29 谢杰涛 Secure cloud control method and system
CN104994076A (en) * 2015-06-01 2015-10-21 广东电网有限责任公司信息中心 Machine-learning-based daily access model implementation method and system
CN105306463A (en) * 2015-10-13 2016-02-03 电子科技大学 Modbus TCP intrusion detection method based on support vector machine
US20170201531A1 (en) * 2016-01-07 2017-07-13 Korea Internet & Security Agency Abnormal behavior detection system using quadratic analysis of entire use behavior pattern during personalized connection period
CN106792877A (en) * 2016-12-27 2017-05-31 无锡十月中宸科技有限公司 Information capture system and wifi camouflage methods based on wifi route signals
CN109104441A (en) * 2018-10-24 2018-12-28 上海交通大学 A kind of detection system and method for the encryption malicious traffic stream based on deep learning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
尚弘: "基于人脸识别技术的智能小区安防系统设计", 《江苏科技信息》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112859620A (en) * 2019-11-12 2021-05-28 西门子(中国)有限公司 Safety protection method and device, smart home system and computer readable medium
CN112859620B (en) * 2019-11-12 2023-05-05 西门子(中国)有限公司 Security protection method, security protection device, intelligent home system and computer readable medium

Also Published As

Publication number Publication date
CN108134780B (en) 2021-03-16

Similar Documents

Publication Publication Date Title
CN109639481B (en) A deep learning-based network traffic classification method, system and electronic device
CN110247930B (en) An encrypted network traffic identification method based on deep neural network
CN111277578B (en) Encrypted flow analysis feature extraction method, system, storage medium and security device
CN111385297B (en) Wireless device fingerprint identification method, system, device and readable storage medium
CN109379341B (en) Rebound remote control Trojan network flow detection method based on behavior analysis
CN110191113A (en) A kind of user behavior methods of risk assessment and device
CN113746707B (en) Encrypted traffic classification method based on classifier and network structure
CN112887329B (en) Hidden service traceability method, device and electronic equipment
CN114679318B (en) Lightweight Internet of things equipment identification method in high-speed network
CN110493142B (en) Mobile application program behavior identification method based on spectral clustering and random forest algorithm
CN112217763A (en) A Machine Learning-Based Covert TLS Communication Flow Detection Method
CN112953961B (en) Device type identification method in the Internet of things in distribution room
CN116405419A (en) A Classification Method for Unknown Network Protocols Based on Few-Sample Learning
CN105871861B (en) A kind of intrusion detection method of self study protocol rule
CN104363140B (en) A kind of test method and device
CN108696713A (en) Safety detecting method, device and the test equipment of code stream
CN111464510A (en) A network real-time intrusion detection method based on fast gradient boosting tree model
CN108134780A (en) Based on the smart home security device security judgment method for improving decision Tree algorithms
TWI591982B (en) Network flow recognization method and recognization system
CN107135235A (en) A kind of multistage redirect after SSH connections source method for tracing and device
CN114915599B (en) Dark website point conversation identification method and system based on semi-supervised cluster learning
Gonzalez-Granadillo et al. An improved live anomaly detection system (i-lads) based on deep learning algorithm
CN111310796A (en) Web user click identification method facing encrypted network flow
CN115987631A (en) Malicious traffic identification method and system based on deep learning
CN114500387A (en) Mobile application traffic identification method and system based on machine learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant