CN108134780A - Based on the smart home security device security judgment method for improving decision Tree algorithms - Google Patents

Based on the smart home security device security judgment method for improving decision Tree algorithms Download PDF

Info

Publication number
CN108134780A
CN108134780A CN201711319190.3A CN201711319190A CN108134780A CN 108134780 A CN108134780 A CN 108134780A CN 201711319190 A CN201711319190 A CN 201711319190A CN 108134780 A CN108134780 A CN 108134780A
Authority
CN
China
Prior art keywords
smart home
data
home security
decision tree
pcap
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711319190.3A
Other languages
Chinese (zh)
Other versions
CN108134780B (en
Inventor
彭大芹
项磊
李司坤
谢金凤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201711319190.3A priority Critical patent/CN108134780B/en
Publication of CN108134780A publication Critical patent/CN108134780A/en
Application granted granted Critical
Publication of CN108134780B publication Critical patent/CN108134780B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to, based on the smart home security device security judgment method for improving decision Tree algorithms, belong to smart home security device network field of information security technology the present invention provides a kind of.The method of the present invention extracts control command data by capturing Pcap data packets, analysis data packet, training decision-tree model, forges transmission data, realizes the control to smart home security equipment, and then judges whether it is safe.The modeling of the present invention takes full advantage of the smart home security equipment of mainstream in the market, and the safety of intelligent security guard equipment that can judge to occur in the market for consumer provides a reliable technical support.

Description

Based on the smart home security device security judgment method for improving decision Tree algorithms
Technical field
The invention belongs to smart home security device network field of information security technology, are related to based on improvement decision Tree algorithms Smart home security device security judgment method.
Background technology
In recent years, as the fast development of Internet of Things, smart home, intelligent security guard etc. is also well received by consumers.For Meets the needs of each consumer group, smart home product is also various, wherein being no lack of there are some to reduce production to reduce cost The manufacturer of quality.Occur the intelligent security guard product of many unencryptions in the market through investigation, lead to intelligent security guard equipment safety Property is inadequate, it is impossible to provide strong guarantee for consumer.
Invention content
In view of this, the purpose of the present invention is to provide a kind of based on the smart home security equipment for improving decision Tree algorithms Intelligent security guard device security is identified in safety judgment method, product is selected to provide good help for user.
In order to achieve the above objectives, the present invention provides following technical solution:
Based on the smart home security device security judgment method for improving decision Tree algorithms, this method includes following step Suddenly:
S1:Wifi environment is built, by controlling smart home security equipment, obtains mobile phone control smart home security equipment Pcap data packets;
S2:The data carried in the Transmission Control Protocol of transport layer in the Pcap data packets of crawl are analyzed, Pcap data packets are carried out Filtering;
S3:According to the training set and test set of result generation decision tree for obtaining and analyzing;
S4:Decision-tree model is trained, and test to decision-tree model using test set using training set, determine to improve Decision-tree model;
S5:Whether trained improved decision-tree model encrypts into the control command data in Pcap data packets progress Judge, then judge smart home security device security height if encryption, if non-encrypted, judge smart home security equipment Safety is low.
Further, step S1 is specifically comprised the following steps:
S11:Wifi hotspot is opened by PC;
S12:Mobile phone and intelligent security guard equipment are connected to the wifi hotspot;
S13:APP is logged in by mobile phone intelligent security guard equipment to be deployed troops on garrison duty or withdrawn a garrison control, and it is soft to open wireshark Part carries out the crawl of pcap data packets.
Further, crawl is met in step S13 and selects control smart home security equipment as needed in the process, is protected simultaneously The time of card crawl is more than 20 minutes.
Further, step S2 is specifically comprised the following steps:
S21:Filter out non-Transmission Control Protocol data frame in Pcap data packets;
S22:Judge in Transmission Control Protocol data frame whether data data bit lengths are more than 0, filter out data bit lengths and be less than etc. In 0 data frame;
S23:The timestamp in Pcap data packets is obtained, calculates the time difference of close two frame, filtering out the time difference is not fixed Data frame;
S24:The remaining data frame of Pcap data packets is analyzed, and records IP and corresponding data data length.
Further, step S4 is specifically comprised the following steps:
S41:It is assumed that the total sample number of training set and test set is N number of, each sample standard deviation includes M characteristic attribute;
S42:N1 are randomly selected from N number of sample as training set, remaining N-N1 sample is as test set;
S43:According to N1 sample of training set, generation decision tree T;
S44:The N-N1 samples of remaining test set judge the accuracy of decision tree T, if can be if accurate judgement It is decision-tree model to export decision tree T, if being unable to accurate judgement, the sample of error information and the training set of equivalent is replaced It changes, forms new test set and training set, repeat step S43 until decision tree T being capable of accurate judgement.
Further, step S5 is specifically comprised the following steps:
S51:The control command data in Pcap data packets is obtained twice in succession;
S52:It is matched one by one by carrying out character string to the control command data captured twice, the control captured twice is ordered Data is enabled to be compared;
S53:If the byte number of control command data correction data position variation twice is less than 10 bytes, and passes through personal electricity Brain forges TCP data and smart home security equipment can be controlled, then is judged as non-encrypted, and safety is low;
If the byte number of control command data correction data position variation twice is more than or equal to 10 bytes, and passes through personal electricity Brain forges TCP data and smart home security equipment cannot be controlled, then is judged as encrypting, and safe.
The beneficial effects of the present invention are:On the one hand the method for the present invention can help consumer's accurate judgement intelligence in the market On the other hand the safety of energy home security equipment also can supervise smart home market for specific government department and provide technology branch It holds.
Description of the drawings
In order to make the purpose of the present invention, technical solution and advantageous effect clearer, the present invention provides drawings described below and carries out Explanation:
Fig. 1 is flow chart of the present invention;
Fig. 2 is the Pcap data packet schematic diagrames filtered through IP;
Fig. 3 is the Pcap file basic format schematic diagrames of crawl;
Fig. 4 is the improvement decision-tree model figure for extracting smart home security equipment control command.
Specific embodiment
Below in conjunction with attached drawing, the preferred embodiment of the present invention is described in detail.
The present invention judges the safety of its equipment according to the smart home security equipment control command obtained under wifi environment Property.The control command of smart home security equipment has direct relation according to the brand of smart home security equipment, needs to obtain Its control command is bought to judge whether the brand is worth.
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings:
One kind is based on improvement decision Tree algorithms to smart home security device security recognition methods.If Fig. 1 is entirely to know The flow chart of other method.
1st, the Pcap data packets of smart home security equipment under wifi environment are captured.
2nd, Pcap data packets are filtered, determine there is which smart home security equipment under the environment.
3rd, decision-tree model is established, which is analyzed, is identified
PC is opened into wifi hotspot simulation router, mobile phone, computer and intelligent security guard equipment etc. are all connected to In the wifi hotspot, with the APP of the intelligent security guards equipment such as mobile phone login quarter sharp, millet, control of being deployed troops on garrison duty equipment or withdrawn a garrison, The crawl that wireshark softwares carry out data packet is opened, captures in the process selection control smart home security equipment as needed, Ensure that the time of crawl is more than 20 minutes or more simultaneously, and training set and test set of the data packet according to decision-tree model will be captured Classify.
According to the IP of connection on the router, the spy interacted further according to the timing of smart home security equipment with server Point, it is the IP of smart home security equipment then to determine which IP.As shown in Figure 2.Explicitly show very much the heartbeat of the equipment Data repeat to send and data bit lengths are more than 0.
According to the structure of Pcap data packets, as shown in Figure 3.It needs to find what is carried in each data packet according to Pcap structures Timestamp finds the heart time of each corresponding smart home security equipment.
Data according to being captured establish decision-tree model, analyze in the Pcap data packets whether include corresponding control System order, as shown in Figure 4.Decision-tree model is a Two Binomial Tree Model, and the total duration of Pcap files is to obtain Pcap files The difference of first frame and last frame timestamp;Transport layer protocol and frame data size (Frame_Data_size) are to obtain The transport protocol of each frame and data frame sign in Pcap files;It is filtered by more than decision, then extracts the timestamp of each frame, Classified according to IP address, calculate time tolerance, find the fixed source IP of time tolerance and destination IP;By source IP and mesh IP exchange, find the data frame containing information in the packet, whether excessively repeat to judge further according to containing data information Whether order in order to control.
During original state, software filtering, classification are carried out to the Pcap data packets that wireshark is obtained;It is fought to the finish with training set Plan tree algorithm model is trained, then the decision tree after training is verified with test set.Training set is by testing more moneys The mainstream product in the market obtains (fluorite, carve sharp, millet etc.), and decision-tree model is trained, and by the number of related series of products According to packet as test set test decision tree precision, then it is compared, according to error transfer factor decision Tree algorithms, chooses accuracy most High conduct final decision tree.The specific steps of the innovatory algorithm are described as follows:
1) it is N number of to suppose there is sample number, each sample includes M characteristic attribute;
2) N1 are randomly selected from N number of sample as training set, remaining N-N1 sample is as test set;
3) according to N number of sample training collection, generation decision tree T;
4) according to N-N1 test sample collection, its accuracy is judged to decision tree T, if can accurately judge, is exported Decision-tree model, if cannot, the training set sample by these error informations and equivalent is needed to be replaced, forms new test set With training set, go to step 3) until decision tree T being capable of accurate judgement.
According to Pcap file structures analysis, under the data analysis of intelligent security guard equipment and smart home specific environment The crawl of Pcap data packets can establish decision Tree algorithms model and be found out from the Pcap data packets of crawl in the Pcap data packets Whether intelligent security guard equipment is had, if so, the characteristic further according to intelligent security guard equipment finds out its control command, so as to judge its peace The height of full property with low, deploy troops on garrison duty and withdraw a garrison two kinds by the control command of intelligent security guard equipment.The height judgement of device security is root Whether encrypted according to data, judge whether data are encrypted namely to the judgement of data complexity, the method that the present invention uses is to connect It is continuous to obtain control command twice, data twice are compared by contrast function, if the byte of correction data position variation twice Number is less than 10 bytes, and forges TCP data by computer and can realize control, then is judged as non-encrypted, safety is relatively low, instead It is judged as encrypting, and safety is higher.
Finally illustrate, preferred embodiment above is only to illustrate the technical solution of invention and unrestricted, although passing through Above preferred embodiment is described in detail the present invention, however, those skilled in the art should understand that, can be in shape Various changes are made in formula and to it in details, without departing from claims of the present invention limited range.

Claims (6)

1. based on the smart home security device security judgment method for improving decision Tree algorithms, it is characterised in that:This method packet Containing following steps:
S1:Wifi environment is built, by controlling smart home security equipment, obtains mobile phone control smart home security equipment Pcap data packets;
S2:The data carried in the Transmission Control Protocol of transport layer in the Pcap data packets of crawl are analyzed, Pcap data packets were carried out Filter;
S3:According to the training set and test set of result generation decision tree for obtaining and analyzing;
S4:Decision-tree model is trained, and test to decision-tree model using test set using training set, determine improved determine Plan tree-model;
S5:Trained improved decision-tree model is sentenced to whether the control command data in Pcap data packets encrypts It is disconnected, then judge smart home security device security height if encryption, if non-encrypted, judge that smart home security equipment is pacified Full property is low.
2. the smart home security device security judgment method according to claim 1 based on improvement decision Tree algorithms, It is characterized in that:Step S1 is specifically comprised the following steps:
S11:Wifi hotspot is opened by PC;
S12:Mobile phone and intelligent security guard equipment are connected to the wifi hotspot;
S13:By mobile phone APP is logged in intelligent security guard equipment to be deployed troops on garrison duty or withdrawn a garrison control, and open wireshark softwares into The crawl of row pcap data packets.
3. the smart home security device security judgment method according to claim 2 based on improvement decision Tree algorithms, It is characterized in that:Meet crawl in step S13 and select control smart home security equipment as needed in the process, while ensure to grab The time taken is more than 20 minutes.
4. the smart home security device security judgment method according to claim 2 based on improvement decision Tree algorithms, It is characterized in that:Step S2 is specifically comprised the following steps:
S21:Filter out non-Transmission Control Protocol data frame in Pcap data packets;
S22:Judge that whether data data bit lengths are more than 0 in Transmission Control Protocol data frame, filter out data bit lengths less than or equal to 0 Data frame;
S23:The timestamp in Pcap data packets is obtained, the time difference of close two frame is calculated, filters out time difference unfixed number According to frame;
S24:The remaining data frame of Pcap data packets is analyzed, and records IP and corresponding data data length.
5. the smart home security device security judgment method according to claim 4 based on improvement decision Tree algorithms, It is characterized in that:Step S4 is specifically comprised the following steps:
S41:It is assumed that the total sample number of training set and test set is N number of, each sample standard deviation includes M characteristic attribute;
S42:N1 are randomly selected from N number of sample as training set, remaining N-N1 sample is as test set;
S43:According to N1 sample of training set, generation decision tree T;
S44:The N-N1 samples of remaining test set judge the accuracy of decision tree T, if can be exported if accurate judgement Decision tree T is decision-tree model, if being unable to accurate judgement, the sample of error information and the training set of equivalent is replaced, New test set and training set are formed, repeats step S43 until decision tree T being capable of accurate judgement.
6. the smart home security device security judgment method according to claim 5 based on improvement decision Tree algorithms, It is characterized in that:Step S5 is specifically comprised the following steps:
S51:The control command data in Pcap data packets is obtained twice in succession;
S52:It is matched one by one by carrying out character string to the control command data captured twice, to the control command number captured twice According to being compared;
S53:If the byte number of control command data correction data position variation twice is less than 10 bytes, and passes through PC puppet Smart home security equipment can be controlled by making TCP data, then is judged as non-encrypted, and safety is low;
If the byte number of control command data correction data position variation twice is more than or equal to 10 bytes, and passes through PC puppet Smart home security equipment cannot be controlled by making TCP data, then is judged as encrypting, and safe.
CN201711319190.3A 2017-12-12 2017-12-12 Intelligent home security equipment safety judgment method based on improved decision tree algorithm Active CN108134780B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711319190.3A CN108134780B (en) 2017-12-12 2017-12-12 Intelligent home security equipment safety judgment method based on improved decision tree algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711319190.3A CN108134780B (en) 2017-12-12 2017-12-12 Intelligent home security equipment safety judgment method based on improved decision tree algorithm

Publications (2)

Publication Number Publication Date
CN108134780A true CN108134780A (en) 2018-06-08
CN108134780B CN108134780B (en) 2021-03-16

Family

ID=62390116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711319190.3A Active CN108134780B (en) 2017-12-12 2017-12-12 Intelligent home security equipment safety judgment method based on improved decision tree algorithm

Country Status (1)

Country Link
CN (1) CN108134780B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112859620A (en) * 2019-11-12 2021-05-28 西门子(中国)有限公司 Safety protection method and device, smart home system and computer readable medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811444A (en) * 2015-04-02 2015-07-29 谢杰涛 Secure cloud control method and system
CN104994076A (en) * 2015-06-01 2015-10-21 广东电网有限责任公司信息中心 Machine-learning-based daily access model implementation method and system
CN105306463A (en) * 2015-10-13 2016-02-03 电子科技大学 Modbus TCP intrusion detection method based on support vector machine
US20170034485A1 (en) * 2015-03-07 2017-02-02 SkyBell Technologies, Inc. Garage door communication systems and methods
CN106792877A (en) * 2016-12-27 2017-05-31 无锡十月中宸科技有限公司 Information capture system and wifi camouflage methods based on wifi route signals
US20170201531A1 (en) * 2016-01-07 2017-07-13 Korea Internet & Security Agency Abnormal behavior detection system using quadratic analysis of entire use behavior pattern during personalized connection period
CN109104441A (en) * 2018-10-24 2018-12-28 上海交通大学 A kind of detection system and method for the encryption malicious traffic stream based on deep learning

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170034485A1 (en) * 2015-03-07 2017-02-02 SkyBell Technologies, Inc. Garage door communication systems and methods
CN104811444A (en) * 2015-04-02 2015-07-29 谢杰涛 Secure cloud control method and system
CN104994076A (en) * 2015-06-01 2015-10-21 广东电网有限责任公司信息中心 Machine-learning-based daily access model implementation method and system
CN105306463A (en) * 2015-10-13 2016-02-03 电子科技大学 Modbus TCP intrusion detection method based on support vector machine
US20170201531A1 (en) * 2016-01-07 2017-07-13 Korea Internet & Security Agency Abnormal behavior detection system using quadratic analysis of entire use behavior pattern during personalized connection period
CN106792877A (en) * 2016-12-27 2017-05-31 无锡十月中宸科技有限公司 Information capture system and wifi camouflage methods based on wifi route signals
CN109104441A (en) * 2018-10-24 2018-12-28 上海交通大学 A kind of detection system and method for the encryption malicious traffic stream based on deep learning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
尚弘: "基于人脸识别技术的智能小区安防系统设计", 《江苏科技信息》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112859620A (en) * 2019-11-12 2021-05-28 西门子(中国)有限公司 Safety protection method and device, smart home system and computer readable medium
CN112859620B (en) * 2019-11-12 2023-05-05 西门子(中国)有限公司 Security protection method, security protection device, intelligent home system and computer readable medium

Also Published As

Publication number Publication date
CN108134780B (en) 2021-03-16

Similar Documents

Publication Publication Date Title
CN111277578B (en) Encrypted flow analysis feature extraction method, system, storage medium and security device
CN105871832B (en) A kind of network application encryption method for recognizing flux and its device based on protocol attribute
CN104348829B (en) A kind of network security situation sensing system and method
CN103701848B (en) A kind of Internet of Things secure storage method of data based on cloud computing and system
CN107204975A (en) A kind of industrial control system network attack detection technology based on scene fingerprint
WO2018160136A1 (en) Method and apparatus for determining an identity of an unknown internet-of-things (iot) device in a communication network
CN107544464A (en) A kind of detection method and system of industrial failure
CN102546625A (en) Semi-supervised clustering integrated protocol identification system
CN104283897A (en) Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams
Yin et al. Iot etei: End-to-end iot device identification method
CN109587125A (en) Network security big data analysis method, system and related device
CN108230309A (en) Field pest and disease monitoring system and method
CN112381119B (en) Multi-scene classification method and system based on decentralized application encryption flow characteristics
CN110493142A (en) Mobile applications Activity recognition method based on spectral clustering and random forests algorithm
CN105227408A (en) A kind of intelligent wooden horse recognition device and method
CN104753617A (en) Detection method of time-sequence type covert channel based on neural network
CN106407768A (en) Methods and devices for determining device fingerprint and identifying target device
CN109660656A (en) A kind of intelligent terminal method for identifying application program
CN108134780A (en) Based on the smart home security device security judgment method for improving decision Tree algorithms
Novikova et al. Autoencoder anomaly detection on large CAN bus data
CN104901897A (en) Determination method and device of application type
Redondi et al. Passive classification of Wi-Fi enabled devices
CN112291226B (en) Method and device for detecting abnormity of network flow
KR20110082915A (en) Method for simulating and examining traffic and network traffic analysis system
CN114422207B (en) C & C communication flow detection method and device based on multiple modes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant