CN109450927B - System and method for quickly identifying access camera - Google Patents
System and method for quickly identifying access camera Download PDFInfo
- Publication number
- CN109450927B CN109450927B CN201811494374.8A CN201811494374A CN109450927B CN 109450927 B CN109450927 B CN 109450927B CN 201811494374 A CN201811494374 A CN 201811494374A CN 109450927 B CN109450927 B CN 109450927B
- Authority
- CN
- China
- Prior art keywords
- onvif
- alarm
- camera
- detection module
- sending
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Physics & Mathematics (AREA)
- Evolutionary Biology (AREA)
- General Physics & Mathematics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Health & Medical Sciences (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Alarm Systems (AREA)
Abstract
The invention relates to the technical field of Internet of things safety, and discloses a system for quickly identifying an access camera, which is characterized by comprising the following steps: the system comprises an onvif broadcast detection module, an onvif directional detection module and an alarm module; the onvif broadcast detection module is used for sending out an onvif broadcast to all ip addresses in the local area network, identifying the ip addresses which do not return the equipment service address as non-camera equipment and sending out alarm information; the onvif directional detection module is used for detecting an ip address of a cross-network segment according to a unicast message of an onvif protocol, generating an onvif rule tree, and performing matching identification on a matching rule of a root node; and the alarm module is used for receiving the alarm message and sending the alarm message to the server. Compared with a type identification scheme realized by utilizing the inquiry of the nmap and the sniffer, the method can inquire more attribute data compared with the nmap and the sniffer, and reduces the time complexity by at least several times, so that the method can quickly discover the security risk of the false camera access of non-camera equipment.
Description
Technical Field
The invention relates to the technical field of Internet of things safety, in particular to a system and a method for quickly identifying an access camera.
Background
The internet of things has become a hotspot of current network development, and an internet of things network composed of cameras is an important component of public safety and national safety. Since most of the cameras are installed and operated in an open environment, the physical interfaces of the cameras connected to the network are often unattended, and the cameras are easily invaded into the network directly through the interfaces by external equipment. For example, a PC from the outside can connect to the network only by changing to the same ip and mac addresses as the cameras, and can access various data on other cameras, including calling sensitive video materials, accessing and downloading video data, and the like.
The existing technical scheme for solving the problems is that a terminal type identification system generally acquires various attribute data of terminal equipment through a remote tool, forms a type fingerprint and then matches the type fingerprint with the equipment type in an existing type library, and if the type fingerprint is matched with a PC or other equipment, the equipment is identified as the corresponding equipment type. When the original equipment type corresponding to a certain ip is found to be a camera and the existing equipment type is PC, the event that the counterfeit camera is accessed is defined to occur, and a safety alarm is triggered.
The main implementation flow of the type identification system is as follows:
1. calling a rule forest module, and searching a first type rule tree submodule in the module;
2. when certain attribute data of the equipment is matched with a root node rule of a certain type of rule tree, entering a child node branch corresponding to the rule to continuously perform matching of a secondary rule;
3. when certain attribute data of the equipment is matched with a certain secondary rule, entering a child node branch corresponding to the secondary rule to continuously perform matching of the tertiary rule;
4. recursively matching the child node rules, and entering 5 if the leaf nodes of the rule tree of the type are reached; otherwise, returning to 1, and continuously searching a next type rule tree submodule;
5. finding out corresponding equipment type data in the leaf node, and identifying the equipment as the equipment type;
in the existing type recognition system, remote interrogation tools such as nmap, sniffer and the like are mainly adopted. Since most terminals in the conventional network are PCs, the type identification system defaults to first search the rule tree submodules of the PC type, and when the PC types are not matched, then search the rule tree submodules of other types (such as the types of servers and the like), and so on. In this case, to determine that 1 device is not a camera, the type of the device needs to be determined first, and therefore, in the worst case, all rule tree sub-modules in the system may need to be traversed to determine the final type, where N is the depth of the rule tree and M is the number of the type rule trees; in the L-camera environment, the time complexity of the existing method is O (N × M × L).
Patent numbers: CN200710124567.X discloses a dynamic identification method for embedded device camera software, which can realize normal operation of a camera without updating a camera driver of the device after any one of the cameras can be replaced at will, but cannot realize a complicated type problem.
Because of the numerous types of terminals in the existing information system, the number of the type rule tree sub-modules is often more than 1000, and even if only 1 second is needed for searching one rule tree sub-module, the whole system needs more than 15 minutes after traversing. Considering a network comprising 1 million cameras, all device types in the network are determined, which will be in excess of 4 months (3000 hours). Even if multi-threading is adopted for calculation, time efficiency in real application needs to be calculated in days, which often leaves a large security hole for hackers with malicious access.
Disclosure of Invention
Aiming at the defects of long searching time and large potential safety hazard in the prior art, the invention provides a system and a method for quickly identifying an access camera.
In order to solve the above technical problems, the present invention is solved by the following technical solutions.
A system for rapidly identifying an access camera comprises an onvif broadcast detection module, an onvif directional detection module and an alarm module;
the onvif broadcast detection module is used for sending out an onvif broadcast to all ip addresses in the local area network, identifying the ip addresses which do not return the equipment service address as non-camera equipment and sending out alarm information;
the onvif directional detection module is used for detecting an ip address of a cross-network segment according to a unicast message of an onvif protocol, generating an onvif rule tree, and performing matching identification on a matching rule of a root node;
and the alarm module is used for receiving the alarm message and sending the alarm message to the server.
Preferably, the system further comprises a complexity calculating module, wherein the complexity calculating module is used for inquiring all the IPs according to the response time in all the local area networks after the broadcast sent by the onvif broadcast detection module and the onvif directional detection module, acquiring the number of all the IP addresses and the depth of all the onvif rule trees, and calculating the time complexity.
Preferably, the matching rule is: continuing to recursively match the child nodes downwards until the leaf nodes are matched if the root nodes are matched; and if the root node or the leaf node is not matched in the matching process, sending an alarm message to an alarm module.
Preferably, the process of calculating the time complexity is: all IP address counts the depth of all onvif rule trees.
A method for quickly identifying an access camera comprises the following steps:
sending onvif broadcast to all ip addresses in the local area network, identifying the ip addresses which do not return the equipment service address as non-camera equipment and sending warning information;
detecting an ip address of a cross-network segment according to a unicast message of an onvif protocol, generating an onvif rule tree, and performing matching identification on a matching rule of a root node.
Preferably, the method further comprises an alarming step for receiving the alarming message and sending the alarming message to the server.
Preferably, the matching rule is: continuing to recursively match the child nodes downwards until the leaf nodes are matched if the root nodes are matched; and if the root node or the leaf node is not matched in the matching process, sending an alarm message to an alarm step.
Due to the adoption of the technical scheme, the invention has the remarkable technical effects that: compared with a type identification scheme realized by using the inquiry of nmap and sniffer, the system of the invention directly adopts the international standard camera discovery protocol onvif to realize the inquiry of an ip address, and can inquire more attribute data compared with nmap and sniffer; in addition, the system of the invention defaults to use the onvif rule tree for matching, and compared with a system which uses a PC type rule tree submodule for matching firstly, the time complexity is reduced by at least multiple times (constant time level identification can be realized at the fastest speed), so that the security risk of false camera access of non-camera equipment can be found quickly.
Drawings
FIG. 1 is a schematic diagram of a system and method for quickly identifying an access camera according to the present invention;
FIG. 2 is a schematic diagram illustrating operation of an alarm module in the system and method for quickly identifying an access camera according to the present invention;
fig. 3 is a schematic diagram of an identification result in the system and method for quickly identifying the access camera according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Example 1
As shown in fig. 1, a system for quickly identifying an access camera includes an onvif broadcast detection module, an onvif directional detection module, and an alarm module;
the onvif broadcast detection module is used for sending out an onvif broadcast to all ip addresses in the local area network, identifying the ip addresses which do not return the equipment service address as non-camera equipment and sending out alarm information;
the onvif directional detection module is used for detecting an ip address of a cross-network segment according to a unicast message of an onvif protocol, generating an onvif rule tree, and performing matching identification on a matching rule of a root node;
and the alarm module is used for receiving the alarm message and sending the alarm message to the server.
The system also comprises a complexity calculation module, wherein the complexity calculation module is used for inquiring all IPs according to the response time in all local area networks after broadcasting sent by the onvif broadcasting detection module and the onvif directional detection module, acquiring the number of all IP addresses and the depth of all onvif rule trees, and calculating the time complexity.
The matching rule is as follows: continuing to recursively match the child nodes downwards until the leaf nodes are matched if the root nodes are matched; and if the root node or the leaf node is not matched in the matching process, sending an alarm message to an alarm module.
The process of calculating the time complexity is as follows: all IP address counts the depth of all onvif rule trees.
Compared with a type identification scheme realized by using the inquiry of nmap and sniffer, the system of the invention directly adopts the international standard camera discovery protocol onvif to realize the inquiry of an ip address, and can inquire more attribute data compared with nmap and sniffer; in addition, the system of the invention defaults to use the onvif rule tree for matching, and compared with a system which uses a PC type rule tree submodule for matching firstly, the time complexity is reduced by at least multiple times (constant time level identification can be realized at the fastest speed), so that the security risk of false camera access of non-camera equipment can be found quickly.
Example 2
As shown in fig. 1, a method for quickly identifying an access camera includes the following steps:
sending onvif broadcast to all ip addresses in the local area network, identifying the ip addresses which do not return the equipment service address as non-camera equipment and sending warning information;
detecting an ip address of a cross-network segment according to a unicast message of an onvif protocol, generating an onvif rule tree, and performing matching identification on a matching rule of a root node.
And the method also comprises an alarm step for receiving the alarm message and sending the alarm message to the server.
The matching rule is as follows: continuing to recursively match the child nodes downwards until the leaf nodes are matched if the root nodes are matched; and if the root node or the leaf node is not matched in the matching process, sending an alarm message to an alarm step.
Example 3
As shown in fig. 2 and 3, a system for quickly identifying an access camera includes 2 onvif broadcast detection modules, an onvif directional detection module, and an alarm module;
2 onvif broadcast detection modules OB1、OB2Put into the specified 2B type sections B1、B2The method is used for respectively carrying out broadcast polling detection with the interval time of 5s on two B-type segments, and can quickly identify whether a camera false event occurs in 65535 ip addresses of a local area network;
1 onvif directional detection module Op1Setting the network route in any position where it can reach the detected network route, detecting IP addresses of all network sections where the network route can reach according to unicast message of onvif protocol in 5s as a period, generating onvif rule tree with 4-layer structure, matching delay<1s;
And the alarm module is used for receiving alarm messages of the 2 onvif broadcast detection modules and the 1 onvif directional detection module and sending the alarm to a designated responsible person in a mail mode.
When class B segment B1Wherein, a PC computer is accessed by a false camera, and an onvif broadcasting module OB1Finding the false access event within 5s at the latest through broadcast polling, and sending alarm information to an alarm server;
when a PC false cap camera is accessed in the remote local area network C, the onvif directional detection module Op1The counterfeit access event will be discovered within the latest 6s by directional probe polling and alarm information will be sent to the alarm server.
And after receiving the alarm from any module of the onvif, the alarm server forwards the alarm message to a mailbox of a safety responsible person, thereby completing the detection, discovery and alarm processes of the event.
In summary, the above-mentioned embodiments are only preferred embodiments of the present invention, and all equivalent changes and modifications made in the claims of the present invention should be covered by the claims of the present invention.
Claims (7)
1. The utility model provides a system for quick discernment inserts camera which characterized in that: the system comprises an onvif broadcast detection module, an onvif directional detection module and an alarm module;
the onvif broadcast detection module is used for sending out an onvif broadcast to all ip addresses in the local area network, identifying the ip addresses which do not return the equipment service address as non-camera equipment and sending out alarm information;
the onvif directional detection module is used for detecting an ip address of a cross-network segment according to a unicast message of an onvif protocol, generating an onvif rule tree, and performing matching identification on a matching rule of a root node;
and the alarm module is used for receiving the alarm message and sending the alarm message to the server.
2. The system for rapidly identifying the access camera as claimed in claim 1, wherein: the system also comprises a complexity calculation module, wherein the complexity calculation module is used for inquiring all IPs according to the response time in all local area networks after broadcasting sent by the onvif broadcasting detection module and the onvif directional detection module, acquiring the number of all IP addresses and the depth of all onvif rule trees, and calculating the time complexity.
3. The system for rapidly identifying the access camera as claimed in claim 1, wherein: the matching rule is as follows: continuing to recursively match the child nodes downwards until the leaf nodes are matched if the root nodes are matched; and if the root node or the leaf node is not matched in the matching process, sending an alarm message to an alarm module.
4. The system for rapidly identifying the access camera as claimed in claim 2, wherein: the process of calculating the time complexity is as follows: all IP address counts the depth of all onvif rule trees.
5. A method for quickly identifying an access camera is characterized by comprising the following steps:
sending onvif broadcast to all ip addresses in the local area network, identifying the ip addresses which do not return the equipment service address as non-camera equipment and sending warning information;
detecting an ip address of a cross-network segment according to a unicast message of an onvif protocol, generating an onvif rule tree, and performing matching identification on a matching rule of a root node.
6. The method for rapidly identifying the access camera according to claim 5, wherein: and the method also comprises an alarm step for receiving the alarm message and sending the alarm message to the server.
7. The method for rapidly identifying the access camera according to claim 6, wherein: the matching rule is as follows: continuing to recursively match the child nodes downwards until the leaf nodes are matched if the root nodes are matched; and if the root node or the leaf node is not matched in the matching process, sending an alarm message to an alarm step.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811494374.8A CN109450927B (en) | 2018-12-07 | 2018-12-07 | System and method for quickly identifying access camera |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811494374.8A CN109450927B (en) | 2018-12-07 | 2018-12-07 | System and method for quickly identifying access camera |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109450927A CN109450927A (en) | 2019-03-08 |
CN109450927B true CN109450927B (en) | 2021-01-15 |
Family
ID=65558321
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811494374.8A Active CN109450927B (en) | 2018-12-07 | 2018-12-07 | System and method for quickly identifying access camera |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109450927B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113949844A (en) * | 2021-09-25 | 2022-01-18 | 北京天融信网络安全技术有限公司 | Network camera identification method, device and system based on ONVIF protocol standard |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104601959A (en) * | 2015-01-29 | 2015-05-06 | 浙江宇视科技有限公司 | Video monitoring system and method for rapidly accessing web camera |
CN106657905A (en) * | 2016-12-12 | 2017-05-10 | 深圳市中博睿存科技有限公司 | Video capture method and device based on onvif standard |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101348617B1 (en) * | 2010-11-22 | 2014-01-08 | 한국전자통신연구원 | Surveillance systemme using wireless network, master sensor node and server apparatus |
-
2018
- 2018-12-07 CN CN201811494374.8A patent/CN109450927B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104601959A (en) * | 2015-01-29 | 2015-05-06 | 浙江宇视科技有限公司 | Video monitoring system and method for rapidly accessing web camera |
CN106657905A (en) * | 2016-12-12 | 2017-05-10 | 深圳市中博睿存科技有限公司 | Video capture method and device based on onvif standard |
Non-Patent Citations (1)
Title |
---|
基于ONVIF的视频监控管理系统快速开发方法;周慎;《仪表技术》;20141231;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN109450927A (en) | 2019-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106878262B (en) | Message detection method and device, and method and device for establishing local threat information library | |
US20180145999A1 (en) | Method and system for network intrusion detection based on geographical information | |
CN104601557B (en) | A kind of malicious websites means of defence and system based on software defined network | |
US8806632B2 (en) | Systems, methods, and devices for detecting security vulnerabilities in IP networks | |
US6415321B1 (en) | Domain mapping method and system | |
US20200314107A1 (en) | Systems, methods, and media for securing internet of things devices | |
US20100125663A1 (en) | Systems, methods, and devices for detecting security vulnerabilities in ip networks | |
US20030005092A1 (en) | Method for locating and recovering devices which are connected to the internet or to an internet-connected network | |
CN110138770B (en) | Threat information generation and sharing system and method based on Internet of things | |
CN110677384B (en) | Phishing website detection method and device, storage medium and electronic device | |
Ammar et al. | Network-protocol-based iot device identification | |
US11537751B2 (en) | Using machine learning algorithm to ascertain network devices used with anonymous identifiers | |
US9264440B1 (en) | Parallel detection of updates to a domain name system record system using a common filter | |
CN111123388B (en) | Detection method and device for room camera device and detection equipment | |
CN112653669A (en) | Network terminal security threat early warning method and system and network terminal management device | |
CN113507461B (en) | Network monitoring system and network monitoring method based on big data | |
CN109450927B (en) | System and method for quickly identifying access camera | |
CN114124837A (en) | Asset information discovery system and method based on passive flow | |
CN113259349A (en) | Monitoring method and device for rail transit control network | |
CN106899651A (en) | Communication processing method, system and network communicating system | |
CN114972827A (en) | Asset identification method, device, equipment and computer readable storage medium | |
CN117336049A (en) | Access control method, device, equipment and medium of video acquisition equipment | |
CN113794731B (en) | Method, device, equipment and medium for identifying CDN (content delivery network) -based traffic masquerading attack | |
CN112564928B (en) | Service classification method and device and Internet system | |
CN110830454B (en) | Security equipment detection method for realizing TCP protocol stack information leakage based on ALG protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |