CN111835693A - Vulnerability detection system and detection method for network monitoring camera - Google Patents

Vulnerability detection system and detection method for network monitoring camera Download PDF

Info

Publication number
CN111835693A
CN111835693A CN201910326681.3A CN201910326681A CN111835693A CN 111835693 A CN111835693 A CN 111835693A CN 201910326681 A CN201910326681 A CN 201910326681A CN 111835693 A CN111835693 A CN 111835693A
Authority
CN
China
Prior art keywords
camera
vulnerability
data packet
network
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910326681.3A
Other languages
Chinese (zh)
Inventor
路伟饶
邢汇芸
赵旻
张子欣
黄金鸽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Civil Aviation University of China
Original Assignee
Civil Aviation University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Civil Aviation University of China filed Critical Civil Aviation University of China
Priority to CN201910326681.3A priority Critical patent/CN111835693A/en
Publication of CN111835693A publication Critical patent/CN111835693A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N17/00Diagnosis, testing or measuring for television systems or their details
    • H04N17/002Diagnosis, testing or measuring for television systems or their details for television cameras

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Closed-Circuit Television Systems (AREA)

Abstract

The invention discloses a system and a method for detecting loopholes of a network monitoring camera, wherein the system comprises the following steps: the camera identification feature library module takes the brand or model of the camera as an index, and stores open services of the cameras with various models and equipment features; the camera host discovery module is used for reading the camera identification feature library, sending a specific data packet to a network, and comparing whether the returned data packet is consistent with the record in the identification feature library; and the camera vulnerability library module takes the brand or the model of the network service or the camera as an index and stores a plurality of known vulnerability verification scripts. The invention can detect the loophole of the network camera by quickly and accurately identifying the model of the network camera and the provided network service, so as to find the security loophole of the network camera, generate a detection report which can be read by a system administrator or a user, and provide corresponding loophole slow-release measures and repair suggestions.

Description

Vulnerability detection system and detection method for network monitoring camera
Technical Field
The invention relates to the field of network space security, in particular to a system and a method for detecting vulnerability of a network monitoring camera.
Background
With the development of the internet of things, more and more network monitoring camera products appear in the market at present. Especially in public places such as civil aviation airports and the like, the demand of network monitoring camera products is very large. However, because the camera product is deployed in the local area network, the camera product is generally rarely connected with the internet, and meanwhile, the camera manufacturer is mainly interested in seizing the market and often neglects the problem of safety. Meanwhile, even if a manufacturer releases a security patch, a user can hardly know whether the user is affected and how to repair the security patch. The existing camera vulnerability detection system is developed mainly based on a Web vulnerability detection system, and mainly comprises the steps of finding a camera through port scanning, identifying a brand and a model, and then carrying out remote vulnerability verification according to a constructed vulnerability library system.
However, firstly, port scanning is a slow process, and the known ports of TCP and UDP are more than 1000, so that if the ports are scanned all over, much time is needed; meanwhile, in the existing camera system, a port scanning tool may be shielded, so that the open port cannot be effectively detected by using Ping scanning or even SYN scanning technology, and thus, the whole vulnerability detection process is involved in a port scanning stage.
Then, most of the existing leak library systems are constructed based on camera type numbers, but the camera products are various, and the leak library cannot be updated in real time. Although the theoretical efficiency is high, in practice, because the supported camera models are limited, once a new model or an unknown model of camera is encountered, the real efficiency is not high, and even a bug cannot be successfully detected.
Meanwhile, because many of the existing vulnerability library systems are based on service description, a certain vulnerability is discovered for a certain service, so that the new camera vulnerability library cannot be compatible with the existing vulnerability library system and cannot utilize the achievements of the traditional vulnerability library system.
Therefore, although the application scene of the camera vulnerability detection is considered in the prior art, the essence of the application scene is not considered carefully, so that the application scene is dependent on manual maintenance too much, and the practical value is not great.
Disclosure of Invention
The invention aims to provide a system and a method for detecting loopholes of a network monitoring camera, which aim to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a network surveillance camera vulnerability detection system, comprising:
the camera identification feature library module takes the brand or model of the camera as an index, and stores open services of the cameras with various models and equipment features;
the camera host discovery module is used for reading the camera identification feature library, sending a specific data packet to a network, and comparing whether the returned data packet is consistent with the record in the identification feature library;
the camera vulnerability library module takes the brand or the model of the network service or the camera as an index and stores a plurality of known vulnerability verification scripts;
the camera vulnerability detection module is used for executing a vulnerability verification script and performing vulnerability verification;
and the camera vulnerability detection report generation module is used for generating a vulnerability detection report for a system administrator or a user to read.
Further, the device characteristics stored in the camera identification characteristic library are a group of data packets, including a specific data packet to be transmitted and a specific response data packet made by the target device.
A detection method of a vulnerability detection system of a network monitoring camera comprises the following steps:
step S102, reading characteristics: reading a camera identification feature library through a camera host discovery module, sending a specific data packet to a network, and comparing whether the returned data packet is consistent with records in the identification feature library or not so as to judge whether the data packet is read to obtain information of a target camera host or not;
step S104, vulnerability detection: according to the model of the camera host obtained in the last step and the opened service, verifying the vulnerability through a camera vulnerability detection module according to a camera vulnerability library module, so as to reduce the number of scripts to be used, execute a vulnerability verification script, perform vulnerability verification and judge whether the vulnerability exists;
step S106, report generation: and according to the result, generating a vulnerability detection report through a camera vulnerability detection report generating module so as to be read by a system administrator or a user.
Further, in step S102, the method for determining whether to read the data packet to obtain the information of the target camera host includes reading the data packet and obtaining the information of the target camera host if the comparison result of the data packet has a record higher than the matching degree set by the user, to obtain a specific model of the target camera host, and inquiring whether the user initiates a conventional port scan if there is no corresponding record.
Further, in step S104, the method for determining whether a vulnerability exists includes verifying that a vulnerability exists if the returned data of the target host meets the expectation of the vulnerability verification script, and otherwise, determining that a vulnerability does not exist.
Compared with the prior art, the invention has the beneficial effects that:
1. in the aspect of system architecture, a camera identification feature library module is added, and camera detailed information and a specific sending datagram-response data packet are stored. And supporting an accurate scanning method based on the recognition feature library.
2. In the aspect of target identification, an accurate scanning mode based on an identification feature library is used instead of a traditional port scanning mode, so that the detection efficiency and accuracy are improved. Meanwhile, when the accurate scanning mode is unsuccessful, the method can be compatible with the traditional port scanning mode.
3. In the aspect of vulnerability detection, a network service is additionally arranged in the vulnerability database as an index mode, so that the vulnerability database is compatible with a traditional vulnerability database based on a network service index, and vulnerability detection capability is enhanced, particularly vulnerability detection capability under the condition that the model of equipment cannot be identified.
Drawings
FIG. 1 is a schematic diagram of a vulnerability detection system of a network monitoring camera according to the present invention;
FIG. 2 is a main flowchart of a detection method of the vulnerability detection system of the network monitoring camera according to the present invention;
fig. 3 is a block diagram of a detection method of the vulnerability detection system of the network monitoring camera according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-3, the present invention provides a technical solution: a network monitoring camera vulnerability detection system and a detection method thereof are disclosed, wherein each module and the implementation method are as follows:
1. camera recognition characteristic library module
And taking the brand or model of the camera as an index, and storing the open services of the cameras of various models and the equipment characteristics. For example, the following is a record in the feature library:
camera brand: haikangwei vision
Camera open service: HTTP, HTTPS, SSH, RTSP, FTP
And (3) sending a data packet:
and (3) source IP: native IP
Destination IP: 239.255.255.250
Protocol: UDP
Source port: 37020
Destination port: 37020
UDP payload content:
<?xml version="1.0"encoding="utf-8"?>
<Probe>
<Uuid></Uuid>
<Types>inquiry</Types>
</Probe>
responding to the data packet:
and (3) source IP: target device IP
Destination IP: native IP
Protocol: UDP
Source port: 37020
Destination port: 37020
UDP payload content:
<?xml version="1.0"encoding="UTF-8"?>
<ProbeMatch>
< Uuid > [ UUID at the time of transmission ]
[ detailed information of apparatus ]
</ProbeMatch>
The record is almost effective for the cameras of Haikangwei brand, the detailed information part of the equipment can carry the detailed configuration information of the target equipment, and the source of the record is obtained by analyzing the communication protocol of the Haikangwei brand cameras by security analysts, so that the record has high reliability.
2. Camera host discovery module
And reading the camera identification feature library, sending a specific data packet to the network, and comparing whether the returned data packet is consistent with the record in the identification feature library.
Step S102, reading characteristics: assuming that we need to find a Haikangwei brand camera or want to know whether the target camera is a Haikangwei brand, the module only needs to read the record exemplified in 1, send the "send data packet" part to the network by using a frame such as Python Scapy, and wait for a reply on the network. If the returned data packet can be analyzed by using the format in the response data packet, the camera can be determined to be the Haekwev camera, and if no reply is made or the reply content is not in the format, the possibility of the Haekvvv camera can be eliminated. The method can determine whether the camera is a Haekwover camera by only sending one packet, and the traditional port scanning mode can determine whether the camera is a Haekwover camera by continuously sending data packets to different ports.
3. Camera vulnerability library module
The vulnerability database takes the brand or model of the network service or the camera as an index and stores a plurality of known vulnerability verification scripts. This is for example a record in the vulnerability library:
and numbering a vulnerability CVE: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880
Vulnerability applicable brands: haikangwei vision
Vulnerability adaptation service: RTSP service
Vulnerability level: fatal disease
Vulnerability verification script: hikvision _ rtsp _ buffer _ overflow _ poc
Vulnerability hazard: since Hikvision monitoring equipment improperly processes RTSP (real time streaming protocol) requests, the vulnerability attacker can perform denial of service attack on the equipment, even directly acquire the highest authority of the equipment.
The vulnerability repairing method comprises the following steps: updating device firmware
Leak slow release measures: and closing the RTSP service, or enabling the firewall to shield an RTSP default port from the external network.
4. Camera leak detection module
Step S104, vulnerability detection: and according to the model of the camera host obtained in the last step and the opened service, reducing the number of scripts to be used, executing a vulnerability verification script, performing vulnerability verification, if the returned data of the target host meets the expectation of the vulnerability verification script, proving that a vulnerability exists, otherwise, considering that the vulnerability does not exist.
The vulnerability detection method is divided into two modes: the method comprises a general detection mode (vulnerability verification is carried out as accurately as possible to ensure speed) and a wide detection mode (vulnerability verification scripts are tried as many as possible to ensure comprehensiveness), and meets the requirements under different scenes.
In the general detection mode: only if the target device is detected to be the Haikangwei brand in the step S102, the vulnerability verification script stored in the camera vulnerability library module is started to try to perform vulnerability verification.
In the broad detection mode: in step S102, a specific camera brand or a non-Haokawav brand cannot be identified, but it is identified that the device opens the RTSP service, and similar vulnerabilities may exist in consideration of different brands of cameras sometimes having the same service. The system will also try to use the script, which can improve the compatibility and detection effect of the unknown brand camera.
If the system cannot identify the camera brand in step S102, the system automatically switches to the wide detection mode.
5. Camera leak detection report generation module
Step S106, report generation: generating user-friendly readable vulnerability detection reports
The invention carries out vulnerability detection on the network camera by quickly and accurately identifying the model of the network camera and the provided network service so as to discover the security vulnerability of the network camera, generate a detection report which can be read by a system administrator or a user, and provide corresponding vulnerability slow-release measures and repair suggestions.
Compared with the traditional camera vulnerability library, the vulnerability library module in the system provided by the invention has the advantages that the vulnerability library module has higher scanning speed for the cameras with known models because the network service type is introduced as the index; the method has stronger compatibility for the camera models of strange models, and is convenient for introducing the samples of the existing network leak library.
Compared with the traditional Web vulnerability scanning system and a host vulnerability scanning system, the vulnerability detection module in the system provided by the invention can more effectively and pertinently discover the security vulnerability and the vulnerability of the network monitoring camera and provide corresponding vulnerability slow-release measures and repair suggestions.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (5)

1. The utility model provides a first vulnerability detection system of network surveillance camera which characterized in that includes:
the camera identification feature library module takes the brand or model of the camera as an index, and stores open services of the cameras with various models and equipment features;
the camera host discovery module is used for reading the camera identification feature library, sending a specific data packet to a network, and comparing whether the returned data packet is consistent with the record in the identification feature library;
the camera vulnerability library module takes the brand or the model of the network service or the camera as an index and stores a plurality of known vulnerability verification scripts;
the camera vulnerability detection module is used for executing a vulnerability verification script and performing vulnerability verification;
and the camera vulnerability detection report generation module is used for generating a vulnerability detection report for a system administrator or a user to read.
2. The system of claim 1, wherein the device characteristics stored in the camera identification characteristic library are a set of data packets, including a specific data packet to be transmitted and a specific response data packet made by the target device.
3. A detection method of a vulnerability detection system of a network monitoring camera is characterized by comprising the following steps:
step S102, reading characteristics: reading a camera identification feature library through a camera host discovery module, sending a specific data packet to a network, and comparing whether the returned data packet is consistent with records in the identification feature library or not so as to judge whether the data packet is read to obtain information of a target camera host or not;
step S104, vulnerability detection: according to the model of the camera host obtained in the last step and the opened service, verifying the vulnerability through a camera vulnerability detection module according to a camera vulnerability library module, so as to reduce the number of scripts to be used, execute a vulnerability verification script, perform vulnerability verification and judge whether the vulnerability exists;
step S106, report generation: and according to the result, generating a vulnerability detection report through a camera vulnerability detection report generating module so as to be read by a system administrator or a user.
4. The method according to claim 3, wherein in step S102, the method for determining whether to read the data packet to obtain the information of the target camera host includes reading the data packet and obtaining the information of the target camera host if the comparison result of the data packet has a record with a matching degree higher than that set by a user, so as to obtain a specific model of the target camera host, and inquiring whether the user initiates a conventional port scan if there is no corresponding record.
5. The method for detecting the vulnerability of the network monitoring camera according to claim 3, wherein in the step S104, the method for judging whether the vulnerability exists comprises the steps of if the returned data of the target host meets the expectation of the vulnerability verification script, then the vulnerability is proved to exist, otherwise, the vulnerability is considered to not exist.
CN201910326681.3A 2019-04-23 2019-04-23 Vulnerability detection system and detection method for network monitoring camera Pending CN111835693A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910326681.3A CN111835693A (en) 2019-04-23 2019-04-23 Vulnerability detection system and detection method for network monitoring camera

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910326681.3A CN111835693A (en) 2019-04-23 2019-04-23 Vulnerability detection system and detection method for network monitoring camera

Publications (1)

Publication Number Publication Date
CN111835693A true CN111835693A (en) 2020-10-27

Family

ID=72912392

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910326681.3A Pending CN111835693A (en) 2019-04-23 2019-04-23 Vulnerability detection system and detection method for network monitoring camera

Country Status (1)

Country Link
CN (1) CN111835693A (en)

Similar Documents

Publication Publication Date Title
US11374835B2 (en) Apparatus and process for detecting network security attacks on IoT devices
US7565693B2 (en) Network intrusion detection and prevention system and method thereof
US8015605B2 (en) Scalable monitor of malicious network traffic
CN109063486B (en) Safety penetration testing method and system based on PLC equipment fingerprint identification
CN111447089A (en) Terminal asset identification method and apparatus, and computer-readable storage medium
CN111541892A (en) Method for identifying camera device in local area network, data exchange equipment and system
CN112818352B (en) Database detection method and device, storage medium and electronic device
CN112235161A (en) Camera network protocol fuzzy test method based on FSM
CN110768949A (en) Vulnerability detection method and device, storage medium and electronic device
CN105656730A (en) Network application quick discovery method and system based on TCP data packet
CN114500115B (en) Auditing device, system and method for flow data packet
Shi et al. The penetration testing framework for large-scale network based on network fingerprint
CN112291213A (en) Abnormal flow analysis method and device based on intelligent terminal
CN111526109B (en) Method and device for automatically detecting running state of web threat recognition defense system
Rodríguez et al. Superspreaders: Quantifying the role of IoT manufacturers in device infections
CN105515909A (en) Data collection test method and device
CN111193727A (en) Operation monitoring system and operation monitoring method
Pashamokhtari et al. Progressive monitoring of iot networks using sdn and cost-effective traffic signatures
CN112769635B (en) Service identification method and device for multi-granularity feature analysis
CN116070218B (en) Industrial asset detection method, terminal equipment and storage medium
KR20190106103A (en) Preemptive response system for new information security vulnerability, and method thereof
CN111835693A (en) Vulnerability detection system and detection method for network monitoring camera
CN110620661A (en) System and method for writing key into intelligent equipment
Ishibashi et al. Which packet did they catch? Associating NIDS alerts with their communication sessions
KR100920528B1 (en) Method and system of detecting and defensing arp spoofing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20201027

WD01 Invention patent application deemed withdrawn after publication