CN112152972A - Method and device for detecting IOT equipment vulnerability and router - Google Patents
Method and device for detecting IOT equipment vulnerability and router Download PDFInfo
- Publication number
- CN112152972A CN112152972A CN201910570876.2A CN201910570876A CN112152972A CN 112152972 A CN112152972 A CN 112152972A CN 201910570876 A CN201910570876 A CN 201910570876A CN 112152972 A CN112152972 A CN 112152972A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- message
- test
- iot
- iot device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000012360 testing method Methods 0.000 claims description 180
- 238000001514 detection method Methods 0.000 claims description 11
- 238000002347 injection Methods 0.000 claims description 9
- 239000007924 injection Substances 0.000 claims description 9
- 238000000605 extraction Methods 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 239000000243 solution Substances 0.000 description 4
- 230000002411 adverse Effects 0.000 description 2
- 238000013075 data extraction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a method and a device for detecting IOT equipment loopholes and a router; the method comprises the following steps: receiving a data message sent by the IOT equipment; generating a characteristic identifier according to the data message; judging whether the characteristic identification is an identification corresponding to a preset vulnerability or not; if so, generating prompt information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification. According to the method for detecting the IOT equipment vulnerability, the data message sent by the IOT equipment is subjected to feature extraction to generate the feature identification, and then the feature identification is subjected to feature judgment to judge whether the IOT equipment has the vulnerability or not. Because the router is a hub for connecting the IOT device and the network side device, and all data sent by the IOT device to the network side are transmitted outward through the router, the method for implementing the front-side IOT device vulnerability in the router can conveniently monitor the data packet sent by the IOT device and determine the vulnerability of the IOT device.
Description
Technical Field
The application relates to the technical field of wireless local area networks, in particular to a method and a device for IOT equipment vulnerability; in addition, the application also provides a router for realizing the method.
Background
With the gradual engineering implementation Of the concept Of internet Of things, many home offices begin to deploy iot (internet Of things) devices such as web cameras. However, because the user does not know the networking characteristics of the IOT device and has no network security awareness, the user may set a default account password after deploying the IOT device, and will not update the driver of the IOT device to prevent vulnerability attacks.
Disclosure of Invention
The application provides a method and a device for detecting IOT equipment bugs, which can realize early discovery of the IOT equipment bugs and avoid malicious attack or leakage of user information.
In one aspect, the present application provides a method for detecting a vulnerability of an IOT device, which is applied to a router, and includes:
receiving a data message sent by the IOT equipment;
generating a characteristic identifier according to the data message;
judging whether the characteristic identification is an identification corresponding to a preset vulnerability or not;
if so, generating prompt information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification.
Optionally, before receiving the data packet sent by the IOT device, the method further includes:
generating a vulnerability test message; the vulnerability test message comprises a test code;
sending the vulnerability testing message to the IOT equipment;
judging whether the feature identification is an identification corresponding to a preset vulnerability, including: and judging whether the characteristic mark is a mark matched with the test code.
Optionally, the test code is a code including a weak password.
Optionally, before generating the vulnerability test packet, the method includes:
detecting whether the IOT equipment opens a remote login port or not;
if yes, generating the vulnerability test message; the vulnerability test message comprises the port number of the remote login port.
Optionally, the test code is a code including malicious command injection.
Optionally, before receiving the data packet sent by the IOT device, the method further includes:
generating a vulnerability test message; the vulnerability test message comprises a test code;
sending the vulnerability testing message to the IOT equipment;
the generating of the feature identifier according to the data packet includes: counting the destination address of the data message or counting the message flow corresponding to the destination address;
judging whether the feature identification is an identification corresponding to a preset vulnerability, including: and judging whether the destination address is a destination address corresponding to a preset vulnerability or not, or judging whether the message flow is greater than a preset threshold value or not.
Optionally, before generating the vulnerability test packet, the method includes: determining a type of the IOT device;
the generating of the vulnerability testing message comprises: and selecting a program code corresponding to the IOT equipment according to the type of the IOT equipment, and generating the test vulnerability message.
In another aspect, the present application provides an apparatus for detecting a vulnerability of an IOT device, including:
a receiving unit, configured to receive a data packet sent by the IOT device;
the identification generation unit is used for generating a characteristic identification according to the data message;
the judging unit is used for judging whether the characteristic identifier is an identifier corresponding to a preset bug, and then judging whether the IOT equipment has the preset bug;
the prompting unit is used for generating prompting information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification.
Optionally, the apparatus further comprises:
the test message generating unit is used for generating a vulnerability detection message; the vulnerability detection message comprises a test code;
a sending unit, configured to send the vulnerability test packet to the IOT device;
the judging unit judges whether the feature identifier is an identifier corresponding to a preset vulnerability, and includes: and judging whether the characteristic mark is a mark matched with the test code.
Optionally, the test code is a code including a weak password.
Optionally, the apparatus further comprises:
a detecting unit, configured to detect whether the IOT device opens a remote login port;
the test message generating unit generates the vulnerability test message when the IOT equipment starts a remote login interface; the vulnerability test message comprises the port number of the remote login port.
Optionally, the test code of the apparatus is a code including malicious command injection.
Optionally, the apparatus further comprises: the test message generating unit is used for generating a vulnerability test message; the vulnerability test message comprises a test code;
a sending unit, configured to send the vulnerability test packet to the IOT device;
the identification generation unit generates a characteristic identification according to the data message, and the characteristic identification comprises the following steps:
counting the destination address of the data message or counting the message flow corresponding to the destination address;
the judging unit judges whether the feature identifier is an identifier corresponding to a preset vulnerability, and the judging unit includes: and judging whether the destination address is a destination address corresponding to a preset vulnerability or not, or judging whether the message flow is greater than a preset threshold value or not.
Optionally, the apparatus further comprises:
a device type determining unit, configured to determine a type of the IOT device before the vulnerability test packet is generated;
the test message generating unit generates a vulnerability test message, including: and selecting a program code corresponding to the IOT equipment according to the type of the IOT equipment, and generating the test vulnerability message.
The application also provides a router, which comprises a wireless transceiver and a processor;
the wireless transceiver is used for transceiving wireless signals;
the processor is used for executing the method for detecting the IOT equipment vulnerability.
According to the method for detecting the IOT equipment vulnerability, the data message sent by the IOT equipment is subjected to feature extraction to generate the feature identification, and then the feature identification is subjected to feature judgment to judge whether the IOT equipment has the vulnerability or not. Because the router is a hub for connecting the IOT device and the network side device, and all data sent by the IOT device to the network side are transmitted outward through the router, the method for implementing the front-side IOT device vulnerability in the router can conveniently monitor the data packet sent by the IOT device and determine the vulnerability of the IOT device.
Drawings
Fig. 1 is a flowchart of a method for detecting vulnerabilities of an IOT device according to an embodiment;
FIG. 2 is a flowchart of a method for detecting vulnerabilities of an IOT device according to the second embodiment;
fig. 3 is a flowchart of a method for detecting a vulnerability of an IOT device according to the third embodiment;
fig. 4 is a schematic structural diagram of an apparatus for detecting a vulnerability of an IOT device according to a fourth embodiment;
wherein: 11-receiving unit 11, 12-identification generating unit 12, 13-judging unit 13, 14-prompting unit 14.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
The application provides a method for detecting the vulnerability of an IOT device, which is applied to a router and judges whether the IOT device has the vulnerability or not by detecting a data message which is sent by the IOT device and passes through the router.
Example one
Fig. 1 is a flowchart of a method for detecting an IOT device vulnerability according to an embodiment. As shown in fig. 1, the detection method provided by the embodiment of the present application includes steps S101 to S104.
S101: and receiving a data message sent by the IOT equipment.
After the IOT device is connected to the router, if the IOT device communicates with a network side device (such as a server on the network side), the IOT device sends a data packet to the router, and the router forwards the data packet. Similarly, if the IOT device has a bug and is utilized, the IOT device may send a data packet to the network side to return a specific result to the network side device, and the data packet may be forwarded through the router. Therefore, the router may determine whether the IOT device has a corresponding vulnerability by performing the data packet sent by the IOT device.
S102: and generating a characteristic identifier according to the data message.
After receiving the data message sent by the IOT, the router can process the data message; and determining the corresponding characteristic identifier according to the content identification of the data message or the length identification of the data message.
Specifically, generating the feature identifier of the data packet may include: (1) the destination IP address in the data packet is identified. (2) Identifying application layer content data in the data message, such as whether sensitive field content is included, whether user information content is included, and the like; (3) and counting the data flow of the data message. Generally, the data message can be used as the feature identifier as long as the fact that the IOT device can determine some abnormal communication operation through experience and the feature identifier can be used as the feature identifier of the data message.
In practical application, the type characteristics of the message sent out by the IOT equipment correspondingly are determined to determine the corresponding identifier of the message by identifying the vulnerability problem which may occur to the IOT equipment.
S103: judging whether the characteristic identifier is an identifier corresponding to a preset vulnerability or not; if yes, go to step S104.
Judging whether the characteristic identifier is an identifier corresponding to a preset vulnerability, namely comparing the characteristic identifier with information in a vulnerability identifier library stored in the router; and various discovered network equipment vulnerabilities and corresponding identification information are stored in the vulnerability identification library.
In specific application, the router can synchronize with the vulnerability database to acquire the latest vulnerability data information.
S104: and generating prompt information.
And after the characteristic identifier is determined to be the identifier corresponding to the preset vulnerability, the router generates prompt information. The prompt information comprises an IOT device identifier and a preset vulnerability identifier so as to prompt a user that a vulnerability problem may occur in a certain IOT device.
In a specific application, the router may present the hint information to the user in several possible ways: (1) sending a prompt message to a management terminal, wherein the prompt message comprises the prompt information; (2) and directly displaying the prompt information on a display terminal of the user to inform the user that the corresponding IOT equipment may have problems.
In addition, in addition to determining that the IOT device has the foregoing vulnerability, in order to avoid information leakage of the user or other adverse consequences caused by the foregoing vulnerability, forwarding of the data packet corresponding to the vulnerability may be blocked.
As can be seen from the foregoing description, in the method for detecting a vulnerability of an IOT device provided in the embodiment of the present application, a feature is generated by performing feature extraction on a data packet sent by the IOT device, and then a feature judgment is performed on the feature, so as to determine whether the IOT device has a vulnerability. Because the router is a hub for connecting the IOT device and the network side device, and all data sent by the IOT device to the network side are transmitted outward through the router, the method for implementing the front-side IOT device vulnerability in the router can conveniently monitor the data packet sent by the IOT device and determine the vulnerability of the IOT device.
Example two
Fig. 2 is a flowchart of a method for detecting an IOT device vulnerability, provided in the second embodiment. As shown in fig. 2, the method provided by the present embodiment includes steps S201 to S206. It should be noted that the method provided by the present embodiment is also applied in a router.
S201: and generating a vulnerability test message.
The vulnerability test message is a message used for triggering whether the IOT device contains some specific vulnerabilities, and includes test codes used for triggering execution of corresponding vulnerability programs in the IOT device. In practical application, the test code is stored in the vulnerability identification database. In specific application, the router can synchronize with the vulnerability database to acquire the latest vulnerability data information.
In specific use, the test code may be selected according to the types of vulnerabilities that may exist in the IOT device that needs to be detected. In some applications, the IOT device may set a default account number and password; correspondingly, the test code may be a code including a weak password, for example, the test code may include a code with an admin account and a 123456 password. In other applications, the database in the IOT device may have logical vulnerability to data extraction; correspondingly, the test code may include a code for malicious command injection, for example, the test code may be a similar SQL command code such as true ═ 1or false ═ 0. In other embodiments, the test code may be a trigger code corresponding to a backdoor vulnerability that has been validated.
S202: and sending a vulnerability test message to the IOT equipment.
And the router generates a test message and sends the vulnerability test message to the IOT equipment. It should be noted that, in practical application, the router sends the vulnerability test message to the IOT device by using a communication protocol shared by the router and the IOT device, which may be a WIFI protocol, a bluetooth protocol, or a Zigbee protocol, or may be a wired communication protocol.
S203: and receiving a data message sent by the IOT equipment.
In step S203, there may be two types of data packets sent by the IOT according to different application targets: one is data message sent out to fulfill normal application requirement; for example, if the IOT device is a network camera, the data packet includes a packet including image information and collected to be sent to a server on the network side; the other is a response message generated after the test code is loaded after the bug test message is received in the IOT equipment.
S204: generating a characteristic identifier according to the data message;
after receiving the data message sent by the IOT, the router can process the data message; and determining the corresponding characteristic identifier according to the content identification of the data message or the length identification of the data message.
Since the router has already sent the packet including the vulnerability test code to the IOT device in step S202, in step S204, the corresponding content in the data packet is mainly extracted according to the rule corresponding to the test code, and the feature identifier of the data packet is determined.
For example: under the condition that the test code is a weak password code, the characteristic identification generated according to the data message is an identification for judging whether the authentication passes or not; under the condition that the test code is a command injection code, the characteristic identification generated according to the data message is an identification for judging whether to return specific database information or not; and under the condition that the test code is a trigger code corresponding to the backdoor vulnerability, generating a characteristic identifier according to the data message, wherein the characteristic identifier is an identifier of whether the characteristic identifier is backdoor feedback information or not.
S205: judging whether the characteristic mark is a mark matched with the test code; if yes, go to step S206.
In addition to the test code, the vulnerability database also includes an identifier corresponding to a preset vulnerability related to the test code. And judging whether the characteristic identifier is an identifier corresponding to the preset vulnerability, namely comparing the characteristic identifier with information in a vulnerability identifier library.
S206: and generating prompt information.
And after the characteristic identifier is determined to be the identifier corresponding to the preset vulnerability, the router generates prompt information. The prompt information comprises an IOT device identifier and a preset vulnerability identifier so as to prompt a user that a vulnerability problem may occur in a certain IOT device.
In a specific application, the router may present the hint information to the user in several possible ways: (1) sending a prompt message to a management terminal, wherein the prompt message comprises the prompt information; (2) and directly displaying the prompt information on a display terminal of the user to inform the user that the corresponding IOT equipment may have problems.
In addition, in addition to determining that the IOT device has the foregoing vulnerability, in order to avoid information leakage of the user or other adverse consequences caused by the foregoing vulnerability, forwarding of the data packet corresponding to the vulnerability may be blocked.
According to the method for detecting the IOT equipment vulnerability, a vulnerability test message including a test code is generated firstly aiming at the problem that some vulnerabilities in the IOT equipment need to be shown under a trigger instruction or a trigger condition; and sending the vulnerability test message to the IOT equipment so that the IOT equipment generates a corresponding response according to the vulnerability test message.
If the IOT equipment does not execute corresponding operation after receiving the vulnerability test message and extracting the test code, the IOT equipment does not have the vulnerability; if the IOT equipment executes corresponding operation after receiving the vulnerability test message and extracting the test code and generates a specific data message, the IOT equipment can be verified to have a corresponding vulnerability; by identifying the specific data message sent by the IOT equipment, namely by identifying the message including the identifier corresponding to the preset bug, the IOT equipment is falsely verified to be triggered by the test code, and then the IOT equipment is verified to include the bug.
Under the condition that the IOT equipment is verified to have the corresponding bug, the corresponding bug problem can be notified to the user, so that the user can repair the bug or stop the IOT equipment from working as soon as possible.
In a specific application, the router may store a corresponding vulnerability solution, and when the prompt information is generated, the vulnerability solution may also be generated for the user to select.
In the embodiment of the application, if the test code is a code including a weak password, the corresponding vulnerability test message is used for testing whether the remote login of the IOT device sets the weak password which is easy to be broken. Authentication is performed on the premise of determining whether the IOT device has activated the telnet function.
Therefore, before generating the vulnerability test message in S101, the method may further include S100: whether the IOT equipment opens the remote login port is detected. In a specific application, the remote login port may be a port corresponding to, for example, a Telnet protocol, or a port corresponding to another protocol.
After determining that the IOT device opens the remote login port and obtains the port number of the remote login port, generating a vulnerability test message, wherein the vulnerability test message comprises the port number of the remote login port.
EXAMPLE III
Fig. 3 is a flowchart of a method for detecting an IOT device vulnerability, provided in the third embodiment. As shown in fig. 3, the method provided by the present embodiment includes steps S301 to S306.
S301: and generating a vulnerability test message.
The vulnerability test message is a message used for triggering whether the IOT device contains some specific vulnerabilities, and includes test codes used for triggering execution of corresponding vulnerability programs in the IOT device. In practical application, the test code is stored in the vulnerability identification database. In specific application, the router can synchronize with the vulnerability database to acquire the latest vulnerability data information.
In specific use, the test code may be selected according to the types of vulnerabilities that may exist in the IOT device that needs to be detected. In some applications, the IOT device may set a default account number and password; correspondingly, the test code may be a code including a weak password, for example, the test code may include a code with an admin account and a 123456 password. In other applications, the database in the IOT device may have logical vulnerability to data extraction; correspondingly, the test code may include a code for malicious command injection, for example, the test code may be a similar SQL command code such as true ═ 1or false ═ 0. In other embodiments, the test code may be a trigger code corresponding to a backdoor vulnerability that has been validated.
S302: and sending the vulnerability test message to the IOT equipment.
And the router generates a test message and sends the vulnerability test message to the IOT equipment. It should be noted that, in practical application, the router sends the vulnerability test message to the IOT device by using a communication protocol shared by the router and the IOT device, which may be a WIFI protocol, a bluetooth protocol, or a Zigbee protocol, or may be a wired communication protocol.
S303: and receiving a data message sent by the IOT equipment.
In step 303, there may be two types of data packets sent by IOT according to different application targets: one is data message sent out to fulfill normal application requirement; for example, if the IOT device is a network camera, the data packet includes a packet including image information and collected to a legitimate server on the network side; the other is a response message generated after loading a test code after receiving a vulnerability test message in the IOT equipment; and the response message is a message sent to a specific illegal server on the network side.
S304: and counting the destination address of the data message and counting the message flow corresponding to the destination address.
In this embodiment, the vulnerability detection of the IOT device is used to detect whether the IOT device has become a zombie device in a zombie network or whether the IOT device sends collected information such as images and sounds to a remote server.
If the IOT equipment has the vulnerability, triggering the vulnerability; in the data packet sent by the IOT device, a large number of destination addresses of the data packet are specific destination addresses, that is, data
Including the specific destination address. Therefore, the destination address of the data message sent by the IOT device and the traffic corresponding to the destination address can be counted.
S305: judging whether the destination address is a destination address corresponding to a preset vulnerability or not, and whether the message flow corresponding to the destination address is larger than a preset threshold value or not; if yes, go to step S306.
In this embodiment, the criterion for determining whether the IOT device includes the preset vulnerability is to determine whether the router sends the data packet exceeding a set threshold amount to the illegal destination address. If so, it is determined that the IOT device transmits a large amount of information, such as influence and sound, to a remote illegal server, and the IOT device includes a bug corresponding to the program code, and thus S306 is performed.
S306: and generating prompt information. The prompt information comprises an IOT device identifier and a preset vulnerability identifier so as to prompt a user that a vulnerability problem may occur in a certain IOT device.
In a specific application, the router may store a corresponding vulnerability solution, and when the prompt information is generated, the vulnerability solution may also be generated for the user to select.
According to the method for detecting the IOT equipment vulnerability, a vulnerability test message including a test code is generated firstly aiming at the problem that some vulnerabilities in the IOT equipment need to be shown under a trigger instruction or a trigger condition; and sending the vulnerability test message to the IOT equipment so that the IOT equipment generates a corresponding response according to the vulnerability test message.
If the IOT equipment does not execute corresponding operation after receiving the vulnerability test message and extracting the test code, the IOT equipment does not have the vulnerability; and if the IOT equipment executes corresponding operation after receiving the vulnerability test message and extracting the test code, and sends a large amount of data messages such as locally acquired images, sounds and the like to the illegal server, the IOT equipment is proved to have the corresponding vulnerability. The method comprises the steps of counting the flow of a data message which is sent by the IOT equipment and comprises an illegal destination address, judging whether the flow is too large, namely, whether the IOT equipment is triggered by a test code is verified against the evidence, and then verifying that the IOT equipment comprises a bug.
In the embodiment of the application, whether the IOT device includes the corresponding vulnerability or not can be determined by counting the message traffic to the destination address corresponding to the preset vulnerability (i.e., the destination address of the illegal server). In other embodiments, it may be determined only whether the destination address of the data message is a destination address that wins the predetermined bug bet.
In the two embodiments (embodiment one and embodiment two), before generating the vulnerability test packet, the type of the IOT device may also be determined. Correspondingly, generating the vulnerability test message comprises selecting a program code corresponding to the IOT equipment according to the type of the IOT equipment, and generating the vulnerability test message. In a specific application, the type of the IOT device may be determined by the source address of the IOT device, and the device name and model information in the IOT device message. By determining the type of the IOT equipment and selecting the corresponding program code to generate the vulnerability test message, the test quantity of the IOT equipment can be simplified, and the resource consumption of unnecessary tests is reduced.
Besides providing the method for detecting the IOT equipment vulnerability, the application also provides a device for detecting the IOT equipment vulnerability.
Example four
Fig. 4 is a schematic structural diagram of an apparatus for detecting an IOT device vulnerability according to a fourth embodiment. As shown in fig. 4, the apparatus provided in the present embodiment includes a receiving unit 11, an identifier generating unit 12, a judging unit 13, and a prompting unit 14.
Wherein, the receiving unit 11 is configured to receive a data packet sent by the IOT device; the identifier generating unit 12 is configured to generate a feature identifier according to the data packet; a determining unit 13, configured to determine whether the feature identifier is an identifier corresponding to a preset bug, and then determine whether the IOT device has the preset bug; the prompting unit 14 is used for generating prompting information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification.
In an improved embodiment, the apparatus for detecting a vulnerability of an IOT device may further include a test packet generation unit and a sending unit. The test message generating unit is used for generating a vulnerability detection message; the vulnerability detection message comprises a test code; the sending unit is configured to send the vulnerability testing packet to the IOT device; the corresponding judging unit 13 judges whether the feature identifier is an identifier corresponding to a preset vulnerability, including: and judging whether the characteristic mark is a mark matched with the test code.
Correspondingly, the test code includes code for weak passwords or code for malicious command injection.
In another improved embodiment, the aforementioned apparatus may further include a detection unit. A detecting unit, configured to detect whether the IOT device opens a remote login port; correspondingly, the test message generating unit generates the vulnerability test message when the IOT equipment starts a remote login interface; the vulnerability test message comprises the port number of the remote login port.
In some other embodiments, the apparatus may further include a test packet generating unit and a sending unit; the test message generating unit is used for generating a vulnerability test message; the vulnerability test message comprises a test code; the sending unit is used for sending the vulnerability testing message to the IOT equipment; the identifier generating unit 12 generates a feature identifier according to the data packet, including: counting the destination address of the data message or counting the message flow corresponding to the destination address; the determining unit 13 determines whether the feature identifier is an identifier corresponding to a preset vulnerability, including: and judging whether the destination address is a destination address corresponding to a preset vulnerability or not, or judging whether the message flow is greater than a preset threshold value or not.
The apparatus for detecting IOT device vulnerabilities provided in some embodiments further comprises a device type determination unit. A device type determining unit, configured to determine a type of the IOT device before the vulnerability test packet is generated; the test message generating unit generates the bug test message, which comprises the following steps: and selecting a program code corresponding to the IOT equipment according to the type of the IOT equipment, and generating the test vulnerability message.
The present application also provides a router comprising a processor and a wireless transmitter; the wireless transmitter is used for transmitting a wireless signal; the processor is used for executing the method for detecting the IOT device vulnerability provided by the foregoing embodiments.
A1. A method for detecting IOT equipment loopholes is applied to a router and comprises the following steps:
receiving a data message sent by the IOT equipment;
generating a characteristic identifier according to the data message;
judging whether the characteristic identification is an identification corresponding to a preset vulnerability or not;
if so, generating prompt information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification.
A2. According to the method for detecting the IOT device vulnerability, before receiving the data packet sent by the IOT device, the method further includes:
generating a vulnerability test message; the vulnerability test message comprises a test code;
sending the vulnerability testing message to the IOT equipment;
judging whether the feature identification is an identification corresponding to a preset vulnerability, including: and judging whether the characteristic mark is a mark matched with the test code.
A3. According to the method for detecting the IOT equipment vulnerability described in A2, the test code is a code comprising a weak password.
A4. According to the method for detecting the IOT device vulnerability described in a3, before generating the vulnerability test packet, the method includes:
detecting whether the IOT equipment opens a remote login port or not;
if yes, generating the vulnerability test message; the vulnerability test message comprises the port number of the remote login port.
A5. According to the method of detecting IOT device vulnerabilities described in a2,
the test code is code that includes malicious command injection.
A6. The method for detecting the IOT device vulnerability according to claim 1, before receiving the data packet sent by the IOT device, further comprising:
generating a vulnerability test message; the vulnerability test message comprises a test code;
sending the vulnerability testing message to the IOT equipment;
the generating of the feature identifier according to the data packet includes: counting the destination address of the data message or counting the message flow corresponding to the destination address;
judging whether the feature identification is an identification corresponding to a preset vulnerability, including: and judging whether the destination address is a destination address corresponding to a preset vulnerability or not, or judging whether the message flow is greater than a preset threshold value or not.
A7. The method of detecting IOT device vulnerabilities according to any of a2-6,
before generating the vulnerability test message, the method comprises the following steps: determining a type of the IOT device;
the generating of the vulnerability testing message comprises: and selecting a program code corresponding to the IOT equipment according to the type of the IOT equipment, and generating the test vulnerability message.
A8. An apparatus to detect IOT device vulnerabilities, comprising:
a receiving unit, configured to receive a data packet sent by the IOT device;
the identification generation unit is used for generating a characteristic identification according to the data message;
the judging unit is used for judging whether the characteristic identifier is an identifier corresponding to a preset bug, and then judging whether the IOT equipment has the preset bug;
the prompting unit is used for generating prompting information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification.
A9. The apparatus for detecting IOT device vulnerabilities according to A8, further comprising:
the test message generating unit is used for generating a vulnerability detection message; the vulnerability detection message comprises a test code;
a sending unit, configured to send the vulnerability test packet to the IOT device;
the judging unit judges whether the feature identifier is an identifier corresponding to a preset vulnerability, and includes: and judging whether the characteristic mark is a mark matched with the test code.
A10. According to the apparatus for detecting IOT device vulnerabilities described in a9,
the test code is a code that includes a weak password.
A11. The apparatus for detecting IOT device vulnerabilities according to a10, further comprising:
a detecting unit, configured to detect whether the IOT device opens a remote login port;
the test message generating unit generates the vulnerability test message when the IOT equipment starts a remote login interface; the vulnerability test message comprises the port number of the remote login port.
A12. According to the apparatus for detecting an IOT device vulnerability, described in a9, the test code is code that includes malicious command injection.
A13. The apparatus for detecting IOT device vulnerabilities according to A8, further comprising:
the test message generating unit is used for generating a vulnerability test message; the vulnerability test message comprises a test code;
a sending unit, configured to send the vulnerability test packet to the IOT device;
the identification generation unit generates a characteristic identification according to the data message, and the characteristic identification comprises the following steps:
counting the destination address of the data message or counting the message flow corresponding to the destination address;
the judging unit judges whether the feature identifier is an identifier corresponding to a preset vulnerability, and the judging unit includes: and judging whether the destination address is a destination address corresponding to a preset vulnerability or not, or judging whether the message flow is greater than a preset threshold value or not.
A14. The apparatus for detecting IOT device vulnerabilities of any of A8-a13, further comprising:
a device type determining unit, configured to determine a type of the IOT device before the vulnerability test packet is generated;
the test message generating unit generates a vulnerability test message, including: and selecting a program code corresponding to the IOT equipment according to the type of the IOT equipment, and generating the test vulnerability message.
A15. A router comprising a wireless transceiver and a processor;
the wireless transceiver is used for transceiving wireless signals;
the processor is configured to perform the method of detecting an IOT device vulnerability as described in any of a 1-7.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus for controlling network usage behavior described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
It should be noted that the algorithms and displays provided in the embodiments are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
Claims (10)
1. A method for detecting IOT equipment loophole is applied to a router and is characterized by comprising the following steps:
receiving a data message sent by the IOT equipment;
generating a characteristic identifier according to the data message;
judging whether the characteristic identification is an identification corresponding to a preset vulnerability or not;
if so, generating prompt information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification.
2. The method according to claim 1, wherein before receiving the data packet sent by the IOT device, the method further comprises:
generating a vulnerability test message; the vulnerability test message comprises a test code;
sending the vulnerability testing message to the IOT equipment;
judging whether the feature identification is an identification corresponding to a preset vulnerability, including: and judging whether the characteristic mark is a mark matched with the test code.
3. The method of detecting IOT device vulnerabilities as recited in claim 2, wherein:
the test code is a code that includes a weak password.
4. The method according to claim 3, wherein before generating the vulnerability test message, the method comprises:
detecting whether the IOT equipment opens a remote login port or not;
if yes, generating the vulnerability test message; the vulnerability test message comprises the port number of the remote login port.
5. The method of detecting IOT device vulnerabilities as recited in claim 2, wherein:
the test code is code that includes malicious command injection.
6. The method for detecting the IOT device vulnerability according to claim 1, wherein before receiving the data packet sent by the IOT device, the method further comprises:
generating a vulnerability test message; the vulnerability test message comprises a test code;
sending the vulnerability testing message to the IOT equipment;
the generating of the feature identifier according to the data packet includes: counting the destination address of the data message or counting the message flow corresponding to the destination address;
judging whether the feature identification is an identification corresponding to a preset vulnerability, including: and judging whether the destination address is a destination address corresponding to a preset vulnerability or not, or judging whether the message flow is greater than a preset threshold value or not.
7. The method of detecting IOT device vulnerabilities according to any of claims 2-6, wherein:
before generating the vulnerability test message, the method comprises the following steps: determining a type of the IOT device;
the generating of the vulnerability testing message comprises: and selecting a program code corresponding to the IOT equipment according to the type of the IOT equipment, and generating the test vulnerability message.
8. An apparatus for detecting vulnerabilities of IOT devices, comprising:
a receiving unit, configured to receive a data packet sent by the IOT device;
the identification generation unit is used for generating a characteristic identification according to the data message;
the judging unit is used for judging whether the characteristic identifier is an identifier corresponding to a preset bug, and then judging whether the IOT equipment has the preset bug;
the prompting unit is used for generating prompting information; the prompt message comprises the IOT equipment identification and the preset vulnerability identification.
9. The apparatus for detecting IOT device vulnerabilities as recited in claim 8, further comprising:
the test message generating unit is used for generating a vulnerability detection message; the vulnerability detection message comprises a test code;
a sending unit, configured to send the vulnerability test packet to the IOT device;
the judging unit judges whether the feature identifier is an identifier corresponding to a preset vulnerability, and includes: and judging whether the characteristic mark is a mark matched with the test code.
10. A router comprising a wireless transceiver and a processor;
the wireless transceiver is used for transceiving wireless signals;
the processor is configured to perform the method of detecting the IOT device vulnerability recited in any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910570876.2A CN112152972A (en) | 2019-06-28 | 2019-06-28 | Method and device for detecting IOT equipment vulnerability and router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910570876.2A CN112152972A (en) | 2019-06-28 | 2019-06-28 | Method and device for detecting IOT equipment vulnerability and router |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112152972A true CN112152972A (en) | 2020-12-29 |
Family
ID=73869096
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910570876.2A Pending CN112152972A (en) | 2019-06-28 | 2019-06-28 | Method and device for detecting IOT equipment vulnerability and router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112152972A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023062806A1 (en) * | 2021-10-15 | 2023-04-20 | 三菱電機株式会社 | Data processing device |
| CN116170243A (en) * | 2023-04-26 | 2023-05-26 | 北京安博通科技股份有限公司 | POC (point-of-care) -based rule file generation method and device, electronic equipment and medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363253A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
| CN105577536A (en) * | 2016-01-29 | 2016-05-11 | 华为技术有限公司 | Message processing method and network device |
| CN105631341A (en) * | 2015-12-18 | 2016-06-01 | 北京奇虎科技有限公司 | Blind test method and device of bug |
| CN106131041A (en) * | 2016-07-29 | 2016-11-16 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safety detection device and unknown leak detection method |
| US20180288095A1 (en) * | 2017-03-29 | 2018-10-04 | At&T Intellectual Property I, L.P. | Method and system to secure and dynamically share iot information cross multiple platforms in 5g network |
| CN109194615A (en) * | 2018-08-01 | 2019-01-11 | 北京奇虎科技有限公司 | A kind of method, apparatus and computer equipment of detection device vulnerability information |
| CN109218336A (en) * | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
| US20190098028A1 (en) * | 2017-09-27 | 2019-03-28 | ZingBox, Inc. | Iot device management visualization |
-
2019
- 2019-06-28 CN CN201910570876.2A patent/CN112152972A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363253A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
| CN105631341A (en) * | 2015-12-18 | 2016-06-01 | 北京奇虎科技有限公司 | Blind test method and device of bug |
| CN105577536A (en) * | 2016-01-29 | 2016-05-11 | 华为技术有限公司 | Message processing method and network device |
| CN106131041A (en) * | 2016-07-29 | 2016-11-16 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safety detection device and unknown leak detection method |
| US20180288095A1 (en) * | 2017-03-29 | 2018-10-04 | At&T Intellectual Property I, L.P. | Method and system to secure and dynamically share iot information cross multiple platforms in 5g network |
| US20190098028A1 (en) * | 2017-09-27 | 2019-03-28 | ZingBox, Inc. | Iot device management visualization |
| CN109194615A (en) * | 2018-08-01 | 2019-01-11 | 北京奇虎科技有限公司 | A kind of method, apparatus and computer equipment of detection device vulnerability information |
| CN109218336A (en) * | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
Non-Patent Citations (2)
| Title |
|---|
| 严志涛;方滨兴;刘奇旭;崔翔;: "一种基于无线路由器的IoT设备轻量级防御框架", 中国科学院大学学报, no. 06, 15 November 2017 (2017-11-15), pages 3 - 9 * |
| 严志涛;方滨兴;刘奇旭;崔翔;: "一种基于无线路由器的IoT设备轻量级防御框架", 中国科学院大学学报, no. 06, pages 3 - 9 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023062806A1 (en) * | 2021-10-15 | 2023-04-20 | 三菱電機株式会社 | Data processing device |
| CN116170243A (en) * | 2023-04-26 | 2023-05-26 | 北京安博通科技股份有限公司 | POC (point-of-care) -based rule file generation method and device, electronic equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11082436B1 (en) | System and method for offloading packet processing and static analysis operations | |
| US9438623B1 (en) | Computer exploit detection using heap spray pattern matching | |
| US9596213B2 (en) | Monitoring arrangement | |
| US9973531B1 (en) | Shellcode detection | |
| US9432389B1 (en) | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object | |
| US10148693B2 (en) | Exploit detection system | |
| US9398039B2 (en) | Apparatus, system and method for suppressing erroneous reporting of attacks on a wireless network | |
| EP4027604A1 (en) | Security vulnerability defense method and device | |
| AU2004289001B2 (en) | Method and system for addressing intrusion attacks on a computer system | |
| US10033745B2 (en) | Method and system for virtual security isolation | |
| US20140020067A1 (en) | Apparatus and method for controlling traffic based on captcha | |
| EP3087528A1 (en) | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits | |
| EP2769570A1 (en) | Mobile risk assessment | |
| JPWO2004084063A1 (en) | Method and system for preventing virus infection | |
| CN114257413B (en) | Reaction blocking method and device based on application container engine and computer equipment | |
| US9350754B2 (en) | Mitigating a cyber-security attack by changing a network address of a system under attack | |
| CN114095258B (en) | Attack defense method, attack defense device, electronic equipment and storage medium | |
| CN110839025A (en) | Centralized web penetration detection honeypot method, device and system and electronic equipment | |
| JP2002007234A (en) | Detection device, countermeasure system, detecting method, and countermeasure method for illegal message, and computer-readable recording medium | |
| CN110113351A (en) | The means of defence and device, storage medium, computer equipment of CC attack | |
| CN112152972A (en) | Method and device for detecting IOT equipment vulnerability and router | |
| US8661102B1 (en) | System, method and computer program product for detecting patterns among information from a distributed honey pot system | |
| KR101494329B1 (en) | System and Method for detecting malignant process | |
| KR101923054B1 (en) | Wire and wireless gateway for detecting malignant action autonomously based on signature and method thereof | |
| CN113438225B (en) | Vehicle-mounted terminal vulnerability detection method, system, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |