CN112165453A - Intelligent equipment anti-intrusion method and device, intelligent equipment and server - Google Patents

Intelligent equipment anti-intrusion method and device, intelligent equipment and server Download PDF

Info

Publication number
CN112165453A
CN112165453A CN202010907329.1A CN202010907329A CN112165453A CN 112165453 A CN112165453 A CN 112165453A CN 202010907329 A CN202010907329 A CN 202010907329A CN 112165453 A CN112165453 A CN 112165453A
Authority
CN
China
Prior art keywords
data packet
instruction
data
abnormal
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010907329.1A
Other languages
Chinese (zh)
Other versions
CN112165453B (en
Inventor
徐率率
周晓泽
王通
葛春光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gree Electric Appliances Inc of Zhuhai
Zhuhai Lianyun Technology Co Ltd
Original Assignee
Gree Electric Appliances Inc of Zhuhai
Zhuhai Lianyun Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gree Electric Appliances Inc of Zhuhai, Zhuhai Lianyun Technology Co Ltd filed Critical Gree Electric Appliances Inc of Zhuhai
Priority to CN202010907329.1A priority Critical patent/CN112165453B/en
Publication of CN112165453A publication Critical patent/CN112165453A/en
Application granted granted Critical
Publication of CN112165453B publication Critical patent/CN112165453B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/75Information technology; Communication
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to an intelligent equipment anti-intrusion method, an intelligent equipment anti-intrusion device, intelligent equipment and a server, wherein the method comprises the following steps: when the transmission behavior of the intelligent equipment to the data packet is detected, the data packet is obtained, whether the transmission behavior is abnormal or not is determined, when the transmission behavior is determined to be abnormal, the data packet is sent to a server, the server determines the danger level of the data packet according to a preset danger level determination rule, then a precaution instruction corresponding to the danger level is determined according to the mapping relation between the preset danger level and a method instruction, and meanwhile the precaution instruction is executed. Based on the method, whether the behavior of the intelligent equipment for transmitting the data packet is abnormal or not is judged through the data packet, the danger level of the data packet is determined when the behavior is determined to be abnormal, and a corresponding precaution instruction is made, so that the invasion behavior is prevented.

Description

Intelligent equipment anti-intrusion method and device, intelligent equipment and server
Technical Field
The application relates to the technical field of Internet of things, in particular to an intelligent device anti-intrusion method, an intelligent device anti-intrusion device, an intelligent device and a server.
Background
Along with the continuous development of the internet of things technology, the smart home is more and more widely applied, however, when the network is developed, the invasion of hackers is often accompanied, along with the popularization of the smart home, the privacy of data which can be obtained by the smart home is stronger and stronger, and meanwhile, the utilization value of the privacy data is also high, so that the hackers can be led to perform endless invasion on the network formed by the smart home to illegally obtain privacy data with higher privacy.
At present, for professional hacker intrusion, a provider of the smart home does not provide effective intrusion prevention service, and for hackers, data acquired by the smart home in a working process is often in an exposed state, so that the smart home has great potential data safety hazards.
Disclosure of Invention
In order to overcome the problems in the related art at least to a certain extent, the application provides an intelligent device anti-intrusion method, an intelligent device anti-intrusion device, an intelligent device and a server.
According to a first aspect of the present application, there is provided an anti-intrusion method for an intelligent device, which is applied to an intelligent device side, the method including:
when the intelligent equipment is detected to have a transmission behavior on a data packet, acquiring the data packet;
determining whether the transmission behavior is abnormal;
and when the transmission behavior is determined to be abnormal, the data packet is sent to a server, so that the server determines the danger level of the data packet and executes a precaution instruction corresponding to the danger level.
Optionally, after the sending the data packet to the server, the method further includes:
receiving a power supply blocking instruction fed back by the server, wherein the power supply blocking instruction is one of the precaution instructions;
and blocking a power supply circuit of the intelligent equipment according to the power supply blocking instruction.
Optionally, after determining that the transmission behavior is abnormal, the method further includes:
blocking power supply to the smart device.
Optionally, determining whether the transmission behavior is abnormal includes:
if the current working state of the intelligent equipment is a closed state, and the transmission behavior exists, determining that the transmission behavior is abnormal;
or, if the current working state of the intelligent device is the opening state, and the data content in the data packet is determined not to meet the preset data content specification, determining that the transmission behavior is abnormal.
Optionally, determining whether the transmission behavior is abnormal further includes:
if the data content in the data packet is determined to meet the preset data content specification, determining that the data packet is a non-abnormal data packet, and storing the non-abnormal data packet;
periodically detecting whether a preset instruction exists in a stored non-abnormal data packet, wherein the preset instruction is a data acquisition instruction for acquiring preset type data, and/or a data uploading instruction for uploading any data recorded in the intelligent equipment to a strange server, and a network address of the strange server is not stored in a network address set acquired by the intelligent equipment in advance;
and determining the non-abnormal data packet with the preset instruction as a missing abnormal data packet, and determining that the transmission behavior for transmitting the missing abnormal data packet is abnormal.
And determining the non-abnormal data packets with the preset instructions as missing abnormal data packets, and determining the abnormal behavior of transmitting the missing abnormal data packets.
Optionally, determining whether the transmission behavior is abnormal further includes:
if the data content does not include account data, determining that the data content does not meet a preset data content specification, wherein the account data is data of an account logged in equipment for sending the data packet;
and/or the presence of a gas in the gas,
if the data content comprises instruction data and the instruction data are not backed up in an instruction set recorded in advance by the intelligent equipment, determining that the data content does not meet a preset data content specification;
and/or the presence of a gas in the gas,
and if the data content comprises network address data and the network address data is not backed up in a network address set acquired by the intelligent equipment in advance, determining that the data content does not meet a preset data content specification.
According to a second aspect of the present application, there is provided an anti-intrusion method for an intelligent device, which is applied to a server side, the method including:
acquiring a data packet sent by an intelligent terminal device side, wherein the data packet is sent when the intelligent terminal device determines that the transmission behavior of the data packet is abnormal;
determining the danger level of the data packet according to a preset danger level determination rule;
and determining a precaution instruction corresponding to the danger level according to a preset mapping relation between the danger level and the precaution instruction, and executing the precaution instruction.
Optionally, the determining the risk level of the data packet according to a preset risk level determination rule includes: if the data content in the data packet does not meet the preset standard, determining that the data packet is a secondary danger, otherwise, determining that the data packet is a tertiary danger;
and if the data content in the data packet comprises a preset danger instruction, determining that the data packet is a first-level danger.
Optionally, the determining a precaution instruction corresponding to the risk level includes:
if the danger level is a first-level danger, determining that the precaution instruction comprises a power supply blocking instruction for blocking the power supply of a central control system and/or an alarm reminding instruction for enabling the central control system to send an alarm reminding, wherein the central control system is a central control system bound with the intelligent equipment;
if the danger level is a secondary danger, determining that the precaution instruction comprises a power supply blocking instruction for blocking the power supply of the intelligent equipment, and/or a reminding instruction for enabling the central control system to send a message reminding, and/or a sound alarm instruction for enabling equipment with a sound playing function in the central control system to send a sound alarm;
and if the danger level is three-level danger, determining that the precaution instruction comprises an alarm reminding instruction for enabling the central control system to send an alarm reminding.
According to a third aspect of the present application, there is provided an intelligent device intrusion prevention apparatus, comprising:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a data packet when detecting that the intelligent equipment has a transmission behavior on the data packet;
a first determining module, configured to determine whether the transmission behavior is abnormal;
and the sending module is used for sending the data packet to a server when the transmission behavior is determined to be abnormal, so that the server determines the danger level of the data packet and executes a precaution instruction corresponding to the danger level.
According to a fourth aspect of the present application, there is provided an intelligent device intrusion prevention apparatus, including:
the second acquisition module is used for acquiring a data packet sent by the intelligent terminal equipment side, wherein the data packet is sent when the intelligent terminal equipment determines that the transmission behavior of the data packet is abnormal;
the second determining module is used for determining the danger level of the data packet according to a preset danger level determining rule;
and the execution module is used for determining the precaution instruction corresponding to the danger level according to the preset mapping relation between the danger level and the precaution instruction and executing the precaution instruction.
According to a fifth aspect of the present application, there is provided a smart device comprising: at least one first processor and a first memory;
the first processor is configured to execute the intelligent device intrusion prevention program stored in the first memory, so as to implement the intelligent device intrusion prevention method provided by the first aspect of the present application.
According to a sixth aspect of the present application, there is provided a server comprising: at least one second processor and a second memory;
the second processor is configured to execute the smart device intrusion prevention program stored in the second memory, so as to implement the smart device intrusion prevention method provided in the second aspect of the present application.
The technical scheme provided by the application can comprise the following beneficial effects: when the transmission behavior of the intelligent equipment to the data packet is detected, the data packet is obtained, whether the transmission behavior is abnormal or not is determined, when the transmission behavior is determined to be abnormal, the data packet is sent to a server, the server determines the danger level of the data packet according to a preset danger level determination rule, then a precaution instruction corresponding to the danger level is determined according to the mapping relation between the preset danger level and a method instruction, and meanwhile the precaution instruction is executed. Based on the method, whether the behavior of the intelligent equipment for transmitting the data packet is abnormal or not is judged through the data packet, the danger level of the data packet is determined when the behavior is determined to be abnormal, and a corresponding precaution instruction is made, so that the invasion behavior is prevented.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic flowchart of an intrusion prevention method for a smart device according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of detecting missing abnormal data packets and determining abnormal transmission behavior for transmitting the missing abnormal data packets in the present application;
FIG. 3 is a flowchart illustrating an intrusion prevention method for a smart device according to another embodiment of the present application;
FIG. 4 is a flowchart illustrating an anti-intrusion method for a smart device according to another embodiment of the present application;
fig. 5 is a schematic structural diagram of an intelligent device intrusion prevention apparatus according to another embodiment of the present application;
fig. 6 is a schematic structural diagram of an intelligent device intrusion prevention apparatus according to another embodiment of the present application;
fig. 7 is a schematic structural diagram of a smart device according to another embodiment of the present application;
fig. 8 is a schematic structural diagram of an intelligent device according to another embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating an anti-intrusion method for an intelligent device according to an embodiment of the present application.
In this embodiment, the implementation of the smart device side is taken as an example for explanation, as shown in fig. 1, the smart device intrusion prevention method provided in this embodiment may include:
step S101, when the intelligent device is detected to have a transmission behavior on the data packet, the data packet is obtained.
It should be noted that, the data packet mentioned in this step refers to a data packet received by the smart device or a data packet sent by the smart device, and the behavior of transmitting the data packet is the foregoing behaviors of receiving and sending. In particular, the data content of the data packet may include at least one instruction or some data recorded in the smart device.
In one example, the data transmission module in the smart device may be used for detection, and for a data transmission module with a certain data processing capability, the detected related software program may be directly written into the data transmission module, and as long as the data transmission module has a behavior of transmitting a data packet, the related software program may detect and obtain the data packet transmitted by the transmission behavior.
Of course, a module for detecting data packet transmission may be separately arranged in the intelligent device, generally, the data transmission module is provided with a receiving unit for specially receiving data packets and a sending unit for specially sending data packets, and the module for detecting data packet transmission may be correspondingly provided with two paths, one path is connected with the receiving unit, and data packets received by the receiving unit enter the module for detecting data packet transmission through the interface and then flow out from the module to a designated position; the other path is connected with the sending unit, and the data packet to be sent flows into the module firstly and is transmitted to the sending unit after passing through the channel so as to send out the data packet to be sent.
And step S102, determining whether the behavior of the transmission data packet is abnormal.
It should be noted that, in this embodiment, when determining whether the behavior of transmitting a data packet is abnormal, there may be, but not limited to, the following three ways:
the first way may be to determine when the operating state of the smart device is in the off state, specifically, if the current operating state of the smart device is in the off state, if there is a behavior of transmitting a data packet, it may be determined that the behavior of transmitting the data packet is abnormal.
Since the current working state of the intelligent device is the off state, if the intelligent device still has a data packet transmission behavior at this time, the behavior is very suspicious, and in order to avoid missing an abnormal behavior, in this embodiment, the behavior of transmitting the data packet occurring in the off state is directly regarded as the abnormal behavior.
Of course, in order to reduce the workload of the later server, the obtained data packet may be simply analyzed, and the specific analysis manner may refer to the following second manner, and determine the behavior in which the transmission is determined as the abnormal data packet as the abnormal behavior.
The second way may be to determine when the operating state of the smart device is in an open state, specifically, if the current operating state of the smart device is in the open state and it is determined that the data content in the data packet does not meet the preset data content specification, it is determined that the behavior of transmitting the data packet is abnormal.
Of course, the data content in the data packet may also meet the preset data content specification, and if it is determined that the data content in the data packet meets the preset data content specification, the data packet is determined to be a non-abnormal data packet, and the non-abnormal data packet is stored.
The function of the commonly stored non-abnormal data packets can be various, for example, the function can be used for recording the common operation of the intelligent device to identify the habit of the user, and certainly, all the stored non-abnormal data packets can be detected again periodically to find out the missing abnormal data packets. Referring to fig. 2, fig. 2 is a schematic flow chart illustrating a process of finding a missing abnormal packet and determining that a transmission behavior of the missing abnormal packet is abnormal in the present application.
As shown in fig. 2, the process may include:
step S201, periodically detecting whether a preset instruction exists in the stored non-abnormal data packet.
It should be noted that the preset instruction is a data acquisition instruction for acquiring data of a preset type, and/or a data uploading instruction for uploading any data recorded in the intelligent device to a strange server, and a network address of the strange server is not stored in a network address set acquired by the intelligent device in advance.
The preset type data refers to some data with privacy, and the specific content of the data is different according to different intelligent devices, for example, the recorded position data of some intelligent devices with positioning functions, the image data recorded with camera functions, and the like.
For the uploading instruction in the step, if data needs to be uploaded, the uploading instruction necessarily includes the network address of the server to be uploaded, so that the network address in the uploading instruction can be judged, whether the network address is the network address in the previous uploading instruction of the intelligent device or not can be judged, and if not, the server can be determined to be a strange server.
Step S202, determining the non-abnormal data packet with the preset instruction as a missing abnormal data packet, and determining that the transmission behavior for transmitting the missing abnormal data packet is abnormal.
Correspondingly, the step determines the non-abnormal data packet with the preset instruction as the missing abnormal data packet, and determines the behavior of transmitting the missing abnormal data packet at the moment as the abnormal behavior.
Generally, in the field of smart home, data related to smart devices may have a plurality of preset fields, and each field may represent a different meaning, for example, an account data field, a network address field, a data main content field, a flag content field, and the like. The data in the account data field represents account data of an account registered in a central control system (the central control system refers to a central control system bound with the intelligent device and generally exists in the form of an application installed on a terminal), such as an account name or an account number. The data in the network address field is typically the network address of the server or terminal to which the data packet is to be sent, and may also be the network address of the server or terminal that sent the data packet. The data main content field, that is, the data mainly transmitted by the entire data packet, may be, for example, an instruction or some information recorded by the smart device. The data in the tag content field is typically data that serves as a marker for the packet or data that serves as a check.
It should be noted that, in the foregoing description, the following determination method may be adopted to determine whether the data content in the data packet meets the preset data content specification:
when the data content does not belong to any one of the following three conditions, the data content can be determined to meet the preset data content specification.
Wherein, the three situations may include:
in the first case: if the data content does not include account data, determining that the data content does not meet a preset data content specification, wherein the account data is data of an account logged in equipment for sending the data packet;
in the second case: if the data content comprises instruction data and the instruction data are not backed up in an instruction set recorded in advance by the intelligent equipment, determining that the data content does not meet the preset data content specification;
in the third case: and if the data content comprises network address data and the network address data is not backed up in a network address set acquired by the intelligent equipment in advance, determining that the data content does not meet the preset data content specification.
The account data, the instruction data, and the network address data related to the three cases may refer to the foregoing description, and are not described herein again.
In order to explain that when at least one of the three cases occurs in the data content, the reason why the data content does not satisfy the data content specification can be determined, and the second case is taken as an example and explained below.
In the second case, if the instruction data is not backed up in the instruction set recorded in advance by the smart device, the risk of the instruction data is considered to be high, and at this time, it may be determined that the data content does not meet the preset data content specification.
In addition, it should be noted that, when the intelligent device executes the instruction, the executed instruction is recorded in the instruction set, and for the intelligent device, the executed instruction is often relatively single and fixed, and is related to the type of the intelligent device, for example, the intelligent desk lamp generally only relates to an "on instruction", an "off instruction", a "dimming instruction", and if a data packet sent to the intelligent desk lamp includes other instructions besides the above instructions, the suspicious degree of the instruction is necessarily higher, and such a data packet having an instruction that is not backed up in the instruction set can be determined as a data packet that does not satisfy the data content specification.
In addition, in order to improve the anti-intrusion effect, after the transmission behavior is determined to be abnormal in step S102, the power supply circuit of the intelligent device may be directly blocked to disconnect the power supply of the intelligent device, so that the apparatus that generates the transmission behavior in the intelligent device cannot operate, thereby avoiding the abnormal operation condition of the intelligent device or the leakage condition of the private data caused by the intrusion.
And step S103, when the transmission behavior is determined to be abnormal, sending the data packet to the server so that the server determines the danger level of the data packet and executes a precaution instruction corresponding to the danger level.
When the intelligent device determines that the transmission behavior is abnormal, the data packet transmitted by the transmission behavior needs to be sent to the server, and the server performs the next operation, which may refer to the relevant description in the execution at the server side and is not described herein again.
When the transmission behavior of the intelligent equipment to the data packet is detected, the data packet is obtained, whether the transmission behavior is abnormal or not is determined, when the transmission behavior is determined to be abnormal, the data packet is sent to a server, the server determines the danger level of the data packet according to a preset danger level determination rule, then a precaution instruction corresponding to the danger level is determined according to the mapping relation between the preset danger level and a method instruction, and meanwhile the precaution instruction is executed. Based on the method, whether the behavior of the intelligent equipment for transmitting the data packet is abnormal or not is judged through the data packet, the danger level of the data packet is determined when the behavior is determined to be abnormal, and a corresponding precaution instruction is made, so that the invasion behavior is prevented.
Referring to fig. 3, fig. 3 is a flowchart illustrating an intrusion prevention method for an intelligent device according to another embodiment of the present application.
In this embodiment, the execution on the server side is taken as an example for explanation, and as shown in fig. 3, the method provided in this embodiment may include:
step S301, a data packet sent by the intelligent terminal device side is obtained, and the data packet is sent when the intelligent terminal device determines that the transmission behavior of the data packet is abnormal.
It should be noted that, for the process of determining whether the transmission behavior is abnormal by the intelligent device in this step, reference may be made to the description of the foregoing embodiment, and details are not described here again.
Step S302, determining the danger level of the data packet according to a preset danger level determination rule.
In this embodiment, the data packets may be divided into different risk levels according to different contents in the data packets, for example, if the data contents in the data packets do not meet a preset standard, the risk level of the data packets is determined as a second-level risk, otherwise, the risk level of the data packets is determined as a third-level risk; and if the data content in the data packet comprises a preset danger instruction, determining the danger level of the data packet as a first-level danger.
The data packets transmitted in the intelligent device have certain standard, and the standard exists only when the data packets need to meet the standard. In this embodiment, the standard is set as a preset standard, and the preset standard may include that the decryption can be performed according to a specified protocol or that the correct flag information is provided. In this step, the data packet that cannot be decrypted according to the predetermined protocol and/or does not have the correct flag information is determined as a data packet that does not meet the preset standard.
In addition, the preset dangerous instruction can be an instruction which can threaten the personal safety of the user after being executed by the intelligent device, such as that the sweeping robot collides with the user, and the like.
Step S303, determining a precaution instruction corresponding to the danger level according to the preset mapping relation between the danger level and the precaution instruction, and executing the precaution instruction.
Still taking the first-level danger, the second-level danger, and the third-level danger as examples, the danger of each level is preset with a corresponding precaution instruction, that is, a mapping relationship is preset between the danger level and the precaution instruction.
Specifically, the process of determining the precaution instruction according to the mapping relationship may be as follows:
if the danger level is first-level danger, determining that the precaution instruction comprises a power supply blocking instruction for blocking the power supply of the central control system and/or an alarm reminding instruction for enabling the central control system to send out alarm reminding, wherein the central control system is a central control system bound with intelligent equipment;
if the danger level is a secondary danger, determining that the precaution command comprises a power supply blocking command for blocking the power supply of the intelligent equipment, and/or a reminding command for enabling the central control system to send a message reminding, and/or a sound alarm command for enabling equipment with a sound playing function in the central control system to send a sound alarm;
and if the danger level is three-level danger, determining that the precaution command comprises an alarm reminding command for enabling the central control system to send an alarm reminding.
In addition, for the first-level danger and the second-level danger, the precaution instruction may further include a push instruction for pushing the corresponding data packet to the development and maintenance staff. And all equipment of the central control system can be locked when the equipment is determined to be in first-level danger, and the equipment can be unlocked only when a user inputs a preset password into the central control system.
The precaution instructions are examples in this embodiment, and when the precaution instructions are implemented specifically, a person skilled in the art can add different precaution instructions according to the type of the intelligent device.
When the transmission behavior of the intelligent equipment to the data packet is detected, the data packet is obtained, whether the transmission behavior is abnormal or not is determined, when the transmission behavior is determined to be abnormal, the data packet is sent to a server, the server determines the danger level of the data packet according to a preset danger level determination rule, then a precaution instruction corresponding to the danger level is determined according to the mapping relation between the preset danger level and a method instruction, and meanwhile the precaution instruction is executed. Based on the method, whether the behavior of the intelligent equipment for transmitting the data packet is abnormal or not is judged through the data packet, the danger level of the data packet is determined when the behavior is determined to be abnormal, and a corresponding precaution instruction is made, so that the invasion behavior is prevented.
Referring to fig. 4, fig. 4 is a flowchart illustrating an anti-intrusion method for an intelligent device according to another embodiment of the present application.
The present embodiment takes the interaction between the smart device and the server as an example for explanation. In order to simplify the content of the description, the method will be presented in a step manner, and the specific implementation and the noun explanation related thereto may refer to the foregoing embodiment, which is not described herein again.
As shown in fig. 4, the method provided by this embodiment may include:
step S401, when the intelligent device detects that the transmission behavior of the data packet exists, the data packet is obtained.
Step S402, the intelligent device determines whether the transmission behavior is abnormal.
And S403, when the intelligent device determines that the transmission behavior is abnormal, sending the data packet to a server.
And S404, the server receives the data packet sent by the intelligent terminal equipment side.
Step S405, determining the danger level of the data packet according to a preset danger level determination rule.
Step S406, determining a precaution instruction corresponding to the danger level according to the preset mapping relation between the danger level and the precaution instruction, and executing the precaution instruction at the same time.
When the transmission behavior of the intelligent equipment to the data packet is detected, the data packet is obtained, whether the transmission behavior is abnormal or not is determined, when the transmission behavior is determined to be abnormal, the data packet is sent to a server, the server determines the danger level of the data packet according to a preset danger level determination rule, then a precaution instruction corresponding to the danger level is determined according to the mapping relation between the preset danger level and a method instruction, and meanwhile the precaution instruction is executed. Based on the method, whether the behavior of the intelligent equipment for transmitting the data packet is abnormal or not is judged through the data packet, the danger level of the data packet is determined when the behavior is determined to be abnormal, and a corresponding precaution instruction is made, so that the invasion behavior is prevented.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an intelligent device intrusion prevention apparatus according to another embodiment of the present application.
As shown in fig. 5, the apparatus provided in this embodiment may include:
a first obtaining module 501, configured to obtain a data packet when it is detected that the intelligent device has a transmission behavior for the data packet;
a first determining module 502, configured to determine whether a transmission behavior is abnormal;
a sending module 503, configured to send the data packet to the server when it is determined that the transmission behavior is abnormal, so that the server determines a risk level of the data packet, and executes a precaution instruction corresponding to the risk level.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an intelligent device intrusion prevention apparatus according to another embodiment of the present application.
As shown in fig. 6, the apparatus provided in this embodiment may include:
a second obtaining module 601, configured to obtain a data packet sent by an intelligent terminal device, where the data packet is sent when the intelligent terminal device determines that a transmission behavior of the data packet is abnormal;
a second determining module 602, configured to determine a risk level of the data packet according to a preset risk level determining rule;
the executing module 603 is configured to determine a precaution instruction corresponding to the risk level according to a mapping relationship between the preset risk level and the precaution instruction, and execute the precaution instruction at the same time.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an intelligent device according to another embodiment of the present application.
As shown in fig. 7, the smart device 700 provided in this embodiment may include: at least one first processor 701, a first memory 702, at least one first network interface 703 and other first user interfaces 704. The various components of the rogue community discovery system 700 are coupled together by a first bus system 705. It is understood that the first bus system 705 is used to enable connection communication between these components. The first bus system 705 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as the first bus system 705 in fig. 7.
The first user interface 704 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen, among others.
It will be appreciated that the first memory 702 in embodiments of the present invention may be a volatile first memory or a non-volatile first memory, or may comprise both volatile and non-volatile first memories. The nonvolatile first Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile first Memory may be a Random Access first Memory (RAM) that functions as an external cache. By way of illustration and not limitation, many forms of RAM are available, such as Static random access first memory (Static RAM, SRAM), Dynamic random access first memory (Dynamic RAM, DRAM), Synchronous Dynamic random access first memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access first memory (Double Data Rate SDRAM, DDRSDRAM), Enhanced Synchronous DRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct memory bus random access first memory (Direct RAM, DRRAM). The first memory 702 described herein is intended to comprise, without being limited to, these and any other suitable types of first memory.
In some embodiments, the first memory 702 stores the following elements, executable units or data structures, or a subset thereof, or an expanded set thereof: a first operating system 7021 and first application programs 7022.
The first operating system 7021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, for implementing various basic services and processing hardware-based tasks. The first application 7022 includes various first applications, such as a Media Player (Media Player), a Browser (Browser), and the like, for implementing various application services. A program implementing a method according to an embodiment of the present invention may be included in the first application program 7022.
In the embodiment of the present invention, by calling a program or an instruction stored in the first memory 702, specifically, a program or an instruction stored in the first application 7022, the first processor 701 is configured to execute the method steps provided by the method embodiments, for example, including:
when the intelligent equipment is detected to have a transmission behavior on a data packet, acquiring the data packet;
determining whether the transmission behavior is abnormal;
and when the transmission behavior is determined to be abnormal, sending the data packet to the server so that the server determines the danger level of the data packet and executes a precaution instruction corresponding to the danger level.
Optionally, after sending the data packet to the server, the method further includes:
receiving a power supply blocking instruction fed back by the server, wherein the power supply blocking instruction is one of precaution instructions;
and blocking a power supply circuit of the intelligent equipment according to the power supply blocking instruction.
Optionally, after determining that the transmission behavior is abnormal, the method further includes:
blocking power supply of the intelligent device.
Optionally, determining whether the transmission behavior is abnormal includes:
if the current working state of the intelligent equipment is a closed state and a transmission behavior exists, determining that the transmission behavior is abnormal;
or, if the current working state of the intelligent device is the opening state, and the data content in the data packet is determined not to meet the preset data content specification, determining that the transmission behavior is abnormal.
Optionally, determining whether the transmission behavior is abnormal further includes:
if the data content in the data packet meets the preset data content specification, determining that the data packet is a non-abnormal data packet, and storing the non-abnormal data packet;
periodically detecting whether a preset instruction exists in a stored non-abnormal data packet, wherein the preset instruction is a data acquisition instruction for acquiring preset type data, and/or a data uploading instruction for uploading any data recorded in the intelligent equipment to a strange server, and a network address of the strange server is not stored in a network address set acquired by the intelligent equipment in advance;
and determining the non-abnormal data packets with the preset instructions as missing abnormal data packets, and determining that the transmission behavior for transmitting the missing abnormal data packets is abnormal.
And determining the non-abnormal data packets with the preset instructions as missing abnormal data packets, and determining the abnormal behavior of transmitting the missing abnormal data packets.
Optionally, determining whether the transmission behavior is abnormal further includes:
if the data content does not include account data, determining that the data content does not meet a preset data content specification, wherein the account data is data of an account logged in equipment for sending the data packet;
and/or the presence of a gas in the gas,
if the data content comprises instruction data and the instruction data are not backed up in an instruction set recorded in advance by the intelligent equipment, determining that the data content does not meet the preset data content specification;
and/or the presence of a gas in the gas,
and if the data content comprises network address data and the network address data is not backed up in a network address set acquired by the intelligent equipment in advance, determining that the data content does not meet the preset data content specification.
The method disclosed in the above embodiments of the present invention may be applied to the first processor 701, or implemented by the first processor 701. The first processor 701 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the first processor 701. The first Processor 701 may be a general-purpose first Processor, a Digital Signal first Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. The general purpose first processor may be a micro first processor or the first processor may be any conventional first processor etc. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by the hardware decoding first processor, or implemented by a combination of hardware and software units in the decoding first processor. The software unit may be located in a random first memory, a flash memory, a read-only first memory, a programmable read-only first memory, or an electrically erasable programmable first memory, a register, etc. storage media mature in the art. The storage medium is located in the first memory 702, and the first processor 701 reads the information in the first memory 702, and completes the steps of the method in combination with the hardware thereof.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the Processing units may be implemented in one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processing (DSP), Digital Signal Processing (DSPD), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose first processors, controllers, micro-first processors, other electronic units configured to perform the functions of the present Application, or a combination thereof.
For a software implementation, the techniques herein may be implemented by means of units performing the functions herein. The software codes may be stored in a first memory and executed by a first processor. The first memory may be implemented in the first processor or external to the first processor.
Referring to fig. 8, fig. 8 is a schematic structural diagram of an intelligent device according to another embodiment of the present application.
As shown in fig. 8, the smart device 800 provided in this embodiment may include: at least one second processor 801, a second memory 802, at least one second network interface 803 and other second user interfaces 804. The various components of the rogue community discovery system 800 are coupled together by a second bus system 805. It is understood that the second bus system 805 is used to enable connectivity communications between these components. The second bus system 805 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as the second bus system 805 in fig. 8.
The second user interface 804 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen, among others.
It will be appreciated that the second memory 802 in embodiments of the invention can be either a volatile second memory or a non-volatile second memory, or can include both volatile and non-volatile second memories. The nonvolatile second Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. The volatile second Memory may be a Random Access second Memory (RAM) which serves as an external cache. By way of example but not limitation, many forms of RAM are available, such as Static random access secondary memories (Static RAM, SRAM), Dynamic random access secondary memories (Dynamic RAM, DRAM), Synchronous Dynamic random access secondary memories (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access secondary memories (Double Data Rate SDRAM, DDRSDRAM), Enhanced Synchronous DRAM (Enhanced SDRAM, ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct memory bus random access secondary memories (Direct RAM, DRRAM). The second memory 802 described herein is intended to comprise, without being limited to, these and any other suitable types of second memory.
In some embodiments, second memory 802 stores elements, executable units or data structures, or a subset thereof, or an expanded set thereof as follows: a second operating system 8021 and second application programs 8022.
The second operating system 8021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, for implementing various basic services and processing hardware-based tasks. The second application 8022 includes various second applications, such as a Media Player (Media Player), a Browser (Browser), and the like, for implementing various application services. A program implementing a method according to an embodiment of the present invention may be included in second application program 8022.
In the embodiment of the present invention, by calling the program or the instruction stored in the second memory 802, specifically, the program or the instruction stored in the second application program 8022, the second processor 801 is configured to execute the method steps provided by the method embodiments, for example, including:
when the intelligent equipment is detected to have a transmission behavior on a data packet, acquiring the data packet;
determining whether the transmission behavior is abnormal;
and when the transmission behavior is determined to be abnormal, sending the data packet to the server so that the server determines the danger level of the data packet and executes a precaution instruction corresponding to the danger level.
Optionally, after sending the data packet to the server, the method further includes:
receiving a power supply blocking instruction fed back by the server, wherein the power supply blocking instruction is one of precaution instructions;
and blocking a power supply circuit of the intelligent equipment according to the power supply blocking instruction.
Optionally, after determining that the transmission behavior is abnormal, the method further includes:
blocking power supply of the intelligent device.
Optionally, determining whether the transmission behavior is abnormal includes:
if the current working state of the intelligent equipment is a closed state and a transmission behavior exists, determining that the transmission behavior is abnormal;
or, if the current working state of the intelligent device is the opening state, and the data content in the data packet is determined not to meet the preset data content specification, determining that the transmission behavior is abnormal.
Optionally, determining whether the transmission behavior is abnormal further includes:
if the data content in the data packet meets the preset data content specification, determining that the data packet is a non-abnormal data packet, and storing the non-abnormal data packet;
periodically detecting whether a preset instruction exists in a stored non-abnormal data packet, wherein the preset instruction is a data acquisition instruction for acquiring preset type data, and/or a data uploading instruction for uploading any data recorded in the intelligent equipment to a strange server, and a network address of the strange server is not stored in a network address set acquired by the intelligent equipment in advance;
and determining the non-abnormal data packets with the preset instructions as missing abnormal data packets, and determining that the transmission behavior for transmitting the missing abnormal data packets is abnormal.
And determining the non-abnormal data packets with the preset instructions as missing abnormal data packets, and determining the abnormal behavior of transmitting the missing abnormal data packets.
Optionally, determining whether the transmission behavior is abnormal further includes:
if the data content does not include account data, determining that the data content does not meet a preset data content specification, wherein the account data is data of an account logged in equipment for sending the data packet;
and/or the presence of a gas in the gas,
if the data content comprises instruction data and the instruction data are not backed up in an instruction set recorded in advance by the intelligent equipment, determining that the data content does not meet the preset data content specification;
and/or the presence of a gas in the gas,
and if the data content comprises network address data and the network address data is not backed up in a network address set acquired by the intelligent equipment in advance, determining that the data content does not meet the preset data content specification.
The method disclosed in the above embodiments of the present invention may be applied to the second processor 801, or implemented by the second processor 801. The second processor 801 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the second processor 801. The second Processor 801 may be a general-purpose second Processor, a Digital Signal second Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. The general purpose second processor may be a micro second processor or the second processor may be any conventional second processor etc. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by the hardware decoding second processor, or implemented by a combination of hardware and software units in the decoding second processor. The software unit can be located in the random second memory, the flash memory, the read-only second memory, the programmable read-only second memory or the electrically erasable programmable second memory, the register and other storage media mature in the field. The storage medium is located in the second memory 802, and the second processor 801 reads the information in the second memory 802, and completes the steps of the above method in combination with the hardware thereof.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the Processing units may be implemented in one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processing (DSP), Digital Signal Processing (DSPD), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose second processors, controllers, micro-second processors, other electronic units configured to perform the functions of the present Application, or a combination thereof.
For a software implementation, the techniques herein may be implemented by means of units performing the functions herein. The software codes may be stored in the second memory and executed by the second processor. The second memory may be implemented in the second processor or external to the second processor.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims (13)

1. An anti-intrusion method for intelligent equipment is applied to an intelligent equipment side, and comprises the following steps:
when the intelligent equipment is detected to have a transmission behavior on a data packet, acquiring the data packet;
determining whether the transmission behavior is abnormal;
and when the transmission behavior is determined to be abnormal, the data packet is sent to a server, so that the server determines the danger level of the data packet and executes a precaution instruction corresponding to the danger level.
2. The smart device intrusion prevention method according to claim 1, wherein after the sending the data packet to a server, the method further comprises:
receiving a power supply blocking instruction fed back by the server, wherein the power supply blocking instruction is one of the precaution instructions;
and blocking a power supply circuit of the intelligent equipment according to the power supply blocking instruction.
3. The smart device intrusion prevention method of claim 1, wherein after determining that the transmission behavior is abnormal, the method further comprises:
blocking a power supply circuit of the smart device.
4. The smart device intrusion prevention method of claim 1, wherein determining whether the transmission behavior is abnormal comprises:
if the current working state of the intelligent equipment is a closed state, and the transmission behavior exists, determining that the transmission behavior is abnormal;
or, if the current working state of the intelligent device is the opening state, and the data content in the data packet is determined not to meet the preset data content specification, determining that the transmission behavior is abnormal.
5. The smart device intrusion prevention method of claim 4, wherein determining whether the transmission behavior is abnormal further comprises:
if the data content in the data packet is determined to meet the preset data content specification, determining that the data packet is a non-abnormal data packet, and storing the non-abnormal data packet;
periodically detecting whether a preset instruction exists in a stored non-abnormal data packet, wherein the preset instruction is a data acquisition instruction for acquiring preset type data, and/or a data uploading instruction for uploading any data recorded in the intelligent equipment to a strange server, and a network address of the strange server is not stored in a network address set acquired by the intelligent equipment in advance;
and determining the non-abnormal data packet with the preset instruction as a missing abnormal data packet, and determining that the transmission behavior for transmitting the missing abnormal data packet is abnormal.
6. The smart device intrusion prevention method according to claim 4 or 5, wherein determining whether the transmission behavior is abnormal further comprises:
if the data content does not include account data, determining that the data content does not meet a preset data content specification, wherein the account data is data of an account logged in equipment for sending the data packet;
and/or the presence of a gas in the gas,
if the data content comprises instruction data and the instruction data are not backed up in an instruction set recorded in advance by the intelligent equipment, determining that the data content does not meet a preset data content specification;
and/or the presence of a gas in the gas,
and if the data content comprises network address data and the network address data is not backed up in a network address set acquired by the intelligent equipment in advance, determining that the data content does not meet a preset data content specification.
7. An anti-intrusion method for intelligent equipment is applied to a server side, and comprises the following steps:
acquiring a data packet sent by an intelligent terminal device side, wherein the data packet is sent when the intelligent terminal device determines that the transmission behavior of the data packet is abnormal;
determining the danger level of the data packet according to a preset danger level determination rule;
and determining a precaution instruction corresponding to the danger level according to a preset mapping relation between the danger level and the precaution instruction, and executing the precaution instruction.
8. The intelligent device intrusion prevention method according to claim 7, wherein the determining the hazard level of the data packet according to a preset hazard level determination rule comprises:
if the data content in the data packet does not meet the preset standard, determining the danger level of the data packet as a secondary danger, otherwise, determining the danger level as a tertiary danger;
and if the data content in the data packet comprises a preset danger instruction, determining the danger level of the data packet as a first-level danger.
9. The intelligent device intrusion prevention method according to claim 8, wherein the determining of the precaution instruction corresponding to the danger level includes:
if the danger level is a first-level danger, determining that the precaution instruction comprises a power supply blocking instruction for blocking the power supply of a central control system, and/or an alarm reminding instruction for enabling the central control system to send an alarm reminding, wherein the central control system is the central control system bound with the intelligent equipment;
if the danger level is a secondary danger, determining that the precaution instruction comprises a power supply blocking instruction for blocking the power supply of the intelligent equipment, and/or a reminding instruction for enabling the central control system to send a message reminding, and/or a sound alarm instruction for enabling equipment with a sound playing function in the central control system to send a sound alarm;
and if the danger level is three-level danger, determining that the precaution instruction comprises an alarm reminding instruction for enabling the central control system to send an alarm reminding.
10. An intelligent device intrusion prevention apparatus, the apparatus comprising:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a data packet when detecting that the intelligent equipment has a transmission behavior on the data packet;
a first determining module, configured to determine whether the transmission behavior is abnormal;
and the sending module is used for sending the data packet to a server when the transmission behavior is determined to be abnormal, so that the server determines the danger level of the data packet and executes a precaution instruction corresponding to the danger level.
11. An intelligent device intrusion prevention apparatus, the apparatus comprising:
the second acquisition module is used for acquiring a data packet sent by the intelligent terminal equipment side, wherein the data packet is sent when the intelligent terminal equipment determines that the transmission behavior of the data packet is abnormal;
the second determining module is used for determining the danger level of the data packet according to a preset danger level determining rule;
and the execution module is used for determining the precaution instruction corresponding to the danger level according to the preset mapping relation between the danger level and the precaution instruction and executing the precaution instruction.
12. A smart device, comprising: at least one first processor and a first memory;
the first processor is configured to execute a smart device intrusion prevention program stored in the first memory to implement the smart device intrusion prevention method of any one of claims 1-6.
13. A server, comprising: at least one second processor and a second memory;
the second processor is configured to execute the smart device intrusion prevention program stored in the second memory to implement the smart device intrusion prevention method according to any one of claims 7 to 9.
CN202010907329.1A 2020-09-01 2020-09-01 Intelligent equipment anti-intrusion method and device, intelligent equipment and server Active CN112165453B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010907329.1A CN112165453B (en) 2020-09-01 2020-09-01 Intelligent equipment anti-intrusion method and device, intelligent equipment and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010907329.1A CN112165453B (en) 2020-09-01 2020-09-01 Intelligent equipment anti-intrusion method and device, intelligent equipment and server

Publications (2)

Publication Number Publication Date
CN112165453A true CN112165453A (en) 2021-01-01
CN112165453B CN112165453B (en) 2021-07-20

Family

ID=73858684

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010907329.1A Active CN112165453B (en) 2020-09-01 2020-09-01 Intelligent equipment anti-intrusion method and device, intelligent equipment and server

Country Status (1)

Country Link
CN (1) CN112165453B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114817912A (en) * 2022-06-15 2022-07-29 国网浙江省电力有限公司杭州供电公司 Virus blocking processing method and platform based on behavior recognition model

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944915A (en) * 2014-04-29 2014-07-23 浙江大学 Threat detection and defense device, system and method for industrial control system
CN104581066A (en) * 2014-12-29 2015-04-29 北京中星微电子有限公司 Video monitoring method and device for automobile
US20150256545A1 (en) * 2014-03-07 2015-09-10 Verite Group, Inc. Cloud-based network security and access control
CN105629947A (en) * 2015-11-30 2016-06-01 东莞酷派软件技术有限公司 Household equipment monitoring method, household equipment monitoring device and terminal
CN106230849A (en) * 2016-08-22 2016-12-14 中国科学院信息工程研究所 A kind of smart machine machine learning safety monitoring system based on user behavior
CN107483514A (en) * 2017-10-13 2017-12-15 北京知道创宇信息技术有限公司 Attack monitoring device and smart machine
CN108650225A (en) * 2018-04-03 2018-10-12 国家计算机网络与信息安全管理中心 A kind of telesecurity monitoring device, system and telesecurity monitoring method
CN108693782A (en) * 2018-08-01 2018-10-23 合肥阅辞科技有限公司 Smart home managing and control system
CN108900473A (en) * 2018-06-04 2018-11-27 麒麟合盛网络技术股份有限公司 A kind of data monitoring method, device and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150256545A1 (en) * 2014-03-07 2015-09-10 Verite Group, Inc. Cloud-based network security and access control
CN103944915A (en) * 2014-04-29 2014-07-23 浙江大学 Threat detection and defense device, system and method for industrial control system
CN104581066A (en) * 2014-12-29 2015-04-29 北京中星微电子有限公司 Video monitoring method and device for automobile
CN105629947A (en) * 2015-11-30 2016-06-01 东莞酷派软件技术有限公司 Household equipment monitoring method, household equipment monitoring device and terminal
CN106230849A (en) * 2016-08-22 2016-12-14 中国科学院信息工程研究所 A kind of smart machine machine learning safety monitoring system based on user behavior
CN107483514A (en) * 2017-10-13 2017-12-15 北京知道创宇信息技术有限公司 Attack monitoring device and smart machine
CN108650225A (en) * 2018-04-03 2018-10-12 国家计算机网络与信息安全管理中心 A kind of telesecurity monitoring device, system and telesecurity monitoring method
CN108900473A (en) * 2018-06-04 2018-11-27 麒麟合盛网络技术股份有限公司 A kind of data monitoring method, device and system
CN108693782A (en) * 2018-08-01 2018-10-23 合肥阅辞科技有限公司 Smart home managing and control system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114817912A (en) * 2022-06-15 2022-07-29 国网浙江省电力有限公司杭州供电公司 Virus blocking processing method and platform based on behavior recognition model
CN114817912B (en) * 2022-06-15 2022-11-04 国网浙江省电力有限公司杭州供电公司 Virus blocking processing method and platform based on behavior recognition model

Also Published As

Publication number Publication date
CN112165453B (en) 2021-07-20

Similar Documents

Publication Publication Date Title
JP6441957B2 (en) Systems, devices, and methods that automatically validate exploits on suspicious objects and highlight display information associated with the proven exploits
US20130333039A1 (en) Evaluating Whether to Block or Allow Installation of a Software Application
JP5374485B2 (en) Information security protection host
CN111274583A (en) Big data computer network safety protection device and control method thereof
EP3349137A1 (en) Client-side attack detection in web applications
US8453244B2 (en) Server, user device and malware detection method thereof
US11374964B1 (en) Preventing lateral propagation of ransomware using a security appliance that dynamically inserts a DHCP server/relay and a default gateway with point-to-point links between endpoints
CN104484259A (en) Application program traffic monitoring method and device, and mobile terminal
CN107005570A (en) Safeguard protection and the user interface of remote management for network endpoint
KR20140098025A (en) System and Method For A SEcurity Assessment of an Application Uploaded to an AppStore
CN107135249B (en) Data downloading method and device
CN105554752A (en) Hotspot sharing method and related equipment
CN104915599A (en) Application program monitoring method and terminal
CN105550584A (en) RBAC based malicious program interception and processing method in Android platform
CN105721514A (en) User device, cloud server and shared link identification method thereof
CN112165453B (en) Intelligent equipment anti-intrusion method and device, intelligent equipment and server
US9705920B1 (en) Identifying data usage via active data
Khan et al. CrashSafe: a formal model for proving crash-safety of Android applications
CN103618786A (en) Playing error processing method and server
CN113923008A (en) Malicious website interception method, device, equipment and storage medium
KR20140068940A (en) Content handling for applications
US20140215569A1 (en) User terminal, unauthorized site information management server, and method and program for blocking unauthorized request
US10019582B1 (en) Detecting application leaks
JP5828457B2 (en) API execution control device and program
US20110209215A1 (en) Intelligent Network Security Resource Deployment System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant