CN112350974A - Safety monitoring method and device of Internet of things and electronic equipment - Google Patents

Safety monitoring method and device of Internet of things and electronic equipment Download PDF

Info

Publication number
CN112350974A
CN112350974A CN201910724085.0A CN201910724085A CN112350974A CN 112350974 A CN112350974 A CN 112350974A CN 201910724085 A CN201910724085 A CN 201910724085A CN 112350974 A CN112350974 A CN 112350974A
Authority
CN
China
Prior art keywords
internet
things
safety
data
upper limit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910724085.0A
Other languages
Chinese (zh)
Inventor
孙际勇
郝建忠
郑浩彬
吕汉鑫
杨婷
李金生
徐家俊
奉玉婷
余士韬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Guangdong Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Guangdong Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201910724085.0A priority Critical patent/CN112350974A/en
Publication of CN112350974A publication Critical patent/CN112350974A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Alarm Systems (AREA)

Abstract

The embodiment of the invention discloses a safety monitoring method and device of an Internet of things and electronic equipment, wherein the method comprises the following steps: acquiring interactive data of the Internet of things equipment; judging whether the interaction frequency of the Internet of things equipment exceeds a safety upper limit value or not according to the interaction data; if yes, alarm information is output. By the method, the interactive data of the Internet of things equipment can be acquired, whether the interactive frequency of the Internet of things equipment exceeds the safety upper limit value or not is judged according to the interactive data, an alarm is given when the interactive frequency exceeds the safety upper limit value, the Internet of things safety of the terminal side and the service side of the Internet of things can be automatically and intelligently monitored, the positioning accuracy of safety problems is improved, intelligent automatic analysis and output of positioning and monitoring of the Internet of things safety problems are realized, and the manpower requirement is reduced.

Description

Safety monitoring method and device of Internet of things and electronic equipment
Technical Field
The invention relates to the field of Internet of things, in particular to a safety monitoring method and device of the Internet of things and electronic equipment.
Background
The internet of things has entered into all aspects of life of people, shared bicycles, mobile payment, smart homes, smart traffic and the like are all results of the application of the internet of things technology, and the subsequent security problem of the internet of things is more and more noticed in the industry.
The current method for positioning the safety problem of the internet of things mainly directly uses a support tool of a mobile communication network and manual analysis of an analyst, and comprises a signaling analysis system of an operator and an analysis platform of the internet of things. The system comprises a signaling analysis system, an Internet of things analysis platform and a server, wherein the signaling analysis system is mainly used for analyzing the level of a positioning terminal and the level of a server, and the Internet of things analysis platform is mainly used for analyzing the operation data, basic perception and the like of an enterprise private network or number segment of the Internet of things.
The signaling analysis system can only simply carry out dimension statistical index analysis to thing networking terminal and server, and more are that the manual work draws data and carries out the analysis contrast, has analytical error, influences the accuracy of analysis result, can not pinpoint the potential safety hazard that the thing networking exists, and thing networking analysis platform can't carry out detailed data analysis location to specific thing networking terminal side, service side, can't accomplish accurate intelligent positioning monitoring.
Disclosure of Invention
The embodiment of the invention provides a safety monitoring method and device of the Internet of things and electronic equipment, and aims to solve the problem of poor positioning accuracy of the existing positioning method for the safety problem of the Internet of things.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, a method for monitoring security of an internet of things is provided, which includes: acquiring interactive data of the Internet of things equipment; judging whether the interaction frequency of the Internet of things equipment exceeds a safety upper limit value or not according to the interaction data; if yes, alarm information is output.
In a second aspect, a security monitoring device for internet of things is provided, the device comprising: the acquisition module is used for acquiring interactive data of the Internet of things equipment; the judging module is used for judging whether the interaction frequency of the Internet of things equipment exceeds a safety upper limit value or not according to the interaction data; and the alarm module is used for outputting alarm information if the alarm information is positive.
In a third aspect, an electronic device is provided, comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to the first aspect.
In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, realizes the steps of the method according to the first aspect.
In the embodiment of the invention, by acquiring the interactive data of the Internet of things equipment, judging whether the interactive frequency of the Internet of things equipment exceeds the safety upper limit value or not according to the interactive data, and giving an alarm when the interactive frequency exceeds the safety upper limit value, the safety of the Internet of things at the terminal side and the service side of the Internet of things can be automatically and intelligently monitored, the positioning accuracy of the safety problem is improved, the intelligent automatic analysis and output of the positioning and monitoring of the safety problem of the Internet of things are realized, and the manpower requirement is reduced.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic flow chart of a security monitoring method of the internet of things according to the present invention;
FIG. 2 is a diagram illustrating an upper limit value of a security reputation of the present invention;
fig. 3 is a schematic flow chart of another method for monitoring the safety of the internet of things according to the invention;
fig. 4 is a schematic flow chart of another method for monitoring the safety of the internet of things according to the invention;
fig. 5 is a schematic structural diagram of a safety monitoring device of the internet of things according to the invention;
fig. 6 is a schematic structural diagram of an electronic device according to the present invention.
Detailed Description
The embodiment of the invention provides a method, a device and equipment for monitoring the safety of an Internet of things.
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The internet of things includes complex hybrid technology components including data centers, cloud servers, networks, software, hardware, and the like, all requiring high security. In the digital network, the internet of things equipment is carrying out millions of internet communications, and security must be established based on the whole system, and the 'security first' is the most critical principle in the era of the internet of things nowadays. Currently, security threats of the internet of things mainly include:
the threat faced by the terminal: 1) illegal invasion, wherein equipment is illegally invaded and controlled due to own bugs (weak passwords, version bugs and the like) at the terminal side; 2) malicious codes (viruses, trojans, worms and the like), and most Internet of things terminals are limited in cost and low in processing performance, so that the safety protection capability of the terminals is poor, the terminals are easy to be attacked by the malicious codes and malicious software, the terminals cannot be normally used or information is leaked, and the safety of the whole network is endangered.
Threat faced by the server: 1) the flow attack is used for carrying out distributed denial of service attack on the service end platform through the Internet, so that the platform cannot serve; 2) the platform has security holes, so that an attacker can invade the platform equipment from the Internet; 3) malicious code, platform software systems may be infected with viruses, trojans, worms, etc. from the internet.
The safety monitoring method of the Internet of things provided by the embodiment of the invention can automatically and intelligently monitor the safety problems of the Internet of things at the terminal side and the service side of the Internet of things, improves the positioning accuracy of the safety problems, realizes the intelligent automatic analysis and output of the positioning monitoring of the safety problems of the Internet of things, and reduces the manpower requirement.
Example one
As shown in fig. 1, an embodiment of the present invention provides a method for monitoring security of an internet of things, where the method may be executed by an electronic device, such as a terminal device or a server device. In other words, the method may be performed by software or hardware installed in the terminal device or the server device. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The method may specifically comprise the steps of:
s102, interactive data of the Internet of things equipment are obtained.
It can be understood that the internet of things device includes a terminal device and a server device, and the interaction data includes interaction time and interaction service content. Specifically, the corresponding interactive data can be obtained through the ticket data of the internet of things device.
And S104, judging whether the interaction frequency of the Internet of things equipment exceeds a safety upper limit value or not according to the interaction data.
The interaction frequency refers to the number of times of interaction between the internet of things device and other devices in unit time. Due to the fact that the connection relation between the Internet of things devices is deterministic, the interaction objects and the interaction times are regular, data distribution characteristics can be analyzed through a big data algorithm, modeling calculation predicted values are carried out, and then the safety upper limit value of the interaction frequency is obtained.
As an example, the generation manner of the safety upper limit value includes: acquiring a historical data training set of the Internet of things equipment, wherein the historical data training set comprises interaction frequency within historical preset time granularity; inputting the historical data training set into a big data algorithm prediction model to obtain a predicted value within a preset time granularity; and calculating to obtain the safety upper limit value according to the predicted value and the residual error corresponding to the historical data training set. The method comprises the steps of analyzing the business process of the Internet of things, combining the networking data distribution characteristics, comparing and monitoring the interactive access frequency of each Internet of things device, modeling according to historical data, and finally determining the upper safety limit value.
Optionally, whether the interaction frequency of the internet of things device exceeds the safety upper limit value or not is judged according to the interaction data, and the method can be implemented in the following manner: counting the interaction frequency of the Internet of things equipment within a preset time granularity based on the interaction data; and judging whether the interaction frequency exceeds a safety upper limit value within a preset time granularity. The preset time granularity can be flexibly set according to the type and the industrial characteristics of the Internet of things equipment, for example, the time granularity is 1 hour or 10 minutes. And when the interaction frequency exceeds the safety upper limit value in the preset time granularity, determining that a safety problem occurs.
And S106, if so, outputting alarm information.
When the interactive access frequency of certain Internet of things equipment exceeds the safety upper limit value, alarm information can be output immediately. Optionally, an alarm message may be sent to the target analysis object, where the alarm message may include: alarm time, alarm type and alarm content, and the target analysis object may be an analyst or an analysis system.
On the basis of the foregoing embodiment, if the internet of things device is a server device, the method illustrated in fig. 1 may further include: when the interaction frequency of the server-side equipment does not exceed the safety upper limit value, judging whether the address information of the interaction data is included in a safety service library; if not, alarm information is output.
The generation mode of the security service library comprises the following steps: acquiring historical security service data of server equipment, wherein the historical security service data comprises address information corresponding to security connection; and storing the address information to generate a safety service library. Because the corresponding connection relation between the internet of things device and other devices is basically fixed, data is generally only sent to the fixed devices or command control of the fixed devices is received. The service security content in the server device can be obtained by analyzing the historical data of the server device, and the service security content may generally be Address information corresponding to the secure connection, such as an Internet Protocol Address (IP Address) or a Uniform Resource Locator (URL).
And when the address information of the interactive data is not included in the safety service library, outputting an alarm and pushing the alarm information to related analysts. It can be understood that, for the server device, it may be determined whether the interaction frequency exceeds the upper safety limit, and then it is determined whether the address information of the interaction data is included in the safety service library, or it may be determined whether the address information of the interaction data is included in the safety service library, and when the address information is included in the safety service library, then it is determined whether the interaction frequency exceeds the upper safety limit.
As an example, a safe upper limit for interaction frequency may be obtained by post-modeling prediction. Specifically, based on an internet of things safety problem positioning model, data analysis can be performed from two aspects of terminal side equipment and service side equipment, hour-level index summarizing calculation is performed on historical interactive access frequency data according to terminal dimensions and server dimensions of the internet of things, and the interactive access frequency data in the same time period every day is summarized, so that interactive frequency value sampling data of hour granularity of all single internet of things equipment or a single server is formed, all historical sampling data of hour granularity are used as a training set, a characteristic model for analyzing data distribution based on a big data algorithm is applied for training, and then the upper limit value of the interactive frequency safety is calculated by using the characteristic that residual errors on the training set conform to normal distribution.
After the safety upper limit value is obtained, automatic program comparison can be carried out. For example, since the safety upper limit value setting conforms to the asymmetry setting, the upper limit value setting may be a 4-fold standard deviation method, and the predicted value of the inter-frequency at the ith time point is X'iAnd if so, the safety credit upper limit value Q is as follows:
Q=X′i+4S
according to the data statistical rule, when the number of sample points in the training sample is more than 50, the sample standard deviation of the training sample is approximately equal to the total standard deviation delta, and the calculation formula of the standard deviation S is shown as formula (1):
Figure BDA0002158299880000061
wherein epsiloniIs the prediction error, ε'iK is the number of samples for the prediction error average. If the number of the sample points is less than 50, the difference between the standard deviation delta of the overall parameter and the standard deviation S of the sample points is significant, and the estimated value is approximate to the overall parameter with significant error.
The characteristic model of data distribution is analyzed through a big data algorithm to predict to obtain a predicted value, and then the residual error on the training set is added, so that the upper limit value of the interactive access frequency safety credit can be calculated, and the abnormal conditions of the interactive frequency of the object networking terminal and the server can be quickly and effectively identified by applying the upper limit value of the safety credit.
Fig. 2 is a diagram of a security reputation upper limit value according to an embodiment of the present invention. As shown in fig. 2, the variation trend of the 24-hour interaction access frequency of a certain brand shared power bank terminal is shown, the upper broken line is the variation trend of the upper limit value of the security reputation every hour, and the lower broken line is the variation trend of the actual interaction frequency every hour. And when the program monitoring interaction frequency is judged to be normal within the range of the upper limit value of the safety credit, when the interaction frequency exceeds the upper limit value of the safety credit, the program monitoring interaction frequency is marked as abnormal, alarm information is automatically generated, and the program monitoring interaction frequency is pushed to related analysts in real time.
As an example, the security services library may be obtained by comparative modeling. From the service layer, different services of the internet of things have corresponding service platforms, the service platforms and modules are basically fixed, the service content platforms can be built into an internet of things security service library, and the security service library is automatically updated regularly through programs. The method comprises the steps of counting service platform related information in a call bill based on user call bill XDR data of the service of the Internet of things, carrying out comparison analysis through a big data analysis algorithm data analysis characteristic model according to the counted service end information, comparing service content information, judging whether the service information is in a service safety library range or not, judging the service information to be normal in the service safety library range when program monitoring information is identified and compared, marking the service information as abnormal when the service information is not in the service safety library range, and automatically generating alarm information.
Example two
Fig. 3 is a method for monitoring security of an internet of things according to an embodiment of the present invention, taking an internet of things device as an internet of things terminal device as an example, the method includes:
s302, counting the interactive access frequency of the Internet of things terminal in the ticket.
S304, interactive access frequency of the terminal dimension of the Internet of things is compared, and whether the interactive access frequency exceeds the upper limit value of the security credit is judged. If yes, executing S306; if not, the terminal access is normal.
And S306, outputting the alarm information of the Internet of things terminal.
And S308, pushing the alarm information to related analysts.
By analyzing the business process of the Internet of things and combining the Internet of things data distribution characteristics, the interactive access frequency of each Internet of things terminal is compared and monitored, the comparison basis is the upper limit value of the safety credit obtained by modeling according to historical data, once the interactive access frequency of a certain Internet of things terminal exceeds the corresponding upper limit value of the safety credit, an alarm is output immediately, and the corresponding Internet of things terminal information is pushed to relevant analysts for processing.
Fig. 4 is a security monitoring method for the internet of things according to an embodiment of the present invention, taking an internet of things device as an internet of things server device as an example, the method includes:
s402, counting the security service content in the ticket. The security service content may be IP, URL, etc. information.
S404, comparing whether the safety service content is in the range of the safety service library. If yes, go to S406; if not, S408 is performed.
Service content platforms and modules corresponding to different internet of things services are basically fixed, and an internet of things service security content library is formed by counting service security contents in an XDR ticket according to historical data. And counting the security service content in the ticket based on the XDR data of the Internet of things, comparing the security service content with the security content library of the Internet of things service, outputting an alarm if the security service content is not in the range of the security content library of the Internet of things service, and pushing the service content information to relevant analysts for resolution.
S406, counting the frequency of accessing the safety service content in the ticket.
If the accessed service security content is in the service security content library of the Internet of things, continuously counting the interactive access frequency of the service security content in the ticket, comparing the interactive access frequency with the upper limit value of the security credit, outputting an alarm once the interactive access frequency of the service content exceeds the upper limit value of the security credit, and pushing the relevant information of the service platform and the module to relevant analysts.
And S408, outputting the alarm information of the service end of the Internet of things.
And S410, judging whether the frequency of the service side being accessed exceeds the upper limit value of the safety credit. If so, go to S408; if not, the server side is accessed normally.
And S412, pushing the alarm information to the related analyst.
According to the safety monitoring method of the Internet of things, the terminal side safety positioning model and the service side safety positioning model can be established based on historical data of the terminal side and the service side, the terminal side and the service side interactively access the frequency automatic monitoring and comparing program and the service safety content library automatic comparing program to carry out real-time monitoring, and terminal abnormity or service side alarm information can be automatically output.
By creating an interactive access frequency safety credit upper limit value model and a service safety content library comparison model related to an Internet of things equipment safety problem positioning model, the automatic positioning of the safety problems of a terminal side and a service side in the Internet of things is realized, the current interactive access frequency and the safety credit upper limit value are compared in real time, whether safety service content is in a safety service content library or not is compared, once the interactive access frequency of a certain Internet of things terminal or a server exceeds the safety credit upper limit value or the service content is not in the range of the service safety library, alarm information is immediately output and is timely pushed to relevant analysts for solving.
The problem positioning model is constructed for the safety problem of the Internet of things, accurate positioning of the equipment side and the service side of the safety problem of the Internet of things is achieved, the efficiency of an analyst and the accuracy of an analysis result can be improved through automatic intelligent monitoring of a program, and the requirement on the ability experience level of the analyst is lowered. The safety credit upper limit value related to the Internet of things equipment safety problem positioning model is compared with the safety service content library for modeling, intelligent automatic analysis output of Internet of things safety problem positioning monitoring is achieved, and human resource requirements for Internet of things problem analysis are reduced.
EXAMPLE III
Based on the same idea, the embodiment of the present invention further provides a security monitoring device for the internet of things, as shown in fig. 5.
This safety monitoring device of thing networking includes: an obtaining module 501, a judging module 502 and an alarming module 503, wherein: an obtaining module 501, configured to obtain interaction data of an internet of things device; a judging module 502, configured to judge whether an interaction frequency of the internet of things device exceeds a safety upper limit value according to the interaction data; and an alarm module 503, configured to output alarm information if yes.
Optionally, as an embodiment, the internet of things device includes a server device, and the apparatus further includes: the content judgment module is used for judging whether the address information of the interactive data is included in a safety service library or not when the interaction frequency of the server-side equipment does not exceed a safety upper limit value; and the alarm module is also used for outputting alarm information if the alarm is not detected.
In an embodiment of the present invention, a generation manner of the safety upper limit value includes: acquiring a historical data training set of the Internet of things equipment, wherein the historical data training set comprises interaction frequency within historical preset time granularity; inputting the historical data training set into a big data algorithm prediction model to obtain a predicted value within the preset time granularity; and calculating to obtain the safety upper limit value according to the predicted value and the residual error corresponding to the historical data training set.
In the embodiment of the present invention, the generation manner of the security service library includes: acquiring historical security service data of the server equipment, wherein the historical security service data comprises address information corresponding to security connection; and storing the address information to generate the security service library.
In this embodiment of the present invention, the determining module 502 is specifically configured to: counting the interaction frequency of the Internet of things equipment within a preset time granularity based on the interaction data; and judging whether the interaction frequency exceeds a safety upper limit value in the preset time granularity.
In an embodiment of the present invention, the apparatus further includes: the alarm module is used for sending the alarm information to a target analysis object, wherein the alarm information comprises: alarm time, alarm type and alarm content.
The embodiment of the invention provides a safety monitoring device of the Internet of things, which can automatically and intelligently monitor the safety of the Internet of things at a terminal side and a service side of the Internet of things by acquiring the interactive data of the equipment of the Internet of things, judging whether the interactive frequency of the equipment of the Internet of things exceeds a safety upper limit value according to the interactive data and giving an alarm when the interactive frequency exceeds the safety upper limit value, thereby improving the positioning accuracy of safety problems, realizing the intelligent automatic analysis and output of the positioning monitoring of the safety problems of the Internet of things and reducing the manpower requirement.
Example four
Figure 6 is a schematic diagram of a hardware configuration of an electronic device implementing various embodiments of the invention,
the electronic device 600 includes, but is not limited to: a radio frequency unit 601, a network module 602, an audio output unit 603, an input unit 604, a sensor 605, a display unit 606, a user input unit 607, an interface unit 608, a memory 609, a processor 610, and a power supply 611. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 6 does not constitute a limitation of the electronic device, and that the electronic device may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. In the embodiment of the present invention, the electronic device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.
The processor 610 is configured to obtain interaction data of the internet of things device;
the processor 610 is further configured to determine whether the interaction frequency of the internet of things device exceeds a safety upper limit value according to the interaction data;
and the processor 610 is further used for outputting alarm information if the alarm information is positive.
In addition, the processor 610 is further configured to obtain a historical data training set of the internet of things device, where the historical data training set includes interaction frequencies within a historical preset time granularity;
in addition, the processor 610 is further configured to input the historical data training set into a big data algorithm prediction model to obtain a predicted value within the preset time granularity;
in addition, the processor 610 is further configured to calculate the safety upper limit value according to the predicted value and a residual corresponding to the historical data training set.
In addition, the processor 610 is further configured to determine whether address information of the interaction data is included in a security service library when the interaction frequency of the server device does not exceed a security upper limit value;
the processor 610 is further configured to output an alarm message if no.
In addition, the processor 610 is further configured to obtain historical security service data of the server device, where the historical security service data includes address information corresponding to a secure connection;
in addition, the processor 610 is further configured to store the address information to generate the security service library.
In addition, the processor 610 is further configured to count an interaction frequency of the internet of things device within a preset time granularity based on the interaction data;
in addition, the processor 610 is further configured to determine whether the interaction frequency exceeds a safety upper limit value within the preset time granularity.
In addition, the processor 610 is further configured to send the alarm information to a target analysis object, where the alarm information includes: alarm time, alarm type and alarm content.
The embodiment of the invention provides electronic equipment, which can automatically and intelligently monitor the safety of the Internet of things at a terminal side and a service side of the Internet of things by acquiring the interaction data of the Internet of things equipment, judging whether the interaction frequency of the Internet of things equipment exceeds a safety upper limit value according to the interaction data and giving an alarm when the interaction frequency exceeds the safety upper limit value, so that the positioning accuracy of the safety problem is improved, the intelligent automatic analysis and output of the positioning monitoring of the safety problem of the Internet of things are realized, and the manpower requirement is reduced.
It should be understood that, in the embodiment of the present invention, the radio frequency unit 601 may be used for receiving and sending signals during a message sending and receiving process or a call process, and specifically, receives downlink data from a base station and then processes the received downlink data to the processor 610; in addition, the uplink data is transmitted to the base station. In general, radio frequency unit 601 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 601 may also communicate with a network and other electronic devices through a wireless communication system.
The electronic device provides wireless broadband internet access to the user via the network module 602, such as assisting the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.
The audio output unit 603 may convert audio data received by the radio frequency unit 601 or the network module 602 or stored in the memory 609 into an audio signal and output as sound. Also, the audio output unit 603 may also provide audio output related to a specific function performed by the electronic apparatus 600 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 603 includes a speaker, a buzzer, a receiver, and the like.
The input unit 604 is used to receive audio or video signals. The input Unit 604 may include a Graphics Processing Unit (GPU) 6051 and a microphone 6042, and the Graphics processor 6051 processes image data of a still picture or video obtained by an image capturing apparatus (such as a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 606. The image frames processed by the graphic processor 6051 may be stored in the memory 609 (or other storage medium) or transmitted via the radio frequency unit 601 or the network module 602. The microphone 6042 can receive sound, and can process such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 601 in case of the phone call mode.
The electronic device 600 also includes at least one sensor 605, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 6061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 6061 and/or the backlight when the electronic apparatus 600 is moved to the ear. As one type of motion sensor, an accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of an electronic device (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), and vibration identification related functions (such as pedometer, tapping); the sensors 605 may also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which are not described in detail herein.
The display unit 606 is used to display information input by the user or information provided to the user. The Display unit 606 may include a Display panel 6061, and the Display panel 6061 may be configured by a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 607 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic device. Specifically, the user input unit 607 includes a touch panel 6071 and other input devices 6072. Touch panel 6071, also referred to as a touch screen, may collect touch operations by a user on or near it (e.g., operations by a user on or near touch panel 6071 using a finger, stylus, or any suitable object or accessory). The touch panel 6071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 610, receives a command from the processor 610, and executes the command. In addition, the touch panel 6071 can be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The user input unit 607 may include other input devices 6072 in addition to the touch panel 6071. Specifically, the other input devices 6072 may include, but are not limited to, a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a track ball, a mouse, and a joystick, which are not described herein again.
Further, the touch panel 6071 can be overlaid on the display panel 6061, and when the touch panel 6071 detects a touch operation on or near the touch panel 6071, the touch operation is transmitted to the processor 610 to determine the type of the touch event, and then the processor 610 provides a corresponding visual output on the display panel 6061 according to the type of the touch event. Although the touch panel 6071 and the display panel 6061 are shown in fig. 6 as two separate components to implement the input and output functions of the electronic device, in some embodiments, the touch panel 6071 and the display panel 6061 may be integrated to implement the input and output functions of the electronic device, and this is not limited here.
The interface unit 608 is an interface for connecting an external device to the electronic apparatus 600. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 608 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the electronic device 600 or may be used to transmit data between the electronic device 600 and external devices.
The memory 609 may be used to store software programs as well as various data. The memory 609 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 609 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 610 is a control center of the electronic device, connects various parts of the whole electronic device by using various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 609, and calling data stored in the memory 609, thereby performing overall monitoring of the electronic device. Processor 610 may include one or more processing units; preferably, the processor 610 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 610.
The electronic device 600 may further include a power supply 611 (e.g., a battery) for supplying power to the various components, and preferably, the power supply 611 may be logically connected to the processor 610 via a power management system, such that the power management system may be used to manage charging, discharging, and power consumption.
Preferably, an embodiment of the present invention further provides an electronic device, which includes a processor 610, a memory 609, and a computer program that is stored in the memory 609 and can be run on the processor 610, and when being executed by the processor 610, the computer program implements each process of the foregoing security monitoring method for the internet of things, and can achieve the same technical effect, and in order to avoid repetition, details are not described here again.
EXAMPLE five
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the foregoing embodiment of the security monitoring method for the internet of things, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
The embodiment of the invention provides a computer-readable storage medium, which can automatically and intelligently monitor the safety of the internet of things at a terminal side and a service side of the internet of things by acquiring the interactive data of the internet of things equipment, judging whether the interactive frequency of the internet of things equipment exceeds a safety upper limit value according to the interactive data and giving an alarm when the interactive frequency exceeds the safety upper limit value, thereby improving the positioning accuracy of safety problems, realizing the intelligent automatic analysis and output of the positioning monitoring of the safety problems of the internet of things and reducing the manpower requirement.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transient media) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (10)

1. A safety monitoring method of the Internet of things is characterized by comprising the following steps:
acquiring interactive data of the Internet of things equipment;
judging whether the interaction frequency of the Internet of things equipment exceeds a safety upper limit value or not according to the interaction data;
if yes, alarm information is output.
2. The method of claim 1, wherein the safety ceiling value is generated in a manner that includes:
acquiring a historical data training set of the Internet of things equipment, wherein the historical data training set comprises interaction frequency within historical preset time granularity;
inputting the historical data training set into a big data algorithm prediction model to obtain a predicted value within the preset time granularity;
and calculating to obtain the safety upper limit value according to the predicted value and the residual error corresponding to the historical data training set.
3. The method of claim 1, further comprising:
under the condition that the Internet of things equipment comprises server-side equipment, judging whether address information of interactive data is included in a safety service library or not when the interaction frequency of the server-side equipment does not exceed a safety upper limit value;
if not, alarm information is output.
4. The method of claim 3, wherein the security service library is generated in a manner that comprises:
acquiring historical security service data of the server equipment, wherein the historical security service data comprises address information corresponding to security connection;
and storing the address information to generate the security service library.
5. The method of claim 1, wherein the determining whether the interaction frequency of the internet of things device exceeds a safety upper limit value according to the interaction data comprises:
counting the interaction frequency of the Internet of things equipment within a preset time granularity based on the interaction data;
and judging whether the interaction frequency exceeds a safety upper limit value in the preset time granularity.
6. The method of claim 1, further comprising:
sending the alarm information to a target analysis object, wherein the alarm information comprises: alarm time, alarm type and alarm content.
7. The utility model provides a safety monitoring device of thing networking which characterized in that includes:
the acquisition module is used for acquiring interactive data of the Internet of things equipment;
the frequency judging module is used for judging whether the interaction frequency of the Internet of things equipment exceeds a safety upper limit value or not according to the interaction data;
and the alarm module is used for outputting alarm information if the alarm information is positive.
8. The apparatus of claim 7, wherein the internet of things device comprises a server device, and the apparatus further comprises:
the content judgment module is used for judging whether the address information of the interactive data is included in a safety service library or not when the interaction frequency of the server-side equipment does not exceed a safety upper limit value;
and the alarm module is also used for outputting alarm information if the alarm is not detected.
9. An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to any one of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method for security monitoring of the internet of things according to any one of claims 1 to 6.
CN201910724085.0A 2019-08-07 2019-08-07 Safety monitoring method and device of Internet of things and electronic equipment Pending CN112350974A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910724085.0A CN112350974A (en) 2019-08-07 2019-08-07 Safety monitoring method and device of Internet of things and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910724085.0A CN112350974A (en) 2019-08-07 2019-08-07 Safety monitoring method and device of Internet of things and electronic equipment

Publications (1)

Publication Number Publication Date
CN112350974A true CN112350974A (en) 2021-02-09

Family

ID=74366501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910724085.0A Pending CN112350974A (en) 2019-08-07 2019-08-07 Safety monitoring method and device of Internet of things and electronic equipment

Country Status (1)

Country Link
CN (1) CN112350974A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113137983A (en) * 2021-04-30 2021-07-20 深圳市恒星物联科技有限公司 Self-learning manhole cover posture monitoring method and monitoring system
CN114051042A (en) * 2021-11-29 2022-02-15 上海德衡数据科技有限公司 RESTFUL service-based Internet of things interface access authentication method and system
CN114499917A (en) * 2021-10-25 2022-05-13 中国银联股份有限公司 CC attack detection method and CC attack detection device
WO2022253085A1 (en) * 2021-05-31 2022-12-08 京东方科技集团股份有限公司 Server, and data processing method executed by server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107968730A (en) * 2016-10-19 2018-04-27 中国电信股份有限公司 The method and system that monitoring Internet of Things network interface card is stolen
CN109117172A (en) * 2017-06-23 2019-01-01 中国移动通信集团广东有限公司 A kind of method and device of the terminal versions number identification of target terminal
CN109347880A (en) * 2018-11-30 2019-02-15 北京神州绿盟信息安全科技股份有限公司 A kind of safety protecting method, apparatus and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107968730A (en) * 2016-10-19 2018-04-27 中国电信股份有限公司 The method and system that monitoring Internet of Things network interface card is stolen
CN109117172A (en) * 2017-06-23 2019-01-01 中国移动通信集团广东有限公司 A kind of method and device of the terminal versions number identification of target terminal
CN109347880A (en) * 2018-11-30 2019-02-15 北京神州绿盟信息安全科技股份有限公司 A kind of safety protecting method, apparatus and system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113137983A (en) * 2021-04-30 2021-07-20 深圳市恒星物联科技有限公司 Self-learning manhole cover posture monitoring method and monitoring system
CN113137983B (en) * 2021-04-30 2023-08-22 深圳市恒星物联科技有限公司 Self-learning well lid posture monitoring method and monitoring system
WO2022253085A1 (en) * 2021-05-31 2022-12-08 京东方科技集团股份有限公司 Server, and data processing method executed by server
CN114499917A (en) * 2021-10-25 2022-05-13 中国银联股份有限公司 CC attack detection method and CC attack detection device
CN114499917B (en) * 2021-10-25 2024-01-09 中国银联股份有限公司 CC attack detection method and CC attack detection device
CN114051042A (en) * 2021-11-29 2022-02-15 上海德衡数据科技有限公司 RESTFUL service-based Internet of things interface access authentication method and system
CN114051042B (en) * 2021-11-29 2023-08-18 上海德衡数据科技有限公司 Internet of things interface access authentication method and system based on RESTFUL service

Similar Documents

Publication Publication Date Title
CN112350974A (en) Safety monitoring method and device of Internet of things and electronic equipment
CN108537011B (en) Application permission processing method, terminal and server
CN109918944B (en) Information protection method and device, mobile terminal and storage medium
CN107506646B (en) Malicious application detection method and device and computer readable storage medium
CN108900386B (en) Method and device for generating alarm information and electronic equipment
CN112100655A (en) Data detection method and device, electronic equipment and readable storage medium
CN111598573A (en) Equipment fingerprint verification method and device
CN110309003B (en) Information prompting method and mobile terminal
CN110796552A (en) Risk prompting method and device
CN109522741B (en) Application program permission prompting method and terminal equipment thereof
CN112543195B (en) Information security assessment method and device for intelligent networked automobile and electronic equipment
CN112311935B (en) Abnormity detection method and device and electronic equipment
CN113259954A (en) Method and device for determining quality difference processing strategy and electronic equipment
CN112073414A (en) Industrial Internet equipment secure access method and related device
CN112988496A (en) Alarm prompting method, device and system and electronic equipment
CN110856173B (en) Network access method and device and electronic equipment
CN113518152B (en) Telephone number identification method and system and electronic equipment
CN108989350B (en) Method, device and equipment for detecting denial of service vulnerability
CN112307392A (en) Page detection method, device and equipment
CN115884088A (en) Method and device for determining equipment position information and electronic equipment
CN111581223A (en) Data updating method and device, terminal equipment and storage medium
CN111818548A (en) Data processing method, device and equipment
CN111026298A (en) Account information processing method and electronic equipment
CN110795701A (en) Re-signature detection method and device, terminal equipment and storage medium
CN112202586B (en) Operation authentication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210209

RJ01 Rejection of invention patent application after publication