CN112383509B - Internet of things equipment safety monitoring system and method based on data flow - Google Patents

Internet of things equipment safety monitoring system and method based on data flow Download PDF

Info

Publication number
CN112383509B
CN112383509B CN202011130466.5A CN202011130466A CN112383509B CN 112383509 B CN112383509 B CN 112383509B CN 202011130466 A CN202011130466 A CN 202011130466A CN 112383509 B CN112383509 B CN 112383509B
Authority
CN
China
Prior art keywords
equipment
internet
data packet
operation instruction
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011130466.5A
Other languages
Chinese (zh)
Other versions
CN112383509A (en
Inventor
谭卫忠
吕伟龙
吴涛
廖舟
竺婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Skyworth Institute Of Information Technology Co ltd
Shenzhen Skyworth RGB Electronics Co Ltd
Original Assignee
Nanjing Skyworth Institute Of Information Technology Co ltd
Shenzhen Skyworth RGB Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Skyworth Institute Of Information Technology Co ltd, Shenzhen Skyworth RGB Electronics Co Ltd filed Critical Nanjing Skyworth Institute Of Information Technology Co ltd
Priority to CN202011130466.5A priority Critical patent/CN112383509B/en
Publication of CN112383509A publication Critical patent/CN112383509A/en
Application granted granted Critical
Publication of CN112383509B publication Critical patent/CN112383509B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Abstract

The invention discloses a data flow-based Internet of things equipment safety monitoring system and a data flow-based Internet of things equipment safety monitoring method, relates to the technical field of Internet of things equipment safety, and aims to solve the problems that in the traditional technology, a timing inspection method based on a data set is low in timeliness, and only equipment faults can be reported in a mode of reporting data or electronic control internal error information based on equipment terminals. The technical scheme is characterized in that an equipment state data packet and an operation instruction data packet are obtained, and the updating states of the equipment state data packet and the operation instruction data packet are monitored and analyzed in real time; analyzing the equipment state data packet to obtain the operation frequency of the Internet of things equipment, and sending alarm information to the user side when the frequency exceeds a threshold value; and analyzing the operation instruction data packet to obtain the area name of the equipment control source IP, and sending alarm information when the area name corresponding to the IP is inconsistent with the recorded common area name when an instruction is sent. The invention achieves the effect of improving the personal information security and the equipment security.

Description

Internet of things equipment safety monitoring system and method based on data flow
Technical Field
The invention relates to the technical field of Internet of things equipment safety, in particular to a data flow-based Internet of things equipment safety monitoring system and method.
Background
More and more internet of things devices are accessed to the internet to realize remote control and remote state check, each user has a group of user names and passwords to manage the internet of things devices under the name of the user, but in the daily use process, the internet of things devices of the user can be operated by illegal personnel and privacy information can be stolen due to the fact that the user is carelessly leaked or stolen by a phishing website or system user information is leaked, and therefore money loss or personal safety problems are caused to the user.
To the safety problem of the internet of things equipment, the traditional solutions mainly include the following two types: 1. the timing inspection method based on the data set cannot sense the abnormal problem of the equipment of the Internet of things in real time, and the alarm reminding information sent to the user has a certain time delay and cannot find the safety problem of the equipment in time; 2. based on the mode of reporting the sensor data at the equipment end or the error information in the electric control, the problem that the equipment is controlled by illegal personnel or the information is leaked cannot be detected only by reporting the fault of the equipment.
Therefore, it is desirable to provide a method and system that is time efficient and improves the security of personal information.
Disclosure of Invention
The invention aims to provide a data flow-based Internet of things equipment safety monitoring system and a data flow-based Internet of things equipment safety monitoring method, which have the effects of strong timeliness and personal information safety.
The above object of the present invention is achieved by the following technical solutions:
the safety monitoring system for the Internet of things equipment based on the data stream comprises an IoT platform and a stream data platform, wherein the IoT platform is in communication connection with the Internet of things equipment and a user side;
the IoT platform comprises a log module and a log file storage module;
the streaming data platform comprises a data acquisition module, a streaming data processing module and a data processing program storage module, wherein the data processing program storage module stores an operation frequency data processing submodule and an equipment control source data processing submodule;
the log module is used for acquiring an equipment state data packet when the parameters of the Internet of things equipment change, acquiring an operation instruction data packet when a user side sends an operation instruction of the control equipment, and sending the equipment state data packet and the operation instruction data packet to the log file storage module for storage and updating;
the data acquisition module is used for monitoring the update state of the log file storage module in real time and acquiring an updated equipment state data packet and an operation instruction data packet;
the flow data processing module calls an equipment state data packet from the data acquisition module and sends the equipment state data packet to the operation frequency data processing submodule to analyze the operation frequency of the Internet of things equipment, and alarm information is sent to the user side when the frequency exceeds a threshold value; the stream data processing module calls the operation instruction data packet from the data acquisition module and sends the operation instruction data packet to the equipment control source data processing submodule to analyze the area name of the equipment control source IP, and when the operation instruction is sent, the area name corresponding to the equipment control source IP is not consistent with the recorded common area name, alarm information is sent.
The invention is further configured to: the IoT platform comprises a connection module, an equipment management module, a user management module, a data storage module and a message pushing module;
the connection module is used for providing functions including Internet of things equipment registration, data channels, data exchange and equipment online state monitoring;
the equipment management module is used for maintaining the association relationship between the equipment state information and the Internet of things equipment and the user;
the user management module is used for providing functions including user registration, login and user information editing;
the data storage module is used for storing the Internet of things equipment and user data;
the message pushing module is used for pushing messages to a user side, and the alarm information is sent to the user side through the message pushing module.
The invention is further configured to: the operation frequency data processing submodule is used for classifying the Internet of things equipment, setting corresponding statistical time windows and threshold values for triggering alarm for different types of Internet of things equipment, and counting the operation frequency of the Internet of things equipment in the time windows and comparing the operation frequency with the threshold values.
The invention is further configured to: the device control source data processing submodule is used for converting the device control source IP into a region name and comparing the region name corresponding to the device control source IP when an operation instruction is sent with a common region name list, and the common region name list comprises the region name corresponding to the device control source IP when the user side logs in for the first time and the region name manually added by the user side.
The invention is further configured to: and when the parameters of the Internet of things equipment change, the parameter data are sent to an IoT platform, and the IoT platform pushes the state information corresponding to the parameter data to a user side through a message pushing module.
The invention is further configured to: the user side sends an operation instruction to the IoT platform through the HTTP request, and the IoT platform receives the operation instruction and then issues the operation instruction to the Internet of things equipment for execution.
The second aim of the invention is realized by the following technical scheme:
a safety monitoring method for Internet of things equipment based on data flow comprises the following steps:
the method comprises the steps of obtaining an equipment state data packet when the parameters of the Internet of things equipment change, obtaining an operation instruction data packet when a user side sends an operation instruction of the control equipment, and storing and updating the equipment state data packet and the operation instruction data packet;
monitoring the updating states of the equipment state data packet and the operation instruction data packet in real time, and acquiring the updated equipment state data packet and the updated operation instruction data packet;
analyzing the equipment state data packet to obtain the operation frequency of the equipment of the Internet of things, and sending alarm information to the user side when the frequency exceeds a threshold value;
and analyzing the operation instruction data packet to obtain the area name of the location of the equipment control source IP, and sending alarm information when the area name corresponding to the equipment control source IP is inconsistent with the recorded common area name when the operation instruction is sent.
The invention is further configured to: the method for obtaining the operation frequency of the equipment of the Internet of things by analyzing the equipment state data packet comprises the following steps: classifying the Internet of things equipment, setting corresponding statistical time windows and threshold values for triggering alarm for different types of Internet of things equipment, and performing statistics on the operation frequency of the Internet of things equipment in the time windows and comparing the operation frequency with the threshold values.
The invention is further configured to: the analyzing operation instruction data packet obtains the area name of the location of the equipment control source IP, and the method comprises the following steps: and converting the equipment control source IP into a region name, and comparing the region name corresponding to the equipment control source IP when an operation instruction is sent with a common region name list, wherein the common region name list comprises the region name corresponding to the equipment control source IP when the user side logs in for the first time and the region name manually added by the user side.
In conclusion, the beneficial technical effects of the invention are as follows:
1. by collecting the log file of the IoT platform as the data source of the streaming data platform, the coupling of the two platforms is reduced, and the normal operation of the IoT platform cannot be influenced when the streaming data platform fails;
2. monitoring whether the equipment is controlled abnormally or not by utilizing the control frequency of the equipment of the controlled Internet of things in a specified time window;
3. and monitoring whether the equipment is controlled by an abnormal area or not by utilizing whether the area name of the equipment control source IP which sends the operation instruction is in the user common area list or not.
Drawings
FIG. 1 is a schematic overall structure diagram of a first embodiment of the present invention;
FIG. 2 is a schematic overall flow chart of data according to a second embodiment of the present invention;
FIG. 3 is a flow chart of the operation frequency data processing sub-module according to the second embodiment of the present invention;
fig. 4 is a flowchart of a second device control source data processing sub-module according to an embodiment of the present invention.
Detailed Description
Example one
Referring to fig. 1, the invention discloses a data stream-based internet of things equipment security monitoring system, which comprises an IoT platform and a stream data platform, wherein the IoT platform is in communication connection with both internet of things equipment and a user side, and the stream data platform is in communication connection with the IoT platform and the user side.
The Internet of things equipment comprises various intelligent sensors, intelligent homes with networking functions, intelligent security equipment and the like, and is accessed to the IoT platform through networking modes such as network bridging equipment, WiFi, Lora, NB-IoT and the like.
The user side is used as an interactive entrance for remotely managing the internet of things equipment, controlling the internet of things equipment and checking the state of the internet of things equipment by a user, and specifically is an application program installed in a mobile phone or a tablet computer and other terminal equipment with a screen.
The IoT platform, as a data exchange intermediary between the internet of things device and the user side, is a core ring of the whole internet of things application link. The IoT platform comprises a log module and a log file storage module. The log module is used for acquiring an equipment state data packet when the parameters of the Internet of things equipment change, acquiring an operation instruction data packet when the user side sends an operation instruction of the control equipment, and sending the equipment state data packet and the operation instruction data packet to the log file storage module for storage and update.
And the stream data platform is responsible for carrying out real-time conversion, calculation, output and the like on the data stream. The stream data platform comprises a data acquisition module, a stream data processing module and a data processing program storage module, wherein the data processing program storage module stores an operation frequency data processing submodule and an equipment control source data processing submodule. The stream data processing module abstracts the processing process of the data stream into three processes of data source, data calculation and data output, and provides common methods of data conversion, data calculation and the like. Different data processing programs are loaded in the data calculation flow so as to adopt different stream calculation processing for different data sources.
And the data acquisition module monitors the update state of the log file storage module in real time and acquires an updated equipment state data packet and an operation instruction data packet.
The flow data processing module calls an equipment state data packet from the data acquisition module in real time and sends the equipment state data packet to the operation frequency data processing submodule to analyze the operation frequency of the Internet of things equipment, and alarm information is sent to the user side when the frequency exceeds a threshold value; the stream data processing module calls an operation instruction data packet from the data acquisition module in real time and sends the operation instruction data packet to the equipment control source data processing submodule to analyze the area name of the location of the equipment control source IP, and when an operation instruction is sent, the area name corresponding to the equipment control source IP is not consistent with the recorded common area name, alarm information is sent.
The IoT platform comprises a connection module, a device management module, a user management module, a data storage module and a message pushing module.
The connection module is used for providing functions including Internet of things equipment registration, data channels, data exchange and equipment online state monitoring;
the device management module is used for maintaining the device state information and the association relationship between the device and the user.
The user management module is used for providing functions including user registration, login and user information editing.
The data storage module is used for storing the Internet of things equipment and user data.
The message pushing module is used for pushing messages to the user side, and the alarm information is sent to the user side through the message pushing module.
The operation frequency data processing submodule is used for classifying the Internet of things equipment, setting corresponding statistical time windows and threshold values for triggering alarm for different types of Internet of things equipment, and counting the operation frequency of the Internet of things equipment in the time windows and comparing the operation frequency with the threshold values.
The device control source data processing submodule is used for converting the device control source IP into a region name and comparing the region name corresponding to the device control source IP when an operation instruction is sent with a common region name list, and the common region name list comprises the region name corresponding to the device control source IP when the user side logs in for the first time and the region name manually added by the user side.
When the parameters of the internet of things equipment change, the parameter data are sent to the IoT platform, and the IoT platform pushes the state information corresponding to the parameter data to the user side through the message pushing module.
The user side sends an operation instruction to the IoT platform through the HTTP request, and the IoT platform receives the operation instruction and then issues the operation instruction to the Internet of things equipment for execution.
The implementation principle of the above embodiment is as follows: the Internet of things equipment is accessed to the IoT platform through the network, and the user side logs in the IoT platform through the account to manage the Internet of things equipment under the name of the user side.
When the Internet of things equipment is communicated with the IoT platform, the log module records the state information reported by the Internet of things equipment in a log form; when the user side interacts with the IoT platform data, the log module records the user side information and the user instruction information in a log mode.
And a log file storage module is arranged on the IoT platform and used for storing log files and sending the log files to the data acquisition module through the message queue middleware, and the stream data processing module calls the log files in the data acquisition module, runs an equipment operation frequency data processing program and an equipment control source data processing program and is respectively used for analyzing the equipment operation frequency and the area name where the equipment control source IP is located.
When the operating instruction of the Internet of things equipment or the frequency of the messages of the Internet of things equipment is higher than the normal level within a period of time, the message pushing module pushes alarm information to the user side, and a user can disconnect the network of the Internet of things equipment or modify the user password so as to block illegal equipment operation and avoid information leakage and equipment safety problems.
When the user side controls the internet of things equipment, the IoT platform log file records the IP information of the equipment control source. When the data processing program of the equipment control source in the streaming data platform monitors that the area name corresponding to the IP of the equipment control source is inconsistent with the area name recorded during the common operation of the user, the data processing program triggers the remote control alarm message and pushes the remote control alarm message to the user side. If the user confirms that the area in the alarm information does not control the Internet of things equipment, the user can confirm that the equipment is controlled by illegal personnel at the moment, and can timely close the Internet of things equipment and modify the user password so as to avoid loss.
Example two
The invention discloses a data flow-based Internet of things equipment safety monitoring method, which comprises the following steps of:
s1, acquiring an equipment state data packet when the parameters of the Internet of things equipment change, acquiring an operation instruction data packet when the user side sends an operation instruction of the control equipment, and storing and updating the equipment state data packet and the operation instruction data packet;
s2, monitoring the updating state of the equipment state data packet and the operation instruction data packet in real time, and acquiring the updated equipment state data packet and the updated operation instruction data packet;
s3, analyzing the equipment state data packet to obtain the operation frequency of the Internet of things equipment, and sending alarm information to the user side when the frequency exceeds a threshold value; and analyzing the operation instruction data packet to obtain the area name of the location of the equipment control source IP, and sending alarm information when the area name corresponding to the equipment control source IP is inconsistent with the recorded common area name when the operation instruction is sent.
In step S3, analyzing the device status data packet to obtain the operation frequency of the internet of things device, including the following steps: classifying the Internet of things equipment, setting corresponding statistical time windows and threshold values for triggering alarm for different types of Internet of things equipment, and counting the operation frequency of the Internet of things equipment in the time windows and comparing the operation frequency with the threshold values.
In step S3, analyzing the operation instruction packet to obtain the area name of the device control source IP location includes the following steps: and converting the equipment control source IP into a region name, and comparing the region name corresponding to the equipment control source IP when an instruction is sent with a common region name list. The common area name list includes an area name corresponding to the device control source IP when the user logs in for the first time and an area name manually added by the user.
The implementation principle of the above embodiment is as follows: after the internet of things equipment is connected to the IoT platform, when the equipment parameters (such as the power switch state) change, the parameter data are sent to the IoT platform through the network, and the IoT platform pushes the state information to the user side, so that the user can check the current state of the equipment in real time at the intelligent terminal (a mobile phone, a tablet and the like). The user can also send an operation instruction to the IoT platform through the HTTP request in a touch control voice control mode or the like on the intelligent terminal, the IoT platform can issue the operation instruction to the Internet of things equipment after receiving the operation instruction, and the Internet of things equipment executes corresponding parameter setting after receiving the operation instruction so as to realize a control function.
Referring to fig. 2, the state data sent by the internet of things device received by the IoT platform is marked in the log as a device state data packet (including but not limited to a device identification id, a state parameter, a device IP address, and a timestamp of arrival of a message at the IoT platform); when the user side sends an operation instruction to the internet of things device, an operation instruction data packet (including but not limited to a user id, a device control source IP, a control end device id, operation instruction data, a controlled device identification id, a controlled device type and an instruction issuing timestamp) is sent to the IoT platform through an HTTP directory, and at the moment, the IoT platform marks the operation instruction data packet as the operation instruction data packet and records the operation instruction data packet into a log file.
The stream data platform monitors the log file of the IoT platform in real time, and when the log file has new data, the new data is immediately written into the message queue component. For messages differently marked by the IoT platform, the streaming data platform may invoke a corresponding data handler to analyze the data. In fig. 2, a service module corresponds to the device management module, the user management module, the data storage module, and the message push module in embodiment 1.
Referring to fig. 3, after receiving a data stream, a device frequency data processing program groups the data stream according to the class values of the internet of things devices, each class of device sets different statistical time windows and trigger alarm thresholds (for example, the statistical time window of an air conditioner is set to 5 minutes, and the alarm thresholds are set to 100), then performs grouping counting according to the identifier id of the controlled device, adds 1 to the counted value every time when counting is performed, and outputs an alarm message (the content of the alarm message includes but is not limited to the identifier id of the controlled device, the controlled times, an operation instruction list, an alarm timestamp, and a user id) to an alarm message queue when the counted value is greater than or equal to the alarm threshold, and pushes the alarm message to a corresponding user end according to the user id of the device after listening to the message in the alarm message queue, at this time, the user sees that a device is abnormally controlled to remind, the user can do operations such as closing the equipment or changing the user password and the like to ensure the safety of the equipment.
Referring to fig. 4, after the device control source data processing program receives the data stream, the device control source IP is converted into a zone name, the zone name is compared with a commonly used zone name in a record corresponding to the user id, if the area is not found in the user id common area name list, outputting a control end area abnormal alarm message (the message content includes but is not limited to the device control source IP, the control end area name, the controlled device identification id, the control end device id and the alarm time stamp) to the alarm message queue, after the IoT platform message pushing module monitors the message in the alarm message queue, according to the user id of the equipment, the alarm message is pushed to the corresponding user terminal, at the moment, the user can see an abnormal prompt of the equipment control area, if the user does not control the device in the area where the alarm is pushed, the account information may be leaked, and the user password should be changed immediately. If the user confirms that the operation is performed by the user, the region can be marked as a common region, and the stream data platform can not give an alarm in the next operation. In this embodiment, the device control source data processing program may also group according to user ids in the data, where different user ids correspond to different lists of common area names.
The embodiments of the present invention are preferred embodiments of the present invention, and the scope of the present invention is not limited by these embodiments, so: equivalent changes made according to the structure, shape and principle of the invention shall be covered by the protection scope of the invention.

Claims (9)

1. The utility model provides a thing networking equipment safety monitoring system based on data flow which characterized in that: the system comprises an IoT platform and a streaming data platform, wherein the IoT platform is in communication connection with both the Internet of things equipment and a user side;
the IoT platform comprises a log module and a log file storage module;
the streaming data platform comprises a data acquisition module, a streaming data processing module and a data processing program storage module, wherein the data processing program storage module stores an operation frequency data processing submodule and an equipment control source data processing submodule;
the log module is used for acquiring an equipment state data packet when the parameters of the Internet of things equipment change, acquiring an operation instruction data packet when the user side sends an operation instruction of the control equipment, and sending the equipment state data packet and the operation instruction data packet to the log file storage module for storage and update;
the data acquisition module is used for monitoring the update state of the log file storage module in real time and acquiring an updated equipment state data packet and an operation instruction data packet;
the flow data processing module calls an equipment state data packet from the data acquisition module and sends the equipment state data packet to the operation frequency data processing submodule to analyze the operation frequency of the Internet of things equipment, and alarm information is sent to the user side when the frequency exceeds a threshold value; the stream data processing module calls the operation instruction data packet from the data acquisition module and sends the operation instruction data packet to the equipment control source data processing submodule to analyze the area name of the equipment control source IP, and when the operation instruction is sent, the area name corresponding to the equipment control source IP is not consistent with the recorded common area name, alarm information is sent.
2. The data flow-based internet of things equipment safety monitoring system according to claim 1, characterized in that: the IoT platform comprises a connection module, an equipment management module, a user management module, a data storage module and a message pushing module;
the connection module is used for providing functions including Internet of things equipment registration, data channels, data exchange and equipment online state monitoring;
the equipment management module is used for maintaining the association relationship between the equipment state information and the Internet of things equipment and the user;
the user management module is used for providing functions including user registration, login and user information editing;
the data storage module is used for storing the Internet of things equipment and user data;
the message pushing module is used for pushing messages to a user side, and the alarm information is sent to the user side through the message pushing module.
3. The data flow-based internet of things equipment safety monitoring system according to claim 2, characterized in that: the operation frequency data processing submodule is used for classifying the Internet of things equipment, setting corresponding statistical time windows and threshold values for triggering alarm for different types of Internet of things equipment, and counting the operation frequency of the Internet of things equipment in the time windows and comparing the operation frequency with the threshold values.
4. The data flow-based internet of things equipment safety monitoring system according to claim 3, characterized in that: the device control source data processing submodule is used for converting the device control source IP into a region name, and comparing the region name corresponding to the device control source IP when an operation instruction is sent with a common region name list, wherein the common region name list comprises the region name corresponding to the device control source IP when the user side logs in for the first time and the region name manually added by the user side.
5. The data flow-based Internet of things equipment safety monitoring system according to claim 4, characterized in that: and when the parameters of the Internet of things equipment change, the parameter data are sent to an IoT platform, and the IoT platform pushes the state information corresponding to the parameter data to a user side through a message pushing module.
6. The data flow-based internet of things equipment safety monitoring system according to claim 5, characterized in that: the user side sends an operation instruction to the IoT platform through the HTTP request, and the IoT platform receives the operation instruction and then issues the operation instruction to the Internet of things equipment for execution.
7. A safety monitoring method for Internet of things equipment based on data flow is characterized by comprising the following steps:
the method comprises the steps of obtaining an equipment state data packet when the parameters of the Internet of things equipment change, obtaining an operation instruction data packet when a user side sends an operation instruction of the control equipment, and storing and updating the equipment state data packet and the operation instruction data packet;
monitoring the updating states of the equipment state data packet and the operation instruction data packet in real time, and acquiring the updated equipment state data packet and the updated operation instruction data packet;
analyzing the equipment state data packet to obtain the operation frequency of the equipment of the Internet of things, and sending alarm information to the user side when the frequency exceeds a threshold value;
and analyzing the operation instruction data packet to obtain the area name of the location of the equipment control source IP, and sending alarm information when the area name corresponding to the equipment control source IP is inconsistent with the recorded common area name when the operation instruction is sent.
8. The method for monitoring the safety of the equipment in the internet of things based on the data flow as claimed in claim 7, wherein the analyzing the equipment state data packet to obtain the operation frequency of the equipment in the internet of things comprises the following steps: classifying the Internet of things equipment, setting corresponding statistical time windows and threshold values for triggering alarm for different types of Internet of things equipment, and performing statistics on the operation frequency of the Internet of things equipment in the time windows and comparing the operation frequency with the threshold values.
9. The method for monitoring the safety of the equipment of the internet of things based on the data flow as claimed in claim 8, wherein the analyzing the operation instruction data packet to obtain the area name of the location of the equipment control source IP comprises the following steps: and converting the equipment control source IP into a region name, and comparing the region name corresponding to the equipment control source IP when an operation instruction is sent with a common region name list, wherein the common region name list comprises the region name corresponding to the equipment control source IP when the user side logs in for the first time and the region name manually added by the user side.
CN202011130466.5A 2020-10-21 2020-10-21 Internet of things equipment safety monitoring system and method based on data flow Active CN112383509B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011130466.5A CN112383509B (en) 2020-10-21 2020-10-21 Internet of things equipment safety monitoring system and method based on data flow

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011130466.5A CN112383509B (en) 2020-10-21 2020-10-21 Internet of things equipment safety monitoring system and method based on data flow

Publications (2)

Publication Number Publication Date
CN112383509A CN112383509A (en) 2021-02-19
CN112383509B true CN112383509B (en) 2022-06-03

Family

ID=74580377

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011130466.5A Active CN112383509B (en) 2020-10-21 2020-10-21 Internet of things equipment safety monitoring system and method based on data flow

Country Status (1)

Country Link
CN (1) CN112383509B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806155B (en) * 2021-09-17 2022-04-15 上海慧程智能系统有限公司 Industrial equipment management method and system based on Internet of things
CN114301958A (en) * 2021-12-30 2022-04-08 日世(中国)投资有限公司 Internet of things ice cream machine control method
CN117499216B (en) * 2023-12-29 2024-04-12 珠海格力电器股份有限公司 State early warning method, device, equipment and medium of Internet of things equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067192A (en) * 2011-10-20 2013-04-24 北京天行网安信息技术有限责任公司 Analytic system and method of network flow
CN107888605A (en) * 2017-11-27 2018-04-06 国家计算机网络与信息安全管理中心 A kind of Internet of Things cloud platform traffic security analysis method and system
CN108429802A (en) * 2018-03-07 2018-08-21 国家计算机网络与信息安全管理中心 Internet of things equipment information acquisition method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067192A (en) * 2011-10-20 2013-04-24 北京天行网安信息技术有限责任公司 Analytic system and method of network flow
CN107888605A (en) * 2017-11-27 2018-04-06 国家计算机网络与信息安全管理中心 A kind of Internet of Things cloud platform traffic security analysis method and system
CN108429802A (en) * 2018-03-07 2018-08-21 国家计算机网络与信息安全管理中心 Internet of things equipment information acquisition method and device

Also Published As

Publication number Publication date
CN112383509A (en) 2021-02-19

Similar Documents

Publication Publication Date Title
CN112383509B (en) Internet of things equipment safety monitoring system and method based on data flow
CN111092869B (en) Security management and control method for terminal access to office network and authentication server
US8789182B2 (en) Security event logging in process control
WO2015024497A1 (en) Intelligent substation network sampling and control link self-diagnosis method
EP2026503A1 (en) System, apparatus and method for tracking device
CN109391613A (en) A kind of intelligent substation method for auditing safely based on SCD parsing
CN107547540B (en) IEC-60870-5-104 protocol message monitoring method
CN107169700B (en) Household appliance fault statistical method and device
CN110224865A (en) A kind of log warning system based on Stream Processing
CN101719692A (en) Method for acquiring network data and analyzing network performance for digital substation
CN110929896A (en) Security analysis method and device for system equipment
CN103440190A (en) Equipment failure warning method, device and CIM system
CN110908325A (en) Operation and maintenance monitoring system for power equipment of information machine room of high-speed rail station
CN103297298A (en) Network storm real-time rapid detecting method used for intelligent substation
CN103618782A (en) Remote household appliance electricity utilization situation managing system with automatic repair reporting function
CN105099810A (en) Communication test method and system for sampling value interface
CN102970177A (en) Method for analyzing and filtering communication data error codes of computer monitoring system
TW200947364A (en) Environment monitoring and reporting integration system for machine room
US20150227126A1 (en) Communication configuration analysis in process control systems
CN110633191A (en) Method and system for monitoring service health degree of software system in real time
CN113285937B (en) Safety audit method and system based on traditional substation configuration file and IEC103 protocol flow
CN113612647B (en) Alarm processing method and device
Meng et al. Research and application based on network security monitoring platform and device
CN115835275A (en) Method and device for diagnosing faults of 5G CPE (customer premises equipment)
CN115441588A (en) Intelligent power utilization management system based on cloud-control circuit breaker

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant