CN113132372A - Security monitoring method and system for networking equipment of router, storage medium and computer equipment - Google Patents

Security monitoring method and system for networking equipment of router, storage medium and computer equipment Download PDF

Info

Publication number
CN113132372A
CN113132372A CN202110397893.8A CN202110397893A CN113132372A CN 113132372 A CN113132372 A CN 113132372A CN 202110397893 A CN202110397893 A CN 202110397893A CN 113132372 A CN113132372 A CN 113132372A
Authority
CN
China
Prior art keywords
router
security
network
preset rule
network traffic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110397893.8A
Other languages
Chinese (zh)
Other versions
CN113132372B (en
Inventor
李进
王辉
魏文昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qihu Intelligent Technology Co ltd
Original Assignee
Shenzhen Qihu Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qihu Intelligent Technology Co ltd filed Critical Shenzhen Qihu Intelligent Technology Co ltd
Priority to CN202110397893.8A priority Critical patent/CN113132372B/en
Publication of CN113132372A publication Critical patent/CN113132372A/en
Application granted granted Critical
Publication of CN113132372B publication Critical patent/CN113132372B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention is suitable for the technical field of routers, and provides a security monitoring method for networking equipment of a router, which comprises the following steps: acquiring network traffic generated through router networking; analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset; if the network traffic is matched with the preset rule, generating a prompt message that the network traffic is from the corresponding security event; and sending the prompt message to a corresponding authorized user. A networked device security monitoring system for a router, a storage medium for storing a computer program for executing the method and a computer device for implementing the method are also provided. Therefore, the invention can improve the identification of the security event networked through the wireless local area network and enhance the security performance of the home network.

Description

Security monitoring method and system for networking equipment of router, storage medium and computer equipment
Technical Field
The invention relates to the technical field of routers, in particular to a method and a system for monitoring security of networking equipment of a router, a storage medium and computer equipment.
Background
With the increasing maturity of intelligent household electrical appliance technology, people use more and more intelligent devices in daily life, and most of intelligent devices are connected to a wireless local area network for networking.
The router is used as a gateway device in a home, and although the network traffic of all intelligent devices in the home can be acquired, the router lacks effective identification of security events related to the intelligent devices in daily use; such as smart door locks being opened at midnight or during a user's trip, existing routers are not able to provide effective identification of specific security events.
As can be seen, the conventional method has many problems in practical use, and therefore, needs to be improved.
Disclosure of Invention
In view of the above-mentioned drawbacks, an object of the present invention is to provide a method, a system, a storage medium, and a computer device for monitoring security of a router networking device, which can improve identification of security events networked through a wireless local area network and enhance security performance of a home network.
In order to achieve the above object, the present invention provides a security monitoring method for networking devices of a router, comprising the steps of:
acquiring network traffic generated through router networking;
analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
if the network traffic is matched with the preset rule, generating a prompt message that the network traffic is from the corresponding security event;
and sending the prompt message to a corresponding authorized user.
Optionally, the step of analyzing and determining whether the network traffic matches any preset rule specifically includes:
analyzing and obtaining networking equipment, flow generation time and flow characteristics corresponding to the network flow;
and judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule or not.
Optionally, the step of analyzing and obtaining the networking device, the traffic generation time, and the traffic characteristics corresponding to the network traffic specifically includes:
extracting a mac Address (Media Access Control Address, local area network Address) corresponding to the network traffic, and identifying the corresponding networking device according to the mac Address;
and analyzing and acquiring the traffic generation time and the traffic characteristics of the network traffic according to the network request corresponding to the network traffic.
Optionally, the step of sending the prompt message to the corresponding authorized user specifically includes:
and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router.
Optionally, before the step of analyzing and determining whether the network traffic matches any preset rule, the method further includes:
and responding to a security monitoring function started by the router, and downloading at least one preset rule into the router.
Optionally, before the step of analyzing and determining whether the network traffic matches any preset rule, the method further includes:
and configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
Optionally, the step of configuring the preset rule corresponding to the security event according to the network traffic characteristics of the pre-occurrence of the security event specifically includes:
prefabricating a network behavior of the security event, and analyzing behavior characteristics of the network behavior;
and configuring the preset rules of the corresponding security events according to the behavior characteristics.
Optionally, after the step of sending the prompt message to the corresponding authorized user, the method further includes:
and intercepting the network flow according to an interception instruction triggered by the authorized user.
Still provide a networking equipment security protection monitoring system of router, include:
an acquisition unit configured to acquire network traffic generated by networking via a router;
the analysis and judgment unit is used for analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
the generating unit is used for generating a prompt message that the network flow comes from the corresponding security event if the network flow is matched with the preset rule;
and the sending unit is used for sending the prompt message to a corresponding authorized user.
Optionally, the analyzing and determining unit specifically includes:
the analysis subunit is used for analyzing and obtaining the networking equipment, the traffic generation time and the traffic characteristics corresponding to the network traffic;
and the judging subunit is used for judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule.
Optionally, the analysis subunit is specifically configured to:
extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address;
and analyzing and acquiring the traffic generation time and the traffic characteristics of the network traffic according to the network request corresponding to the network traffic.
Optionally, the sending unit is specifically configured to:
and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router.
Optionally, the method further includes:
and the rule downloading unit is used for responding to a security monitoring function started by the router and downloading at least one preset rule into the router.
Optionally, the method further includes:
and the rule configuration unit is used for configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
Optionally, the rule configuration unit specifically includes:
the analysis subunit is used for prefabricating the network behavior of the security event, and analyzing the behavior characteristics of the network behavior;
and the configuration subunit is used for configuring the preset rules of the corresponding security events according to the behavior characteristics.
Optionally, the method further includes:
and the interception unit is used for intercepting the network flow according to an interception instruction triggered by the authorized user.
In addition, a storage medium and a computer device are provided, wherein the storage medium is used for storing a computer program for executing the networking device security monitoring method of the router.
The computer device comprises a storage medium, a processor and a computer program which is stored on the storage medium and can run on the processor, and when the processor executes the computer program, the networking device security monitoring method of the router is realized.
The invention relates to a security monitoring method and a security monitoring system for networking equipment of a router, which are characterized in that network flow generated by networking of the router in the router is obtained, and whether the network flow is matched with any preset rule or not is analyzed; the preset rules are information matching rules of corresponding security events which are preset; and if so, generating a corresponding prompt message, and sending the prompt message to the corresponding authorized user to remind the authorized user of the security event currently sent. The invention is used for comparing the current network flow through the preset rule corresponding to the security event so as to identify the security event networked through the wireless local area network and remind a user in time, and combines the home security event occurring in the real world with the flow analysis in the network, so that the router has a certain security function, and the security performance of the home network is enhanced.
Drawings
Fig. 1 is a flowchart illustrating steps of a method for monitoring security of networking devices of a router according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating optional steps of analyzing and determining a security monitoring method for networking devices of a router according to an embodiment of the present invention;
fig. 3 is a flowchart of optional rule configuration steps of a security monitoring method for networking devices of a router according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a security monitoring system for networked devices of a router according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an optional analysis and judgment unit of the security monitoring system for networked devices of a router according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of the rule configuration unit that is selectable by the security monitoring system for networked devices of a router according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be noted that references in the specification to "one embodiment," "an example embodiment," etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not intended to refer to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to effect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
Moreover, where certain terms are used throughout the description and following claims to refer to particular components or features, those skilled in the art will understand that manufacturers may refer to a component or feature by different names or terms. This specification and the claims that follow do not intend to distinguish between components or features that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. In addition, the term "connected" as used herein includes any direct and indirect electrical connection. Indirect electrical connection means include connection by other means.
Fig. 1 shows a security monitoring method for networking devices of a router according to an embodiment of the present invention, including:
step S101: network traffic generated via router networking is obtained. That is, the embodiment obtains the network traffic generated by the wireless local area network networking built by the router, where the network traffic is data transmitted through the wireless local area network; for example, after networking the smart home appliance through the wireless lan, data generated by performing a related networking operation or a related network request is executed.
Step S102: analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of the corresponding security events. Each preset rule corresponds to a security event, the security event is a specific behavior of the intelligent household appliance, and the specific behavior is predefined as a behavior with security threat; the embodiment is pre-configured with a preset rule corresponding to at least one intelligent household appliance, when network flow generated through router networking is acquired, the network flow is matched with any preset rule, and whether any security event is met or not is judged through comparison and matching.
In specific implementation, the router matches the network traffic with information in a preset rule according to a specified logic to judge whether the network traffic conforms to the preset rule.
Step S103: and if the network traffic is matched with the preset rule, generating a prompt message that the network traffic comes from the corresponding security event. When the network traffic is matched with any preset rule, it can be determined that the network source is generated in a security event corresponding to the preset rule, for example, a certain intelligent device is preset to execute a specific action or function within a specific time, and a specific behavior of the intelligent device is preset as the security event, so that the specific security behavior of the intelligent device can be monitored through a router. The prompt message is used for prompting that a corresponding security event occurs, for example, if a certain intelligent device is started or closed in a certain time period, a prompt message related to the security event is generated.
Step S104: and sending the prompt message to a corresponding authorized user. The authorized user is at least one preset designated user; in specific implementation, the prompt message is sent to the mobile terminal of the authorized user, such as a parent's mobile phone, a tablet computer, a personal computer, or the like, in the form of a push message, a short message, a public number message, or the like of a software application.
In specific implementation, the router analyzes the network traffic in the home and determines whether a specific event occurs in the home through the analysis of the network layer. A reminder to the owner of the home may be set if a particular event occurs.
Compared with the prior art, the matching of preset rules to network traffic on the traditional router is to monitor trojan, virus, privacy disclosure and the like on a network level, and is limited in a network world, and the behavior bodies of detected events are executable programs, APPs and the like. In the embodiment, the network traffic is analyzed through the preset rule, the network traffic is innovatively mapped with the specific security event in the real world, the detected security event is mainly one or more specific IOT (Internet of things) devices, and the security monitoring capability of the router on the intelligent devices in the home network can be improved.
Referring to fig. 2, step S102 specifically includes:
step S1021: and analyzing and obtaining the networking equipment, the flow generation time and the flow characteristics corresponding to the network flow. And analyzing the network traffic to obtain the networking equipment generating the network traffic, the traffic generation time and the traffic characteristics of the network traffic. The networking equipment specifically refers to intelligent equipment such as an intelligent door lock, an intelligent curtain, an intelligent lamp and the like which are networked through a wireless local area network of the router; the traffic generation time is specifically a time node or a time period for generating the network traffic; the traffic characteristics include various characteristics related to the network traffic, such as related data form, data request, data flow direction, and the like.
Step S1022: and judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule or not. Namely, the preset rule comprises reference information respectively corresponding to networking equipment, flow generation time and flow characteristics; the preset rule may include multiple information dimensions, and the preset rule of this embodiment includes, for example, characteristics of a specific device, network traffic occurrence time, and network traffic. For example, a typical rule contains the following information:
equipment: an intelligent door lock;
network traffic occurrence time: 0 point to 7 points;
network traffic characteristics: the uploading request is characterized in that: "successful unlocking";
then the security event corresponding to the rule is between 0 point and 7 points, and someone successfully opens the intelligent door lock.
If the currently monitored network flow is matched with the preset rule, the current occurrence is determined to be between 0 point and 7 points, and someone successfully opens the intelligent door lock. And the event of opening the intelligent door lock in the time period is prefabricated as a security event needing warning, so that a related prompt message is generated to an authorized user to prompt the current security event.
In one embodiment, step S1021 specifically includes: extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address; and analyzing and acquiring the traffic generation time and the traffic characteristics of the network traffic according to the network request corresponding to the network traffic. As in the above example, the network traffic recorded by the unlocking of the intelligent door lock includes the relevant door lock starting request, and different behavior characteristics of the intelligent device may generate specific network traffic, that is, the embodiment analyzes and determines the traffic characteristics of the generated network traffic by the network request for a specific behavior in the network traffic.
Optionally, step S104 specifically includes: and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router. In specific implementation, the prompt message is generated in a router and is uploaded to a server connected with the router, and then the server forwards the prompt message to a mobile terminal of an authorized user; that is, in this embodiment, it is not necessary to connect the authorized user and the router, but only that both the authorized user and the router are connected to the same server, and the server binds the corresponding authorized user and the router together, and determines the receiving end of the prompt message according to the binding relationship. The server then pushes the prompt message to the authorized user through a plurality of channels, and the information pushed to the authorized user at least comprises: what event occurred, the time of occurrence, the specific device that occurred.
In one embodiment, step S102 further includes: and responding to a security monitoring function started by the router, and downloading at least one preset rule into the router. In specific implementation, a 'house mode' corresponding to a security monitoring function is set on a control program of the router; the user can start the 'house keeping mode' on an APP (application program) corresponding to the router, so that the user enters a security monitoring function; after the router starts the function, downloading at least one preset rule into the router, wherein part of the preset rule can be prestored in the router; preferably, the present embodiment obtains the preset rule from the server and sends the preset rule to the router. For example, a user sets a housekeeping mode on the APP; after setting, the router downloads a preset rule set from the server; each preset rule corresponds to a security event, and the preset rules comprise various information dimensions matched with corresponding network flow.
In one embodiment, after step S102, the method further includes: and configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
Referring to fig. 3, optionally, the step of configuring the preset rule corresponding to the security event according to the behavior feature of the pre-occurrence of the security event specifically includes:
s111: and prefabricating the network behavior of the security event, which is expected to occur, and analyzing the behavior characteristics of the network behavior.
S112: and configuring the preset rules of the corresponding security events according to the behavior characteristics.
Taking the behavior characteristics of the behavior corresponding to the preset security event as the basis of the configuration of the behavior characteristics to be the preset rule; the behavior characteristics correspond to a series of associated behaviors and attributes generated when the security event is pre-generated, and if the behavior characteristics of the security event corresponding to the configuration of a preset rule comprise: intelligent device name, network traffic sending time, network traffic characteristics, and the like.
For example, by analyzing network traffic after a certain brand of intelligent door lock is successfully unlocked, key features triggered by unlocking behaviors in the network traffic are extracted and configured into preset rules. If the traffic passes through the router and the router is matched with the corresponding key features in the preset rule, the behavior of 'the intelligent door lock of a certain brand is successfully unlocked' can be considered to occur.
The security event can be a simple event or a complex event containing a plurality of simple events and meets the condition of continuous occurrence. For example, simple events: after the housekeeping mode is set, the intelligent doorbell has frequent message reminding; the complex event comprises a plurality of simple events according to a certain occurrence sequence: after the house mode is set, the intelligent door lock is successfully unlocked, and the intelligent camera is closed after a period of time. The network behavior of the prefabricated security event corresponds to a simple behavior or a complex behavior formed by a plurality of simple behaviors, and a preset rule corresponding to the security event is configured through a series of continuous behavior characteristics, that is, the preset rule includes all behavior characteristics of the corresponding security event, such as information of intelligent device names, network traffic generation time, traffic characteristics and the like.
Optionally, after step S104, the method further includes: and intercepting the network flow according to an interception instruction triggered by the authorized user. After the authorized user receives the prompt message, if the current network traffic is continuously going on, the network traffic can be intercepted by remotely triggering an interception instruction on a specific software program.
Fig. 4 shows a security monitoring system 100 for networked devices of a router according to an embodiment of the present invention, where the system 100 is applied to a router or a device connected to the router, and includes an obtaining unit 10, an analyzing and determining unit 20, a generating unit 30, and a sending unit 40, where:
the acquiring unit 10 is used for acquiring network traffic generated by networking via routers; the analysis and judgment unit 20 is configured to analyze and judge whether the network traffic matches any preset rule; the preset rules are information matching rules of corresponding security events which are preset; the generating unit 30 is configured to generate a prompt message that the network traffic is derived from the corresponding security event if the network traffic matches the preset rule; the sending unit 40 is configured to send the prompt message to a corresponding authorized user.
In the embodiment, the network traffic is analyzed through the preset rule, the network traffic is innovatively mapped with the specific security event in the real world, the main bodies of the detected security event are one or more specific IOT (Internet of things) devices, and the security monitoring capability of the router on the intelligent devices in the home network can be improved.
Referring to fig. 5, in an embodiment, the analysis and judgment unit 20 specifically includes an analysis subunit 201 and a judgment subunit 202, where:
the analysis subunit 201 is configured to analyze and obtain networking equipment, traffic generation time, and traffic characteristics corresponding to the network traffic; the judging subunit 202 is configured to judge whether the networking device, the traffic generation time, and the traffic characteristic all match the preset rule.
Optionally, the analysis subunit 201 is specifically configured to: extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address; and analyzing and acquiring the traffic generation time and the traffic characteristics of the network traffic according to the network request corresponding to the network traffic.
In one embodiment, the sending unit 40 is specifically configured to: and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router. In specific implementation, the prompt message is generated in a router and is uploaded to a server connected with the router, and then the server forwards the prompt message to a mobile terminal of an authorized user; that is, in this embodiment, it is not necessary to connect the authorized user and the router, but only that both the authorized user and the router are connected to the same server, and the server binds the corresponding authorized user and the router together, and determines the receiving end of the prompt message according to the binding relationship. The server then pushes the prompt message to the authorized user through a plurality of channels, and the information pushed to the authorized user at least comprises: what event occurred, the time of occurrence, the specific device that occurred.
Optionally, the security monitoring system further comprises a rule downloading unit, configured to respond to a security monitoring function started by the router, and download at least one preset rule to the router. In specific implementation, a 'house mode' corresponding to a security monitoring function is set on a control program of the router; the user can start the 'house keeping mode' on an APP (application program) corresponding to the router, so that the user enters a security monitoring function; after the router starts the function, downloading at least one preset rule into the router, wherein part of the preset rule can be prestored in the router; preferably, the present embodiment obtains the preset rule from the server and sends the preset rule to the router. For example, a user sets a housekeeping mode on the APP; after setting, the router downloads a preset rule set from the server; each preset rule corresponds to a security event, and the preset rules comprise various information dimensions matched with corresponding network flow.
Referring to fig. 6, in an embodiment, the security event monitoring device further includes a rule configuration unit 50, configured to configure the preset rule corresponding to the security event according to a behavior characteristic of the pre-occurrence of the security event.
The rule configuration unit 50 specifically includes an analysis subunit 501 and a configuration subunit 502, where:
the analysis subunit 501 is configured to prefabricate a network behavior in which the security event is expected to occur, and analyze a network traffic characteristic of the network behavior; the configuration subunit 502 is configured to configure the preset rule of the corresponding security event according to the network traffic characteristic.
Optionally, the system further includes an intercepting unit, configured to intercept the network traffic according to an intercepting instruction triggered by the authorized user.
The invention also provides a storage medium for storing a computer program of the networking device security monitoring method of the router shown in fig. 1-3. Such as computer program instructions, which when executed by a computer, may invoke or otherwise provide methods and/or techniques in accordance with the present application through the operation of the computer. Program instructions which invoke the methods of the present application may be stored on fixed or removable storage media and/or transmitted via a data stream over a broadcast or other signal-bearing medium and/or stored on a storage medium of a computer device operating in accordance with the program instructions. Herein, according to an embodiment of the present application, a computer device of a networked device security monitoring system including a router as shown in fig. 4, preferably includes a storage medium for storing a computer program and a processor for executing the computer program, wherein when the computer program is executed by the processor, the computer device is triggered to execute a method and/or a technical solution based on the foregoing embodiments.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, implemented using Application Specific Integrated Circuits (ASICs), general purpose computers or any other similar hardware devices. In one embodiment, the software programs of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Additionally, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
The method according to the invention can be implemented on a computer as a computer-implemented method, or in dedicated hardware, or in a combination of both. Executable code for the method according to the invention or parts thereof may be stored on a computer program product. Examples of computer program products include memory devices, optical storage devices, integrated circuits, servers, online software, and so forth. Preferably, the computer program product comprises non-transitory program code means stored on a computer readable medium for performing the method according to the invention when said program product is executed on a computer.
In a preferred embodiment, the computer program comprises computer program code means adapted to perform all the steps of the method according to the invention when the computer program is run on a computer. Preferably, the computer program is embodied on a computer readable medium.
In summary, the method and system for monitoring security of networking devices of a router of the present invention acquire network traffic generated by networking of the router in the router, and analyze whether the network traffic matches any preset rule; the preset rules are information matching rules of corresponding security events which are preset; and if so, generating a corresponding prompt message, and sending the prompt message to the corresponding authorized user to remind the authorized user of the security event currently sent. The invention is used for comparing the current network flow through the preset rule corresponding to the security event so as to identify the security event networked through the wireless local area network and remind a user in time, thereby enhancing the security performance of the home network.
The present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof, and it should be understood that various changes and modifications can be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.
A1, a method for monitoring security of networking equipment of a router, is also provided, which comprises the following steps:
acquiring network traffic generated through router networking;
analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
if the network traffic is matched with the preset rule, generating a prompt message that the network traffic is from the corresponding security event;
and sending the prompt message to a corresponding authorized user.
A2, according to the method for monitoring security of networking equipment of a router in A1, the step of analyzing and judging whether the network traffic is matched with any preset rule specifically comprises:
analyzing and obtaining networking equipment, flow generation time and flow characteristics corresponding to the network flow;
and judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule or not.
A3, according to the method for monitoring security of networking equipment of a router A2, the step of analyzing and obtaining the networking equipment, the traffic generation time and the traffic characteristics corresponding to the network traffic specifically comprises:
extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address;
and analyzing and acquiring the traffic generation time and the traffic characteristics of the network traffic according to the network request corresponding to the network traffic.
A4, according to the method for monitoring security of networking equipment of a router A1, the step of sending the prompt message to a corresponding authorized user specifically includes:
and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router.
A5, according to the method for monitoring security of networking devices of a router described in A1, before the step of analyzing and judging whether the network traffic matches any preset rule, the method further comprises:
and responding to a security monitoring function started by the router, and downloading at least one preset rule into the router.
A6, according to the method for monitoring security of networking devices of a router described in A1, before the step of analyzing and judging whether the network traffic matches any preset rule, the method further comprises:
and configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
A7, according to the method for monitoring security of networking devices of a router in A6, the step of configuring the preset rule corresponding to the security event according to the behavior feature of the pre-occurrence of the security event specifically includes:
prefabricating a network behavior of the security event, and analyzing behavior characteristics of the network behavior;
and configuring the preset rules of the corresponding security events according to the behavior characteristics.
A8, the method for monitoring security of networking equipment of a router according to any one of A1-A7, wherein the step of sending the prompt message to the corresponding authorized user further comprises:
and intercepting the network flow according to an interception instruction triggered by the authorized user.
B9, a networking equipment security monitoring system of router is still provided, includes:
an acquisition unit configured to acquire network traffic generated by networking via a router;
the analysis and judgment unit is used for analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
the generating unit is used for generating a prompt message that the network flow comes from the corresponding security event if the network flow is matched with the preset rule;
and the sending unit is used for sending the prompt message to a corresponding authorized user.
B10, according to B9 the networking equipment security monitoring system of router, the analysis and judgment unit specifically includes:
the analysis subunit is used for analyzing and obtaining the networking equipment, the traffic generation time and the traffic characteristics corresponding to the network traffic;
and the judging subunit is used for judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule.
B11, according to the networking equipment security monitoring system of router of B10, the analysis subunit is specifically used for:
extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address;
and analyzing and acquiring the traffic generation time and the traffic characteristics of the network traffic according to the network request corresponding to the network traffic.
B12, according to the networking equipment security monitoring system of router of B9, the sending unit is specifically used for:
and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router.
B13, according to the networking equipment security protection monitoring system of router of B9, still include:
and the rule downloading unit is used for responding to a security monitoring function started by the router and downloading at least one preset rule into the router.
B14, according to the networking equipment security protection monitoring system of router of B9, still include:
and the rule configuration unit is used for configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
B15, according to the networking equipment security monitoring system of router of B14, the rule configuration unit specifically includes:
the analysis subunit is used for prefabricating the network behavior of the security event, and analyzing the behavior characteristics of the network behavior;
and the configuration subunit is used for configuring the preset rules of the corresponding security events according to the behavior characteristics.
B16, according to B9 ~ B15 any one the networking equipment security protection monitoring system of router, still include:
and the interception unit is used for intercepting the network flow according to an interception instruction triggered by the authorized user.
The C17 and a storage medium are also provided for storing a computer program for executing the networking equipment security monitoring method of the router in any one of A1-A8.
The D18 is also provided, and the computer comprises a storage medium, a processor and a computer program which is stored on the storage medium and can run on the processor, wherein the processor executes the computer program to realize the networking equipment security monitoring method of the router according to any one of A1-A8.

Claims (10)

1. A security monitoring method for networking equipment of a router is characterized by comprising the following steps:
acquiring network traffic generated through router networking;
analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
if the network traffic is matched with the preset rule, generating a prompt message that the network traffic is from the corresponding security event;
and sending the prompt message to a corresponding authorized user.
2. The method for monitoring the security of the networking device of the router according to claim 1, wherein the step of analyzing and judging whether the network traffic matches any preset rule specifically comprises:
analyzing and obtaining networking equipment, flow generation time and flow characteristics corresponding to the network flow;
and judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule or not.
3. The method for monitoring the security of the networking equipment of the router according to claim 2, wherein the step of analyzing and obtaining the networking equipment, the traffic generation time and the traffic characteristics corresponding to the network traffic specifically comprises:
extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address;
and analyzing and acquiring the traffic generation time and the traffic characteristics of the network traffic according to the network request corresponding to the network traffic.
4. The method for monitoring the security of the networking device of the router according to claim 1, wherein the step of sending the prompting message to the corresponding authorized user specifically comprises:
and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router.
5. The method for monitoring the security of the networking device of the router according to claim 1, wherein the step of analyzing and determining whether the network traffic matches any preset rule further comprises:
and responding to a security monitoring function started by the router, and downloading at least one preset rule into the router.
6. The method for monitoring the security of the networking device of the router according to claim 1, wherein the step of analyzing and determining whether the network traffic matches any preset rule further comprises:
and configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
7. The method for monitoring the security of the networking device of the router according to claim 6, wherein the step of configuring the preset rule corresponding to the security event according to the behavior feature of the pre-occurrence of the security event specifically comprises:
prefabricating a network behavior of the security event, and analyzing behavior characteristics of the network behavior;
and configuring the preset rules of the corresponding security events according to the behavior characteristics.
8. The utility model provides a networking equipment security protection monitoring system of router which characterized in that includes:
an acquisition unit configured to acquire network traffic generated by networking via a router;
the analysis and judgment unit is used for analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
the generating unit is used for generating a prompt message that the network flow comes from the corresponding security event if the network flow is matched with the preset rule;
and the sending unit is used for sending the prompt message to a corresponding authorized user.
9. A storage medium storing a computer program for executing the method for monitoring security of networked devices in a router according to any one of claims 1 to 7.
10. A computer comprising a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the method for monitoring security of networked devices of a router according to any one of claims 1 to 7 when executing the computer program.
CN202110397893.8A 2021-04-13 2021-04-13 Security monitoring method and system for networking equipment of router, storage medium and computer equipment Active CN113132372B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110397893.8A CN113132372B (en) 2021-04-13 2021-04-13 Security monitoring method and system for networking equipment of router, storage medium and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110397893.8A CN113132372B (en) 2021-04-13 2021-04-13 Security monitoring method and system for networking equipment of router, storage medium and computer equipment

Publications (2)

Publication Number Publication Date
CN113132372A true CN113132372A (en) 2021-07-16
CN113132372B CN113132372B (en) 2023-02-17

Family

ID=76776244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110397893.8A Active CN113132372B (en) 2021-04-13 2021-04-13 Security monitoring method and system for networking equipment of router, storage medium and computer equipment

Country Status (1)

Country Link
CN (1) CN113132372B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187395A (en) * 2015-08-10 2015-12-23 济南大学 Method and system for performing malicious software network behavior detection based on access router
US20160315955A1 (en) * 2015-04-21 2016-10-27 Cujo LLC Network Security Analysis for Smart Appliances
US20170180317A1 (en) * 2015-12-18 2017-06-22 Cujo LLC Intercepting Intra-Network Communication for Smart Appliance Behavior Analysis
CN106921658A (en) * 2017-02-14 2017-07-04 上海斐讯数据通信技术有限公司 A kind of router device safety protecting method and system
WO2018058976A1 (en) * 2016-09-30 2018-04-05 上海斐讯数据通信技术有限公司 Authorization management method and system of wireless router
CN108683681A (en) * 2018-06-01 2018-10-19 杭州安恒信息技术股份有限公司 A kind of smart home intrusion detection method and device based on traffic policy
CN111021916A (en) * 2019-08-12 2020-04-17 上海雷盎云智能技术有限公司 Door and window system for smart home
CN111696290A (en) * 2019-03-15 2020-09-22 北京奇虎科技有限公司 Security decision method and device, computing equipment and computer storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160315955A1 (en) * 2015-04-21 2016-10-27 Cujo LLC Network Security Analysis for Smart Appliances
CN105187395A (en) * 2015-08-10 2015-12-23 济南大学 Method and system for performing malicious software network behavior detection based on access router
US20170180317A1 (en) * 2015-12-18 2017-06-22 Cujo LLC Intercepting Intra-Network Communication for Smart Appliance Behavior Analysis
WO2018058976A1 (en) * 2016-09-30 2018-04-05 上海斐讯数据通信技术有限公司 Authorization management method and system of wireless router
CN106921658A (en) * 2017-02-14 2017-07-04 上海斐讯数据通信技术有限公司 A kind of router device safety protecting method and system
CN108683681A (en) * 2018-06-01 2018-10-19 杭州安恒信息技术股份有限公司 A kind of smart home intrusion detection method and device based on traffic policy
CN111696290A (en) * 2019-03-15 2020-09-22 北京奇虎科技有限公司 Security decision method and device, computing equipment and computer storage medium
CN111021916A (en) * 2019-08-12 2020-04-17 上海雷盎云智能技术有限公司 Door and window system for smart home

Also Published As

Publication number Publication date
CN113132372B (en) 2023-02-17

Similar Documents

Publication Publication Date Title
CN107135093B (en) Internet of things intrusion detection method and detection system based on finite automaton
CN110855676B (en) Network attack processing method and device and storage medium
US8631464B2 (en) Method of detecting anomalous behaviour in a computer network
Vigna et al. NetSTAT: A network-based intrusion detection system
EP3827569A1 (en) Cyber defence system
US10984099B2 (en) Unauthorized authentication events
CN110598410B (en) Malicious process determination method and device, electronic device and storage medium
CN106789486B (en) Method and device for detecting shared access, electronic equipment and computer readable storage medium
Gu et al. Iotspy: Uncovering human privacy leakage in iot networks via mining wireless context
Hajamydeen et al. An unsupervised heterogeneous log-based framework for anomaly detection
Huang et al. Fine-grained dissection of WeChat in cellular networks
TWI671655B (en) System and method for program security protection
CN113132372B (en) Security monitoring method and system for networking equipment of router, storage medium and computer equipment
Qiao et al. Mining of attack models in ids alerts from network backbone by a two-stage clustering method
CN109032108B (en) Method and device for detecting attacks on a field bus
US11621972B2 (en) System and method for protection of an ICS network by an HMI server therein
CN114124512B (en) WeChat small program supervision method, system and equipment based on flow behavior analysis
CN201789524U (en) Device for detecting trojan programs by analyzing network behaviors
CN115633359A (en) PFCP session security detection method, device, electronic equipment and storage medium
KR100906389B1 (en) System, Server and Method for Analyzing Integrated Authentication-Logs based on ??????
CN113259243B (en) Automatic application interception method and system of router, storage medium and computer equipment
CN113206835B (en) Method, system, storage medium and computer equipment for intercepting payment behavior of networking equipment by router
Chen et al. A novel network intrusion prevention system based on Android platform
Sun et al. Research on BiLSTM Model-Based IoT Device Fingerprint Recognition in Power Grid Systems
Bigotto et al. Statistical fingerprint-based ids in sdn architecture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant