CN113382006A - Internet of things terminal security and risk assessment and evaluation method - Google Patents
Internet of things terminal security and risk assessment and evaluation method Download PDFInfo
- Publication number
- CN113382006A CN113382006A CN202110660090.7A CN202110660090A CN113382006A CN 113382006 A CN113382006 A CN 113382006A CN 202110660090 A CN202110660090 A CN 202110660090A CN 113382006 A CN113382006 A CN 113382006A
- Authority
- CN
- China
- Prior art keywords
- internet
- web interface
- security
- firmware
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a security and risk evaluation and evaluation method for an Internet of things terminal, which comprises three steps of reversely analyzing firmware defects, detecting web interface security and mining and verifying business logic bugs, wherein the first step is reversely analyzing the firmware defects, finding risk factors in equipment firmware in a disassembling and reverse analyzing mode and sending an analysis result to a web interface side; secondly, performing security detection on the web interface, wherein the web interface side performs security detection on the web interface in a scanning mode according to the received risk factors, finds and verifies security holes existing in the web interface of the system, and sends a processing result to the terminal of the Internet of things; and step three, the Internet of things terminal receives the processing result in the step two and conducts business logic vulnerability mining verification according to key business parameters of the processing result in the step two. According to the invention, from the attack perspective, the security risk analysis and detection evaluation are carried out on the Internet of things terminal, the possible security loopholes of the Internet of things application system are deeply researched, and an effective Internet of things terminal security protection system is constructed.
Description
Technical Field
The invention relates to the field of security of the Internet of things, in particular to a method for evaluating the security and risk evaluation of a terminal of the Internet of things.
Background
The rapid increase of the number of global networking devices, the interconnection of everything, becomes an important direction for the future development of global networks. According to GSMA prediction, the networking quantity of global Internet of things devices (including cellular and non-cellular) in 2025 reaches 252 hundred million, which is much higher than 63 million in 2017, as shown in FIG. 1.
At present, a large number of terminal devices of the internet of things are directly exposed to the internet, once vulnerabilities (such as heart blood dripping, shell breaking and the like) existing in the devices are utilized, security risks such as controlled devices, privacy disclosure of users, stealing of data at cloud service terminals and the like can be caused, and even serious influences can be caused on a basic communication network.
From the global distribution, the exposure quantity of the routers and the video monitoring equipment is high. The number of exposed routers exceeds 3000 thousands, and the number of exposed video monitoring devices exceeds 1700 thousands, as shown in fig. 2.
Wherein, the exposure ratio of domestic equipment in China is prominent. On the router side, the exposure equipment is the most, and the global exposure quantity of 11 manufacturers, such as AVM, Technicolor, Mikrotik, Hua Shuo, TP-Link, exceeds the million scale, as shown in FIG. 3, for over 900 million stations.
The terminal equipment of the internet of things can generate great destructive power after being utilized, and the terminal equipment mainly originates from the following characteristics of the networking intelligent equipment:
firstly, the cardinality of the terminal equipment of the internet of things is large. The networking intelligent equipment represented by the intelligent home is large in quantity and various in types, and is a situation that a traditional host does not appear. More than ten pieces of internet-of-things terminal equipment are probably owned in a family, on one hand, the equipment improves the informatization degree of daily life of users and brings convenience to the life of the users, and meanwhile, as the quantity of the equipment is increased day by day, the quantity of online equipment which can be controlled by an attacker and the occupied internet bandwidth can be always kept on a considerable base number and are continuously increased, so that huge destruction capacity owned by the attacker is caused.
Second, the attack spreads quickly. As seen from many large-scale attack events in recent years, high-infectivity viruses are easily bred in terminal equipment of the Internet of things with low safety protection capability, and the common attack means of the self-expanding botnet is weak password scanning and vulnerability attack. Generally, after one terminal device of the internet of things is controlled, weak password scanning or vulnerability attack can be performed on other devices, and after the attack is successful, the virus can be downloaded to new devices and continuously spread.
Third, the attack threshold is low. From many security incidents, the technical threshold for starting attacks by using the terminal equipment of the internet of things is low. It is very common to take advantage of configuration deficiencies such as default passwords or weak passwords. With success, it can be spread widely in a short time.
And fourthly, the manufacturer of the terminal equipment of the Internet of things neglects security. In order to make a customer flow intelligent device manufacturer most require to rapidly and continuously deduce new functions to attract users with relatively low cost, the manufacturer is reluctant to invest excessive resources to perform security design, security coding, security testing and the like, so that the intelligent device generally has the problems of difficult upgrade, wrong configuration, firmware bugs and the like.
The internet of things terminal equipment in different service scenes is more and more widely used, and meanwhile, a plurality of safety risks are brought. The use of the terminal equipment of the Internet of things can be influenced by the attack, and huge impact can be caused on the privacy of the user and the basic network. Therefore, the safety of the terminal of the internet of things becomes an urgent problem to be solved.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an Internet of things terminal safety and risk assessment and evaluation method, which can be used for constructing an effective Internet of things terminal safety protection system.
In order to achieve the purpose, the invention provides the following technical scheme: the method comprises the three steps of reversely analyzing firmware defects, detecting the safety of a web interface and mining and verifying business logic bugs, and comprises the steps of reversely analyzing the firmware defects, finding risk factors in equipment firmware in a disassembling and reverse analyzing mode and sending an analysis result to a web interface side; secondly, performing security detection on the web interface, wherein the web interface side performs security detection on the web interface in a scanning mode according to the received risk factors, finds and verifies security holes existing in the web interface of the system, and sends a processing result to the terminal of the Internet of things; and step three, the Internet of things terminal receives the processing result in the step two and conducts business logic vulnerability mining verification according to key business parameters of the processing result in the step two.
Further, the step of reversely analyzing the firmware defect sequentially executes the following operations:
1) analyzing a certain type of format file system of the firmware file, and judging whether a suspicious program exists;
2) if the suspicious program exists, unpacking the firmware file to obtain a system file directory, and searching a back door file in the system file directory;
3) judging whether the back door file is added with a parameter of 'l';
4) if the "-l" parameter is added, tracing the suspicious program called to the "-l" parameter;
5) and performing disassembly reverse analysis on the tracked suspicious programs, and detecting data in the data packet.
Further, the web interface security detection step sequentially executes the following operations:
1) analyzing a certain type of format file system of the firmware file, and judging whether a suspicious program exists;
2) if there is a suspicious program, unpack the firmware file, obtain the system file directory, use ida to perform reverse analysis on the programs webs providing web services,
3) the function responsible for the authentication function is found, and analyzed,
4) it is checked whether a special character string is contained,
5) if the special character string is contained, comparing the character string pointer of the offset in the data structure body containing the special character string with the reference character string, and if the characters are matched, the loophole exists.
Further, the business logic vulnerability mining step sequentially executes the following operations:
1) combing the service flows under different scenes, searching the logic loopholes existing when the server end processes the services,
2) normal service data is intercepted and normal service data is analyzed through a network packet capturing method,
3) the normal service data is replaced by forging, tampering and the like and then is sent to the server,
4) after the data packet is sent out, the data packet becomes an administrator of the attacked network,
5) after becoming an administrator, the system can remotely control the equipment of the attacker.
Further, the risk factor is a coding defect, a logic defect or a back gate defect existing in the device firmware.
Furthermore, the scanning mode of the web interface can adopt web scanning, code auditing or manual detection means.
Further, the key service parameters are obtained by replaying and tampering the parameters in the service interaction data packet through a service logic vulnerability mining step.
Furthermore, the method can obtain compressed data by downloading the original firmware of the network equipment, and decompress and analyze the compressed data.
Further, the method can identify and verify against different data languages.
Further, the internet of things terminal can be a router or a video monitoring device.
According to the invention, from the attack perspective, the security risk analysis and detection evaluation are carried out on the Internet of things terminal, the possible security flaws of the Internet of things application system are deeply researched, the novel attack means aiming at the flaws are combined with attack and defense, the optimal defense point is searched in the complete attack chain, and the effective Internet of things terminal security protection system is constructed by adopting the targeted defense technology.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a global internet of things device connection quantity diagram.
FIG. 2 is a graph of video surveillance equipment exposure.
FIG. 3 is a graph of global exposure for a vendor's equipment.
FIG. 4 is a flow chart of the present invention.
FIG. 5 is a flow chart for reverse analysis of firmware bugs.
FIG. 6 is a flow diagram of web interface security detection.
FIG. 7 is a flow chart of business logic vulnerability mining.
Detailed Description
In the description of the present invention, it is to be understood that the terms "center", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "inner", "outer", "axial", "circumferential", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used merely for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; may be mechanically coupled, may be electrically coupled or may be in communication with each other; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 4-7, the invention relates to a method for evaluating the security and risk evaluation of an internet of things terminal.
Example 1: the security risk of the terminal of the Internet of things threatens the privacy of the user, the terminal equipment of the Internet of things represented by smart homes is deployed in a private home environment, and if the loophole of the equipment is remotely controlled, the privacy of the user is completely exposed to an attacker. For example, improper configuration (default password) of a camera in the smart home device and security holes in the device firmware level may cause the camera to be invaded, and further cause the privacy of the video collected by the camera to be revealed.
The code defects, logic defects and back gates in the device firmware can be discovered in a disassembling and reverse analyzing mode. For example, detection is performed by unpacking, disassembling and analyzing a firmware by using a Trojan back door feature code recognition mode, a program execution flow reverse analysis mode and the like. The feature code identification mainly depends on a bug and a backdoor feature code library, a known bug and a backdoor can be quickly positioned, but the discovery capability of the unknown bug and the backdoor is insufficient, the unknown bug and the backdoor can be discovered in a manual mining mode, but the efficiency is low, so that the actual detection is carried out in a manual and automatic combined mode, and the feature codes are extracted and recorded into the feature library for subsequent detection after the unknown bug and the backdoor are discovered manually.
First, DGN1000-V1.1.00.49WW firmware can be downloaded at the mesh official website and seen in its official declaration after decompression, which is mainly repaired against the 32764 port backdoor. Through technical analysis, the backdoor is not completely repaired but is hidden, and a triggering mechanism is set. Technical analysis is as follows:
by parsing the firmware file system discovery, which includes the Squashfs format file system, unpacking it, a system file directory is obtained, and retrieving the previous back-gate file scfgmgr in the directory structure discovers that the program has added the "-l" parameter, and that there is a call to it at tf _ tool. After unpacking, two suspicious programs tf _ tool and scfgmgr are found and are subjected to disassembly reverse analysis respectively.
Analyzing the tf _ tool program first, it can be found that a socket is opened in the main function of tf _ tool, and a data packet with the protocol type "0 x 8888" is waited.
Then, the data in the data packet is detected, and when the field in the data packet is the MD5 value of 'DGN 1000' and the data packet type is '0 x 201', the execution of 'loc _ 401240' is jumped to. The system function execution command is called in the "loc _ 401240" function, and it can be seen that the "/usr/sbin/scfgmgr" program is called in the function to execute the "-f" operation.
The scfgmgr program was analyzed next. Through previous analysis, two suspicious parameters "-l" and "-f" are found in the scfgmgr program, and the operation performed by the two parameters can be found in the disassembled code, and the "-f" operation creates a socket connection and binds to the "0 x7 FFC" port (converted to 32764 port) for snooping. The "-l" operation creates a socket connection waiting to accept data.
In summary, after the tf _ tool receives the back door trigger data packet, the "-f" operation of the scfgmgr is called to create the back door connection, so as to realize the remote control function.
Example 2: the method utilizes the vulnerability of the terminal equipment to control the Internet of things equipment to launch flow attack, and can seriously affect the normal operation of the basic communication network. The internet of things equipment has large cardinality and wide distribution, and has certain network bandwidth resources, once a bug occurs, a large amount of equipment is controlled to form a botnet, distributed denial of service attack is initiated on network infrastructure, and network blockage and even network outage are caused. Normal network service cannot be provided for the user.
The security vulnerability existing in the web interface of the system can be discovered and verified through web scanning, code auditing and manual detection means. The main content of the Web interface security detection comprises SQL injection attack, cross site scripting attack (XSS), Cross Site Request Forgery (CSRF), file uploading attack, command execution, authentication bypass and other security vulnerabilities caused by coding defects.
The Firmware image of DIR-100-Revision A is first downloaded. The firmware file DIR100_ v5.0 EUb3_ patch02.bix is obtained after downloading and decompressing, the firmware structure is analyzed, and the firmware comprises four parts, wherein 0x9DB90 is a SquashFS file system. The 0x9DB90 part is parsed to obtain a system file directory. The web service providing program webs was found under/bin/directory and analyzed in reverse using ida. It can be seen that Alpha Networks modifies this firmware prefixed by "Alpha", where "Alpha _ auth _ check" should be responsible for the authentication function, which is analyzed. The alpha _ auth _ check performs string strcmp comparison operations on some pointers in the http _ request _ t structure, and then calls a check _ location function to implement authentication checking. If either the string comparison is successful or check _ location is successful, it will return 1; otherwise, it redirects the browser to the login page, returning to-1. From the disassembly code, the function first extracts the requested URL addresses (at offset 0xB8 of the http _ request _ t data structure) and checks whether they contain the string "graphic/" or "public/". These are all public subdirectories located under the Web directory of the router, if the request address contains such a string, continue to compare the string pointer of offset 0xD0 with the string "xmlset _ roodkcabloj 28840 ybtide" in the http _ request _ t structure, if the characters match, skip the check _ location function, and the alpha _ auth _ check operation returns 1 (authentication passed). This allows management operations to be performed bypassing authentication. And the pointer at the http _ request _ t offset 0xD0 points to the User-Agent header, that is, if the User-Agent value of the browser is "xmlset _ roodkcabableoj 28840 ybtide", the web control interface containing "graphic/" or "public/" can be directly accessed for management operation by bypassing authentication. In the verification process, a D-Link DIR-100 Chinese version is adopted, and the firmware version is 1.11CN (official non-upgrade version). Tests show that the backdoor is slightly different from the English version, and authentication is not needed when the User-Agent value of the browser is 'xmlset _ roodkcabloj 28840 ybtide' to access any control page. The router control page can be accessed without authentication. The attacker can hijack the user communication data by configuring a static route in an http://192.168.0.1/Advance/adv _ routing. htm page.
Example 3: and logging in and relaying the virus Rowdy aiming at the intelligent equipment by using a Telnet weak password. Because the performance of the intelligent device is limited, a protection mechanism for preventing viruses and intrusion is hardly deployed, the protection capability for malicious programs is extremely limited, and the attack cost is reduced. And the whole network equipment is controllable due to intelligent service logic loopholes.
And (4) vulnerability mining can be carried out on normal business logic by replaying and tampering key business parameters in the business interaction data packet. Firstly, the service flows under different scenes are combed, then normal service data are intercepted and captured through a network packet capturing method, the meanings of all parameters in the normal service data are analyzed, the normal service data are replaced through counterfeiting, tampering and the like and then are sent to a server side, and if the service logic verification of the server side is not strict, a service logic loophole is generated. Common business logic vulnerabilities include: identity falsification, password disclosure, unauthorized access, parallel rights, unauthorized access, etc.
Firstly, knowing that the product has a function called 'invite family member' through an app interface of the intelligent device, wherein the business process is that a normal user clicks an 'invite family member' button after logging in the app and inputs the mobile phone number of the family member, the app sends the family ID of the normal user, the mobile phone number of an invitee and an invited authority to a server, and the server sets the invitee as a manager of corresponding authority of the family ID.
The server side is found to have a logic bug when processing the service through testing, and whether the login user is matched with the sent family ID is not verified, that is, an attacker can forge other families to add the attacker as other family administrators by sending a forged data packet of 'inviting family members' to the cloud service system, and control the family equipment. It is theoretically possible to remotely control the network-wide device by traversing all the home IDs. The test method is as follows:
and intercepting a data packet of 'inviting family members' by a packet capturing tool, and tampering with the 'family Id' parameter as the attacked family ID, the 'Phone' parameter as the mobile Phone number of the attacker, and the 'permission' parameter as 1 (administrator authority).
After the data packet is sent out, the account of the attacker can accept the invitation, and the attacker becomes an administrator of the attacked home network.
The remote control system can remotely control the equipment of the family of the attacker after becoming an administrator, can remotely switch on and off the household appliances connected with the intelligent equipment by controlling the functions of switching on and off the intelligent equipment, and can also control the on and off of the air conditioner and the temperature regulation of the air conditioner in the family by controlling the air conditioner companion equipment.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. The method for evaluating the security and risk assessment of the terminal of the Internet of things is characterized by comprising the following steps: the evaluating method comprises three steps of reversely analyzing firmware defects, carrying out safety detection on a web interface and mining and verifying business logic bugs,
the method comprises the following steps that firstly, firmware defects are analyzed reversely, risk factors in equipment firmware are found in a disassembling and reverse analyzing mode, and an analysis result is sent to a web interface side;
secondly, performing security detection on the web interface, wherein the web interface side performs security detection on the web interface in a scanning mode according to the received risk factors, finds and verifies security holes existing in the web interface of the system, and sends a processing result to the terminal of the Internet of things;
and step three, the Internet of things terminal receives the processing result in the step two and conducts business logic vulnerability mining verification according to key business parameters of the processing result in the step two.
2. The method of claim 1, wherein:
the reverse analysis firmware defect step sequentially executes the following operations:
1) analyzing a certain type of format file system of the firmware file, and judging whether a suspicious program exists;
2) if the suspicious program exists, unpacking the firmware file to obtain a system file directory, and searching a back door file in the system file directory;
3) judging whether the back door file is added with a parameter of 'l';
4) if the "-l" parameter is added, tracing the suspicious program called to the "-l" parameter;
5) and performing disassembly reverse analysis on the tracked suspicious programs, and detecting data in the data packet.
3. The method of claim 1, wherein: the web interface security detection step sequentially executes the following operations:
1) analyzing a certain type of format file system of the firmware file, and judging whether a suspicious program exists;
2) if there is a suspicious program, unpack the firmware file, obtain the system file directory, use ida to perform reverse analysis on the programs webs providing web services,
3) the function responsible for the authentication function is found, and analyzed,
4) it is checked whether a special character string is contained,
5) if the special character string is contained, comparing the character string pointer of the offset in the data structure body containing the special character string with the reference character string, and if the characters are matched, the loophole exists.
4. The method of claim 1, wherein:
the business logic vulnerability mining step sequentially executes the following operations:
1) combing the service flows under different scenes, searching the logic loopholes existing when the server end processes the services,
2) normal service data is intercepted and normal service data is analyzed through a network packet capturing method,
3) the normal service data is replaced by forging, tampering and the like and then is sent to the server,
4) after the data packet is sent out, the data packet becomes an administrator of the attacked network,
5) after becoming an administrator, the system can remotely control the equipment of the attacker.
5. The method according to claim 1 or 2, characterized in that: the risk factor is a coding defect, a logic defect or a back gate defect existing in the device firmware.
6. A method according to claim 1 or 3, characterized in that: the scanning mode of the web interface can adopt web scanning, code auditing or manual detection means.
7. The method according to claim 1 or 4, characterized in that: and the key service parameters are obtained by replaying and tampering parameters in the service interaction data packet through a service logic vulnerability mining step.
8. The method according to any one of claims 1-4, wherein: the method can obtain compressed data by downloading the original firmware of the network equipment, and decompress and analyze the compressed data.
9. The method according to any one of claims 1-4, wherein: the method can identify and verify against different data languages.
10. The method according to any one of claims 1-4, wherein: the terminal of the internet of things can be a router or video monitoring equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110660090.7A CN113382006B (en) | 2021-06-15 | 2021-06-15 | Internet of things terminal security and risk assessment and evaluation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110660090.7A CN113382006B (en) | 2021-06-15 | 2021-06-15 | Internet of things terminal security and risk assessment and evaluation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113382006A true CN113382006A (en) | 2021-09-10 |
CN113382006B CN113382006B (en) | 2022-12-16 |
Family
ID=77574332
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110660090.7A Active CN113382006B (en) | 2021-06-15 | 2021-06-15 | Internet of things terminal security and risk assessment and evaluation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113382006B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114637690A (en) * | 2022-05-09 | 2022-06-17 | 北京航天驭星科技有限公司 | API penetration test method, system, electronic equipment and storage medium |
CN115587364A (en) * | 2022-10-10 | 2023-01-10 | 中国人民解放军国防科技大学 | Firmware vulnerability input point positioning method and device based on front-end and back-end correlation analysis |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878339A (en) * | 2017-03-30 | 2017-06-20 | 国网福建省电力有限公司 | A kind of vulnerability scanning system and method based on internet-of-things terminal equipment |
CN108173832A (en) * | 2017-12-25 | 2018-06-15 | 四川长虹电器股份有限公司 | Family's Internet of Things application system penetration testing method based on end cloud translocation |
CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
CN108989296A (en) * | 2018-06-29 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of Internet of things system safety comprehensive assessment system and method |
CN109933532A (en) * | 2019-03-20 | 2019-06-25 | 西安电子科技大学 | One kind being based on matched Internet of Things firmware library function recognition methods |
CN110830287A (en) * | 2019-09-27 | 2020-02-21 | 西北大学 | Internet of things environment situation sensing method based on machine learning |
CN111611591A (en) * | 2020-05-22 | 2020-09-01 | 中国电力科学研究院有限公司 | Firmware vulnerability detection method and device, storage medium and electronic equipment |
CN112134761A (en) * | 2020-09-23 | 2020-12-25 | 国网四川省电力公司电力科学研究院 | Electric power Internet of things terminal vulnerability detection method and system based on firmware analysis |
CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
-
2021
- 2021-06-15 CN CN202110660090.7A patent/CN113382006B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878339A (en) * | 2017-03-30 | 2017-06-20 | 国网福建省电力有限公司 | A kind of vulnerability scanning system and method based on internet-of-things terminal equipment |
CN108173832A (en) * | 2017-12-25 | 2018-06-15 | 四川长虹电器股份有限公司 | Family's Internet of Things application system penetration testing method based on end cloud translocation |
CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
CN108989296A (en) * | 2018-06-29 | 2018-12-11 | 杭州安恒信息技术股份有限公司 | A kind of Internet of things system safety comprehensive assessment system and method |
CN109933532A (en) * | 2019-03-20 | 2019-06-25 | 西安电子科技大学 | One kind being based on matched Internet of Things firmware library function recognition methods |
CN110830287A (en) * | 2019-09-27 | 2020-02-21 | 西北大学 | Internet of things environment situation sensing method based on machine learning |
CN111611591A (en) * | 2020-05-22 | 2020-09-01 | 中国电力科学研究院有限公司 | Firmware vulnerability detection method and device, storage medium and electronic equipment |
CN112134761A (en) * | 2020-09-23 | 2020-12-25 | 国网四川省电力公司电力科学研究院 | Electric power Internet of things terminal vulnerability detection method and system based on firmware analysis |
CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114637690A (en) * | 2022-05-09 | 2022-06-17 | 北京航天驭星科技有限公司 | API penetration test method, system, electronic equipment and storage medium |
CN115587364A (en) * | 2022-10-10 | 2023-01-10 | 中国人民解放军国防科技大学 | Firmware vulnerability input point positioning method and device based on front-end and back-end correlation analysis |
CN115587364B (en) * | 2022-10-10 | 2023-07-14 | 中国人民解放军国防科技大学 | Firmware vulnerability input point positioning method and device based on front-end and back-end correlation analysis |
Also Published As
Publication number | Publication date |
---|---|
CN113382006B (en) | 2022-12-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11463458B2 (en) | Protecting against and learning attack vectors on web artifacts | |
US8443439B2 (en) | Method and system for mobile network security, related network and computer program product | |
US10587647B1 (en) | Technique for malware detection capability comparison of network security devices | |
US9430646B1 (en) | Distributed systems and methods for automatically detecting unknown bots and botnets | |
US8171544B2 (en) | Method and system for preventing, auditing and trending unauthorized traffic in network systems | |
CN107888607A (en) | A kind of Cyberthreat detection method, device and network management device | |
CN113382006B (en) | Internet of things terminal security and risk assessment and evaluation method | |
Stasinopoulos et al. | Commix: automating evaluation and exploitation of command injection vulnerabilities in Web applications | |
CN112788034B (en) | Processing method and device for resisting network attack, electronic equipment and storage medium | |
CN103746992B (en) | Based on reverse intruding detection system and method thereof | |
CN111818062A (en) | Docker-based CentOS high-interaction honeypot system and implementation method thereof | |
CN112417444A (en) | Attack trapping system based on firmware simulation | |
CN110768951B (en) | Method and device for verifying system vulnerability, storage medium and electronic device | |
US20040030931A1 (en) | System and method for providing enhanced network security | |
CN111464526A (en) | Network intrusion detection method, device, equipment and readable storage medium | |
CN112615863A (en) | Method, device, server and storage medium for resisting attack host | |
CN112398829A (en) | Network attack simulation method and system for power system | |
CN110768949B (en) | Vulnerability detection method and device, storage medium and electronic device | |
La et al. | Network monitoring using mmt: An application based on the user-agent field in http headers | |
CN109474567B (en) | DDOS attack tracing method and device, storage medium and electronic equipment | |
Diebold et al. | A honeypot architecture for detecting and analyzing unknown network attacks | |
Sui et al. | A behavior analysis based mobile malware defense system | |
KR101518233B1 (en) | Security Apparatus for Threats Detection in the Enterprise Internal Computation Environment | |
Bansal et al. | Analysis and Detection of various DDoS attacks on Internet of Things Network | |
Felix et al. | Framework for Analyzing Intruder Behavior of IoT Cyber Attacks Based on Network Forensics by Deploying Honeypot Technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |