CN113486340A - Internet of things equipment intrusion detection method and device based on digital signature - Google Patents
Internet of things equipment intrusion detection method and device based on digital signature Download PDFInfo
- Publication number
- CN113486340A CN113486340A CN202110769298.2A CN202110769298A CN113486340A CN 113486340 A CN113486340 A CN 113486340A CN 202110769298 A CN202110769298 A CN 202110769298A CN 113486340 A CN113486340 A CN 113486340A
- Authority
- CN
- China
- Prior art keywords
- target
- internet
- things
- information
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application provides an Internet of things equipment intrusion detection method and device based on digital signatures, and relates to the technical field of Internet of things. In the method, firstly, after target query request information for information query of target internet of things equipment by target user terminal equipment is acquired, whether information query operation corresponding to the target query request information belongs to abnormal operation is determined; secondly, if the information query operation corresponding to the target query request information belongs to abnormal operation, the generated digital signature request information is sent to the target user terminal, and digital signature information fed back by the target user terminal based on the digital signature request information is obtained; and then, verifying the target user terminal equipment based on the digital signature information to determine whether the target user terminal equipment belongs to the intrusion equipment corresponding to the target Internet of things equipment. Based on the method, the problem that misjudgment is easy to occur when equipment intrusion is detected in the prior art can be solved.
Description
Technical Field
The application relates to the technical field of Internet of things, in particular to a digital signature-based method and device for detecting intrusion of Internet of things equipment.
Background
The internet of things equipment can be used for data acquisition and the like, so that the data of the internet of things equipment can be queried and the like in the internet of things technology. In order to guarantee the safety of data, corresponding detection needs to be performed for query operation to determine whether the query operation belongs to abnormal query.
However, the inventor researches and finds that, in the prior art, only whether the query operation belongs to the abnormality or not is detected, so that whether the equipment invades or not is difficult to be effectively determined, namely, the problem that misjudgment is easy to occur when the equipment invades is detected.
Disclosure of Invention
In view of this, an object of the present application is to provide a method and an apparatus for detecting intrusion of an internet of things device based on a digital signature, so as to solve the problem in the prior art that misjudgment is likely to occur when detecting intrusion of the device.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
an Internet of things equipment intrusion detection method based on digital signatures comprises the following steps:
after target query request information for information query of target Internet of things equipment by target user terminal equipment is acquired, determining whether information query operation corresponding to the target query request information belongs to abnormal operation or not, wherein the target query request information is generated based on the information query operation performed by the target user terminal equipment in response to a corresponding target query user;
if the information query operation corresponding to the target query request information belongs to abnormal operation, sending the generated digital signature request information to the target user terminal, and acquiring digital signature information fed back by the target user terminal based on the digital signature request information;
and verifying the target user terminal equipment based on the digital signature information so as to determine whether the target user terminal equipment belongs to the intrusion equipment corresponding to the target Internet of things equipment.
In a possible embodiment, in the method for detecting an intrusion of an internet of things device based on a digital signature, if an information query operation corresponding to the target query request information belongs to an abnormal operation, the step of sending the generated digital signature request information to the target user terminal and acquiring digital signature information fed back by the target user terminal based on the digital signature request information includes:
if the information query operation corresponding to the target query request information belongs to abnormal operation, generating corresponding digital signature request information;
sending the digital signature request information to the target user terminal to request to access the running log data of the target user terminal;
and acquiring the operation log data, and analyzing the operation log data to obtain digital signature information corresponding to the target user terminal.
In a possible embodiment, in the method for detecting an intrusion of an internet of things device based on a digital signature, after the step of verifying the target user terminal device based on the digital signature information to determine whether the target user terminal device belongs to an intrusion device corresponding to the target internet of things device is performed, the method for detecting an intrusion of an internet of things device further includes:
if the target user terminal equipment is determined not to belong to the intrusion equipment corresponding to the target Internet of things equipment, generating Internet of things data request information and sending the Internet of things data request information to the target Internet of things equipment;
and acquiring target Internet of things data sent by the target Internet of things equipment based on the Internet of things data request information, and sending the target Internet of things data to the target user terminal equipment.
In a possible embodiment, in the method for detecting an intrusion of an internet of things device based on a digital signature, after the step of verifying the target user terminal device based on the digital signature information to determine whether the target user terminal device belongs to an intrusion device corresponding to the target internet of things device is performed, the method for detecting an intrusion of an internet of things device further includes:
if the target user terminal equipment is determined to belong to the intrusion equipment corresponding to the target Internet of things equipment, generating Internet of things data protection notification information, and sending the Internet of things data protection notification information to the target Internet of things equipment, wherein the target Internet of things equipment is used for executing protection operation on target Internet of things data based on the Internet of things data protection notification information.
In a possible embodiment, in the method for detecting an intrusion of an internet of things device based on a digital signature, after the step of sending the internet of things data protection notification information to the target internet of things device is performed, the method for detecting an intrusion of an internet of things device further includes:
acquiring target internet of things data sent by the target internet of things device based on the internet of things data protection notification information, wherein the target internet of things device deletes the target internet of things data based on the internet of things data protection notification information after sending the target internet of things data;
and encrypting the target Internet of things data, and storing the encrypted target Internet of things data.
In a possible embodiment, in the method for detecting intrusion of internet of things equipment based on digital signature, after the step of obtaining the target internet of things data sent by the target internet of things equipment based on the internet of things data protection notification information is performed, the method for detecting intrusion of internet of things equipment further includes:
generating new target internet of things data based on the target internet of things data, wherein the new target internet of things data comprises partial data in the target internet of things data;
and sending the new target Internet of things data to the target user terminal equipment.
In a possible embodiment, in the method for detecting an intrusion of an internet-of-things device based on a digital signature, the step of generating new target internet-of-things data based on the target internet-of-things data includes:
performing content identification processing on the target internet of things data to determine non-key data in the target internet of things data, wherein the importance degree of the non-key data is lower than a pre-target importance degree, and the target importance degree is generated based on configuration operation performed by a corresponding management user in response;
and generating new target internet of things data at least comprising part of the non-critical data.
The application also provides an thing networking device intrusion detection device based on digital signature includes:
the operation abnormity determining module is used for determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not after the target query request information for information query of target Internet of things equipment by target user terminal equipment is acquired, wherein the target query request information is generated based on the information query operation performed by the target user terminal equipment in response to the corresponding target query user;
the signature information acquisition module is used for sending the generated digital signature request information to a target user terminal and acquiring digital signature information fed back by the target user terminal based on the digital signature request information when the information query operation corresponding to the target query request information belongs to abnormal operation;
and the intrusion device determining module is used for verifying the target user terminal device based on the digital signature information so as to determine whether the target user terminal device belongs to the intrusion device corresponding to the target Internet of things device.
In a possible embodiment, in the above digital signature-based intrusion detection device for internet of things, the signature information obtaining module is specifically configured to:
if the information query operation corresponding to the target query request information belongs to abnormal operation, generating corresponding digital signature request information;
sending the digital signature request information to the target user terminal to request to access the running log data of the target user terminal;
and acquiring the operation log data, and analyzing the operation log data to obtain digital signature information corresponding to the target user terminal.
In a possible embodiment, in the above digital signature-based intrusion detection device for internet of things devices, the intrusion detection device for internet of things devices further includes:
and the internet of things data protection notification module is used for generating internet of things data protection notification information and sending the internet of things data protection notification information to the target internet of things device if the target user terminal device is determined to belong to the intrusion device corresponding to the target internet of things device, wherein the target internet of things device is used for executing protection operation on target internet of things data based on the internet of things data protection notification information.
According to the method and the device for detecting the intrusion of the Internet of things equipment based on the digital signature, after the fact that the information query operation corresponding to the target query request information belongs to the abnormal operation is determined, whether the target user terminal equipment belongs to the intrusion equipment is verified based on the digital signature information of the target user terminal equipment, so that the verification precision can be improved, and the problem that misjudgment is prone to occurring when the equipment intrusion is detected in the prior art is solved.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
Fig. 1 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Fig. 2 is a schematic flowchart of steps included in the method for detecting intrusion of an internet of things device based on a digital signature according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1, an embodiment of the present application provides an electronic device. Wherein the electronic device may include a memory and a processor.
In detail, the memory and the processor are electrically connected directly or indirectly to realize data transmission or interaction. For example, they may be electrically connected to each other via one or more communication buses or signal lines. The memory may store at least one software functional module (a computer program, such as an internet of things device intrusion detection apparatus based on digital signature, which is described later) which may be in the form of software or firmware (firmware). The processor may be configured to execute the executable computer program stored in the memory, so as to implement the method for detecting intrusion of an internet of things device based on digital signatures provided in the embodiments of the present application (described later).
Alternatively, the Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), a System on Chip (SoC), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
Also, the structure shown in fig. 1 is only an illustration, and the electronic device may further include more or less components than those shown in fig. 1, or have a different configuration from that shown in fig. 1, for example, may include a communication unit for information interaction with other devices.
Wherein, in an alternative example, the electronic device may be a server with data processing capability.
With reference to fig. 2, an embodiment of the present application further provides an internet of things device intrusion detection method based on a digital signature, which is applicable to the electronic device. The method steps defined by the flow related to the digital signature-based intrusion detection method for the internet of things equipment can be realized by the electronic equipment.
The specific process shown in FIG. 2 will be described in detail below.
Step S110, after target query request information for information query of a target internet of things device by a target user terminal device is acquired, determining whether an information query operation corresponding to the target query request information belongs to an abnormal operation.
In this embodiment, after obtaining target query request information for information query of a target internet of things device by a target user terminal device, the electronic device may first determine whether an information query operation corresponding to the target query request information belongs to an abnormal operation.
The target query request information is generated based on information query operation performed by the target user terminal equipment in response to a corresponding target query user.
And, if the information query operation corresponding to the target query request information belongs to an abnormal operation, step S120 may be executed.
Step S120, sending the generated digital signature request information to the target user terminal, and acquiring digital signature information fed back by the target user terminal based on the digital signature request information.
In this embodiment, after determining that the information query operation corresponding to the target query request information belongs to an abnormal operation based on step S110, the electronic device may send the generated digital signature request information to the target user terminal, and obtain digital signature information fed back by the target user terminal based on the digital signature request information.
Step S130, verifying the target user terminal equipment based on the digital signature information to determine whether the target user terminal equipment belongs to the intrusion equipment corresponding to the target Internet of things equipment.
In this embodiment, after acquiring the digital signature information based on step S120, the electronic device may verify the target user terminal device based on the digital signature information to determine whether the target user terminal device belongs to an intrusion device corresponding to the target internet of things device.
Based on the method, after the information query operation corresponding to the target query request information is determined to belong to the abnormal operation, whether the target user terminal equipment belongs to the intrusion equipment is verified based on the digital signature information of the target user terminal equipment, so that the verification precision can be improved, and the problem that misjudgment is easy to occur when equipment intrusion is detected in the prior art is solved.
It is understood that, in an alternative example, the step S110 may include the step S111, the step S112 and the step S113 to determine whether the information query operation corresponding to the target query request information belongs to an abnormal operation, which is described in detail below.
Step S111, target inquiry request information for information inquiry of target Internet of things equipment is obtained.
In this embodiment, the electronic device may first acquire target query request information for performing information query on a target internet of things device.
The target internet of things equipment is in communication connection with the electronic equipment, and the target query request information is generated based on information query operation performed by a target user terminal equipment (such as a mobile phone) in communication connection with the electronic equipment in response to a corresponding target query user.
Step S112, obtaining a plurality of pieces of historical query request information for performing information query on the target internet of things device historically.
In this embodiment, after obtaining the target query request information based on step S111, the electronic device may obtain a plurality of pieces of historical query request information that are used to perform information query on the target internet of things device historically, for example, the historical query request information may be obtained from a database, where the database may be a local database of the electronic device or a remote database of the electronic device.
Each piece of the historical query request information is generated based on information query operation performed by other user terminal devices in response to corresponding other query users, that is, the target query request information may be query request information sent by the target user terminal device to perform information query on the target internet of things device for the first time.
Step S113, analyzing the target query request information based on the plurality of pieces of historical query request information to obtain a corresponding target analysis result.
In this embodiment, after obtaining the plurality of pieces of historical query request information based on step S112, the electronic device may perform parsing on the target query request information based on the plurality of pieces of historical query request information to obtain corresponding target parsing results. Thus, if it is determined that the information query operation corresponding to the target request information belongs to an abnormal operation, the target request information may be discarded to refuse to provide a corresponding information query service, and the like.
And the target analysis result is used for representing whether the information query operation corresponding to the target query request information belongs to abnormal operation or not.
Based on the steps, the target query request information for performing information query on the target internet of things equipment is acquired, and the target query request information is analyzed and processed based on the historical query request information to determine whether the information query operation corresponding to the target query request information belongs to abnormal operation or not.
It is understood that, in an alternative example, the target query request information may be parsed based on the following steps to obtain a corresponding target parsing result:
firstly, screening the plurality of pieces of historical query request information to obtain a plurality of pieces of corresponding target historical query request information;
secondly, analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain corresponding target analysis results.
It is understood that, in yet another alternative example, the plurality of pieces of historical query request information may be filtered based on the following steps to obtain corresponding pieces of target historical query request information:
firstly, based on the generation time information of each piece of historical query request information, sequencing the plurality of pieces of historical query request information according to the sequence of generation time from morning to evening to obtain a corresponding historical query request information sequence;
secondly, determining first historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the first historical query request information is one of the plurality of pieces of historical query request information which has the largest information similarity (the similarity corresponding to the system action is described above) with the target query request information;
then, in the historical query request information sequence, determining second historical query request information corresponding to the target query request information, wherein the second historical query request information is one of the plurality of pieces of historical query request information, the time similarity between the generation time information and the generation time information of the target query request information is the largest;
finally, in the plurality of pieces of historical query request information included in the historical query request information sequence, a plurality of pieces of target historical query request information are determined based on the first historical query request information and the second historical query request information.
It will be appreciated that, in an alternative example, a plurality of target historical query request information may be determined from the plurality of pieces of historical query request information included in the sequence of historical query request information based on:
firstly, determining third history query request information from a plurality of pieces of history query request information included in the candidate history query request information sequence, wherein the third history query request information is history query request information in which information similarity between the candidate history query request information sequence and the target query request information is greater than a first similarity threshold and time similarity between the candidate history query request information sequence and generation time information of the target query request information is greater than a second similarity threshold, and the first similarity threshold and the second similarity threshold can be generated based on configuration operation performed by a corresponding management user according to an actual application scenario in response to the electronic device;
secondly, determining a third information interval corresponding to each piece of the third history query request information in the candidate history query request information sequence, wherein the third information interval is determined based on a first coefficient of the corresponding third history query request information (for example, in the candidate history query request information sequence, the corresponding third information interval can be determined by taking the position of the third history query request information as a central position and the first coefficient as a radius), the first coefficient of each piece of the third history query request information is obtained by performing weighted summation calculation according to the first adjustment coefficient and the second adjustment coefficient based on the information similarity between the piece of the third history query request information and the target query request information and the time similarity between the piece of the third history query request information and the generation time information of the target query request information, wherein the sum of the first adjustment coefficient and the second adjustment coefficient is 1, the first adjustment coefficient and the second adjustment coefficient may be generated based on a configuration operation performed by the electronic device in response to a corresponding management user according to an actual application scenario;
then, each piece of history query request information included in each third information interval is used as target history query request information, and a plurality of pieces of target history query request information are obtained.
It is understood that, in an alternative example, the target query request information may be parsed based on the plurality of pieces of target historical query request information to obtain corresponding target parsing results based on the following steps:
firstly, analyzing the plurality of pieces of target historical query request information to obtain query behavior feature information of a user queried historically (for example, a complete query may include a plurality of continuous query actions, such as querying part a information, querying part B information, and querying part C information, so that a series of query actions may be formed, and thus, a plurality of series of query actions may be extracted from the plurality of pieces of target historical query request information as query behavior feature information);
then, it is determined whether the information query operation corresponding to the target query request information belongs to an abnormal operation based on the query behavior feature information (for example, a query action corresponding to the target query request information is matched with a query action corresponding to the query behavior feature information, if the matching indicates that the information query operation does not belong to the abnormal operation, the information query operation belongs to the abnormal operation).
It is understood that, in an alternative example, when step S120 is executed, the digital signature information may be obtained based on the following steps:
firstly, if the information query operation corresponding to the target query request information belongs to abnormal operation, generating corresponding digital signature request information;
secondly, sending the digital signature request information to the target user terminal to request to access the running log data of the target user terminal;
and then, acquiring the operation log data, and analyzing the operation log data to obtain digital signature information corresponding to the target user terminal.
It is understood that, in an alternative example, after the step S130 is executed, the method for detecting intrusion by devices in the internet of things may further include the following steps:
firstly, if the target user terminal equipment is determined not to belong to the intrusion equipment corresponding to the target Internet of things equipment, generating Internet of things data request information and sending the Internet of things data request information to the target Internet of things equipment;
and secondly, acquiring target Internet of things data sent by the target Internet of things device based on the Internet of things data request information, and sending the target Internet of things data to the target user terminal device.
Based on the method, effective query of the data can be realized under the condition of ensuring data safety, and the normal requirements of users are met.
It is to be understood that, in another alternative example, after the step S130 is performed, the method for detecting intrusion by a device of the internet of things may further include the following steps:
if the target user terminal equipment is determined to belong to the intrusion equipment corresponding to the target Internet of things equipment, generating Internet of things data protection notification information, and sending the Internet of things data protection notification information to the target Internet of things equipment, wherein the target Internet of things equipment is used for executing protection operation on target Internet of things data based on the Internet of things data protection notification information.
It is to be understood that, in an alternative example, after the sending of the data protection notification information of the internet of things to the target internet of things device, the method for detecting intrusion by an internet of things device may further include the following steps:
firstly, target internet-of-things data sent by the target internet-of-things device based on the internet-of-things data protection notification information is obtained, wherein the target internet-of-things data is deleted based on the internet-of-things data protection notification information after the target internet-of-things device sends the target internet-of-things data (that is, the internet-of-things data protection notification information is used for requesting to obtain the target internet-of-things data on one hand and requesting to delete the target internet-of-things data on the other hand so as to guarantee the safety of the target internet-of-things data, such as to avoid directly invading the target internet-of-things device);
secondly, the target internet of things data is encrypted (in this way, the difficulty of acquiring the target internet of things data can be improved), and the encrypted target internet of things data is stored.
It is to be understood that, in an alternative example, after the target internet of things data is acquired, the method for detecting intrusion by an internet of things device may further include the following steps:
firstly, generating new target internet of things data based on the target internet of things data, wherein the new target internet of things data comprises partial data in the target internet of things data;
and secondly, sending the new target Internet of things data to the target user terminal equipment.
Based on the method, the cheating of the intrusion of the target user terminal equipment can be realized, so that the target user terminal equipment is prevented from intruding again, and the safety of data can be guaranteed.
It is to be understood that, in an alternative example, the new target internet of things data may be generated based on the following steps:
firstly, performing content identification processing on the target internet of things data (for example, extracting keywords to determine key data and non-key data) to determine non-key data in the target internet of things data, wherein the importance degree of the non-key data is lower than a pre-target importance degree, and the target importance degree is generated based on configuration operation performed by a corresponding management user in response;
and secondly, generating new target internet of things data at least comprising part of the non-critical data.
Based on this, because the new target internet of things data comprises part of non-critical data of the target internet of things data, data leakage can be avoided on the basis of higher deception.
The embodiment of the application also provides an Internet of things equipment intrusion detection device based on the digital signature, which can be applied to the electronic equipment. Wherein, the device for detecting the intrusion of the internet of things equipment based on the digital signature can comprise:
the operation abnormity determining module is used for determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not after the target query request information for information query of target Internet of things equipment by target user terminal equipment is acquired, wherein the target query request information is generated based on the information query operation performed by the target user terminal equipment in response to the corresponding target query user;
the signature information acquisition module is used for sending the generated digital signature request information to a target user terminal and acquiring digital signature information fed back by the target user terminal based on the digital signature request information when the information query operation corresponding to the target query request information belongs to abnormal operation;
and the intrusion device determining module is used for verifying the target user terminal device based on the digital signature information so as to determine whether the target user terminal device belongs to the intrusion device corresponding to the target Internet of things device.
It is understood that the specific functions of the operational abnormality determining module, the signature information acquiring module and the intrusion device determining module can refer to the related explanations of step S110, step S120 and step S130.
For example, in an alternative example, the signature information obtaining module is specifically configured to:
if the information query operation corresponding to the target query request information belongs to abnormal operation, generating corresponding digital signature request information; sending the digital signature request information to the target user terminal to request to access the running log data of the target user terminal; and acquiring the operation log data, and analyzing the operation log data to obtain digital signature information corresponding to the target user terminal.
It is understood that, in an alternative example, the digital signature-based internet of things device intrusion detection apparatus may further include:
and the internet of things data protection notification module is used for generating internet of things data protection notification information and sending the internet of things data protection notification information to the target internet of things device if the target user terminal device is determined to belong to the intrusion device corresponding to the target internet of things device, wherein the target internet of things device is used for executing protection operation on target internet of things data based on the internet of things data protection notification information.
In summary, according to the method and the device for detecting intrusion of the internet of things equipment based on the digital signature, after it is determined that the information query operation corresponding to the target query request information belongs to the abnormal operation, whether the target user terminal equipment belongs to the intrusion equipment is verified based on the digital signature information of the target user terminal equipment, so that the verification precision can be improved, and the problem that misjudgment is easy to occur when the equipment intrusion is detected in the prior art is solved.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. An Internet of things equipment intrusion detection method based on digital signatures is characterized by comprising the following steps:
after target query request information for information query of target Internet of things equipment by target user terminal equipment is acquired, determining whether information query operation corresponding to the target query request information belongs to abnormal operation or not, wherein the target query request information is generated based on the information query operation performed by the target user terminal equipment in response to a corresponding target query user;
if the information query operation corresponding to the target query request information belongs to abnormal operation, sending the generated digital signature request information to the target user terminal, and acquiring digital signature information fed back by the target user terminal based on the digital signature request information;
and verifying the target user terminal equipment based on the digital signature information so as to determine whether the target user terminal equipment belongs to the intrusion equipment corresponding to the target Internet of things equipment.
2. The method for detecting intrusion of internet of things equipment based on digital signature as claimed in claim 1, wherein the step of sending the generated digital signature request information to the target user terminal and obtaining the digital signature information fed back by the target user terminal based on the digital signature request information if the information query operation corresponding to the target query request information belongs to an abnormal operation comprises:
if the information query operation corresponding to the target query request information belongs to abnormal operation, generating corresponding digital signature request information;
sending the digital signature request information to the target user terminal to request to access the running log data of the target user terminal;
and acquiring the operation log data, and analyzing the operation log data to obtain digital signature information corresponding to the target user terminal.
3. The method for detecting intrusion of internet of things equipment based on digital signature as claimed in claim 1 or 2, wherein after the step of verifying the target user terminal equipment based on the digital signature information to determine whether the target user terminal equipment belongs to the intrusion equipment corresponding to the target internet of things equipment is executed, the method for detecting intrusion of internet of things equipment further comprises:
if the target user terminal equipment is determined not to belong to the intrusion equipment corresponding to the target Internet of things equipment, generating Internet of things data request information and sending the Internet of things data request information to the target Internet of things equipment;
and acquiring target Internet of things data sent by the target Internet of things equipment based on the Internet of things data request information, and sending the target Internet of things data to the target user terminal equipment.
4. The method for detecting intrusion of internet of things equipment based on digital signature as claimed in claim 1 or 2, wherein after the step of verifying the target user terminal equipment based on the digital signature information to determine whether the target user terminal equipment belongs to the intrusion equipment corresponding to the target internet of things equipment is executed, the method for detecting intrusion of internet of things equipment further comprises:
if the target user terminal equipment is determined to belong to the intrusion equipment corresponding to the target Internet of things equipment, generating Internet of things data protection notification information, and sending the Internet of things data protection notification information to the target Internet of things equipment, wherein the target Internet of things equipment is used for executing protection operation on target Internet of things data based on the Internet of things data protection notification information.
5. The method for detecting intrusion into internet of things equipment based on digital signature as claimed in claim 4, wherein after the step of sending the internet of things data protection notification information to the target internet of things equipment is executed, the method for detecting intrusion into internet of things equipment further comprises:
acquiring target internet of things data sent by the target internet of things device based on the internet of things data protection notification information, wherein the target internet of things device deletes the target internet of things data based on the internet of things data protection notification information after sending the target internet of things data;
and encrypting the target Internet of things data, and storing the encrypted target Internet of things data.
6. The method for detecting intrusion into internet of things equipment based on digital signature as claimed in claim 5, wherein after the step of obtaining the target internet of things data sent by the target internet of things equipment based on the internet of things data protection notification information is executed, the method for detecting intrusion into internet of things equipment further comprises:
generating new target internet of things data based on the target internet of things data, wherein the new target internet of things data comprises partial data in the target internet of things data;
and sending the new target Internet of things data to the target user terminal equipment.
7. The method for detecting intrusion into internet of things equipment based on digital signature as claimed in claim 6, wherein the step of generating new target internet of things data based on the target internet of things data comprises:
performing content identification processing on the target internet of things data to determine non-key data in the target internet of things data, wherein the importance degree of the non-key data is lower than a pre-target importance degree, and the target importance degree is generated based on configuration operation performed by a corresponding management user in response;
and generating new target internet of things data at least comprising part of the non-critical data.
8. The utility model provides a thing networking equipment intrusion detection device based on digital signature which characterized in that includes:
the operation abnormity determining module is used for determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not after the target query request information for information query of target Internet of things equipment by target user terminal equipment is acquired, wherein the target query request information is generated based on the information query operation performed by the target user terminal equipment in response to the corresponding target query user;
the signature information acquisition module is used for sending the generated digital signature request information to a target user terminal and acquiring digital signature information fed back by the target user terminal based on the digital signature request information when the information query operation corresponding to the target query request information belongs to abnormal operation;
and the intrusion device determining module is used for verifying the target user terminal device based on the digital signature information so as to determine whether the target user terminal device belongs to the intrusion device corresponding to the target Internet of things device.
9. The device for detecting intrusion into internet of things equipment based on digital signature as claimed in claim 8, wherein the signature information obtaining module is specifically configured to:
if the information query operation corresponding to the target query request information belongs to abnormal operation, generating corresponding digital signature request information;
sending the digital signature request information to the target user terminal to request to access the running log data of the target user terminal;
and acquiring the operation log data, and analyzing the operation log data to obtain digital signature information corresponding to the target user terminal.
10. The device for detecting intrusion of internet of things equipment based on digital signature as claimed in claim 8, further comprising:
and the internet of things data protection notification module is used for generating internet of things data protection notification information and sending the internet of things data protection notification information to the target internet of things device if the target user terminal device is determined to belong to the intrusion device corresponding to the target internet of things device, wherein the target internet of things device is used for executing protection operation on target internet of things data based on the internet of things data protection notification information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110769298.2A CN113486340A (en) | 2021-07-07 | 2021-07-07 | Internet of things equipment intrusion detection method and device based on digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110769298.2A CN113486340A (en) | 2021-07-07 | 2021-07-07 | Internet of things equipment intrusion detection method and device based on digital signature |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113486340A true CN113486340A (en) | 2021-10-08 |
Family
ID=77940944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110769298.2A Withdrawn CN113486340A (en) | 2021-07-07 | 2021-07-07 | Internet of things equipment intrusion detection method and device based on digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113486340A (en) |
-
2021
- 2021-07-07 CN CN202110769298.2A patent/CN113486340A/en not_active Withdrawn
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106992994B (en) | Automatic monitoring method and system for cloud service | |
| CN108989150B (en) | Login abnormity detection method and device | |
| US10686829B2 (en) | Identifying changes in use of user credentials | |
| CN108471429B (en) | Network attack warning method and system | |
| CN108683687B (en) | Network attack identification method and system | |
| CN106649831B (en) | Data filtering method and device | |
| CN107368856B (en) | Malicious software clustering method and device, computer device and readable storage medium | |
| CN110602135B (en) | Network attack processing method and device and electronic equipment | |
| CN110933115B (en) | Analysis object behavior abnormity detection method and device based on dynamic session | |
| CN112131249B (en) | Attack intention recognition method and device | |
| CN114020578A (en) | User portrait-based abnormal account detection method, device, equipment and medium | |
| CN111756745A (en) | Alarm method, alarm device and terminal equipment | |
| EP3053320A1 (en) | Method for detecting anomalies in network traffic | |
| CN113535823B (en) | Abnormal access behavior detection method and device and electronic equipment | |
| CN108763916B (en) | Service interface security assessment method and device | |
| CN113901441A (en) | User abnormal request detection method, device, equipment and storage medium | |
| CN112565228A (en) | Client network analysis method and device | |
| CN116738369A (en) | Traffic data classification method, device, equipment and storage medium | |
| CN113486340A (en) | Internet of things equipment intrusion detection method and device based on digital signature | |
| CN113486342A (en) | Information security processing method and system based on user behavior analysis | |
| CN113609111A (en) | Big data testing method and system | |
| CN115146263A (en) | User account collapse detection method and device, electronic equipment and storage medium | |
| CN109508541B (en) | Credible behavior library generation method based on semantic analysis | |
| CN113204476A (en) | User behavior data security detection method | |
| CN113328988A (en) | Network security verification method and system based on big data and cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211008 |
|
| WW01 | Invention patent application withdrawn after publication |