CN113660213A - Security detection method and device for terminal of Internet of things, electronic device and storage medium - Google Patents

Security detection method and device for terminal of Internet of things, electronic device and storage medium Download PDF

Info

Publication number
CN113660213A
CN113660213A CN202110845598.4A CN202110845598A CN113660213A CN 113660213 A CN113660213 A CN 113660213A CN 202110845598 A CN202110845598 A CN 202110845598A CN 113660213 A CN113660213 A CN 113660213A
Authority
CN
China
Prior art keywords
internet
things
terminal
information
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110845598.4A
Other languages
Chinese (zh)
Inventor
李瑞涛
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202110845598.4A priority Critical patent/CN113660213A/en
Publication of CN113660213A publication Critical patent/CN113660213A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The application relates to a security detection method, a security detection device, an electronic device and a storage medium for an Internet of things terminal, wherein the method comprises the following steps: acquiring process information of an Internet of things terminal; judging the processes in the terminal of the Internet of things according to the process information and a preset judgment strategy to obtain the safety index grade of each process in the terminal of the Internet of things and corresponding mark information; and completing the safety detection of the terminal of the Internet of things according to the safety index grade and the marking information. According to the method and the device, the problem that a safety detection method in the related technology greatly occupies local resources of each terminal, resource waste is caused, and the capability of timely discovering and disposing of virus trojan programs and illegal processes of the terminal of the Internet of things is limited is solved. The safety detection of a large number of lightweight Internet of things terminals is realized quickly and effectively, and the capability of timely discovering and disposing of virus trojan programs and illegal processes of the Internet of things terminals is improved.

Description

Security detection method and device for terminal of Internet of things, electronic device and storage medium
Technical Field
The application relates to the technical field of internet of things, in particular to a security detection method and device for an internet of things terminal, an electronic device and a storage medium.
Background
With the continuous construction of the internet of things, the times of interconnection of everything come, and a large number of intelligent terminals of the internet of things are applied to various industries. Meanwhile, the intelligent terminals become targets of attack of numerous hackers, and many terminals are implanted with virus Trojan horse programs and even become 'meat machines'. The terminal harm of being implanted with virus Trojan horse program or becoming broiler chicken is extremely large. Therefore, the security problem of the internet of things terminal is increasingly highlighted.
The current common security detection method is that each terminal is connected with a remote center, a virus library is installed locally at each terminal, the progress of each terminal is scanned, and whether the process is matched with the local virus library or not is analyzed. Once the matching is carried out, the local of each terminal can carry out alarming and searching and killing so as to realize the safety detection of the terminal of the Internet of things. However, the scheme greatly occupies local resources of each terminal, causes resource waste, and limits the capability of the terminal of the internet of things for timely discovering and disposing of virus trojan programs and illegal processes.
At present, aiming at a safety detection method in the related technology, local resources of each terminal are greatly occupied, resource waste is caused, the capability of timely discovering and disposing virus trojan programs and illegal processes of terminals of the internet of things is limited, and an effective solution is not provided.
Disclosure of Invention
The embodiment of the application provides a security detection method and device for an Internet of things terminal, an electronic device and a storage medium, and aims to at least solve the problems that local resources of each terminal are greatly occupied by the security detection method in the related technology, so that resource waste is caused, and the capability of the Internet of things terminal in timely discovering and disposing of virus trojan programs and illegal processes is limited.
In a first aspect, an embodiment of the present application provides a security detection method for an internet of things terminal, including:
acquiring process information of an Internet of things terminal;
judging the processes in the terminal of the Internet of things according to the process information and a preset judgment strategy to obtain the safety index grade and corresponding mark information of each process in the terminal of the Internet of things;
and completing the safety detection of the Internet of things terminal according to the safety index grade and the marking information.
In some embodiments, the evaluating the processes in the terminal of the internet of things according to the process information and a preset evaluation policy to obtain the security index level and the corresponding tag information of each process in the terminal of the internet of things includes:
and judging the processes in the Internet of things terminals with the same area and the same model according to the process information and a preset judgment strategy to obtain the safety index grade and the corresponding mark information of each process in the Internet of things terminal.
In some embodiments, the evaluating the processes in the terminals of the internet of things of the same area and the same model according to the process information and a preset evaluation policy to obtain the security index level and the corresponding label information of each process in the terminals of the internet of things includes:
carrying out region division and model classification on the Internet of things terminal according to preset dimension information and the process information so as to count the process information of the Internet of things terminals in the same region and the same model;
and judging the processes in the Internet of things terminals with the same area and the same model according to the counted process information and a preset judgment strategy to obtain the safety index grade and the corresponding mark information of each process in the Internet of things terminal.
In some embodiments, the evaluating the processes in the terminals of the internet of things of the same area and the same model according to the counted process information and a preset evaluation policy to obtain the security index level and the corresponding label information of each process in the terminals of the internet of things includes:
judging the processes in the terminals of the Internet of things with the same model in the same region according to the counted process information;
and if the current process belongs to all shared processes of the terminals of the Internet of things with the same type in the same region, the security index level of the current process is a first-level security level, and first-level marking information is generated.
In some embodiments, the security detection method for the terminal of the internet of things further includes:
and if the current process belongs to part of shared processes of the terminals of the Internet of things with the same type in the same region, the security index grade of the current process is a secondary security grade, and secondary marking information is generated.
In some embodiments, the security detection method for the terminal of the internet of things further includes:
and if the current process belongs to the unique process of the Internet of things terminals in the same region and the same model, the security index level of the current process is a third-level security level, and third-level marking information is generated.
In some embodiments, the completing the security detection of the terminal of the internet of things according to the security index rating and the tag information includes:
and generating corresponding instruction information according to the safety index grade and the marking information, and carrying out safety detection on the Internet of things terminal according to the instruction information so as to complete the safety detection of the Internet of things terminal.
In a second aspect, an embodiment of the present application provides a security detection device for an internet of things terminal, including an acquisition module, a judgment module, and a security detection module;
the acquisition module is used for acquiring process information of the terminal of the Internet of things;
the judging module is used for judging the processes in the terminal of the Internet of things according to the process information and a preset judging strategy to obtain the safety index grade and the corresponding mark information of each process in the terminal of the Internet of things;
and the safety detection module is used for completing the safety detection of the terminal of the Internet of things according to the safety index grade and the marking information.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor, when executing the computer program, implements the method for detecting security of an internet of things terminal according to the first aspect.
In a fourth aspect, an embodiment of the present application provides a storage medium, on which a computer program is stored, where the program, when executed by a processor, implements the method for detecting security of an internet of things terminal according to the first aspect.
Compared with the related art, the method, the device, the electronic device and the storage medium for detecting the safety of the terminal of the internet of things provided by the embodiment of the application acquire the process information of the terminal of the internet of things; judging the processes in the terminal of the Internet of things according to the process information and a preset judgment strategy to obtain the safety index grade of each process in the terminal of the Internet of things and corresponding mark information; and completing the safety detection of the terminal of the Internet of things according to the safety index grade and the marking information. The method solves the problems that the security detection method in the related technology greatly occupies local resources of each terminal, causes resource waste, and limits the capability of the terminal of the Internet of things for timely discovering and disposing of virus trojan programs and illegal processes. The safety detection of a large number of lightweight Internet of things terminals is realized quickly and effectively, and the capability of timely discovering and disposing of virus trojan programs and illegal processes of the Internet of things terminals is improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware structure of a terminal device in a security detection method for an internet of things terminal according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a security detection system of an internet of things terminal according to an embodiment of the present application;
fig. 3 is a flowchart of a security detection method for an internet of things terminal according to an embodiment of the present application;
fig. 4 is a flowchart of a security detection method for an internet of things terminal according to the preferred embodiment of the present application;
fig. 5 is a block diagram of a security detection device of an internet of things terminal according to an embodiment of the present application.
In the figure: 210. an acquisition module; 220. a judging module; 230. and a safety detection module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. Based on the examples provided herein, all other examples that would be available to one of ordinary skill in the art without making any inventive step are within the scope of this disclosure. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference herein to "a plurality" means greater than or equal to two. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The method provided by the embodiment can be executed in a terminal, a computer or a similar operation device. Taking an operation on a terminal as an example, fig. 1 is a hardware structure block diagram of the terminal of the security detection method of the internet of things terminal according to the embodiment of the present invention. As shown in fig. 1, the terminal 10 may include one or more (only one shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, and optionally may also include a transmission device 106 for communication functions and an input-output device 108. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration and is not intended to limit the structure of the terminal. For example, the terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program and a module of application software, such as a computer program corresponding to the security detection method of the terminal of the internet of things in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, so as to implement the method described above. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the terminal 10. In one example, the transmission device 106 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In the prior art, a large number of terminals (terminals) of the internet of things are connected with a remote center, a virus library is installed locally at each terminal of the internet of things, processes of the terminals are scanned, and whether the terminals are matched with the local virus library or not is analyzed. Once the matching is carried out, the local of each terminal can carry out alarming and searching and killing so as to realize the safety detection of the terminal of the Internet of things. Fig. 2 shows a schematic structural diagram of a security detection system of an internet of things terminal in an embodiment, where an area 1 includes 3 terminals, namely a terminal 1, a terminal 2, and a terminal 3; the terminal 1 comprises 7 processes of P1, P2, P3, P4, P5, P6 and P7; terminal 2 includes 7 processes of P1, P2, P3, P4, P5, P7, P8; the terminal 3 comprises 5 processes of P1, P2, P3, P4 and P6; the remote center X only needs to acquire the process information of the Internet of things terminal and judge according to the process information and a preset judging strategy, so that the efficiency of safety detection on a large number of light-weight Internet of things terminals is greatly improved, the resource requirement on each Internet of things terminal is reduced, and the method and the device are suitable for the Internet of things terminals with limited resources and computing power.
The embodiment provides a security detection method for an internet of things terminal, fig. 3 is a flowchart of the security detection method for the internet of things terminal according to the embodiment of the present application, and as shown in fig. 3, the flowchart includes the following steps:
step S210, acquiring process information of the terminal of the Internet of things;
step S220, judging the processes in the terminal of the Internet of things according to the process information and a preset judgment strategy to obtain the safety index grade and corresponding mark information of each process in the terminal of the Internet of things;
and step S230, completing the safety detection of the terminal of the Internet of things according to the safety index grade and the marking information.
It should be noted that each terminal of the internet of things only needs to transmit the collected process information to the remote center, and does not need to scan and analyze the process of the terminal. In general, the process information of each internet of things terminal can be collected by using an embedded Agent. The embedded Agent refers to an embedded terminal SDK plug-in unit, and can acquire process information in real time and upload the process information to a remote center. Of course, each terminal of the internet of things can acquire process information in a whole amount by using a background command or a system interface and upload the process information to the remote center. The process information herein refers to attribute information (fingerprint information) of the process, and for example, the process information includes, but is not limited to, a process ID, a process name, an operation parameter, a user name, an MD5 value, and the like. That is to say, the process information of each process includes, but is not limited to, a process ID, a process name, an operation parameter, a user name, an MD5 value, and the like, so that at the remote center, the process can be evaluated according to the process information of each process.
The terminal only acquires process information to upload, and the method has the characteristics of lighter uploaded data, reduced data transmission, reduced terminal resource consumption and reduced data leakage risk. Judging the processes in the terminal of the Internet of things in the remote center according to the process information and a preset judgment strategy to obtain the safety index grade and corresponding mark information of each process in the terminal of the Internet of things; and the remote center feeds the safety index grade and the corresponding marking information back to each terminal, and finally, each terminal quickly and effectively completes the safety detection of the terminal of the Internet of things according to the safety index grade and the marking information.
Through the steps, the problem that the security detection method in the related technology greatly occupies local resources of each terminal, resource waste is caused, and the capability of timely discovering and disposing of virus trojan programs and illegal processes of the terminal of the Internet of things is limited is solved. The safety detection of a large number of lightweight Internet of things terminals is realized quickly and effectively, and the capability of timely discovering and disposing of virus trojan programs and illegal processes of the Internet of things terminals is improved.
In a preferred embodiment, as shown in FIG. 4, the following steps are included;
step S210, acquiring process information of the terminal of the Internet of things;
step S221, according to the process information and a preset judgment strategy, judging the processes in the Internet of things terminals in the same region and the same model to obtain the safety index grade and corresponding mark information of each process in the Internet of things terminal;
and step S230, completing the safety detection of the terminal of the Internet of things according to the safety index grade and the marking information.
Here, step S221 is referred to. Firstly, carrying out region division and model classification on the terminals of the Internet of things according to preset dimension information and process information so as to count the process information of the terminals of the Internet of things with the same region and the same model;
secondly, according to the counted process information and a preset judgment strategy, the processes in the terminals of the internet of things with the same area and the same model are judged, and the safety index grade and the corresponding mark information of each process in the terminals of the internet of things are obtained.
In the embodiment, the processes in the terminals of the internet of things with the same area and the same model are judged, so that the operation efficiency can be effectively improved. And judging whether the terminals belong to the same region or not, and performing region division on the terminals of the internet of things according to preset dimension information to obtain the terminals of the internet of things. The preset dimension information includes dimension information not limited to network isolation, physical isolation, terminal type and the like. By utilizing the dimension information, the terminal of the internet of things can be divided into an area 1, an area 2, an area 3 and the like. And judging whether the terminals belong to the same model or not, and classifying the models of the terminals of the internet of things according to the model information in the process information. In one embodiment, the model information may also be acquired separately to classify the model of the terminal of the internet of things. Because the services of the internet of things terminals of the same model in the same region are basically consistent, the running process information should also be basically consistent. The process information of all the internet of things terminals with the same type in the same region is analyzed by using the process difference of the same terminal, the security index grade of the process can be obtained according to the counted process information and the preset judging strategy, the process file does not need to be analyzed and checked, and the security detection is simply and quickly carried out.
In other embodiments, the process in the terminal of the internet of things in the same area may be judged, or the process in the terminal of the internet of things may be directly judged, which only puts higher requirements on the performance of the remote center and reduces the operating efficiency.
The following explains the specific evaluation process:
in some embodiments, the method comprises the following steps of judging the processes in the terminals of the internet of things with the same model in the same region according to the counted process information and a preset judgment strategy to obtain the safety index grade and corresponding mark information of each process in the terminals of the internet of things;
judging the processes in the terminals of the Internet of things with the same model in the same region according to the counted process information;
if the current process belongs to all shared processes of the terminals of the Internet of things with the same type in the same region, the security index level of the current process is a first-level security level, and first-level marking information is generated;
and if the current process belongs to part of shared processes of the terminals of the Internet of things with the same type in the same region, the security index grade of the current process is a secondary security grade, and secondary marking information is generated.
And if the current process belongs to the unique process of the Internet of things terminals in the same region and the same model, the security index level of the current process is a third-level security level, and third-level marking information is generated.
In this embodiment, all the shared processes mean that the current process exists in each internet of things terminal of the same type in the same area, and then the process is of a first-level security level. The first-level security level can be understood as the highest level of security level, which indicates the security of the current process, and the first-level marking information is the high-level marking information of the highest level of security level, which indicates that each terminal does not need to process the process. Of course, the first-level flag information may not be generated if the security index level is the first-level security level. The partial shared process means that part of the current process exists in each internet of things terminal with the same model in the same region, and the process is of a secondary security level. The method can be determined according to the running quantity proportion of each process in the same region and the same type terminal, and the secondary safety level is generally 2% -99%; the second-level security level can be understood as a security level middle level, which indicates that the current process has certain dangerousness, and the second-level marking information is the middle-level marking information of the security level, which indicates that each terminal needs to process the process. Of course, in order to improve the accuracy of the security detection, the secondary label information may also be used to allow each terminal to warn and detect the corresponding process. The unique process means that the current process only exists singly in all terminals of the internet of things with the same model in the same region, and the process is in a three-level security level. The third-level security level can be understood as the lowest security level, which indicates that the current process is dangerous, and the third-level marking information is the low-level marking information of the lowest security level, which indicates that each terminal needs to perform high-risk alarm, detailed inspection or direct killing on the process.
In one embodiment, the safety index grade can also be judged by using the score value. For example, the score of the process safety index grade is determined according to the running quantity proportion of each process in the same area and the same model terminal, and the score of the process safety index grade is the highest 100 scores and the lowest 1 score. Specifically, the processes are operated in the region to which 100% of the terminals are operated, and can be scored as 100 points, so that the processes are considered to be very safe and extremely low in risk. Then the process is at a level of security. 80-100 points may be considered a first level of security. And 50% of terminals of the process in the region are operated, 50 points can be marked, and intermediate danger alarm can be performed, so that certain danger exists. Then the process is at a secondary security level. Scores of 40-79 may all be considered secondary levels of security. No other terminal runs in the process in the area, the score of 1 can be marked, and high-risk alarming, detailed inspection or direct searching and killing can be carried out. Then the process is at a level of three security levels. Scores of 1-39 can all be considered as three levels of security. In other embodiments, the scores may be adjusted to classify the safety level according to actual conditions. For example, the first level security level is 90-100 points; the secondary safety level is 35-89 points; the third level of safety is 1-34 points. This is not limiting.
In some embodiments, step S230 includes the following steps;
and generating corresponding instruction information according to the safety index grade and the marking information, and carrying out safety detection on the terminal of the Internet of things according to the instruction information so as to complete the safety detection of the terminal of the Internet of things.
The generated instruction information is different according to the security index grade and the marking information. For example, the instruction information generated by the secondary security level is a medium-risk warning instruction. The third-level safety level generates a high-risk alarm instruction, a detailed inspection instruction or a direct searching and killing instruction. And processing the corresponding process by each Internet of things terminal according to the instruction information so as to complete the safety detection of the Internet of things terminal.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here.
The embodiment also provides a security detection device for the terminal of the internet of things, which is used for implementing the above embodiments and preferred embodiments, and the description of the device is omitted. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 5 is a block diagram illustrating a security detection apparatus of an internet of things terminal according to an embodiment of the present application, and as shown in fig. 5, the apparatus includes an obtaining module 210, an evaluating module 220, and a security detection module 230;
an obtaining module 210, configured to obtain process information of the terminal of the internet of things;
the judging module 220 is configured to judge the processes in the terminal of the internet of things according to the process information and a preset judging strategy to obtain a security index level and corresponding mark information of each process in the terminal of the internet of things;
and the security detection module 230 is configured to complete security detection of the internet of things terminal according to the security index level and the tag information.
Through the steps, the problem that the security detection method in the related technology greatly occupies local resources of each terminal, resource waste is caused, and the capability of timely discovering and disposing of virus trojan programs and illegal processes of the terminal of the Internet of things is limited is solved. The safety detection of a large number of lightweight Internet of things terminals is realized quickly and effectively, and the capability of timely discovering and disposing of virus trojan programs and illegal processes of the Internet of things terminals is improved.
In some of these embodiments, the evaluation module 220 comprises an evaluation unit; and the judging unit is used for judging the processes in the terminals of the internet of things with the same area and the same model according to the process information and a preset judging strategy to obtain the safety index grade of each process in the terminal of the internet of things and the corresponding mark information.
In some embodiments, the judging unit is further configured to perform region division and model classification on the internet of things terminals according to preset dimension information and process information, so as to count the process information of the internet of things terminals in the same region and the same model;
and judging the processes in the terminals of the internet of things with the same model in the same region according to the counted process information and a preset judgment strategy to obtain the safety index grade and the corresponding mark information of each process in the terminals of the internet of things.
In some embodiments, the security detection module 230 is further configured to generate corresponding instruction information according to the security index level and the tag information, and perform security detection on the terminal of the internet of things according to the instruction information, so as to complete security detection of the terminal of the internet of things.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
The present embodiment also provides an electronic device comprising a memory having a computer program stored therein and a processor configured to execute the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, acquiring process information of the terminal of the Internet of things;
s2, judging the processes in the terminal of the Internet of things according to the process information and a preset judgment strategy to obtain the safety index grade and corresponding mark information of each process in the terminal of the Internet of things;
and S3, completing the safety detection of the Internet of things terminal according to the safety index grade and the marking information.
It should be noted that, for specific examples in this embodiment, reference may be made to examples described in the foregoing embodiments and optional implementations, and details of this embodiment are not described herein again.
In addition, by combining the security detection method of the internet of things terminal in the above embodiments, the embodiments of the present application can be implemented by providing a storage medium. The storage medium having stored thereon a computer program; when executed by the processor, the computer program realizes the security detection method of the internet of things terminal in any one of the embodiments.
It should be understood by those skilled in the art that various features of the above-described embodiments can be combined in any combination, and for the sake of brevity, all possible combinations of features in the above-described embodiments are not described in detail, but rather, all combinations of features which are not inconsistent with each other should be construed as being within the scope of the present disclosure.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which is within the scope of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A safety detection method for an Internet of things terminal is characterized by comprising the following steps:
acquiring process information of an Internet of things terminal;
judging the processes in the terminal of the Internet of things according to the process information and a preset judgment strategy to obtain the safety index grade and corresponding mark information of each process in the terminal of the Internet of things;
and completing the safety detection of the Internet of things terminal according to the safety index grade and the marking information.
2. The method for detecting the security of the terminal of the internet of things according to claim 1, wherein the step of judging the processes in the terminal of the internet of things according to the process information and a preset judgment strategy to obtain the security index level and the corresponding mark information of each process in the terminal of the internet of things comprises the steps of:
and judging the processes in the Internet of things terminals with the same area and the same model according to the process information and a preset judgment strategy to obtain the safety index grade and the corresponding mark information of each process in the Internet of things terminal.
3. The method for detecting the security of the terminal of the internet of things according to claim 2, wherein the step of judging the processes in the terminal of the internet of things with the same type in the same area according to the process information and a preset judgment strategy to obtain the security index level and the corresponding mark information of each process in the terminal of the internet of things comprises the steps of:
carrying out region division and model classification on the Internet of things terminal according to preset dimension information and the process information so as to count the process information of the Internet of things terminals in the same region and the same model;
and judging the processes in the Internet of things terminals with the same area and the same model according to the counted process information and a preset judgment strategy to obtain the safety index grade and the corresponding mark information of each process in the Internet of things terminal.
4. The method for detecting the security of the terminal of the internet of things according to claim 3, wherein the step of judging the processes in the terminal of the internet of things with the same model in the same area according to the counted process information and a preset judgment strategy to obtain the security index level and the corresponding mark information of each process in the terminal of the internet of things comprises the steps of:
judging the processes in the terminals of the Internet of things with the same model in the same region according to the counted process information;
and if the current process belongs to all shared processes of the terminals of the Internet of things with the same type in the same region, the security index level of the current process is a first-level security level, and first-level marking information is generated.
5. The security detection method for the terminal of the internet of things according to claim 4, further comprising:
and if the current process belongs to part of shared processes of the terminals of the Internet of things with the same type in the same region, the security index grade of the current process is a secondary security grade, and secondary marking information is generated.
6. The security detection method for the terminal of the internet of things according to claim 4, further comprising:
and if the current process belongs to the unique process of the Internet of things terminals in the same region and the same model, the security index level of the current process is a third-level security level, and third-level marking information is generated.
7. The method for detecting the security of the terminal of the internet of things according to claim 1, wherein the completing the security detection of the terminal of the internet of things according to the security index level and the tag information comprises:
and generating corresponding instruction information according to the safety index grade and the marking information, and carrying out safety detection on the Internet of things terminal according to the instruction information so as to complete the safety detection of the Internet of things terminal.
8. A safety detection device of an Internet of things terminal is characterized by comprising an acquisition module, a judgment module and a safety detection module;
the acquisition module is used for acquiring process information of the terminal of the Internet of things;
the judging module is used for judging the processes in the terminal of the Internet of things according to the process information and a preset judging strategy to obtain the safety index grade and the corresponding mark information of each process in the terminal of the Internet of things;
and the safety detection module is used for completing safety detection of the Internet of things terminal according to the safety index grade and the marking information.
9. An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the method for detecting the security of the internet of things terminal according to any one of claims 1 to 7.
10. A storage medium, in which a computer program is stored, wherein the computer program is configured to execute the security detection method of the terminal of the internet of things according to any one of claims 1 to 7 when running.
CN202110845598.4A 2021-07-26 2021-07-26 Security detection method and device for terminal of Internet of things, electronic device and storage medium Withdrawn CN113660213A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110845598.4A CN113660213A (en) 2021-07-26 2021-07-26 Security detection method and device for terminal of Internet of things, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110845598.4A CN113660213A (en) 2021-07-26 2021-07-26 Security detection method and device for terminal of Internet of things, electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN113660213A true CN113660213A (en) 2021-11-16

Family

ID=78478693

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110845598.4A Withdrawn CN113660213A (en) 2021-07-26 2021-07-26 Security detection method and device for terminal of Internet of things, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN113660213A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180295148A1 (en) * 2017-04-06 2018-10-11 Fortinet, Inc. Predicting the risk associated with a network flow, such as one involving an iot device, and applying an appropriate level of security inspection based thereon
CN111783099A (en) * 2020-06-18 2020-10-16 杭州海康威视数字技术股份有限公司 Equipment safety analysis method, device and equipment
CN112579393A (en) * 2020-12-21 2021-03-30 广东电网有限责任公司梅州供电局 Self-checking method and device for Internet of things terminal, terminal and storage medium
CN112615873A (en) * 2020-12-23 2021-04-06 苏州三六零智能安全科技有限公司 Internet of things equipment safety detection method, equipment, storage medium and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180295148A1 (en) * 2017-04-06 2018-10-11 Fortinet, Inc. Predicting the risk associated with a network flow, such as one involving an iot device, and applying an appropriate level of security inspection based thereon
CN111783099A (en) * 2020-06-18 2020-10-16 杭州海康威视数字技术股份有限公司 Equipment safety analysis method, device and equipment
CN112579393A (en) * 2020-12-21 2021-03-30 广东电网有限责任公司梅州供电局 Self-checking method and device for Internet of things terminal, terminal and storage medium
CN112615873A (en) * 2020-12-23 2021-04-06 苏州三六零智能安全科技有限公司 Internet of things equipment safety detection method, equipment, storage medium and device

Similar Documents

Publication Publication Date Title
US10257222B2 (en) Cloud checking and killing method, device and system for combating anti-antivirus test
CN112100545A (en) Visualization method, device and equipment of network assets and readable storage medium
CN112070120A (en) Threat information processing method, device, electronic device and storage medium
CN113422759B (en) Vulnerability scanning method, electronic device and storage medium
CN109951469A (en) A kind of method, apparatus, storage medium and server creating domain name black and white lists
CN111901326B (en) Multi-device intrusion detection method, device, system and storage medium
CN105094278B (en) A kind of information processing method and device
CN105229602B (en) Efficient DVCS storage systems
CN113554056A (en) Network asset aggregation method, device, electronic device and storage medium
CN113660213A (en) Security detection method and device for terminal of Internet of things, electronic device and storage medium
CN113505367A (en) Security audit method, device, system, electronic device and readable storage medium
CN109729126A (en) Method for pushing, device, storage medium and the processor of textual resources
CN112184166A (en) Data reporting method, device, equipment and readable storage medium of business system
CN112784025B (en) Method and device for determining target event
CN110807104B (en) Method and device for determining abnormal information, storage medium and electronic device
CN110532758B (en) Risk identification method and device for group
CN113609396A (en) Method, system, electronic device and storage medium for collecting clues of network-related events
Wang et al. Time-efficient missing tag identification in an open RFID system
CN110110081B (en) Hierarchical classification processing method and system for mobile internet mass monitoring data
CN114398887A (en) Text classification method and device and electronic equipment
CN109739858A (en) Data classification storage method, device and electronic equipment based on ANSI C12.19
CN112149128A (en) Vulnerability processing method and device of user-defined flow, electronic device and medium
CN114338814B (en) Data sharing processing method and system based on block chain
CN112506991B (en) Method, system, electronic device and storage medium for parallel processing
Yin et al. Efficient protocols for rule checking in rfid systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20211116

WW01 Invention patent application withdrawn after publication