CN114499953B - Intelligent security method and device for privacy information based on flow analysis - Google Patents
Intelligent security method and device for privacy information based on flow analysis Download PDFInfo
- Publication number
- CN114499953B CN114499953B CN202111592810.7A CN202111592810A CN114499953B CN 114499953 B CN114499953 B CN 114499953B CN 202111592810 A CN202111592810 A CN 202111592810A CN 114499953 B CN114499953 B CN 114499953B
- Authority
- CN
- China
- Prior art keywords
- data
- flow
- privacy
- security processing
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000005206 flow analysis Methods 0.000 title claims abstract description 11
- 238000012545 processing Methods 0.000 claims abstract description 50
- 238000007405 data analysis Methods 0.000 claims abstract description 8
- 238000004458 analytical method Methods 0.000 claims description 17
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000013473 artificial intelligence Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 6
- 238000013528 artificial neural network Methods 0.000 claims description 4
- 238000013500 data storage Methods 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 238000007619 statistical method Methods 0.000 claims description 3
- 238000012549 training Methods 0.000 claims description 3
- 230000000007 visual effect Effects 0.000 claims description 3
- 239000002699 waste material Substances 0.000 claims description 3
- 239000000523 sample Substances 0.000 claims 1
- 241000282326 Felis catus Species 0.000 abstract description 4
- 238000012544 monitoring process Methods 0.000 abstract description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000013461 design Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 102100026278 Cysteine sulfinic acid decarboxylase Human genes 0.000 description 1
- 235000007189 Oryza longistaminata Nutrition 0.000 description 1
- 240000007594 Oryza sativa Species 0.000 description 1
- 235000007164 Oryza sativa Nutrition 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 108010064775 protein C activator peptide Proteins 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/75—Information technology; Communication
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/10—Detection; Monitoring
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/20—Analytics; Diagnosis
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Biomedical Technology (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a privacy information intelligent security method and device based on flow analysis, comprising a wireless router, an intranet security processing device, a detector service program, a WAN, a router hot spot, a light cat, an intelligent terminal and a database. The beneficial effects of the invention are as follows: by using the information acquisition equipment in the intelligent environment, the access flow is monitored in the aspects of images, audios, videos and the like, the monitored flow is subjected to data analysis and necessary data reduction, sensitive user information and user privacy are processed in real time, on the basis, the design scheme can prevent the information acquisition equipment from leaking to the Internet through the Internet of things, the safety of the user privacy is effectively protected, the demonstration environment for monitoring the personal privacy flow is built aiming at the intelligent environment, the information acquisition equipment is displayed, the real-time information outgoing condition and the historical flow condition are in the aspects of images, audios, videos and the like, and the sensitive information outgoing behavior is judged.
Description
Technical Field
The invention relates to intelligent security equipment, in particular to a privacy information intelligent security method and equipment based on flow analysis, and belongs to the technical fields of information security technology and the Internet of things.
Background
With the development of the internet of things, intelligent environments (such as intelligent home) are increasingly connected with the internet, the development of 'everything interconnection' is also faster, and the possibility that personal privacy is revealed in the intelligent environments is increased.
In the prior art
The technical scheme mainly relates to the technical fields of intrusion detection of information security, security gateways, virus firewalls and the like. The suspicious access to the external network is judged to be an intrusion behavior by erecting and processing PC equipment or miniaturized embedded processing equipment at the wireless router and the proxy gateway, and the external access of the internal network is a virus and Trojan behavior and an internal and external unauthorized access behavior. At present, no related safety protection technology for collecting and analyzing the flow of the intranet user of the intelligent home is available. Meanwhile, the flow collection and analysis technology is mainly applied to the fields of network management, intranet access control and the like at present and is used for analyzing abnormal flow of a data center network, information leakage in an organization and the like. The method uses a packet capturing program, such as a tcpdump and other real-time packet capturing programs, analyzes captured data packets, judges the specific content of flow and related applications to achieve the purpose of network management, and therefore, the technical background related to the invention is data acquisition, data recovery and analysis, real-time information monitoring, sensitive information leakage judgment and control with information security.
Disclosure of Invention
The invention aims to provide a privacy information intelligent security method and device based on flow analysis.
The invention realizes the above purpose through the following technical scheme: a privacy information intelligent security equipment based on flow analysis includes
The intranet safety processing equipment is used for accessing the extranet resource file to carry out privacy detection, setting a router port mirror image in the intranet, mirroring the internet port flow to a certain LAN port, directly connecting to the PC terminal, and grabbing and analyzing the flow packet by a detector service program of the PC terminal;
The wireless router is used for obtaining traffic, the WAN port of the wireless router is directly connected with a light cat through an RJ45 line, an IPV4 address of the wireless router is obtained, the router is started to hot-receive an access request of a home intelligent terminal, the light cat provides a DHCP service, an IP address is distributed to the intelligent device, and the Internet surfing request is supported.
As still further aspects of the invention: the detector service program of the intranet security processing equipment can acquire the mobile phone model or the PC model of the intelligent terminal, can identify the resource type accessed by the equipment, and cannot process the message encrypted by HTTPS.
As still further aspects of the invention: the intranet security processing device pays attention to the specific access Type with Content-Type being video, audio, image, text categories in the http protocol, and can also add application identification of other categories.
As still further aspects of the invention: the detector service program can establish an artificial neural network analysis model based on artificial intelligence based on information such as ip address, flow size, access domain name, flow direction and the like of the intranet intelligent equipment for encrypted flow or binary flow.
As still further aspects of the invention: and the detector service program generates a risk alarm in real time when an unauthorized private data external transmission server occurs according to the defined private data category, and generates a short message notification and a mobile phone mail notification or directly sends the risk alarm to a mobile phone APP.
As still further aspects of the invention: the intranet security processing equipment is connected with a database through a detector service program, and can store data in the database according to the specific category of the restored multimedia file according to the configured storage scheme; for https protocol data, binary storage is performed in a database.
The intelligent security equipment for the privacy information based on the flow analysis comprises the following steps:
1. Data acquisition
In order to perform intranet security protection, firstly, internal and external data transmission generated on various home intelligent terminals needs to be collected and uniformly transmitted to intranet security processing equipment;
2. Data cleansing
Since much of the data transmitted on the acquisition device is not of interest to the intranet secure processing device;
3. Data analysis
The acquired data are data link layer protocol data, read head data are needed for the data link layer protocol data according to a TCP/IP protocol stack, the packet body data are disassembled, the protocol data are restored layer by layer until the application layer data, and the intranet safety processing equipment can gradually take some key field values of the protocol data in the process;
For https protocol data, except that a handshake data packet for establishing connection is clear text, once the handshake is completed, an encryption key and an encryption algorithm are determined, and even if 443 port data can be grabbed, all the data are ciphertext, so that the specific content of the data cannot be known;
4. Data reduction
The intranet security processing equipment needs to accumulate application data according to the category of the content type accessed by the home intelligent terminal, determine a start point and an end point according to the sequence number of the packet, sort application layer data packets, and finally finish the action of writing in files to restore the files such as audio, video, images and the like accessed by the intelligent equipment;
5. data storage
According to the multimedia file restored in the previous step, the intranet security processing equipment can store data of specific categories of the restored multimedia file according to a configured storage scheme, and can binary store the data of the type according to user setting although the data content cannot be known for https protocol data;
6. Device identification
In the data analysis step, the DHCP ports (67, 68) in dhcpv-4 protocol are subjected to data filtration, and the protocol data packet is captured, so that the equipment name of the intranet security processing equipment can be obtained, and the model and the hardware type of the equipment can be further obtained;
7. Application identification
Because the privacy security of the smart home user mainly relates to the multimedia access of the user, the intranet security processing equipment needs to pay attention to the specific access type in the http protocol;
8. Model-based intelligent analysis
For encrypted traffic or binary traffic, an artificial intelligence-based analysis model can be established based on information such as ip address, traffic size, access domain name, traffic direction and the like of the intranet security processing equipment, particularly for encrypted traffic, under the condition that known information is limited, data such as flow speed size, domain name field, traffic direction, handshake information and the like of the traffic are modeled, and the encrypted data can be utilized in a waste way;
9. Real-time alert
According to the defined privacy data category, when an unauthorized privacy data external transmission server occurs, generating a risk alarm in real time, generating a short message notification and a mobile phone mail notification, or directly sending the risk alarm to a mobile phone APP, wherein a user directly acquires an alarm prompt occurring on the current intranet security processing equipment on the mobile phone;
10. Statistical display
The device data is statistically analyzed and displayed from the dimensions of the device, the flow, the application, the alarm and the like, the intranet safety processing device can be provided with a database for storing various processed information, and is connected to the database through a display interface to carry out statistical analysis and visual display on the data;
11. Report generation
Based on the traffic, application and alert statistics and associated information over a specified period of time (day/week/month), an intelligent device privacy analysis report is generated in units of devices.
The beneficial effects of the invention are as follows: by using the information acquisition equipment in the intelligent environment, the access flow is monitored in the aspects of images, audios, videos and the like, the monitored flow is subjected to data analysis and necessary data reduction, sensitive user information and user privacy are processed in real time, on the basis, the design scheme can prevent the information acquisition equipment from leaking to the Internet through the Internet of things, the safety of the user privacy is effectively protected, the demonstration environment for monitoring the personal privacy flow is built aiming at the intelligent environment, the information acquisition equipment is displayed, the real-time information outgoing condition and the historical flow condition are in the aspects of images, audios, videos and the like, and the sensitive information outgoing behavior is judged.
Drawings
FIG. 1 is a schematic diagram of a hardware device according to the present invention.
In the figure: 1. the system comprises a wireless router, 2, intranet safety processing equipment, 3, a detector service program, 4, a WAN,5, a router hot spot, 6, a cat, 7, a home intelligent terminal, 8 and a database.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1, a privacy information intelligent security device based on flow analysis includes
The intranet security processing equipment 2 is used for accessing the extranet resource file to carry out privacy detection, setting a router port mirror image in the intranet, mirroring the internet port flow to a certain LAN port, directly connecting to the PC terminal, and grabbing and analyzing the flow packet by the detector service program 3 of the PC terminal;
the wireless router 1 is used for obtaining traffic, the WAN4 port of the wireless router is directly connected with the optical modem 6 through an RJ45 line to obtain an IPV4 address of surfing the Internet, the router hot spot 5 is started to receive an access request of the home intelligent terminal 7, the optical modem 6 provides a DHCP service, an IP address is distributed to the intelligent equipment, and the Internet surfing request is supported.
In the embodiment of the invention, the detector service program 3 of the intranet security processing device 2 can acquire the mobile phone model or the PC model of the intelligent terminal 7, can identify the resource type accessed by the device, and cannot process the message encrypted by HTTPS.
In the embodiment of the present invention, the intranet security processing device 2 pays attention to the specific access Type with Content-Type being video, audio, image, text in the http protocol, and may also add application identification of other types.
In the embodiment of the invention, the detector service program 3 can establish an artificial neural network analysis model based on artificial intelligence based on information such as ip address, flow size, access domain name, flow direction and the like of the intranet intelligent equipment for encrypted flow or binary flow.
In the embodiment of the present invention, the detector service program 3 generates a risk alarm in real time when an unauthorized private data external transmission server occurs according to a defined private data category, and generates a short message notification, a mobile phone mail notification, or directly sends the risk alarm to the mobile phone APP.
In the embodiment of the invention, the intranet security processing device 2 is connected with the database 8 through the detector service program 3, and the intranet security processing device 2 can store data in the database 8 for the specific category of the restored multimedia file according to the configured storage scheme; for https protocol data, binary storage is performed in the database 8.
Example two
A privacy information intelligent security method based on flow analysis comprises the following steps:
1. Data acquisition
In order to perform intranet security protection, first, internal and external data transmission generated on various home intelligent terminals 7 of the intranet needs to be collected and uniformly transmitted to intranet security processing equipment 2;
2. Data cleansing
Because many data transmitted on the collection device are not data concerned by the intranet security processing device 2, for example, the mere network access actions of news, headlines and the like do not cause the leakage of the privacy of the user, the data needs to be filtered out, and the rest of privacy-related data information is transmitted to the intranet security processing device 2;
3. Data analysis
The collected data is data link layer protocol data, read head data are needed for the data link layer protocol data according to a TCP/IP protocol stack, the packet body data are disassembled, the protocol data are restored layer by layer until the application layer data, and the intranet security processing equipment 2 can gradually take some key field values of the protocol data in the process, for example: the data is http protocol data, and the accessed content types are audio, video and image types;
For https protocol data, except that a handshake data packet for establishing connection is clear text, once the handshake is completed, an encryption key and an encryption algorithm are determined, and even if 443 port data can be grabbed, all the data are ciphertext, so that the specific content of the data cannot be known;
4. Data reduction
The intranet security processing equipment 2 needs to accumulate application data according to the category of the content type accessed by the home intelligent terminal 7, determine a start point and an end point according to the sequence number of the packet, sort application layer data packets, and finally complete the action of writing in files to restore the files such as audio, video, images and the like accessed by the intelligent equipment;
5. data storage
According to the multimedia file restored in the previous step, the intranet security processing device 2 can store data of specific categories of the restored multimedia file according to a configured storage scheme, and can binary store the data of the type according to user setting although the data content cannot be known for https protocol data;
6. Device identification
In the data analysis step, the DHCP ports (67, 68) in the dhcpv protocol are subjected to data filtration, and the protocol data packet is captured, so that the equipment name of the intranet security processing equipment 2 can be obtained, and the model and the hardware type of the equipment can be further obtained; for example: mac-Book, representing an apple notebook; redmiNote8-148989857, representing the red rice cell phone Note8 version; the IP address allocated to the router by the router can be obtained;
7. Application identification
Because the privacy security of the smart home user mainly relates to the multimedia access of the user, the intranet security processing device 2 needs to pay attention to the specific access Type in the http protocol, namely the Content-Type is video, audio, image, text Type; other categories of application identification may also be added, as appropriate;
8. Model-based intelligent analysis
For encrypted traffic or binary traffic, an artificial intelligence based analysis model may be built based on information such as ip address, traffic size, access domain name, traffic direction of the intranet security processing device 2, for example: an artificial neural network model; training the analytical model with typical training data can be used in a variety of analytical situations, such as: intrusion detection, intranet Trojan detection, user privacy data leakage and other application scenes. Particularly for encrypted traffic, under the condition that the known information is limited, modeling is carried out on data such as the flow speed, the domain name field, the traffic direction, handshake information and the like of the traffic, and the encrypted data can be utilized in a waste way;
9. Real-time alert
According to the defined privacy data category, when an unauthorized privacy data external transmission server occurs, risk alarms are generated in real time, for example, short message notifications and mobile phone mail notifications are generated, or the risk alarms are directly sent to a mobile phone APP, and a user directly knows the warning reminding which occurs on the current intranet security processing equipment 2 on the mobile phone; for example, a home camera is illegally accessed by an external network, a router receives a connection request of an unknown device, an intranet data storage is illegally accessed by the external network, and other high-risk actions are warned;
10. Statistical display
The intranet security processing device 2 can be equipped with a database 8 to store various processed information, and is connected to the database through a display interface to perform statistical analysis and visual display on the data, for example: histograms, pie charts, line charts, etc.;
11. Report generation
Based on the traffic, application and alert statistics and associated information over a specified period of time (day/week/month), an intelligent device privacy analysis report is generated in units of devices.
Working principle: the system with the program is connected with the router through a port, and the flow of the router is completely forwarded to the application program; after the application is started, the specific ports (HTTP: 80, HTTPS:443, MDNS:5353, DHCP:67, 68) are monitored; after the intelligent equipment joins the network, the application program obtains the equipment name and the MAC address of the intelligent equipment according to MDNS and the DHCP protocol, and the IP address is stored for standby; after the application program is started, continuously monitoring TCP flow in the network, and according to each different TCP connection, restoring the data flow into a TCP packet, and sequentially storing the TCP packet into a PCAP format file for later analysis and use; the specific application program is as follows: tcpdump, grabbing protocol data packets for the designated ip address; and writing the statistical information of the TCP stream into a database for query display of a presentation system.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present disclosure describes embodiments, not every embodiment is provided with a separate embodiment, and that this description is provided for clarity only, and that the disclosure is not limited to the embodiments described in detail below, and that the embodiments described in the examples may be combined as appropriate to form other embodiments that will be apparent to those skilled in the art.
Claims (1)
1. The utility model provides a privacy information wisdom security protection method based on flow analysis, its characterized in that includes a privacy information wisdom security protection equipment based on flow analysis, privacy information wisdom security protection equipment includes:
The intranet security processing equipment (2) is used for accessing the extranet resource file to carry out privacy detection, the router port mirror image is arranged in the intranet, the internet port flow is mirrored to a certain LAN port and directly connected to the PC terminal, and the probe service program (3) of the PC terminal is used for capturing and analyzing the flow packet;
The wireless router (1) is used for acquiring traffic, wherein a WAN (4) port of the wireless router is directly connected with a modem (6) through an RJ45 line to acquire an IPV4 address of the wireless router, and a router hot spot (5) is started to receive an access request of a home intelligent terminal (7), the modem (6) provides a DHCP service, an IP address is distributed to the intelligent equipment, and the access request is supported;
The detector service program (3) of the intranet security processing equipment (2) can acquire the mobile phone model or the PC model of the household intelligent terminal (7), can identify the resource type accessed by the equipment and cannot process the message encrypted by HTTPS; the intranet security processing equipment (2) pays attention to a specific access Type with Content-Type being video, audio, image, text categories in an http protocol, and can also add application identification of other categories; the detector service program (3) can establish an artificial neural network analysis model based on artificial intelligence based on information such as ip address, flow size, access domain name, flow direction and the like of the intranet intelligent equipment for encrypted flow or binary flow; the detector service program (3) generates a risk alarm in real time when an unauthorized private data external transmission server occurs according to the defined private data category, and generates a short message notification and a mobile phone mail notification or directly sends the risk alarm to the mobile phone APP; the intranet security processing equipment (2) is connected with a database (8) through a detector service program (3), and the intranet security processing equipment (2) can store data of the restored specific categories of the multimedia files in the database (8) according to a configured storage scheme; for https protocol data, binary storage is performed in a database (8);
the intelligent security method for the privacy information comprises the following steps:
1. Data acquisition
In order to carry out intranet security protection, firstly, internal and external data transmission generated on various household intelligent terminals (7) needs to be collected and uniformly transmitted to intranet security processing equipment (2);
2. Data cleansing
Because many data transmitted on the acquisition device are not data concerned by the intranet security processing device (2), for example, the mere network access actions of news, headlines and the like cannot cause the leakage of the privacy of a user, the data need to be filtered out, and the rest of privacy-related data information is transmitted to the intranet security processing device (2);
3. Data analysis
The collected data is data link layer protocol data, read head data are needed for the data link layer protocol data according to a TCP/IP protocol stack, the packet body data are disassembled, the protocol data are restored layer by layer until the application layer data, and the intranet security processing equipment (2) can gradually take some key field values of the protocol data in the process, for example: the data is http protocol data, and the accessed content types are audio, video and image types;
For https protocol data, except that a handshake data packet for establishing connection is clear text, once the handshake is completed, an encryption key and an encryption algorithm are determined, and even if 443 port data can be grabbed, all the data are ciphertext, so that the specific content of the data cannot be known;
4. Data reduction
The intranet security processing equipment (2) needs to accumulate application data according to the category of the content type accessed by the household intelligent terminal (7), determine a start point and an end point according to the sequence number of the packet, sort application layer data packets, and finally finish the action of writing in files to restore the files such as audio, video, images and the like accessed by the intelligent equipment;
5. data storage
According to the multimedia file restored in the previous step, the intranet security processing equipment (2) can store data of specific categories of the restored multimedia file according to a configured storage scheme, and can binary store the data of the type according to user setting although the data content cannot be known for https protocol data;
6. Device identification
In the data analysis step, the DHCP ports (67, 68) in dhcpv-4 protocol are subjected to data filtration, and the protocol data packet is captured, so that the equipment name of the intranet security processing equipment (2) can be obtained, and the model and the hardware type of the equipment can be further obtained;
7. Application identification
Because the privacy security of the intelligent home user mainly relates to the multimedia access of the user, the intranet security processing equipment (2) needs to pay attention to the specific access Type in the http protocol, namely the Content-Type is video, audio, image, text Type; other categories of application identification may also be added, as appropriate;
8. Model-based intelligent analysis
For encrypted traffic or binary traffic, an analysis model based on artificial intelligence can be established based on information such as ip address, traffic size, access domain name, traffic direction and the like of the intranet security processing equipment (2), the analysis model can be trained through typical training data, and can be used for various analysis occasions, particularly for encrypted traffic, under the condition that known information is limited, data such as flow speed size, domain name field, traffic direction, handshake information and the like of the traffic are modeled, and the encrypted data can be utilized in a waste way;
9. Real-time alert
According to the defined privacy data category, when an unauthorized privacy data external transmission server occurs, generating a risk alarm in real time, generating a short message notification and a mobile phone mail notification, or directly sending the risk alarm to a mobile phone APP, wherein a user directly knows the alarm reminding occurring on the current intranet security processing equipment (2) on the mobile phone;
10. Statistical display
The device data is statistically analyzed and displayed from the dimensions of the device, the flow, the application, the alarm and the like, the intranet security processing device (2) can be provided with a database (8) for storing various processed information, and is connected to the database through a display interface to carry out statistical analysis and visual display on the data;
11. Report generation
Based on the traffic, application and alert statistics and associated information over a specified period of time (day/week/month), an intelligent device privacy analysis report is generated in units of devices.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111592810.7A CN114499953B (en) | 2021-12-23 | 2021-12-23 | Intelligent security method and device for privacy information based on flow analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111592810.7A CN114499953B (en) | 2021-12-23 | 2021-12-23 | Intelligent security method and device for privacy information based on flow analysis |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114499953A CN114499953A (en) | 2022-05-13 |
CN114499953B true CN114499953B (en) | 2024-07-05 |
Family
ID=81493185
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111592810.7A Active CN114499953B (en) | 2021-12-23 | 2021-12-23 | Intelligent security method and device for privacy information based on flow analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114499953B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112039904A (en) * | 2020-09-03 | 2020-12-04 | 福州林科斯拉信息技术有限公司 | Network traffic analysis and file extraction system and method |
CN112083659A (en) * | 2020-09-27 | 2020-12-15 | 珠海格力电器股份有限公司 | Intelligent household system safety monitoring method, intelligent household system and storage medium |
CN113098892A (en) * | 2021-04-19 | 2021-07-09 | 恒安嘉新(北京)科技股份公司 | Data leakage prevention system and method based on industrial Internet |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101465857A (en) * | 2008-12-31 | 2009-06-24 | 杭州华三通信技术有限公司 | Method and equipment for monitoring network multimedia information |
US20150339634A1 (en) * | 2014-05-22 | 2015-11-26 | Verizon Patent And Licensing Inc | Home maintenance automation |
US11425169B2 (en) * | 2016-03-11 | 2022-08-23 | Netskope, Inc. | Small-footprint endpoint data loss prevention (DLP) |
CN107241358B (en) * | 2017-08-02 | 2020-04-07 | 重庆邮电大学 | Smart home intrusion detection method based on deep learning |
CN108683681A (en) * | 2018-06-01 | 2018-10-19 | 杭州安恒信息技术股份有限公司 | A kind of smart home intrusion detection method and device based on traffic policy |
CN108777643A (en) * | 2018-06-08 | 2018-11-09 | 武汉思普崚技术有限公司 | A kind of traffic visualization plateform system |
CN110110544A (en) * | 2019-03-25 | 2019-08-09 | 中国科学院信息工程研究所 | Android intelligent terminal method for secret protection and device |
CN111464489B (en) * | 2020-02-21 | 2022-02-18 | 中国电子技术标准化研究院 | Privacy protection method and system for Internet of things equipment |
-
2021
- 2021-12-23 CN CN202111592810.7A patent/CN114499953B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112039904A (en) * | 2020-09-03 | 2020-12-04 | 福州林科斯拉信息技术有限公司 | Network traffic analysis and file extraction system and method |
CN112083659A (en) * | 2020-09-27 | 2020-12-15 | 珠海格力电器股份有限公司 | Intelligent household system safety monitoring method, intelligent household system and storage medium |
CN113098892A (en) * | 2021-04-19 | 2021-07-09 | 恒安嘉新(北京)科技股份公司 | Data leakage prevention system and method based on industrial Internet |
Also Published As
Publication number | Publication date |
---|---|
CN114499953A (en) | 2022-05-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW470879B (en) | Information security analysis system | |
TW476204B (en) | Information security analysis system | |
US10547674B2 (en) | Methods and systems for network flow analysis | |
Ganame et al. | A global security architecture for intrusion detection on computer networks | |
CN109104438B (en) | Botnet early warning method and device in narrow-band Internet of things and readable storage medium | |
CN111147305A (en) | Network asset portrait extraction method | |
CN101741898A (en) | Monitoring method in video-type safety-protection system | |
CN106850285A (en) | Video security monitoring device, auditing system and its deployment architecture and method | |
TW498220B (en) | Information security analysis system | |
Aiello et al. | Profiling DNS tunneling attacks with PCA and mutual information | |
CN113098878A (en) | Industrial internet intrusion detection method based on support vector machine and implementation system | |
Alzahrani et al. | SMS mobile botnet detection using a multi-agent system: research in progress | |
CN111131332A (en) | Network service interconnection and flow acquisition, analysis and recording system | |
Frye et al. | An ontology-based system to identify complex network attacks | |
Mrdovic | IoT forensics | |
Campos et al. | Towards labeling on-demand iot traffic | |
CN114499953B (en) | Intelligent security method and device for privacy information based on flow analysis | |
CN114338214B (en) | Risk control method and system | |
CN111200543A (en) | Encryption protocol identification method based on active service detection engine technology | |
Volarević et al. | Network forensics | |
CN112929357A (en) | Virtual machine data analysis method, device, equipment and storage medium | |
Dagdee et al. | Intrusion attack pattern analysis and signature extraction for web services using honeypots | |
Pelaez et al. | VoIP network forensic patterns | |
McCusker et al. | Deriving behavior primitives from aggregate network features using support vector machines | |
CN116827698B (en) | Network gateway flow security situation awareness system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |