CN115001863B - Network security vulnerability detection method, device, medium and electronic equipment - Google Patents

Network security vulnerability detection method, device, medium and electronic equipment Download PDF

Info

Publication number
CN115001863B
CN115001863B CN202210881602.7A CN202210881602A CN115001863B CN 115001863 B CN115001863 B CN 115001863B CN 202210881602 A CN202210881602 A CN 202210881602A CN 115001863 B CN115001863 B CN 115001863B
Authority
CN
China
Prior art keywords
data
network
equipment
target network
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210881602.7A
Other languages
Chinese (zh)
Other versions
CN115001863A (en
Inventor
江波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tuya Information Technology Co Ltd
Zhejiang Tuya Smart Electronics Co Ltd
Original Assignee
Hangzhou Tuya Information Technology Co Ltd
Zhejiang Tuya Smart Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tuya Information Technology Co Ltd, Zhejiang Tuya Smart Electronics Co Ltd filed Critical Hangzhou Tuya Information Technology Co Ltd
Priority to CN202210881602.7A priority Critical patent/CN115001863B/en
Publication of CN115001863A publication Critical patent/CN115001863A/en
Application granted granted Critical
Publication of CN115001863B publication Critical patent/CN115001863B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application discloses a network security vulnerability detection method, device, medium and electronic equipment. The method comprises the following steps: generating a network access request aiming at a target network for the data sending equipment based on the equipment identification information of the data sending equipment; the control data sending equipment requests the target network for encrypting the configuration data based on the network access request; wherein the encrypted configuration data is captured from the target network by a data capture device, the encrypted configuration data including the device identification information; decrypting the encrypted configuration data by using a preset encryption key, and determining whether a security vulnerability exists in the target network based on a decryption processing result and the equipment identification information; according to the technical scheme, the security vulnerability detection efficiency and the security vulnerability detection rate can be improved.

Description

Network security vulnerability detection method, device, medium and electronic equipment
Technical Field
The present application relates to the field of computer application technologies, and in particular, to a method, an apparatus, a medium, and an electronic device for detecting a network security vulnerability.
Background
With the gradual development of the internet of things, more and more intelligent devices such as intelligent homes or intelligent automobiles appear in the daily life of people. Short-distance wireless communication networks such as Zigbee networks are widely applied to the Internet of things, and the security loopholes of the short-distance wireless communication networks are likely to cause intelligent devices such as Zigbee devices in the short-distance wireless communication networks to be remotely controlled due to hacker attacks, so that it becomes more important to detect the security loopholes of the short-distance wireless communication networks.
However, most of the intelligent devices in the short-distance wireless communication network are low-power-consumption devices, and the time windows of charging and communication are very short, so that continuous and stable communication cannot be realized, which brings greater challenges to the security vulnerability detection of the short-distance wireless communication network.
Disclosure of Invention
The application provides a network security vulnerability detection method, a network security vulnerability detection device, a network security vulnerability detection medium and electronic equipment, which can be used for detecting security vulnerabilities in short-distance wireless communication networks such as Zigbee networks, and achieve the purpose of improving security vulnerability detection efficiency and security vulnerability detection rate.
According to a first aspect of the present application, a method for detecting a network security vulnerability is provided, the method comprising:
generating a network access request aiming at a target network for a data sending device based on device identification information of the data sending device;
controlling the data transmission device to request encryption configuration data from the target network based on the network access request; wherein the encrypted configuration data is captured from the target network by a data capture device, the encrypted configuration data including the device identification information;
and decrypting the encrypted configuration data by using a preset encryption key, and determining whether the target network has a security vulnerability or not based on a decryption processing result and the equipment identification information.
According to a second aspect of the present application, there is provided a network security vulnerability detection apparatus, the apparatus comprising:
the network access request generating module is used for generating a network access request aiming at a target network for the data sending equipment based on the equipment identification information of the data sending equipment;
an encryption configuration data request module, configured to control the data sending device, and request encryption configuration data from the target network based on the network access request; wherein the encrypted configuration data is captured from the target network by a data capture device, the encrypted configuration data including the device identification information;
and the security vulnerability determining module is used for decrypting the encrypted configuration data by using a preset encryption key and determining whether the target network has a security vulnerability or not based on a decryption processing result and the equipment identification information.
According to a third aspect of the present invention, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the network security vulnerability detection method according to the embodiment of the present application.
According to a fourth aspect of the present invention, an electronic device is provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the network security vulnerability detection method according to the embodiment of the present application.
According to the technical scheme, the data sending equipment and the data capturing equipment are matched with each other, and the detection of the security vulnerability in the target network is achieved. According to the embodiment of the application, the data sending equipment and the data capturing equipment are controlled to respectively execute the data sending operation and the data capturing operation, the performance limit of a vulnerability detection tool is broken, the problems that the time window for power-on of intelligent equipment and equipment communication in a short-distance wireless communication network is short, and key communication data are easy to lose are solved, and the security vulnerability detection efficiency and the vulnerability detection rate are improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present application, nor do they limit the scope of the present application. Other features of the present application will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a network security vulnerability detection method according to an embodiment;
fig. 2 is a flowchart of a network security vulnerability detection method according to a second embodiment;
fig. 3 is a flowchart of a network security vulnerability detection method provided according to the third embodiment;
fig. 4 is a schematic structural diagram of a network security vulnerability detection apparatus according to a fourth embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," "target," and "candidate" and the like in the description and claims of this application and the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a network security vulnerability detection method according to an embodiment, where this embodiment may be applicable to a case of detecting a security vulnerability existing in a short-distance wireless communication network, such as a Zigbee network, and the method may be executed by a network security vulnerability detection apparatus, the network security vulnerability detection apparatus may be implemented in a form of hardware and/or software, and may be integrated in an electronic device running the system, and optionally, the network security vulnerability detection apparatus may be integrated with a vulnerability detection host computer.
The vulnerability detection upper computer, the data sending equipment and the data capturing equipment form a network security vulnerability detection system together. And the vulnerability detection upper computer is defined with core logic for detecting network security vulnerabilities. The vulnerability detection upper computer is used for controlling the data sending equipment and the data capturing equipment, and realizes the detection of the network security vulnerability through the mutual cooperation of the data sending equipment and the data capturing equipment.
The data sending equipment and the data capturing equipment are network security vulnerability detection tools in the embodiment of the application. Specifically, the data sending device is controlled by the vulnerability detection upper computer through a data sending process, and the data sending device is used for executing data sending operation; the data capture device is controlled by the vulnerability detection upper computer through a data capture thread, and is used for executing data capture operation, preferably, the data sending operation and the data capture operation are carried out asynchronously. Optionally, the data sending device is configured with a data sending chip, and the data capturing device is configured with a data capturing chip, where the data sending chip defines a core processing logic of a data sending operation, and the data capturing chip defines a core processing logic of a data capturing operation.
Next, a method for detecting a network security vulnerability provided by the embodiment of the present application is introduced.
As shown in fig. 1, the method includes:
s110, generating a network access request aiming at a target network for the data sending equipment based on the equipment identification information of the data sending equipment.
The device identification information of the data transmission device is used for identifying the data transmission device. The device identification information is actually identity information of the data transmission device. Optionally, the device identification information of the data sending device is a Media Access Control Address (MAC Address) of the data sending device.
The network access request is generated by the vulnerability detection upper computer as data sending equipment and is used for requesting the target network to allow the data sending equipment to be added into the target network. Optionally, the network access request target network includes a network identifier (PANID), a communication address (source address), and device identification information of the data transmission device, such as a MAC address. And under the condition that the target network allows the data sending equipment to join the target network, the target network allocates a communication address under the target network for the data sending equipment and feeds back the encryption configuration data.
And the network to be detected meeting the security vulnerability detection condition is a target network. The time for powering on the equipment and communicating with the equipment in the network to be detected is limited. Optionally, the network to be detected is a short-range wireless communication network. The security vulnerability detection condition is a precondition for performing security vulnerability detection on the network to be detected. Optionally, the security vulnerability detection condition is that the device is allowed to be distributed, that is, a new device is allowed to join the network to be detected. Illustratively, the network to be detected is a ZigBee network, and the target network is a ZigBee network allowing devices to be connected to the network. The ZigBee network is a network established based on a ZigBee protocol, and includes ZigBee devices such as gateway devices and terminal devices, and optionally, the gateway devices include a router and a coordinator. The router is responsible for forwarding communication data in the ZigBee network, and the coordinator is responsible for establishing the ZigBee network. Illustratively, the terminal device can be connected to a smart home of the ZigBee network, such as a smart light fixture or a smart door lock. The network distribution allowing equipment is in a network state of the ZigBee network, and the ZigBee equipment is allowed to access the ZigBee network under the condition that the ZigBee network is in the network state. In order to facilitate understanding of the network security vulnerability detection method provided by the present application, the embodiments of the present application will be explained by taking a ZigBee network as an example. However, it should be noted that the ZigBee network does not constitute a limitation to the scope of the present application, and the network security vulnerability detection method provided by the present application may be applied to short-range wireless communication networks with limited power-on and communication time of other devices.
According to the method and the device for detecting the security vulnerability, data communication is carried out between the vulnerability detection tool and the intelligent device in the target network to achieve security vulnerability detection, specifically, data sending operation is carried out through data sending equipment to send data to the target network, and data capturing operation is carried out through data capturing equipment to capture data from the target network.
According to the embodiment of the application, the data sending operation and the data capturing operation are separated and delivered to the data sending device and the data capturing device to be executed respectively, the data sending operation and the data capturing operation are not deployed on the same chip, and the performance limit of a single chip can be broken.
It can be known that the smart devices in the target network are generally low-power devices, and the communication windows of the low-power devices are very short, which puts requirements on the processing performance of the vulnerability detection tool. The method is limited by the processing performance of a single chip, data sending operation and data capturing operation are deployed on the single chip, key data are easily lost in the data communication process between the single chip and low-power-consumption equipment, the chip is often required to be repeatedly operated for many times, and the problems of low security vulnerability detection efficiency and low vulnerability detection rate exist.
The data acquisition device and the data sending device which are independent of each other are matched with each other to carry out data communication with the target network, and the problems that the time window for power-on of the intelligent device and device communication in the target network is short and key communication data are easy to lose are solved. The data sending equipment is responsible for sending data to the target network, and the data capturing equipment is responsible for capturing the data from the target network, so that loss of key communication data can be effectively avoided, and vulnerability detection efficiency is improved.
S120, controlling the data sending equipment to request encryption configuration data from the target network based on the network access request; wherein the encrypted configuration data is captured from the target network by a data capture device, the encrypted configuration data including the device identification information.
The vulnerability detection upper computer controls the data sending equipment to send the network access request to the target network based on the data sending thread, and the target network can feed back the encrypted configuration data under the condition that the data sending equipment meets the network access requirement. The encryption configuration data is used for the data transmission device to perform encryption processing on the communication data. Optionally, the encryption configuration data is subjected to encryption processing, and the encryption configuration data includes device identification information of the data sending device.
And the vulnerability detection upper computer controls the data capture equipment to monitor the target network and capture the encrypted configuration data from the target network.
S130, decrypting the encrypted configuration data by using a preset encryption key, and determining whether the target network has a security vulnerability or not based on a decryption processing result and the equipment identification information.
Because the encrypted configuration data is obtained through encryption processing, the vulnerability detection upper computer utilizes the preset encryption key to decrypt the encrypted configuration data to obtain a decryption result. Wherein the preset encryption key is a default link key provided by a network protocol. The pre-set encryption key is a key that can be publicly obtained. Optionally, the preset encryption key is a Trust center link key (Trust center link key). The vulnerability detection upper computer decrypts the encrypted configuration data by using a preset Encryption key to obtain a decryption result, and illustratively, the vulnerability detection upper computer performs hash Encryption processing on the preset Encryption key by using an Advanced Encryption Standard (AES) Encryption algorithm to obtain a hash Encryption key. Then, the vulnerability detection upper computer determines a random counter of an AES encryption algorithm according to the encryption configuration data; and then, based on an AES encryption algorithm, utilizing a Hash encryption key to encrypt a random counter, wherein the encrypted random counter is the undetermined decryption key for encrypting the configuration data. And performing exclusive-or calculation by using the encrypted random counter character string and the encrypted configuration data byte by byte, wherein the exclusive-or calculation result is a decryption processing result of the encrypted configuration data.
It can be known that the encrypted configuration data includes device identification information of the data sending device, and a decryption processing result obtained by decrypting the encrypted configuration data, and if the decryption processing result includes the device identification information of the data sending device, it indicates that decryption is successful, that is, the encrypted configuration data is obtained by using a preset encryption key for encryption, and the preset encryption key is a key that can be obtained publicly, that is, any user who grasps the preset encryption key can decrypt the encrypted configuration data, and the target network has a risk of communication data leakage. The intelligent devices in the target network are susceptible to being remotely controlled by hacker attacks, which may determine that a security breach exists in the target network.
According to the technical scheme of the embodiment of the application, the detection of the security vulnerability in the target network is realized through the mutual cooperation of the data sending equipment and the data capturing equipment. According to the embodiment of the application, the data sending equipment and the data capturing equipment are controlled to respectively execute the data sending operation and the data capturing operation, the performance limit of a vulnerability detection tool is broken, the problems that the time window for power-on of intelligent equipment and equipment communication in a short-distance wireless communication network is short, and key communication data are easy to lose are solved, and the security vulnerability detection efficiency and the vulnerability detection rate are improved.
In an optional embodiment, determining whether a security vulnerability exists in the target network based on the decryption processing result and the device identification information includes: matching the decryption processing result with the equipment identification information to obtain a matching result; and if the matching result is successful, determining that the target network has encryption loopholes.
The decryption processing result is obtained by decrypting the encrypted configuration data by using the preset encryption key, and the encrypted configuration data includes the device identification information of the data sending device. If the decryption processing result includes the device identification information, it indicates that the encryption configuration data is obtained by performing encryption processing using the preset encryption key. And determining whether the decryption processing result comprises the equipment identification information of the data sending equipment, specifically, matching the decryption processing result with the equipment identification information of the data sending equipment to obtain a matching result. If the matching is successful, the decryption processing result includes the equipment identification information of the data sending equipment, and the encryption configuration data is obtained by utilizing the preset encryption key to carry out encryption processing. Any user who grasps the preset encryption key can decrypt the encrypted configuration data, the risk of communication data leakage exists in the target network, and the encryption vulnerability exists in the target network.
If the matching result is matching failure, the encryption configuration data can be determined not to be obtained by encrypting by using a preset encryption key, and the target network can be further determined not to have encryption loopholes.
According to the technical scheme, whether the encryption vulnerability exists in the target network is determined by judging whether the decryption processing result comprises the equipment identification information of the data sending equipment, so that whether the encryption vulnerability exists in the target network is detected, the vulnerability detection accuracy is ensured, and meanwhile, the detection flow of the encryption vulnerability is simplified.
In an optional embodiment, controlling the data sending device to request encryption configuration data from the target network based on the network access request includes: controlling the data sending equipment to send the network access request to the target network so as to enable target gateway equipment in the target network to feed back network access response data; controlling the data capturing equipment to capture the network access response data, and determining time sequence information of the network access response data as a reference time sequence; and generating time sequence response data based on the reference time sequence, and controlling the data sending equipment to feed back the time sequence response data to the target network so that the target network feeds back the encrypted configuration data.
And the vulnerability detection upper computer controls the data sending equipment to send a network access request to the target network based on the data sending thread. And the target gateway equipment in the target network feeds back network access response data aiming at the network access request. Optionally, the target gateway device is a coordinator in a ZigBee network.
Optionally, the network access response data includes device identification information of the target gateway device and device identification information of the data sending device, and for example, the device identification information may be a MAC address. The network access response data also comprises time sequence information and a communication address which is allocated to the data sending equipment by the target gateway equipment. The data transmitting device may access the target network based on the communication address assigned by the target gateway device.
And when the vulnerability detection upper computer controls the data sending equipment to send a network access request to the target network, the data capturing equipment is controlled to monitor the target network, and the data capturing equipment is controlled to capture network access response data in response to capturing the network access request. And the vulnerability detection upper computer determines time sequence information in the network access response data and determines the time sequence information as a reference time sequence.
The time sequence information is used for distinguishing different communication data, for example, each time a ZigBee device in the ZigBee network transmits communication data, the time sequence corresponding to the communication data needs to be incremented. Generally, 255 is the maximum timing, and when the timing reaches 255, the timing is reset to 0.
After the target network sends out the network access response data, the time sequence response data needs to be fed back for the network access response data in a short time. The time sequence information in the time sequence response data is consistent with the time sequence information in the network access response data. And the vulnerability detection upper computer generates time sequence response data based on the reference time sequence and controls the data sending equipment to send the time sequence response data to the target network. And after receiving the time sequence response data, the target network feeds back the encryption configuration data. According to the embodiment of the application, through the mutual cooperation of the data sending device and the data capturing device, the time sequence response data can be fed back to the target network within a very short time after the network access response data is captured, for example, within 0.005 second, and the time sequence response data can be used as a response aiming at the network access response data.
According to the technical scheme, the data sending device and the data capturing device are matched with each other to carry out data communication with the target gateway device in the target network, the time sequence response data are fed back aiming at the time sequence response data in the limited communication time of the target gateway device, the problems that a low-power-consumption device in the target network is short in communication time window and key data are easy to lose are solved, and the vulnerability detection efficiency is improved.
Example two
Fig. 2 is a flowchart of a method for detecting a network security vulnerability according to the second embodiment. The present embodiment is further optimized based on the foregoing embodiment, specifically, based on a data capture thread, generating a network access request for a target network for a data sending device based on device identification information of the data sending device, and controlling the data capture device to monitor communication data in a network to be detected until the data capture device captures any communication data; controlling the data sending equipment to request communication configuration data from the network to be detected based on the data sending thread; controlling the data capturing equipment to capture the communication configuration data from the network to be detected based on a data capturing thread; and determining the target network in the network to be detected based on the equipment distribution network identification in the communication configuration data. "
As shown in fig. 2, the method includes:
s210, based on the data capturing thread, the data capturing device is controlled to monitor the communication data in the network to be detected until the data capturing device captures any communication data.
The vulnerability detection upper computer firstly starts the data capture equipment and controls the data capture equipment to monitor communication data in a network to be detected. Whether the network to be detected meets the security vulnerability detection condition is not determined, and under the condition that the security vulnerability detection condition allows the equipment to be distributed, the network to be detected may be a short-distance wireless communication network allowing the equipment to be distributed or may not be a short-distance wireless communication network not allowing the equipment to be distributed. The number of the networks to be detected is at least two, which is determined according to the actual situation, and is not limited herein.
And S220, controlling the data sending equipment to request communication configuration data from the network to be detected based on the data sending thread.
And under the condition that the data capturing device captures any communication data, controlling the data sending device to request communication configuration data from the network to be detected based on the data sending thread.
The communication configuration data refers to communication configuration data of scannable devices in the network to be detected. The scannable device refers to an intelligent device which can be scanned in the network to be detected. The communication configuration data is a data basis for data communication of the network to be detected.
Optionally, the communication configuration data includes: a Network Identifier (PANID) of the network to be detected, a communication address (source address) of the scannable device in the network to be detected, a device distribution network identifier, a network protocol version of the scannable device, and the like. The device distribution network identifier is used for determining whether the device distribution network is allowed in the current communication window of the network to be detected where the scannable device is located.
The data capturing device captures any communication data, which can indicate that the data capturing function of the data capturing device is normal, and the vulnerability detection upper computer controls the data sending device to request the communication configuration data from the network to be detected based on the data capturing thread under the condition that the data capturing device captures any communication data, so that the condition that the communication configuration data is lost due to the abnormal data capturing function of the data capturing device can be avoided.
S230, controlling the data capture equipment to capture the communication configuration data from the network to be detected based on a data capture thread.
After the vulnerability detection upper computer controls the data sending equipment to request communication configuration data from the network to be detected, the data capturing equipment is controlled to capture the communication configuration data from the network to be detected based on the data capturing thread.
S240, determining the target network in the network to be detected based on the equipment distribution network identification in the communication configuration data.
And the vulnerability detection upper computer determines a target network in the network to be detected based on the equipment distribution network identification in the communication configuration data. Specifically, the vulnerability detection upper computer determines the equipment distribution network as a to-be-detected network allowing the equipment distribution network to be identified as a target network.
S250, generating a network access request aiming at a target network for the data sending equipment based on the equipment identification information of the data sending equipment.
S260, controlling the data sending equipment to request the encryption configuration data from the target network based on the network access request; wherein the encrypted configuration data is captured from the target network by a data capture device, the encrypted configuration data including the device identification information.
S270, decrypting the encrypted configuration data by using a preset encryption key, and determining whether the target network has a security vulnerability or not based on a decryption processing result and the equipment identification information.
According to the technical scheme, the data sending equipment is controlled to request the communication configuration data from the network to be detected under the condition that the data capturing equipment captures any communication data, so that the condition that the communication configuration data are lost due to the abnormal data capturing function of the data capturing equipment can be avoided. According to the technical scheme, the communication configuration data are captured from the network to be detected by controlling the data capture equipment; and determining a target network in the network to be detected based on the equipment distribution network identification in the communication configuration data, and providing data support for requesting encrypted configuration data from the target network subsequently and detecting security holes in the target network based on the encrypted configuration data.
In an optional embodiment, controlling the data capture device to listen to communication data in a network to be detected includes: acquiring a channel scanning mode; determining a channel to be scanned in the candidate channels corresponding to the network to be detected according to the channel scanning mode; and controlling the data capturing equipment to monitor the communication data in the channel to be scanned based on a data capturing thread.
It is known that network protocols typically preset a set number of channels for data communications by devices in the network. Illustratively, the ZigBee protocol may set 16 channels as channel 11 to channel 26, respectively, for the ZigBee devices to communicate data.
The scanning of the network protocol preset channel is to determine whether a scannable device exists in the network to be detected, and further determine a target network allowing the device to be distributed according to the device distribution network identifier of the scannable device.
The channel scanning mode is used for determining a scanning mode of a preset channel. The preset channel to be scanned may be determined based on the channel scanning mode. The channel scanning mode is determined according to actual traffic requirements, and is not limited herein. Optionally, the channel scanning mode includes: scanning the designated channel and scanning all channels.
And the vulnerability detection upper computer determines a channel to be scanned in the candidate channels corresponding to the network to be detected according to the channel scanning mode. Next, the vulnerability detection upper computer controls the data capture device to monitor the communication data in the channel to be scanned to determine whether a scannable device exists in the channel to be scanned. The channel to be scanned is determined according to the channel scanning mode, and the channel to be scanned refers to a channel which needs to be scanned in the candidate channels. The candidate channels may be all preset channels.
According to the technical scheme, the channel to be scanned is determined in the candidate channel corresponding to the network to be detected through the vulnerability detection upper computer according to the channel scanning mode, the data capture equipment is controlled to monitor the communication data in the channel to be scanned, the channel scanning mode is customized according to the user requirements, the requirement for scanning various channels of the user is met, the flexibility of channel scanning is improved, and the vulnerability detection efficiency is improved.
In an optional embodiment, the determining, according to the channel scanning mode, a channel to be scanned from candidate channels corresponding to the network to be detected includes: if the channel scanning mode is to scan an appointed channel, determining an appointed channel identifier, and determining the channel to be scanned in the candidate channels according to the appointed channel identifier; and if the channel scanning mode is to scan all channels, determining a channel scanning sequence, and sequentially using the candidate channels as the channels to be scanned according to the channel scanning sequence.
The scanning of the designated channel refers to a mode of scanning the designated channel, and in the case that the channel scanning mode is a mode of scanning the designated channel, at least one designated channel identifier needs to be provided.
And the vulnerability detection upper computer determines a channel to be scanned in the candidate channels according to the designated signal identification, and specifically, the vulnerability detection upper computer determines the channel represented by the designated signal identification in the candidate channels as the channel to be scanned.
The scanning of all channels refers to a mode of scanning all channels, and all candidate channels are determined as channels to be scanned under the condition that the channel scanning mode is to scan all channels. Optionally, only one channel to be scanned is scanned at a time, so that communication data loss can be avoided.
And under the condition that the channel scanning mode is to scan all channels, the vulnerability detection upper computer determines a channel scanning sequence, and sequentially uses the candidate channels as the channels to be scanned according to the channel scanning sequence. The channel scanning order is determined according to actual service requirements, and is not limited herein. For example, the channel scan order may be the sequential scanning of the candidate channels in increasing order of channel identification, such as channel 11-channel 26.
Optionally, in the channel scanning process, each channel to be scanned is scanned only once, that is, in the channel scanning mode for scanning the specified channel, the specified channel is scanned only once, and similarly, in the channel scanning mode for scanning all channels, the candidate channel is also scanned only once, for example, in the case that the candidate channels include channels 11 to 26, and the channel scanning order is the increasing order of the channel identifiers, first, the channel 11 is determined as the channel to be scanned, after the channel 11 is scanned, the channel 12 is determined as the channel to be scanned, and so on, until all the candidate channels are scanned completely.
The technical scheme provides a channel scanning mode for scanning the designated channel and scanning all channels, covers common channel scanning requirements, supports a user to determine the channel scanning mode according to actual service requirements, and is beneficial to improving the channel scanning efficiency.
The network security vulnerability detection method is described by taking the network to be detected as a ZigBee network as an example, and in a specific embodiment, the network security vulnerability detection method comprises the following steps:
the upper computer for vulnerability detection acquires a channel scanning mode, the channel scanning mode is used for scanning an appointed channel, the condition that the appointed channel is a channel 12 is described, the upper computer for vulnerability detection starts a data capturing device to monitor the channel 12, under the condition that the data capturing device captures any communication data, the upper computer for vulnerability detection controls a data sending device to broadcast a beacon request data packet (beacon request) in the channel 12, zigBee devices in a network to be detected respond to the beacon request and can broadcast and respond through the beacon data packet, and the upper computer for vulnerability detection controls the data capturing device to capture the beacon data packet. Wherein, the beacon data packet includes communication configuration data. And the vulnerability detection upper computer determines a target network in the network to be detected according to the equipment distribution network identification in the communication configuration data. For example, the device distribution network identifier in the beacon data packet fed back by the coordinator a is the allowed device distribution network, and the ZigBee network to which the coordinator a belongs is determined as the target network.
And under the condition that the target network is determined, the vulnerability detection upper computer generates a network access request (association request) aiming at the target network for the data sending equipment according to the equipment identification information of the data sending equipment. Coordinator a in the target network broadcasts a response through Association response data (Association response) in response to the Association request. The vulnerability detection upper computer controls the data capture device to capture Association response, and the Association response needs to be subjected to time sequence response at the same time sequence through time sequence response data (Acknowledge). The timing response needs to be completed in a short process. The sequence of data packet transmission represented by the time sequence in the Zigbee protocol also guarantees the communication security through the time sequence.
The time sequence response process is as follows: after the Association response is captured by the data capturing device, the vulnerability detection upper computer determines the time sequence information of the Association response as a reference time sequence, generates an Acknowledge based on the reference time sequence, and controls the data sending device to feed back the Acknowledge as the response of the Association response to the coordinator A.
The coordinator a responds to Acknowledge, and broadcasts and responds to the feedback encryption configuration data through encryption configuration data (Transport Key). The Transport Key is obtained through encryption processing and comprises a data sending device identifier and a universal encryption Key (network Key).
The upper vulnerability detection computer controls the data capture equipment to capture encrypted configuration data from the target network, decrypts the encrypted configuration data by using a preset encryption Key (Trust center link Key), matches the decryption processing result with the equipment identification information, and if the matching is successful, determines that a Transport Key is obtained by using Trust center link Key for encryption processing, so that the ZigBee network has the risk of communication data leakage, and the target network has security vulnerabilities, particularly, the target network can be determined to have the encryption vulnerabilities.
EXAMPLE III
Fig. 3 is a flowchart of a method for detecting a network security vulnerability according to the third embodiment. The embodiment is further optimized on the basis of the embodiment, and provides a method for detecting whether the ZigBee network has a control vulnerability or not under the condition that the target network has the encryption vulnerability.
As shown in fig. 3, the method includes:
and S310, under the condition that the target network has encryption loopholes, decrypting the encrypted configuration data by using the preset encryption key to obtain a general encryption key.
And under the condition that the target network has the encryption vulnerability, the vulnerability detection upper computer controls the data capture equipment to capture the communication data in the target network. And the data sending equipment is used as a fake terminal equipment to join the target network.
The encryption configuration information includes a general encryption key. The general encryption key is used for carrying out encryption protection on communication data in the target network. When the target network has an encryption vulnerability, the encrypted configuration data can be decrypted based on the preset encryption key, and the general encryption key can be obtained by decrypting the encrypted configuration data, that is, mastering the preset encryption key is equivalent to mastering the general encryption key, and the communication data in the target network can be decrypted based on the general encryption key.
S320, utilizing the general encryption key to decrypt the communication data captured by the data capture device in the target network, and determining the type of the communication data.
The general encryption key is used for encrypting and protecting the communication data in the target network, and the communication data in the target network can be decrypted by using the general encryption key. And determining the communication data type according to the decryption processing result of the communication data.
S330, under the condition that the communication data type is terminal control data, the terminal control data is changed to obtain control change data.
The terminal control data is used for controlling a target terminal device in a target network. The target terminal device is an action object of terminal control data, the target terminal device is an intelligent device in a target network, and the target terminal device can be an intelligent lamp or an intelligent door lock.
And under the condition that the communication data type is terminal control data, the vulnerability detection upper computer changes the terminal control data to obtain control change data. Optionally, the control change data and the terminal control data are only different in time sequence information, that is, the vulnerability detection upper computer only changes the time sequence information of the terminal control data.
S340, sending the control change data to the target network through the data sending equipment, so that the target terminal equipment in the target network feeds back control response data aiming at the control change data.
The data transmission device is used as a fake terminal device in the target network and can carry out data communication with other terminal devices in the target network. And the vulnerability detection upper computer controls the data sending equipment to send control change data to the target network. And the target terminal equipment in the target network executes corresponding action according to the control change data and feeds back control response data.
And S350, determining whether the target network has a control vulnerability or not based on the control response data.
Wherein the control response data is generated by the target terminal device, and the effect of the control change data on the target terminal device can be determined based on the control response data.
And the vulnerability detection upper computer controls the data capture equipment to capture control response data, and determines whether the target network has a control vulnerability according to the control response data. And if the target terminal equipment is determined to successfully execute the control operation in the control change data according to the control response data, determining that the target network has the control vulnerability, otherwise, determining that the target network does not have the control vulnerability.
Under the condition that the control change data and the terminal control data are only different in time sequence information, the control loophole exists in the target network, and the target network has the risk of being attacked by replay.
Illustratively, the data capture device captures terminal control data 1 and terminal control data 2 at the target network. The terminal control data 1 is used for controlling the intelligent lamp A to execute lighting operation, and the terminal control data 2 is used for controlling the intelligent lamp A to execute extinguishing operation. The time sequence of the terminal control data 1 is before the terminal control data 2, and assuming that the time sequence of the terminal control data 1 is 100 and the time sequence of the terminal control data 2 is 101, the intelligent lamp a performs the lighting operation first and then performs the extinguishing operation. The vulnerability detection upper computer changes the time sequence of the terminal control data 1, and changes the time sequence from 100 to 102 to obtain control change data 1; and the vulnerability detection upper computer changes the time sequence of the terminal control data 2, and changes the time sequence 101 to 103 to obtain control change data 2. The vulnerability detection upper computer controls the data sending equipment to send control change data 1 and control change data 2 to a target network, and controls the data capturing equipment to capture control response data fed back by the intelligent lamp A in the target network. And if the intelligent lamp A executes the lighting operation and the extinguishing operation again, determining that the target network has a control bug and the target network has the risk of being attacked by replay.
According to the method for detecting the control vulnerability of the ZigBee network, whether the control vulnerability exists in the target network is further detected under the condition that the encryption vulnerability exists in the target network is determined, so that the detection efficiency of the security vulnerability is improved, the detection rate of the security vulnerability is improved, the security vulnerability existing in the target network can be found in time, and the data security of the target network can be improved.
Example four
Fig. 4 is a schematic structural diagram of a network security vulnerability detection apparatus according to a fourth embodiment of the present application, which is applicable to a situation of detecting a security vulnerability existing in a short-distance wireless communication network, such as a Zigbee network. The device can be realized by software and/or hardware, and can be integrated in electronic equipment such as an intelligent terminal.
As shown in fig. 4, the apparatus may include: a network access request generation module 410, an encryption configuration data request module 420, and a security breach determination module 430.
A network access request generating module 410, configured to generate a network access request for a target network for a data sending device based on device identification information of the data sending device;
an encryption configuration data request module 420, configured to control the data sending device to request encryption configuration data from the target network based on the network access request; wherein the encrypted configuration data is captured from the target network by a data capture device, the encrypted configuration data including the device identification information;
and the security vulnerability determining module 430 is configured to decrypt the encrypted configuration data by using a preset encryption key, and determine whether a security vulnerability exists in the target network based on a decryption processing result and the device identification information.
According to the technical scheme of the embodiment of the application, the detection of the security vulnerability in the target network is realized through the mutual cooperation of the data sending equipment and the data capturing equipment. According to the embodiment of the application, the data sending equipment and the data capturing equipment are controlled to respectively execute the data sending operation and the data capturing operation, the performance limit of a vulnerability detection tool is broken, the problems that the time window for power-on of intelligent equipment and equipment communication in a short-distance wireless communication network is short, and key communication data are easy to lose are solved, and the security vulnerability detection efficiency and the vulnerability detection rate are improved.
Optionally, the security vulnerability determining module 430 includes: the matching result determining submodule is used for matching the decryption processing result with the equipment identification information to obtain a matching result; and the encryption vulnerability determining submodule is used for determining that the target network has the encryption vulnerability if the matching result is that the matching is successful.
Optionally, the encrypted configuration data requesting module 420 includes: a network access request sending submodule, configured to control the data sending device to send the network access request to the target network, so that a target gateway device in the target network feeds back network access response data; the network access response data capturing submodule is used for controlling the data capturing equipment to capture the network access response data and determining the time sequence information of the network access response data as a reference time sequence; and the time sequence response data feedback submodule is used for generating time sequence response data based on the reference time sequence and controlling the data sending equipment to feed back the time sequence response data to the target network so as to enable the target network to feed back the encryption configuration data.
Optionally, the apparatus further includes: the communication data monitoring module is used for controlling the data capturing device to monitor the communication data in the network to be detected based on the data capturing thread before generating a network access request aiming at a target network for the data sending device based on the device identification information of the data sending device until the data capturing device captures any communication data; the communication configuration data request module is used for controlling the data sending equipment to request communication configuration data from the network to be detected based on the data sending thread; the communication configuration data capturing module is used for controlling the data capturing equipment to capture the communication configuration data from the network to be detected based on a data capturing thread; and the target network determining module is used for determining the target network in the network to be detected based on the equipment distribution network identification in the communication configuration data.
Optionally, the communication data monitoring module includes: a channel scanning mode obtaining submodule for obtaining a channel scanning mode; a channel to be scanned determining module, configured to determine a channel to be scanned in the candidate channels corresponding to the network to be detected according to the channel scanning mode; and the communication data monitoring submodule is used for controlling the data capturing equipment to monitor the communication data in the channel to be scanned based on a data capturing thread.
Optionally, the module for determining a channel to be scanned includes: a first channel determining submodule, configured to determine an assigned channel identifier if the channel scanning mode is to scan an assigned channel, and determine the channel to be scanned in the candidate channels according to the assigned channel identifier; and the second channel determining submodule is used for determining a channel scanning sequence if the channel scanning mode is to scan all channels, and sequentially using the candidate channels as the channels to be scanned according to the channel scanning sequence.
Optionally, the apparatus further comprises: the general encryption key determining module is used for decrypting the encrypted configuration data by using the preset encryption key to obtain a general encryption key under the condition that the target network has encryption loopholes; a communication data type determining module, configured to decrypt, with the use of the general encryption key, communication data captured by the data capture device in the target network, and determine a communication data type; the control change data determining module is used for changing the terminal control data to obtain control change data under the condition that the communication data type is the terminal control data; a control change data sending module, configured to send the control change data to the target network through the data sending device, so that a target terminal device in the target network feeds back control response data for the control change data; and the control vulnerability determining module is used for determining whether the target network has the control vulnerability or not based on the control response data.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure and the like of the related user information all accord with the regulations of related laws and regulations, and do not violate common orderliness.
EXAMPLE five
FIG. 5 illustrates a schematic diagram of an electronic device 510, which can be used to implement an embodiment. The electronic device 510 includes at least one processor 511, and a memory communicatively connected to the at least one processor 511, such as a ROM 512 (read only memory), a RAM 513 (random access memory), and the like, in which a computer program executable by the at least one processor is stored, and the processor 511 may perform various appropriate actions and processes according to the computer program stored in the ROM 512 or the computer program loaded from the storage unit 518 into the RAM 513. In the RAM 513, various programs and data necessary for the operation of the electronic device 510 can also be stored. The processor 511, the ROM 512, and the RAM 513 are connected to each other by a bus 514. An input/output (I/O) interface 515 is also connected to bus 514.
Various components in the electronic device 510 are connected to the I/O interface 515, including: an input unit 516 such as a keyboard, a mouse, and the like; an output unit 517 such as various types of displays, speakers, and the like; a storage unit 518, such as a magnetic disk, optical disk, or the like; and a communication unit 519 such as a network card, modem, wireless communication transceiver, or the like. A communication unit 519 allows the electronic device 510 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunications networks.
Processor 511 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of processor 511 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. Processor 511 performs the various methods and processes described above, such as the network security vulnerability detection methods.
In some embodiments, the network security vulnerability detection method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 518. In some embodiments, some or all of the computer program may be loaded onto and/or installed onto the electronic device 510 via the ROM 512 and/or the communication unit 519. When loaded into RAM 513 and executed by processor 511, may perform one or more of the steps of the network security vulnerability detection methods described above. Alternatively, in other embodiments, the processor 511 may be configured to perform the network security vulnerability detection method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present application may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of this application, a computer readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data processing server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the Internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solution of the present application can be achieved, and the present invention is not limited thereto.
The above-described embodiments are not intended to limit the scope of the present disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (9)

1. A network security vulnerability detection method is characterized by comprising the following steps:
generating a network access request aiming at a target network for a data sending device based on device identification information of the data sending device;
controlling the data transmission device to request encryption configuration data from the target network based on the network access request; the encrypted configuration data is obtained by capturing the encrypted configuration data from the target network through data capturing equipment, and the encrypted configuration data comprises equipment identification information of the data sending equipment;
decrypting the encrypted configuration data by using a preset encryption key, and determining whether the target network has a security vulnerability or not based on a decryption processing result and the equipment identification information;
wherein the controlling the data transmission device to request encryption configuration data from the target network based on the network access request comprises: controlling the data sending equipment to send the network access request to the target network so as to enable target gateway equipment in the target network to feed back network access response data; controlling the data capture equipment to capture the network access response data, and determining the time sequence information of the network access response data as a reference time sequence; and generating time sequence response data based on the reference time sequence, and controlling the data sending equipment to feed back the time sequence response data to the target network so that the target network feeds back the encrypted configuration data.
2. The method of claim 1, wherein the determining whether a security breach exists in the target network based on the decryption processing result and the device identification information comprises:
matching the decryption processing result with the equipment identification information to obtain a matching result;
and if the matching result is that the matching is successful, determining that the target network has the encryption vulnerability.
3. The method of claim 1, wherein before generating the network access request for the target network for the data transmitting device based on the device identification information of the data transmitting device, the method further comprises:
based on a data capturing thread, controlling the data capturing equipment to monitor communication data in a network to be detected until the data capturing equipment captures any communication data;
controlling the data sending equipment to request communication configuration data from the network to be detected based on the data sending thread;
controlling the data capturing equipment to capture the communication configuration data from the network to be detected based on a data capturing thread;
and determining the target network in the network to be detected based on the equipment distribution network identification in the communication configuration data.
4. The method of claim 3, wherein controlling the data capture device to listen for communication data in the network to be detected based on a data capture thread comprises:
acquiring a channel scanning mode;
determining a channel to be scanned in the candidate channels corresponding to the network to be detected according to the channel scanning mode;
and controlling the data capturing equipment to monitor the communication data in the channel to be scanned based on a data capturing thread.
5. The method according to claim 4, wherein the determining, according to the channel scanning mode, a channel to be scanned from among the candidate channels corresponding to the network to be detected comprises:
if the channel scanning mode is to scan an appointed channel, determining an appointed channel identifier, and determining the channel to be scanned in the candidate channels according to the appointed channel identifier;
and if the channel scanning mode is to scan all channels, determining a channel scanning sequence, and sequentially using the candidate channels as the channels to be scanned according to the channel scanning sequence.
6. The method according to any one of claims 1-5, further comprising:
under the condition that the target network has encryption loopholes, decrypting the encrypted configuration data by using the preset encryption key to obtain a general encryption key;
decrypting the communication data captured by the data capture equipment in the target network by using the general encryption key to determine the type of the communication data;
under the condition that the communication data type is terminal control data, changing the terminal control data to obtain control change data;
sending the control change data to the target network through the data sending equipment so that the target terminal equipment in the target network feeds back control response data aiming at the control change data;
and determining whether the target network has a control vulnerability or not based on the control response data.
7. An apparatus for detecting a network security vulnerability, the apparatus comprising:
the network access request generating module is used for generating a network access request aiming at a target network for the data sending equipment based on the equipment identification information of the data sending equipment;
an encryption configuration data request module, configured to control the data sending device, and request the target network for encryption configuration data based on the network access request; the encrypted configuration data is obtained by capturing the encrypted configuration data from the target network through data capturing equipment, and the encrypted configuration data comprises equipment identification information of the data sending equipment;
the security vulnerability determining module is used for decrypting the encrypted configuration data by using a preset encryption key and determining whether the target network has a security vulnerability or not based on a decryption processing result and the equipment identification information;
the encrypted configuration data request module comprises: a network access request sending submodule, configured to control the data sending device to send the network access request to the target network, so that a target gateway device in the target network feeds back network access response data; the network access response data capturing submodule is used for controlling the data capturing equipment to capture the network access response data and determining time sequence information of the network access response data as a reference time sequence; and the time sequence response data feedback submodule is used for generating time sequence response data based on the reference time sequence and controlling the data sending equipment to feed back the time sequence response data to the target network so as to enable the target network to feed back the encrypted configuration data.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the network security vulnerability detection method according to any of claims 1-6.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the network security vulnerability detection method of any of claims 1-6 when executing the computer program.
CN202210881602.7A 2022-07-26 2022-07-26 Network security vulnerability detection method, device, medium and electronic equipment Active CN115001863B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210881602.7A CN115001863B (en) 2022-07-26 2022-07-26 Network security vulnerability detection method, device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210881602.7A CN115001863B (en) 2022-07-26 2022-07-26 Network security vulnerability detection method, device, medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN115001863A CN115001863A (en) 2022-09-02
CN115001863B true CN115001863B (en) 2022-11-22

Family

ID=83021438

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210881602.7A Active CN115001863B (en) 2022-07-26 2022-07-26 Network security vulnerability detection method, device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115001863B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170340B (en) * 2023-04-24 2023-07-14 图林科技(深圳)有限公司 Network security test evaluation method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022100020A1 (en) * 2020-11-16 2022-05-19 华为技术有限公司 Vulnerability testing method and apparatus

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108566656B (en) * 2018-04-13 2021-04-30 上海连尚网络科技有限公司 Method and equipment for detecting security of wireless network
CN111193699B (en) * 2019-08-23 2021-12-03 腾讯科技(深圳)有限公司 Method and device for detecting security vulnerability of ZigBee device
CN110908357B (en) * 2019-10-23 2020-12-15 深圳开源互联网安全技术有限公司 Security vulnerability detection method and device, storage medium and intelligent device
CN112640513B (en) * 2020-12-04 2022-05-13 华为技术有限公司 Method and device for detecting Bluetooth vulnerability attack

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022100020A1 (en) * 2020-11-16 2022-05-19 华为技术有限公司 Vulnerability testing method and apparatus

Also Published As

Publication number Publication date
CN115001863A (en) 2022-09-02

Similar Documents

Publication Publication Date Title
CN106533669B (en) The methods, devices and systems of equipment identification
KR102303689B1 (en) Systems and methods for establishing secure communication channels with Internet of Things (IoT) devices
KR102537363B1 (en) Systems and methods for secure Internet of Things (IoT) device provisioning
CN113099443B (en) Equipment authentication method, device, equipment and system
US11201886B2 (en) Security detection method, device, and apparatus
CN107948178A (en) Intelligent domestic system and information ciphering method and device, terminal
CN107947924A (en) Intelligent domestic system and information ciphering method and device, terminal
US20190306714A1 (en) Method and system for accessing wireless network by smart device
KR20170104180A (en) Electronic apparatus and method for performing authentication between electronic apparatuses
CN115001863B (en) Network security vulnerability detection method, device, medium and electronic equipment
CN104468614A (en) Smart home Internet of Things security control system
CN111352602A (en) Control method, device and equipment of LED screen and storage medium
CN109729000B (en) Instant messaging method and device
CN108282551B (en) Message identification processing method and device, monitoring equipment and readable storage medium
CN107872315B (en) Data processing method and intelligent terminal
CN106656966A (en) Method and device for intercepting service processing request
KR100978141B1 (en) Wired and wireless integration gateway and operation method thereof
CN111787514A (en) Method and device for acquiring equipment control data, storage medium and electronic device
CN116347656A (en) Bluetooth encryption connection method and device and electronic equipment
CN115955495A (en) Home control system, method and device, electronic equipment and storage medium
CN110381505B (en) Method and device for accessing network hard disk video recorder
CN116186722A (en) Household appliance data encryption method and device
CN114362997A (en) Data transmission method and device for intelligent equipment of transformer substation, intelligent equipment and medium
CN115174388B (en) Network updating method, device, equipment and storage medium for networking intelligent equipment
CN113949586B (en) Distributed high-efficiency Internet of things equipment access system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant