CN116137576A - Data security protection method and system for NB-IoT terminal - Google Patents
Data security protection method and system for NB-IoT terminal Download PDFInfo
- Publication number
- CN116137576A CN116137576A CN202310169079.XA CN202310169079A CN116137576A CN 116137576 A CN116137576 A CN 116137576A CN 202310169079 A CN202310169079 A CN 202310169079A CN 116137576 A CN116137576 A CN 116137576A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- packet
- data packet
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention relates to the technical field of the Internet of things, in particular to a data security protection method and system of an NB-IoT terminal, wherein the system comprises the NB-IoT terminal and a base station, a packet capturing module and an alarm module are deployed on the NB-IoT terminal, and a central control module, a data packet analysis storage module and a data analysis module are arranged on the base station; the method and the system solve the problem that the data security is difficult to guarantee after the NB-IoT terminals are interconnected.
Description
Technical Field
The invention relates to the technical field of the Internet of things, in particular to a data security protection method and system of an NB-IoT terminal.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
Along with the practical ideas of industry 4.0, smart city, smart agriculture, smart water affairs, etc., the interconnecting age of digital driving everything is accelerating. The narrowband internet of things (NarrowBandInternetof Things, NB-IoT) is an important branch of the internet of everything as an emerging technology that can be widely used worldwide. The NB-IoT is built in the cellular network, consumes only about 180kHz bandwidth, and can be directly deployed in the GSM network, the UMTS network or the LTE network, so that the deployment cost is reduced, and smooth upgrading is realized. NB-IoT is finding great attention and is rapidly evolving due to its four advantages of low power consumption, low cost, strong links, high coverage.
With wide deployment of commercial scenes and multiple growth of internet of things equipment brought by the NB-IoT technology, the industry faces new challenges for the NB-IoT technology, and in a typical scene, how to ensure data security after interconnection of NB-IoT terminals becomes a concern in the internet of things industry, for example, in the fields of water meters, gas meters and the like, which relate to charging and payment, once the situation that data is hijacked and tampered occurs, immeasurable losses are caused for operators and terminal clients. Currently, NB-IoT terminals still use schemes such as terminal authentication, anti-attack, security reinforcement, security management, etc. to maintain data security, and these methods have poor pertinence and defenses, so industry's appeal for improving NB-IoT device security level is increasingly urgent.
Disclosure of Invention
The invention aims to provide a data security protection method and system for NB-IoT terminals, which are used for solving the problem that the data security of the NB-IoT terminals after interconnection is difficult to guarantee.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a first aspect of the present invention provides a data security protection method for an NB-IoT terminal, the method comprising:
s1, a packet grabbing module grabs a data packet in real time and sends the data packet to a data packet analysis storage module;
s2, the data packet analysis storage module sends the data packet to the data analysis module;
s3, judging whether the data packet contains intrusion characteristic data or not by the data analysis module, wherein the method comprises the following substeps:
(1) The data comparison unit in the data analysis module compares the data in the data packet with the intrusion characteristic data stored in the data storage unit, when the data in the data packet is the same as the intrusion characteristic data stored in the data storage unit, the data comparison unit sends a signal to the alarm module, the alarm module outputs an alarm signal, and when the data in the data packet is different from the intrusion characteristic data stored in the data storage unit, the data comparison unit sends the data packet to the data detection unit for detection;
(2) When the data detection unit detects that the data packet contains intrusion characteristic data, the data detection unit sends a signal to the alarm module, the alarm module outputs an alarm signal, and meanwhile, the data detection unit sends the data packet to the data storage unit for storage;
when the data detection unit judges that the data in the data packet is normal, the data detection unit sends the data packet to the data deletion unit, and the data deletion unit generates a data deletion instruction to delete the data packet.
A second aspect of the invention provides a three-dimensional reconstruction system for a deep convolutional network, comprising: the system comprises an NB-IoT terminal and a base station, wherein a packet grabbing module and an alarm module are deployed on the NB-IoT terminal, and the packet grabbing module is configured to: acquiring data packet information, copying the data packet information to a cache, and waiting for the call of a data packet analysis storage module; the alarm module is configured to: the alarm device is used for outputting an alarm signal;
the base station is provided with a central control module, a data packet analysis and storage module and a data analysis module;
the data packet parsing storage module is configured to: analyzing data information according to the protocol packet header of the data packet, explaining the data information, and finally transmitting the data to a data analysis module to wait for the data analysis module to read the data;
the data analysis module is configured to: the system comprises a data comparison unit, a data storage unit, a data detection unit and a data deletion unit, wherein the data comparison unit is respectively connected with the data storage unit, the data detection unit and the alarm module; the central control module is configured to: the system is electrically connected with the packet grabbing module, the data packet analysis and storage module, the data analysis module and the alarm module respectively and used for controlling the operation of the packet grabbing module, the data packet analysis and storage module, the data analysis module and the alarm module.
Compared with the prior art, the invention has the beneficial effects that: the modularized design is adopted, so that the program development can be effectively carried out, and the debugging and the modification are convenient; the data comparison unit reduces the time of data detection, quickly and effectively identifies the intrusion characteristic data, improves the speed of identifying attack, and reduces the workload of the data detection unit; the data packet analysis storage module and the data analysis module are arranged, so that the pertinence and the defensive power are strong.
Drawings
Fig. 1 is a block diagram of a system in accordance with the present invention.
Detailed Description
The invention will be described in detail below with reference to the drawings in connection with embodiments.
It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
It is noted that the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and systems according to various embodiments of the present disclosure. It should be noted that each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the logical functions specified in the various embodiments. It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by special purpose hardware-based systems which perform the specified functions or operations, or combinations of special purpose hardware and computer instructions.
Example 1
The embodiment provides a data security protection method of an NB-IoT terminal, which comprises the following steps:
s1, a packet grabbing module grabs a data packet in real time and sends the data packet to a data packet analysis storage module;
s2, the data packet analysis storage module sends the data packet to the data analysis module;
s3, judging whether the data packet contains intrusion characteristic data or not by the data analysis module, wherein the method comprises the following substeps:
(1) The data comparison unit in the data analysis module compares the data in the data packet with the intrusion characteristic data stored in the data storage unit, when the data in the data packet is the same as the intrusion characteristic data stored in the data storage unit, the data comparison unit sends a signal to the alarm module, the alarm module outputs an alarm signal, and when the data in the data packet is different from the intrusion characteristic data stored in the data storage unit, the data comparison unit sends the data packet to the data detection unit for detection;
(2) When the data detection unit detects that the data packet contains intrusion characteristic data, the data detection unit sends a signal to the alarm module, the alarm module outputs an alarm signal, and meanwhile, the data detection unit sends the data packet to the data storage unit for storage;
when the data detection unit judges that the data in the data packet is normal, the data detection unit sends the data packet to the data deletion unit, and the data deletion unit generates a data deletion instruction to delete the data packet.
Preferably, the packet grabbing module adopts a libpcap development packet. The libpcap development kit is a library of packet capturing functions for accessing the data link layer. Application steps of the Libpcap development kit are as follows: 1. an interface (network card) to sniff is defined. 2. Open the handle and set parameters. 3. Filtering the communication: a filter expression is constructed, then compiled, and finally applied.
The filter expression is, for example, as follows:
srchost192.168.1.177: only receiving the data packet with the source ip address of 192.168.1.177; dstport80: only receiving packets with destination port80 of tcp/udp; nottcp: only receiving data packets which do not use tcp protocol; tcp [13] = 0x02and (dstport 22ordstport 23): only packets (byte 13 from the start of the tcp header) with a SYN flag bit set and a destination port of 22or 23 are received.
The filtering expression is compiled using a pcap_common function.
Preferably, the data storage unit employs a mysql database. And in the step of comparing the data in the data packet with the intrusion characteristic data stored in the data storage unit by the data comparison unit, the query of the intrusion characteristic data in the mysql database can be carried out by adopting the connection of the C language and the mysql database, and the comparison is completed by using the C language.
Example two
As shown in fig. 1, the present embodiment provides a data security protection system of an NB-IoT terminal, including:
the NB-IoT terminal is provided with a packet grabbing module and an alarm module, wherein the packet grabbing module is configured to: acquiring data packet information, copying the data packet information to a cache, and waiting for the call of a data packet analysis storage module; the alarm module is configured to: the method is used for outputting warning signals, so that workers can conveniently cut off the connection between the NB-IoT terminal and the base station, the connection is processed quickly, and other NB-IoT terminals are prevented from being attacked;
the base station is provided with a central control module, a data packet analysis and storage module and a data analysis module;
the data packet parsing storage module is configured to: analyzing data information according to the protocol packet header of the data packet, explaining the data information, and finally transmitting the data to a data analysis module to wait for the data analysis module to read the data;
the data analysis module is configured to: the system comprises a data comparison unit, a data storage unit, a data detection unit and a data deletion unit, wherein the data comparison unit is respectively connected with the data storage unit, the data detection unit and the alarm module;
the central control module is configured to: the system is electrically connected with the packet capturing module, the data packet analysis and storage module, the data analysis module and the alarm module respectively, and is used for controlling the operation of the packet capturing module, the data packet analysis and storage module, the data analysis module and the alarm module, and the operation of threads can be utilized.
The packet capturing module captures the data packets based on the Ethernet. Ethernet (Ethernet) has the feature of a shared medium, information being transmitted in the form of plain text over the network. The ethernet of the IEEE802.3 standard adopts a continuous CSMA manner, and it is the ethernet adopts such a broadcast channel contention manner, so that each station may obtain data sent by other stations. Applying this principle enables the information capture system to intercept our desired information, which is the physical basis for capturing data packets.
The intrusion characteristic data detected by the data detection unit are as follows: land attack, TCPSYN attack, pingafDeath attack, winNuke attack, TCP/UDP port scanning, synscan port scanning and the like can be realized through a function call flow.
While the preferred embodiments of the present patent have been described in detail, the present patent is not limited to the above embodiments, and various changes may be made without departing from the spirit of the present patent within the knowledge of those skilled in the art.
Claims (4)
1. A data security protection method for NB-IoT terminals, characterized in that:
s1, a packet grabbing module grabs a data packet in real time and sends the data packet to a data packet analysis storage module;
s2, the data packet analysis storage module sends the data packet to the data analysis module;
s3, judging whether the data packet contains intrusion characteristic data or not by the data analysis module, wherein the method comprises the following substeps:
(1) The data comparison unit in the data analysis module compares the data in the data packet with the intrusion characteristic data stored in the data storage unit, when the data in the data packet is the same as the intrusion characteristic data stored in the data storage unit, the data comparison unit sends a signal to the alarm module, the alarm module outputs an alarm signal, and when the data in the data packet is different from the intrusion characteristic data stored in the data storage unit, the data comparison unit sends the data packet to the data detection unit for detection;
(2) When the data detection unit detects that the data packet contains intrusion characteristic data, the data detection unit sends a signal to the alarm module, the alarm module outputs an alarm signal, and meanwhile, the data detection unit sends the data packet to the data storage unit for storage;
when the data detection unit judges that the data in the data packet is normal, the data detection unit sends the data packet to the data deletion unit, and the data deletion unit generates a data deletion instruction to delete the data packet.
2. The method for protecting data security of NB-IoT terminals according to claim 1, wherein: the packet grabbing module adopts a Libpcap to develop a packet.
3. The method for protecting data security of NB-IoT terminals according to claim 1, wherein: the data storage unit adopts a mysql database.
4. A data security protection system for NB-IoT terminals, comprising NB-IoT terminals and a base station, characterized in that:
the NB-IoT terminal is provided with a packet grabbing module and an alarm module, wherein the packet grabbing module is configured to: acquiring data packet information, copying the data packet information to a cache, and waiting for the call of a data packet analysis storage module; the alarm module is configured to: the alarm device is used for outputting an alarm signal;
the base station is provided with a central control module, a data packet analysis and storage module and a data analysis module;
the data packet parsing storage module is configured to: analyzing data information according to the protocol packet header of the data packet, explaining the data information, and finally transmitting the data to a data analysis module to wait for the data analysis module to read the data;
the data analysis module is configured to: the system comprises a data comparison unit, a data storage unit, a data detection unit and a data deletion unit, wherein the data comparison unit is respectively connected with the data storage unit, the data detection unit and the alarm module;
the central control module is configured to: the system is electrically connected with the packet grabbing module, the data packet analysis and storage module, the data analysis module and the alarm module respectively and used for controlling the operation of the packet grabbing module, the data packet analysis and storage module, the data analysis module and the alarm module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310169079.XA CN116137576A (en) | 2023-02-27 | 2023-02-27 | Data security protection method and system for NB-IoT terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310169079.XA CN116137576A (en) | 2023-02-27 | 2023-02-27 | Data security protection method and system for NB-IoT terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116137576A true CN116137576A (en) | 2023-05-19 |
Family
ID=86326935
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310169079.XA Pending CN116137576A (en) | 2023-02-27 | 2023-02-27 | Data security protection method and system for NB-IoT terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116137576A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130227689A1 (en) * | 2012-02-17 | 2013-08-29 | Tt Government Solutions, Inc. | Method and system for packet acquisition, analysis and intrusion detection in field area networks |
US20190182278A1 (en) * | 2016-12-12 | 2019-06-13 | Gryphon Online Safety, Inc. | Method for protecting iot devices from intrusions by performing statistical analysis |
US20190244496A1 (en) * | 2018-02-02 | 2019-08-08 | Mitchell Tucker | Infrasonic smart home security system |
CN111768589A (en) * | 2020-05-08 | 2020-10-13 | 西安电子科技大学 | Accumulated water monitoring alarm control method, system, storage medium, program and terminal |
KR20210078338A (en) * | 2019-12-18 | 2021-06-28 | 주식회사 포휴먼테크 | Intrusion detection system combining high performance rader and machine learning |
-
2023
- 2023-02-27 CN CN202310169079.XA patent/CN116137576A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130227689A1 (en) * | 2012-02-17 | 2013-08-29 | Tt Government Solutions, Inc. | Method and system for packet acquisition, analysis and intrusion detection in field area networks |
US20190182278A1 (en) * | 2016-12-12 | 2019-06-13 | Gryphon Online Safety, Inc. | Method for protecting iot devices from intrusions by performing statistical analysis |
US20190244496A1 (en) * | 2018-02-02 | 2019-08-08 | Mitchell Tucker | Infrasonic smart home security system |
KR20210078338A (en) * | 2019-12-18 | 2021-06-28 | 주식회사 포휴먼테크 | Intrusion detection system combining high performance rader and machine learning |
CN111768589A (en) * | 2020-05-08 | 2020-10-13 | 西安电子科技大学 | Accumulated water monitoring alarm control method, system, storage medium, program and terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112085039B (en) | ICMP hidden channel detection method based on random forest | |
CN101599963B (en) | Suspected network threat information screener and screening and processing method | |
CN111935170A (en) | Network abnormal flow detection method, device and equipment | |
CN107612890B (en) | Network monitoring method and system | |
CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
CN105357137B (en) | Message filtering method and the FPGA being applicable in, intelligent substation | |
CN105337951A (en) | Method and device carrying out path backtracking for system attack | |
CN112788014B (en) | Ethernet intrusion detection method based on vehicle-mounted MCU | |
WO2011134739A1 (en) | Method for searching for message sequences, protocol analysis engine and protocol analyzer | |
CN109451486B (en) | WiFi acquisition system based on detection request frame and WiFi terminal detection method | |
CN114205126A (en) | Method, device and medium for attack detection in industrial system | |
CN108833430B (en) | Topology protection method of software defined network | |
CN112422506B (en) | Intrusion detection defense method and system based on DoIP protocol | |
CN107360182A (en) | One kind is used for Embedded Active Networks system of defense and its defence method | |
CN114465796A (en) | Safety protection method applied to vehicle-mounted firewall | |
CN112422567A (en) | Network intrusion detection method for large flow | |
CN105743702A (en) | GOOSE message subscription recognizing method | |
CN111641951A (en) | 5G network APT attack tracing method and system based on SA architecture | |
CN112929239B (en) | Detection method for resetting TCP link by firewall | |
CN110958245A (en) | Attack detection method, device, equipment and storage medium | |
FR2888695A1 (en) | DETECTION OF INTRUSION BY MISMATCHING DATA PACKETS IN A TELECOMMUNICATION NETWORK | |
CN102547714A (en) | Method for preventing flooding attack in wireless local area network | |
CN116137576A (en) | Data security protection method and system for NB-IoT terminal | |
CN114285769B (en) | Shared internet surfing detection method, device, equipment and storage medium | |
CN113285937B (en) | Safety audit method and system based on traditional substation configuration file and IEC103 protocol flow |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |