CN116566652A - Network security operation method and system based on Internet of things equipment - Google Patents
Network security operation method and system based on Internet of things equipment Download PDFInfo
- Publication number
- CN116566652A CN116566652A CN202310374260.4A CN202310374260A CN116566652A CN 116566652 A CN116566652 A CN 116566652A CN 202310374260 A CN202310374260 A CN 202310374260A CN 116566652 A CN116566652 A CN 116566652A
- Authority
- CN
- China
- Prior art keywords
- internet
- equipment
- things
- things equipment
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000006854 communication Effects 0.000 claims abstract description 67
- 238000004891 communication Methods 0.000 claims abstract description 66
- 238000012544 monitoring process Methods 0.000 claims abstract description 26
- 238000013527 convolutional neural network Methods 0.000 claims description 22
- 238000012549 training Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 8
- 238000009826 distribution Methods 0.000 claims description 7
- 238000010248 power generation Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 6
- 239000004973 liquid crystal related substance Substances 0.000 claims 4
- 238000005516 engineering process Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 13
- 238000007726 management method Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000013528 artificial neural network Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 238000013135 deep learning Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- QVFWZNCVPCJQOP-UHFFFAOYSA-N chloralodol Chemical compound CC(O)(C)CC(C)OC(O)C(Cl)(Cl)Cl QVFWZNCVPCJQOP-UHFFFAOYSA-N 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000010348 incorporation Methods 0.000 description 1
- 230000005764 inhibitory process Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention relates to a network security operation method and system based on Internet of things equipment, which is characterized by comprising the following steps: step 1, defining equipment types and service rights of the Internet of things equipment based on operation rules of the Internet of things equipment; and 2, monitoring the data flow of the current Internet of things equipment in real time, when the data flow of the current Internet of things equipment is found to be inconsistent with the equipment type and the service authority, sending out a communication alarm for the current Internet of things equipment, and disabling the communication port of the current Internet of things equipment. The method is effective and reliable, the unique attribute of the self data of the Internet of things equipment is fully utilized, the correlation between the equipment type and the data content is realized by utilizing an intelligent algorithm, the real-time monitoring of network ports, service flow, service authority and the like is realized, and the complete safety protection of the Internet of things is realized.
Description
Technical Field
The invention relates to the field of communication, in particular to a network security operation method and system based on Internet of things equipment.
Background
Currently, in the technical field of internet of things safety protection, there is a current situation that a large number of different devices are accessed into the same local area network. Because of the difference of product characteristics, the difference of technical factors among various large Internet of things equipment manufacturers can lead various Internet of things equipment to be accessed into a network by adopting different communication protocols or communication modes. For example, currently employed communication protocols include proprietary protocols, zigBee, 802.15.4e, sigFox, loRa, 802.11x, etc., which are not secure by themselves.
For network protection of these internet of things devices, the existing internet of things security technologies mostly adopt the following key technologies: data processing and security technology, key management mechanism technology, security routing protocol technology, authentication and access control technology, intrusion detection and fault tolerance mechanism technology, security analysis and delivery mechanism technology, interface protection technology, internet of things device fingerprint technology and the like. At present, a large number of networks where the Internet of things devices are located are all based on the bottom layer basic protection technology, and the technologies of flow monitoring, behavior analysis and the like of the upper layer application are combined to realize the asset management, safety access and protection functions of the devices.
Therefore, generally speaking, in the process of accessing the internet of things device to the network, the internet of things device needs to be in network docking through a public standard protocol, or the network docking is realized through a manufacturer protocol, and then the internet of things device is accessed to the central management platform software to perform data reading and monitoring. A common way to identify device uniqueness is to generate a unique ID at the application layer for the accessed device, but in this way there is considerable impersonation and replaceability.
In addition, in recent years, security protection on an access network of an internet of things device can generally adopt an internet of things device fingerprint technology. The core principle is that a series of fixed private information related to each device is generated through the attributes of an operating system, a manufacturer ID, an MAC address, a port number, an IP address, a protocol message type and the like of the device, so that the uniqueness of the device is identified. The internet of things platform can identify equipment through the equipment fingerprint library, can block and alarm equipment in the non-fingerprint library, and can reduce the counterfeiting and replaceability of the equipment through the uniqueness of the equipment fingerprint identification equipment. However, this technology has not been sufficiently and effectively applied to the internet of things.
At the same time, the above-mentioned techniques still have a large degree of limitations. For example, in order to accurately adopt the fingerprint technology of the internet of things device, the internet of things device needs to accurately input relevant fingerprint information of the device, such as an operating system, a manufacturer ID, a MAC address, a port number, an IP address, and the like, of the device in the process of grid connection. The initial grid-connected management process of the internet of things equipment needs to consume a great deal of manpower and material resources, and meanwhile, artificial errors are still difficult to avoid.
In addition, the internet of things equipment realizes network incorporation through different network protocols, at present, most networks only allow unidirectional uplink communication of the internet of things equipment, and new services of part of power systems gradually allow the internet of things equipment to serve as a control end to realize service issuing and sharing. However, in this case, after the device accesses the network, the full port corresponding to the device can be used by default without prior human intervention, and the device traffic can go to the network that it can access at will, but without any early warning and limitation, so that there is a great potential safety hazard. If human intervention exists, the problem of counterfeiting and the problem of insufficient efficiency of human intervention exist at the same time, and meanwhile, the problem of large consumption of a large amount of manpower management for defining service authority exists due to the large number of the devices of the Internet of things.
Furthermore, in order to ensure the normal operation of the network and prevent the overload of the data port traffic, professional network operation and maintenance personnel are more required to perform artificial limitation on the traffic of each device. The artificial limitation can cause various improper conditions, so that potential safety hazards can be caused to equipment and a network, and the running efficiency of network equipment resources is greatly reduced.
In view of the above, there is a need for a network security operation method based on an internet of things device.
Disclosure of Invention
In order to solve the defects in the prior art, the invention provides a network safe operation method and system based on the Internet of things equipment.
The invention adopts the following technical scheme.
The invention relates to a network security operation method based on Internet of things equipment, which comprises the following steps: step 1, defining equipment types and service rights of the Internet of things equipment based on operation rules of the Internet of things equipment; and 2, monitoring the data flow of the current Internet of things equipment in real time, when the data flow of the current Internet of things equipment is found to be inconsistent with the equipment type and the service authority, sending out a communication alarm aiming at the current Internet of things equipment, and disabling the communication port of the current Internet of things equipment.
Preferably, the device type is allocated to the current internet of things device in advance; when the data traffic of the current Internet of things equipment is monitored in real time, the current Internet of things equipment is found for the first time, and the equipment type of the current Internet of things equipment is judged based on the current data traffic of the current Internet of things equipment.
Preferably, determining the device type of the current internet of things device based on the current data traffic of the current internet of things device further includes: extracting feature data in a binary file from the current data flow, and orderly combining the feature data into a plurality of tensors; constructing a convolutional neural network, and solving the convolutional neural network by taking a plurality of tensors as inputs; and based on the output characteristics of the convolutional neural network, the judgment of the type of the current Internet of things equipment is realized.
Preferably, the convolutional neural network is pre-constructed; the training set, the verification set and the test set in the convolutional neural network are acquired based on the historical data flow of the Internet of things equipment; the historical data flow comprises the correct equipment type of the internet of things equipment.
Preferably, the equipment types of the internet of things equipment comprise IPC equipment, NVR equipment, access control equipment, power generation control equipment and sensor equipment; the service rights of the internet of things devices are defined based on permission communication rules, limitation communication rules or prohibition communication rules between the internet of things devices with different device types.
Preferably, a communication rule is permitted, allowing communication between two devices of the same or different device types; limiting communication rules, allowing communication between two devices of the same or different device types in a specific direction, with a specific data traffic; and prohibiting communication rules, and prohibiting communication between two devices of the same or different device types.
Preferably, the data traffic of the current internet of things equipment is monitored in real time, and the equipment type and the target address of the current internet of things equipment are judged based on the current data traffic; the method comprises the steps of calling a device type and a service authority which are pre-allocated to current Internet of things device, comparing the device type with the pre-allocated device type, and comparing a target address with the service authority; if the comparison result is inconsistent, a communication alarm is sent out aiming at the current Internet of things equipment.
Preferably, when a communication alarm is sent, recording the accumulated data volume of illegal data traffic existing in the current internet of things equipment; and when the accumulated data quantity exceeds the set threshold, disabling an uplink data port of the current Internet of things device.
Preferably, comparing the target address with the service authority further comprises: based on the equipment type of the target address, confirming the service authority between the current Internet of things equipment and the target Internet of things equipment; and judging whether the current data flow accords with the constraint of the service authority between the current internet of things equipment and the target internet of things equipment.
The second aspect of the invention relates to a network security operation system based on the Internet of things equipment, and the system is used for realizing the steps in the method of the first aspect of the invention; the system comprises a permission distribution module and a monitoring and early warning module; the permission distribution module is used for defining the equipment type and the service permission of the Internet of things equipment based on the operation rule of the Internet of things equipment; the monitoring and early warning module is used for monitoring the data flow of the current Internet of things equipment in real time, sending out a communication alarm for the current Internet of things equipment when the data flow of the current Internet of things equipment is not consistent with the equipment type and the service authority, and disabling the communication port of the current Internet of things equipment.
Compared with the prior art, the network security operation method and system based on the Internet of things equipment have the advantages that the type and the service authority of the Internet of things equipment are defined, the convolution neural network is adopted, the validity of the equipment data is automatically judged according to the real-time data flow of the equipment, and therefore management of the communication layer is achieved on the Internet of things equipment. The method is effective and reliable, the unique attribute of the self data of the Internet of things equipment is fully utilized, the correlation between the equipment type and the data content is realized by utilizing an intelligent algorithm, the real-time monitoring of network ports, service flow, service authority and the like is realized, and the complete safety protection of the Internet of things is realized.
The beneficial effects of the invention also include:
1. the invention analyzes and processes the data generated by the access equipment and automatically identifies the type of the equipment, thereby realizing the distribution of the authority function of the relevant network of the equipment and ensuring the safe operation of the internet-of-things equipment under the network. The device type is automatically identified by using the deep learning technology, the device type identification and the network authority allocation are automatically realized according to the type, the efficiency and the accuracy are greatly improved, the cost and the time of manual intervention are reduced, and the safety and the stability of a network are ensured.
2. The monitoring and early warning module can timely discover and process the network security problem, ensure the real-time performance and reliability of the network, and realize the network blocking technology of automatic network region authority limit.
Drawings
FIG. 1 is a schematic diagram of steps of a network security operation method based on an Internet of things device;
fig. 2 is a schematic diagram of service implementation of a network security operation method based on an internet of things device according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. The described embodiments of the invention are only some, but not all, embodiments of the invention. All other embodiments of the invention not described herein, which are obtained from the embodiments described herein, should be within the scope of the invention by those of ordinary skill in the art without undue effort based on the spirit of the present invention.
Fig. 1 is a schematic step diagram of a network security operation method based on an internet of things device. As shown in fig. 1, the first aspect of the present invention relates to a network security operation method based on an internet of things device, and the method includes step 1 and step 2.
Step 1, defining the equipment type and the service authority of the Internet of things equipment based on the operation rule of the Internet of things equipment.
In the invention, considering the actual demands of the network where the Internet of things equipment is located, the permission control is carried out in a communication mode of each kind of Internet of things equipment, and the equipment type and permission information of the Internet of things equipment need to be defined according to the actual demands.
Preferably, the equipment types of the internet of things equipment comprise IPC equipment, NVR equipment, access control equipment, power generation control equipment and sensor equipment; the service rights of the internet of things devices are defined based on permission communication rules, limitation communication rules or prohibition communication rules between the internet of things devices with different device types.
In an embodiment of the present invention, the internet of things may be applied to a power plant network, for example, a thermal power plant.
Specifically, the IPC (IP Camera) device in the invention is a network camera device, and the NVR (Network Video Recorder) device is a network video recorder, which can be used for realizing the storage and forwarding of network video monitoring. The access device may include a door for controlling the passage of a power plant or the like. The power generation control device may include various related devices for controlling and monitoring power generation, and the sensor device may be a sensor device for collecting various data of the thermal power plant, such as a temperature sensor, a pressure sensor, a flow sensor, etc.
Of course, the internet of things similar to the application can also be applied to various industries and various businesses to provide similar or different functions. Therefore, the device type and the service authority of the internet of things device can be reasonably improved or defined according to the functions and actual requirements.
And the service authority of the internet of things device can be defined according to the respective device types of any two internet of things devices in a communication state. The service authority may include a direct or indirect communication connection between two devices, and is not limited to communication between an internet of things device and an uplink network.
Specifically, a communication rule is permitted to allow communication between two devices of the same or different device types; limiting communication rules, allowing communication between two devices of the same or different device types in a specific direction, with a specific data traffic; and prohibiting communication rules, and prohibiting communication between two devices of the same or different device types.
It can be appreciated that in an embodiment of the present invention, the IPC device and the NVR device may communicate with each other, the IPC device, the NVR device and some gate inhibition devices may communicate, and the IPC device, the NVR device, the power generation control device and the sensor device may not communicate. In the prior art, the ports, protocol types and the like which can be used by the equipment can be identified according to the manufacturer, the equipment type and the private characteristics of the equipment, so that the allowed and forbidden communication modes, communication traffic and the like are further defined.
The specific directions mentioned above may be such that one device type is able to send data to another device type, while the reverse direction is not able to support communication. Certain data traffic communication, which may be one-way communication between two devices, is limited, e.g., only a certain number of data packets, or transmission of data packets of a certain length, can be supported for a set period of time.
In this application, the definition of the rule may be implemented by the rights allocation module. The rights assignment module may be implemented based on a network management platform, for example, by a user-oriented network management platform, and entering specific rules into the platform based on the needs of a network administrator, so as to control that a certain device can only communicate with certain other devices, or that a certain device can only communicate with a specified device.
And 2, monitoring the data flow of the current Internet of things equipment in real time, when the data flow of the current Internet of things equipment is found to be inconsistent with the equipment type and the service authority, sending out a communication alarm aiming at the current Internet of things equipment, and disabling the communication port of the current Internet of things equipment.
According to the method and the system, after the determined equipment operation rules are defined, the real-time monitoring of the data flow of each piece of equipment of the Internet of things in the network can be realized based on a full-automatic mode. Specifically, the monitoring mode can capture, filter and analyze the data message through a data transmission port of the acquisition switch or the internet of things equipment, for example, by adopting protocol analysis software such as Wireshark. Through the software, the invention can grab various data packets on the network, thereby reasonably analyzing the data packets. Fig. 2 is a schematic diagram of service implementation of a network security operation method based on an internet of things device according to the present invention. As shown in fig. 2, the data acquisition module may be configured to implement the packet capturing function described above, thereby implementing capturing of various data traffic. In one embodiment of the present invention, the data traffic may be in the form of data packets implemented according to various types of communication protocols.
Specifically, the method can be used for allocating a device type to each Internet of things device in advance. The device type information may be stored locally on the internet of things device or on a switch connected to the internet of things device, similar to the service rights. After the type of the device is obtained, the method supports interception of the current data flow, judges which device the data packet is supposed to come from by analyzing the characteristic information in the current data packet, and compares the device with the pre-allocated device type so as to judge whether the current data packet is legal or not.
Preferably, the device type is allocated to the current internet of things device in advance; when the data traffic of the current Internet of things equipment is monitored in real time, the current Internet of things equipment is found for the first time, and the equipment type of the current Internet of things equipment is judged based on the current data traffic of the current Internet of things equipment.
It can be understood that, in the invention, if an unregistered new device is found, the unregistered new device can also be automatically registered in the internet of things by an analysis method for data traffic of the unregistered new device. By the mode, the steps and programs for manually and accurately inputting all fingerprint information of the equipment into the management platform by operation and maintenance personnel are not needed, and the management of the equipment of the Internet of things is greatly simplified by the mode.
It can be understood that the process of registering the new device in the present invention may be similar to the process of determining the current data traffic, and the specific idea is to determine, according to the feature information in the data packet, which of the devices of the internet of things to which these features should be matched.
Preferably, determining the device type of the current internet of things device based on the current data traffic of the current internet of things device further includes: extracting feature data in a binary file from the current data flow, and orderly combining the feature data into a plurality of tensors; constructing a convolutional neural network, and solving the convolutional neural network by taking a plurality of tensors as inputs; and based on the output characteristics of the convolutional neural network, the judgment of the type of the current Internet of things equipment is realized.
In the present invention, as shown in fig. 2, the device type identification module can classify the data packet, thereby classifying the type of the device generating the data, and recording what kind of device is the information such as IP, MAC address, etc. of the device.
Specifically, the invention can obtain the binary file from the package capture software and extract important format data based on the information of the binary file, thereby obtaining the binary data set. For example, the binary file may include an important profile of a physical layer data frame, information of a data link layer ethernet frame header, internet layer IP header information, data segment header information of a transport layer, HTTP protocol of an application layer, and other various information. In addition, the binary file may also include the length, type, data content actually carried, etc. of the data packet. The information can be used for analyzing the communication protocol adopted in the communication process of the equipment and the connection mode with the network, and can define possible type information of the equipment according to the data content on the premise of lacking the equipment type. Thus, the present invention can extract the particular fields of interest from the binary file according to the particular format of the binary file and combine these fields into a binary data set.
In one embodiment of the invention, the discrimination of information in binary data sets is realized by adopting a convolutional neural network. Thus, in the present invention, each item of data in these binary data sets can be organized in a reasonable order as a high-dimensional tensor, i.e., like pixel information in an image. In this way, the data content is organized into a format of input data that can be input to the convolutional neural network.
The convolutional neural network of the present invention is predefined and the initial data set of the convolutional neural network can be obtained in advance from various known device types and device typical data packets. Through multiple training, the important parameters in the convolutional neural network can be determined according to the content in the prior art, and can also be improved in the training process. The loss function, optimizer, evaluation index, etc. may then be defined according to what is common in the prior art.
In one embodiment of the invention, the convolutional neural network is a single-channel network, which is built using a hundred-degree open source framework. In the network, a plurality of convolution layers, a pooling layer and a full connection layer are included, and a specific construction mode can be rationally improved according to the training effect and the equipment classification mode.
Preferably, the convolutional neural network is pre-constructed; the training set, the verification set and the test set in the convolutional neural network are acquired based on the historical data flow of the Internet of things equipment; the historical data flow comprises the correct equipment type of the internet of things equipment.
It can be appreciated that the training set in the convolutional neural network can be used to train the model, adjust model parameters, and optimize model performance. The verification set is used for evaluating the model and selecting the training round with the best performance. The test set is used for testing the model and evaluating the performance and accuracy of the model. In the method, not only is the model pre-constructed, but also the model is deployed into a production environment after training, and is actually applied, and the data content in the training set, the testing set and the verification set can be pre-acquired in various modes and the data is fully and reliably ensured.
It should be noted that, the historical data traffic may be various data packets collected in a historical manner, and in order to realize training and verification of the model, in the verification set, the accuracy of the data content in the data packet, the validity of the data packet, and the accuracy of the type of the internet of things device to which the data packet belongs may be calibrated according to a manual manner or the like. It can be understood that the invention automatically identifies the type of the equipment by using the deep learning technology, and automatically distributes relevant network authorities according to the type, thereby ensuring the safety and stability of the network.
Preferably, the data traffic of the current internet of things device is monitored in real time, and the device type and the target address of the current internet of things device are judged based on the current data traffic; the method comprises the steps of calling a device type and a service authority which are pre-allocated to current Internet of things device, comparing the device type with the pre-allocated device type, and comparing a target address with the service authority; if the comparison result is inconsistent, a communication alarm is sent out aiming at the current Internet of things equipment.
It can be understood that when the data packet is collected for the current internet of things device, the data type corresponding to the current data flow can be determined. If the device is not initially accessed, monitoring whether the data packet and the recorded device type match, and if not, issuing an alarm. In addition, if there is a problem with the rights of the device, for example, a packet of the current device can be matched with the device type, but the device type corresponding to the packet cannot be given to another type of device. Verification of the device rights may also be accomplished by identifying the target address. Thus, this approach also achieves a reasonable sense of device rights allocation.
Preferably, comparing the target address with the service authority further comprises: based on the equipment type of the target address, confirming the service authority between the current Internet of things equipment and the target Internet of things equipment; and judging whether the current data flow accords with the constraint of the service authority between the current internet of things equipment and the target internet of things equipment.
In particular, the present invention may employ various means of the prior art to obtain the destination address of the data packet, or other related information similar to the destination address, such as information of the original data requesting device carried in the data packet, and so on. In this way, the method can obtain the sending address and the destination address of the current data flow, and can analyze whether the current data flow is matched with the service authority by the type of the equipment where the two addresses are located. Therefore, the monitoring and early warning module can actually monitor and early warn the data packet communication mode on the basis of the authority allocation module.
Preferably, when a communication alarm is sent, the accumulated data quantity of illegal data traffic existing in the current Internet of things equipment is recorded; and when the accumulated data quantity exceeds the set threshold, disabling an uplink data port of the current Internet of things device.
It can be understood that if the illegal data traffic exceeds a certain threshold, the switch at the starting end of the device can be called to disable the IP, so that the network traffic of the device is blocked physically, the safety degree of the device and the network is ensured more fundamentally, and various malicious network attacks are prevented more effectively.
According to the method, the type of the equipment of the Internet of things is identified by grabbing the flow data, so that the network blocking limited by the authority of the automatic network area is generated, the cost and time of manual intervention are reduced, the network safety problem is found and processed in time, and the real-time performance and reliability of the network are ensured.
The second aspect of the invention relates to a network security operation system based on the Internet of things equipment, and the system is used for realizing the steps of the method in the first aspect of the invention; the system comprises a permission distribution module and a monitoring and early warning module; the permission distribution module is used for defining the equipment type and the service permission of the Internet of things equipment based on the operation rule of the Internet of things equipment; the monitoring and early warning module is used for monitoring the data flow of the current Internet of things equipment in real time, sending out a communication alarm for the current Internet of things equipment when the data flow of the current Internet of things equipment is not consistent with the equipment type and the service authority, and disabling the communication port of the current Internet of things equipment.
It may be understood that, in order to implement each function in the method provided in the foregoing embodiments of the present application, the network secure operating system includes a corresponding hardware structure and/or software module for executing each function. Those of skill in the art will readily appreciate that the algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as hardware or a combination of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the application can divide the functional modules of the network security operation system according to the method example, for example, each functional module can be divided corresponding to each function, or two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
The network security operating system may be implemented by one or more data processing devices including at least one processor, a bus system, and at least one communication interface. The processor is comprised of a central processing unit, field programmable gate array, application specific integrated circuit, or other hardware. The memory is composed of a read-only memory, a random access memory and the like. The memory may be stand alone and coupled to the processor via a bus. The memory may also be integrated with the processor. The hard disk can be a mechanical disk or a solid state disk, etc. The embodiment of the present invention is not limited thereto. The above embodiments are typically implemented in software, hardware. When implemented using a software program, may be implemented in the form of a computer program product. The computer program product includes one or more computer instructions.
When the computer program instructions are loaded and executed on a computer, the corresponding functions are implemented according to the procedures provided by the embodiments of the present invention. The computer program instructions referred to herein may be assembly instructions, machine instructions, or code written in a programming language implementation, or the like.
Compared with the prior art, the network security operation method and system based on the Internet of things equipment have the advantages that the type and the service authority of the Internet of things equipment are defined, the convolution neural network is adopted, the validity of the equipment data is automatically judged according to the real-time data flow of the equipment, and therefore management of the communication layer is achieved on the Internet of things equipment. The method is effective and reliable, the unique attribute of the self data of the Internet of things equipment is fully utilized, the correlation between the equipment type and the data content is realized by utilizing an intelligent algorithm, the real-time monitoring of network ports, service flow, service authority and the like is realized, and the complete safety protection of the Internet of things is realized.
Finally, it should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (10)
1. The network security operation method based on the Internet of things equipment is characterized by comprising the following steps of:
step 1, defining equipment types and service rights of the Internet of things equipment based on operation rules of the Internet of things equipment;
and 2, monitoring the data flow of the current Internet of things equipment in real time, when the data flow of the current Internet of things equipment is found to be inconsistent with the equipment type and the service authority, sending out a communication alarm for the current Internet of things equipment, and disabling the communication port of the current Internet of things equipment.
2. The network security operation method based on the internet of things device according to claim 1, wherein:
the device type is allocated to the current Internet of things device in advance; wherein, the liquid crystal display device comprises a liquid crystal display device,
when the data traffic of the current Internet of things equipment is monitored in real time, the current Internet of things equipment is discovered for the first time, and the equipment type of the current Internet of things equipment is judged based on the current data traffic of the current Internet of things equipment.
3. The network security operation method based on the internet of things device according to claim 1, wherein:
the determining the device type of the current internet of things device based on the current data traffic of the current internet of things device further includes:
extracting feature data in a binary file from the current data flow, and orderly combining the feature data into a plurality of tensors;
constructing a convolutional neural network, and solving the convolutional neural network by taking the tensors as inputs;
and judging the type of the current equipment of the Internet of things based on the output characteristics of the convolutional neural network.
4. A network security operation method based on an internet of things device according to claim 3, wherein:
the convolutional neural network is pre-constructed; and, in addition, the processing unit,
the training set, the verification set and the test set in the convolutional neural network are acquired based on the historical data flow of the Internet of things equipment;
the historical data flow comprises the correct equipment type of the Internet of things equipment.
5. The network security operation method based on the internet of things device according to claim 1, wherein:
the equipment types of the Internet of things equipment comprise IPC equipment, NVR equipment, access control equipment, power generation control equipment and sensor equipment;
the service authority of the internet of things equipment is defined based on permission communication rules, limitation communication rules or prohibition communication rules among the internet of things equipment with different equipment types.
6. The network security operation method based on the internet of things device according to claim 5, wherein:
the permission communication rule allows communication between two devices of the same or different device types;
the communication limiting rule allows two devices with the same or different device types to communicate with each other in a specific direction and with specific data traffic;
and the communication prohibition rule prohibits communication between two devices with the same or different device types.
7. The network security operation method based on the internet of things device according to claim 1, wherein:
the method comprises the steps of monitoring data traffic of current Internet of things equipment in real time, and judging equipment type and target address of the current Internet of things equipment based on the current data traffic;
the device type and the service authority which are pre-allocated to the current Internet of things device are called, the device type is compared with the pre-allocated device type, and the target address is compared with the service authority;
if the comparison result is inconsistent, a communication alarm is sent out aiming at the current Internet of things equipment.
8. The network security operation method based on the internet of things device according to claim 7, wherein:
when a communication alarm is sent, recording the accumulated data quantity of illegal data flow existing in the current Internet of things equipment;
and when the accumulated data quantity exceeds a set threshold value, disabling an uplink data port of the current Internet of things device.
9. The network security operation method based on the internet of things device according to claim 7, wherein:
said comparing said target address with said service right further comprises:
based on the equipment type of the target address, confirming the service authority between the current Internet of things equipment and the target Internet of things equipment;
and judging whether the current data flow accords with the constraint of the service authority between the current internet of things equipment and the target internet of things equipment.
10. A network security operation system based on Internet of things equipment is characterized in that:
the system being for implementing the steps of the method of any one of claims 1-9; and, in addition, the processing unit,
the system comprises a permission distribution module and a monitoring and early warning module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the permission distribution module is used for defining the equipment type and the service permission of the Internet of things equipment based on the operation rule of the Internet of things equipment;
the monitoring and early warning module is used for monitoring the data flow of the current Internet of things equipment in real time, sending out a communication alarm for the current Internet of things equipment when the data flow of the current Internet of things equipment is found to be inconsistent with the equipment type and the service authority, and disabling the communication port of the current Internet of things equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310374260.4A CN116566652A (en) | 2023-04-10 | 2023-04-10 | Network security operation method and system based on Internet of things equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310374260.4A CN116566652A (en) | 2023-04-10 | 2023-04-10 | Network security operation method and system based on Internet of things equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116566652A true CN116566652A (en) | 2023-08-08 |
Family
ID=87497358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310374260.4A Pending CN116566652A (en) | 2023-04-10 | 2023-04-10 | Network security operation method and system based on Internet of things equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116566652A (en) |
-
2023
- 2023-04-10 CN CN202310374260.4A patent/CN116566652A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107135093B (en) | Internet of things intrusion detection method and detection system based on finite automaton | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN102999716B (en) | virtual machine monitoring system and method | |
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| Zhe et al. | DoS attack detection model of smart grid based on machine learning method | |
| KR102160950B1 (en) | Data Distribution System and Its Method for Security Vulnerability Inspection | |
| CN105051696A (en) | An improved streaming method and system for processing network metadata | |
| CN110324323A (en) | A kind of new energy plant stand relates to net end real-time, interactive process exception detection method and system | |
| CN106339629A (en) | Application management method and device | |
| CN109063486A (en) | A kind of safe penetration test method and system based on PLC device fingerprint recognition | |
| CN111327601A (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
| CN106961428A (en) | A kind of centralized intruding detection system based on privately owned cloud platform | |
| US20220128985A1 (en) | Zero-trust architecture for industrial automation | |
| CN117081868B (en) | Network security operation method based on security policy | |
| CN116566652A (en) | Network security operation method and system based on Internet of things equipment | |
| CN116366319A (en) | Method and system for detecting network security | |
| CN105553990A (en) | Network security triple anomaly detection method based on decision tree algorithm | |
| CN115643086A (en) | Unknown threat detection method based on deep neural network | |
| CN112769815B (en) | Intelligent industrial control safety monitoring and protecting method and system | |
| CN114595761A (en) | Network data intelligent distribution service system | |
| RU2737229C1 (en) | Protection method of vehicle control systems against intrusions | |
| CN113301560A (en) | Electric power Internet of things terminal control method and system | |
| CN113726810A (en) | Intrusion detection system | |
| CN112839031A (en) | Industrial control network security protection system and method | |
| CN117176470B (en) | Block chain data supervision method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |