KR101769442B1 - Method, system and computer-readable recording medium for security operation using internet of thing gateway - Google Patents
Method, system and computer-readable recording medium for security operation using internet of thing gateway Download PDFInfo
- Publication number
- KR101769442B1 KR101769442B1 KR1020150143542A KR20150143542A KR101769442B1 KR 101769442 B1 KR101769442 B1 KR 101769442B1 KR 1020150143542 A KR1020150143542 A KR 1020150143542A KR 20150143542 A KR20150143542 A KR 20150143542A KR 101769442 B1 KR101769442 B1 KR 101769442B1
- Authority
- KR
- South Korea
- Prior art keywords
- iot
- security
- policy
- gateway
- unit
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
According to an embodiment of the present invention, there is provided a security control system using an Internet of Things (IoT) gateway, comprising: a collecting unit collecting an IoT security log from an IoT gateway connected to one or more IoT terminals; An analyzer for monitoring and analyzing the IoT security log to confirm an abnormal symptom; An interworking unit for obtaining service information related to security through interworking with an IoT management server managing the IoT terminal and determining interworking with one or more external interworking terminals in response to the abnormal symptom; A state action unit for performing a measure capable of solving the abnormal symptom or notifying the abnormal symptom to at least one external device; A security control system is provided that includes a policy department that determines and reflects policy enforcement after action.
Description
The present invention relates to a security control method and system using an object Internet gateway. More particularly, the present invention relates to a security management method and system using object Internet terminals to receive and analyze a security log using a gateway connected to object Internet terminals, The security control system can take measures such as the following.
The Internet of Thing (IoT) is a technology that allows devices in daily life to connect to networks and share information. Products and services under the IoT environment are constantly evolving. However, the development of a security control system related to the use of IoT is not yet active.
The IoT system is characterized in that the IoT management server controls the IoT terminals through a communication network such as the Internet, and a firewall exists between the IoT terminals in the IoT system and the IoT management server. However, in the existing IoT system, the firewall is configured as a security device for protecting the server.
More specifically, existing security methods collect events or status information of network devices (firewall, IPS, IDS, WAF, etc.), analyze them, recognize the situation through alarms, We have taken countermeasures by changing the policy of the device or updating the network security device.
However, the network security equipment connected to the IoT management servers has a disadvantage in that it can not protect the IoT terminal such as the smart TV and the smart refrigerator, while it is specialized in protecting the management server, that is, the assets inside the company. That is, each IoT terminal provides only the information for providing IoT service to the IoT management server, but does not receive any security management, and the IoT management server does not have a specialized security officer so that it can not effectively cope with security threats There are disadvantages.
An object of the present invention is to provide a security control system capable of monitoring a security threat generated to an IoT terminal by analyzing traffic flowing between an IoT terminal and an IoT gateway and protecting an IoT terminal and an IoT management system. It is another object of the present invention to protect an asset (IoT terminal or IoT management system) from a security threat under the IoT environment.
According to an embodiment of the present invention, there is provided a security control system using an Internet of Things (IoT) gateway, comprising: a collecting unit collecting an IoT security log from an IoT gateway connected to one or more IoT terminals; An analyzer for monitoring and analyzing the IoT security log to confirm an abnormal symptom; An interworking unit for obtaining service information related to security through interworking with an IoT management server managing the IoT terminal and determining interworking with one or more external interworking terminals in response to the abnormal symptom; A state action unit for performing a measure capable of solving the abnormal symptom or notifying the abnormal symptom to at least one external device; A security control system is provided that includes a policy department that determines and reflects policy enforcement after action.
In the present invention, the analysis unit analyzes the IoT security log by one or more methods of correlation analysis, association analysis, and statistical analysis.
In the present invention, the analysis unit analyzes the IoT security log by analyzing whether one of the correlation analysis, association analysis or statistical analysis of the IoT security log violates the threshold value.
In the present invention, the policy unit fetches software for one or more IoT terminals in which the abnormal symptom is detected.
In the present invention, the analyzer monitors a security log including at least one of an IoT gateway resource, an IoT device resource, and an IoT gateway security log.
In the present invention, the external interworking terminal includes a user terminal capable of executing remote CCTV or SMS and applications.
In the present invention, the security related service information includes IoT terminal management information or IoT service request customer information.
In the present invention, the policy reflected by the policy unit is an IoT gateway general policy or an IoT gateway security policy.
In the present invention, notifying the abnormality symptom to one or more external devices notifies the abnormality indications to the security company terminal or the customer terminal.
In the present invention, the situation measure section further performs an action by remote control.
According to another embodiment of the present invention, there is provided a security management method using an Internet of Things (IoT) gateway, comprising: a collection step of collecting a staged IoT security log to an IoT gateway connected to one or more IoT terminals; An analysis step of monitoring and analyzing the IoT security log and confirming an abnormal symptom; Acquiring service information related to security through interworking with an IoT management server managing the IoT terminal and determining interworking with one or more external interworking terminals in response to the abnormal symptom; Performing a measure capable of solving the abnormal symptom, or notifying the abnormal symptom to one or more external devices; It includes policy steps that determine and reflect the steps of policy reflection after situation action.
In the present invention, the analyzing step analyzes the IoT security log by at least one of correlation analysis, association analysis, and statistical analysis.
In the present invention, the analyzing step analyzes the IoT security log by analyzing a step in which one of the correlation analysis, association analysis, and statistical analysis of the IoT security log violates the threshold value.
In the present invention, the policy step patches the software for one or more IoT terminals for which the anomaly is detected.
In the present invention, the analyzing step monitors a security log including at least one of an IoT gateway resource, an IoT device resource, and an IoT gateway security log.
In the present invention, the external interworking terminal includes a user terminal capable of executing remote CCTV or SMS and applications.
In the present invention, the security related service information includes IoT terminal management information or IoT service request customer information.
In the present invention, the policy reflected by the policy step is an IoT gateway general policy or an IoT gateway security policy.
In the present invention, notifying the abnormality symptom to one or more external devices notifies the abnormality indications to the security company terminal or the customer terminal.
In the present invention, the status action step further performs an action by remote control.
In addition to this, another method for implementing the present invention, another system, and a computer-readable recording medium for recording a computer program for executing the method are further provided.
According to the present invention, a surveillance system capable of protecting assets from surging IoT terminals and security threats under an environment can be provided.
Further, according to the present invention, the security of the multi-IoT gateway managing the multi-IoT terminal can be controlled.
In addition, according to the present invention, it is possible to perform an automatic action upon detection of an abnormal symptom, or a notification can be made to a specialist.
1 is a diagram illustrating a relationship between a security control system and peripheral structures according to an exemplary embodiment of the present invention.
2 is a block diagram illustrating an internal configuration of a security control system according to an embodiment of the present invention.
FIG. 3 is a flowchart illustrating an operation method of a security control system according to an exemplary embodiment of the present invention. Referring to FIG.
4 is a diagram schematically showing an existing IoT system.
The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, the specific shapes, structures, and characteristics described herein may be implemented by changing from one embodiment to another without departing from the spirit and scope of the invention. It should also be understood that the location or arrangement of individual components within each embodiment may be varied without departing from the spirit and scope of the present invention. Therefore, the following detailed description is not to be taken in a limiting sense, and the scope of the present invention should be construed as encompassing the scope of the appended claims and all equivalents thereof. In the drawings, like reference numbers designate the same or similar components throughout the several views.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings in order to facilitate a person skilled in the art to which the present invention pertains.
FIG. 1 is a diagram illustrating a relationship between a
The present invention relates to a security control system (100) utilizing an Internet of Things (IOT) gateway. Referring to FIG. 1, the
Fig. 4, compared with Fig. 1, shows the existing IoT environment. 4, in an existing environment, the IoT system includes an
In the conventional environment as shown in FIG. 4, the network device 3 including the firewall exists to protect the
Even if the IoT terminals 1 have a built-in security solution for each individual device, it is not only costly to check all of the IoT terminals 1 when the system is increased, but also troublesome Can be treated as a process.
1, the
1 again, the present invention can be implemented not only by providing communication between the
In more detail, the
In addition, the IOT
The
The
The
FIG. 2 is a diagram illustrating an internal configuration of the
2, the
First, the collecting
Next, the
For this purpose, the
The monitoring unit 210 monitors the IoT security log collected by the collecting
In addition, the
In addition, the
In addition, the
At this time, the
In an exemplary embodiment, the
In another exemplary embodiment, the
In another embodiment, the
In the above embodiments, the
Next, the interlocking
As described in the description of the
Next, the external
In addition, the security
Next, if the
Next, the
FIG. 3 is a flowchart illustrating an operation method of the
Referring to FIG. 3, the
Next, the IoT gateway resource, the IoT device resource, and the IoT gateway security log are sequentially monitored in the collected security logs. IoT gateway resource, IoT device resource, and IoT gateway security log to monitor the security log of the next step if it detects abnormality in one or more cases.
Next, when it is determined that the monitoring of the IoT gateway resource, the IoT device resource, and the IoT gateway security log are all normal, correlation analysis, correlation analysis and statistical analysis are sequentially performed. If an anomaly is detected even in one of the analysis of correlation, association analysis and statistical analysis, the emergency response stage is entered and if the analysis is determined to be normal, the next stage analysis is performed. If all of the correlation, association, and statistical analysis turns out to be normal, go back to monitoring the IoT gateway resource.
Next, when an abnormal symptom is detected in the monitoring and analysis step, an emergency response step is entered. In the emergency response step, remote CCTV interworking or SMS interworking or application interworking or telephone interworking may be performed to solve the abnormal symptom.
Next, in spite of the emergency response step, it is judged whether additional situation measures are necessary to solve the abnormal symptom. If no further action is needed, return to the IoT Gateway Resource Monitoring phase. If additional situational action is required, situation actions can be taken to send a notification to perform one or more of a remote action or guardian action or a customer action. At this time, the status action may be an automatic action.
Next, when the situation action is completed, it is determined whether the policy need to be reflected. If it is determined that there is a need to reflect the policy, it may be reflected in the IoT general policy or the IoT security policy, or a patch for the IoT terminal may be performed. If it is determined that there is no need to reflect the policy, go back to monitoring the IoT gateway resource.
Hereinafter, embodiments in which the IOT
≪ Example 1 >
Embodiment 1 is an embodiment for detecting malfunction of the IoT boiler.
First, the collecting
At this time, if it is assumed that the detection temperature exceeds 500 degrees and the threshold value is 450 degrees, the
≪ Example 2 >
First, the collecting
Next, the interlocking
In addition, the
In addition, the
≪ Example 3 >
Embodiment 3 is an embodiment related to blocking the access of the IoT smart refrigerator which is an unauthorized access device of the IoT smart TV.
The collecting
Accordingly, the interlocking
<Example 4>
Embodiment 4 is an embodiment related to detecting IoT microwave operating traffic when executing an IoT management application in a smartphone.
First, the
If the operation of the IoT microwave oven is detected when the smartphone IoT management application is executed, since it is normal that only the inquiry traffic is generated in the
Accordingly, the interlocking
The specific acts described in the present invention are, by way of example, not intended to limit the scope of the invention in any way. For brevity of description, descriptions of conventional electronic configurations, control systems, software, and other functional aspects of such systems may be omitted. Also, the connections or connecting members of the lines between the components shown in the figures are illustrative of functional connections and / or physical or circuit connections, which may be replaced or additionally provided by a variety of functional connections, physical Connection, or circuit connections. Also, unless explicitly mentioned, such as " essential ", " importantly ", etc., it may not be a necessary component for application of the present invention.
The use of the terms " above " and similar indication words in the specification of the present invention (particularly in the claims) may refer to both singular and plural. In addition, in the present invention, when a range is described, it includes the invention to which the individual values belonging to the above range are applied (unless there is contradiction thereto), and each individual value constituting the above range is described in the detailed description of the invention The same. Finally, the steps may be performed in any suitable order, unless explicitly stated or contrary to the description of the steps constituting the method according to the invention. The present invention is not necessarily limited to the order of description of the above steps. The use of all examples or exemplary language (e.g., etc.) in this invention is for the purpose of describing the present invention only in detail and is not to be limited by the scope of the claims, It is not. It will also be appreciated by those skilled in the art that various modifications, combinations, and alterations may be made depending on design criteria and factors within the scope of the appended claims or equivalents thereof.
The embodiments of the present invention described above can be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, and the like, alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specifically designed and configured for the present invention or may be those known and used by those skilled in the computer software arts. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROM and DVD, magneto-optical media such as floptical disks, medium, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code, such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be modified into one or more software modules for performing the processing according to the present invention, and vice versa.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications and changes may be made thereto without departing from the scope of the present invention.
Accordingly, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all ranges that are equivalent to or equivalent to the claims of the present invention as well as the claims .
100: security control system 110:
120: analyzing unit 130:
140: Situation measure section 150: Policy section
200: IoT gateway 300: IoT management server
Claims (21)
A collecting unit for collecting the IoT security log from the IoT gateway connected to one or more IoT terminals;
An analyzer for monitoring and analyzing the IoT security log to confirm an abnormal symptom;
An interworking unit for obtaining service information related to security through interworking with an IoT management server managing the IoT terminal and determining interworking with one or more external interworking terminals in response to the abnormal symptom;
A state action unit for performing a measure capable of solving the abnormal symptom or notifying the abnormal symptom to at least one external device;
It includes the policy department that determines and reflects the policy after the situation,
Wherein the analyzer monitors a security log comprising at least one of an IoT gateway resource, an IoT device resource, and an IoT gateway security log.
Wherein the analyzing unit analyzes the IoT security log by at least one of correlation analysis, association analysis and statistical analysis.
Wherein the analysis unit analyzes the IoT security log by analyzing whether one of the correlation analysis, association analysis or statistical analysis of the IoT security log violates a threshold value.
Wherein the policy unit patches software for one or more IoT terminals for which the anomalous indications are detected.
Wherein the external interlocking terminal comprises a user terminal capable of executing remote CCTV or SMS and applications.
Wherein the security related service information comprises IoT terminal management information or IoT service request customer information.
The policy that the policy reflects is either the IoT gateway general policy or the IoT gateway security policy.
Wherein the notification of the abnormal symptom to one or more external devices is to notify the security company terminal or the customer terminal of the abnormal symptom.
Wherein the status action unit further performs an action by remote control.
A collecting step of collecting a step-by-step IoT security log to an IoT gateway connected to one or more IoT terminals;
An analysis step of monitoring and analyzing the IoT security log and confirming an abnormal symptom;
Acquiring service information related to security through interworking with an IoT management server managing the IoT terminal and determining interworking with one or more external interworking terminals in response to the abnormal symptom;
Performing a measure capable of solving the abnormal symptom, or notifying the abnormal symptom to one or more external devices;
Including policy steps that determine and reflect the policy after the action,
Wherein the analyzing step monitors a security log comprising at least one of an IoT gateway resource, an IoT device resource, and an IoT gateway security log.
Wherein the analyzing step analyzes the IoT security log by one or more of a correlation analysis, an association analysis, and a statistical analysis.
Wherein the step of analyzing the IoT security log is to analyze whether one of the correlation analysis, association analysis or statistical analysis of the IoT security log violates the threshold.
Wherein the policy step patches software for one or more IoT terminals for which the anomalous indication is detected.
Wherein the external interworking terminal comprises a user terminal capable of executing remote CCTV or SMS and applications.
Wherein the security related service information comprises IoT terminal management information or IoT service request customer information.
The policy reflected by the policy step is an IoT gateway general policy or an IoT gateway security policy.
Wherein the notification of the abnormal symptom to at least one of the external devices is to notify the security company terminal or the customer terminal of the abnormal symptom.
Wherein the status action step further performs an action by remote control.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150143542A KR101769442B1 (en) | 2015-10-14 | 2015-10-14 | Method, system and computer-readable recording medium for security operation using internet of thing gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150143542A KR101769442B1 (en) | 2015-10-14 | 2015-10-14 | Method, system and computer-readable recording medium for security operation using internet of thing gateway |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170043895A KR20170043895A (en) | 2017-04-24 |
KR101769442B1 true KR101769442B1 (en) | 2017-08-30 |
Family
ID=58704232
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150143542A KR101769442B1 (en) | 2015-10-14 | 2015-10-14 | Method, system and computer-readable recording medium for security operation using internet of thing gateway |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101769442B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20220072659A (en) | 2020-11-25 | 2022-06-02 | 주식회사 푸시풀시스템 | SECURITY CONSTRUCTION METHOD OF GATEWAY FOR IoT DEVICES BY USING IDENTITY-BASED CRYPTOGRAPHY BASED ON VIRTUAL BLOCKCHAIN |
KR20230112819A (en) | 2022-01-21 | 2023-07-28 | 주식회사 푸시풀 | SECURITY CONSTRUCTION SYSTEM OF GATEWAY FOR IoT DEVICES BY USING IDENTITY-BASED CRYPTOGRAPHY BASED ON VIRTUAL BLOCKCHAIN AND ITS METHOD |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102119374B1 (en) | 2019-11-25 | 2020-06-05 | 한국인터넷진흥원 | Method and apparatus for taking action to the abnormal behavior of iot devices |
KR102376433B1 (en) * | 2020-06-15 | 2022-03-18 | 주식회사 시옷 | A method of secure monitoring for multi network devices |
KR102369991B1 (en) * | 2020-09-09 | 2022-03-03 | 주식회사 시옷 | Integrated management system for iot multi network secure |
-
2015
- 2015-10-14 KR KR1020150143542A patent/KR101769442B1/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20220072659A (en) | 2020-11-25 | 2022-06-02 | 주식회사 푸시풀시스템 | SECURITY CONSTRUCTION METHOD OF GATEWAY FOR IoT DEVICES BY USING IDENTITY-BASED CRYPTOGRAPHY BASED ON VIRTUAL BLOCKCHAIN |
KR20230112819A (en) | 2022-01-21 | 2023-07-28 | 주식회사 푸시풀 | SECURITY CONSTRUCTION SYSTEM OF GATEWAY FOR IoT DEVICES BY USING IDENTITY-BASED CRYPTOGRAPHY BASED ON VIRTUAL BLOCKCHAIN AND ITS METHOD |
Also Published As
Publication number | Publication date |
---|---|
KR20170043895A (en) | 2017-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101769442B1 (en) | Method, system and computer-readable recording medium for security operation using internet of thing gateway | |
US8949668B2 (en) | Methods and systems for use in identifying abnormal behavior in a control system including independent comparisons to user policies and an event correlation model | |
US10601860B2 (en) | Application platform security enforcement in cross device and ownership structures | |
KR101501669B1 (en) | Behavior detection system for detecting abnormal behavior | |
US11381974B2 (en) | Method and attack detection function for detection of a distributed attack in a wireless network | |
EP2835948B1 (en) | Method for processing a signature rule, server and intrusion prevention system | |
US10826915B2 (en) | Relay apparatus, network monitoring system, and program | |
EP3258661A1 (en) | Detection of abnormal configuration changes | |
KR102376433B1 (en) | A method of secure monitoring for multi network devices | |
JP2017528853A (en) | How to detect attacks on computer networks | |
KR101837289B1 (en) | Trust evaluation model and system in iot | |
Vidal et al. | Framework for anticipatory self-protective 5G environments | |
US11153769B2 (en) | Network fault discovery | |
US20220131905A1 (en) | Method and Framework for Internet of Things Network Security | |
KR20130033161A (en) | Intrusion detection system for cloud computing service | |
KR20200113836A (en) | Apparatus and method for security control | |
KR102369991B1 (en) | Integrated management system for iot multi network secure | |
US20200296119A1 (en) | Apparatus and method for security control | |
KR20200054495A (en) | Method for security operation service and apparatus therefor | |
KR102229613B1 (en) | Method and apparatus for web firewall maintenance based on non-face-to-face authentication using maching learning self-check function | |
Wang et al. | [Retracted] Industrial Information Security Detection and Protection: Monitoring and Warning Platform Architecture Design and Cryptographic Antitheft Technology System Upgrade | |
JP7290168B2 (en) | Management device, network monitoring system, determination method, communication method, and program | |
KR20150119519A (en) | Apparatus and Method for Controlling Permission for an Application Using Reputation Information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal |