KR20240020606A - Electronic device that manage security policy based on an event and control method thereof - Google Patents

Abstract

An electronic device is disclosed. The electronic device includes a communication interface, a memory storing sequence information corresponding to each of a plurality of events, and when a first event occurs, identifies an event corresponding to the first event among the plurality of events, and the event corresponding to the first event is When identified, obtain first sequence information corresponding to the first event, identify whether information related to the operation of the electronic device before the first event occurs corresponds to the first sequence information, and use the communication interface based on the identification result. It includes one or more processors that transmit first event-related information to a server and update a security policy of the electronic device based on security data received from the server.

Description

Electronic device that manages security policy based on an event and control method thereof }

The present invention relates to an electronic device that manages a security policy based on an event and a control method thereof. More specifically, it relates to an electronic device that manages a security policy by identifying whether an event is a normal event or an abnormal event and a method of controlling the same. It's about.

Thanks to the development of electronic technology, various types of electronic devices are being developed and distributed.

In particular, a plurality of electronic devices installed in a home where home networking is established exchange information with each other. Since each of the plurality of electronic devices is located in a personal space, data requiring high security (e.g., sound data, image data, etc.) are stored.

If random access (unintentional access) occurs to data requiring high security stored in an electronic device implemented as an Internet of Things device, the random access must be blocked or the data must not be transmitted externally. There is a need.

However, if the security policy of the electronic device corresponds to the old security policy, random access cannot be blocked and data may be transmitted externally.

When an event occurs in an electronic device implemented as an Internet of Things device, it is identified whether this event is a normal event, that is, access based on the user's intention, and access to data is allowed only if it is a normal event. There has been a request for a way to do it.

Additionally, if an event occurring in an electronic device is an abnormal event, there has been a demand for a method of immediately updating the security policy of the electronic device to correspond to the new security policy.

To achieve the above object, an electronic device according to an embodiment of the present disclosure includes a communication interface, a memory storing sequence information corresponding to each of a plurality of events, and, when a first event occurs, the first of the plurality of events. Identifying an event corresponding to 1 event, and when the event corresponding to the first event is identified, obtaining first sequence information corresponding to the first event, and operating the electronic device before the first event occurs Identify whether related information corresponds to the first sequence information, transmit the first event-related information to a server through the communication interface based on the identification result, and transmit the first event-related information to the server based on the security data received from the server. Contains one or more processors that update the security policy of

Meanwhile, a method of controlling an electronic device including sequence information corresponding to each of a plurality of events according to an embodiment of the present invention includes, when a first event occurs, an event corresponding to the first event among the plurality of events. Steps to identify. When an event corresponding to the first event is identified, obtaining first sequence information corresponding to the first event, information related to the operation of the electronic device before the first event occurs is included in the first sequence information. identifying whether it corresponds, transmitting the first event-related information to a server through the communication interface based on the identification result, and updating the security policy of the electronic device based on the security data received from the server. Includes.

According to an embodiment for achieving the above-described object of the present disclosure, in a computer-readable recording medium including a program for executing a method for controlling an electronic device, the method for controlling the electronic device includes, when a first event occurs, Identifying an event corresponding to the first event among a plurality of events. When an event corresponding to the first event is identified, obtaining first sequence information corresponding to the first event, information related to the operation of the electronic device before the first event occurs is included in the first sequence information. identifying whether it corresponds, transmitting the first event-related information to a server through the communication interface based on the identification result, and updating the security policy of the electronic device based on the security data received from the server. Includes.

1 is a diagram for explaining an electronic device according to an embodiment of the present disclosure.
Figure 2 is a block diagram for explaining the configuration of an electronic device according to an embodiment of the present disclosure.
FIG. 3 is a diagram for explaining an event of an electronic device according to an embodiment of the present disclosure.
Figure 4 is a diagram for explaining sequence information corresponding to an event according to an embodiment of the present disclosure.
FIG. 5 is a diagram for explaining an event of an electronic device according to an embodiment of the present disclosure.
Figure 6 is a diagram for explaining sequence information corresponding to an event according to an embodiment of the present disclosure.
FIG. 7 is a diagram for explaining information related to the operation of an electronic device according to an embodiment of the present disclosure.
FIG. 8 is a diagram for explaining information related to the operation of an electronic device according to an embodiment of the present disclosure.
Figure 9 is a sequence diagram for explaining communication between an electronic device and a server according to an embodiment of the present disclosure.
FIG. 10 is a flowchart illustrating a method of controlling an electronic device according to an embodiment of the present disclosure.

Hereinafter, the present disclosure will be described in detail with reference to the accompanying drawings.

The terms used in the embodiments of the present disclosure have selected general terms that are currently widely used as much as possible while considering the functions in the present disclosure, but this may vary depending on the intention or precedent of a technician working in the art, the emergence of new technology, etc. . In addition, in certain cases, there are terms arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the description part of the relevant disclosure. Therefore, the terms used in this disclosure should be defined based on the meaning of the term and the overall content of this disclosure, rather than simply the name of the term.

In this specification, expressions such as “have,” “may have,” “includes,” or “may include” refer to the presence of the corresponding feature (e.g., component such as numerical value, function, operation, or part). , and does not rule out the existence of additional features.

The expression at least one of A or/and B should be understood as referring to either “A” or “B” or “A and B”.

As used herein, expressions such as “first,” “second,” “first,” or “second,” can modify various components regardless of order and/or importance, and can refer to one component. It is only used to distinguish from other components and does not limit the components.

A component (e.g., a first component) is “(operatively or communicatively) coupled with/to” another component (e.g., a second component). When referred to as “connected to,” it should be understood that a certain component can be connected directly to another component or connected through another component (e.g., a third component).

Singular expressions include plural expressions unless the context clearly dictates otherwise. In this application, terms such as “comprise” or “consist of” are intended to designate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are intended to indicate the presence of one or more other It should be understood that this does not exclude in advance the presence or addition of features, numbers, steps, operations, components, parts, or combinations thereof.

In the present disclosure, a “module” or “unit” performs at least one function or operation, and may be implemented as hardware or software, or as a combination of hardware and software. Additionally, a plurality of “modules” or a plurality of “units” are integrated into at least one module and implemented by at least one processor (not shown), except for “modules” or “units” that need to be implemented with specific hardware. It can be.

In this specification, the term user may refer to a person using an electronic device or a device (eg, an artificial intelligence electronic device) using an electronic device.

Hereinafter, an embodiment of the present disclosure will be described in more detail with reference to the attached drawings.

1 is a diagram for explaining an electronic device according to an embodiment of the present disclosure.

Referring to FIG. 1, as various types of electronic devices are developed and distributed, a plurality of electronic devices 100 may be installed at home. In particular, each of the plurality of electronic devices 100 is implemented as an Internet of Things device and can communicate with other electronic devices 100', user terminal devices, servers, etc. installed in the home.

For example, as shown in FIG. 1, each of the plurality of electronic devices 100 may be implemented as a robot cleaner 100-1, an air conditioner 100-2, an air purifier 100-3, etc.

However, this is an example, and of course, the electronic device 100 according to an embodiment of the present disclosure may be implemented as various types of home appliances.

For example, the electronic device 100 is an air conditioning device including an air conditioner 100-2 and an air purifier 100-3, and a kitchen/cooking device including a refrigerator, a microwave oven, a gas range, an induction cooker, and the like. , can be implemented as wired/wireless cleaning devices including a robot vacuum cleaner (100-1), image processing devices including a sound bar, set-top box, TV, projector, etc., and clothing care devices. Of course it exists.

Meanwhile, the electronic device 100 according to an embodiment of the present disclosure may be implemented as a network device.

Here, the network device performs a bridge role, such as an access point (AP), to connect the electronic device 100 and the user terminal device, or to connect the electronic device 100 and the server. The electronic device 100 may be implemented as various types of devices that connect the electronic device 100 to other electronic devices 100'. For example, network devices can be implemented as routers, switches, IP routers, and wired/wireless network cards.

However, it is not limited to this, and each of the plurality of electronic devices 100 provided in the home can transmit and receive data and information by performing peer-to-peer communication with other electronic devices 100'. Here, P2P communication may include various types of communication protocols such as Bluetooth and Wi-Fi P2P (Wi-Fi Peer-to-Peer) (or Wi-Fi Direct).

Hereinafter, for convenience of explanation, each of the plurality of electronic devices 100 receives a control command from a user terminal device, a server, etc., performs an operation according to the received control command, and each of the plurality of electronic devices 100 receives a control command from a user terminal device, a server, etc. The explanation will be based on the assumption that data, information, etc. are transmitted in response to a request from a terminal device, server, etc.

Meanwhile, the electronic device 100 according to an embodiment of the present disclosure performs various operations within the home, and the electronic device 100 may obtain data and information requiring a high level of security while performing the operation. .

For example, the robot cleaner 100-1 is equipped with a sensor (e.g., a camera) to identify the driving path, obstacles, contaminants, etc., and the robot cleaner 100-1 uses the sensor to clean the robot cleaner ( An image may be obtained by photographing the surroundings of the robot cleaner 100-1 (for example, the front of the robot cleaner 100-1).

Since the image acquired by the robot cleaner 100-1 installed in the home is an image obtained by the robot cleaner 100-1 by photographing the user's personal space, a high level of security is required.

When random access occurs to the robot cleaner 100-1 implemented as an Internet of Things device from an external source (e.g., a server) requesting transmission of an image acquired by the robot cleaner 100-1. , Although the robot vacuum cleaner 100-1 must block random access, there is a risk of transmitting images requiring a high level of security to the outside without blocking access.

The robot cleaner 100-1 according to an embodiment of the present disclosure can identify whether a random access is a normal event or an abnormal event, and if it is identified as a normal event, transmit the image to the outside. Additionally, if random access is identified as an abnormal event, the robot cleaner 100-1 may block random access or update the security policy of the robot cleaner 100-1. This is an example, and of course, it is not limited thereto.

Meanwhile, the electronic device 100 according to an embodiment of the present disclosure may receive a control command from the outside (eg, a user terminal device or a server, etc.) and perform operations based on the received control command. Here, the electronic device 100 may identify whether the received control command is a normal event or an abnormal event, and if identified as a normal event, perform an operation based on the received control command. Additionally, if the received control command is identified as an abnormal event, the electronic device 100 may ignore the received control command or update the security policy of the electronic device 100.

For example, the air conditioner 100-2 receives control commands from the outside (e.g., a server) and performs operations (e.g., Turn on, Temperature Down, Temperature Up) based on the received control commands. can do.

Here, the control command for the air conditioner 100-2 controls the air conditioner 100-2 to perform a specific operation to change the surrounding environment in the house (for example, indoor temperature, indoor humidity, etc.), so the air conditioner ( It is necessary to identify whether random access to transmit a control command to 100-2) is a normal or abnormal event.

When random access to transmit a control command to the air conditioner 100-2 from the outside (for example, a server) occurs in the air conditioner 100-2 implemented as an Internet of things device, the robot cleaner ( Although 100-1) should block random access, there is a risk of performing operations based on control commands without blocking.

The air conditioner 100-2 according to an embodiment of the present disclosure can identify whether random access is a normal event or an abnormal event, and if identified as a normal event, perform an operation based on a control command. Additionally, if random access is identified as an abnormal event, the air conditioner 100-2 may block the random access, ignore the received control command, or update the security policy of the air conditioner 100-2. This is an example, and of course, it is not limited thereto.

Hereinafter, when an event occurs in the electronic device 100, various methods for identifying whether the event is a normal event or an abnormal event will be described.

Figure 2 is a block diagram showing the configuration of an electronic device according to an embodiment of the present disclosure.

Referring to FIG. 2 , the electronic device 100 includes a memory 110, a communication interface 120, and a processor 130.

The memory 110 according to an embodiment of the present disclosure may store data necessary for various embodiments of the present disclosure.

The memory 110 may be implemented as a memory embedded in the electronic device 100 or as a memory detachable from the electronic device 100 depending on the data storage purpose. For example, in the case of data for driving the electronic device 100, it is stored in the memory embedded in the electronic device 100, and in the case of data for the expansion function of the electronic device 100, it is detachable from the electronic device 100. It can be stored in available memory. Meanwhile, in the case of memory embedded in the electronic device 100, volatile memory (e.g., dynamic RAM (DRAM), static RAM (SRAM), or synchronous dynamic RAM (SDRAM), etc.), non-volatile memory ( Examples: one time programmable ROM (OTPROM), programmable ROM (PROM), erasable and programmable ROM (EPROM), electrically erasable and programmable ROM (EEPROM), mask ROM, flash ROM, flash memory (e.g. NAND flash or NOR flash, etc.) ), a hard drive, or a solid state drive (SSD). In addition, in the case of a memory that is removable from the electronic device 100, a memory card (for example, a compact flash (CF) ), SD (secure digital), Micro-SD (micro secure digital), Mini-SD (mini secure digital), xD (extreme digital), MMC (multi-media card), etc.), external memory that can be connected to the USB port ( For example, it may be implemented in a form such as USB memory).

According to one example, the memory 110 may store at least one instruction or a computer program including instructions for controlling the electronic device 100.

In particular, the memory 110 may store sequence information corresponding to each of a plurality of events that can occur in the electronic device 100. A detailed explanation of this will be provided later.

According to one example, the memory 110 may store information about a neural network model including a plurality of layers. Here, storing information about the neural network model means storing various information related to the operation of the neural network model, such as information about a plurality of layers included in the neural network model, information about parameters used in each of the plurality of layers, etc. It can mean something.

For example, the memory 110 may sequentially perform a plurality of operations that the electronic device 100 can perform and some of the plurality of operations to use a neural network model learned to identify normal events or abnormal events based on events that can occur. Information can be stored. However, of course, if the processor 130 is implemented as dedicated hardware, information about the neural network model may be stored in the internal memory of the processor 130. A detailed description of the neural network model will be provided later.

The communication interface 120 according to an embodiment of the present disclosure can transmit or receive various types of data and information by communicating with another electronic device 100', a user terminal device, a server, etc.

For example, the communication interface 120 includes AP-based Wi-Fi (Wireless LAN network), Bluetooth, Zigbee, wired/wireless LAN (Local Area Network), WAN (Wide Area Network), Ethernet, IEEE 1394, HDMI (High-Definition Multimedia Interface), USB (Universal Serial Bus), MHL (Mobile High-Definition Link), AES/EBU (Audio Engineering Society/ European Broadcasting Union), Optical , Coaxial, etc. can be used to communicate with another electronic device 100', an external storage medium (for example, USB memory), an external server (for example, a web hard drive), etc.

The processor 130 according to an embodiment of the present disclosure is electrically connected to the memory 110 and controls the overall operation of the electronic device 100.

The processor 130 may be comprised of one or multiple processors. Specifically, the processor 130 may perform the operation of the electronic device 100 according to various embodiments of the present disclosure by executing at least one instruction stored in the memory 110.

According to one embodiment, the processor 130 may include a digital signal processor (DSP), a microprocessor, a graphics processing unit (GPU), an artificial intelligence (AI) processor, a neural processing unit (NPU), and a TCON ( Time controller). However, it is not limited to this, and may be implemented as a central processing unit (CPU), MCU (Micro Controller Unit), MPU (micro processing unit), controller, and application processor. It may include one or more of an application processor (AP), a communication processor (CP), or an ARM processor, or may be defined by the corresponding term. In addition, the processor 130 has a built-in processing algorithm. It may be implemented in the form of a SoC (System on Chip) or LSI (large scale integration), or in the form of an ASIC (application specific integrated circuit) or FPGA (Field Programmable Gate Array).

In addition, the processor 130 for executing the neural network model according to an embodiment of the present disclosure may be a general-purpose processor such as a CPU, AP, or DSP (Digital Signal Processor), a graphics-specific processor such as a GPU, a VPU (Vision Processing Unit), or It can be implemented through a combination of an artificial intelligence-specific processor such as NPU and software. The processor 130 may control input data to be processed according to predefined operation rules or neural network models stored in the memory 110. Alternatively, if the processor 130 is a dedicated processor (or an artificial intelligence dedicated processor), it may be designed with a hardware structure specialized for processing a specific neural network model. For example, hardware specialized for processing a specific neural network model can be designed as a hardware chip such as ASIC or FPGA. When the processor 130 is implemented as a dedicated processor, it may be implemented to include a memory for implementing an embodiment of the present disclosure, or may be implemented to include a memory processing function for using an external memory.

When a first event occurs, the processor 130 according to an embodiment of the present disclosure may identify an event corresponding to the first event among a plurality of events stored in the memory 110. A detailed description of the event will be made with reference to FIG. 3.

FIG. 3 is a diagram for explaining an event of an electronic device according to an embodiment of the present disclosure.

According to one embodiment, the electronic device 100 may include a plurality of resources. Here, each of the plurality of resources may mean a component (eg, hardware) provided in the electronic device 100.

For example, a plurality of resources may include a microphone (not shown) that acquires a sound signal surrounding the electronic device 100, a sensor (e.g., a camera) that acquires an image by photographing the surroundings of the electronic device 100, A memory 110 that stores data and information, a communication interface 120 that transmits data and information stored in the electronic device 100 to the outside, and a device that turns the electronic device 100 on or off. -It may include a power management unit that turns off (turn-off) a processor 130 that generally controls the electronic device 100, etc.

According to one embodiment, each of the plurality of events operates at least one resource among the plurality of resources to obtain surrounding information of the electronic device 100, accesses data, information, etc. included in the electronic device 100 ( For example, load may refer to an operation of changing the settings of the electronic device 100. For example, each of the plurality of events may mean an operation of operating at least one hardware among the plurality of hardware to obtain data or information requiring a high level of security or accessing data or information.

For example, among the plurality of resources included in the robot cleaner (100-1), a camera is controlled to photograph the surroundings of the robot cleaner (100-1) to obtain an image, and then the communication interface 120 is controlled to obtain an image. An action transmitted to the outside may be an event.

In addition, among the plurality of resources included in the air conditioner 100-2, the power management unit is controlled to turn on the air conditioner 100-2, and then the processor 130 is controlled to set the air conditioner 100-2 (e.g. Of course, an operation to change the desired temperature, etc.) may be an event.

In addition, an operation of controlling a microphone among a plurality of resources included in the air conditioner 100-2 to obtain a sound signal surrounding the air conditioner 100-2, and then controlling the communication interface 120 to transmit the sound signal to the outside. This could be an event.

When a first event occurs in the electronic device 100, the processor 130 according to an embodiment of the present disclosure selects the first event among a plurality of events stored in the memory 110 according to a rule-based algorithm. The event corresponding to can be identified.

Subsequently, when an event corresponding to the first event among the plurality of events is identified, the processor 130 may obtain first sequence information corresponding to the first event.

Figure 4 is a diagram for explaining sequence information corresponding to an event according to an embodiment of the present disclosure.

Referring to FIG. 4, when the electronic device 100 is implemented as a robot cleaner 100-1, the memory 110 can store sequence information corresponding to each of a plurality of events that can occur in the robot cleaner 100-1. there is.

For example, sequence information corresponding to an event may include a plurality of operations divided into operation units of the electronic device 100 and order information between the plurality of operations in order to generate an event.

For example, according to the first sequence information, the robot cleaner ( An event that controls the cleaning mode of 100-1) may occur.

In addition, according to the second sequence information, the robot cleaner (i) receives a network packet through the communication interface 120, and ii) the processor 130 controls the cleaning mode according to the received network packet. An event that controls the cleaning mode of 100-1) may occur.

In addition, according to the third sequence information, the robot cleaner is configured as a sequence of i) receiving a user's pressing action on an interface button, and ii) controlling the cleaning mode so that the processor 130 corresponds to the pressing action. An event may occur that controls the cleaning mode of (100-1).

In addition, according to the fourth sequence information, the robot vacuum cleaner is configured with a sequence of i) the processor 130 loading a cleaning schedule file and ii) the processor 130 controlling the cleaning mode based on the cleaning schedule file. An event may occur that controls the cleaning mode of (100-1).

When an event controlling the cleaning mode (hereinafter referred to as first event) occurs, the processor 130 according to one example generates at least one sequence information (hereinafter referred to as first event) corresponding to the event controlling the cleaning mode stored in the memory 120. 1 to 4 sequence information) can be obtained.

Subsequently, the processor 130 may identify whether information related to the operation of the electronic device 100 before the first event occurs corresponds to the first to fourth sequence information.

For example, the processor 130 divides the state change of the electronic device 100 before the first event occurs into operation units of the electronic device 100 and divides the state between a plurality of previously performed operations and a plurality of previously performed operations. Sequence information can be obtained as operation-related information.

Here, the operation unit of the electronic device 100 may be a unit based on a context that requires transmission of a control command for one of a plurality of resources included in the electronic device 100.

For example, if the processor 130 receives a user's pressing action on an interface button before an event that controls the cleaning mode occurs, and the processor 130 controls the cleaning mode to correspond to the pressing action, The processor 130 divides state changes of the electronic device 100 into operation units before an event that controls the cleaning mode occurs, and controls the cleaning mode to correspond to i) an operation in which a pressing operation is received and ii) a pressing operation. The operation to be performed can be obtained as a plurality of previously performed operations, and the operation order of i) -> ii) can be obtained as order information between the plurality of previously performed operations.

This is an example, and if the processor 130 receives a control command voice through the microphone before an event that controls the cleaning mode occurs, and the processor 130 controls the cleaning mode to correspond to the control command voice, the processor 130 ) divides the state change of the electronic device 100 into operation units before an event that controls the cleaning mode occurs, i) an operation in which a control command voice is received through a microphone, and ii) the processor 130 receives a control command voice. The operation to control the cleaning mode is obtained as a plurality of previously performed operations to correspond to , and the operation sequence of i) -> ii) can be obtained as order information between the plurality of previously performed operations.

Subsequently, the processor 130 may identify whether sequence information between a plurality of previously performed operations corresponds to (or matches) sequence information.

For example, the processor 130 may identify whether sequence information between a plurality of previously performed operations corresponds to sequence information between a plurality of operations included in sequence information corresponding to an event.

Subsequently, if the order information between a plurality of previously performed operations corresponds to the order information between the plurality of operations, the processor 130 may identify the first event that occurred in the electronic device 100 as a normal event.

If the order information between the plurality of previously performed operations does not correspond to the order information between the plurality of operations, the processor 130 may identify the first event occurring in the electronic device 100 as an abnormal event. Subsequently, the processor 130 may transmit the first event-related information to the server.

For example, when an event for photographing the surroundings of the electronic device 100 using a camera occurs, the processor 130 detects a change in the state of the electronic device 100 before an event for operating the camera occurs. ) by dividing them into operation units, a plurality of previously performed operations and order information between a plurality of previously performed operations can be obtained as operation-related information.

For example, if the electronic device 100 was in a standby state (or idle state) before an event that operates the camera occurs, the processor 130 determines i) the standby state of the electronic device 100 and ii) The action of taking pictures of the surroundings using a camera can be obtained as a plurality of previously performed actions.

Meanwhile, the processor 130 may obtain sequence information corresponding to an event for operating the camera stored in the memory 120.

Subsequently, order information between a plurality of operations included in the sequence information corresponding to the event of operating the camera indicates that i) the robot vacuum cleaner 100-1 is in progress of cleaning, and ii) controlling the surroundings to be photographed using the camera. If it is an operation, the processor 130 changes the order information between the plurality of previously performed operations (i) standby state -> ii) camera operation) to the order information between the plurality of operations (i) cleaning operation in progress -> ii) camera operation). Since it does not correspond to , the first event that occurred in the electronic device 100 (for example, an event that operates the camera) can be identified as an abnormal event. Subsequently, the processor 130 may transmit the first event-related information to the server.

Here, the first event-related information includes identification information of the electronic device 100, resources of the electronic device 100 related to the first event, time of occurrence of the first event, number of occurrences of the first event, or a plurality of previously performed It may contain at least one of the actions.

Subsequently, the processor 130 may update the security policy of the electronic device 100 based on the security data received from the server.

In FIG. 4 , for convenience of explanation, the electronic device 100 is assumed to be a robot vacuum cleaner 100-1. However, this is an example, and the electronic device 100 includes an air conditioner 100-2 and an air purifier 100-3. Of course, it can be implemented as various types of electronic devices 100, such as:

In addition, for convenience of explanation, FIG. 4 illustrates events that can occur in the robot vacuum cleaner 100-1 as an event that controls the cleaning mode, an event that operates a camera, an event that transmits a streaming packet, etc., and the air conditioner ( Events that may occur in 100-2) are assumed to be a turn-on/turn-off event of the air conditioner 100-2, but are of course not limited thereto.

FIG. 5 is a diagram for explaining an event of an electronic device according to an embodiment of the present disclosure.

The electronic device 100 according to an embodiment of the present disclosure may be implemented as various types of electronic devices 100, such as a refrigerator 100-4, a kitchen hood 100-5, and an indoor touch pad 100-6. Of course it exists.

Figure 6 is a diagram for explaining sequence information corresponding to an event according to an embodiment of the present disclosure.

As shown in FIG. 6, the memory 110 may store sequence information corresponding to each of a plurality of events that can occur in the electronic device 100.

For example, if the electronic device 100 is implemented as a refrigerator 100-4, the memory 110 may store sequence information corresponding to each of a plurality of events that may occur in the refrigerator 100-4.

When a second event occurs in the electronic device 100, the processor 130 according to an embodiment of the present disclosure selects the second event among the plurality of events stored in the memory 110 according to a rule-based algorithm. Corresponding events can be identified.

Meanwhile, if an event corresponding to the second event is not identified among the plurality of events stored in the memory 110 according to a rule-based algorithm, the processor 130 according to an embodiment of the present disclosure selects the second event. It is possible to identify whether the second event is a normal event by inputting it into the neural network model.

For example, it can be assumed that the electronic device 100 is implemented as a refrigerator 100-4.

When an event for receiving a control command to turn off the refrigerator 100-4 (hereinafter referred to as a second event) occurs, the processor 130 according to an example generates a second event among a plurality of events stored in the memory 110. The event corresponding to can be identified.

For example, if an event corresponding to the second event is not identified among the plurality of events stored in the memory 110 according to a rule-based algorithm, the processor 130 inputs the second event into the neural network model and 2 You can identify whether the event is a normal event.

Specifically, the processor 130 may identify whether the second event is a normal event by inputting information related to the operation of the electronic device 100 into a neural network model before the second event occurs.

For example, the processor 130 divides the state change of the electronic device 100 before the second event occurs into operation units of the electronic device and provides a plurality of previously performed operations and order information between the plurality of previously performed operations. It can be obtained as operation-related information.

For example, before a control command to turn off the refrigerator 100-4 is received, the processor 130 divides the state changes of the refrigerator 100-4 into operation units and determines i) the door open state (door sensor ) Detection, ii) detection of the door open state for a certain period of time or more, and iii) reception of a control command to turn off are obtained through a plurality of previously performed operations, and the operation sequence of i) -> ii) -> iii) is obtained by a plurality of groups. It can be obtained as order information between performed operations.

A neural network model according to an embodiment may identify whether the second event is a normal event based on sequence information of a plurality of previously performed operations.

The neural network model according to an embodiment of the present disclosure is learned to identify normal events or abnormal events based on events that can occur by sequentially performing a plurality of operations that the electronic device 100 can perform and some of the plurality of operations. It could be a model.

The neural network model according to one embodiment of the present disclosure includes sequence information between a plurality of previously performed operations (i) detection of a door open state (door sensor) -> ii) detection of a door open state for a certain period of time -> iii) turn-off control Based on the command reception ), an event (i.e., a second event) in which a control command to turn off the refrigerator 100-4 is received may be identified as a normal event.

A description of the plurality of operations that the electronic device 100 can perform will be made with reference to FIG. 7 .

FIG. 7 is a diagram for explaining information related to the operation of an electronic device according to an embodiment of the present disclosure.

Referring to FIG. 7, operations that can be performed in the electronic device 100 include the processor 130 transmitting a control command to any one of a plurality of resources included in the electronic device 100, and any one receiving the control command. refers to the action of the resource.

For example, in the idle state 10 of the electronic device 100, if the first operation (or first action) is performed and the nth operation (or nth action) is sequentially performed, the electronic device ( A specific event (20) may occur in 100).

The occurrence of an event is explained by assuming that the electronic device 100 is the air conditioner 100-2, as shown in FIG. 8.

FIG. 8 is a diagram for explaining information related to the operation of an electronic device according to an embodiment of the present disclosure.

Referring to FIG. 8, in the idle state 10' of the air conditioner 100-2, the on operation of the display (for example, LCD panel) among the plurality of resources provided in the air conditioner 100-2 Accordingly, the state of the air conditioner (100-2) may change.

Next, among the plurality of resources provided in the air conditioner 100-2, an execution command (Process_Start_Exex) for starting a process is obtained under the control of the processor 130, and the process is started under the control of the processor 130. (Process_Started) The status of the air conditioner (100-2) may be changed.

Subsequently, under the control of the processor 130, a subprocessor (eg, Micom) may generate an event 20' that changes the set temperature of the air conditioner 100-2.

As shown in FIG. 8, sequence information corresponding to an event 20' that changes the set temperature of the air conditioner 100-2 includes i) an on operation of a display (e.g., LCD panel), ii) an operation of obtaining an execution command to start a process of the processor 130, iii) an operation of starting a process, and iv) an operation of changing the set temperature of the subprocessor may be included as order information between a plurality of operations.

As described above, when an event occurs, the processor 130 generates order information between a plurality of previously performed operations included in the operation-related information of the electronic device 100 before the event occurs and sequence information corresponding to the event. By comparing sequence information between a plurality of operations, it is possible to identify whether an event occurring in the electronic device 100 is a normal event or an abnormal event.

Meanwhile, according to one embodiment, the processor 130 may identify an event that occurred in the electronic device 100 as an abnormal event and then transmit information related to the event that occurred in the electronic device 100 to the server. Next, the processor 130 may receive security data from the server and update the security policy of the electronic device based on the received security data.

Figure 9 is a sequence diagram for explaining communication between an electronic device and a server according to an embodiment of the present disclosure.

First, when an event occurs (S901), the processor 130 can model the pattern of the event and classify the pattern of the event (S902).

Here, step S902 of modeling the pattern of the event and classifying the pattern of the event may refer to the step of dividing the state change of the electronic device 100 before the event occurs into operation units of the electronic device 100. . Subsequently, the processor 130 divides the state change of the electronic device 100 into operation units of the electronic device 100 and provides a plurality of previously performed operations and order information between the plurality of previously performed operations to the electronic device 100. It can be obtained as operation-related information (S903). Here, the operation-related information may be called event classification information, but hereinafter, it will be collectively referred to as operation-related information.

Subsequently, the processor 130 may compare operation-related information and sequence information corresponding to the event. Specifically, if a plurality of previously performed operations correspond to a plurality of operations included in the sequence information, the processor 130 may identify the event occurring in the electronic device 100 as a normal event (S904).

Additionally, if an event occurring in the electronic device 100 is identified as an abnormal event (S904), the processor 130 may transmit event-related information to the server 200 (S905).

Here, the event-related information may be called a security event information report, etc., but for convenience of explanation, it will be collectively referred to as event-related information.

When event-related information is received, the server 200 according to an embodiment of the present disclosure provides resource information of the electronic device 100 related to the event included in the event-related information, the time of occurrence of the event, the number of occurrences of the event, or a plurality of An attack threat (or risk) score may be calculated based on at least one of the previously performed actions (S906).

Here, the score calculated by the server 200 may include a Common Vulnerability Scoring System (CVSS) score. The CVSS score ranges from 0 to 10, 1) low risk group: 0.1 to 3.9 points, 2) medium risk group: 4.0 to 6.9 points, 3) high risk group: 7.0 to 8.9 points, 4) fatal risk group: 9.0 to 10.0 points. It can be divided into: However, of course, this is an example and is not limited thereto. The server 200 according to one embodiment may obtain a CVSS score corresponding to the received event-related information based on each of the base score, temporal score, and environmental score.

However, the CVSS score is an example of a threat score corresponding to an abnormal event, and of course, the server 200 can score the threat score corresponding to an abnormal event using various calculation methods.

Subsequently, if the comprehensive threat score is greater than or equal to a threshold (eg, exceeds 0 points), the server 200 may request a security update to update the security policy of the electronic device 100 (S907). Next, the server 200 may perform security policy provisioning to update the security policy of the target device, that is, the electronic device 100 that transmitted event-related information. Here, provisioning may mean allocating, placing, and distributing system resources upon request and preparing the system in advance so that it can be used immediately when needed.

Next, the server 200 may transmit security data for updating the security policy of the electronic device (S909).

Subsequently, the electronic device 100 may update the security policy based on the received security data (S910).

Specifically, when security data that blocks a specific operation or access to the electronic device 100 is received from the server 200, the electronic device 100 may update the security policy based on the security data. As an example, the electronic device 100 may block at least one of a specific operation or a specific access according to a specific event based on an updated security policy.

Meanwhile, security data received from the server 200 may include information on the update time of the security policy.

For example, the processor 130 may immediately update the security policy based on the point-in-time information, update the security policy in an idle state of the electronic device, or update the security policy at a specific point in time corresponding to the point-in-time information. .

For example, the server 200 may request the electronic device 100 to immediately update the security policy if the comprehensive threat score is included in the high risk group, critical risk group, etc.

Additionally, if the overall threat score is included in the low-risk group, medium-risk group, etc., the server 200 may request the electronic device 100 to update the security policy in the idle state of the electronic device 100. This is an example, and of course, it is not limited thereto.

FIG. 10 is a flowchart illustrating a method of controlling an electronic device according to an embodiment of the present disclosure.

In the control method according to an embodiment of the present disclosure, first, when a first event occurs, an event corresponding to the first event among a plurality of events is identified (S1010).

Next, when the event corresponding to the first event is identified, first sequence information corresponding to the first event is obtained (S1020).

Next, it is identified whether information related to the operation of the electronic device before the first event occurs corresponds to the first sequence information (S1030).

Next, the first event-related information is transmitted to the server through the communication interface based on the identification result (S1040).

Next, the security policy of the electronic device is updated based on the security data received from the server (S1050).

Step S1030 of identifying whether it corresponds to the first sequence information according to an example divides the state change of the electronic device before the first event occurs into operation units of the electronic device, and determines a plurality of previously performed operations and a plurality of previously performed operations. A step of obtaining sequence information between operations as operation-related information, wherein the first sequence information related to the first event includes a plurality of operations divided into operation units of the electronic device to generate the first event and between the plurality of operations. May contain order information.

Here, step S1030 of identifying whether the first event corresponds to the first sequence information includes identifying the first event as a normal event when the sequence information between the plurality of previously performed operations corresponds to the sequence information between the plurality of previously performed operations. If the sequence information between the selected operations does not correspond to the sequence information between the plurality of operations, the step of identifying the first event as an abnormal event may be included.

Step S1040 of transmitting to the server according to an example may include transmitting information related to the first event to the server when the first event is identified as an abnormal event.

According to one example, the first event-related information may include at least one of identification information of the electronic device, resource information of the electronic device related to the first event, the time of occurrence of the first event, the number of occurrences, or a plurality of previously performed operations. It can contain one.

According to one example, the updating step S1050 includes, when security data blocking a specific operation of an electronic device or a specific access to the electronic device according to a first event is received from the server, updating the security policy based on the security data. may include.

According to one example, the control method may further include blocking at least one of a specific operation or a specific access according to the first event based on the updated security policy.

According to one example, the control method includes, when a second event occurs, identifying an event corresponding to the second event among a plurality of events, and if an event corresponding to the second event among the plurality of events is not identified, a second event The method may further include inputting the event into a neural network model to identify whether the second event is a normal event, and if the second event is identified as an abnormal event, transmitting information related to the second event to the server.

According to one example, a neural network model may be a model learned to identify normal events or abnormal events based on events that can occur by sequentially performing a plurality of operations that can be performed by an electronic device and some of the plurality of operations.

According to one example, the security data includes information on the update time of the security policy, and in the updating step S1050, the security policy is immediately updated based on the time information or the security policy is updated in the idle state of the electronic device. Alternatively, it may include updating the security policy at a specific point in time corresponding to the point in time information.

According to one example, an electronic device includes a plurality of resources, and each of the plurality of events operates at least one resource among the plurality of resources to obtain surrounding information of the electronic device or access data included in the electronic device. Alternatively, it may be an event that changes the settings of the electronic device.

Meanwhile, the methods according to various embodiments of the present disclosure described above may be implemented in the form of applications that can be installed on existing electronic devices.

Additionally, the methods according to various embodiments of the present disclosure described above may be implemented only by upgrading software or hardware for an existing electronic device.

Additionally, the various embodiments of the present disclosure described above can also be performed through an embedded server provided in an electronic device or an external server of at least one of the electronic device and the display device.

Meanwhile, according to an example of the present disclosure, the various embodiments described above may be implemented as software including instructions stored in a machine-readable storage media (e.g., a computer). The device is a device capable of calling instructions stored from a storage medium and operating according to the called instructions, and may include an electronic device (e.g., electronic device A) according to the disclosed embodiments. The instruction is a processor. When executed by the processor, the processor can perform the function corresponding to the instruction directly or using other components under the control of the processor. The instruction may include code generated or executed by a compiler or interpreter. Device A storage medium that can be read can be provided in the form of a non-transitory storage medium, where 'non-transitory' means that the storage medium does not contain signals and is tangible. However, it does not distinguish whether the data is stored semi-permanently or temporarily in the storage medium.

Additionally, according to an embodiment of the present disclosure, the method according to the various embodiments described above may be included and provided in a computer program product. Computer program products are commodities and can be traded between sellers and buyers. The computer program product may be distributed on a machine-readable storage medium (e.g. compact disc read only memory (CD-ROM)) or online through an application store (e.g. Play Store™). In the case of online distribution, at least a portion of the computer program product may be at least temporarily stored or created temporarily in a storage medium such as the memory of a manufacturer's server, an application store's server, or a relay server.

In addition, each component (e.g., module or program) according to the various embodiments described above may be composed of a single or multiple entities, and some of the sub-components described above may be omitted, or other sub-components may be omitted. Additional components may be included in various embodiments. Alternatively or additionally, some components (e.g., modules or programs) may be integrated into a single entity and perform the same or similar functions performed by each corresponding component prior to integration. According to various embodiments, operations performed by a module, program, or other component may be executed sequentially, in parallel, iteratively, or heuristically, or at least some operations may be executed in a different order, omitted, or other operations may be added. You can.

In the above, preferred embodiments of the present disclosure have been shown and described, but the present disclosure is not limited to the specific embodiments described above, and may be used in the technical field pertaining to the disclosure without departing from the gist of the disclosure as claimed in the claims. Of course, various modifications can be made by those skilled in the art, and these modifications should not be understood individually from the technical ideas or perspectives of the present disclosure.

100: electronic device 110: memory
120: communication interface 130: processor

Claims (18)

In electronic devices,
communication interface;
a memory storing sequence information corresponding to each of a plurality of events; and
When a first event occurs, identify an event corresponding to the first event among the plurality of events,
When an event corresponding to the first event is identified, obtain first sequence information corresponding to the first event,
Identify whether information related to the operation of the electronic device before the first event occurs corresponds to the first sequence information,
Transmitting the first event-related information to a server through the communication interface based on the identification result,
An electronic device comprising: one or more processors that update the security policy of the electronic device based on security data received from the server. According to paragraph 1,
The one or more processors:
Before the first event occurs, the state change of the electronic device is divided into operation units of the electronic device, and a plurality of previously performed operations and order information between the plurality of previously performed operations are obtained as the operation-related information,
The first sequence information related to the first event is,
An electronic device comprising a plurality of operations divided into operation units of the electronic device to generate the first event and order information between the plurality of operations. According to paragraph 2,
The one or more processors:
If the order information between the plurality of previously performed operations corresponds to the order information between the plurality of operations, identifying the first event as a normal event,
If the order information between the plurality of previously performed operations does not correspond to the order information between the plurality of operations, the electronic device identifies the first event as an abnormal event and transmits the first event-related information to the server. According to paragraph 3,
The information related to the first event is,
An electronic device comprising at least one of identification information of the electronic device, resource information of the electronic device related to the first event, a time point of occurrence of the first event, the number of occurrences, or the plurality of previously performed operations. . According to paragraph 1,
The one or more processors:
When the security data blocking a specific operation of the electronic device or a specific access to the electronic device according to the first event is received from the server, updating the security policy based on the security data,
An electronic device that blocks at least one of the specific operation or the specific access according to the first event based on the updated security policy. According to paragraph 1,
The one or more processors:
When a second event occurs, identify an event corresponding to the second event among the plurality of events,
If an event corresponding to the second event is not identified among the plurality of events, input the second event into a neural network model to identify whether the second event is a normal event,
When the second event is identified as an abnormal event, the electronic device transmits information related to the second event to a server. According to clause 6,
The neural network model is,
An electronic device, which is a model learned to identify a normal event or an abnormal event based on a plurality of operations that the electronic device can perform and events that can occur by sequentially performing some of the plurality of operations. According to paragraph 1,
The security data is,
Contains information on the update time of the security policy,
The one or more processors:
An electronic device that immediately updates the security policy based on the time point information, updates the security policy in an idle state of the electronic device, or updates the security policy at a specific time point corresponding to the time point information. According to paragraph 1,
The electronic device is,
Contains multiple resources,
Each of the plurality of events is an event that operates at least one resource among the plurality of resources to obtain surrounding information of the electronic device, access data included in the electronic device, or change settings of the electronic device. , electronic devices. In a method of controlling an electronic device including sequence information corresponding to each of a plurality of events,
When a first event occurs, identifying an event corresponding to the first event among the plurality of events;
When an event corresponding to the first event is identified, obtaining first sequence information corresponding to the first event;
identifying whether information related to the operation of the electronic device before the first event occurs corresponds to the first sequence information;
Transmitting the first event-related information to a server through the communication interface based on the identification result; and
A control method comprising: updating a security policy of the electronic device based on security data received from the server. According to clause 10,
The step of identifying whether it corresponds to the first sequence information is,
Dividing state changes of the electronic device before the first event occurs into operation units of the electronic device and obtaining a plurality of previously performed operations and order information between the plurality of previously performed operations as the operation-related information. Contains ;,
The first sequence information related to the first event is,
A control method comprising a plurality of operations divided into operation units of the electronic device to generate the first event and order information between the plurality of operations. According to clause 11,
The step of identifying whether it corresponds to the first sequence information is,
If the order information between the plurality of previously performed operations corresponds to the order information between the plurality of operations, identifying the first event as a normal event; and
If the order information between the plurality of previously performed operations does not correspond to the order information between the plurality of operations, identifying the first event as an abnormal event, comprising:
The step of transmitting to the server is,
When the first event is identified as an abnormal event, transmitting the first event-related information to the server. According to clause 12,
The information related to the first event is,
A control method including at least one of identification information of the electronic device, resource information of the electronic device related to the first event, an occurrence point of the first event, the number of occurrences, or the plurality of previously performed operations. . According to clause 13,
The updating step is,
When the security data blocking a specific operation of the electronic device or a specific access to the electronic device according to the first event is received from the server, updating the security policy based on the security data; comprising: ,
The control method is,
Further comprising: blocking at least one of the specific operation or the specific access according to the first event based on the updated security policy. According to clause 10,
The control method is,
When a second event occurs, identifying an event corresponding to the second event among the plurality of events;
If an event corresponding to the second event is not identified among the plurality of events, inputting the second event into a neural network model to identify whether the second event is a normal event;
If the second event is identified as an abnormal event, transmitting the second event-related information to a server. According to clause 15,
The neural network model is,
A control method, which is a model learned to identify a normal event or an abnormal event based on a plurality of operations that the electronic device can perform and events that can occur by sequentially performing some of the plurality of operations. According to clause 16,
The security data is,
Contains information on the update time of the security policy,
The updating step is,
Immediately updating the security policy based on the time point information, updating the security policy in an idle state of the electronic device, or updating the security policy at a specific time point corresponding to the time point information; including; , control method. According to clause 10,
The electronic device is,
Contains multiple resources,
Each of the plurality of events is an event that operates at least one resource among the plurality of resources to obtain surrounding information of the electronic device, access data included in the electronic device, or change settings of the electronic device. , control method.

Images