WO2018113726A1 - Ap risk detection method and apparatus - Google Patents

Ap risk detection method and apparatus Download PDF

Info

Publication number
WO2018113726A1
WO2018113726A1 PCT/CN2017/117688 CN2017117688W WO2018113726A1 WO 2018113726 A1 WO2018113726 A1 WO 2018113726A1 CN 2017117688 W CN2017117688 W CN 2017117688W WO 2018113726 A1 WO2018113726 A1 WO 2018113726A1
Authority
WO
WIPO (PCT)
Prior art keywords
detected
score
type
parameter
security
Prior art date
Application number
PCT/CN2017/117688
Other languages
French (fr)
Chinese (zh)
Inventor
刘天
张建新
高永岗
Original Assignee
北京奇虎科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2018113726A1 publication Critical patent/WO2018113726A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Definitions

  • the present disclosure relates to the field of electronic technologies, and in particular, to a method and an apparatus for detecting an AP risk.
  • the embodiments of the present disclosure provide a method and a device for detecting an AP risk, which are used to improve the detection accuracy of an AP risk.
  • the present disclosure provides a method for AP risk detection, including:
  • the security test plan includes a calculation scheme for calculating the security score of the AP to be detected based on the parameter of the target parameter type and A preset score indicating the security of the AP to be detected; wherein the parameter type and the security test scheme corresponding to the types of different APs are not completely the same;
  • the AP to be detected is detected according to the target parameter type, and the first parameter of the target parameter type is obtained;
  • the present disclosure provides an apparatus for AP risk detection, including:
  • a first determining module configured to determine, according to a type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test plan, where the security test solution includes calculating a parameter to be detected based on the parameter of the target parameter type The calculation scheme of the security score and the preset score indicating the security of the AP to be detected; wherein the parameter types and security test schemes corresponding to the types of different APs are not completely the same;
  • a first obtaining module configured to detect the AP to be detected according to the target parameter type, and obtain a first parameter of the target parameter type
  • a calculation module configured to calculate a safety score of the AP to be detected based on the first parameter and the calculation scheme
  • a determining module configured to determine whether a security score of the AP to be detected reaches a preset score
  • the second determining module is configured to determine that the AP to be detected is at risk when the security score of the AP to be detected does not reach the preset score.
  • the present disclosure provides a computer program comprising:
  • Computer readable code when the computer readable code is run on a computing device, causes the computing device to perform the method of AP risk detection described above.
  • the present disclosure provides a computer readable medium, comprising:
  • a computer program for performing the above-described method of AP risk detection is stored.
  • different types of APs correspond to different target type parameters and security test schemes. Therefore, firstly, according to the type of the AP to be detected, the target parameter types and security of the AP to be detected need to be obtained.
  • the test solution includes a calculation scheme for calculating a security score of the AP to be detected based on the parameter of the target parameter type, and a preset score indicating the security of the AP to be detected, and then detecting the AP to be detected according to the target parameter type, and obtaining the target parameter.
  • the security score of the AP to be detected and determining whether the security score of the AP to be detected reaches a preset score, when the security score of the AP to be detected does not reach the preset score.
  • the first parameter of the target parameter type corresponding to the AP type to be detected is performed, and the calculation scheme corresponding to the type of the AP to be detected is performed on the first parameter, and finally according to the type of the AP to be detected.
  • a corresponding preset score is used to determine whether the AP is at risk. Since different types of AP security standards are different, different types of APs are detected for different parameters and different calculation schemes are performed for detection, so that the final detection result is more targeted and more accurate.
  • FIG. 1 is a flowchart of a method for AP risk detection in an embodiment of the present disclosure
  • FIG. 2 is a schematic structural diagram of an apparatus for detecting AP risk in an embodiment of the present disclosure
  • FIG. 3 schematically illustrates a block diagram of a computing device for performing a method of AP risk detection in accordance with an embodiment of the present disclosure
  • FIG. 4 schematically illustrates a storage unit for maintaining or carrying program code that implements a method of AP risk detection in accordance with an embodiment of the present disclosure.
  • Embodiments of the present disclosure provide a method and apparatus for AP risk detection, which are used to improve the accuracy of AP risk detection.
  • different types of APs correspond to different target type parameters and security test schemes. Therefore, firstly, according to the type of the AP to be detected, the target parameter types and security of the AP to be detected need to be obtained.
  • the test solution includes a calculation scheme for calculating a security score of the AP to be detected based on the parameter of the target parameter type, and a preset score indicating the security of the AP to be detected, and then detecting the AP to be detected according to the target parameter type, and obtaining the target parameter.
  • the security score of the AP to be detected and determining whether the security score of the AP to be detected reaches a preset score, when the security score of the AP to be detected does not reach the preset score.
  • the first parameter of the target parameter type corresponding to the AP type to be detected is performed, and the calculation scheme corresponding to the type of the AP to be detected is performed on the first parameter, and finally according to the type of the AP to be detected.
  • a corresponding preset score is used to determine whether the AP is at risk. Since different types of AP security standards are different, different types of APs are detected for different parameters and different calculation schemes are performed for detection, so that the final detection result is more targeted and more accurate.
  • a first aspect of the present disclosure provides a method for AP risk detection.
  • FIG. 1 a flowchart of a method for AP risk detection in an embodiment of the present disclosure is provided. The method includes:
  • S101 Determine, according to the type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test plan, where the security test solution includes calculating a security score of the AP to be detected based on the parameter of the target parameter type.
  • the scheme and the preset score indicating the security of the AP to be detected; wherein the parameter type and the security test scheme corresponding to the types of different APs are not completely the same;
  • S102 Perform detection on the AP to be detected according to the target parameter type, and obtain a first parameter of the target parameter type;
  • S103 Calculate a security score of the AP to be detected based on the first parameter and the calculation scheme
  • S104 Determine whether the security score of the AP to be detected reaches a preset score
  • the types of the AP include, but are not limited to, a public AP, a company AP, and a private AP.
  • the public AP refers to an AP operated by a certain company, enterprise, or organization for accessing a large number of arbitrary UEs (User Equipment);
  • the company AP refers to a company, enterprise, or organization operating for the An AP that is accessed by a UE of a user of a company, a company, or an organization;
  • a private AP refers to an AP that is set by an individual and is only accessible by a few special UEs, such as a home user.
  • the parameter type refers to the type of parameters that need to be acquired to detect whether an AP has a risk, such as SSID (Service Set Identifier), BSSID (Basic Service Set Identifier), AP open port. IP address of the AP operating system, its own carrier and/or manufacturer, location, network segment, DNS server, DNS (Domain Name System) server name, page content of the AP management page, and page of the AP login page. Content, etc.
  • the security test solution includes a calculation plan and a preset score. The calculation plan indicates how to calculate a security score based on the specific parameter corresponding to the parameter type, and the security score represents the security level of the AP to be detected; the preset score indicates that the AP security of the type should be The score reached.
  • a person of ordinary skill in the art may set a parameter type and a security test solution according to the characteristics of each type of AP, and the disclosure is not specifically limited.
  • the following is an example of three types of APs: a public AP, a private AP, and a corporate AP. In the specific implementation process, the following examples are included.
  • the criminals falsify the APs at risk by imitating the more obvious features of the AP such as SSID.
  • the invisible features of the AP's open port, DNS server name, assigned network segment, AP's operating system, and AP's login page are difficult to fully imitate.
  • public APs public APs are usually produced by several known manufacturers and are set up in public places by known operators, such as shopping malls, pedestrian streets, and plazas.
  • the parameter types corresponding to the public AP may be specifically: the AP operating system, the AP open port, the location, the user access volume, the manufacturer, the DNS server name, the allocated network segment, the MAC address, and the AP management page. Page content and page content of the AP login page.
  • the AP operating system is the operating system of the AP.
  • the open port of the AP is the port open to the AP.
  • the location is the location of the AP.
  • the calculation scheme of the public AP is specifically: 5 points for the AP operating system, 5 points for the AP open port, 2 points for the location, 2 points for the user access, 3 points for the manufacturer, and 1 point for the DNS server name.
  • the network segment corresponds to 3 points
  • the MAC address corresponds to 3 points
  • the page content of the AP management page corresponds to 2 points
  • the page content of the AP login page corresponds to 2 points; if the parameter type parameter does not satisfy the preset condition corresponding to the parameter type, then the public The score corresponding to the parameter type is subtracted from the AP's benchmark score.
  • the reference score of the public AP should be set lower, for example, 50 points in the embodiment of the present disclosure.
  • the default score for the public AP is 40 points.
  • the parameter types of the private AP are specifically: the AP open port, the historical connection user, the AP operating system, the allocated network segment, the MAC address, the page content of the AP management page, and the page content of the AP login page.
  • the historical connection user refers to the UE that has accessed the AP.
  • the calculation scheme of the AP is as follows: the AP open port corresponds to 20 points, the historical connection user corresponds to 10 points, the AP operating system corresponds to 20 points, the allocated network segment corresponds to 20 points, the MAC address corresponds to 10 points, and the AP management page page content. If the parameter of the parameter type does not satisfy the preset condition corresponding to the parameter type, the score corresponding to the parameter type is subtracted from the reference point of the private AP.
  • the reference score of the private AP may be set higher because the private AP is less likely to send the phishing. In the embodiment of the present disclosure, for example, 100 points.
  • the default score for a private AP is 80 points.
  • a company AP is usually used by a UE of a user of a company, a company, or an organization, for example, a company employee or the like.
  • the users accessing the AP are generally concentrated in a period of time, for example, the working time period is 8:00 to 17:00.
  • the parameter type corresponding to the company AP may be specifically: the AP operating system, the AP open port, the user access amount, the user online time, the allocated network segment, the MAC address, the page content of the AP management page, and the AP.
  • the online time of the user is the user access time and the exit time of the access company AP.
  • the calculation scheme of the AP is as follows: the AP operating system corresponds to 20 points, the AP open port corresponds to 20 points, the user access amount corresponds to 10 points, the user online time corresponds to 20 points, the allocated network segment corresponds to 10 points, and the MAC address corresponds to 10 points.
  • the page content of the AP management page corresponds to 10 points and the page content of the AP login page corresponds to 10 points.
  • the reference score of the company AP in the embodiment of the present disclosure is, for example, 100 points, because the possibility that the company AP sends the phishing is low.
  • the AP's default score is 80 points.
  • the target parameter type and security test of the AP to be detected are determined according to the type of the AP to be detected. Program.
  • the method further includes:
  • the type of the AP to be detected is determined.
  • the second parameter is a parameter that can indicate the type of the AP, including but not limited to the security attribute of the AP, the amount of user access, the location, and the like.
  • the detection of the AP is detected, and then the second parameter of the AP to be detected is obtained, and then the type of the AP to be detected is determined based on the second parameter.
  • the first type determines whether the security attribute of the AP to be detected is OPEN. If the security attribute of the AP to be detected is OPEN, it is determined that the type of the AP to be detected is a public AP. If the security attribute of the AP to be detected is not OPEN, it is determined that the AP to be detected is a private AP or a company AP.
  • the second type determining the user access amount of the AP to be detected is in the range of the public AP, the range of the company AP, or the range of the private AP. If the user access amount of the AP to be detected is in the range of the public AP, it is determined that the AP to be detected is a public AP; if the user access amount of the AP to be detected is in the range of the company AP, it is determined that the AP to be detected is a company AP; When the user access amount of the AP is detected in the range of the private AP, it is determined that the AP to be detected is a private AP.
  • the range of the public AP may be set to be larger than the range of the company AP, and the range of the formula AP is larger than the range of the private AP.
  • the range of the public AP is greater than 500
  • the range of the company AP is greater than 30 and less than or equal to 500
  • the range of the private AP is greater than or equal to 0 and less than or equal to 30.
  • the third type determining whether the location of the AP to be detected is in a public area or a non-public area. If the location of the AP to be detected is in the public area, it is determined that the AP to be detected is a public AP or a company AP; if the location of the AP to be detected is in the non-public area, it is determined that the AP to be detected is a private AP.
  • the public area is, for example, a shopping mall, an office building, a plaza, a pedestrian street, and the like.
  • the non-public area is, for example, a residential area, a residential area, and the like. The person skilled in the art to which the present disclosure pertains may be physically set. The present disclosure is not specifically limited.
  • the fourth type determining whether the proportion of the online time of the user to be detected in the working time reaches the first threshold. If the proportion of the user's online time in the working time reaches the first threshold, the AP to be detected is determined to be the company AP; if the proportion of the online time of the user to be detected in the working time does not reach the first threshold, then it is determined.
  • the AP to be detected is a public AP or a private AP.
  • the working time is, for example, 8:00 to 17:00, or 9:00 to 19:00, and the like, and the present disclosure is not specifically limited.
  • the working time is 8:00 to 17:00 and the first threshold is 75%.
  • the AP to be detected 85% of the online time of the user is within the working time, and the first threshold is reached. Therefore, it is determined that the AP to be detected is a company AP.
  • 20% of the online time of the user is within the working time, and the first threshold is not reached. Therefore, it is determined that the AP to be detected is a public AP or a private AP.
  • the fifth type combining the second type and the third type, determining whether the user access amount of the AP to be detected is in the range of the public AP, the range of the company AP or the range of the private AP, and whether the location of the AP to be detected is in the public area or Non-public area. If the user access amount of the AP to be detected is in the range of the public AP, and the location is in the public area, it is determined that the AP to be detected is a public AP; if the user access amount of the AP to be detected is in the range of the company AP, and the location is in the public In the location area, the AP to be detected is determined to be a corporate AP. If the user access volume of the AP to be detected is in the range of the private AP and the location is in the non-public area, the AP to be detected is determined to be a private AP.
  • the sixth type in combination with the second type, the third type, and the fourth type, determines whether the user access amount of the AP to be detected is in the range of the public AP, the range of the company AP, or the range of the private AP, and whether the location of the AP to be detected is in the public. Whether the proportion of the online time of the user or the non-public area of the AP and the online time of the AP to be detected during the working time reaches the first threshold.
  • the AP to be detected is a public AP; If the user access of the AP is in the range of the AP, the location is in the public area, and the proportion of the user's online time in the working time reaches the first threshold, the AP to be detected is determined to be the company AP; The amount is in the range of the private AP, and the location is in the non-public area. However, if the proportion of the online time of the user in the working time does not reach the first threshold, it is determined that the AP to be detected is a private AP.
  • the execution body of S101 to S105 may be the UE itself, or may be a server connected to the UE.
  • the UE may download the parameter type and the security test plan corresponding to the type of the AP from the server, and then detect the second parameter of the AP to be detected, and determine the type of the AP to be detected based on the second parameter. After that, according to the parameter type and the security test plan obtained by the download, the target parameter type and the security test plan corresponding to the AP to be detected are determined.
  • the server obtains the second parameter that the UE detects and reports the AP, and determines the type of the AP to be detected based on the second parameter reported by the UE, and determines the target parameter type and security test corresponding to the AP to be detected.
  • the solution then delivers the target parameter type to the UE.
  • a person of ordinary skill in the art to which the present disclosure belongs may perform the subject according to the actual selection, and the disclosure is not specifically limited.
  • the UE further detects the AP to be detected based on the target parameter type, thereby obtaining the first parameter of the target parameter type.
  • the first parameter in the embodiment of the present disclosure is a specific parameter of the target parameter type.
  • the target parameter type is specifically the AP operating system, the AP open port, and the user access amount
  • the UE detects the AP operating system, the AP open port, and the user access amount, and obtains the first parameter “**; 80, 50,04;3”.
  • the embodiment of the present disclosure denotes an operating system code by "**". Where ** is the parameter of the target parameter type AP operating system.
  • 80, 50, and 04 are the parameters of the open port of the target parameter type.
  • the operating ports of the AP device that are to be detected are 80 ports, 50 ports, and 04 ports.
  • 3 is a parameter of the target parameter type, indicating that there are three users of the AP to be detected.
  • the UE acquires the first parameter after detecting the first parameter. If the execution entity is a server, the server obtains the first parameter specifically for receiving the first parameter detected and reported by the UE.
  • S103 is performed, that is, the security score of the AP to be detected is calculated based on the first parameter and the calculation scheme.
  • S104 it is determined whether the security score of the AP to be detected reaches a preset score, specifically whether the security score of the AP to be detected is greater than or equal to the preset score. If the security score of the AP to be detected reaches the preset score, it indicates that the risk of the AP to be detected is small and is a secure AP. Conversely, if the security score of the AP to be detected does not reach the preset score, it indicates that the to-be-detected is unsafe and there is a risk.
  • different APs are configured to detect different target parameter types, perform different calculation schemes, and set different preset scores. Therefore, it is implemented to detect risks according to different types of APs in different manners, so The accuracy of detecting risks for different types of APs.
  • the following describes how to calculate the security score of the AP to be detected.
  • the AP to be detected is at least one of a public AP or a private AP. Further, the AP to be detected may also be a company AP.
  • the target parameter type includes at least an AP operating system and an AP open port
  • the first parameter is the first operating system and the first open port
  • the S103 is specifically implemented by the following process. :
  • Determining whether the first operating system of the AP to be detected is a user terminal system
  • the score corresponding to the AP operating system is subtracted from the public AP reference score
  • the score corresponding to the AP open port is subtracted from the public AP reference score.
  • the user terminal system in the embodiment of the present disclosure is a system used by the user terminal, such as a Linux system, a Windows system, a Mac system, and an Android system.
  • the user terminal port is a gateway open port provided by the AP device for the user terminal, for example, port 21 and port 04 of the TP-LINK.
  • the AP is not a user terminal system but a system dedicated to the AP. Therefore, if the AP operating system of the AP to be detected is a user terminal system, the AP to be detected may be simulated by the user terminal. risk.
  • the secure AP usually provides the user with an open port. For example, TP-LINK will provide 80 ports for router configuration and management, 67 ports and 68 ports for basic network configuration, and port 53 for DNS query service. A secure AP does not open a user terminal port. Therefore, if the AP to be detected is open to the user terminal port, it indicates that the AP to be detected and the security AP are abnormal, and there is a risk of phishing.
  • the AP to be detected is a public AP
  • the first operating system is a specific operating system of the detected AP to be detected.
  • the method for determining whether the first system is a user terminal system is to match the characteristics of the first system with the plurality of user terminal systems, and if the first system matches the features of one of the user terminal systems, determining that the first system is a user terminal system . If the first system does not match the features of all user terminal systems, it is determined that the first system is not the user terminal system.
  • the score corresponding to the AP operating system is subtracted from the public AP reference score.
  • the first open port is a port that is specifically opened for the AP to be detected. Assuming that the user terminal port is the 21 port and the 04 port, it is determined whether the 21 port and/or the 04 port are included in the first open port.
  • the score corresponding to the AP open port is subtracted from the public AP reference score.
  • the first operating system is "**"
  • the first open port is 80, 60, and 21, the public AP's reference is 50 points, and the AP operating system's score is 10 points.
  • the AP open port corresponds to The score is 10 and the default score is 45.
  • the first operating system "**" is an Android system, which is a user terminal system
  • 21 of the first open port is a user terminal port, so 20 points are subtracted from the benchmark score of 50 points, and finally the AP to be detected is obtained.
  • the safety score is 30 points. Since the security score of the AP to be detected does not reach the preset score of 45 points, it is determined that the AP to be detected is at risk.
  • the target parameter types are: AP operating system, AP open port, location, user access amount, manufacturer, DNS server name, allocated network segment, The MAC address, the page content of the AP management page, and the page content of the AP login page.
  • the first parameters are: ** (AP operating system); 80, 60 and 21 (AP open port); Wangfujing Pedestrian Street (location); 10 (user access); ABC (producer); DEF (DNS server name) ;11.0.0.0 ⁇ 11.0.0.100 (assigned network segment); 58:66:ba:6e:57:20 (MAC address).
  • the AP operating system corresponds to 5 points
  • the AP open port corresponds to 5 points
  • the location corresponds to 2 points
  • the user access amount corresponds to 2 points
  • the manufacturer corresponds to 3 points
  • the DNS server name corresponds to 1 point
  • the allocated network segment corresponds to 3 points
  • the MAC address corresponds to 3 points
  • the page content of the AP management page corresponds to 2 points
  • the page content of the AP login page corresponds to 2 points.
  • the public AP's benchmark is divided into 50 points and the default score is 40 points.
  • the first operating system "**" is an Android system and is a user terminal system, so 5 points are subtracted from the benchmark score of 50 points.
  • 21 of the first open port is a user terminal port, so 5 points are subtracted from the benchmark score of 50 points.
  • 21 of the first open port is a user terminal port, so 5 points are subtracted from the benchmark score of 50 points.
  • Wangfujing Pedestrian Street belongs to the public area, so it is not necessary to subtract the score corresponding to the location.
  • User traffic does not reach a range greater than 500, so 2 points are subtracted from the benchmark minutes.
  • Producer ABC is not a known manufacturer of public APs, so 3 points are subtracted from the benchmark.
  • the DNS server name DEF is inconsistent with all known secure DNS server names of the public AP, so 1 point is subtracted from the benchmark score.
  • the allocated network segment has a small range and does not reach the number of 256 to 65534 subnets, so 3 points are subtracted from the reference score.
  • the MAC address 58:66:ba:6e:57:20 is consistent with one of the known secure MAC addresses of the public AP, so there is no need to subtract the score corresponding to the MAC address.
  • the page content of the AP management page and the page content of the AP login page are not described in detail here, and the page content of the AP management page and the page content of the AP login page and the page content of the preset secure AP management page are The content of the page of the secure AP login page is the same, so you do not need to subtract the page content of the AP management page and the score corresponding to the page content of the AP login page.
  • the target parameter type includes at least an AP open port and a historical connection user
  • the first parameter is the second port and the second user
  • S103 is specifically implemented by the following process:
  • the score corresponding to the AP open port is subtracted from the private AP reference point
  • the score corresponding to the historical connection user is subtracted from the private AP reference score.
  • the non-private AP attribute port in the embodiment of the present disclosure is, for example, a port that is not normally opened by a routing device of a private AP, such as a port 21 or a 04 port.
  • the ports that are usually secure private APs include ports 80, 67, 68, and 53, and do not include non-private AP attribute ports. Therefore, if the AP to be detected opens a non-private AP attribute port, it indicates that the AP to be detected and the security AP are abnormal, and there is a risk of phishing.
  • the private AP is generally only used by users who have the right to connect to the AP, such as family members, friends, etc. Therefore, if there is a user who does not have the connection right among the historical connection users, it means that the AP to be detected has been attacked by others. Therefore, when there is a user who does not have the connection right among the historical connection users, it indicates that the AP to be detected is at risk.
  • the AP to be detected is a private AP
  • the second open port is a port that is specifically opened for the AP to be detected. Assuming that the non-private AP attribute port is port 21 and port 04, it is determined whether the port 21 and/or port 04 are included in the second open port.
  • the score corresponding to the AP open port is subtracted from the public AP reference point.
  • the security user list with the right to connect to the AP to be detected may be pre-stored, and then the historical connection user is determined to be in the security user list based on the security user list. If there is a historical connection user that is not in the security user list, it indicates that the second user includes a user who does not have the right to connect to the AP to be detected, so the score corresponding to the historical connection user is subtracted from the private AP reference score.
  • the second open port is 80, 60, and 21, the historical connection users are a, b, c, and d, the private AP's reference is divided into 100 points, and the AP open port corresponds to a score of 10, and the historical connection is The user's score is 20 points and the default score is 80 points. 21 of the second open port is a non-private attribute port, so 20 points are subtracted from the benchmark score of 100 points.
  • the list of security users is a, b, c, and e. Therefore, the historical connection user d is not in the security user list, so 10 points are subtracted from the benchmark score of 100 points.
  • the security score of the AP to be detected is 70 points. Since the security score of the AP to be detected does not reach the preset score of 80 points, it is determined that the AP to be detected is at risk.
  • the target parameter types are: an AP open port, a historical connection user, an AP operating system, an allocated network segment, a MAC address, and an AP management page. Content and page content of the AP login page.
  • the first parameters are: 80, 60, and 21 (AP open ports); a, b, c, d (historical connection users); ** (AP operating system); 192.168.0.0-192.168.0.10 (assigned network segments) ;5c: ad:cf:46:b8:af (MAC address).
  • the AP open port corresponds to 20 points
  • the historical connection user corresponds to 10 points
  • the AP operating system corresponds to 20 points
  • the assigned network segment corresponds to 20 points
  • the MAC address corresponds to 10 points
  • the page content of the AP management page corresponds to 10 points.
  • the page of the AP login page The content corresponds to 10 points.
  • the private AP's benchmark is divided into 100 points and the default score is 80 points.
  • the first operating system "**" is an Android system, which is a user terminal system, so 20 points are subtracted from the benchmark score of 100 points.
  • 21 of the first open port is a non-private AP attribute port, so 20 points are subtracted from the benchmark score of 100 points.
  • the allocated network segment has a small range and does not reach 255, so 20 points are subtracted from the benchmark score.
  • the MAC address 5c:ad:cf:46:b8:af is the same as the preset MAC address of the AP to be detected, so it is not necessary to subtract the score corresponding to the MAC address.
  • the page content of the AP management page and the page content of the AP login page are not described in detail here, and the page content of the AP management page and the page content of the AP login page and the page content of the preset secure AP management page are The content of the page of the secure AP login page is the same, so you do not need to subtract the page content of the AP management page and the score corresponding to the page content of the AP login page.
  • the security score is calculated in a manner similar to that described above, and compared with the preset score corresponding to the company AP. Based on the above description, a person skilled in the art can obtain a specific implementation manner of the detecting company AP without paying creative labor, and details are not described herein again.
  • the second aspect of the present disclosure further provides a schematic structural diagram of an AP risk detection apparatus, as shown in FIG. 2, including:
  • the first determining module 101 is configured to determine, according to the type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test plan, where the security test solution includes calculating a parameter to be detected based on the parameter of the target parameter type The calculation scheme of the security score of the AP and the preset score indicating the security of the AP to be detected; wherein the parameter types and security test schemes corresponding to the types of different APs are not completely the same;
  • the first obtaining module 102 is configured to detect the AP to be detected according to the target parameter type, and obtain a first parameter of the target parameter type;
  • the calculating module 103 is configured to calculate a safety score of the AP to be detected based on the first parameter and the calculation scheme;
  • the determining module 104 is configured to determine whether the security score of the AP to be detected reaches a preset score
  • the second determining module 105 is configured to determine that the AP to be detected is at risk when the security score of the AP to be detected does not reach the preset score.
  • the device in the embodiment of the present disclosure further includes:
  • a second obtaining module configured to: before determining a target parameter type of the AP to be detected that needs to be obtained and a security test solution, detecting the AP to be detected, and obtaining a second parameter indicating a type of the AP to be detected;
  • the third determining module is configured to determine a type of the AP to be detected based on the second parameter.
  • the target parameter type includes at least an AP operating system and an AP open port, where the first parameter is the first operating system and the first open port, and the calculating module 104 is configured to determine that the AP is to be detected.
  • the first operating system of the AP is a user terminal system; when the first operating system of the AP to be detected is a user terminal system, the score corresponding to the AP operating system is subtracted from the public AP reference score; and the first AP to be detected is determined.
  • the user terminal port is included in the open port; when the first issuing port of the AP to be detected includes the user terminal port, the score corresponding to the AP open port is subtracted from the public AP reference point.
  • the target parameter type includes at least an AP open port and a historical connection user
  • the first parameter is the second port and the second user
  • the calculating module 104 is configured to determine that the AP is to be detected.
  • the non-private AP attribute port is included in the second port of the AP; when the second open port of the AP to be detected includes the non-private AP attribute port, the score corresponding to the AP open port is subtracted from the private AP reference point; Whether the second user includes the user who does not have the right to connect to the AP to be detected; when the second user of the AP to be detected includes the user who does not have the right to connect to the AP to be detected, the corresponding point of the historical connection user is subtracted from the private AP reference score. value.
  • FIG. 3 illustrates a computing device that can implement the method of AP risk detection in accordance with the present disclosure.
  • the computing device traditionally includes a processor 310 and a computer program product or computer readable medium in the form of a storage device 320.
  • the storage device 320 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM.
  • Storage device 320 has a storage space 330 that stores program code 331 for performing any of the method steps described above.
  • storage space 330 storing program code may include various program code 331 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • These computer program products include program code carriers such as a hard disk, a compact disk (CD), a memory card, or a floppy disk.
  • Such computer program products are typically portable or fixed storage units such as those shown in FIG.
  • the storage unit may have storage segments, storage spaces, and the like that are similarly arranged to storage device 320 in the computing device of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes computer readable code 331' for performing the method steps in accordance with the present disclosure, ie, code that can be read by a processor, such as 310, which when executed by the computing device causes the computing device Perform the various steps in the method described above.
  • different types of APs correspond to different target type parameters and security test schemes. Therefore, firstly, according to the type of the AP to be detected, the target parameter types and security of the AP to be detected need to be obtained.
  • the test solution includes a calculation scheme for calculating a security score of the AP to be detected based on the parameter of the target parameter type, and a preset score indicating the security of the AP to be detected, and then detecting the AP to be detected according to the target parameter type, and obtaining the target parameter.
  • the security score of the AP to be detected and determining whether the security score of the AP to be detected reaches a preset score, when the security score of the AP to be detected does not reach the preset score.
  • the first parameter of the target parameter type corresponding to the AP type to be detected is performed, and the calculation scheme corresponding to the type of the AP to be detected is performed on the first parameter, and finally according to the type of the AP to be detected.
  • a corresponding preset score is used to determine whether the AP is at risk. Since different types of AP security standards are different, different types of APs are detected for different parameters and different calculation schemes are performed for detection, so that the final detection result is more targeted and more accurate.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • Various component embodiments of the present disclosure may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of some or all of the gateways, proxy servers, systems in accordance with embodiments of the present disclosure.
  • the present disclosure may also be implemented as a device or device program (eg, a computer program and a computer program product) for performing some or all of the methods described herein.
  • Such a program implementing the present disclosure may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.

Abstract

Provided is an AP risk detection method and apparatus. The method comprises: determining, according to the type of a wireless access point (AP) to be detected, the type of target parameters and a security test scheme of the AP to be detected which are required to be obtained, wherein the security test scheme comprises a computing scheme representative of computing a security score of the AP to be detected based on a parameter of type of the target parameters and a pre-set score representative of the security of the AP to be detected, wherein the type of parameters and the security test scheme corresponding to different types of the AP are not identical; detecting the AP to be detected according to the type of the target parameters, and obtaining a first parameter of the type of the target parameters; computing the security score of the AP to be detected based on the first parameter and the computing scheme; determining whether the security score of the AP to be detected reaches the pre-set score; and determining that a risk exists in the AP to be detected when the security score of the AP to be detected does not reach the pre-set score.

Description

AP风险的检测方法和装置Method and device for detecting AP risk
相关申请的交叉参考Cross-reference to related applications
本申请要求于2016年12月21日提交中国专利局、申请号为201611193270.4、名称为“一种AP风险的检测方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201611193270.4, entitled "A Method and Apparatus for Detecting AP Risks", filed on December 21, 2016, the entire contents of which is incorporated herein by reference. in.
技术领域Technical field
本公开涉及电子技术领域,尤其涉及一种AP风险的检测方法和装置。The present disclosure relates to the field of electronic technologies, and in particular, to a method and an apparatus for detecting an AP risk.
背景技术Background technique
随着网络广度和深度的应用,日常生活和工作与网络的融合越来越紧密,用户利用网络可以办公、购物、转账,甚至控制家居。然而,在我们通过网络操作各种事项的同时,不安全的AP(无线接入点,Access Point)也使我们的财产和隐私陷入风险。With the application of the breadth and depth of the network, the integration of daily life and work and the network is getting closer and closer, and users can use the network to work, shop, transfer, and even control the home. However, while we operate on the Internet through various things, insecure APs (Access Points) put our property and privacy at risk.
目前,多数相关技术对AP风险的检测方法还停留在通过判断AP的SSID(服务集标识符,Service Set Identifier)、BSSID(基础服务集标识符,Basic Service Set Identifier)和IP(网络协议,InternetProtocol)是否在黑名单库中来检测。因此,存在检测精度不高的技术问题。At present, most related technologies detect AP risk by judging the AP's SSID (Service Set Identifier), BSSID (Basic Service Set Identifier), and IP (Network Protocol, Internet Protocol). Whether to detect in the blacklist library. Therefore, there is a technical problem that the detection accuracy is not high.
发明内容Summary of the invention
本公开实施例提供了一种AP风险的检测方法和装置,用于提高AP风险的检测精度。The embodiments of the present disclosure provide a method and a device for detecting an AP risk, which are used to improve the detection accuracy of an AP risk.
第一方面,本公开提供了一种AP风险检测的方法,包括:In a first aspect, the present disclosure provides a method for AP risk detection, including:
根据待检测无线接入点AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,安全测试方案包括表示基于目标参数类型的参数而计算待检测AP的安全分数的计算方案和表示待检测AP安全的预设分数;其中,不同AP的类型所对应的参数类型和安全测试方案不完全相同;Determining, according to the type of the AP to be detected, the target parameter type of the AP to be detected and the security test plan, the security test plan includes a calculation scheme for calculating the security score of the AP to be detected based on the parameter of the target parameter type and A preset score indicating the security of the AP to be detected; wherein the parameter type and the security test scheme corresponding to the types of different APs are not completely the same;
根据目标参数类型对待检测AP进行检测,获得目标参数类型的第一参 数;The AP to be detected is detected according to the target parameter type, and the first parameter of the target parameter type is obtained;
基于第一参数和计算方案,计算待检测AP的安全分数;Calculating a security score of the AP to be detected based on the first parameter and the calculation scheme;
判断待检测AP的安全分数是否达到预设分数;Determining whether the security score of the AP to be detected reaches a preset score;
当待检测AP的安全分数未达到预设分数时,确定待检测AP存在风险。When the security score of the AP to be detected does not reach the preset score, it is determined that the AP to be detected has a risk.
第二方面,本公开提供了一种AP风险检测的装置,包括:In a second aspect, the present disclosure provides an apparatus for AP risk detection, including:
第一确定模块,用于根据待检测无线接入点AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,安全测试方案包括表示基于目标参数类型的参数而计算待检测AP的安全分数的计算方案和表示待检测AP安全的预设分数;其中,不同AP的类型所对应的参数类型和安全测试方案不完全相同;a first determining module, configured to determine, according to a type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test plan, where the security test solution includes calculating a parameter to be detected based on the parameter of the target parameter type The calculation scheme of the security score and the preset score indicating the security of the AP to be detected; wherein the parameter types and security test schemes corresponding to the types of different APs are not completely the same;
第一获得模块,用于根据目标参数类型对待检测AP进行检测,获得目标参数类型的第一参数;a first obtaining module, configured to detect the AP to be detected according to the target parameter type, and obtain a first parameter of the target parameter type;
计算模块,用于基于第一参数和计算方案,计算待检测AP的安全分数;a calculation module, configured to calculate a safety score of the AP to be detected based on the first parameter and the calculation scheme;
判断模块,用于判断待检测AP的安全分数是否达到预设分数;a determining module, configured to determine whether a security score of the AP to be detected reaches a preset score;
第二确定模块,用于当待检测AP的安全分数未达到预设分数时,确定待检测AP存在风险。The second determining module is configured to determine that the AP to be detected is at risk when the security score of the AP to be detected does not reach the preset score.
第三方面,本公开提供了一种计算机程序,包括:In a third aspect, the present disclosure provides a computer program comprising:
计算机可读代码,当计算机可读代码在计算设备上运行时,导致计算设备执行上述AP风险检测的方法。Computer readable code, when the computer readable code is run on a computing device, causes the computing device to perform the method of AP risk detection described above.
第四方面,本公开提供了一种计算机可读介质,包括:In a fourth aspect, the present disclosure provides a computer readable medium, comprising:
存储了上述执行上述AP风险检测的方法的计算机程序。A computer program for performing the above-described method of AP risk detection is stored.
本公开实施例中的上述一个或多个技术方案,至少具有如下一种或多种技术效果:The above one or more technical solutions in the embodiments of the present disclosure have at least one or more of the following technical effects:
在本公开实施例的技术方案中,不同类型的AP类型对应不完全相同的目标类型参数和安全测试方案,因此首先根据待检测AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,安全测试方案包括表示基于目标参数类型的参数而计算待检测AP的安全分数的计算方案和表示待检测AP安全的预设分数,然后根据目标参数类型对待检测AP进行检测,获得目标参数类型的第一参数,接着基于第一参数和计算方案,计算待检测AP的安全分数,并判断待检测AP的安全分数是否达到预设分数,当待检测 AP的安全分数未达到预设分数时,确定待检测AP存在风险。可见,在本公开实施例中,通过与待检测AP类型对应的目标参数类型的第一参数,并且对第一参数执行与待检测AP的类型对应的计算方案,并且最终按照待检测AP的类型对应的预设分数来确定该AP是否存在风险。由于不同类型的AP安全标准有所不同,所以,针对不同类型的AP检测不同的参数以及执行不同的计算方案来检测,故而使得最终的检测结果针对性更强也更精确。In the technical solutions of the embodiments of the present disclosure, different types of APs correspond to different target type parameters and security test schemes. Therefore, firstly, according to the type of the AP to be detected, the target parameter types and security of the AP to be detected need to be obtained. The test solution includes a calculation scheme for calculating a security score of the AP to be detected based on the parameter of the target parameter type, and a preset score indicating the security of the AP to be detected, and then detecting the AP to be detected according to the target parameter type, and obtaining the target parameter. And determining, according to the first parameter and the calculation scheme, the security score of the AP to be detected, and determining whether the security score of the AP to be detected reaches a preset score, when the security score of the AP to be detected does not reach the preset score. Determine the risk of the AP to be detected. It can be seen that, in the embodiment of the present disclosure, the first parameter of the target parameter type corresponding to the AP type to be detected is performed, and the calculation scheme corresponding to the type of the AP to be detected is performed on the first parameter, and finally according to the type of the AP to be detected. A corresponding preset score is used to determine whether the AP is at risk. Since different types of AP security standards are different, different types of APs are detected for different parameters and different calculation schemes are performed for detection, so that the final detection result is more targeted and more accurate.
附图概述BRIEF abstract
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本公开的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be considered as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1为本公开实施例中AP风险检测的方法流程图;1 is a flowchart of a method for AP risk detection in an embodiment of the present disclosure;
图2为本公开实施例中AP风险检测的装置结构示意图;2 is a schematic structural diagram of an apparatus for detecting AP risk in an embodiment of the present disclosure;
图3示意性地示出了用于执行根据本公开实施例的AP风险检测的方法的计算设备的框图;以及FIG. 3 schematically illustrates a block diagram of a computing device for performing a method of AP risk detection in accordance with an embodiment of the present disclosure;
图4示意性地示出了用于保持或者携带实现根据本公开实施例的AP风险检测的方法的程序代码的存储单元。FIG. 4 schematically illustrates a storage unit for maintaining or carrying program code that implements a method of AP risk detection in accordance with an embodiment of the present disclosure.
本发明的较佳实施方式Preferred embodiment of the invention
本公开实施例提供了一种AP风险检测的方法和装置,用于提高对AP风险检测的准确率。Embodiments of the present disclosure provide a method and apparatus for AP risk detection, which are used to improve the accuracy of AP risk detection.
为了解决上述技术问题,本公开提供的技术方案思路如下:In order to solve the above technical problems, the technical solutions provided by the present disclosure are as follows:
在本公开实施例的技术方案中,不同类型的AP类型对应不完全相同的目标类型参数和安全测试方案,因此首先根据待检测AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,安全测试方案包括表示基于目标参数类型的参数而计算待检测AP的安全分数的计算方案和表示待检测AP安全的预设分数,然后根据目标参数类型对待检测AP进行检测,获得目标参数类型的第一参数,接着基于第一参数和计算方案,计算待检测 AP的安全分数,并判断待检测AP的安全分数是否达到预设分数,当待检测AP的安全分数未达到预设分数时,确定待检测AP存在风险。可见,在本公开实施例中,通过与待检测AP类型对应的目标参数类型的第一参数,并且对第一参数执行与待检测AP的类型对应的计算方案,并且最终按照待检测AP的类型对应的预设分数来确定该AP是否存在风险。由于不同类型的AP安全标准有所不同,所以,针对不同类型的AP检测不同的参数以及执行不同的计算方案来检测,故而使得最终的检测结果针对性更强也更精确。In the technical solutions of the embodiments of the present disclosure, different types of APs correspond to different target type parameters and security test schemes. Therefore, firstly, according to the type of the AP to be detected, the target parameter types and security of the AP to be detected need to be obtained. The test solution includes a calculation scheme for calculating a security score of the AP to be detected based on the parameter of the target parameter type, and a preset score indicating the security of the AP to be detected, and then detecting the AP to be detected according to the target parameter type, and obtaining the target parameter. And determining, according to the first parameter and the calculation scheme, the security score of the AP to be detected, and determining whether the security score of the AP to be detected reaches a preset score, when the security score of the AP to be detected does not reach the preset score. Determine the risk of the AP to be detected. It can be seen that, in the embodiment of the present disclosure, the first parameter of the target parameter type corresponding to the AP type to be detected is performed, and the calculation scheme corresponding to the type of the AP to be detected is performed on the first parameter, and finally according to the type of the AP to be detected. A corresponding preset score is used to determine whether the AP is at risk. Since different types of AP security standards are different, different types of APs are detected for different parameters and different calculation schemes are performed for detection, so that the final detection result is more targeted and more accurate.
下面通过附图以及具体实施例对本公开技术方案做详细的说明,应当理解本公开实施例以及实施例中的具体特征是对本公开技术方案的详细的说明,而不是对本公开技术方案的限定,在不冲突的情况下,本公开实施例以及实施例中的技术特征可以相互组合。The technical solutions of the present disclosure are described in detail below with reference to the accompanying drawings and specific embodiments. It is understood that the specific features of the embodiments and the embodiments of the present disclosure are the detailed description of the technical solutions of the present disclosure, and In the case of no conflict, the technical features of the embodiments of the present disclosure and the embodiments may be combined with each other.
本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。The term "and/or" in this context is merely an association describing the associated object, indicating that there may be three relationships, for example, A and / or B, which may indicate that A exists separately, and both A and B exist, respectively. B these three situations. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.
本公开第一方面提供了一种AP风险检测的方法,请参考图1,为本公开实施例中AP风险检测的方法流程图。该方法包括:A first aspect of the present disclosure provides a method for AP risk detection. Referring to FIG. 1, a flowchart of a method for AP risk detection in an embodiment of the present disclosure is provided. The method includes:
S101:根据待检测无线接入点AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,安全测试方案包括表示基于目标参数类型的参数而计算待检测AP的安全分数的计算方案和表示待检测AP安全的预设分数;其中,不同AP的类型所对应的参数类型和安全测试方案不完全相同;S101: Determine, according to the type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test plan, where the security test solution includes calculating a security score of the AP to be detected based on the parameter of the target parameter type. The scheme and the preset score indicating the security of the AP to be detected; wherein the parameter type and the security test scheme corresponding to the types of different APs are not completely the same;
S102:根据目标参数类型对待检测AP进行检测,获得目标参数类型的第一参数;S102: Perform detection on the AP to be detected according to the target parameter type, and obtain a first parameter of the target parameter type;
S103:基于第一参数和计算方案,计算待检测AP的安全分数;S103: Calculate a security score of the AP to be detected based on the first parameter and the calculation scheme;
S104:判断待检测AP的安全分数是否达到预设分数;S104: Determine whether the security score of the AP to be detected reaches a preset score;
S105:当待检测AP的安全分数未达到预设分数时,确定待检测AP存在风险。S105: When the security score of the AP to be detected does not reach the preset score, determine that the AP to be detected has a risk.
具体来讲,在本公开实施例中,AP的类型包括但不限于公共AP,公司AP和私人AP。其中,公共AP指的是由某一公司、企业或组织运营的,供 大量任意UE(用户设备,User Equipment)接入的AP;公司AP指的是由公司、企业或组织运营的,供该公司、企业或组织的用户的UE接入的AP;私人AP则指的是由个人设置,且仅供少数特殊UE接入的AP,特殊用户例如为家庭用户等。Specifically, in the embodiment of the present disclosure, the types of the AP include, but are not limited to, a public AP, a company AP, and a private AP. The public AP refers to an AP operated by a certain company, enterprise, or organization for accessing a large number of arbitrary UEs (User Equipment); the company AP refers to a company, enterprise, or organization operating for the An AP that is accessed by a UE of a user of a company, a company, or an organization; a private AP refers to an AP that is set by an individual and is only accessible by a few special UEs, such as a home user.
由于不同类型的AP在具体实现过程中,具有不同的使用场景,并且具有不同的风险,所以,在本公开实施例中,不同类型的AP对应着不完全相同的参数类型和安全测试方案。参数类型指的是为检测一AP是否存在风险而需要获取的参数的类型,例如SSID(服务集标识符,Service Set Identifier)、BSSID(基础服务集标识符,Basic Service Set Identifier)、AP开放端口、AP操作系统、所属运营商和/或生产商、位置、网段、DNS服务器的IP地址、DNS(域名系统,Domain Name System)服务器的名称、AP管理页面的页面内容以及AP登录页面的页面内容等。安全测试方案包括计算方案和预设分数,计算方案表示基于参数类型对应的具体参数如何计算出一安全分数,安全分数表征待检测AP的安全程度;预设分数表示该类型的AP安全时所应达到的分数。Since different types of APs have different usage scenarios and have different risks in the specific implementation process, in the embodiments of the present disclosure, different types of APs correspond to different parameter types and security testing schemes. The parameter type refers to the type of parameters that need to be acquired to detect whether an AP has a risk, such as SSID (Service Set Identifier), BSSID (Basic Service Set Identifier), AP open port. IP address of the AP operating system, its own carrier and/or manufacturer, location, network segment, DNS server, DNS (Domain Name System) server name, page content of the AP management page, and page of the AP login page. Content, etc. The security test solution includes a calculation plan and a preset score. The calculation plan indicates how to calculate a security score based on the specific parameter corresponding to the parameter type, and the security score represents the security level of the AP to be detected; the preset score indicates that the AP security of the type should be The score reached.
在具体实现过程中,针对不同类型的AP,本公开所属领域的普通技术人员可以根据每种类型的AP的特点设置参数类型和安全测试方案,本公开不做具体限制。下面将以公共AP、私人AP和公司AP三种类型的AP来进行举例,在具体实现过程中,包括但不限于以下例子。In a specific implementation process, for a different type of AP, a person of ordinary skill in the art may set a parameter type and a security test solution according to the characteristics of each type of AP, and the disclosure is not specifically limited. The following is an example of three types of APs: a public AP, a private AP, and a corporate AP. In the specific implementation process, the following examples are included.
公共AP:Public AP:
在具体实现过程中,不法分子通过模仿AP的例如SSID等较为明显的特征来伪造存在风险的AP。然而,对于安全的AP而言,AP设备的开放端口、DNS服务器名称、分配的网段、AP的操作系统、AP的登录页面等较为隐形的特征是很难完全模仿的。并且,对于公共AP而言,公共AP通常由已知的几个生产商生产,并且由已知的运营商设置在公共场所,例如商城、步行街和广场等。In the specific implementation process, the criminals falsify the APs at risk by imitating the more obvious features of the AP such as SSID. However, for a secure AP, the invisible features of the AP's open port, DNS server name, assigned network segment, AP's operating system, and AP's login page are difficult to fully imitate. Also, for public APs, public APs are usually produced by several known manufacturers and are set up in public places by known operators, such as shopping malls, pedestrian streets, and plazas.
所以,本公开实施例中,公共AP对应的参数类型可以具体为:AP操作系统、AP开放端口、位置、用户访问量、生产商、DNS服务器名称、分配的网段、MAC地址、AP管理页面的页面内容以及AP登录页面的页面内容。其中,AP操作系统为AP设备的操作系统,AP开放端口为AP设备开放的 端口,位置为AP设备所在位置。Therefore, in the embodiment of the present disclosure, the parameter types corresponding to the public AP may be specifically: the AP operating system, the AP open port, the location, the user access volume, the manufacturer, the DNS server name, the allocated network segment, the MAC address, and the AP management page. Page content and page content of the AP login page. The AP operating system is the operating system of the AP. The open port of the AP is the port open to the AP. The location is the location of the AP.
公共AP的计算方案则具体为:AP操作系统对应5分、AP开放端口对应5分、位置对应2分、用户访问量对应2分、生产商对应3分、DNS服务器名称对应1分、分配的网段对应3分、MAC地址对应3分、AP管理页面的页面内容对应2分,AP登录页面的页面内容对应2分;参数类型的参数不满足参数类型对应的预设条件时,则从公共AP的基准分中减去参数类型对应的分值。其中,由于大多数公共AP是不安全的,因此公共AP的基准分应设置的较低,在本公开实施例中,例如为50分。The calculation scheme of the public AP is specifically: 5 points for the AP operating system, 5 points for the AP open port, 2 points for the location, 2 points for the user access, 3 points for the manufacturer, and 1 point for the DNS server name. The network segment corresponds to 3 points, the MAC address corresponds to 3 points, the page content of the AP management page corresponds to 2 points, and the page content of the AP login page corresponds to 2 points; if the parameter type parameter does not satisfy the preset condition corresponding to the parameter type, then the public The score corresponding to the parameter type is subtracted from the AP's benchmark score. Wherein, since most public APs are not secure, the reference score of the public AP should be set lower, for example, 50 points in the embodiment of the present disclosure.
公共AP的预设分数为40分。The default score for the public AP is 40 points.
私人AP:Private AP:
对于私人AP而言,由于私人AP涉及较多用户隐私和财产信息,所以在具体实现过程中,私人AP的参数类型越多,能够对私人AP进行越全面的检测。当然,在具体实现过程中,本公开所属领域的普通技术人员可以根据实际进行选择,本公开不做具体限制。For a private AP, since the private AP involves more user privacy and property information, the more the parameter types of the private AP are, the more comprehensive the private AP can be detected. Certainly, in the specific implementation process, those skilled in the art to which the present disclosure belongs may select according to actual conditions, and the disclosure does not specifically limit.
下面,假设私人AP的参数类型具体为:AP开放端口、历史连接用户、AP操作系统、分配的网段、MAC地址、AP管理页面的页面内容以及AP登录页面的页面内容。其中,历史连接用户指的是接入过AP的UE。In the following, it is assumed that the parameter types of the private AP are specifically: the AP open port, the historical connection user, the AP operating system, the allocated network segment, the MAC address, the page content of the AP management page, and the page content of the AP login page. The historical connection user refers to the UE that has accessed the AP.
私人AP的计算方案则具体为:AP开放端口对应20分、历史连接用户对应10分、AP操作系统对应20分、分配的网段对应20分、MAC地址对应10分、AP管理页面的页面内容对应10分,AP登录页面的页面内容对应10分;参数类型的参数不满足参数类型对应的预设条件时,则从私人AP的基准分中减去参数类型对应的分值。其中,由于私人AP发送钓鱼的可能性较低,因此私人AP的基准分可以设置的较高,在本公开实施例中,例如为100分。The calculation scheme of the AP is as follows: the AP open port corresponds to 20 points, the historical connection user corresponds to 10 points, the AP operating system corresponds to 20 points, the allocated network segment corresponds to 20 points, the MAC address corresponds to 10 points, and the AP management page page content. If the parameter of the parameter type does not satisfy the preset condition corresponding to the parameter type, the score corresponding to the parameter type is subtracted from the reference point of the private AP. The reference score of the private AP may be set higher because the private AP is less likely to send the phishing. In the embodiment of the present disclosure, for example, 100 points.
私人AP的预设分数为80分。The default score for a private AP is 80 points.
公司AP:Company AP:
由于公司AP通常供公司、企业或组织的用户的UE使用,例如为公司员工等。在具体实现过程中,由于接入的用户一般会集中在一个时间段内接入公司AP,例如上班时间段8:00~17:00等。Since a company AP is usually used by a UE of a user of a company, a company, or an organization, for example, a company employee or the like. In the specific implementation process, the users accessing the AP are generally concentrated in a period of time, for example, the working time period is 8:00 to 17:00.
所以,本公开实施例中,公司AP对应的参数类型可以具体为:AP操作 系统、AP开放端口、用户访问量、用户在线时间、分配的网段、MAC地址、AP管理页面的页面内容以及AP登录页面的页面内容。其中,用户在线时间为接入公司AP的用户接入时间和退出时间。Therefore, in the embodiment of the present disclosure, the parameter type corresponding to the company AP may be specifically: the AP operating system, the AP open port, the user access amount, the user online time, the allocated network segment, the MAC address, the page content of the AP management page, and the AP. The page content of the login page. The online time of the user is the user access time and the exit time of the access company AP.
公司AP的计算方案则具体为:AP操作系统对应20分、AP开放端口对应20分、用户访问量对应10分、用户在线时间对应20分、分配的网段对应10分、MAC地址对应10分、AP管理页面的页面内容对应10分以及AP登录页面的页面内容对应10分。其中,由于公司AP发送钓鱼的可能性较低,因此公司AP的基准分,在本公开实施例中,例如为100分。The calculation scheme of the AP is as follows: the AP operating system corresponds to 20 points, the AP open port corresponds to 20 points, the user access amount corresponds to 10 points, the user online time corresponds to 20 points, the allocated network segment corresponds to 10 points, and the MAC address corresponds to 10 points. The page content of the AP management page corresponds to 10 points and the page content of the AP login page corresponds to 10 points. The reference score of the company AP in the embodiment of the present disclosure is, for example, 100 points, because the possibility that the company AP sends the phishing is low.
公司AP的预设分数为80分。The AP's default score is 80 points.
由于本公开实施例中不同AP所对应的参数类型和安全测试方案不完全相同,因此,在S101中,需要根据待检测无线接入点AP的类型,确定待检测AP的目标参数类型和安全测试方案。Because the parameter types and the security test schemes of the different APs in the embodiment of the present disclosure are not completely the same, in S101, the target parameter type and security test of the AP to be detected are determined according to the type of the AP to be detected. Program.
具体来讲,为了确定待检测AP的类型,在S101之前,还包括:Specifically, in order to determine the type of the AP to be detected, before S101, the method further includes:
对待检测AP进行检测,获得表示待检测AP的类型的第二参数;Performing detection on the detecting AP to obtain a second parameter indicating the type of the AP to be detected;
基于第二参数,确定待检测AP的类型。Based on the second parameter, the type of the AP to be detected is determined.
具体来讲,第二参数为能够表示AP的类型的参数,包括但不限于AP的安全属性、用户访问量、位置等。对待检测AP检测,进而获取待检测AP的第二参数,然后基于第二参数确定待检测AP的类型。Specifically, the second parameter is a parameter that can indicate the type of the AP, including but not limited to the security attribute of the AP, the amount of user access, the location, and the like. The detection of the AP is detected, and then the second parameter of the AP to be detected is obtained, and then the type of the AP to be detected is determined based on the second parameter.
具体来讲,根据不同的第二参数,确定待检测AP的类型有所不同,下面将介绍其中几种。在具体实现过程中,包括但不限于以下几种方式。Specifically, according to different second parameters, it is determined that the types of APs to be detected are different, and several of them will be described below. In the specific implementation process, including but not limited to the following ways.
第1种:判断待检测AP的安全属性是否为OPEN。如果待检测AP的安全属性为OPEN,则确定待检测AP的类型为公共AP,如果待检测AP的安全属性不为OPEN,则判断待检测AP为私人AP或者公司AP。The first type: determines whether the security attribute of the AP to be detected is OPEN. If the security attribute of the AP to be detected is OPEN, it is determined that the type of the AP to be detected is a public AP. If the security attribute of the AP to be detected is not OPEN, it is determined that the AP to be detected is a private AP or a company AP.
第2种:判断待检测AP的用户访问量在公共AP的范围,公司AP的范围或私人AP的范围中。如果待检测AP的用户访问量在公共AP的范围中,则确定待检测AP为公共AP;如果待检测AP的用户访问量在公司AP的范围中,则确定待检测AP为公司AP;如果待检测AP的用户访问量在私人AP的范围中,则确定待检测AP为私人AP。The second type: determining the user access amount of the AP to be detected is in the range of the public AP, the range of the company AP, or the range of the private AP. If the user access amount of the AP to be detected is in the range of the public AP, it is determined that the AP to be detected is a public AP; if the user access amount of the AP to be detected is in the range of the company AP, it is determined that the AP to be detected is a company AP; When the user access amount of the AP is detected in the range of the private AP, it is determined that the AP to be detected is a private AP.
在具体实现过程中,可以设置公共AP的范围大于公司AP的范围,且公式AP的范围大于私人AP的范围。例如公共AP的范围为大于500的范围, 公司AP的范围为大于30小于等于500的范围,私人AP的范围为大于等于0小于等于30的范围。In a specific implementation process, the range of the public AP may be set to be larger than the range of the company AP, and the range of the formula AP is larger than the range of the private AP. For example, the range of the public AP is greater than 500, the range of the company AP is greater than 30 and less than or equal to 500, and the range of the private AP is greater than or equal to 0 and less than or equal to 30.
第3种:判断待检测AP的位置是否在公共场所区域或非公共场所区域。如果待检测AP的位置在公共场所区域中,则确定待检测AP为公共AP或公司AP;如果待检测AP的位置在非公共场所区域中,则确定待检测AP为私人AP。公共场所区域例如为商城、写字楼、广场和步行街等区域,非公共场所区域例如为住宅、居民居住区等,本公开所属领域的普通技术人员可以根基实际进行设置,本公开不做具体限制。The third type: determining whether the location of the AP to be detected is in a public area or a non-public area. If the location of the AP to be detected is in the public area, it is determined that the AP to be detected is a public AP or a company AP; if the location of the AP to be detected is in the non-public area, it is determined that the AP to be detected is a private AP. The public area is, for example, a shopping mall, an office building, a plaza, a pedestrian street, and the like. The non-public area is, for example, a residential area, a residential area, and the like. The person skilled in the art to which the present disclosure pertains may be physically set. The present disclosure is not specifically limited.
第4种:判断待检测AP的用户在线时间在工作时间内的比重是否达到第一阈值。如果待检测AP的用户在线时间在工作时间内的比重达到第一阈值,则确定待检测AP为公司AP;如果待检测AP的用户在线时间在工作时间内的比重未达到第一阈值,则确定待检测AP为公共AP或私人AP。其中,工作时间例如为8:00~17:00,或者9:00~19:00等,本公开不做具体限制。The fourth type: determining whether the proportion of the online time of the user to be detected in the working time reaches the first threshold. If the proportion of the user's online time in the working time reaches the first threshold, the AP to be detected is determined to be the company AP; if the proportion of the online time of the user to be detected in the working time does not reach the first threshold, then it is determined. The AP to be detected is a public AP or a private AP. The working time is, for example, 8:00 to 17:00, or 9:00 to 19:00, and the like, and the present disclosure is not specifically limited.
举例来说,假设工作时间为8:00~17:00,第一阈值为75%。待检测AP的所有用户在线时间中,有85%的用户在线时间在工作时间内,达到第一阈值,因此确定待检测AP为公司AP。待检测AP的所有用户在线时间中,有20%的用户在线时间在工作时间内,未达到第一阈值,因此确定待检测AP为公共AP或私人AP。For example, assume that the working time is 8:00 to 17:00 and the first threshold is 75%. During the online time of all the users of the AP to be detected, 85% of the online time of the user is within the working time, and the first threshold is reached. Therefore, it is determined that the AP to be detected is a company AP. In the online time of all the users of the AP to be detected, 20% of the online time of the user is within the working time, and the first threshold is not reached. Therefore, it is determined that the AP to be detected is a public AP or a private AP.
第5种:结合第2种和第3种,判断待检测AP的用户访问量在公共AP的范围,公司AP的范围或私人AP的范围中,以及待检测AP的位置是否在公共场所区域或非公共场所区域。如果待检测AP的用户访问量在公共AP的范围中,且位置在公共场所区域,则确定待检测AP为公共AP;如果待检测AP的用户访问量在公司AP的范围中,且位置在公共场所区域中,则确定待检测AP为公司AP;如果待检测AP的用户访问量在私人AP的范围中,且位置在非公共场所区域中,则确定待检测AP为私人AP。The fifth type: combining the second type and the third type, determining whether the user access amount of the AP to be detected is in the range of the public AP, the range of the company AP or the range of the private AP, and whether the location of the AP to be detected is in the public area or Non-public area. If the user access amount of the AP to be detected is in the range of the public AP, and the location is in the public area, it is determined that the AP to be detected is a public AP; if the user access amount of the AP to be detected is in the range of the company AP, and the location is in the public In the location area, the AP to be detected is determined to be a corporate AP. If the user access volume of the AP to be detected is in the range of the private AP and the location is in the non-public area, the AP to be detected is determined to be a private AP.
第6种:结合第2种、第3种和第4种,判断待检测AP的用户访问量在公共AP的范围、公司AP的范围或私人AP的范围中,待检测AP的位置是否在公共场所区域或非公共场所区域,以及待检测AP的用户在线时间在工作时间内的比重是否达到第一阈值。如果待检测AP的用户访问量在公共AP的范围中,且位置在公共场所区域,然而用户在线时间在工作时间内的 比重未达到第一阈值,则确定待检测AP为公共AP;如果待检测AP的用户访问量在公司AP的范围中,位置在公共场所区域中,且用户在线时间在工作时间内的比重达到第一阈值,则确定待检测AP为公司AP;如果待检测AP的用户访问量在私人AP的范围中,且位置在非公共场所区域中,然而用户在线时间在工作时间内的比重未达到第一阈值,则确定待检测AP为私人AP。The sixth type: in combination with the second type, the third type, and the fourth type, determines whether the user access amount of the AP to be detected is in the range of the public AP, the range of the company AP, or the range of the private AP, and whether the location of the AP to be detected is in the public. Whether the proportion of the online time of the user or the non-public area of the AP and the online time of the AP to be detected during the working time reaches the first threshold. If the user access amount of the AP to be detected is in the range of the public AP, and the location is in the public area, but the proportion of the online time of the user in the working time does not reach the first threshold, it is determined that the AP to be detected is a public AP; If the user access of the AP is in the range of the AP, the location is in the public area, and the proportion of the user's online time in the working time reaches the first threshold, the AP to be detected is determined to be the company AP; The amount is in the range of the private AP, and the location is in the non-public area. However, if the proportion of the online time of the user in the working time does not reach the first threshold, it is determined that the AP to be detected is a private AP.
在具体实现过程中,本公开所属领域的普通技术人员可以根据选择上述6种方式中的任意一种,或者其他方式,本公开不做具体限制。In the specific implementation process, one of ordinary skill in the art to which the present disclosure belongs may select any one of the above six manners, or other manners, and the present disclosure is not specifically limited.
另外,在本公开实施例中,S101至S105的执行主体可以为UE本身,也可以为与UE连接的服务器。当执行主体为UE时,则UE可以从服务器下载不同AP的类型所对应的参数类型和安全测试方案,进而在检测出待检测AP的第二参数,并基于第二参数确定待检测AP的类型后,根据下载得到的参数类型和安全测试方案确定出待检测AP对应的目标参数类型和安全测试方案。当执行主体为服务器时,则服务器获得UE对待检测AP检测且上报的第二参数,进而基于UE上报的第二参数确定待检测AP的类型,并确定待检测AP对应的目标参数类型和安全测试方案,然后再向UE下发目标参数类型。在具体实现过程中,本公开所属领域的普通技术人员可以根据实际选择执行主体,本公开不做具体限制。In addition, in the embodiment of the present disclosure, the execution body of S101 to S105 may be the UE itself, or may be a server connected to the UE. When the executor is the UE, the UE may download the parameter type and the security test plan corresponding to the type of the AP from the server, and then detect the second parameter of the AP to be detected, and determine the type of the AP to be detected based on the second parameter. After that, according to the parameter type and the security test plan obtained by the download, the target parameter type and the security test plan corresponding to the AP to be detected are determined. When the executor is the server, the server obtains the second parameter that the UE detects and reports the AP, and determines the type of the AP to be detected based on the second parameter reported by the UE, and determines the target parameter type and security test corresponding to the AP to be detected. The solution then delivers the target parameter type to the UE. In the specific implementation process, a person of ordinary skill in the art to which the present disclosure belongs may perform the subject according to the actual selection, and the disclosure is not specifically limited.
进一步,无论执行主体为UE或服务器,在S102中,UE进一步基于目标参数类型,对待检测AP进行检测,进而获得目标参数类型的第一参数。具体来讲,本公开实施例中的第一参数为目标参数类型的具体参数。举例来说,假设目标参数类型具体为AP操作系统,AP开放端口和用户访问量,则UE对AP操作系统,AP开放端口和用户访问量进行检测,进而获得第一参数“**;80,50,04;3”。其中,为了方便描述,本公开实施例以“**”表示操作系统代码。其中,**为目标参数类型AP操作系统的参数。80,50,04为目标参数类型开放端口的参数,表示待检测AP的AP设备开放的操作端口包括80端口,50端口和04端口。3为目标参数类型的参数,表示待检测AP的用户有3个。Further, regardless of whether the execution subject is a UE or a server, in S102, the UE further detects the AP to be detected based on the target parameter type, thereby obtaining the first parameter of the target parameter type. Specifically, the first parameter in the embodiment of the present disclosure is a specific parameter of the target parameter type. For example, if the target parameter type is specifically the AP operating system, the AP open port, and the user access amount, the UE detects the AP operating system, the AP open port, and the user access amount, and obtains the first parameter “**; 80, 50,04;3". Here, for convenience of description, the embodiment of the present disclosure denotes an operating system code by "**". Where ** is the parameter of the target parameter type AP operating system. 80, 50, and 04 are the parameters of the open port of the target parameter type. The operating ports of the AP device that are to be detected are 80 ports, 50 ports, and 04 ports. 3 is a parameter of the target parameter type, indicating that there are three users of the AP to be detected.
在本公开实施例中,如果执行主体为UE,则UE检测出第一参数后,就获取了第一参数。如果执行主体为服务器,则服务器获得第一参数具体为接 收UE检测并上报的第一参数。In the embodiment of the present disclosure, if the execution subject is the UE, the UE acquires the first parameter after detecting the first parameter. If the execution entity is a server, the server obtains the first parameter specifically for receiving the first parameter detected and reported by the UE.
接下来,获得第一参数后,执行S103,即基于第一参数和计算方案,计算出待检测AP的安全分数。然后,在S104中,判断待检测AP的安全分数是否达到预设分数,具体为比较待检测AP的安全分数是否大于等于预设分数。如果待检测AP的安全分数达到预设分数,则表示待检测AP风险小,为安全AP;反之,如果待检测AP的安全分数未达到预设分数,则表示待检测不安全,存在风险。Next, after the first parameter is obtained, S103 is performed, that is, the security score of the AP to be detected is calculated based on the first parameter and the calculation scheme. Then, in S104, it is determined whether the security score of the AP to be detected reaches a preset score, specifically whether the security score of the AP to be detected is greater than or equal to the preset score. If the security score of the AP to be detected reaches the preset score, it indicates that the risk of the AP to be detected is small and is a secure AP. Conversely, if the security score of the AP to be detected does not reach the preset score, it indicates that the to-be-detected is unsafe and there is a risk.
由上述实施例中的方案,针对不同AP检测不同的目标参数类型,执行不同的计算方案,并设置不同的预设分数,所以就实现了根据不同类型的AP以不同的方式检测风险,所以提高了对不同类型的AP检测风险的准确率。According to the solution in the foregoing embodiment, different APs are configured to detect different target parameter types, perform different calculation schemes, and set different preset scores. Therefore, it is implemented to detect risks according to different types of APs in different manners, so The accuracy of detecting risks for different types of APs.
下面对如何计算待检测AP的安全分数进行具体介绍。The following describes how to calculate the security score of the AP to be detected.
在一种可选的实施例中,待检测AP至少为公共AP或私人AP中的任一种。进一步,待检测AP还可以为公司AP。In an optional embodiment, the AP to be detected is at least one of a public AP or a private AP. Further, the AP to be detected may also be a company AP.
具体来讲,当待检测AP的类型具体为公共AP时,目标参数类型至少包括AP操作系统和AP开放端口,第一参数为第一操作系统和第一开放端口,S103则具体通过如下过程实现:Specifically, when the type of the AP to be detected is specifically a public AP, the target parameter type includes at least an AP operating system and an AP open port, and the first parameter is the first operating system and the first open port, and the S103 is specifically implemented by the following process. :
判断待检测AP的第一操作系统是否为用户终端系统;Determining whether the first operating system of the AP to be detected is a user terminal system;
当待检测AP的第一操作系统为用户终端系统时,从公共AP基准分中减去AP操作系统对应的分值;When the first operating system of the AP to be detected is the user terminal system, the score corresponding to the AP operating system is subtracted from the public AP reference score;
判断待检测AP的第一开放端口中是否包括用户终端端口;Determining whether the user terminal port is included in the first open port of the AP to be detected;
当待检测AP的第一发放端口中包括用户终端端口时,从公共AP基准分中减去AP开放端口对应的分值。When the first issuing port of the AP to be detected includes the user terminal port, the score corresponding to the AP open port is subtracted from the public AP reference score.
具体来讲,本公开实施例中的用户终端系统为用户终端使用的系统,例如Linux系统、Windows系统、Mac系统和安卓系统等。用户终端端口为AP设备为用户终端提供的网关开放端口,例如TP-LINK的21端口和04端口等。Specifically, the user terminal system in the embodiment of the present disclosure is a system used by the user terminal, such as a Linux system, a Windows system, a Mac system, and an Android system. The user terminal port is a gateway open port provided by the AP device for the user terminal, for example, port 21 and port 04 of the TP-LINK.
通常安全的AP,AP操作系统并不是用户终端系统,而是AP设备专用的系统,所以如果待检测AP的AP操作系统为用户终端系统,那么待检测AP可能是由用户终端模仿的,因此存在风险。另外,安全的AP通常为用户提供的开放端口是固定,例如TP-LINK会向UE提供80端口进行路由器配置和管理,67端口和68端口进行网络基本配置,53端口进行DNS查询服务。 安全的AP并不会开放用户终端端口。所以,如果待检测AP开放了用户终端端口,则表示待检测AP与安全AP异常,存在钓鱼风险。Generally, the AP is not a user terminal system but a system dedicated to the AP. Therefore, if the AP operating system of the AP to be detected is a user terminal system, the AP to be detected may be simulated by the user terminal. risk. In addition, the secure AP usually provides the user with an open port. For example, TP-LINK will provide 80 ports for router configuration and management, 67 ports and 68 ports for basic network configuration, and port 53 for DNS query service. A secure AP does not open a user terminal port. Therefore, if the AP to be detected is open to the user terminal port, it indicates that the AP to be detected and the security AP are abnormal, and there is a risk of phishing.
因此,当待检测AP为公共AP时,需要判断待检测AP的第一操作系统是否为用户终端系统。第一操作系统为检测到的待检测AP的具体操作系统。判断第一系统是否为用户终端系统的方法为将第一系统与多个用户终端系统的特征进行匹配,如果第一系统与其中一个用户终端系统的特征匹配,则判断第一系统为用户终端系统。而如果第一系统为所有用户终端系统的特征均不匹配,则判断第一系统不为用户终端系统。当待检测AP的第一操作系统为用户终端系统时,从公共AP基准分中减去AP操作系统对应的分值。Therefore, when the AP to be detected is a public AP, it is required to determine whether the first operating system of the AP to be detected is a user terminal system. The first operating system is a specific operating system of the detected AP to be detected. The method for determining whether the first system is a user terminal system is to match the characteristics of the first system with the plurality of user terminal systems, and if the first system matches the features of one of the user terminal systems, determining that the first system is a user terminal system . If the first system does not match the features of all user terminal systems, it is determined that the first system is not the user terminal system. When the first operating system of the AP to be detected is the user terminal system, the score corresponding to the AP operating system is subtracted from the public AP reference score.
另外,还需要判断待检测AP的第一开放端口中是否包括用户终端端口。第一开放端口为待检测AP具体开放的端口。假设用户终端端口为21端口和04端口,则判断第一开放端口中是否包括21端口和/或04端口。当待检测AP的第一发放端口中包括用户终端端口时,从公共AP基准分中减去AP开放端口对应的分值。In addition, it is also required to determine whether the user terminal port is included in the first open port of the AP to be detected. The first open port is a port that is specifically opened for the AP to be detected. Assuming that the user terminal port is the 21 port and the 04 port, it is determined whether the 21 port and/or the 04 port are included in the first open port. When the first issuing port of the AP to be detected includes the user terminal port, the score corresponding to the AP open port is subtracted from the public AP reference score.
举例来讲,假设第一操作系统为“**”,第一开放端口为80、60和21,公共AP的基准分为50分,AP操作系统对应的分值为10分,AP开放端口对应的分值为10份,预设分数为45分。通过匹配,确定第一操作系统“**”为安卓系统,为用户终端系统,第一开放端口中21为用户终端端口,所以从基准分50分中共减去20分,最终得到待检测AP的安全分数30分。由于待检测AP的安全分数30分未达到预设分数45分,所以确定待检测AP存在风险。For example, if the first operating system is "**", the first open port is 80, 60, and 21, the public AP's reference is 50 points, and the AP operating system's score is 10 points. The AP open port corresponds to The score is 10 and the default score is 45. By matching, it is determined that the first operating system "**" is an Android system, which is a user terminal system, and 21 of the first open port is a user terminal port, so 20 points are subtracted from the benchmark score of 50 points, and finally the AP to be detected is obtained. The safety score is 30 points. Since the security score of the AP to be detected does not reach the preset score of 45 points, it is determined that the AP to be detected is at risk.
另外,再沿用上文中的例子来说,待检测AP为公共AP时,目标参数类型为:AP操作系统、AP开放端口、位置、用户访问量、生产商、DNS服务器名称、分配的网段、MAC地址、AP管理页面的页面内容以及AP登录页面的页面内容。In addition, in the example above, when the AP to be detected is a public AP, the target parameter types are: AP operating system, AP open port, location, user access amount, manufacturer, DNS server name, allocated network segment, The MAC address, the page content of the AP management page, and the page content of the AP login page.
第一参数为:**(AP操作系统);80、60和21(AP开放端口);王府井步行街(位置);10(用户访问量);ABC(生产商);DEF(DNS服务器名称);11.0.0.0~11.0.0.100(分配的网段);58:66:ba:6e:57:20(MAC地址)。The first parameters are: ** (AP operating system); 80, 60 and 21 (AP open port); Wangfujing Pedestrian Street (location); 10 (user access); ABC (producer); DEF (DNS server name) ;11.0.0.0~11.0.0.100 (assigned network segment); 58:66:ba:6e:57:20 (MAC address).
AP操作系统对应5分、AP开放端口对应5分、位置对应2分、用户访 问量对应2分、生产商对应3分、DNS服务器名称对应1分、分配的网段对应3分、MAC地址对应3分、AP管理页面的页面内容对应2分,AP登录页面的页面内容对应2分。公共AP的基准分为50分,预设分数为40分The AP operating system corresponds to 5 points, the AP open port corresponds to 5 points, the location corresponds to 2 points, the user access amount corresponds to 2 points, the manufacturer corresponds to 3 points, the DNS server name corresponds to 1 point, the allocated network segment corresponds to 3 points, and the MAC address corresponds to 3 points, the page content of the AP management page corresponds to 2 points, and the page content of the AP login page corresponds to 2 points. The public AP's benchmark is divided into 50 points and the default score is 40 points.
通过匹配,确定第一操作系统“**”为安卓系统,为用户终端系统,所以从基准分50分中减去5分。第一开放端口中21为用户终端端口,所以从基准分50分中减去5分。第一开放端口中21为用户终端端口,所以从基准分50分中减去5分。王府井步行街属于公共场所区域,所以不需要减去位置对应的分值。用户访问量未达到大于500的范围,所以从基准分钟减去2分。生产商ABC不是公共AP已知的生产商,所以从基准分中减去3分。DNS服务器名称DEF与公共AP的所有已知的安全DNS服务器名称均不一致,所以从基准分中减去1分。分配的网段范围较小,未达到256~65534个子网数,所以从基准分中减去3分。MAC地址58:66:ba:6e:57:20与公共AP的已知的其中一个安全MAC地址一致,所以不需要减去MAC地址对应的分值。对于AP管理页面的页面内容以及AP登录页面的页面内容此处就不再详细描述了,并假设AP管理页面的页面内容以及AP登录页面的页面内容与预设的安全AP管理页面的页面内容以及安全AP登录页面的页面内容一致,所以不需要减去AP管理页面的页面内容以及AP登录页面的页面内容对应的分值。By matching, it is determined that the first operating system "**" is an Android system and is a user terminal system, so 5 points are subtracted from the benchmark score of 50 points. 21 of the first open port is a user terminal port, so 5 points are subtracted from the benchmark score of 50 points. 21 of the first open port is a user terminal port, so 5 points are subtracted from the benchmark score of 50 points. Wangfujing Pedestrian Street belongs to the public area, so it is not necessary to subtract the score corresponding to the location. User traffic does not reach a range greater than 500, so 2 points are subtracted from the benchmark minutes. Producer ABC is not a known manufacturer of public APs, so 3 points are subtracted from the benchmark. The DNS server name DEF is inconsistent with all known secure DNS server names of the public AP, so 1 point is subtracted from the benchmark score. The allocated network segment has a small range and does not reach the number of 256 to 65534 subnets, so 3 points are subtracted from the reference score. The MAC address 58:66:ba:6e:57:20 is consistent with one of the known secure MAC addresses of the public AP, so there is no need to subtract the score corresponding to the MAC address. The page content of the AP management page and the page content of the AP login page are not described in detail here, and the page content of the AP management page and the page content of the AP login page and the page content of the preset secure AP management page are The content of the page of the secure AP login page is the same, so you do not need to subtract the page content of the AP management page and the score corresponding to the page content of the AP login page.
因此,安全分数=50-5-5-5-2-3-1-3=26。Therefore, the safety score = 50-5-5-5-2-3-1-3=26.
由于安全分数未达到预设分数40分,因此确定待检测AP存在风险。Since the security score does not reach the preset score of 40 points, it is determined that the AP to be detected is at risk.
另外,当待检测AP的类型具体为私人AP时,目标参数类型则至少包括AP开放端口和历史连接用户,第一参数为第二端口和第二用户,S103则具体通过如下过程实现:In addition, when the type of the AP to be detected is specifically a private AP, the target parameter type includes at least an AP open port and a historical connection user, and the first parameter is the second port and the second user, and S103 is specifically implemented by the following process:
判断待检测AP的第二端口中是否包括非私人AP属性端口;Determining whether a non-private AP attribute port is included in the second port of the AP to be detected;
当待检测AP的第二开放端口中包括非私人AP属性端口时,从私人AP基准分中减去AP开放端口对应的分值;When the second open port of the AP to be detected includes the non-private AP attribute port, the score corresponding to the AP open port is subtracted from the private AP reference point;
判断第二用户中是否包括不具有连接待检测AP权限的用户;Determining whether the second user includes a user who does not have the right to connect to the AP to be detected;
当待检测AP的第二用户中包括不具有连接待检测AP权限的用户时,从私人AP基准分中减去历史连接用户对应的分值。When the second user of the AP to be detected includes a user who does not have the right to connect to the AP to be detected, the score corresponding to the historical connection user is subtracted from the private AP reference score.
具体来讲,本公开实施例中的非私人AP属性端口,例如为21端口、04 端口等通常不会为私人AP的路由设备所开放的端口Specifically, the non-private AP attribute port in the embodiment of the present disclosure is, for example, a port that is not normally opened by a routing device of a private AP, such as a port 21 or a 04 port.
通常安全的私人AP开放的端口包括80端口、67端口、68端口和53端口等,不包括非私人AP属性端口。所以,如果待检测AP开放了非私人AP属性端口,则表示待检测AP与安全AP异常,存在钓鱼风险。另外,私人AP一般仅供具有连接AP权限的用户使用,例如家人、朋友等,因此,如果历史连接用户中存在不具有连接权限的用户时,则表示待检测AP已经被他人攻击。所以,历史连接用户中存在不具有连接权限的用户时,则表示待检测AP存在风险。The ports that are usually secure private APs include ports 80, 67, 68, and 53, and do not include non-private AP attribute ports. Therefore, if the AP to be detected opens a non-private AP attribute port, it indicates that the AP to be detected and the security AP are abnormal, and there is a risk of phishing. In addition, the private AP is generally only used by users who have the right to connect to the AP, such as family members, friends, etc. Therefore, if there is a user who does not have the connection right among the historical connection users, it means that the AP to be detected has been attacked by others. Therefore, when there is a user who does not have the connection right among the historical connection users, it indicates that the AP to be detected is at risk.
因此,当待检测AP为私人AP时,需要判断待检测AP的第二开放端口中是否包括非私人AP属性端口。第二开放端口为待检测AP具体开放的端口。假设非私人AP属性端口为21端口和04端口,则判断第二开放端口中是否包括21端口和/或04端口。当待检测AP的第二发放端口中包括非私人AP属性端口时,从公共AP基准分中减去AP开放端口对应的分值。Therefore, when the AP to be detected is a private AP, it is required to determine whether the non-private AP attribute port is included in the second open port of the AP to be detected. The second open port is a port that is specifically opened for the AP to be detected. Assuming that the non-private AP attribute port is port 21 and port 04, it is determined whether the port 21 and/or port 04 are included in the second open port. When the non-private AP attribute port is included in the second issuing port of the AP to be detected, the score corresponding to the AP open port is subtracted from the public AP reference point.
另外,还需要判断第二用户中是否包括不具有连接待检测AP权限的用户。具体来讲,可以预先存储具有连接待检测AP权限的安全用户名单,然后基于安全用户名单,判断历史连接用户是否在安全用户名单中。如果有不在安全用户名单中的历史连接用户,则表示第二用户中包括不具有连接待检测AP权限的用户,因此从私人AP基准分中减去历史连接用户对应的分值。In addition, it is also necessary to determine whether the second user includes a user who does not have the right to connect to the AP to be detected. Specifically, the security user list with the right to connect to the AP to be detected may be pre-stored, and then the historical connection user is determined to be in the security user list based on the security user list. If there is a historical connection user that is not in the security user list, it indicates that the second user includes a user who does not have the right to connect to the AP to be detected, so the score corresponding to the historical connection user is subtracted from the private AP reference score.
举例来讲,假设第二开放端口为80、60和21,历史连接用户为a,b,c和d,私人AP的基准分为100分,AP开放端口对应的分值为10分,历史连接用户对应的分值为20分,预设分数为80分。第二开放端口中21为非私人属性端口,所以从基准分100分中减去20分。安全用户名单为a,b,c,e,因此历史连接用户d未在安全用户名单中,所以从基准分100分中减去10分。最终得到待检测AP的安全分数70分。由于待检测AP的安全分数70分未达到预设分数80分,所以确定待检测AP存在风险。For example, suppose the second open port is 80, 60, and 21, the historical connection users are a, b, c, and d, the private AP's reference is divided into 100 points, and the AP open port corresponds to a score of 10, and the historical connection is The user's score is 20 points and the default score is 80 points. 21 of the second open port is a non-private attribute port, so 20 points are subtracted from the benchmark score of 100 points. The list of security users is a, b, c, and e. Therefore, the historical connection user d is not in the security user list, so 10 points are subtracted from the benchmark score of 100 points. Finally, the security score of the AP to be detected is 70 points. Since the security score of the AP to be detected does not reach the preset score of 80 points, it is determined that the AP to be detected is at risk.
另外,再沿用上文中的例子来说,待检测AP为私人AP时,目标参数类型为:AP开放的端口、历史连接用户、AP操作系统、分配的网段、MAC地址、AP管理页面的页面内容以及AP登录页面的页面内容。In addition, in the example above, when the AP to be detected is a private AP, the target parameter types are: an AP open port, a historical connection user, an AP operating system, an allocated network segment, a MAC address, and an AP management page. Content and page content of the AP login page.
第一参数为:80、60和21(AP开放端口);a,b,c,d(历史连接用户);**(AP操作系统);192.168.0.0-192.168.0.10(分配的网段);5c: ad:cf:46:b8:af(MAC地址)。The first parameters are: 80, 60, and 21 (AP open ports); a, b, c, d (historical connection users); ** (AP operating system); 192.168.0.0-192.168.0.10 (assigned network segments) ;5c: ad:cf:46:b8:af (MAC address).
AP开放端口对应20分、历史连接用户对应10分、AP操作系统对应20分、分配的网段对应20分、MAC地址对应10分、AP管理页面的页面内容对应10分,AP登录页面的页面内容对应10分。私人AP的基准分为100分,预设分数为80分。The AP open port corresponds to 20 points, the historical connection user corresponds to 10 points, the AP operating system corresponds to 20 points, the assigned network segment corresponds to 20 points, the MAC address corresponds to 10 points, and the page content of the AP management page corresponds to 10 points. The page of the AP login page The content corresponds to 10 points. The private AP's benchmark is divided into 100 points and the default score is 80 points.
通过匹配,确定第一操作系统“**”为安卓系统,为用户终端系统,所以从基准分100分中减去20分。第一开放端口中21为非私人AP属性端口,所以从基准分100分中减去20分。分配的网段范围较小,未达到255,所以从基准分中减去20分。MAC地址5c:ad:cf:46:b8:af与待检测AP的预设MAC地址一致,所以不需要减去MAC地址对应的分值。对于AP管理页面的页面内容以及AP登录页面的页面内容此处就不再详细描述了,并假设AP管理页面的页面内容以及AP登录页面的页面内容与预设的安全AP管理页面的页面内容以及安全AP登录页面的页面内容一致,所以不需要减去AP管理页面的页面内容以及AP登录页面的页面内容对应的分值。By matching, it is determined that the first operating system "**" is an Android system, which is a user terminal system, so 20 points are subtracted from the benchmark score of 100 points. 21 of the first open port is a non-private AP attribute port, so 20 points are subtracted from the benchmark score of 100 points. The allocated network segment has a small range and does not reach 255, so 20 points are subtracted from the benchmark score. The MAC address 5c:ad:cf:46:b8:af is the same as the preset MAC address of the AP to be detected, so it is not necessary to subtract the score corresponding to the MAC address. The page content of the AP management page and the page content of the AP login page are not described in detail here, and the page content of the AP management page and the page content of the AP login page and the page content of the preset secure AP management page are The content of the page of the secure AP login page is the same, so you do not need to subtract the page content of the AP management page and the score corresponding to the page content of the AP login page.
因此,安全分数=100-20-20-20=40。Therefore, the safety score = 100-20-20-20 = 40.
由于安全分数未达到预设分数80分,因此确定待检测AP存在风险。Since the security score does not reach the preset score of 80 points, it is determined that the AP to be detected is at risk.
另外,对于AP的类型为公司AP,按照与上述描述类似方式计算安全分数,并与公司AP对应的预设分数进行比较即可。本领域技术人员基于上述描述,可以在不付出创造性劳动的情况下得到检测公司AP的具体实施方式,此处就不再详细赘述了。In addition, for the type of the AP being a company AP, the security score is calculated in a manner similar to that described above, and compared with the preset score corresponding to the company AP. Based on the above description, a person skilled in the art can obtain a specific implementation manner of the detecting company AP without paying creative labor, and details are not described herein again.
基于与前述实施例中AP风险检测的方法同样的公开构思,本公开第二方面还提供一种AP风险检测的装置结构示意图,如图2所示,包括:Based on the same disclosure concept as the AP risk detection method in the foregoing embodiment, the second aspect of the present disclosure further provides a schematic structural diagram of an AP risk detection apparatus, as shown in FIG. 2, including:
第一确定模块101,用于根据待检测无线接入点AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,安全测试方案包括表示基于目标参数类型的参数而计算待检测AP的安全分数的计算方案和表示待检测AP安全的预设分数;其中,不同AP的类型所对应的参数类型和安全测试方案不完全相同;The first determining module 101 is configured to determine, according to the type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test plan, where the security test solution includes calculating a parameter to be detected based on the parameter of the target parameter type The calculation scheme of the security score of the AP and the preset score indicating the security of the AP to be detected; wherein the parameter types and security test schemes corresponding to the types of different APs are not completely the same;
第一获得模块102,用于根据目标参数类型对待检测AP进行检测,获得目标参数类型的第一参数;The first obtaining module 102 is configured to detect the AP to be detected according to the target parameter type, and obtain a first parameter of the target parameter type;
计算模块103,用于基于第一参数和计算方案,计算待检测AP的安全 分数;The calculating module 103 is configured to calculate a safety score of the AP to be detected based on the first parameter and the calculation scheme;
判断模块104,用于判断待检测AP的安全分数是否达到预设分数;The determining module 104 is configured to determine whether the security score of the AP to be detected reaches a preset score;
第二确定模块105,用于当待检测AP的安全分数未达到预设分数时,确定待检测AP存在风险。The second determining module 105 is configured to determine that the AP to be detected is at risk when the security score of the AP to be detected does not reach the preset score.
进一步,本公开实施例中的装置还包括:Further, the device in the embodiment of the present disclosure further includes:
第二获得模块,用于在确定需要获得的待检测AP的目标参数类型以及安全测试方案之前,对待检测AP进行检测,获得表示待检测AP的类型的第二参数;a second obtaining module, configured to: before determining a target parameter type of the AP to be detected that needs to be obtained and a security test solution, detecting the AP to be detected, and obtaining a second parameter indicating a type of the AP to be detected;
第三确定模块,用于基于第二参数,确定待检测AP的类型。The third determining module is configured to determine a type of the AP to be detected based on the second parameter.
具体来讲,当待检测AP的类型为公共AP时,目标参数类型至少包括AP操作系统和AP开放端口,第一参数为第一操作系统和第一开放端口,计算模块104用于判断待检测AP的第一操作系统是否为用户终端系统;当待检测AP的第一操作系统为用户终端系统时,从公共AP基准分中减去AP操作系统对应的分值;判断待检测AP的第一开放端口中是否包括用户终端端口;当待检测AP的第一发放端口中包括用户终端端口时,从公共AP基准分中减去AP开放端口对应的分值。Specifically, when the type of the AP to be detected is a public AP, the target parameter type includes at least an AP operating system and an AP open port, where the first parameter is the first operating system and the first open port, and the calculating module 104 is configured to determine that the AP is to be detected. Whether the first operating system of the AP is a user terminal system; when the first operating system of the AP to be detected is a user terminal system, the score corresponding to the AP operating system is subtracted from the public AP reference score; and the first AP to be detected is determined. Whether the user terminal port is included in the open port; when the first issuing port of the AP to be detected includes the user terminal port, the score corresponding to the AP open port is subtracted from the public AP reference point.
或者,具体来讲,当待检测AP的类型为私人AP时,目标参数类型至少包括AP开放端口和历史连接用户,第一参数为第二端口和第二用户,计算模块104用于判断待检测AP的第二端口中是否包括非私人AP属性端口;当待检测AP的第二开放端口中包括非私人AP属性端口时,从私人AP基准分中减去AP开放端口对应的分值;判断第二用户中是否包括不具有连接待检测AP权限的用户;当待检测AP的第二用户中包括不具有连接待检测AP权限的用户时,从私人AP基准分中减去历史连接用户对应的分值。Or, specifically, when the type of the AP to be detected is a private AP, the target parameter type includes at least an AP open port and a historical connection user, and the first parameter is the second port and the second user, and the calculating module 104 is configured to determine that the AP is to be detected. Whether the non-private AP attribute port is included in the second port of the AP; when the second open port of the AP to be detected includes the non-private AP attribute port, the score corresponding to the AP open port is subtracted from the private AP reference point; Whether the second user includes the user who does not have the right to connect to the AP to be detected; when the second user of the AP to be detected includes the user who does not have the right to connect to the AP to be detected, the corresponding point of the historical connection user is subtracted from the private AP reference score. value.
前述图1实施例中的AP风险检测的方法的各种变化方式和具体实例同样适用于本实施例的AP风险检测的装置,通过前述对AP风险检测的方法的详细描述,本领域技术人员可以清楚的知道本实施例中AP风险检测的装置的实施方法,所以为了说明书的简洁,在此不再详述。The various changes and specific examples of the method for detecting the AP risk in the foregoing embodiment of FIG. 1 are also applicable to the device for detecting the AP risk in the embodiment. The foregoing detailed description of the method for detecting the AP risk may be used by those skilled in the art. The implementation method of the apparatus for AP risk detection in this embodiment is clearly known, so that the details of the description will not be described in detail herein.
本公开第三方面提供了一种计算机程序,图3示出了可以实现根据本公开的AP风险检测的方法的计算设备。该计算设备传统上包括处理器310和以存储设备320形式的计算机程序产品或者计算机可读介质。存储设备320 可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储设备320具有存储用于执行上述方法中的任何方法步骤的程序代码331的存储空间330。例如,存储程序代码的存储空间330可以包括分别用于实现上面的方法中的各种步骤的各个程序代码331。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘、紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为例如图4所示的便携式或者固定存储单元。该存储单元可以具有与图3的计算设备中的存储设备320类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括用于执行根据本公开的方法步骤的计算机可读代码331',即可以由诸如310之类的处理器读取的代码,当这些代码由计算设备运行时,导致该计算设备执行上面所描述的方法中的各个步骤。A third aspect of the present disclosure provides a computer program, and FIG. 3 illustrates a computing device that can implement the method of AP risk detection in accordance with the present disclosure. The computing device traditionally includes a processor 310 and a computer program product or computer readable medium in the form of a storage device 320. The storage device 320 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM. Storage device 320 has a storage space 330 that stores program code 331 for performing any of the method steps described above. For example, storage space 330 storing program code may include various program code 331 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as a hard disk, a compact disk (CD), a memory card, or a floppy disk. Such computer program products are typically portable or fixed storage units such as those shown in FIG. The storage unit may have storage segments, storage spaces, and the like that are similarly arranged to storage device 320 in the computing device of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes computer readable code 331' for performing the method steps in accordance with the present disclosure, ie, code that can be read by a processor, such as 310, which when executed by the computing device causes the computing device Perform the various steps in the method described above.
本公开实施例中的上述一个或多个技术方案,至少具有如下一种或多种技术效果:The above one or more technical solutions in the embodiments of the present disclosure have at least one or more of the following technical effects:
在本公开实施例的技术方案中,不同类型的AP类型对应不完全相同的目标类型参数和安全测试方案,因此首先根据待检测AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,安全测试方案包括表示基于目标参数类型的参数而计算待检测AP的安全分数的计算方案和表示待检测AP安全的预设分数,然后根据目标参数类型对待检测AP进行检测,获得目标参数类型的第一参数,接着基于第一参数和计算方案,计算待检测AP的安全分数,并判断待检测AP的安全分数是否达到预设分数,当待检测AP的安全分数未达到预设分数时,确定待检测AP存在风险。可见,在本公开实施例中,通过与待检测AP类型对应的目标参数类型的第一参数,并且对第一参数执行与待检测AP的类型对应的计算方案,并且最终按照待检测AP的类型对应的预设分数来确定该AP是否存在风险。由于不同类型的AP安全标准有所不同,所以,针对不同类型的AP检测不同的参数以及执行不同的计算方案来检测,故而使得最终的检测结果针对性更强也更精确。In the technical solutions of the embodiments of the present disclosure, different types of APs correspond to different target type parameters and security test schemes. Therefore, firstly, according to the type of the AP to be detected, the target parameter types and security of the AP to be detected need to be obtained. The test solution includes a calculation scheme for calculating a security score of the AP to be detected based on the parameter of the target parameter type, and a preset score indicating the security of the AP to be detected, and then detecting the AP to be detected according to the target parameter type, and obtaining the target parameter. And determining, according to the first parameter and the calculation scheme, the security score of the AP to be detected, and determining whether the security score of the AP to be detected reaches a preset score, when the security score of the AP to be detected does not reach the preset score. Determine the risk of the AP to be detected. It can be seen that, in the embodiment of the present disclosure, the first parameter of the target parameter type corresponding to the AP type to be detected is performed, and the calculation scheme corresponding to the type of the AP to be detected is performed on the first parameter, and finally according to the type of the AP to be detected. A corresponding preset score is used to determine whether the AP is at risk. Since different types of AP security standards are different, different types of APs are detected for different parameters and different calculation schemes are performed for detection, so that the final detection result is more targeted and more accurate.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述, 构造这类系统所要求的结构是显而易见的。此外,本公开也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本公开的内容,并且上面对特定语言所做的描述是为了披露本公开的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general purpose systems can also be used with the teaching based on the teachings herein. From the above description, the structure required to construct such a system is obvious. Moreover, the present disclosure is not directed to any particular programming language. It is to be understood that the subject matter of the present disclosure, which is described herein, may be described in a particular language.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本公开的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the present disclosure may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个公开方面中的一个或多个,在上面对本公开的示例性实施例的描述中,本公开的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本公开要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,公开方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本公开的单独实施例。In the description of the exemplary embodiments of the present disclosure, the various features of the present disclosure are sometimes grouped together into a single embodiment, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. Rather, as disclosed in the following claims, the disclosed aspects are less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the specific embodiments, and each of the claims as a separate embodiment of the present disclosure.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本公开的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that, although some embodiments herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present disclosure. And different embodiments are formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本公开的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据 本公开实施例的网关、代理服务器、系统中的一些或者全部部件的一些或者全部功能。本公开还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本公开的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present disclosure may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the gateways, proxy servers, systems in accordance with embodiments of the present disclosure. The present disclosure may also be implemented as a device or device program (eg, a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the present disclosure may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
应该注意的是上述实施例对本公开进行说明而不是对本公开进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本公开可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments are illustrative of the present disclosure and are not intended to limit the scope of the disclosure, and those skilled in the art can devise alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The present disclosure can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.

Claims (12)

  1. 一种AP风险检测的方法,其特征在于,包括:A method for AP risk detection, comprising:
    根据待检测无线接入点AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,所述安全测试方案包括表示基于所述目标参数类型的参数而计算所述待检测AP的安全分数的计算方案和表示所述待检测AP安全的预设分数;其中,不同AP的类型所对应的参数类型和安全测试方案不完全相同;Determining, according to the type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test plan, where the security test plan includes calculating the AP to be detected based on the parameter of the target parameter type. a calculation scheme of the security score and a preset score indicating the security of the AP to be detected; wherein the parameter types and security test schemes corresponding to the types of different APs are not completely the same;
    根据所述目标参数类型对所述待检测AP进行检测,获得所述目标参数类型的第一参数;Detecting the to-be-detected AP according to the target parameter type, and obtaining a first parameter of the target parameter type;
    基于所述第一参数和所述计算方案,计算所述待检测AP的安全分数;Calculating a security score of the AP to be detected based on the first parameter and the calculation scheme;
    判断所述待检测AP的安全分数是否达到所述预设分数;Determining whether the security score of the AP to be detected reaches the preset score;
    当所述待检测AP的安全分数未达到所述预设分数时,确定所述待检测AP存在风险。When the security score of the AP to be detected does not reach the preset score, it is determined that the AP to be detected has a risk.
  2. 如权利要求1所述的方法,其特征在于,在确定需要获得的所述待检测AP的目标参数类型以及安全测试方案之前,还包括:The method according to claim 1, wherein before determining the target parameter type of the AP to be detected and the security test plan, the method further includes:
    对所述待检测AP进行检测,获得表示所述待检测AP的类型的第二参数;Detecting the to-be-detected AP, and obtaining a second parameter indicating a type of the to-be-detected AP;
    基于所述第二参数,确定所述待检测AP的类型。Determining the type of the AP to be detected based on the second parameter.
  3. 如权利要求2所述的方法,其特征在于,所述待检测AP的类型至少为公共AP或私人AP中任一种。The method according to claim 2, wherein the type of the AP to be detected is at least one of a public AP or a private AP.
  4. 如权利要求3所述的方法,其特征在于,当所述待检测AP的类型为所述公共AP时,所述目标参数类型至少包括AP操作系统和AP开放端口,所述第一参数为第一操作系统和第一开放端口,基于所述第一参数和所述计算方案,计算所述待检测AP的安全分数,包括:The method according to claim 3, wherein when the type of the AP to be detected is the public AP, the target parameter type includes at least an AP operating system and an AP open port, and the first parameter is An operating system and a first open port, based on the first parameter and the computing solution, calculate a security score of the AP to be detected, including:
    判断所述待检测AP的所述第一操作系统是否为用户终端系统;Determining whether the first operating system of the AP to be detected is a user terminal system;
    当所述待检测AP的所述第一操作系统为用户终端系统时,从公共AP基准分中减去所述AP操作系统对应的分值;When the first operating system of the AP to be detected is a user terminal system, the score corresponding to the AP operating system is subtracted from the public AP reference score;
    判断所述待检测AP的第一开放端口中是否包括用户终端端口;Determining whether the user terminal port is included in the first open port of the AP to be detected;
    当所述待检测AP的所述第一发放端口中包括用户终端端口时,从所述 公共AP基准分中减去所述AP开放端口对应的分值。When the first issuing port of the to-be-detected AP includes the user terminal port, the score corresponding to the AP open port is subtracted from the common AP reference point.
  5. 如权利要求3所述的方法,其特征在于,当所述待检测AP的类型为私人AP时,所述目标参数类型至少包括AP开放端口和历史连接用户,所述第一参数为第二端口和第二用户,基于所述第一参数和所述计算方案,计算所述待检测AP的安全分数,包括:The method according to claim 3, wherein when the type of the AP to be detected is a private AP, the target parameter type includes at least an AP open port and a historical connection user, and the first parameter is a second port. And calculating, by the second user, the security score of the AP to be detected, based on the first parameter and the calculation scheme, including:
    判断所述待检测AP的所述第二端口中是否包括非私人AP属性端口;Determining whether the second port of the to-be-detected AP includes a non-private AP attribute port;
    当所述待检测AP的所述第二开放端口中包括非私人AP属性端口时,从所述私人AP基准分中减去所述AP开放端口对应的分值;When the second open port of the to-be-detected AP includes a non-private AP attribute port, the score corresponding to the AP open port is subtracted from the private AP reference point;
    判断所述第二用户中是否包括不具有连接所述待检测AP权限的用户;Determining whether the second user includes a user who does not have the right to connect to the AP to be detected;
    当所述待检测AP的所述第二用户中包括不具有连接所述待检测AP权限的用户时,从所述私人AP基准分中减去所述历史连接用户对应的分值。When the second user of the AP to be detected includes a user who does not have the right to connect to the AP to be detected, the score corresponding to the historical connection user is subtracted from the private AP reference score.
  6. 一种AP风险检测的装置,其特征在于,包括:An apparatus for detecting an AP risk, comprising:
    第一确定模块,用于根据待检测无线接入点AP的类型,确定需要获得的待检测AP的目标参数类型以及安全测试方案,所述安全测试方案包括表示基于所述目标参数类型的参数而计算所述待检测AP的安全分数的计算方案和表示所述待检测AP安全的预设分数;其中,不同AP的类型所对应的参数类型和安全测试方案不完全相同;a first determining module, configured to determine, according to a type of the wireless access point AP to be detected, a target parameter type of the AP to be detected and a security test solution, where the security test solution includes a parameter indicating the target parameter type a calculation scheme of the security score of the AP to be detected and a preset score indicating the security of the AP to be detected; wherein the parameter types and security test schemes corresponding to the types of different APs are not completely the same;
    第一获得模块,用于根据所述目标参数类型对所述待检测AP进行检测,获得所述目标参数类型的第一参数;a first obtaining module, configured to detect the to-be-detected AP according to the target parameter type, and obtain a first parameter of the target parameter type;
    计算模块,用于基于所述第一参数和所述计算方案,计算所述待检测AP的安全分数;a calculation module, configured to calculate a security score of the AP to be detected based on the first parameter and the calculation scheme;
    判断模块,用于判断所述待检测AP的安全分数是否达到所述预设分数;a determining module, configured to determine whether the security score of the AP to be detected reaches the preset score;
    第二确定模块,用于当所述待检测AP的安全分数未达到所述预设分数时,确定所述待检测AP存在风险。The second determining module is configured to determine that the AP to be detected has a risk when the security score of the AP to be detected does not reach the preset score.
  7. 如权利要求6所述的装置,其特征在于,所述装置还包括:The device of claim 6 wherein said device further comprises:
    第二获得模块,用于在确定需要获得的所述待检测AP的目标参数类型以及安全测试方案之前,对所述待检测AP进行检测,获得表示所述待检测AP的类型的第二参数;a second obtaining module, configured to detect the AP to be detected, and obtain a second parameter indicating a type of the AP to be detected, before determining a target parameter type of the AP to be detected and a security test plan
    第三确定模块,用于基于所述第二参数,确定所述待检测AP的类型。And a third determining module, configured to determine, according to the second parameter, a type of the AP to be detected.
  8. 如权利要求7所述的装置,其特征在于,所述待检测AP的类型至少 为公共AP或私人AP中任一种。The apparatus according to claim 7, wherein the type of the AP to be detected is at least one of a public AP or a private AP.
  9. 如权利要求8所述的装置,其特征在于,当所述待检测AP的类型为所述公共AP时,所述目标参数类型至少包括AP操作系统和AP开放端口,所述第一参数为第一操作系统和第一开放端口,所述计算模块用于判断所述待检测AP的所述第一操作系统是否为用户终端系统;当所述待检测AP的所述第一操作系统为用户终端系统时,从公共AP基准分中减去所述AP操作系统对应的分值;判断所述待检测AP的第一开放端口中是否包括用户终端端口;当所述待检测AP的所述第一发放端口中包括用户终端端口时,从所述公共AP基准分中减去所述AP开放端口对应的分值。The device according to claim 8, wherein when the type of the AP to be detected is the public AP, the target parameter type includes at least an AP operating system and an AP open port, and the first parameter is An operating system and a first open port, the computing module is configured to determine whether the first operating system of the AP to be detected is a user terminal system; and when the first operating system of the AP to be detected is a user terminal In the system, the score corresponding to the AP operating system is subtracted from the public AP reference score; determining whether the first open port of the AP to be detected includes a user terminal port; and when the first to be detected is the first When the user terminal port is included in the issuing port, the score corresponding to the AP open port is subtracted from the public AP reference point.
  10. 如权利要求8所述的装置,其特征在于,当所述待检测AP的类型为私人AP时,所述目标参数类型至少包括AP开放端口和历史连接用户,所述第一参数为第二端口和第二用户,所述计算模块用于判断所述待检测AP的所述第二端口中是否包括非私人AP属性端口;当所述待检测AP的所述第二开放端口中包括非私人AP属性端口时,从所述私人AP基准分中减去所述AP开放端口对应的分值;判断所述第二用户中是否包括不具有连接所述待检测AP权限的用户;当所述待检测AP的所述第二用户中包括不具有连接所述待检测AP权限的用户时,从所述私人AP基准分中减去所述历史连接用户对应的分值。The device according to claim 8, wherein when the type of the AP to be detected is a private AP, the target parameter type includes at least an AP open port and a historical connection user, and the first parameter is a second port. And the second user, the calculating module is configured to determine whether the second port of the to-be-detected AP includes a non-private AP attribute port; and when the second open port of the to-be-detected AP includes a non-private AP The attribute port is obtained by subtracting the score corresponding to the AP open port from the private AP reference point; determining whether the second user includes a user who does not have the right to connect to the AP to be detected; when the to-be-detected When the second user of the AP includes a user who does not have the right to connect to the AP to be detected, the score corresponding to the historical connection user is subtracted from the private AP reference score.
  11. 一种计算机程序,包括计算机可读代码,当所述计算机可读代码在计算设备上运行时,导致所述计算设备执行根据权利要求1-5中的任一项所述的AP风险检测的方法。A computer program comprising computer readable code, when the computer readable code is run on a computing device, causing the computing device to perform the AP risk detection method of any of claims 1-5 .
  12. 一种计算机可读介质,其中存储了如权利要求11所述的计算机程序。A computer readable medium storing the computer program of claim 11.
PCT/CN2017/117688 2016-12-21 2017-12-21 Ap risk detection method and apparatus WO2018113726A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611193270.4A CN106506546B (en) 2016-12-21 2016-12-21 AP risk detection method and device
CN201611193270.4 2016-12-21

Publications (1)

Publication Number Publication Date
WO2018113726A1 true WO2018113726A1 (en) 2018-06-28

Family

ID=58333669

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/117688 WO2018113726A1 (en) 2016-12-21 2017-12-21 Ap risk detection method and apparatus

Country Status (2)

Country Link
CN (1) CN106506546B (en)
WO (1) WO2018113726A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506546B (en) * 2016-12-21 2020-04-07 北京奇虎测腾科技有限公司 AP risk detection method and device
CN108632822B (en) * 2018-04-16 2021-06-15 Oppo广东移动通信有限公司 Wireless access point detection method and device and mobile terminal
CN111404956A (en) * 2020-03-25 2020-07-10 深信服科技股份有限公司 Risk information acquisition method and device, electronic equipment and storage medium
CN117191126A (en) * 2023-09-08 2023-12-08 扬州日新通运物流装备有限公司 Container self-checking system, method, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101595694A (en) * 2007-01-29 2009-12-02 思科技术公司 The intrusion prevention system that is used for wireless network
CN103891331A (en) * 2011-10-17 2014-06-25 迈可菲公司 Mobile risk assessment
CN104580152A (en) * 2014-12-03 2015-04-29 中国科学院信息工程研究所 Protection method and system against wifi (wireless fidelity) phishing
CN106102068A (en) * 2016-08-23 2016-11-09 大连网月科技股份有限公司 A kind of illegal wireless access point detection and attack method and device
CN106506546A (en) * 2016-12-21 2017-03-15 北京奇虎科技有限公司 A kind of method and apparatus of AP risk supervisions

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8655312B2 (en) * 2011-08-12 2014-02-18 F-Secure Corporation Wireless access point detection
US9763099B2 (en) * 2013-12-30 2017-09-12 Anchorfree Inc. System and method for security and quality assessment of wireless access points
CN106034302B (en) * 2015-03-09 2020-12-18 腾讯科技(深圳)有限公司 Security monitoring method and device for wireless local area network hotspot and communication system
CN105119901B (en) * 2015-07-17 2018-07-17 中国科学院信息工程研究所 A kind of detection method and system of fishing hot spot

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101595694A (en) * 2007-01-29 2009-12-02 思科技术公司 The intrusion prevention system that is used for wireless network
CN103891331A (en) * 2011-10-17 2014-06-25 迈可菲公司 Mobile risk assessment
CN104580152A (en) * 2014-12-03 2015-04-29 中国科学院信息工程研究所 Protection method and system against wifi (wireless fidelity) phishing
CN106102068A (en) * 2016-08-23 2016-11-09 大连网月科技股份有限公司 A kind of illegal wireless access point detection and attack method and device
CN106506546A (en) * 2016-12-21 2017-03-15 北京奇虎科技有限公司 A kind of method and apparatus of AP risk supervisions

Also Published As

Publication number Publication date
CN106506546B (en) 2020-04-07
CN106506546A (en) 2017-03-15

Similar Documents

Publication Publication Date Title
US10609564B2 (en) System and method for detecting rogue access point and user device and computer program for the same
WO2018113726A1 (en) Ap risk detection method and apparatus
JP6506871B2 (en) System and method for wireless access point security and quality assessment
US10069796B2 (en) Apparatus and method for providing controlling service for IoT security
JP4966319B2 (en) Method and system for determining network location of user equipment based on transmitter fingerprint
US9894630B2 (en) ADSS enabled global roaming system
WO2016101729A1 (en) Wireless network access method, device and system
JP2019517694A5 (en)
CN110401614B (en) Malicious domain name tracing method and device
JP2020518208A (en) Device identification
US11722488B2 (en) Non-intrusive / agentless network device identification
US20060095961A1 (en) Auto-triage of potentially vulnerable network machines
CN106470115B (en) Security configuration method, related device and system
US11489832B2 (en) Communication control apparatus, communication control method, and communication control program
US9479521B2 (en) Software network behavior analysis and identification system
KR101606352B1 (en) System, user terminal, and method for detecting rogue access point and computer program for the same
US11539731B2 (en) Dynamic hyper context-driven microsegmentation
CN104113443A (en) Network equipment detection method, device and cloud detection system
US20160234205A1 (en) Method for providing security service for wireless device and apparatus thereof
JP2017514410A (en) Discriminating method and corresponding terminal, computer program product, and storage medium
KR20160058300A (en) Apparatus and method for identifying terminal information
CN112688899A (en) In-cloud security threat detection method and device, computing equipment and storage medium
CN108768937B (en) Method and equipment for detecting ARP spoofing in wireless local area network
US11283881B1 (en) Management and protection of internet of things devices
WO2021026937A1 (en) Method and apparatus for checking login behavior, and system, storage medium and electronic apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17885237

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17885237

Country of ref document: EP

Kind code of ref document: A1