CN108683681A - A kind of smart home intrusion detection method and device based on traffic policy - Google Patents
A kind of smart home intrusion detection method and device based on traffic policy Download PDFInfo
- Publication number
- CN108683681A CN108683681A CN201810560903.3A CN201810560903A CN108683681A CN 108683681 A CN108683681 A CN 108683681A CN 201810560903 A CN201810560903 A CN 201810560903A CN 108683681 A CN108683681 A CN 108683681A
- Authority
- CN
- China
- Prior art keywords
- flow
- user
- traffic characteristic
- configuration
- smart machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of smart home intrusion detection method and device based on traffic policy, is related to Smart Home technical field.This method includes:The flow of smart machine is specified in acquisition network environment in real time;It is for statistical analysis to the flow of acquisition, generate traffic characteristic;Traffic characteristic is made comparisons with the policy characteristics in user configuration strategy, to judge to specify whether smart machine is abnormal;If so, outwardly sending out warning information;The original state of warning information is untreated state, and original state indicates the state that warning information is not handled by user.The smart home intrusion detection method based on traffic policy can be when smart machine be invaded, alarm in time, prompt user pays close attention to and handles, it can effectively avoid family's privacy leakage and personal safety as well as the property safety from being damaged, alleviate the problem of invasion existing in the prior art that smart home cannot be effectively detected threatens.
Description
Technical field
The present invention relates to Smart Home technical fields, and inspection is invaded more particularly, to a kind of smart home based on traffic policy
Survey method and device.
Background technology
With the continuous development of science and technology, traditional household electrical appliance are also gradually replaced by smart home.However, these intelligence
Home equipment (abbreviation smart machine) is while providing people with convenience, also along with miscellaneous external malicious intrusions.
The external malicious intrusions gently then influence the normal operation of housed device, heavy then steal family's privacy, in addition can threaten family at
The life security of member.
To sum up, the invasion that smart home how is effectively detected threatens as urgent problem to be solved.
Invention content
In view of this, the smart home intrusion detection method that the purpose of the present invention is to provide a kind of based on traffic policy and
Device, to alleviate the technical issues of invasion existing in the prior art that smart home cannot be effectively detected threatens.
In a first aspect, an embodiment of the present invention provides a kind of smart home intrusion detection method based on traffic policy, packet
It includes:
The flow of smart machine is specified in acquisition network environment in real time;
It is for statistical analysis to the flow of acquisition, generate traffic characteristic;
The traffic characteristic is made comparisons with the policy characteristics in user configuration strategy, to judge the specified smart machine
Whether it is abnormal;
If so, outwardly sending out warning information;The original state of the warning information is untreated state, described initial
State indicates the state that the warning information is not handled by user.
With reference to first aspect, an embodiment of the present invention provides the first possible embodiments of first aspect, wherein institute
The flow that smart machine is specified in acquisition network environment in real time is stated, including:
Receive the address that user selects the specified smart machine of access;
The flow that the specified smart machine generates directionally is acquired according to described address.
With reference to first aspect, an embodiment of the present invention provides second of possible embodiments of first aspect, wherein institute
Stating traffic characteristic includes:Packet information and/or flow information, the packet information include data packet number and each data
Packet size;The flow information includes uninterrupted.
With reference to first aspect, an embodiment of the present invention provides the third possible embodiments of first aspect, wherein should
Method further includes:
Receive the configuration-direct of user;
Tactful configuration is carried out based on the configuration-direct, to generate user configuration strategy, the user configuration strategy includes
Policy characteristics;The policy characteristics include:Setup time section, described is matched at the configuration data package informatin in setup time section
Set the configuration flow information in the period.
The third possible embodiment with reference to first aspect, an embodiment of the present invention provides the 4th kind of first aspect
Possible embodiment, wherein the flow of described pair of acquisition is for statistical analysis, generates traffic characteristic, including:According to institute
The setup time section stated in policy characteristics is for statistical analysis to the flow of acquisition, generates the traffic characteristic;
It is described that the traffic characteristic is made comparisons with the policy characteristics in user configuration strategy, to judge the specified intelligence
Whether equipment is abnormal, including:According in the policy characteristics the setup time section in configuration data package informatin and/
Or the configuration flow information in the setup time section is compared with the traffic characteristic, to judge the specified smart machine
Whether it is abnormal.
With reference to first aspect, an embodiment of the present invention provides the 5th kind of possible embodiments of first aspect, wherein should
Method further includes:
Correspondence when being determined based on the traffic characteristic between m- traffic characteristic;
Correspondence output when will be described between m- traffic characteristic.
The 5th kind of possible embodiment with reference to first aspect, an embodiment of the present invention provides the 6th kind of first aspect
Possible embodiment, wherein this method further includes:
To it is described when m- traffic characteristic between correspondence preserve.With reference to first aspect, the embodiment of the present invention carries
The 7th kind of possible embodiment of first aspect is supplied, wherein this method further includes:
Receive user alarming processing feedback information, and based on the alarming processing feedback information to the warning information into
Row Status Change.
Second aspect, the embodiment of the present invention also provide a kind of smart home invasion detecting device based on traffic policy, packet
It includes:
Flow collection module, for acquiring the flow for specifying smart machine in network environment in real time;
Flow analysis module, for for statistical analysis to the flow of acquisition, generation traffic characteristic;
Judgment module, for the traffic characteristic to be made comparisons with the policy characteristics in user configuration strategy, to judge
State whether specified smart machine is abnormal;
Alarm module, in the case where the judgment module is judged to be abnormal, outwardly sending out warning information;
The original state of the warning information is untreated state, and the original state indicates what the warning information was not handled by user
State.
In conjunction with second aspect, an embodiment of the present invention provides the first possible embodiments of second aspect, wherein should
Device further includes:
User management module, for providing a user visualization interface and receiving the logging request of user.
The third aspect, the embodiment of the present invention additionally provide a kind of electronic equipment, including memory, processor and are stored in institute
The computer program that can be run on memory and on the processor is stated, the processor executes real when the computer program
The step of existing above-mentioned smart home intrusion detection method based on traffic policy.
Fourth aspect, the embodiment of the present invention additionally provide a kind of non-volatile program code that can perform with processor
Computer-readable medium, said program code make the processor execute the above-mentioned smart home invasion inspection based on traffic policy
Survey method.
The embodiment of the present invention brings following advantageous effect:
An embodiment of the present invention provides based on traffic policy smart home intrusion detection method, device, electronic equipment and
Computer-readable medium, wherein be somebody's turn to do the smart home intrusion detection method based on traffic policy and acquire in network environment first
The network flow of specified smart machine, it is then for statistical analysis to the network flow of acquisition to generate actual traffic characteristic, so
Actual traffic characteristic is made comparisons with the policy characteristics in user configuration strategy afterwards, to note abnormalities a little and send out alarm.
Therefore, technical solution provided in an embodiment of the present invention, alleviating existing in the prior art cannot be effectively detected smart home
Invasion threaten the technical issues of, can when smart machine is invaded, in time alert, prompt user pay close attention to and handle, can
Effectively family's privacy leakage and personal safety as well as the property safety is avoided to be damaged.
The present invention converts the network state of smart machine to visual traffic characteristic from simple efficient angle, and
A kind of smart home intrusion detection method and device based on traffic policy are provided, party's subtraction unit is produced using only smart machine
Raw flow, without parsing in the case of just can efficiently identify invasion threaten.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
It obtains it is clear that understand through the implementation of the invention.The purpose of the present invention and other advantages are in specification, claims
And specifically noted structure is realized and is obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment cited below particularly, and coordinate
Appended attached drawing, is described in detail below.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, other drawings may also be obtained based on these drawings.
Fig. 1 is a kind of flow of the smart home intrusion detection method based on traffic policy provided in an embodiment of the present invention
Figure;
Fig. 2 is the flow of another smart home intrusion detection method based on traffic policy provided in an embodiment of the present invention
Figure;
Fig. 3 is a kind of signal of the smart home invasion detecting device based on traffic policy provided in an embodiment of the present invention
Figure;
Fig. 4 is a kind of signal of the smart home intruding detection system based on traffic policy provided in an embodiment of the present invention
Figure;
Fig. 5 is the schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, shall fall within the protection scope of the present invention.
Smart home is accomplished that conventional domestic electric appliance is semi-automatic or automates.Smart home can rely on control
The each smart machine work of center autonomous control, while can also support long-range artificial adjustment.And each secondary control or regulation and control, all
It is the process of a transmitting network data, will produce network flow in this process.
Intrusion event in identification network at present, the method largely used is capture apparatus network flow, parses flow
In agreement, and identify wherein attack property feature, then carry out characteristic matching or carry out black and white lists storehouse matching;In addition,
Still an alternative is that judge that this event is the probability of intrusion event in the way of machine learning, to judge that the equipment is
It is no to be threatened by invasion.
Although can judge the intrusion event in internet using the above method.But, on the one hand, due to smart home
Different from internet environment, major part agreement therein is non-public (belonging to proprietary protocol), therefore just can not carry out agreement solution
It analyses to obtain threat characteristics.And smart home is at the early-stage at present, and flow is relatively simple in household network environment, also not yet
The feature database suitable for smart home field of comparative maturity.On the other hand, the flow that smart home generates is also more stable, and one
The data volume that each equipment is externally transmitted after denier deployment will not generate too big variation.In addition, more in view of family information data
Privacy can inevitably threaten to the individual privacy of kinsfolk after specifically parse.
For the above situation, the present invention proposes a kind of smart home intrusion detection method and device based on traffic policy,
Without analysis protocol and malice characteristic matching, it can simply and effectively find that invasion threatens in smart home environment, protect
The individual privacy of user.
For ease of understanding the present embodiment, first to a kind of disclosed in the embodiment of the present invention based on traffic policy
Smart home intrusion detection method describes in detail.
Embodiment one:
Fig. 1 shows a kind of showing for smart home intrusion detection method based on traffic policy provided in an embodiment of the present invention
It is intended to.
Referring to Fig.1, this method (is hereinafter referred to as detected applied to the smart home invasion detecting device based on traffic policy
Device), it specifically includes:
Flow collection step S102:The flow of smart machine is specified in acquisition network environment in real time;
Above-mentioned refers to the flow that smart machine is specified in lasting, continual acquisition network environment in real time;Finger herein
It is the access device that user specifies to determine smart machine, and therefore, the flow of acquisition refers to the flow for the access device that user specifies, and
And the flow can be stored in memory in the form of data packet, wait for further analysis.
Specifically, flow collection step S102 includes the following steps:
1) device configuration sub-step:Receive the address that user selects the specified smart machine of access;
2) data acquisition step:The flow that the specified smart machine generates directionally is acquired according to address.
Flow analysis step S104:It is for statistical analysis to the flow of acquisition, generate traffic characteristic;
Here traffic characteristic refers to the practical traffic characteristic information generated of specified smart machine;Above-mentioned traffic characteristic packet
It includes:Packet information and/or flow information, the packet information include data packet number and each data package size;The flow
Information includes uninterrupted, i.e., flow information includes maximum stream flow and minimum discharge.
In view of flow acquires in real time, therefore, in the specific implementation, step S104 can be held by following steps
Row:Statistical Analysis is carried out to the flow of acquisition, generates traffic characteristic.In such cases, traffic characteristic includes default
The packet information and flow information of timing statistics section, packet information include data packet number and each data package size;Stream
It includes uninterrupted to measure information.Here default timing statistics section is arranged according to demand, such as can be per half an hour statistics
Once, each hour statistics is primary, is not especially limited to this present embodiment;Furthermore, it is necessary to explanation, when presetting statistics
Between section can also be multiple timing statistics sections, be not limited to some period, for example, may include each hour statistics stream
The flow of amount and each two hour statistics, to ensure the comprehensive of Statistical Analysis.It should be pointed out that when default statistics
Between section include setup time mentioned below section, therefore, traffic characteristic here is the traffic characteristic for including setup time section
The traffic characteristic of default timing statistics section inside can include the traffic characteristic of setup time section from this when actually relatively
The traffic characteristic that setup time section is extracted in the traffic characteristic of default timing statistics section inside is compared with policy characteristics
It is used as and judges abnormal foundation.
Judgment step S106:The traffic characteristic is made comparisons with the policy characteristics in user configuration strategy, to judge to refer to
Determine whether smart machine is abnormal;
The policy characteristics include:Setup time section, setup time section in configuration data package informatin, setup time section in
Configure flow information.
Above-mentioned policy characteristics include threshold value (the i.e. thresholding threshold of the traffic characteristic of user configuration of preset traffic characteristic
Value);In actual use, when being Statistical Analysis due to actual traffic characteristic, which includes then configuration
The threshold value of traffic characteristic in period.
Specifically, traffic characteristic is made comparisons with policy characteristics, judge whether traffic characteristic is more than (or being more than) strategy
Threshold value in feature, to judge whether above-mentioned specified smart machine is abnormal, when smart machine is abnormal, then
There is the risk invaded in smart machine, need to be alerted in time.
If so, i.e. smart machine is abnormal, then alarm step S108 is executed;If it is not, i.e. smart machine no exceptions,
Then return flow acquisition step S102 continues to monitor.
Alarm step S108:Outwardly send out warning information;The original state of warning information is untreated state.
The above-mentioned external world can simply mean to extraneous space environment, can also be the mobile terminal of user, can also be remote
The server at end.Above-mentioned warning information is not by preset label (such as in the form of red-label or flicker) prompt user
Processing state.
At least one execution of alarm step S108 mainly in the following manner:
First way outwardly sends out the warning information of the forms such as sound, light by the warning device of detection device.
The second way sends a warning message to the mobile terminal of user, warning information herein can with short message or
The form for not reading speech message is sent to the mobile terminal of user.
In the present embodiment, timely alarm is realized by the way of sending a warning message to the mobile terminal of user, prompts to use
Family is paid close attention to and is handled, and family's privacy leakage and personal safety as well as the property safety can be effectively avoided.
Smart home intrusion detection method provided in an embodiment of the present invention based on traffic policy, by acquiring network environment
In specified smart machine flow, and to the network flow of acquisition generation traffic characteristic for statistical analysis, finally by flow
Feature is made comparisons with the policy characteristics in user configuration strategy, to note abnormalities a little and send out alarm.Therefore, the present invention is implemented
The smart home intrusion detection method based on traffic policy that example provides, which alleviates, existing in the prior art cannot effectively examine
The technical issues of surveying the invasion threat of smart home, can in time alert when smart machine is invaded, and prompt user's concern simultaneously
Processing, can effectively avoid family's privacy leakage and personal safety as well as the property safety from being damaged.
Embodiment two:
As shown in Fig. 2, on the basis of embodiment one, an embodiment of the present invention provides intelligence of the another kind based on traffic policy
Energy household intrusion detection method, difference lies in before judgment step S106, this method further includes with embodiment one:
Strategies configuring step S202:Receive the configuration-direct of user;Tactful configuration is carried out based on the configuration-direct, to generate
User configuration strategy, which includes policy characteristics.
In general, above-mentioned configuration-direct includes user selects the suitable period (such as 00 by visual interface:00:00-
06:00:00), the packet information in the period, the data packet in the flow information in the period, such as the period
Total number, the data package size in the period, maximum flow size (i.e. maximum flow in the period in the period
Value), minimum flow size (i.e. lowest stream magnitude in the period) in the period.Corresponding, above-mentioned policy characteristics include:Match
Set the period (preset time period in one day), the setup time section in configuration data package informatin (data packet total number and
Each data package size), configuration flow information in setup time section (maximum flow size in the period, in the period
Minimum flow size).
When it is implemented, strategies configuring step S202 can be executed one of in the following manner:
Mode one, the configuration-direct that user is received by the visual interface (such as display screen) of the detection device carry out proximal end
Configuration carries out strategy configuration based on configuration-direct and generates user configuration strategy.
Mode two, visual interface (such as the smart mobile phone by the mobile terminal of the user with detection device communication connection
Main screen) receive user configuration-direct carry out Remote configuration, based on configuration-direct carry out strategy configuration generate user configuration
Strategy.
It should be pointed out that when carrying out strategy configuration, manufacture configuration strategy is prestored inside detection device, which matches
Setting strategy is generated as standard based on a large amount of actual flow data.Configuration strategy of dispatching from the factory includes multiple and different periods
Policy characteristics, user can check manufacture when sending configuration-direct by visual interface by the visual interface of detection device
Configuration strategy is simultaneously changed.In addition, when user is not configured, give tacit consent to 00:00:00-24:00:The policy characteristics of 00 period are made
For initial configuration strategy.Certainly, user can also custom-configure strategy, not repeat excessively here.Further, this method
Can also include:The policy update packet that system server issues periodically is received to realize dynamic update policy criteria.
Change step S204:The alarming processing feedback information of user is received, and is based on the alarming processing feedback information pair
State change is performed for above-mentioned warning information.
In view of specified smart machine may be multiple, detection device may send out multiple warning information, in general, each accuse
The original state of alert information is untreated state, to prompt user to handle, after a warning information processing of user couple, and inspection
It surveys device then to change the state of corresponding warning information, i.e., is processed state from untreated status indication, in order to
User gets information about the disposition of multiple specified smart machines.
Plot step S206:Correspondence when being determined based on above-mentioned traffic characteristic between m- traffic characteristic.
Here when m- traffic characteristic between correspondence m- traffic characteristic relationship when being referred to as, when m- flow it is special
Sign relationship may include the traffic characteristic of multiple periods, in other words, when m- traffic characteristic relationship do not comprise only setup time
The traffic characteristic of section, the traffic characteristic of also non-setup time section, to ensure the comprehensive of time statistics, for the tune of configuration strategy
Whole update provides data and supports.And when above-mentioned m- traffic characteristic relationship can by scheme or table in the form of present.
Specifically, it is the time to draw X-axis according to actual traffic characteristic, Y-axis is the line chart of flow, in order to which user looks into
See the network flow of specified smart machine.
Export step S208:By when m- traffic characteristic between correspondence output.
Specifically, by when m- traffic characteristic relationship by scheme or table in the form of export to the display screen of detection device or use
The main screen of the mobile terminal at family, to facilitate user to check, i.e., user can intuitively check traffic characteristic, to realize intelligence
Conversion of the network state of equipment to visual traffic characteristic.
Preserve step S210:Correspondence between the m- traffic characteristic of clock synchronization is preserved.
User can be facilitated manually to be compared actual traffic characteristic and policy characteristics by the preservation step, it is effectively anti-
The only exception informations such as detection device judgement mistake that may be present, in time to detection device Maintenance and Repair.
It should be noted that in the present embodiment, above-mentioned flow analysis step S104, including:It is special according to above-mentioned strategy
Setup time section in sign is for statistical analysis to the flow of acquisition, generates traffic characteristic;When the traffic characteristic is that assignment is set
Between section traffic characteristic;Above-mentioned judgment step S106, including:According to the configuration in the setup time section in above-mentioned policy characteristics
Configuration flow information in packet information and/or setup time section is compared with traffic characteristic, to judge the specified intelligence
Whether energy equipment is abnormal;Traffic characteristic herein also refers to the traffic characteristic of above-mentioned setup time section.
In addition, step S204 and step 206, step S208 and step 210 do not represent it merely to description is easy to use
Sequencing.
Smart home intrusion detection method provided in an embodiment of the present invention based on traffic policy, in not analysis protocol and evil
In the case of characteristic matching of anticipating, the smart home intrusion detection based on traffic policy is carried out.Whole flow process is simple, should be readily appreciated that and
Implement.Especially in household smart home environment, it can not only be presented to user's clearly home equipment flow distribution, additionally it is possible to
According to the demand of specific environment, User Defined is allowed to configure warning strategies, whole process is easily understood.Protect of user
People's privacy, and can find that the invasion of home network environment threatens in first time.
Embodiment three:
With reference to Fig. 3, an embodiment of the present invention provides a kind of smart home invasion detecting device based on traffic policy, packet
It includes:
Flow collection module 301, for acquiring the flow for specifying smart machine in network environment in real time;
Flow analysis module 302, for for statistical analysis to the above-mentioned flow of acquisition, generation traffic characteristic;
Judgment module 303, it is above-mentioned to judge for traffic characteristic to be made comparisons with the policy characteristics in user configuration strategy
Whether specified smart machine is abnormal;
Alarm module 304, in the case where above-mentioned judgment module is judged to be abnormal, outwardly sending out alarm letter
Breath;The original state of the warning information is untreated state, and above-mentioned original state indicates that the warning information is not handled by user
State.
Further, which further includes:User management module 305, for providing a user visualization interface simultaneously
Receive the logging request of user.
Specifically, user management module 305 receives user using password login to the logging request of visualization interface, it is used in combination
In the when m- traffic characteristic relationship line chart and warning information that displaying is exported based on traffic characteristic.
Further, which further includes:Tactful configuration module 306, the configuration-direct for receiving user, is based on
Above-mentioned configuration-direct carries out tactful configuration, and to generate user configuration strategy, which includes policy characteristics;The strategy
Feature includes:Setup time section, the configuration data package informatin in setup time section, the configuration flow information in setup time section.
Smart home invasion detecting device provided in an embodiment of the present invention based on traffic policy is provided with above-described embodiment
The smart home intrusion detection method technical characteristic having the same based on traffic policy, so can also solve identical technology
Problem reaches identical technique effect.
The technique effect and preceding method embodiment phase of the device that the embodiment of the present invention is provided, realization principle and generation
Together, to briefly describe, device embodiment part does not refer to place, can refer to corresponding contents in preceding method embodiment.
Example IV:
As shown in figure 4, the embodiment of the present invention additionally provides a kind of smart home intruding detection system based on traffic policy,
Including smart machine 400, router 500 and the smart home invasion detecting device 600 above-mentioned based on traffic policy, intelligence
Equipment 400 is multiple, and multiple smart machines are connected with the smart home invasion detecting device 600 based on traffic policy respectively
Connect, the smart home invasion detecting device 600 based on traffic policy is connected with router 500, router 500 for connect with
Too net.
Draw specifically, the smart home invasion detecting device based on traffic policy includes flow collection engine, flow analysis
It holds up, tactful allocation engine, alarm engine, user management engine;
Wherein, flow collection engine includes above-mentioned flow collection module, and flow collection engine is used for continuous collecting network
The flow of the specified smart machine of user configuration, memory is stored in data packet form in environment, waits for next flow analysis engine
Analysis;
Flow analysis engine includes flow analysis module above-mentioned, and flow analysis engine is used for the flow of statistics gatherer, packet
Include data packet number in multiple periods including setup time section, each data package size, uninterrupted m- flow on time
Characteristic relation preserves data to local data base;And draw using X-axis as the time, Y-axis is the line chart of traffic characteristic, in order to rear
Continuous user can intuitively check the network flow of each smart machine;
Tactful allocation engine includes tactful configuration module, which is used to carry out strategy to traffic characteristic to match
It sets, generation strategy feature, policy characteristics include:Setup time section, such as one day certain time period (such as:00:00:00-06:
00:00), the setup time section in data packet total number, the setup time section in maximum flow size, the setup time section in most
Low discharge size, above-mentioned policy characteristics can arbitrarily be selected according to actual demand, when setup time, section did not configured, are defaulted as
00:00:00–24:00:00;
Alarm engine includes judgment module and alarm module, alarm engine for user policy characteristics and actually generate
Equipment traffic characteristic is made comparisons, and the equipment for being up to threshold value generates warning information, sends and notifies user's mobile device
On, alarm event is labeled as untreated at this time, and label is after user is handled.
User management engine includes user management module, and user uses password login to device interface.For showing flow
The warning information in time traffic characteristic relationship line chart and alarm engine in analysis engine, and the intelligence of configurable access is set
Standby address.
Smart home intruding detection system provided in an embodiment of the present invention based on traffic policy by network egress (such as
Family route) detection network flow, to find improper connection therein, i.e. network intrusions.
Referring to Fig. 5, the embodiment of the present invention also provides a kind of electronic equipment 100, including:Processor 40, memory 41, bus
42 and communication interface 43, the processor 40, communication interface 43 and memory 41 connected by bus 42;Processor 40 is for holding
The executable module stored in line storage 41, such as computer program.
Wherein, memory 41 may include high-speed random access memory (RAM, Random Access Memory),
May further include non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.By extremely
A few communication interface 43 (can be wired or wireless) is realized logical between the system network element and at least one other network element
Letter connection can use internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 42 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data
Bus, controlling bus etc..Only indicated with a four-headed arrow for ease of indicating, in Fig. 5, it is not intended that an only bus or
A type of bus.
Wherein, memory 41 is for storing program 401, and the processor 40 is after receiving and executing instruction, described in execution
Program 401, the method performed by device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied
It is realized in processor 40, or by processor 40.
Processor 40 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side
Each step of method can be completed by the integrated logic circuit of the hardware in processor 40 or the instruction of software form.Above-mentioned
Processor 40 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network
Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal
Processing, abbreviation DSP), application-specific integrated circuit (Application Specific Integrated Circuit, referred to as
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable
Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention
Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor can also be to appoint
What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing
Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at
Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally
In the storage medium of field maturation.The storage medium is located at memory 41, and processor 40 reads the information in memory 41, in conjunction with
Its hardware completes the step of above method.
The embodiment of the present invention additionally provides a kind of computer of non-volatile program code that can perform with processor can
Medium is read, said program code makes the processor execute the above-mentioned smart home intrusion detection method based on traffic policy.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table
It is not limit the scope of the invention up to formula and numerical value.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In all examples being illustrated and described herein, any occurrence should be construed as merely illustrative, without
It is as limitation, therefore, other examples of exemplary embodiment can have different values.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing.
Flow chart and block diagram in attached drawing show the system, method and computer journey of multiple embodiments according to the present invention
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part for a part for one module, section or code of table, the module, section or code includes one or more uses
The executable instruction of the logic function as defined in realization.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can essentially base
Originally it is performed in parallel, they can also be executed in the opposite order sometimes, this is depended on the functions involved.It is also noted that
It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule
The dedicated hardware based system of fixed function or action is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
Can also be electrical connection to be mechanical connection;It can be directly connected, can also indirectly connected through an intermediary, Ke Yishi
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
In the description of the present invention, it should be noted that term "center", "upper", "lower", "left", "right", "vertical",
The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to
Convenient for the description present invention and simplify description, do not indicate or imply the indicated device or element must have a particular orientation,
With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.In addition, term " first ", " second ",
" third " is used for description purposes only, and is not understood to indicate or imply relative importance.
The computer program for the smart home intrusion detection method based on traffic policy that the embodiment of the present invention is provided produces
Product, including store the computer readable storage medium of the executable non-volatile program code of processor, said program code
Including instruction can be used for execute previous methods embodiment described in method, specific implementation can be found in embodiment of the method, herein
It repeats no more.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of division of logic function, formula that in actual implementation, there may be another division manner, in another example, multiple units or component can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be by some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer read/write memory medium of a processor.Based on this understanding, of the invention
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention
State all or part of step of method.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-
Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with
Store the medium of program code.
Finally it should be noted that:Embodiment described above, only specific implementation mode of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, it will be understood by those of ordinary skill in the art that:Any one skilled in the art
In the technical scope disclosed by the present invention, it can still modify to the technical solution recorded in previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover the protection in the present invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of smart home intrusion detection method based on traffic policy, which is characterized in that including:
The flow of smart machine is specified in acquisition network environment in real time;
It is for statistical analysis to the flow of acquisition, generate traffic characteristic;
The traffic characteristic is made comparisons with the policy characteristics in user configuration strategy, whether to judge the specified smart machine
It is abnormal;
If so, outwardly sending out warning information;The original state of the warning information is untreated state, the original state
Indicate the state that the warning information is not handled by user.
2. according to the method described in claim 1, it is characterized in that, specifying smart machine in the real-time acquisition network environment
Flow, including:
Receive the address that user selects the specified smart machine of access;
The flow that the specified smart machine generates directionally is acquired according to described address.
3. according to the method described in claim 1, it is characterized in that, the traffic characteristic includes:Packet information and/or flow
Information, the packet information include data packet number and each data package size;The flow information includes uninterrupted.
4. according to the method described in claim 1, it is characterized in that, further including:
Receive the configuration-direct of user;
Tactful configuration is carried out based on the configuration-direct, to generate user configuration strategy, the user configuration strategy includes strategy
Feature;The policy characteristics include:When setup time section, the configuration data package informatin in setup time section, the configuration
Between configuration flow information in section.
5. according to the method described in claim 4, it is characterized in that,
The flow of described pair of acquisition is for statistical analysis, generates traffic characteristic, including:According to matching in the policy characteristics
It is for statistical analysis to the flow of acquisition to set the period, generates the traffic characteristic;
It is described that the traffic characteristic is made comparisons with the policy characteristics in user configuration strategy, to judge the specified smart machine
Whether it is abnormal, including:According in the policy characteristics the setup time section in configuration data package informatin and/or institute
The configuration flow information stated in setup time section is compared with the traffic characteristic, whether to judge the specified smart machine
It is abnormal.
6. according to the method described in claim 1, it is characterized in that, further including:
Correspondence when being determined based on the traffic characteristic between m- traffic characteristic;
Correspondence output when will be described between m- traffic characteristic.
7. according to the method described in claim 6, it is characterized in that, further including:
To it is described when m- traffic characteristic between correspondence preserve.
8. according to the method described in claim 1, it is characterized in that, further including:
The alarming processing feedback information of user is received, and shape is carried out to the warning information based on the alarming processing feedback information
State changes.
9. a kind of smart home invasion detecting device based on traffic policy, which is characterized in that including:
Flow collection module, for acquiring the flow for specifying smart machine in network environment in real time;
Flow analysis module, for for statistical analysis to the flow of acquisition, generation traffic characteristic;
Judgment module, for the traffic characteristic to be made comparisons with the policy characteristics in user configuration strategy, to judge the finger
Determine whether smart machine is abnormal;
Alarm module, in the case where the judgment module is judged to be abnormal, outwardly sending out warning information;It is described
The original state of warning information is untreated state, and the original state indicates the shape that the warning information is not handled by user
State.
10. device according to claim 9, which is characterized in that further include:
User management module, for providing a user visualization interface and receiving the logging request of user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810560903.3A CN108683681A (en) | 2018-06-01 | 2018-06-01 | A kind of smart home intrusion detection method and device based on traffic policy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810560903.3A CN108683681A (en) | 2018-06-01 | 2018-06-01 | A kind of smart home intrusion detection method and device based on traffic policy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108683681A true CN108683681A (en) | 2018-10-19 |
Family
ID=63809720
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810560903.3A Pending CN108683681A (en) | 2018-06-01 | 2018-06-01 | A kind of smart home intrusion detection method and device based on traffic policy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108683681A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109672663A (en) * | 2018-11-09 | 2019-04-23 | 杭州安恒信息技术股份有限公司 | A kind of the closed loop network security monitoring and managing method and system of security threat event |
| CN110891047A (en) * | 2019-10-08 | 2020-03-17 | 中国信息通信研究院 | Intelligent sound box data stream processing method and system |
| CN110891029A (en) * | 2019-11-28 | 2020-03-17 | 南京星邺汇捷网络科技有限公司 | Flow control method and device for home network and flow controller |
| CN111901314A (en) * | 2020-07-13 | 2020-11-06 | 珠海格力电器股份有限公司 | Smart home system intrusion prevention method and device, storage medium and terminal |
| CN112083659A (en) * | 2020-09-27 | 2020-12-15 | 珠海格力电器股份有限公司 | Intelligent household system safety monitoring method, intelligent household system and storage medium |
| CN112866172A (en) * | 2019-11-12 | 2021-05-28 | 西门子(中国)有限公司 | Safety protection method and device, smart home system and computer readable medium |
| CN113037595A (en) * | 2021-03-29 | 2021-06-25 | 北京奇艺世纪科技有限公司 | Abnormal device detection method and device, electronic device and storage medium |
| CN113132372A (en) * | 2021-04-13 | 2021-07-16 | 深圳市奇虎智能科技有限公司 | Security monitoring method and system for networking equipment of router, storage medium and computer equipment |
| CN113703325A (en) * | 2020-10-30 | 2021-11-26 | 天翼智慧家庭科技有限公司 | Method and system for detecting intelligent household terminal collapse |
| CN114499953A (en) * | 2021-12-23 | 2022-05-13 | 中国电子技术标准化研究院 | Privacy information intelligent security method and device based on flow analysis |
| CN115378647A (en) * | 2022-07-15 | 2022-11-22 | 中国电子科技集团公司第三十研究所 | Policy analysis optimization method and system based on flow rule characteristics |
| CN115766079A (en) * | 2022-10-10 | 2023-03-07 | 北京明朝万达科技股份有限公司 | Flow data processing method and device, electronic equipment and readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1697404A (en) * | 2005-06-10 | 2005-11-16 | 广东省电信有限公司研究院 | System and method for detecting network worm in interactive mode |
| CN103532776A (en) * | 2013-09-30 | 2014-01-22 | 广东电网公司电力调度控制中心 | Service flow detection method and system |
| CN106411934A (en) * | 2016-11-15 | 2017-02-15 | 平安科技(深圳)有限公司 | DoS(denial of service)/DDoS(distributed denial of service) attack detection method and device |
| CN107040544A (en) * | 2017-05-15 | 2017-08-11 | 上海斐讯数据通信技术有限公司 | A kind of intrusion detection method based on flow, apparatus and system |
| CN107786524A (en) * | 2016-08-31 | 2018-03-09 | 中国电信股份有限公司 | The detection method and device that advanced continuation threatens |
-
2018
- 2018-06-01 CN CN201810560903.3A patent/CN108683681A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1697404A (en) * | 2005-06-10 | 2005-11-16 | 广东省电信有限公司研究院 | System and method for detecting network worm in interactive mode |
| CN103532776A (en) * | 2013-09-30 | 2014-01-22 | 广东电网公司电力调度控制中心 | Service flow detection method and system |
| CN107786524A (en) * | 2016-08-31 | 2018-03-09 | 中国电信股份有限公司 | The detection method and device that advanced continuation threatens |
| CN106411934A (en) * | 2016-11-15 | 2017-02-15 | 平安科技(深圳)有限公司 | DoS(denial of service)/DDoS(distributed denial of service) attack detection method and device |
| CN107040544A (en) * | 2017-05-15 | 2017-08-11 | 上海斐讯数据通信技术有限公司 | A kind of intrusion detection method based on flow, apparatus and system |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109672663A (en) * | 2018-11-09 | 2019-04-23 | 杭州安恒信息技术股份有限公司 | A kind of the closed loop network security monitoring and managing method and system of security threat event |
| CN109672663B (en) * | 2018-11-09 | 2022-03-25 | 杭州安恒信息技术股份有限公司 | Closed-loop network security supervision method and system for security threat event |
| CN110891047A (en) * | 2019-10-08 | 2020-03-17 | 中国信息通信研究院 | Intelligent sound box data stream processing method and system |
| CN112866172A (en) * | 2019-11-12 | 2021-05-28 | 西门子(中国)有限公司 | Safety protection method and device, smart home system and computer readable medium |
| CN110891029A (en) * | 2019-11-28 | 2020-03-17 | 南京星邺汇捷网络科技有限公司 | Flow control method and device for home network and flow controller |
| CN111901314A (en) * | 2020-07-13 | 2020-11-06 | 珠海格力电器股份有限公司 | Smart home system intrusion prevention method and device, storage medium and terminal |
| CN112083659A (en) * | 2020-09-27 | 2020-12-15 | 珠海格力电器股份有限公司 | Intelligent household system safety monitoring method, intelligent household system and storage medium |
| CN113703325A (en) * | 2020-10-30 | 2021-11-26 | 天翼智慧家庭科技有限公司 | Method and system for detecting intelligent household terminal collapse |
| CN113037595A (en) * | 2021-03-29 | 2021-06-25 | 北京奇艺世纪科技有限公司 | Abnormal device detection method and device, electronic device and storage medium |
| CN113037595B (en) * | 2021-03-29 | 2022-11-01 | 北京奇艺世纪科技有限公司 | Abnormal device detection method and device, electronic device and storage medium |
| CN113132372A (en) * | 2021-04-13 | 2021-07-16 | 深圳市奇虎智能科技有限公司 | Security monitoring method and system for networking equipment of router, storage medium and computer equipment |
| CN113132372B (en) * | 2021-04-13 | 2023-02-17 | 深圳市奇虎智能科技有限公司 | Security monitoring method and system for networking equipment of router, storage medium and computer equipment |
| CN114499953A (en) * | 2021-12-23 | 2022-05-13 | 中国电子技术标准化研究院 | Privacy information intelligent security method and device based on flow analysis |
| CN115378647A (en) * | 2022-07-15 | 2022-11-22 | 中国电子科技集团公司第三十研究所 | Policy analysis optimization method and system based on flow rule characteristics |
| CN115766079A (en) * | 2022-10-10 | 2023-03-07 | 北京明朝万达科技股份有限公司 | Flow data processing method and device, electronic equipment and readable storage medium |
| CN115766079B (en) * | 2022-10-10 | 2023-12-05 | 北京明朝万达科技股份有限公司 | Traffic data processing method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108683681A (en) | A kind of smart home intrusion detection method and device based on traffic policy | |
| CN107135093B (en) | Internet of things intrusion detection method and detection system based on finite automaton | |
| CN110225067B (en) | Internet of things safety early warning system | |
| CN109889512B (en) | Charging pile CAN message abnormity detection method and device | |
| CN104115463A (en) | A streaming method and system for processing network metadata | |
| WO2021003970A1 (en) | Production line monitoring method and apparatus, and electronic device and readable storage medium | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| CN111885106A (en) | Internet of things safety management and control method and system based on terminal equipment characteristic information | |
| CN109040970B (en) | Service planning handling method based on cloud computing and terminal equipment | |
| CN110351237B (en) | Honeypot method and device for numerical control machine tool | |
| CN112087462A (en) | Vulnerability detection method and device of industrial control system | |
| CN109257378A (en) | A kind of quick identification environment of internet of things illegally accesses the method and system of assets | |
| CN112019523A (en) | Network auditing method and device for industrial control system | |
| CN113676526A (en) | Industrial data access management system and method | |
| CN113452576A (en) | Network environment monitoring method and device, storage medium and electronic device | |
| CN112653693A (en) | Industrial control protocol analysis method and device, terminal equipment and readable storage medium | |
| CN110647734A (en) | Equipment unlocking method and device based on Internet of things operating system | |
| CN111465045B (en) | AP monitoring method, monitoring server and monitoring system | |
| CN113079186A (en) | Industrial network boundary protection method and system based on industrial control terminal feature recognition | |
| CN114595987A (en) | Multi-device centralized management method, device, system, electronic device and storage medium | |
| CN109743339A (en) | The network security monitoring method and device of electric power plant stand, computer equipment | |
| CN112216073B (en) | Ladder violation operation warning method and device | |
| JP3697249B2 (en) | Network status monitoring system and program | |
| EP3910889A1 (en) | Communication terminal device, communication control method, and communication control program | |
| CN107818522B (en) | User power condition query method and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181019 |
|
| RJ01 | Rejection of invention patent application after publication |