CN112182574A - Method and device for intrusion detection and server - Google Patents
Method and device for intrusion detection and server Download PDFInfo
- Publication number
- CN112182574A CN112182574A CN202010949629.6A CN202010949629A CN112182574A CN 112182574 A CN112182574 A CN 112182574A CN 202010949629 A CN202010949629 A CN 202010949629A CN 112182574 A CN112182574 A CN 112182574A
- Authority
- CN
- China
- Prior art keywords
- information
- household appliance
- intrusion
- control request
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 81
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000001960 triggered effect Effects 0.000 abstract description 12
- 230000006854 communication Effects 0.000 abstract description 10
- 238000004891 communication Methods 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 9
- 238000009434 installation Methods 0.000 description 8
- 230000009545 invasion Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/658—Incremental updates; Differential updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application relates to the technical field of communication, and discloses a method for intrusion detection, which is applied to a service server side. The method comprises the following steps: acquiring a connection request; acquiring the information of the household appliance according to the connection request; sending the household appliance information to a user terminal, and triggering a feedback control request of the user terminal; and receiving the control request, sending the control request to the household appliances corresponding to the household appliance information, triggering the household appliances to carry out intrusion detection and feeding back intrusion information to a security server. The control request is acquired and the control instruction is acquired according to the control request, and the control request is sent to the household appliance, so that the household appliance is triggered to carry out intrusion detection, and the safety of the household appliance is improved. The application also discloses a device and a server for intrusion detection.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for intrusion detection, and a server.
Background
With the gradual development of the internet of things, internet of things equipment manufacturers gradually realize the risk caused by the intrusion of the terminal, so that the security of the starting process and the communication process of the household appliance equipment is ensured by means of a trusted technology, encrypted communication and the like.
In the process of implementing the embodiments of the present disclosure, it is found that at least the following problems exist in the related art: the existing household appliance is more focused on function realization, but the invasion behavior by the self loophole of a household appliance control program cannot be detected, so that the intelligent household appliance is exposed to risks.
Disclosure of Invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview nor is intended to identify key/critical elements or to delineate the scope of such embodiments but rather as a prelude to the more detailed description that is presented later.
The embodiment of the disclosure provides a method, a device and equipment for intrusion detection, so as to carry out intrusion detection on household appliances and improve the safety of the equipment.
In some embodiments, the method for intrusion detection is applied to a service server side, and includes:
acquiring a connection request;
acquiring the information of the household appliance according to the connection request;
sending the household appliance information to a user terminal, and triggering a feedback control request of the user terminal;
receiving the control request, sending the control request to the household appliances corresponding to the household appliance information, triggering the household appliances to carry out intrusion detection and feeding back intrusion information to a security server;
the intrusion information comprises household appliance system information and/or a first system calling sequence; the home appliance system information includes one or more of home appliance memory information, a home appliance control program stack, and home appliance system configuration information.
In some embodiments, obtaining the home device information according to the connection request includes:
connecting with the user terminal according to the connection request;
matching the household appliance information corresponding to the connection request in a preset equipment information table under the condition of successful connection with the user terminal;
the device information table includes a correspondence between the connection request and the home device information.
In some embodiments, triggering the home device for intrusion detection includes:
and triggering the household appliance to acquire a first system calling sequence according to the control request, and carrying out intrusion detection according to the first system calling sequence.
In some embodiments, performing intrusion detection according to the first system call sequence includes:
and under the condition that the first system calling sequence meets a preset condition, determining that the control request is an illegal control request.
In some embodiments, further comprising:
acquiring a control instruction according to the control request;
and sending the control instruction to the household appliance, and triggering the household appliance to execute the control instruction.
In some embodiments, obtaining control instructions according to the control request includes:
matching a control instruction corresponding to the control request from a preset control instruction database according to the control request;
the control instruction database stores the corresponding relation between the control request and the control instruction.
The method for intrusion detection provided by the embodiment of the disclosure is applied to a security server side, and comprises the following steps:
acquiring intrusion information, wherein the intrusion information comprises household appliance system information and/or a first system calling sequence; the household appliance system information comprises one or more of household appliance memory information, a household appliance control program stack and household appliance system configuration information;
acquiring a security patch packet corresponding to the intrusion information according to the intrusion information;
and sending the security patch package to the household appliance equipment, and triggering the household appliance equipment to upgrade according to the security patch package.
In some embodiments, obtaining a security patch package corresponding to the intrusion information according to the intrusion information includes:
matching a security patch package corresponding to the intrusion information in a preset security patch package database;
and the security patch packet database stores the corresponding relationship between the intrusion information and the security patch packet.
In some embodiments, the apparatus for intrusion detection comprises a processor and a memory storing program instructions, the processor being configured to, when executing the program instructions, perform the method for intrusion detection described above.
In some embodiments, the apparatus comprises the above-described apparatus for intrusion detection.
The method, the device and the server for controlling the household appliance provided by the embodiment of the disclosure can achieve the following technical effects: the control request is acquired and the control instruction is acquired according to the control request, and the control request is sent to the household appliance, so that the household appliance is triggered to carry out intrusion detection, and the safety of the household appliance is improved.
The foregoing general description and the following description are exemplary and explanatory only and are not restrictive of the application.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the accompanying drawings and not in limitation thereof, in which elements having the same reference numeral designations are shown as like elements and not in limitation thereof, and wherein:
FIG. 1 is a schematic diagram of a method for intrusion detection provided by embodiments of the present disclosure;
FIG. 2 is a timing diagram of a method for intrusion detection provided by embodiments of the present disclosure;
FIG. 3 is a timing diagram of another method for intrusion detection provided by embodiments of the present disclosure;
FIG. 4 is a timing diagram of a method for obtaining a sequence set of system calls according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of an apparatus for intrusion detection provided by embodiments of the present disclosure;
fig. 6 is a schematic diagram of a system for intrusion detection according to an embodiment of the present disclosure.
Detailed Description
So that the manner in which the features and elements of the disclosed embodiments can be understood in detail, a more particular description of the disclosed embodiments, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may be practiced without these details. In other instances, well-known structures and devices may be shown in simplified form in order to simplify the drawing.
The terms "first," "second," and the like in the description and in the claims, and the above-described drawings of embodiments of the present disclosure, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the present disclosure described herein may be made. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions.
The term "plurality" means two or more unless otherwise specified.
In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an or relationship. For example, A/B represents: a or B.
The term "and/or" is an associative relationship that describes objects, meaning that three relationships may exist. For example, a and/or B, represents: a or B, or A and B.
Referring to fig. 1, an embodiment of the present disclosure provides a method for intrusion detection, applied to a service server side, including:
step S101, acquiring a connection request;
step S102, acquiring the information of the household appliance according to the connection request;
step S103, sending the household appliance information to the user terminal, and triggering a feedback control request of the user terminal;
step S104, receiving the control request, sending the control request to the household appliances corresponding to the household appliance information, triggering the household appliances to carry out intrusion detection and feeding back intrusion information to the security server; the intrusion information comprises system information of the household electrical appliance and/or a first system calling sequence; the home appliance system information includes one or more of home appliance memory information, a home appliance control program stack, and home appliance system configuration information.
By adopting the method for intrusion detection provided by the embodiment of the disclosure, the control request is obtained and the control instruction is obtained according to the control request, and the control request is sent to the household appliance, so that the household appliance is triggered to perform intrusion detection, and the safety of the household appliance is improved.
Optionally, obtaining the home device information according to the connection request includes: connecting with the user terminal according to the connection request; matching the household appliance information corresponding to the connection request in a preset equipment information table under the condition of successful connection with the user terminal; the device information table includes a correspondence between the connection request and the home device information.
Optionally, the home device information comprises a user-controllable home device. For example: household appliances such as televisions, air conditioners, refrigerators and the like.
Optionally, triggering the home device to perform intrusion detection includes: and triggering the household appliance to acquire a first system calling sequence according to the control instruction, and carrying out intrusion detection according to the first system calling sequence.
In some embodiments, when a control request B sent by a user terminal is received, a control instruction B corresponding to the control request B is sent to the home appliance device, the home appliance device is triggered to execute the control instruction B, and a corresponding first system call sequence is obtained according to the control instruction B. For example, in the process of executing the control instruction b, the household appliance is triggered to acquire the first system call sequence r, the first system call sequence t and the first system call sequence y according to the control instruction b.
Optionally, performing intrusion detection according to the first system call sequence includes: and under the condition that the first system calling sequence meets the preset condition, determining the control request as an illegal intrusion request.
In some embodiments, the control request C is sent to the home appliance, the home appliance is triggered to perform intrusion detection, a first system call sequence corresponding to the control request C is obtained as a system call sequence r, a system call sequence t and a system call sequence y, the home appliance is triggered to compare the system call sequence r, the system call sequence t and the system call sequence y in a preset system call sequence set, and the control request C is determined to be an illegal control request under the condition that a second system call sequence which is the same as the first system call sequence r, t and y does not exist in the preset system call sequence set.
Optionally, the method further comprises: acquiring a control instruction according to the control request; and sending a control instruction to the household appliance, and triggering the household appliance to execute the control instruction.
Optionally, obtaining the control instruction according to the control request includes: matching a control instruction corresponding to the control request from a preset control instruction database according to the control request; the control instruction database stores the corresponding relation between the control request and the control instruction.
Optionally, a method for intrusion detection is applied to a secure server side, and includes: acquiring intrusion information, wherein the intrusion information comprises household appliance system information and/or a first system calling sequence; the household appliance system information comprises one or more of household appliance memory information, a household appliance control program stack and household appliance system configuration information; acquiring a security patch package corresponding to the intrusion information according to the intrusion information; and sending the security patch package to the household appliance, and triggering the household appliance to upgrade according to the security patch package.
Optionally, the memory information of the home appliance device is a memory occupation condition of the current home appliance device operating system.
Optionally, obtaining, according to the intrusion information, a security patch package corresponding to the intrusion information includes: matching a security patch package corresponding to the intrusion information in a preset security patch package database; the security patch package database stores the corresponding relationship between the intrusion information and the security patch package.
In some embodiments, the system information of the home appliance and the first system call sequence are received, and the intrusion comparison module matches the received system information of the home appliance and the first system call sequence in a preset security patch packet database to obtain a security patch packet corresponding to the system information of the home appliance and/or the first system call sequence; and sending the security patch package to the household appliance, and triggering the household appliance to install and upgrade according to the security patch package.
In this way, the household appliance is triggered to acquire the first system calling sequence corresponding to the control request, and the household appliance is triggered to detect the first system calling sequence, so that the intrusion detection of the household appliance is realized; and meanwhile, invasion information of the household appliance is acquired, the security patch package is acquired according to the invasion information and sent to the household appliance, and the household appliance is triggered to be installed and upgraded according to the security patch package, so that the security defects of the control program of the household appliance are acquired in time, the potential safety hazards of the household appliance are reduced, and the safety of the household appliance is improved. The embodiment of the present disclosure further provides a method for intrusion detection, which is applied to a home appliance side, and includes: acquiring a control instruction; acquiring a first system calling sequence according to the control instruction; and carrying out intrusion detection according to the first system calling sequence.
By acquiring the first system calling sequence corresponding to the control request and carrying out intrusion detection according to the first system calling sequence corresponding to the control request, whether the household appliance is invaded or not can be detected, and the safety of the household appliance is improved.
Optionally, performing intrusion detection according to the first system call sequence includes: and under the condition that the first system calling sequence meets the preset condition, determining the control request as an illegal control request.
Optionally, the first system call sequence is a system call sequence corresponding to the control request.
Optionally, determining that the control request is an illegal control request when the first system call sequence meets a preset condition, includes: and under the condition that no second system calling sequence which is the same as the first system calling sequence exists in the preset system calling sequence set, determining the control request as an illegal control request.
In some embodiments, in case the control request C is received by the appliance control program, it is converted into a fixed set of system call sequences, i.e. a first system call sequence, in the kernel of the appliance operating system, for example: the first system calling sequence is a system calling sequence r, a system calling sequence t and a system calling sequence y, the system calling sequence r, the system calling sequence t and the system calling sequence y are compared in a preset system calling sequence set, and if a second system calling sequence which is the same as the first system calling sequence r, t and y does not exist in the system calling sequence set, the control request C is determined to be an illegal control request.
Optionally, the obtaining the system call sequence set includes: and acquiring system calling sequences corresponding to all preset control requests, and respectively storing the system calling sequences into a system calling sequence set. In some embodiments, a system call sequence corresponding to a preset control request is obtained, one or more system call sequences corresponding to the preset control request are obtained, and the preset control request and the system call sequence corresponding to the preset control request are stored in a set to obtain a preset system call sequence set.
Optionally, after the control instruction is determined to be an illegal intrusion instruction, performing intrusion alarm.
Optionally, the intrusion alarm is performed by triggering an intrusion alarm device to flash lights, buzzes and the like so as to remind the user that the household appliance is illegally intruded.
Optionally, the method further comprises: acquiring a control instruction; and executing the control instruction.
Optionally, after determining that the control request is an illegal control request, the method further includes: acquiring intrusion information, wherein the intrusion information comprises system information of the household appliance and/or a first system calling sequence; upgrading according to the intrusion information; the home device system information includes one or more of home device memory information, home device control program stack, and home device system configuration information.
Optionally, the memory information of the home appliance device is a memory occupation condition of the current home appliance device operating system.
Optionally, the upgrading according to the intrusion information includes: sending the intrusion information to a security server, and triggering the security server to acquire and feed back a security patch package; and installing the security patch package.
Optionally, triggering the security server to obtain the security patch package includes: triggering a security server to match a security patch package corresponding to the intrusion information in a preset security patch package database; the security patch package database stores the corresponding relationship between the intrusion information and the security patch package.
In some embodiments, the system information of the home appliance and the first system call sequence are sent to a security server, an intrusion comparison module in the security server is triggered to match in a preset security patch packet database according to the received system information of the home appliance and the first system call sequence, and a security patch packet corresponding to the system information of the home appliance and/or the first system call sequence is obtained; and receiving a security patch package sent by the security server, and installing and upgrading according to the received security patch package.
Therefore, the first system calling sequence corresponding to the control request is obtained, the first system calling sequence is detected, the invasion information of the household appliance is obtained, the safety patch package is obtained according to the invasion information for installation and upgrading, the invasion detection of the household appliance is realized, the safety defects of the control program of the household appliance are repaired in time, the potential safety hazards of the household appliance are reduced, and the safety of the household appliance is improved.
Referring to fig. 2, a method for intrusion detection of an electrical home device according to an embodiment of the present disclosure includes:
step S201, the home appliance sends a connection request to the service server, and triggers the service server to establish a connection with the home appliance.
Step S202, the service server receives the connection request sent by the household appliance, and feeds back the first connection success information to the household appliance under the condition that the service server establishes connection with the household appliance.
Step S203, the user terminal sends a connection request to the service server, and triggers the service server to establish a connection with the user terminal.
Step S204, the service server receives the connection request sent by the user terminal, and feeds back the second connection success information and the household appliance information to the user terminal under the condition that the service server establishes connection with the user terminal, and triggers the user terminal to send the control request. The home appliance information is a home appliance controllable by a user.
Step S205, the user terminal sends a control request to the service server.
Step S206, the service server receives the control request sent by the user terminal and sends the control request to the household appliance corresponding to the household appliance information; and matching a control instruction corresponding to the control request from a preset control instruction database, and sending the control instruction corresponding to the control request to the household appliance corresponding to the household appliance information.
Step S207, the household appliance receives the control request and the control instruction and executes the control instruction; and sending the information of successful control instruction receiving to the service server.
And step S208, the household appliance equipment acquires a first system calling sequence corresponding to the control request.
Step S209, the intrusion detection module in the home appliance determines whether the first system call sequence is legal.
Step S210, confirming that the control instruction can be successfully executed under the condition that the first system calling sequence is legal; and sending information that the control command can be successfully executed to the service server.
Step S211, the service server sends the information that the control command can be successfully executed to the user terminal.
The system calling sequence corresponding to the control request is obtained through the intrusion detection module and stored in the system calling sequence set, so that the household appliance is more convenient and quicker in intrusion detection, and the accuracy of the intrusion detection of the household appliance is improved.
Referring to fig. 3, a method for intrusion detection of an electrical home device according to an embodiment of the present disclosure includes:
step S301, the home appliance acquires a first system call sequence corresponding to the control request.
Step S302, the intrusion detection module in the home appliance determines whether the first system call sequence corresponding to the control request is legal.
Step S303, in a case that the first system call sequence corresponding to the control request is illegal, determining that the control request is an illegal intrusion instruction.
Step S304, the household appliance obtains intrusion information through an intrusion detection module and carries out intrusion alarm; the intrusion information comprises system information and/or a first system calling sequence of the household appliance; the home device system information includes one or more of home device memory information, home device control program stack, and home device system configuration information.
In step S305, the home appliance transmits the intrusion information to the security server.
Step S306, the security server receives the intrusion information and matches out a security patch package corresponding to the intrusion information from a preset security patch package database according to the intrusion information, wherein the preset security patch package database stores the corresponding relationship between the intrusion information and the security patch package.
In step S307, the security server sends the security patch package to the home appliance.
And step S308, the household appliance receives the security patch package, and installation and upgrade are carried out according to the security patch package.
In some embodiments, when the home appliance receives the control request and the control instruction and controls the home appliance to actually work, the control request and the control instruction are converted into a set of fixed system call sequences, namely a first system call sequence, in the kernel of the operating system of the home appliance; and the control program of the household appliance realizes the control request by calling the first system calling sequence. The intrusion detection module acquires a first system calling sequence corresponding to the control request, compares the first system calling sequence with a second system calling sequence in a system calling sequence set, and determines that the household appliance control program is executing an unknown risk behavior when the first system calling sequence corresponding to the control request is not in the system calling sequence set, and then determines that the control request is an illegal control request, and triggers the household appliance to alarm; meanwhile, invasion information is obtained and sent to the security server, a security patch package in the security server is obtained, and the security patch package is installed for upgrading, so that the security of the equipment is improved.
The method comprises the steps of obtaining a first system calling sequence corresponding to a control request through an intrusion detection module in the household appliance to carry out intrusion detection, obtaining intrusion information, sending the intrusion information to a security server, receiving the intrusion information through an intrusion comparison module by the security server, matching a security patch package corresponding to the intrusion information in a preset security patch package database according to the intrusion information, sending the security patch package to the household appliance through a security updating pushing module, triggering the household appliance to carry out installation and upgrading according to the security patch package, realizing intrusion detection on the household appliance, repairing security defects of a control program of the household appliance, reducing potential safety hazards of the household appliance and improving the security of the household appliance by obtaining the security patch package to carry out installation and upgrading.
Referring to fig. 4, a method for acquiring a system call sequence set according to an embodiment of the present disclosure includes:
step S401, the household appliance sends a connection request to the service server, and the service server is triggered to establish connection with the household appliance.
Step S402, the service server establishes connection with the household appliance, and feeds back the first connection success information to the household appliance.
Step S403, the user terminal sends a connection request to the service server.
Step S404, the service server establishes connection with the user terminal, and feeds back the second connection success information and the household appliance information to the user terminal. The home device information is a user-controllable home device, for example: television, air conditioner, refrigerator.
Step S405, the user terminal sends a control request to the service server.
Step S406, the service server receives the control request, matches a control instruction corresponding to the control request from a preset control instruction database, and sends the control request and the control instruction corresponding to the control request to the home appliance corresponding to the home appliance information.
Step S407, the household appliance receives the control request and the control instruction sent by the service server, and executes the control instruction; and sending the information of successful control instruction receiving to the service server.
Step S408, the home appliance obtains a first system call sequence corresponding to the control request through the intrusion detection module.
Step S409, the home appliance stores the first system call sequence corresponding to the control request in the system sequence call sequence set through the intrusion detection module.
In some embodiments, the user terminal sends a control request D to the service server, the service server receives the control request D and sends a control instruction D corresponding to the control request D to the home appliance device, and the home appliance device obtains a system call sequence corresponding to the control request D and executes the control instruction D. Optionally, the first system call sequence corresponding to the control request D is obtained as a system call sequence o, a system call sequence p, and a system call sequence q, and the system call sequence o, the system call sequence p, and the system call sequence q corresponding to the control request D are stored in a preset system call sequence set; optionally, system call sequences corresponding to all the control instructions are obtained and stored in a preset system call sequence set.
The system calling sequences corresponding to all control requests of the household appliance are obtained through the intrusion detection module and stored in the system calling sequence set, so that the household appliance is more convenient and quicker in intrusion detection, and the accuracy of intrusion detection of the household appliance is improved.
In some embodiments, when the control program of the home device receives a legal control command to control the home device to perform actual work, the control command is converted into one or more system call sequences in the kernel of the operating system of the home device, for example: and when the household appliance executes a legal control instruction a corresponding to the legal control request A, calling a system calling sequence x, a system calling sequence y and a system calling sequence z to realize the legal control request A. When the number of legal control instructions executable by an intelligent household appliance is fixed, namely the number of functions provided by a household appliance control program is fixed, the system calling sequence of the household appliance operating system kernel corresponding to each function is fixed. And obtaining a preset system calling sequence set by obtaining the system calling sequences corresponding to all the functions.
As shown in fig. 5, an apparatus for controlling an electric home appliance according to an embodiment of the present disclosure includes a processor (processor)100 and a memory (memory)101 storing program instructions. Optionally, the apparatus may also include a Communication Interface (Communication Interface)102 and a bus 103. The processor 100, the communication interface 102, and the memory 101 may communicate with each other via a bus 103. The communication interface 102 may be used for information transfer. The processor 100 may call the program instructions in the memory 101 to perform the method for controlling the electric home appliance of the above-described embodiment.
Further, the program instructions in the memory 101 may be implemented in the form of software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product.
The memory 101, which is a computer-readable storage medium, may be used for storing software programs, computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 100 executes functional applications and data processing by executing program instructions/modules stored in the memory 101, that is, implements the method for controlling the home appliance in the above-described embodiments.
The memory 101 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal device, and the like. In addition, the memory 101 may include a high-speed random access memory, and may also include a nonvolatile memory.
According to the device for intrusion detection, the household appliance obtains the system calling sequence corresponding to the control request, and can carry out intrusion detection according to the system calling sequence corresponding to the control request, so that the safety of the household appliance is improved.
The device provided by the embodiment of the disclosure comprises the device applied to the household appliance side and used for intrusion detection; the device is used for acquiring a first system calling sequence corresponding to the control request; and intrusion detection is performed according to the first system call sequence.
The server provided by the embodiment of the present disclosure is a service server, and includes the above-mentioned device for intrusion detection applied to the service server side; the device is used for acquiring a connection request; acquiring the information of the household appliance according to the connection request; sending the household appliance information to a user terminal, and triggering the user terminal to feed back a control request; receiving a control request, and acquiring a control instruction according to the control request; and sending the control instruction and the control request to the household appliance corresponding to the household appliance information, triggering the household appliance to carry out intrusion detection and feeding back intrusion information to the security server.
The server provided by the embodiment of the present disclosure is a security server, and includes the above-mentioned device for intrusion detection applied to the security server side; the device is used for acquiring intrusion information, wherein the intrusion information comprises household appliance system information and/or a first system calling sequence; the household appliance system information comprises one or more of household appliance memory information, a household appliance control program stack and household appliance system configuration information; acquiring a security patch package according to the intrusion information; and sending the security patch package to the household appliance, and triggering the household appliance to upgrade according to the security patch package.
Optionally, the device is an intelligent home appliance with an intrusion detection module and a security update installation module, such as: televisions, refrigerators, air conditioners, and the like.
The equipment provided by the embodiment of the disclosure can carry out intrusion detection according to the system calling sequence corresponding to the control request by acquiring the system calling sequence corresponding to the control request, thereby improving the safety of the household appliance. As shown in fig. 5, an embodiment of the present disclosure provides a system for intrusion detection, including: the system comprises a router 1, a security server 2, household electrical appliances 3, a service server 4, a user terminal 5, an intrusion comparison module 6, a security update push module 7, an intrusion detection module 8 and a security update installation module 9. Optionally, the service server 4 receives a control request sent by the user terminal 5 through the router 1, the service server 4 sends a control instruction corresponding to the control request to the household electrical appliance 3 through the router 1, the household electrical appliance 3 performs intrusion detection on the control instruction through the intrusion detection module 8, when the control instruction is determined to be an illegal intrusion instruction, the intrusion detection module 8 obtains intrusion information and sends the intrusion information to the security server 2 through the router 1, the intrusion comparison module 6 in the security server 2 receives the intrusion information and obtains a security patch package corresponding to the intrusion information, the security update push module 7 sends the security patch package to the household electrical appliance 3 through the router 1, and the security update installation module 9 in the household electrical appliance 3 receives the security patch package and performs installation and upgrade.
The disclosed embodiments provide a computer-readable storage medium having stored thereon computer-executable instructions configured to perform the above-described intrusion detection providing method.
Embodiments of the present disclosure provide a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform the above-described method for intrusion detection.
The computer-readable storage medium described above may be a transitory computer-readable storage medium or a non-transitory computer-readable storage medium.
The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product, where the computer software product is stored in a storage medium and includes one or more instructions to enable a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method of the embodiments of the present disclosure. And the aforementioned storage medium may be a non-transitory storage medium comprising: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes, and may also be a transient storage medium.
The above description and drawings sufficiently illustrate embodiments of the disclosure to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. The examples merely typify possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in or substituted for those of others. Furthermore, the words used in the specification are words of description only and are not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this application is meant to encompass any and all possible combinations of one or more of the associated listed. Furthermore, the terms "comprises" and/or "comprising," when used in this application, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other like elements in a process, method or apparatus that comprises the element. In this document, each embodiment may be described with emphasis on differences from other embodiments, and the same and similar parts between the respective embodiments may be referred to each other. For methods, products, etc. of the embodiment disclosures, reference may be made to the description of the method section for relevance if it corresponds to the method section of the embodiment disclosure.
Those of skill in the art would appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software may depend upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments. It can be clearly understood by the skilled person that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments disclosed herein, the disclosed methods, products (including but not limited to devices, apparatuses, etc.) may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units may be merely a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to implement the present embodiment. In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. In the description corresponding to the flowcharts and block diagrams in the figures, operations or steps corresponding to different blocks may also occur in different orders than disclosed in the description, and sometimes there is no specific order between the different operations or steps. For example, two sequential operations or steps may in fact be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. Each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Claims (10)
1. A method for intrusion detection is applied to a service server side, and is characterized by comprising the following steps:
acquiring a connection request;
acquiring the information of the household appliance according to the connection request;
sending the household appliance information to a user terminal, and triggering a feedback control request of the user terminal;
receiving the control request, sending the control request to the household appliances corresponding to the household appliance information, triggering the household appliances to carry out intrusion detection and feeding back intrusion information to a security server;
the intrusion information comprises household appliance system information and/or a first system calling sequence; the home appliance system information includes one or more of home appliance memory information, a home appliance control program stack, and home appliance system configuration information.
2. The method of claim 1, wherein obtaining the home device information according to the connection request comprises:
connecting with the user terminal according to the connection request;
matching the household appliance information corresponding to the connection request in a preset equipment information table under the condition of successful connection with the user terminal;
the device information table includes a correspondence between the connection request and the home device information.
3. The method of claim 1, wherein triggering the home device for intrusion detection comprises:
and triggering the household appliance to acquire a first system calling sequence according to the control request, and carrying out intrusion detection according to the first system calling sequence.
4. The method of claim 3, wherein performing intrusion detection according to the first sequence of system calls comprises:
and determining the control request as an illegal intrusion request under the condition that the first system calling sequence meets a preset condition.
5. The method of any of claims 1 to 4, further comprising:
acquiring a control instruction according to the control request;
and sending the control instruction to the household appliance, and triggering the household appliance to execute the control instruction.
6. The method of claim 5, wherein obtaining control instructions based on the control request comprises:
matching a control instruction corresponding to the control request from a preset control instruction database according to the control request;
the control instruction database stores the corresponding relation between the control request and the control instruction.
7. A method for intrusion detection, applied to a security server side, includes:
acquiring intrusion information, wherein the intrusion information comprises household appliance system information and/or a first system calling sequence; the household appliance system information comprises one or more of household appliance memory information, a household appliance control program stack and household appliance system configuration information;
acquiring a security patch packet corresponding to the intrusion information according to the intrusion information;
and sending the security patch package to the household appliance equipment, and triggering the household appliance equipment to upgrade according to the security patch package.
8. The method of claim 7, wherein obtaining the security patch package corresponding to the intrusion information according to the intrusion information comprises:
matching a security patch package corresponding to the intrusion information in a preset security patch package database;
and the security patch packet database stores the corresponding relationship between the intrusion information and the security patch packet.
9. An apparatus for intrusion detection comprising a processor and a memory having stored thereon program instructions, wherein the processor is configured to perform a method for intrusion detection as claimed in any one of claims 1 to 6 or 7 to 8 when executing the program instructions.
10. A server, characterized in that it comprises an apparatus for intrusion detection according to claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010949629.6A CN112182574A (en) | 2020-09-10 | 2020-09-10 | Method and device for intrusion detection and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010949629.6A CN112182574A (en) | 2020-09-10 | 2020-09-10 | Method and device for intrusion detection and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112182574A true CN112182574A (en) | 2021-01-05 |
Family
ID=73920477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010949629.6A Pending CN112182574A (en) | 2020-09-10 | 2020-09-10 | Method and device for intrusion detection and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112182574A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1794645A (en) * | 2005-08-24 | 2006-06-28 | 上海浦东软件园信息技术有限公司 | Invading detection method and system based on procedure action |
| CN101399675A (en) * | 2007-09-25 | 2009-04-01 | 海尔集团公司 | Radio control device and network household electrical appliance system |
| US20120174095A1 (en) * | 2011-01-04 | 2012-07-05 | International Business Machines Corporation | Automatically and securely configuring and updating virtual machines |
| CN106685775A (en) * | 2017-01-13 | 2017-05-17 | 北京同余科技有限公司 | Self-inspection type invasion prevention method and system for intelligent household electrical appliance |
| CN107526501A (en) * | 2016-06-22 | 2017-12-29 | 佛山市顺德区美的电热电器制造有限公司 | The control system and mobile terminal of intelligent appliance |
| CN108229157A (en) * | 2017-12-29 | 2018-06-29 | 北京潘达互娱科技有限公司 | Server attack early warning method and apparatus |
| CN110737891A (en) * | 2018-07-19 | 2020-01-31 | 北京京东金融科技控股有限公司 | A host intrusion detection method and device |
| CN111159718A (en) * | 2019-12-31 | 2020-05-15 | 青岛海尔科技有限公司 | Method and device for bug repair and household appliance |
-
2020
- 2020-09-10 CN CN202010949629.6A patent/CN112182574A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1794645A (en) * | 2005-08-24 | 2006-06-28 | 上海浦东软件园信息技术有限公司 | Invading detection method and system based on procedure action |
| CN101399675A (en) * | 2007-09-25 | 2009-04-01 | 海尔集团公司 | Radio control device and network household electrical appliance system |
| US20120174095A1 (en) * | 2011-01-04 | 2012-07-05 | International Business Machines Corporation | Automatically and securely configuring and updating virtual machines |
| CN107526501A (en) * | 2016-06-22 | 2017-12-29 | 佛山市顺德区美的电热电器制造有限公司 | The control system and mobile terminal of intelligent appliance |
| CN106685775A (en) * | 2017-01-13 | 2017-05-17 | 北京同余科技有限公司 | Self-inspection type invasion prevention method and system for intelligent household electrical appliance |
| CN108229157A (en) * | 2017-12-29 | 2018-06-29 | 北京潘达互娱科技有限公司 | Server attack early warning method and apparatus |
| CN110737891A (en) * | 2018-07-19 | 2020-01-31 | 北京京东金融科技控股有限公司 | A host intrusion detection method and device |
| CN111159718A (en) * | 2019-12-31 | 2020-05-15 | 青岛海尔科技有限公司 | Method and device for bug repair and household appliance |
Non-Patent Citations (2)
| Title |
|---|
| 刘平等: "《计算机网络安全与管理研究》", 31 January 2013, 吉林大学出版社 * |
| 陈路: "《信息系统工程监理与系统安全测评技术实用手册 下卷》", 31 May 2003, 北京电子出版物出版中心 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106156619B (en) | Application security protection method and device | |
| EP3800909B1 (en) | Remote management method, and device | |
| EP3537329B1 (en) | Access control method and system, electronic device, and computer storage medium | |
| EP3328036B1 (en) | Identification information generating method, device, and computer readable storage medium | |
| CN110856126B (en) | Information reporting and receiving method, terminal equipment and storage medium | |
| CN101258505B (en) | Secure software updates | |
| CN105493098B (en) | Terminal device, method for protecting terminal device, and terminal management server | |
| CN111338663B (en) | System upgrading method, terminal and storage medium | |
| CN104870068A (en) | Method and router for access network | |
| CN112202747A (en) | Target device binding method and device, storage medium and electronic device | |
| CN104702760A (en) | Communication number updating method and device | |
| EP3783861B1 (en) | Data downloading and management method and terminal | |
| CN104750523A (en) | Information processing method and electronic equipment | |
| CN112099828A (en) | Method, device, storage medium, electronic equipment and system for upgrading electronic equipment | |
| CN113341738A (en) | Method, device and equipment for controlling household appliance | |
| CN112565251B (en) | Access authentication method, device and system for vehicle-mounted application | |
| CN112182574A (en) | Method and device for intrusion detection and server | |
| CN105100030B (en) | Access control method, system and device | |
| CN107509180B (en) | Method for automatically encrypting short message, storage device and mobile terminal | |
| CN112182573A (en) | Method, device and equipment for intrusion detection | |
| JP2008118538A (en) | Wireless terminal and wireless lan connection method | |
| CN108234399B (en) | Interface communication method and terminal | |
| CN107770148B (en) | Software deployment method and device | |
| CN113791802B (en) | Vehicle upgrading method, device, equipment and storage medium | |
| CN109785129B (en) | Data acquisition method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210105 |
|
| RJ01 | Rejection of invention patent application after publication |