CN112822208A - Internet of things equipment identification method and system based on block chain - Google Patents
Internet of things equipment identification method and system based on block chain Download PDFInfo
- Publication number
- CN112822208A CN112822208A CN202110136411.3A CN202110136411A CN112822208A CN 112822208 A CN112822208 A CN 112822208A CN 202110136411 A CN202110136411 A CN 202110136411A CN 112822208 A CN112822208 A CN 112822208A
- Authority
- CN
- China
- Prior art keywords
- node
- gateway
- transaction
- equipment
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a block chain-based Internet of things equipment identification method and system, wherein when equipment accesses to a gateway, the equipment characteristics of the equipment are acquired by any gateway in the Internet of things equipment identification system comprising a plurality of gateways; if the device type of the device is identified by using the device characteristics and the identification model locally stored in the gateway, recording the device type, otherwise, defining a new device type aiming at the device characteristics, and taking the device characteristics and the new device type as a piece of training data; processing uplink to block chains on the training data to obtain a distributed account book; and training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model. The scheme can improve the expansibility and the recognition accuracy of the Internet of things recognition system.
Description
Technical Field
The invention relates to the technical field of Internet of things equipment identification, in particular to a block chain-based Internet of things equipment identification method and system.
Background
With the development of the internet of things technology, the number of devices in the internet of things is greatly increased, and an administrator of the internet of things may be difficult to know the type of a new access device in the internet of things in time, so that the management of the internet of things is abnormal. Therefore, the device identification of the internet of things becomes a key ring in the management of the internet of things.
In the correlation technique, the equipment identification of the internet of things can be realized by the internet of things equipment identification system. The internet of things equipment identification system can comprise a gateway of the internet of things and a service center of the internet of things. Specifically, the gateway of the internet of things extracts the characteristics of the equipment accessed to the gateway and sends the characteristics to the service center, and the service center identifies the type of the equipment by using the received characteristics and the recognition model obtained through pre-training.
However, in the above-mentioned internet of things device identification system, if a service center of the internet of things is attacked, all new devices accessed by the gateway cannot be identified, and the risk resistance is poor. Moreover, once there is an increase in gateways and devices, the service centers must be extended, resulting in poor scalability of the identification system.
Disclosure of Invention
The embodiment of the invention aims to provide a block chain-based method and a block chain-based system for identifying equipment of the Internet of things, so as to improve the risk resistance and the expandability of equipment identification of the Internet of things. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present invention provides a block chain-based internet of things device identification method, which is applied to any gateway in an internet of things device identification system including multiple gateways, and the method includes:
when equipment is accessed to the gateway, acquiring equipment characteristics of the equipment;
if the device type of the device is identified by using the device characteristics and the identification model locally stored in the gateway, recording the device type, otherwise, defining a new device type aiming at the device characteristics, and taking the device characteristics and the new device type as a piece of training data;
processing uplink to block chains on the training data to obtain a distributed account book; wherein the blockchain comprises: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting equipment characteristics, the endorsement node is a gateway except the transaction proposing node in the plurality of gateways, and the accounting node is the plurality of gateways;
and training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model.
In a second aspect, an embodiment of the present invention provides a system for identifying an internet of things device based on a block chain, where the system includes: a plurality of gateways, any gateway to:
when equipment is accessed to the gateway, acquiring equipment characteristics of the equipment;
if the device type of the device is identified by using the device characteristics and the identification model locally stored in the gateway, recording the device type, otherwise, defining a new device type aiming at the device characteristics, and taking the device characteristics and the new device type as a piece of training data;
processing uplink to block chains on the training data to obtain a distributed account book; wherein the blockchain comprises: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting equipment characteristics, the endorsement node is a gateway except the transaction proposing node in the plurality of gateways, and the accounting node is the plurality of gateways;
and training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model.
The embodiment of the invention has the following beneficial effects:
in the solution provided in the embodiment of the present invention, the block chain includes: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting the equipment characteristics, the endorsement node is a gateway except the transaction proposing node in a plurality of gateways of the equipment identification system of the Internet of things, and the bookkeeping node is a plurality of gateways of the equipment identification system of the Internet of things. Based on the identification model, any gateway can obtain a distributed account book by using the device characteristics of the new device accessed to the gateway, and obtain a new identification model for replacing the identification model by using the distributed account book training. Therefore, each gateway of the networked device identification system can be ensured to be stored with a distributed account book as an accounting node, and the identification model is updated by using the distributed account book, so that new devices are identified. Therefore, when any gateway breaks down, other gateways can still normally identify equipment, and the risk resistance is improved. And when the number of the gateways and the equipment is increased rapidly, the newly-added gateways can share the increased processing pressure, a special service center does not need to be expanded, and the expansibility is improved. In addition, when a new device is accessed to any gateway, the device characteristics of the device are recorded on the distributed account book by the block chain, and the recognition models of all the gateways can be continuously updated to recognize a new device type, so that the recognition accuracy of the device type is improved.
Of course, not all of the advantages described above need to be achieved at the same time in the practice of any one product or method of the invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for identifying an internet of things device based on a block chain according to an embodiment of the present invention;
fig. 2 is an exemplary diagram of an application scenario of a method for identifying an internet of things device based on a block chain according to an embodiment of the present invention;
fig. 3 is an exemplary diagram of a method for identifying an internet of things device based on a block chain according to an embodiment of the present invention;
fig. 4 is an exemplary diagram of a generation flow of a distributed ledger in a method for identifying an internet of things device based on a block chain according to an embodiment of the present invention;
fig. 5(a) is an exemplary diagram of an identification effect of an internet of things device identification method based on a block chain according to an embodiment of the present invention;
fig. 5(b) is a diagram illustrating another identification effect of an internet of things device identification method based on a block chain according to an embodiment of the present invention;
fig. 6 is a diagram illustrating a structure of an internet of things device identification system based on a block chain according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived from the embodiments given herein by one of ordinary skill in the art, are within the scope of the invention.
The internet of things equipment identification is to extract the equipment characteristics of the equipment, and classify and identify the equipment characteristics by using an identification model obtained by pre-training to obtain the equipment type of new equipment accessed to the network. Based on the method, different internet of things resources can be distributed for different types of internet of things equipment, so that the internet of things resources are fully utilized, and management efficiency is improved. And the network security protection of the Internet of things can be realized by combining the equipment identification of the Internet of things with some security policies. For example, after the device type is identified, the vulnerability device can be identified by combining the vulnerability database, and a network isolation strategy is adopted for the vulnerability device, so that the vulnerability device is prevented from being utilized by an attacker to attack the network, and the purpose of network security protection is achieved. In addition, the benefit brought by the equipment identification of the Internet of things is not only in the aspects of management and safety, but also in the aspect of an intelligent environment of the Internet of things such as 'intelligent home', the system can know information of more intelligent equipment through the equipment identification of the Internet of things, so that more intelligent and personalized services are provided for users, and the intelligent experience of the users is improved.
The method for identifying the equipment of the Internet of things based on the block chain is applied to any gateway in an equipment identification system of the Internet of things comprising a plurality of gateways. The gateway is an electronic device serving as a conversion task, and can be used for interconnection of a wide area network and interconnection of a local area network. In specific application, the internet of things network and the user network often use different communication protocols respectively, and the internet of things device accesses the internet of things network through the user network, so a gateway can be arranged between the internet of things network and the user network, and the gateway can be regarded as a gateway in the internet of things device identification system.
As shown in fig. 1, a method for identifying an internet of things device based on a block chain may include the following steps:
s101, when a device accesses the gateway, the device characteristics of the device are obtained.
In a specific application, the device feature may include a hardware feature of the device, and/or a communication feature when the device communicates with a gateway of the internet of things. Accordingly, the manner in which the device characteristics of the device are obtained may be various. As to the hardware feature, for example, the hardware feature reported by the device may be received by using a gateway interface. For example, the gateway interface receives the device model and the device interface type reported by the device. For the communication feature, for example, communication data with the accessed device may be recorded by the gateway, and the communication feature may be obtained from the communication data. For ease of understanding and reasonable layout, the second exemplary case is described in detail below in the form of an alternative embodiment.
And S102, if the device feature and the identification model stored locally in the gateway are utilized, identifying the device type of the device, and recording the device type, otherwise, defining a new device type aiming at the device feature, and taking the device feature and the new device type as a piece of training data.
In a specific application, each gateway in the internet of things equipment identification system stores an identification model for identifying the equipment type of the internet of things equipment. The recognition model can be obtained by training in advance by utilizing a plurality of sample equipment characteristics and equipment type labels. If the device type of the device is identified by using the device characteristics and the identification model stored locally in the gateway, the device type is recorded for the safety and management of the Internet of things and the like. If the device type of the device is not identified by using the device feature and the identification model stored locally in the gateway, the device is indicated as a new device, so that a new device type can be defined for the device feature, and the device feature and the new device type can be used as a piece of training data.
S103, processing uplink to the block chain is carried out on the training data, and a distributed account book is obtained.
Wherein, the block chain may include: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting the equipment characteristics, the endorsement node is a gateway except the transaction proposing node in the plurality of gateways, and the accounting node is the plurality of gateways.
In order to ensure that each gateway of the internet of things identification system can identify new equipment, the gateway for extracting the equipment characteristics can be used as a transaction proposing node of the block chain, the gateways except the transaction proposing node in the plurality of gateways can be used as endorsement nodes of the block chain, and the plurality of gateways can be used as accounting nodes. In this way, whenever a new device accesses any gateway, the feature vector set is recorded into the distributed ledger in a processing manner of the blockchain. The distributed account book, namely the training set of the recognition model in the lower-layer gateway can be continuously updated and expanded through the method, so that a new recognition model can be obtained through the subsequent step S104, the recognition model stored locally in the gateway can be continuously replaced by the new recognition model capable of recognizing the new equipment type, and the recognition accuracy of the equipment type can be improved.
And S104, training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model.
In specific application, a traditional internet of things equipment recognition system obtains a recognition model by adopting a machine learning method based on supervision, and needs to rely on an existing equipment feature training set to train an equipment recognition model, so that the recognition system can only recognize fixed equipment types and cannot automatically recognize unknown new equipment types. The distributed account book containing new training data is automatically obtained based on the processing mode of the block chain, the recognition model can be automatically updated, and the recognition of the new equipment type is ensured.
Illustratively, as shown in fig. 2. The internet of things device identification system may include a plurality of gateways 201 and a plurality of internet of things devices 202, and each gateway 201 may access a plurality of devices. Any gateway 201 may include a block link point function module, an identification model, and a feature acquisition module. In the embodiment of the invention, the gateway plays roles of a transaction proposing node, an endorsement node and an accounting node in a block chain corresponding to the Internet of things, so that a block chain function module is arranged in the gateway. Therefore, the gateway can form a block chain corresponding to the Internet of things and is used for obtaining and storing the distributed account book.
For ease of understanding, the entire flow of the embodiments of the present invention is described below in an exemplary form. As shown in fig. 3. A new device of type x accesses the gateway G1. The gateway G1 obtains the device characteristics of the device, and performs recognition using the recognition model stored locally in the gateway G1, so that it is found that there is no matching device type, that is, the device type of the device is not recognized. Therefore, the gateway G1 defines a new device type "type 1" for the new device, and then performs uplink processing on the device characteristics of the device and the new device type. Similarly, a new device of device type k accesses the gateway G3. The gateway G3 obtains the feature vector of the new access device, and performs recognition by using the recognition model, so that the device type cannot be recognized. Therefore, the gateway G3 defines a new device type "type 2" for the new device, and then performs uplink processing on the new device type and corresponding device characteristics. The distributed account book formed through the uplink processing stores: old device types a to d, and the two new device types x and k described above. The gateways G1 to G3 are all block chain full nodes, namely all the blocks can store the whole account book information of the block chain, and the three gateways respectively use the stored distributed account book as a model training set, retrain the distributed account book to obtain a new recognition model and replace an old recognition model stored locally. Thus, when a new device with device type x accesses the gateway G2, the gateway G2 obtains the device characteristics of the new device, and identifies the device by using the locally stored identification model, and then identifies the device by using the new identification model, so that the device type of the device can be identified as "type 1".
In the solution provided in the embodiment of the present invention, the block chain includes: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting the equipment characteristics, the endorsement node is a gateway except the transaction proposing node in a plurality of gateways of the equipment identification system of the Internet of things, and the bookkeeping node is a plurality of gateways of the equipment identification system of the Internet of things. Based on the identification model, any gateway can obtain a distributed account book by using the device characteristics of the new device accessed to the gateway, and obtain a new identification model for replacing the identification model by using the distributed account book training. Therefore, each gateway of the networked device identification system can be ensured to be stored with a distributed account book as an accounting node, and the identification model is updated by using the distributed account book, so that new devices are identified. Therefore, when any gateway breaks down, other gateways can still normally identify equipment, and the risk resistance is improved. And when the number of the gateways and the equipment is increased rapidly, the newly-added gateways can share the increased processing pressure, a special service center does not need to be expanded, and the expansibility is improved. In addition, when a new device is accessed to any gateway, the device characteristics of the device are recorded on the distributed account book by the block chain, and the recognition models of all the gateways can be continuously updated to recognize a new device type, so that the recognition accuracy of the device type is improved.
In an optional implementation manner, the internet of things device identification system may further include a sorting node;
correspondingly, the processing of uplink to block chain for the training data to obtain the distributed book specifically includes the following steps:
the training data is sent to the endorsement node as a transaction proposal so that the endorsement node verifies the transaction proposal and returns a verification result and the endorsement node signature to the transaction proposal node;
and when the transaction proposal is determined to be legal by using the received endorsement node check result and endorsement node signature, sending the transaction proposal to the sequencing node so that the sequencing node packs the transaction proposal into blocks and broadcasts the blocks so that the accounting node receiving the blocks writes the blocks qualified for check into the account book to obtain the distributed account book.
In a particular application, a transaction may include "device type" and "device characteristics". When a new device is accessed to a user network, a user gateway passively monitors device communication data and obtains device features of the device, such as device feature vectors, the device feature vectors are obtained and then are identified by using an identification model, if the identification fails, the device type is defined as type _ n, the device feature vectors and the defined device type form a transaction, and the gateway accessed by the device initiates a transaction request. Where n may be gradually increased according to the number of definitions of the new device type, for example, "type _ 1" in the first definition and "type _ 2" in the second definition.
In an alternative embodiment, the transaction proposal includes a signature of the transaction initiator;
correspondingly, the verification of the transaction proposal by the endorsement node specifically comprises the following steps:
the endorsement node verifies the validity of the signature of the transaction initiator, the qualification of the format of the transaction proposal and the repeatability of the transaction proposal.
Wherein, the repeatability of the transaction proposal refers to whether the transaction is initiated repeatedly. When the signature of the transaction initiator is valid, the format of the transaction proposal is qualified, and the transaction proposal is not a recurrence, it may be determined that the transaction proposal is verified. And, the sequencing node may be a server in the internet of things. Illustratively, as shown in fig. 4. The gateway 1 is used as a transaction proposing node to initiate a transaction proposal and sends the transaction proposal to two nodes, namely the gateway 2 and the gateway 3. The gateway 2 and the gateway 3 are used as endorsement nodes, verify the transaction proposal after receiving the transaction proposal, and send the verification result and the respective CA certificate signature back to the gateway 1. And when the gateway 1 receives the endorsement results of the gateway 2 and the gateway 3, the signatures of the gateway 2 and the gateway 3 are verified, the endorsement result of the transaction is verified, and the transaction is sent to the sequencing node after the transaction is determined to be legal. And the sequencing node packs the received transactions to form blocks and broadcasts the packed blocks to the gateway 1, the gateway 2 and the gateway 3. At this time, the three gateways receive the packed blocks as accounting nodes, and write the blocks into the world state and the account book after checking. The gateway 1 receives a new block consisting of a plurality of transactions packed by the sequencing node. In addition, the block may be formed by packing a certain number of transactions or transactions within a certain time into a block by the sorting node.
In an optional implementation manner, the extracting, when there is a device accessing to the gateway, the device feature of the device may specifically include the following steps:
when equipment is accessed to the gateway, recording communication data communicated between the equipment and the gateway;
acquiring a plurality of characteristics of a communication mode indicated by communication data as equipment characteristics of equipment respectively aiming at a session level, a data packet level and a communication protocol level; the conversation hierarchy is a hierarchy to which the conversation in the preset communication time length belongs.
In an optional implementation manner, the acquiring, for the session level, the packet level, and the communication protocol level, a plurality of characteristics of a communication mode indicated by the communication data as the device characteristics of the device may specifically include the following steps:
counting the number of data packets belonging to the session in the communication data and the duration of the session aiming at the session level;
acquiring the length of each data packet and the statistical characteristics of round-trip time intervals from communication data according to the data packet hierarchy; wherein the statistical characteristic is at least one of a maximum value, a minimum value and an average value;
for a communication protocol level, a length of a packet of the communication protocol, a statistical characteristic of a duration of a data stream of the communication protocol, a number of transmission control protocol keep-alive probes used in a communication protocol session, and a number of packets of the communication protocol are obtained from the communication data.
In a specific application, some characteristics in the communication data have limitations and are not suitable for a large-scale internet of things environment, for example, the characteristics for device identification include a domain name and a port number, some non-commercial entities may deploy devices which never send out DNS requests, and the port number may be completely unique to an application. In addition, some features may present privacy concerns, for example, processing a user's destination IP address may reveal their browsing behavior. Therefore, the present invention selects the features shown in table 1 in consideration of the feature utility and privacy.
The session selected in the embodiments of the present invention is determined based on a static method, and all communication data of the devices connected together in a time interval of a fixed size, for example, 10 minutes, is considered as a single session. In table 1: the features with ID '0-1' are features at the session level, 0 being the number of packets sent during the session; 1 is the active duration of the session. If a session is defined for 15 minutes, but only the first 10 minutes are possible to send packets, the communication data may be within 10 minutes. The ID's "2-7" are packet-level features, where a packet is referred to as all packets contained within a session. Mainly including the statistical characteristics of the packet length and the packet round-trip time interval. ID's of 8-70 are device characteristics at the protocol level. The TLS protocol is a secure transport protocol, and extracts the length of the TLS data packet, the statistical characteristics of the duration of the TLS data stream, the number of TCP keep-alive probes used in the TLS session, and the number of TLS data packets. Of course the HTTP protocol may be included as a common protocol.
In addition, there may be some other protocols. For example, the STUN protocol (a protocol that traverses sessions over UDP through NAT) is used to establish two-way communication between an internet of things device and its cloud server in the presence of a NAT server. The SSDP protocol, a simple service discovery protocol, is a serverless discovery protocol that forms the basis of the universal plug and play architecture. The MQTT protocol (message queue telemetry transport) is a lightweight publish-subscribe based messaging protocol for collecting data from devices and transmitting it to servers; the QUIC protocol (fast UDP network connection) protocol is a transport protocol. NTP protocol (network time protocol, a protocol used to synchronize computer time). BOOTP protocol (a boot protocol used in a local area network of diskless workstations to allow the diskless workstation to obtain IP addresses from a central server). Thus, the above device features may specifically constitute a feature vector of dimension 71 used for identification.
For ease of understanding, the advantages of embodiments of the present invention are described below in an exemplary form.
Exemplarily, as shown in fig. 5(a) and 5 (b). Each gateway forms a blockchain through ethernet or WiFi connections. The interval length of 10 minutes is used to get session data, for example, a total of 6545 sessions are captured. Specifically, the Internet of things system is added to some common Internet of things devices, such as a D-Link camera, a TP-Link camera and a color light device. As shown in fig. 5(a), the average recognition rates, i.e., the correct recognition rates TPR, of the three devices, the D-Link camera, the TP-Link camera, and the color light device, can reach more than 98%. In addition, for some unusual internet of things devices as newly-added devices, such as a D-Link camera, an MI smart bulb and a browser, as shown in a curve in fig. 5 (b). When a new device joins, it cannot be identified; however, after the features are introduced, the gateway and the blockchain ledger are updated synchronously, and the average identification rates TPR of the identification cameras, the MI smart bulbs and the browsers of the three common devices D-Link are higher than 98%.
Corresponding to the method embodiment, the embodiment of the invention also provides an internet of things equipment identification system based on the block chain.
As shown in fig. 6, an embodiment of the present invention provides a system for identifying devices in the internet of things based on a block chain, where the system includes: a plurality of gateways 601, any gateway for:
when equipment is accessed to the gateway, acquiring equipment characteristics of the equipment;
if the device type of the device is identified by using the device characteristics and the identification model locally stored in the gateway, recording the device type, otherwise, defining a new device type aiming at the device characteristics, and taking the device characteristics and the new device type as a piece of training data;
processing uplink to block chains on the training data to obtain a distributed account book; wherein the blockchain comprises: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting equipment characteristics, the endorsement node is a gateway except the transaction proposing node in the plurality of gateways, and the accounting node is the plurality of gateways;
and training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model.
Optionally, the internet of things device identification system further includes a sorting node;
the gateway serving as the transaction proposing node is specifically configured to: sending the training data as a transaction proposal to the endorsement node so that the endorsement node verifies the transaction proposal and returns a verification result and the endorsement node signature to the transaction proposal node; when the transaction proposal is determined to be legal by using the received endorsement node check result and the endorsement node signature, sending the transaction proposal to the sequencing node;
the sequencing node is used for packaging the transaction proposal into a block and broadcasting the block;
the accounting node is specifically configured to: and checking the received blocks, and writing the blocks qualified in checking into an account book to obtain the distributed account book.
Optionally, the transaction proposal includes a signature of the transaction initiator;
the gateway serving as the endorsement node is specifically configured to:
verifying the validity of the signature of the transaction initiator, the eligibility of the format of the transaction proposal, and the repeatability of the transaction proposal.
Optionally, the gateway accessing the device is specifically configured to:
when a device accesses the gateway, recording communication data communicated between the device and the gateway;
acquiring a plurality of characteristics of a communication mode indicated by the communication data as device characteristics of the device, respectively for a session level, a packet level and a communication protocol level; and the session hierarchy is the hierarchy to which the session in the preset communication time length belongs.
Optionally, the gateway accessing the device is specifically configured to:
counting, for the session level, the number of packets belonging to the session in the communication data and the duration of the session;
acquiring the length of each data packet and the statistical characteristics of round trip time intervals from the communication data aiming at the data packet hierarchy; wherein the statistical characteristic is at least one of a maximum value, a minimum value, and an average value;
for the communication protocol layer, acquiring the length of a data packet of the communication protocol, the statistical characteristics of the duration of a data stream of the communication protocol, the number of transmission control protocol keep-alive probes used in a communication protocol session and the number of data packets of the communication protocol from the communication data.
An embodiment of the present invention further provides an electronic device, as shown in fig. 7, including a processor 701, a communication interface 702, a memory 703 and a communication bus 704, where the processor 701, the communication interface 702, and the memory 703 complete mutual communication through the communication bus 704,
a memory 703 for storing a computer program;
the processor 701 is configured to implement the following steps when executing the program stored in the memory 703:
when equipment is accessed to the gateway, acquiring equipment characteristics of the equipment;
if the device type of the device is identified by using the device characteristics and the identification model locally stored in the gateway, recording the device type, otherwise, defining a new device type aiming at the device characteristics, and taking the device characteristics and the new device type as a piece of training data;
processing uplink to block chains on the training data to obtain a distributed account book; wherein the blockchain comprises: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting equipment characteristics, the endorsement node is a gateway except the transaction proposing node in the plurality of gateways, and the accounting node is the plurality of gateways;
and training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model.
The electronic device may be a gateway in the internet of things.
In the solution provided in the embodiment of the present invention, the block chain includes: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting the equipment characteristics, the endorsement node is a gateway except the transaction proposing node in a plurality of gateways of the equipment identification system of the Internet of things, and the bookkeeping node is a plurality of gateways of the equipment identification system of the Internet of things. Based on the identification model, any gateway can obtain a distributed account book by using the device characteristics of the new device accessed to the gateway, and obtain a new identification model for replacing the identification model by using the distributed account book training. Therefore, each gateway of the networked device identification system can be ensured to be stored with a distributed account book as an accounting node, and the identification model is updated by using the distributed account book, so that new devices are identified. Therefore, when any gateway breaks down, other gateways can still normally identify equipment, and the risk resistance is improved. And when the number of the gateways and the equipment is increased rapidly, the newly-added gateways can share the increased processing pressure, a special service center does not need to be expanded, and the expansibility is improved. In addition, when a new device is accessed to any gateway, the device characteristics of the device are recorded on the distributed account book by the block chain, and the recognition models of all the gateways can be continuously updated to recognize a new device type, so that the recognition accuracy of the device type is improved.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In another embodiment of the present invention, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of any of the above methods for identifying devices in an internet of things based on a block chain.
In another embodiment of the present invention, a computer program product containing instructions is further provided, which when run on a computer, causes the computer to execute any one of the above methods for identifying devices of the internet of things based on a blockchain.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for system and apparatus embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference may be made to some descriptions of the method embodiments for relevant points.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. An Internet of things equipment identification method based on a block chain is applied to any gateway in an Internet of things equipment identification system comprising a plurality of gateways, and the method comprises the following steps:
when equipment is accessed to the gateway, acquiring equipment characteristics of the equipment;
if the device type of the device is identified by using the device characteristics and the identification model locally stored in the gateway, recording the device type, otherwise, defining a new device type aiming at the device characteristics, and taking the device characteristics and the new device type as a piece of training data;
processing uplink to block chains on the training data to obtain a distributed account book; wherein the blockchain comprises: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting equipment characteristics, the endorsement node is a gateway except the transaction proposing node in the plurality of gateways, and the accounting node is the plurality of gateways;
and training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model.
2. The method of claim 1, wherein the internet of things device identification system further comprises a ranking node;
the processing of uplink to block chain is performed on the training data to obtain a distributed account book, including:
sending the training data as a transaction proposal to the endorsement node so that the endorsement node verifies the transaction proposal and returns a verification result and the endorsement node signature to the transaction proposal node;
and when the transaction proposal is determined to be legal by utilizing the received endorsement node check result and the endorsement node signature, sending the transaction proposal to the sequencing node so that the sequencing node packs the transaction proposal into blocks and broadcasts the blocks so that the accounting node receiving the blocks writes the blocks qualified in check into an account book to obtain the distributed account book.
3. The method of claim 2, wherein the transaction proposal includes a signature of the transaction initiator;
the endorsement node verifies the transaction proposal, comprising:
the endorsement node verifies the validity of the signature of the transaction initiator, the eligibility of the format of the transaction proposal and the repeatability of the transaction proposal.
4. The method according to claim 1 or 2, wherein the obtaining the device characteristics of the device when the device accesses the gateway comprises:
when a device accesses the gateway, recording communication data communicated between the device and the gateway;
acquiring a plurality of characteristics of a communication mode indicated by the communication data as device characteristics of the device, respectively for a session level, a packet level and a communication protocol level; and the session hierarchy is the hierarchy to which the session in the preset communication time length belongs.
5. The method according to claim 4, wherein the obtaining a plurality of characteristics of the communication mode indicated by the communication data for the session level, the packet level, and the communication protocol level, respectively, as the device characteristics of the device comprises:
counting, for the session level, the number of packets belonging to the session in the communication data and the duration of the session;
acquiring the length of each data packet and the statistical characteristics of round trip time intervals from the communication data aiming at the data packet hierarchy; wherein the statistical characteristic is at least one of a maximum value, a minimum value, and an average value;
for the communication protocol layer, acquiring the length of a data packet of the communication protocol, the statistical characteristics of the duration of a data stream of the communication protocol, the number of transmission control protocol keep-alive probes used in a communication protocol session and the number of data packets of the communication protocol from the communication data.
6. An internet of things equipment identification system based on a block chain, the system comprising: a plurality of gateways, any gateway to:
when equipment is accessed to the gateway, acquiring equipment characteristics of the equipment;
if the device type of the device is identified by using the device characteristics and the identification model locally stored in the gateway, recording the device type, otherwise, defining a new device type aiming at the device characteristics, and taking the device characteristics and the new device type as a piece of training data;
processing uplink to block chains on the training data to obtain a distributed account book; wherein the blockchain comprises: the transaction providing node, the endorsement node and the accounting node are connected; the transaction proposing node is a gateway for extracting equipment characteristics, the endorsement node is a gateway except the transaction proposing node in the plurality of gateways, and the accounting node is the plurality of gateways;
and training by using the distributed account book to obtain a new recognition model, and replacing the locally stored recognition model with the new recognition model.
7. The system of claim 6, wherein the internet of things device identification system further comprises a ranking node;
the gateway serving as the transaction proposing node is specifically configured to: sending the training data as a transaction proposal to the endorsement node so that the endorsement node verifies the transaction proposal and returns a verification result and the endorsement node signature to the transaction proposal node; when the transaction proposal is determined to be legal by using the received endorsement node check result and the endorsement node signature, sending the transaction proposal to the sequencing node;
the sequencing node is used for packaging the transaction proposal into a block and broadcasting the block;
the accounting node is specifically configured to: and checking the received blocks, and writing the blocks qualified in checking into an account book to obtain the distributed account book.
8. The system of claim 7, wherein the transaction proposal includes a signature of the transaction initiator;
the gateway serving as the endorsement node is specifically configured to:
verifying the validity of the signature of the transaction initiator, the eligibility of the format of the transaction proposal, and the repeatability of the transaction proposal.
9. The system according to claim 6 or 7, characterized in that the gateway accessing the device is specifically configured to:
when a device accesses the gateway, recording communication data communicated between the device and the gateway;
acquiring a plurality of characteristics of a communication mode indicated by the communication data as device characteristics of the device, respectively for a session level, a packet level and a communication protocol level; and the session hierarchy is the hierarchy to which the session in the preset communication time length belongs.
10. The system according to claim 9, wherein the gateway accessing the device is specifically configured to:
counting, for the session level, the number of packets belonging to the session in the communication data and the duration of the session;
acquiring the length of each data packet and the statistical characteristics of round trip time intervals from the communication data aiming at the data packet hierarchy; wherein the statistical characteristic is at least one of a maximum value, a minimum value, and an average value;
for the communication protocol layer, acquiring the length of a data packet of the communication protocol, the statistical characteristics of the duration of a data stream of the communication protocol, the number of transmission control protocol keep-alive probes used in a communication protocol session and the number of data packets of the communication protocol from the communication data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110136411.3A CN112822208A (en) | 2021-02-01 | 2021-02-01 | Internet of things equipment identification method and system based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110136411.3A CN112822208A (en) | 2021-02-01 | 2021-02-01 | Internet of things equipment identification method and system based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112822208A true CN112822208A (en) | 2021-05-18 |
Family
ID=75860912
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110136411.3A Pending CN112822208A (en) | 2021-02-01 | 2021-02-01 | Internet of things equipment identification method and system based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112822208A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114189814A (en) * | 2022-02-16 | 2022-03-15 | 深圳市慧为智能科技股份有限公司 | Characteristic information sharing method and device, identification terminal and storage medium |
CN115085274A (en) * | 2022-07-27 | 2022-09-20 | 北京智芯微电子科技有限公司 | Automatic identification method and device for new energy equipment access, electronic equipment and medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881355A (en) * | 2017-05-16 | 2018-11-23 | 纬创资通股份有限公司 | Monitoring method based on Internet of things architecture, fog operation terminal and Internet of things system |
CN109818793A (en) * | 2019-01-30 | 2019-05-28 | 基本立子(北京)科技发展有限公司 | For the device type identification of Internet of Things and network inbreak detection method |
US20200034454A1 (en) * | 2018-07-24 | 2020-01-30 | Vmware, Inc. | Internet of things blockchain auditing |
CN111125784A (en) * | 2019-12-24 | 2020-05-08 | 山东爱城市网信息技术有限公司 | Artificial intelligence training model method, device and medium based on block chain |
CN111130840A (en) * | 2019-11-20 | 2020-05-08 | 泰康保险集团股份有限公司 | Unattended service center management method, system, medium and electronic device |
CN111260219A (en) * | 2020-01-16 | 2020-06-09 | 泰康保险集团股份有限公司 | Asset class identification method, device, equipment and computer readable storage medium |
CN112003886A (en) * | 2020-07-03 | 2020-11-27 | 北京工业大学 | Block chain-based Internet of things data sharing system and method |
-
2021
- 2021-02-01 CN CN202110136411.3A patent/CN112822208A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881355A (en) * | 2017-05-16 | 2018-11-23 | 纬创资通股份有限公司 | Monitoring method based on Internet of things architecture, fog operation terminal and Internet of things system |
US20200034454A1 (en) * | 2018-07-24 | 2020-01-30 | Vmware, Inc. | Internet of things blockchain auditing |
CN109818793A (en) * | 2019-01-30 | 2019-05-28 | 基本立子(北京)科技发展有限公司 | For the device type identification of Internet of Things and network inbreak detection method |
CN111130840A (en) * | 2019-11-20 | 2020-05-08 | 泰康保险集团股份有限公司 | Unattended service center management method, system, medium and electronic device |
CN111125784A (en) * | 2019-12-24 | 2020-05-08 | 山东爱城市网信息技术有限公司 | Artificial intelligence training model method, device and medium based on block chain |
CN111260219A (en) * | 2020-01-16 | 2020-06-09 | 泰康保险集团股份有限公司 | Asset class identification method, device, equipment and computer readable storage medium |
CN112003886A (en) * | 2020-07-03 | 2020-11-27 | 北京工业大学 | Block chain-based Internet of things data sharing system and method |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114189814A (en) * | 2022-02-16 | 2022-03-15 | 深圳市慧为智能科技股份有限公司 | Characteristic information sharing method and device, identification terminal and storage medium |
CN114189814B (en) * | 2022-02-16 | 2022-05-31 | 深圳市慧为智能科技股份有限公司 | Characteristic information sharing method, device, identification terminal and storage medium |
CN115085274A (en) * | 2022-07-27 | 2022-09-20 | 北京智芯微电子科技有限公司 | Automatic identification method and device for new energy equipment access, electronic equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US12074888B2 (en) | Network security monitoring method, network security monitoring device, and system | |
CN112235264B (en) | Network traffic identification method and device based on deep migration learning | |
Miller et al. | Discovering bitcoin’s public topology and influential nodes | |
CN109246211B (en) | Resource uploading and resource requesting method in block chain | |
WO2018121331A1 (en) | Attack request determination method, apparatus and server | |
WO2017004947A1 (en) | Method and apparatus for preventing domain name hijacking | |
CN107197059B (en) | DNS (Domain name Server) analysis method and device | |
Ammar et al. | Network-protocol-based iot device identification | |
CN105579990A (en) | Application-aware network management | |
CN108370379A (en) | With cunicular equipment management | |
US20180124048A1 (en) | Data transmission method, authentication method, and server | |
CN106060097B (en) | A kind of management system and management method of information security contest | |
EP3128713B1 (en) | Page push method and system | |
CN112822208A (en) | Internet of things equipment identification method and system based on block chain | |
US10374946B2 (en) | Centralized wireless network management system | |
CN110392066A (en) | A kind of method and apparatus of access service | |
CN101808097B (en) | Method and equipment for preventing ARP attack | |
CN108156092A (en) | message transmission control method and device | |
CN112804263A (en) | Vulnerability scanning method, system and equipment for Internet of things | |
CN110233774B (en) | Detection method, distributed detection method and system for Socks proxy server | |
IL263958A (en) | Method and system for identifying vulnerability levels in devices operated on a given network | |
CN111092958A (en) | Node access method, device, system and storage medium | |
CN115776517A (en) | Service request processing method and device, storage medium and electronic equipment | |
CN110611678B (en) | Method for identifying message and access network equipment | |
CN114070830A (en) | Internet agent single-arm deployment architecture and internet agent remote deployment system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Sun Yi Inventor after: Liu Jie Inventor after: Zhang Yin Inventor before: Yu Keping Inventor before: Zhang Yin Inventor before: Sun Yi Inventor before: Liu Jie |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210518 |