[go: up one dir, main page]

CN113132372B - Method, system, storage medium and computer equipment for security monitoring of networked equipment of router - Google Patents

Method, system, storage medium and computer equipment for security monitoring of networked equipment of router Download PDF

Info

Publication number
CN113132372B
CN113132372B CN202110397893.8A CN202110397893A CN113132372B CN 113132372 B CN113132372 B CN 113132372B CN 202110397893 A CN202110397893 A CN 202110397893A CN 113132372 B CN113132372 B CN 113132372B
Authority
CN
China
Prior art keywords
router
security
network
network traffic
preset rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110397893.8A
Other languages
Chinese (zh)
Other versions
CN113132372A (en
Inventor
李进
王辉
魏文昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen 3600 Smart Life Technology Co ltd
Original Assignee
Shenzhen Qihu Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qihu Intelligent Technology Co Ltd filed Critical Shenzhen Qihu Intelligent Technology Co Ltd
Priority to CN202110397893.8A priority Critical patent/CN113132372B/en
Publication of CN113132372A publication Critical patent/CN113132372A/en
Application granted granted Critical
Publication of CN113132372B publication Critical patent/CN113132372B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention is suitable for the technical field of routers, and provides a security monitoring method for networking equipment of a router, which comprises the following steps: acquiring network traffic generated through router networking; analyzing and judging whether the network flow is matched with any preset rule or not; the preset rule is an information matching rule of a corresponding security event which is preset; if the network traffic is matched with the preset rule, generating a prompt message that the network traffic is from the corresponding security event; and sending the prompt message to a corresponding authorized user. A networked device security monitoring system of a router, a storage medium for storing a computer program for executing the method and a computer device for realizing the method are also provided. Therefore, the invention can improve the identification of the security event networked through the wireless local area network and enhance the security performance of the home network.

Description

路由器的联网设备安防监测方法、系统、存储介质及计算机 设备Networked device security monitoring method, system, storage medium and computer of router equipment

技术领域technical field

本发明涉及路由器技术领域,尤其涉及一种路由器的联网设备安防监测方法、系统、存储介质及计算机设备。The invention relates to the technical field of routers, in particular to a security monitoring method, system, storage medium and computer equipment for networked equipment of routers.

背景技术Background technique

随着智能家电技术的日益成熟,人们在日常生活中使用的智能设备也越来越多,大多数智能设备均接入到无线局域网中联网使用。With the maturity of smart home appliance technology, people use more and more smart devices in their daily life, and most of the smart devices are connected to the wireless local area network for networking.

路由器作为家庭中的网关设备,虽然可以获取到家庭中的所有智能设备的网络流量,但却缺乏对智能设备在日常使用中涉及到安防事件的有效识别;例如智能门锁在半夜被开启或者在用户旅游期间被开启等行为,现有的路由器并未能够提供对特定安防事件的有效识别。As a gateway device in the home, although the router can obtain the network traffic of all smart devices in the home, it lacks effective identification of security events related to the daily use of smart devices; for example, a smart door lock is opened in the middle of the night or Existing routers are not able to provide effective identification of specific security events such as being turned on during user travel.

综上可知,现有的方法在实际使用上,存在着较多的问题,所以有必要加以改进。To sum up, it can be seen that there are many problems in the actual use of the existing methods, so it is necessary to improve them.

发明内容Contents of the invention

针对上述的缺陷,本发明的目的在于提供一种路由器的联网设备安防监测方法,系统、存储介质及其计算机设备,能够提升对通过无线局域网联网的安防事件的识别,增强家庭网络的安防性能。In view of the above-mentioned defects, the object of the present invention is to provide a router networked device security monitoring method, system, storage medium and computer equipment thereof, which can improve the identification of security events connected through the wireless local area network, and enhance the security performance of the home network.

为了实现上述目的,本发明提供一种路由器的联网设备安防监测方法,包括步骤:In order to achieve the above object, the present invention provides a security monitoring method for a networked device of a router, comprising steps:

获取经由路由器联网生成的网络流量;Obtain network traffic generated via router networking;

分析判断所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则;Analyzing and judging whether the network traffic matches any preset preset rule; wherein, the preset rule is an information matching rule corresponding to a pre-occurrence of a security event;

若匹配于所述预设规则,则生成所述网络流量来源于对应的所述安防事件的提示消息;If it matches the preset rule, generate a prompt message that the network traffic originates from the corresponding security event;

将所述提示消息发送至对应的授权用户。The prompt message is sent to the corresponding authorized user.

可选的,所述分析判断所述网络流量是否匹配于预置的任一预设规则的步骤具体包括:Optionally, the step of analyzing and judging whether the network traffic matches any preset rule specifically includes:

分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征;Analyzing and obtaining the networked device corresponding to the network traffic, traffic generation time, and traffic characteristics;

判断所述联网设备、所述流量产生时间以及所述流量特征是否均匹配于所述预设规则。Judging whether the networked device, the traffic generation time, and the traffic characteristics all match the preset rule.

可选的,所述分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征的步骤具体包括:Optionally, the step of analyzing and obtaining the networked device corresponding to the network traffic, traffic generation time, and traffic characteristics specifically includes:

提取所述网络流量对应的mac地址(Media Access Control Address,局域网地址),并根据所述mac地址识别出对应的所述联网设备;Extracting the mac address (Media Access Control Address, LAN address) corresponding to the network traffic, and identifying the corresponding networked device according to the mac address;

根据所述网络流量对应的网络请求,以分析获取所述网络流量的所述流量产生时间以及所述流量特征。According to the network request corresponding to the network traffic, the traffic generation time and the traffic characteristics of the network traffic are analyzed and obtained.

可选的,所述将所述提示消息发送至对应的授权用户的步骤具体包括:Optionally, the step of sending the prompt message to the corresponding authorized user specifically includes:

服务器接收所述路由器上传的所述提示消息,并将所述提示消息转发至所述路由器对应的授权用户的移动终端。The server receives the prompt message uploaded by the router, and forwards the prompt message to the mobile terminal of the authorized user corresponding to the router.

可选的,所述分析判断所述网络流量是否匹配于预置的任一预设规则的步骤之前还包括:Optionally, before the step of analyzing and judging whether the network traffic matches any preset rule, the step further includes:

响应于所述路由器启动的安防监控功能,将至少一所述预设规则下载到所述路由器中。In response to the security monitoring function activated by the router, at least one of the preset rules is downloaded to the router.

可选的,所述分析判断所述网络流量是否匹配于预置的任一预设规则的步骤之前还包括:Optionally, before the step of analyzing and judging whether the network traffic matches any preset rule, the step further includes:

根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则。The preset rule corresponding to the security event is configured according to the pre-occurring behavior characteristics of the security event.

可选的,所述根据所述安防事件预发生的网络流量特征,配置对应于所述安防事件的所述预设规则的步骤具体包括:Optionally, the step of configuring the preset rule corresponding to the security event according to the pre-occurring network traffic characteristics of the security event specifically includes:

预制所述安防事件预发生的网络行为,并解析所述网络行为的行为特征;Prefabricating the network behavior that occurs in advance of the security event, and analyzing the behavioral characteristics of the network behavior;

根据所述行为特征配置为对应的所述安防事件的所述预设规则。The preset rules corresponding to the security events are configured according to the behavior characteristics.

可选的,所述将所述提示消息发送至对应的授权用户的步骤之后还包括:Optionally, after the step of sending the prompt message to the corresponding authorized user, it further includes:

根据所述授权用户触发的拦截指令,以拦截所述网络流量。The network traffic is intercepted according to the interception instruction triggered by the authorized user.

还提供了一种路由器的联网设备安防监测系统,包括:Also provided is a networked device security monitoring system for routers, including:

获取单元,用于获取经由路由器联网生成的网络流量;an acquisition unit, configured to acquire network traffic generated via router networking;

分析判断单元,用于分析判断所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则;An analysis and judgment unit, configured to analyze and judge whether the network traffic matches any preset preset rule; wherein, the preset rule is an information matching rule corresponding to a pre-occurrence of a security event;

生成单元,用于若匹配于所述预设规则,则生成所述网络流量来源于对应的所述安防事件的提示消息;a generating unit, configured to generate a prompt message that the network traffic originates from the corresponding security event if it matches the preset rule;

发送单元,用于将所述提示消息发送至对应的授权用户。A sending unit, configured to send the prompt message to a corresponding authorized user.

可选的,所述分析判断单元具体包括有:Optionally, the analysis and judgment unit specifically includes:

分析子单元,用于分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征;An analysis subunit, configured to analyze and obtain the networked device corresponding to the network traffic, traffic generation time, and traffic characteristics;

判断子单元,用于判断所述联网设备、所述流量产生时间以及所述流量特征是否均匹配于所述预设规则。A judging subunit, configured to judge whether the networked device, the traffic generation time, and the traffic characteristics all match the preset rule.

可选的,所述分析子单元具体用于:Optionally, the analysis subunit is specifically used for:

提取所述网络流量对应的mac地址,并根据所述mac地址识别出对应的所述联网设备;Extracting the mac address corresponding to the network traffic, and identifying the corresponding networked device according to the mac address;

根据所述网络流量对应的网络请求,以分析获取所述网络流量的所述流量产生时间以及所述流量特征。According to the network request corresponding to the network traffic, the traffic generation time and the traffic characteristics of the network traffic are analyzed and obtained.

可选的,所述发送单元具体用于:Optionally, the sending unit is specifically used for:

服务器接收所述路由器上传的所述提示消息,并将所述提示消息转发至所述路由器对应的授权用户的移动终端。The server receives the prompt message uploaded by the router, and forwards the prompt message to the mobile terminal of the authorized user corresponding to the router.

可选的,还包括:Optionally, also include:

规则下载单元,用于响应于所述路由器启动的安防监控功能,将至少一所述预设规则下载到所述路由器中。The rule downloading unit is configured to download at least one of the preset rules into the router in response to the security monitoring function activated by the router.

可选的,还包括:Optionally, also include:

规则配置单元,用于根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则。A rule configuration unit configured to configure the preset rule corresponding to the security event according to the pre-occurring behavior characteristics of the security event.

可选的,所述规则配置单元具体包括:Optionally, the rule configuration unit specifically includes:

解析子单元,用于预制所述安防事件预发生的网络行为,并解析所述网络行为的行为特征;An analysis sub-unit is used to prefabricate the network behavior that occurs in advance of the security event, and analyze the behavior characteristics of the network behavior;

配置子单元,用于根据所述行为特征配置为对应的所述安防事件的所述预设规则。The configuration subunit is configured to configure the preset rule corresponding to the security event according to the behavior feature.

可选的,还包括:Optionally, also include:

拦截单元,用于根据所述授权用户触发的拦截指令,以拦截所述网络流量。An intercepting unit, configured to intercept the network traffic according to the interception instruction triggered by the authorized user.

另外,还提供了一种存储介质和计算机设备,所述存储介质用于存储一种用于执行上述路由器的联网设备安防监测方法的计算机程序。In addition, a storage medium and computer equipment are also provided, and the storage medium is used for storing a computer program for executing the above-mentioned security monitoring method for a networked equipment of a router.

所述计算机设备包括存储介质、处理器以及存储在所述存储介质上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述的路由器的联网设备安防监测方法。The computer device includes a storage medium, a processor, and a computer program stored on the storage medium and operable on the processor. When the processor executes the computer program, the above-mentioned networked device security monitoring of the router is realized. method.

本发明所述的路由器的联网设备安防监测方法及其系统,通过获取路由器中经由路由器联网生成的网络流量,并分析所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则;若匹配,则生成相应的提示消息,并将所述提示消息发送至对应的授权用户,以提醒授权用户当前正发送的安防事件。本发明通过安防事件对应的预设规则用于对比当前的网络流量,以识别出通过无线局域网联网的安防事件并及时提醒用户,把真实世界中发生的家庭安防事件和网络中的流量分析结合起来,使路由器具有一定的安防作用,增强了家庭网络的安防性能。The security monitoring method and system for networked equipment of a router according to the present invention obtains the network traffic generated in the router via router networking, and analyzes whether the network traffic matches any preset preset rule; wherein, the The preset rule is the information matching rule for the pre-occurrence of the corresponding security event; if it matches, a corresponding prompt message is generated and sent to the corresponding authorized user to remind the authorized user of the security event currently being sent. The present invention uses preset rules corresponding to security events to compare current network traffic to identify security events connected to the wireless local area network and remind users in time, combining home security events that occur in the real world with traffic analysis in the network , so that the router has a certain security function, and enhances the security performance of the home network.

附图说明Description of drawings

图1为本发明一实施例提供的路由器的联网设备安防监测方法的步骤流程图;FIG. 1 is a flow chart of the steps of a security monitoring method for a networked device of a router provided by an embodiment of the present invention;

图2为本发明一实施例提供的路由器的联网设备安防监测方法的分析判断步骤可选的流程图;FIG. 2 is an optional flow chart of the analysis and judgment steps of the security monitoring method for networked equipment of routers provided by an embodiment of the present invention;

图3为本发明一实施例提供的路由器的联网设备安防监测方法可选的规则配置步骤的流程图;FIG. 3 is a flow chart of optional rule configuration steps of a router networked device security monitoring method provided by an embodiment of the present invention;

图4为本发明一实施例提供的路由器的联网设备安防监测系统的结构示意图;FIG. 4 is a schematic structural diagram of a networked device security monitoring system for routers provided by an embodiment of the present invention;

图5为本发明一实施例提供的路由器的联网设备安防监测系统的所述分析判断单元可选的结构示意图;FIG. 5 is a schematic structural diagram of an optional analysis and judgment unit of the networked device security monitoring system of a router provided by an embodiment of the present invention;

图6为本发明一实施例提供的路由器的联网设备安防监测系统可选的所述规则配置单元的结构示意图。FIG. 6 is a schematic structural diagram of the optional rule configuration unit of the router networked device security monitoring system provided by an embodiment of the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

需要说明的,本说明书中针对“一个实施例”、“实施例”、“示例实施例”等的引用,指的是描述的该实施例可包括特定的特征、结构或特性,但是不是每个实施例必须包含这些特定特征、结构或特性。此外,这样的表述并非指的是同一个实施例。进一步,在结合实施例描述特定的特征、结构或特性时,不管有没有明确的描述,已经表明将这样的特征、结构或特性结合到其它实施例中是在本领域技术人员的知识范围内的。It should be noted that references in this specification to "one embodiment", "embodiment", "example embodiment" and the like mean that the described embodiment may include specific features, structures or characteristics, but not every Embodiments must include those specific features, structures or characteristics. Furthermore, such expressions are not referring to the same embodiment. Further, when specific features, structures or characteristics are described in conjunction with an embodiment, whether or not there is an explicit description, it has been indicated that it is within the knowledge of those skilled in the art to combine such features, structures or characteristics into other embodiments .

此外,在说明书及后续的权利要求当中使用了某些词汇来指称特定组件或部件,所属领域中具有通常知识者应可理解,制造商可以用不同的名词或术语来称呼同一个组件或部件。本说明书及后续的权利要求并不以名称的差异来作为区分组件或部件的方式,而是以组件或部件在功能上的差异来作为区分的准则。在通篇说明书及后续的权利要求书中所提及的“包括”和“包含”为一开放式的用语,故应解释成“包含但不限定于”。以外,“连接”一词在此系包含任何直接及间接的电性连接手段。间接的电性连接手段包括通过其它装置进行连接。In addition, some terms are used in the description and the following claims to refer to specific components or components, and those skilled in the art should understand that manufacturers may use different nouns or terms to refer to the same component or component. This description and the subsequent claims do not use the difference in names as a way to distinguish components or parts, but use the differences in functions of components or parts as a criterion for distinguishing. "Includes" and "comprises" mentioned throughout the specification and the following claims are open-ended terms, so they should be interpreted as "including but not limited to". In addition, the term "connection" here includes any direct and indirect electrical connection means. Indirect means of electrical connection include connection through other means.

图1示出本发明一实施例提供的路由器的联网设备安防监测方法,包括:Fig. 1 shows a router's networked device security monitoring method provided by an embodiment of the present invention, including:

步骤S101:获取经由路由器联网生成的网络流量。即本实施例获取通过所述路由器搭建的无线局域网联网生成的网络流量,其中网络流量为通过所述无线局域网传输的数据;例如,智能家电通过无线局域网联网后,执行相关的联网操作而生成的数据或相关的网络请求等。Step S101: Obtain network traffic generated via router networking. That is, this embodiment obtains the network traffic generated by networking through the wireless local area network built by the router, wherein the network traffic is data transmitted through the wireless local area network; data or related network requests, etc.

步骤S102:分析判断所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则。即每一预设规则对应着一安防事件,而所述安防事件为智能家电的特定行为且该特定行为被预定义为存在安防威胁的行为;本实施例预先配置有对应至少一智能家电的预设规则,当获取到通过路由器联网而生成的网络流量时,将所述网络流量与任一所述预设规则进行匹配,通过对比匹配以分析判断其是否符合任一安防事件。Step S102: Analyzing and judging whether the network traffic matches any preset rule; wherein, the preset rule is an information matching rule corresponding to pre-occurrence of security events. That is, each preset rule corresponds to a security event, and the security event is a specific behavior of a smart home appliance and the specific behavior is predefined as a behavior that poses a security threat; this embodiment is pre-configured with a preset corresponding to at least one smart home appliance. A rule is set, and when the network traffic generated through router networking is obtained, the network traffic is matched with any of the preset rules, and the comparison and matching is used to analyze and judge whether it conforms to any security event.

具体实施时,由所述路由器根据指定逻辑将所述网络流量与预设规则中的信息进行匹配,以判断网络流量是否符合所述预设规则。During specific implementation, the router matches the network traffic with the information in the preset rule according to the specified logic, so as to determine whether the network traffic conforms to the preset rule.

步骤S103:若匹配于所述预设规则,则生成所述网络流量来源于对应的所述安防事件的提示消息。当所述网络流量匹配于任一预设规则,即可判定所述网络来源产生于对应所述预设规则的安防事件,例如预设某一智能设备在特定时间内执行特定的动作或功能,将该智能设备的特定行为预设为所述安防事件,从而即可通过路由器监测智能设备的特定安防行为。所述提示消息用于提示对应的安防事件发生,例如某一智能设备在某一时间段被启动或者关闭等,则生成该安防事件相关的提示消息。Step S103: If it matches the preset rule, generate a prompt message that the network traffic originates from the corresponding security event. When the network traffic matches any preset rule, it can be determined that the network source is generated from a security event corresponding to the preset rule, for example, a smart device is preset to perform a specific action or function within a specific time, The specific behavior of the smart device is preset as the security event, so that the specific security behavior of the smart device can be monitored through the router. The prompt message is used to prompt the occurrence of a corresponding security event. For example, if a smart device is started or shut down within a certain period of time, a prompt message related to the security event will be generated.

步骤S104:将所述提示消息发送至对应的授权用户。所述授权用户为预设的至少一指定用户;具体实施时,将所述提示消息以软件应用的推送消息、短信、公众号消息等形式发送到所述授权用户的移动终端,例如家长的手机、平板电脑或个人计算机等。Step S104: Send the prompt message to the corresponding authorized user. The authorized user is at least one designated user preset; during specific implementation, the prompt message is sent to the mobile terminal of the authorized user in the form of a software application push message, a short message, a public account message, etc., such as a parent's mobile phone , tablet or personal computer, etc.

具体实施时,路由器会分析家中的网络流量,通过网络层的分析,来判断家中是否有特定的事件发生。如果特定事件发生,可以设置提醒家庭主人。During the specific implementation, the router will analyze the network traffic in the home, and judge whether there is a specific event in the home through the analysis of the network layer. Homeowners can be set to be reminded if specific events occur.

相较而言,传统的路由器上对网络流量进行预设规则的匹配,都是进行网络层面的木马、病毒、隐私泄露等监测,局限在网络世界中,其检测到的事件的行为主体是可执行程序、APP等。而本实施例通过预设规则分析网络流量,创新性的把网络流量与现实世界中的具体安防事件映射起来,检测到的安防事件的主体是某个或某几个特定的IOT(物联网)设备,可提升路由器对家庭网络中的智能设备的安防监测能力。In comparison, the matching of preset rules on network traffic on traditional routers is to monitor Trojan horses, viruses, privacy leaks, etc. at the network level, and is limited to the network world. Execute programs, APPs, etc. However, this embodiment analyzes network traffic through preset rules, innovatively maps network traffic to specific security events in the real world, and the main body of the detected security events is one or several specific IOT (Internet of Things) device, which can improve the router's security monitoring capabilities for smart devices in the home network.

参见图2,步骤S102具体包括:Referring to Figure 2, step S102 specifically includes:

步骤S1021:分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征。经过对所述网络流量的分析,以获取产生所述网络流量的联网设备、流量产生时间以及所述网络流量的流量特征。所述联网设备具体是指经由路由器的无线局域网联网的智能设备,如智能门锁、智能窗帘、智能灯等设备;流量产生时间具体为产生该网络流量的时间节点或时间段;所述流量特征包括有相关的数据形式、数据请求、数据流向等各种关联所述网络流量的特征。Step S1021: Analyze and obtain the networked device corresponding to the network traffic, traffic generation time, and traffic characteristics. After analyzing the network traffic, the networked device that generates the network traffic, the time when the traffic is generated, and the traffic characteristics of the network traffic are acquired. The networked device specifically refers to a smart device connected to the wireless local area network of a router, such as smart door locks, smart curtains, smart lights and other devices; the traffic generation time is specifically the time node or time period when the network traffic is generated; the traffic characteristics It includes various characteristics associated with the network traffic, such as related data forms, data requests, and data flow directions.

步骤S1022:判断所述联网设备、所述流量产生时间以及所述流量特征是否均匹配于所述预设规则。即所述预设规则包括有分别对应于联网设备、流量产生时间以及流量特征的参照信息;所述预设规则可包括有多种信息维度,本实施例的预设规则包括有如指定设备、网络流量发生时间、网络流量的特征等。Step S1022: Determine whether the networked device, the traffic generation time, and the traffic characteristics all match the preset rule. That is, the preset rules include reference information respectively corresponding to networked devices, traffic generation time, and traffic characteristics; the preset rules can include multiple information dimensions, and the preset rules in this embodiment include specified devices, network Time of traffic occurrence, characteristics of network traffic, etc.

例如一个典型的规则包含的信息如下:For example, a typical rule contains the following information:

设备:智能门锁;Equipment: smart door lock;

网络流量发生时间:0点-7点;Network traffic occurrence time: 0:00-7:00;

网络流量特征:有上传请求,请求特征为:“开锁成功”;Network traffic characteristics: There is an upload request, and the request characteristic is: "unlocked successfully";

那么这条规则对应的安防事件即为“0点到7点之间,有人成功打开了智能门锁”。Then the security event corresponding to this rule is "between 0:00 and 7:00, someone successfully opened the smart door lock".

若当前监测到的网络流量匹配于上述的预设规则,即可确定当前发生了在0点到7点之间,有人成功打开了智能门锁。而在该时间段内打开智能门锁的事件被预制为需要警示的安防事件,从而生成相关的提示消息给授权用户以提示当前正发生的安防事件。If the currently monitored network traffic matches the above preset rules, it can be determined that someone has successfully opened the smart door lock between 0:00 and 7:00. The event of opening the smart door lock within this time period is prefabricated as a security event that needs to be warned, so that a relevant prompt message is generated to the authorized user to prompt the security event that is currently occurring.

一种实施方式中,步骤S1021具体包括:提取所述网络流量对应的mac地址,并根据所述mac地址识别出对应的所述联网设备;根据所述网络流量对应的网络请求,以分析获取所述网络流量的所述流量产生时间以及所述流量特征。如上述示例,智能门锁被开启所记录的网络流量中包括有相关的门锁启动请求,智能设备不同的行为特征可产生特定的网络流量,即本实施例通过对所产生的网络流量中特定行为的网络请求,以分析确定其流量特征。In one embodiment, step S1021 specifically includes: extracting the mac address corresponding to the network traffic, and identifying the corresponding networked device according to the mac address; analyzing and obtaining the network request corresponding to the network traffic The traffic generation time and the traffic characteristics of the network traffic. As in the above example, the network traffic recorded when the smart door lock is opened includes the relevant door lock start request, and the different behavioral characteristics of the smart device can generate specific network traffic, that is, in this embodiment, specific Behavioral network requests to analyze to determine their traffic characteristics.

可选的,步骤S104具体包括:服务器接收所述路由器上传的所述提示消息,并将所述提示消息转发至所述路由器对应的授权用户的移动终端。具体实施时,在路由器中生成所述提示消息,并上传给与所述路由器连接的服务器,再由所述服务器将所述提示消息转发给授权用户的移动终端;即本实施例无需授权用户与路由器连接,仅需所述授权用户与路由器均与同一服务器连接即可,所述服务器将对应的授权用户与路由器绑定到一块,根据其绑定关系来确定提示消息的接收端。服务器再把提示消息通过多种渠道推送给授权用户,推送给授权用户的信息中至少包括:发生了什么事件、发生的时间、发生的具体设备。Optionally, step S104 specifically includes: the server receives the prompt message uploaded by the router, and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router. During specific implementation, the prompt message is generated in the router, and uploaded to the server connected to the router, and then the server forwards the prompt message to the mobile terminal of the authorized user; that is, the present embodiment does not require the authorized user to communicate with the The router connection only requires that the authorized user and the router be connected to the same server, and the server binds the corresponding authorized user and the router together, and determines the receiving end of the prompt message according to the binding relationship. The server then pushes the prompt message to the authorized user through multiple channels, and the information pushed to the authorized user at least includes: what event happened, when it happened, and the specific device where it happened.

一种实施例中,步骤S102之前还包括:响应于所述路由器启动的安防监控功能,将至少一所述预设规则下载到所述路由器中。具体实施时,在路由器的控制程序上设置对应安防监控功能的“看家模式”;用户可在所述路由器对应的APP(应用程序)上启动该“看家模式”,从而进入安防监控功能;在路由器启动该功能之后,将至少一所述预设规则下载到路由器中,所述路由器中也可预存有部分预设规则;本实施例优选从服务器上获取所述预设规则并发送给路由器。例如,用户在APP上设置看家模式;设置后,路由器会从服务器下载一份预设的规则集合;每一条预设规则都对应一个安防事件,所述预设规则中包含对应网络流量进行匹配的多种信息维度。In one embodiment, before step S102, the method further includes: downloading at least one preset rule into the router in response to the security monitoring function activated by the router. During specific implementation, the "housekeeping mode" corresponding to the security monitoring function is set on the control program of the router; the user can start the "housekeeping mode" on the APP (application program) corresponding to the router, thereby entering the security monitoring function; After the router starts this function, at least one of the preset rules is downloaded to the router, and some preset rules can also be pre-stored in the router; in this embodiment, the preset rules are preferably obtained from the server and sent to the router . For example, the user sets the housekeeping mode on the APP; after setting, the router will download a set of preset rules from the server; each preset rule corresponds to a security event, and the preset rules include corresponding network traffic for matching multiple dimensions of information.

一种实施例中,步骤S102之后还包括:根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则。In one embodiment, after step S102, the method further includes: configuring the preset rule corresponding to the security event according to the pre-occurring behavior characteristics of the security event.

参见图3,可选的,所述根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则的步骤具体包括:Referring to FIG. 3, optionally, the step of configuring the preset rule corresponding to the security event according to the pre-occurring behavior characteristics of the security event specifically includes:

S111:预制所述安防事件预发生的网络行为,并解析所述网络行为的行为特征。S111: Prefabricate the pre-occurring network behavior of the security event, and analyze the behavior characteristics of the network behavior.

S112:根据所述行为特征配置为对应的所述安防事件的所述预设规则。S112: Configure the preset rule corresponding to the security event according to the behavior feature.

即通过预设的安防事件所对应的行为的行为特征,将其作为配置呈所述预设规则的基础;所述行为特征对应着该安防事件预发生时所产生的一系列关联的行为和属性,如配置一预设规则所对应安防事件的行为特征包括有:智能设备名称、网络流量发送时间以及网络流量特征等。That is, the behavioral characteristics of the behavior corresponding to the preset security event are used as the basis for configuring the preset rules; the behavioral characteristics correspond to a series of associated behaviors and attributes generated when the security event occurs For example, the behavior characteristics of the security event corresponding to the configuration of a preset rule include: the name of the smart device, the sending time of the network traffic, and the characteristics of the network traffic.

例如通过分析某品牌智能门锁成功开锁后的网络流量,提取中其中开锁行为所触发的关键特征,配置到预设规则中。那么如果有流量经过路由器,路由器匹配到预设规则中的对应关键特征,就可以认为发生了“某品牌智能门锁成功开锁”的行为。For example, by analyzing the network traffic after a certain brand of smart door lock is successfully unlocked, the key features triggered by the unlocking behavior are extracted and configured into the preset rules. Then, if there is traffic passing through the router, and the router matches the corresponding key features in the preset rules, it can be considered that the behavior of "successfully unlocking a certain brand of smart door lock" has occurred.

所述安防事件可能是简单事件、也可以是包含有多个简单事件的复杂事件并且满足连续发生的条件。例如简单事件:设置看家模式后,智能门铃有频繁的消息提醒;复杂事件由多个简单事件,按照一定的发生顺序:设置看家模式后,智能门锁开锁成功,一段时间后智能摄像头被关闭。本实施例的预制的安防事件的网络行为对应着一简单行为或多个简单行为构成的复杂行为,通过一系列连续的行为特征以配置出对应所述安防事件的预设规则,即所述预设规则中包含着对应的安防事件全部的行为特征,如智能设备名称、网络流量产生时间以及流量特征等信息。The security event may be a simple event, or a complex event including multiple simple events and satisfy the condition of continuous occurrence. For example, simple events: after setting the housekeeping mode, the smart doorbell has frequent message reminders; complex events consist of multiple simple events, in a certain order of occurrence: after setting the housekeeping mode, the smart door lock is successfully unlocked, and after a period of time, the smart camera is blocked. closure. The network behavior of the prefabricated security event in this embodiment corresponds to a simple behavior or a complex behavior composed of multiple simple behaviors, and a series of continuous behavioral characteristics are used to configure the preset rules corresponding to the security event, that is, the prefabricated The configuration rules contain all the behavior characteristics of the corresponding security events, such as the name of the smart device, the time when the network traffic is generated, and the traffic characteristics.

可选的,步骤S104之后还包括:根据所述授权用户触发的拦截指令,以拦截所述网络流量。在授权用户接收到所述提示消息之后,若当前的网络流量正在持续进行,则可通过在特定的软件程序上远程触发拦截指令,以拦截所述网络流量。Optionally, after step S104, the method further includes: intercepting the network traffic according to the interception instruction triggered by the authorized user. After the authorized user receives the prompt message, if the current network traffic is continuing, the network traffic can be intercepted by remotely triggering an interception command on a specific software program.

图4示出本发明一实施例提供的路由器的联网设备安防监测系统100,本系统100应用于路由器或与路由器连接的设备上,包括有获取单元10、分析判断单元20、生成单元30以及发送单元40,其中:Figure 4 shows a security monitoring system 100 for networked equipment of a router provided by an embodiment of the present invention. This system 100 is applied to a router or a device connected to the router, and includes an acquisition unit 10, an analysis and judgment unit 20, a generation unit 30 and a sending unit. Unit 40, where:

获取单元10用于获取经由路由器联网生成的网络流量;分析判断单元20用于分析判断所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则;生成单元30用于若匹配于所述预设规则,则生成所述网络流量来源于对应的所述安防事件的提示消息;发送单元40用于将所述提示消息发送至对应的授权用户。The acquisition unit 10 is used to acquire network traffic generated via router networking; the analysis and judgment unit 20 is used to analyze and judge whether the network traffic matches any preset rule; wherein, the preset rule is a corresponding security event Pre-occurring information matching rules; the generating unit 30 is used to generate a prompt message that the network traffic originates from the corresponding security event if the generating unit 30 matches the preset rule; the sending unit 40 is used to send the prompt message to the corresponding authorized user.

本实施例通过预设规则分析网络流量,创新性的把网络流量与现实世界中的具体安防事件映射起来,检测到的安防事件的主体是某个或某几个特定的IOT(物联网)设备,可提升路由器对家庭网络中的智能设备的安防监测能力。This embodiment analyzes network traffic through preset rules, innovatively maps network traffic to specific security events in the real world, and the main body of the detected security events is one or several specific IOT (Internet of Things) devices , which can improve the security monitoring capability of the router to the smart devices in the home network.

参见图5,一种实施方式中,分析判断单元20具体包括有分析子单元201和判断子单元202,其中:Referring to FIG. 5 , in one embodiment, the analysis and judgment unit 20 specifically includes an analysis subunit 201 and a judgment subunit 202, wherein:

分析子单元201用于分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征;判断子单元202用于判断所述联网设备、所述流量产生时间以及所述流量特征是否均匹配于所述预设规则。The analysis subunit 201 is used to analyze and obtain the networked device, traffic generation time and traffic characteristics corresponding to the network traffic; the judging subunit 202 is used to judge whether the networked device, the traffic generation time and the traffic characteristics all match the the preset rules.

可选的,分析子单元201具体用于:提取所述网络流量对应的mac地址,并根据所述mac地址识别出对应的所述联网设备;根据所述网络流量对应的网络请求,以分析获取所述网络流量的所述流量产生时间以及所述流量特征。Optionally, the analysis subunit 201 is specifically configured to: extract the mac address corresponding to the network traffic, and identify the corresponding networked device according to the mac address; analyze and obtain the network request according to the network traffic The traffic generation time and the traffic characteristic of the network traffic.

一种实施方式中,所述发送单元40具体用于:服务器接收所述路由器上传的所述提示消息,并将所述提示消息转发至所述路由器对应的授权用户的移动终端。具体实施时,在路由器中生成所述提示消息,并上传给与所述路由器连接的服务器,再由所述服务器将所述提示消息转发给授权用户的移动终端;即本实施例无需授权用户与路由器连接,仅需所述授权用户与路由器均与同一服务器连接即可,所述服务器将对应的授权用户与路由器绑定到一块,根据其绑定关系来确定提示消息的接收端。服务器再把提示消息通过多种渠道推送给授权用户,推送给授权用户的信息中至少包括:发生了什么事件、发生的时间、发生的具体设备。In one implementation manner, the sending unit 40 is specifically configured to: the server receives the prompt message uploaded by the router, and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router. During specific implementation, the prompt message is generated in the router, and uploaded to the server connected to the router, and then the server forwards the prompt message to the mobile terminal of the authorized user; that is, the present embodiment does not require the authorized user to communicate with the The router connection only requires that the authorized user and the router be connected to the same server, and the server binds the corresponding authorized user and the router together, and determines the receiving end of the prompt message according to the binding relationship. The server then pushes the prompt message to the authorized user through multiple channels, and the information pushed to the authorized user at least includes: what event happened, when it happened, and the specific device where it happened.

可选的,还包括有规则下载单元,其用于响应于所述路由器启动的安防监控功能,将至少一所述预设规则下载到所述路由器中。具体实施时,在路由器的控制程序上设置对应安防监控功能的“看家模式”;用户可在所述路由器对应的APP(应用程序)上启动该“看家模式”,从而进入安防监控功能;在路由器启动该功能之后,将至少一所述预设规则下载到路由器中,所述路由器中也可预存有部分预设规则;本实施例优选从服务器上获取所述预设规则并发送给路由器。例如,用户在APP上设置看家模式;设置后,路由器会从服务器下载一份预设的规则集合;每一条预设规则都对应一个安防事件,所述预设规则中包含对应网络流量进行匹配的多种信息维度。Optionally, a rule downloading unit is also included, configured to download at least one of the preset rules into the router in response to the security monitoring function activated by the router. During specific implementation, the "housekeeping mode" corresponding to the security monitoring function is set on the control program of the router; the user can start the "housekeeping mode" on the APP (application program) corresponding to the router, thereby entering the security monitoring function; After the router starts this function, at least one of the preset rules is downloaded to the router, and some preset rules can also be pre-stored in the router; in this embodiment, the preset rules are preferably obtained from the server and sent to the router . For example, the user sets the housekeeping mode on the APP; after setting, the router will download a set of preset rules from the server; each preset rule corresponds to a security event, and the preset rules include corresponding network traffic for matching multiple dimensions of information.

参见图6,一种实施例中,还包括有规则配置单元50,其用于根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则。Referring to FIG. 6 , an embodiment further includes a rule configuration unit 50 configured to configure the preset rule corresponding to the security event according to the pre-occurring behavior characteristics of the security event.

所述规则配置单元50具体包括有解析子单元501和配置子单元502,其中:The rule configuration unit 50 specifically includes a parsing subunit 501 and a configuration subunit 502, wherein:

解析子单元501用于预制所述安防事件预发生的网络行为,并解析所述网络行为的网络流量特征;配置子单元502用于根据所述网络流量特征配置为对应的所述安防事件的所述预设规则。The parsing subunit 501 is used to prefabricate the pre-occurring network behavior of the security event, and analyze the network traffic characteristics of the network behavior; the configuration subunit 502 is used to configure all the corresponding security events according to the network traffic characteristics the preset rules.

可选的,还包括拦截单元,其用于根据所述授权用户触发的拦截指令,以拦截所述网络流量。Optionally, an interception unit is also included, configured to intercept the network traffic according to the interception instruction triggered by the authorized user.

本发明还提供一种存储介质,用于存储如图1~图3所述路由器的联网设备安防监测方法的计算机程序。例如计算机程序指令,当其被计算机执行时,通过该计算机的操作,可以调用或提供根据本申请的方法和/或技术方案。而调用本申请的方法的程序指令,可能被存储在固定的或可移动的存储介质中,和/或通过广播或其他信号承载媒体中的数据流而被传输和/或被存储在根据程序指令运行的计算机设备的存储介质中。在此,根据本申请的一个实施例包括如图4所示路由器的联网设备安防监测系统的计算机设备,所述计算机设备优选包括用于存储计算机程序的存储介质和用于执行计算机程序的处理器,其中,当该计算机程序被该处理器执行时,触发该计算机设备执行基于前述多个实施例中的方法和/或技术方案。The present invention also provides a storage medium for storing the computer program of the method for monitoring the security of networked equipment of the router as described in FIGS. 1 to 3 . For example, computer program instructions, when executed by a computer, can invoke or provide the method and/or technical solution according to the present application through the operation of the computer. The program instructions for invoking the method of the present application may be stored in fixed or removable storage media, and/or transmitted through broadcast or other data streams in signal-bearing media and/or stored in In the storage medium of the running computer equipment. Here, according to one embodiment of the present application, a computer device of a networked device security monitoring system including a router as shown in FIG. 4 , the computer device preferably includes a storage medium for storing computer programs and a processor for executing computer programs , wherein, when the computer program is executed by the processor, the computer device is triggered to execute the methods and/or technical solutions based on the aforementioned multiple embodiments.

需要注意的是,本申请可在软件和/或软件与硬件的组合体中被实施,例如,可采用专用集成电路(ASIC)、通用目的计算机或任何其他类似硬件设备来实现。在一个实施例中,本申请的软件程序可以通过处理器执行以实现上文步骤或功能。同样地,本申请的软件程序(包括相关的数据结构)可以被存储到计算机可读记录介质中,例如,RAM存储器,磁或光驱动器或软磁盘及类似设备。另外,本申请的一些步骤或功能可采用硬件来实现,例如,作为与处理器配合从而执行各个步骤或功能的电路。It should be noted that the present application can be implemented in software and/or a combination of software and hardware, for example, it can be implemented by using an application specific integrated circuit (ASIC), a general-purpose computer or any other similar hardware devices. In one embodiment, the software program of the present application can be executed by a processor to realize the above steps or functions. Likewise, the software program (including associated data structures) of the present application can be stored in a computer-readable recording medium such as RAM memory, magnetic or optical drive or floppy disk and the like. In addition, some steps or functions of the present application may be implemented by hardware, for example, as a circuit that cooperates with a processor to execute each step or function.

根据本发明的方法可以作为计算机实现方法在计算机上实现、或者在专用硬件中实现、或以两者的组合的方式实现。用于根据本发明的方法的可执行代码或其部分可以存储在计算机程序产品上。计算机程序产品的示例包括存储器设备、光学存储设备、集成电路、服务器、在线软件等。优选地,计算机程序产品包括存储在计算机可读介质上以便当所述程序产品在计算机上执行时执行根据本发明的方法的非临时程序代码部件。The method according to the present invention can be implemented as a computer-implemented method on a computer, or in dedicated hardware, or in a combination of both. Executable code or parts thereof for a method according to the invention may be stored on a computer program product. Examples of computer program products include memory devices, optical storage devices, integrated circuits, servers, online software, and the like. Preferably, a computer program product comprises non-transitory program code means stored on a computer readable medium for carrying out the method according to the invention when said program product is executed on a computer.

在优选实施例中,计算机程序包括适合于当计算机程序在计算机上运行时执行根据本发明的方法的所有步骤的计算机程序代码部件。优选地,在计算机可读介质上体现计算机程序。In a preferred embodiment, the computer program comprises computer program code means adapted to perform all the steps of the method according to the invention when the computer program is run on a computer. Preferably, the computer program is embodied on a computer readable medium.

综上所述,本发明所述的路由器的联网设备安防监测方法及其系统,通过获取路由器中经由路由器联网生成的网络流量,并分析所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则;若匹配,则生成相应的提示消息,并将所述提示消息发送至对应的授权用户,以提醒授权用户当前正发送的安防事件。本发明通过安防事件对应的预设规则用于对比当前的网络流量,以识别出通过无线局域网联网的安防事件并及时提醒用户,增强了家庭网络的安防性能。To sum up, the security monitoring method and system for router networked equipment described in the present invention obtains network traffic generated in routers via router networking, and analyzes whether the network traffic matches any preset preset rule. ; Wherein, the preset rule is an information matching rule corresponding to the pre-occurrence of a security event; if it matches, a corresponding prompt message is generated, and the prompt message is sent to the corresponding authorized user to remind the authorized user that the currently sending security incidents. The invention uses preset rules corresponding to security events to compare current network traffic to identify security events connected through the wireless local area network and remind users in time, thereby enhancing the security performance of the home network.

当然,本发明还可有其它多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的技术人员当可根据本发明作出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。Certainly, the present invention also can have other multiple embodiments, without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes and deformations according to the present invention, but these corresponding Changes and deformations should belong to the scope of protection of the appended claims of the present invention.

还提供了A1、一种路由器的联网设备安防监测方法,包括步骤:Also provided is A1, a networked device security monitoring method for a router, including steps:

获取经由路由器联网生成的网络流量;Obtain network traffic generated via router networking;

分析判断所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则;Analyzing and judging whether the network traffic matches any preset preset rule; wherein, the preset rule is an information matching rule corresponding to a pre-occurrence of a security event;

若匹配于所述预设规则,则生成所述网络流量来源于对应的所述安防事件的提示消息;If it matches the preset rule, generate a prompt message that the network traffic originates from the corresponding security event;

将所述提示消息发送至对应的授权用户。The prompt message is sent to the corresponding authorized user.

A2、根据A1所述的路由器的联网设备安防监测方法,所述分析判断所述网络流量是否匹配于预置的任一预设规则的步骤具体包括:A2. According to the networked device security monitoring method for routers described in A1, the step of analyzing and judging whether the network traffic matches any preset rule specifically includes:

分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征;Analyzing and obtaining the networked device corresponding to the network traffic, traffic generation time, and traffic characteristics;

判断所述联网设备、所述流量产生时间以及所述流量特征是否均匹配于所述预设规则。Judging whether the networked device, the traffic generation time, and the traffic characteristics all match the preset rule.

A3、根据A2所述的路由器的联网设备安防监测方法,所述分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征的步骤具体包括:A3. According to the networked device security monitoring method of a router described in A2, the step of analyzing and obtaining the networked device corresponding to the network traffic, the time of traffic generation, and the traffic characteristics specifically includes:

提取所述网络流量对应的mac地址,并根据所述mac地址识别出对应的所述联网设备;Extracting the mac address corresponding to the network traffic, and identifying the corresponding networked device according to the mac address;

根据所述网络流量对应的网络请求,以分析获取所述网络流量的所述流量产生时间以及所述流量特征。According to the network request corresponding to the network traffic, the traffic generation time and the traffic characteristics of the network traffic are analyzed and acquired.

A4、根据A1所述的路由器的联网设备安防监测方法,所述将所述提示消息发送至对应的授权用户的步骤具体包括:A4. According to the method for monitoring networked device security of routers described in A1, the step of sending the prompt message to the corresponding authorized user specifically includes:

服务器接收所述路由器上传的所述提示消息,并将所述提示消息转发至所述路由器对应的授权用户的移动终端。The server receives the prompt message uploaded by the router, and forwards the prompt message to the mobile terminal of the authorized user corresponding to the router.

A5、根据A1所述的路由器的联网设备安防监测方法,所述分析判断所述网络流量是否匹配于预置的任一预设规则的步骤之前还包括:A5. According to the networked device security monitoring method for routers described in A1, the step of analyzing and judging whether the network traffic matches any preset rule also includes:

响应于所述路由器启动的安防监控功能,将至少一所述预设规则下载到所述路由器中。In response to the security monitoring function activated by the router, at least one of the preset rules is downloaded to the router.

A6、根据A1所述的路由器的联网设备安防监测方法,所述分析判断所述网络流量是否匹配于预置的任一预设规则的步骤之前还包括:A6. According to the networked device security monitoring method for routers described in A1, the step of analyzing and judging whether the network traffic matches any preset rule also includes:

根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则。The preset rule corresponding to the security event is configured according to the pre-occurring behavior characteristics of the security event.

A7、根据A6所述的路由器的联网设备安防监测方法,所述根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则的步骤具体包括:A7. According to the networked device security monitoring method for routers described in A6, the step of configuring the preset rules corresponding to the security events according to the pre-occurring behavior characteristics of the security events specifically includes:

预制所述安防事件预发生的网络行为,并解析所述网络行为的行为特征;Prefabricating the network behavior that occurs in advance of the security event, and analyzing the behavioral characteristics of the network behavior;

根据所述行为特征配置为对应的所述安防事件的所述预设规则。The preset rules corresponding to the security events are configured according to the behavior characteristics.

A8、根据A1~A7任一项所述的路由器的联网设备安防监测方法,所述将所述提示消息发送至对应的授权用户的步骤之后还包括:A8. According to the networked device security monitoring method for routers described in any one of A1-A7, after the step of sending the prompt message to the corresponding authorized user, it further includes:

根据所述授权用户触发的拦截指令,以拦截所述网络流量。The network traffic is intercepted according to the interception instruction triggered by the authorized user.

还提供了B9、一种路由器的联网设备安防监测系统,包括:Also provided is B9, a networked device security monitoring system for routers, including:

获取单元,用于获取经由路由器联网生成的网络流量;an acquisition unit, configured to acquire network traffic generated via router networking;

分析判断单元,用于分析判断所述网络流量是否匹配于预置的任一预设规则;其中,所述预设规则为对应的安防事件预发生的信息匹配规则;An analysis and judgment unit, configured to analyze and judge whether the network traffic matches any preset preset rule; wherein, the preset rule is an information matching rule corresponding to a pre-occurrence of a security event;

生成单元,用于若匹配于所述预设规则,则生成所述网络流量来源于对应的所述安防事件的提示消息;a generating unit, configured to generate a prompt message that the network traffic originates from the corresponding security event if it matches the preset rule;

发送单元,用于将所述提示消息发送至对应的授权用户。A sending unit, configured to send the prompt message to a corresponding authorized user.

B10、根据B9所述的路由器的联网设备安防监测系统,所述分析判断单元具体包括有:B10, according to the networked device security monitoring system of the router described in B9, the analysis and judgment unit specifically includes:

分析子单元,用于分析获得所述网络流量对应的联网设备、流量产生时间以及流量特征;An analysis subunit, configured to analyze and obtain the networked device corresponding to the network traffic, traffic generation time, and traffic characteristics;

判断子单元,用于判断所述联网设备、所述流量产生时间以及所述流量特征是否均匹配于所述预设规则。A judging subunit, configured to judge whether the networked device, the traffic generation time, and the traffic characteristics all match the preset rule.

B11、根据B10所述的路由器的联网设备安防监测系统,所述分析子单元具体用于:B11. According to the networked device security monitoring system for routers described in B10, the analysis subunit is specifically used for:

提取所述网络流量对应的mac地址,并根据所述mac地址识别出对应的所述联网设备;Extracting the mac address corresponding to the network traffic, and identifying the corresponding networked device according to the mac address;

根据所述网络流量对应的网络请求,以分析获取所述网络流量的所述流量产生时间以及所述流量特征。According to the network request corresponding to the network traffic, the traffic generation time and the traffic characteristics of the network traffic are analyzed and acquired.

B12、根据B9所述的路由器的联网设备安防监测系统,所述发送单元具体用于:B12. According to the networked equipment security monitoring system of the router described in B9, the sending unit is specifically used for:

服务器接收所述路由器上传的所述提示消息,并将所述提示消息转发至所述路由器对应的授权用户的移动终端。The server receives the prompt message uploaded by the router, and forwards the prompt message to the mobile terminal of the authorized user corresponding to the router.

B13、根据B9所述的路由器的联网设备安防监测系统,还包括:B13. The networked device security monitoring system for routers according to B9, further comprising:

规则下载单元,用于响应于所述路由器启动的安防监控功能,将至少一所述预设规则下载到所述路由器中。The rule downloading unit is configured to download at least one of the preset rules into the router in response to the security monitoring function activated by the router.

B14、根据B9所述的路由器的联网设备安防监测系统,还包括:B14. The networked device security monitoring system for routers according to B9, further comprising:

规则配置单元,用于根据所述安防事件预发生的行为特征,配置对应于所述安防事件的所述预设规则。A rule configuration unit configured to configure the preset rule corresponding to the security event according to the pre-occurring behavior characteristics of the security event.

B15、根据B14所述的路由器的联网设备安防监测系统,所述规则配置单元具体包括:B15. According to the networked device security monitoring system for routers described in B14, the rule configuration unit specifically includes:

解析子单元,用于预制所述安防事件预发生的网络行为,并解析所述网络行为的行为特征;An analysis sub-unit is used to prefabricate the network behavior that occurs in advance of the security event, and analyze the behavior characteristics of the network behavior;

配置子单元,用于根据所述行为特征配置为对应的所述安防事件的所述预设规则。The configuration subunit is configured to configure the preset rule corresponding to the security event according to the behavior feature.

B16、根据B9~B15任一项所述的路由器的联网设备安防监测系统,还包括:B16. The networked device security monitoring system for routers according to any one of B9-B15, further comprising:

拦截单元,用于根据所述授权用户触发的拦截指令,以拦截所述网络流量。An intercepting unit, configured to intercept the network traffic according to the interception instruction triggered by the authorized user.

还提供了C17、一种存储介质,用于存储一种用于执行A1~A8中任意一种所述路由器的联网设备安防监测方法的计算机程序。Also provided is C17, a storage medium for storing a computer program for executing any one of the methods for monitoring networked device security of routers described in A1-A8.

还提供了D18、一种计算机,包括存储介质、处理器以及存储在所述存储介质上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现A1~A8任一项所述的路由器的联网设备安防监测方法。Also provided is D18, a computer, including a storage medium, a processor, and a computer program stored on the storage medium and operable on the processor, when the processor executes the computer program, A1 to A8 are realized The security monitoring method for networked equipment of routers described in any one of the above.

Claims (18)

1. A security monitoring method for networking equipment of a router is characterized by comprising the following steps:
acquiring network traffic generated through router networking;
analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
if the network traffic is matched with the preset rule, generating a prompt message that the network traffic comes from the corresponding security event;
and sending the prompt message to a corresponding authorized user.
2. The method for monitoring the security of the networking equipment of the router according to claim 1, wherein the step of analyzing and judging whether the network traffic matches any preset rule specifically comprises:
analyzing and obtaining networking equipment, flow generation time and flow characteristics corresponding to the network flow;
and judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule or not.
3. The method for monitoring the security of the networking equipment of the router according to claim 2, wherein the step of analyzing and obtaining the networking equipment, the traffic generation time and the traffic characteristics corresponding to the network traffic specifically comprises:
extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address;
and analyzing and acquiring the flow generation time and the flow characteristics of the network flow according to the network request corresponding to the network flow.
4. The method for monitoring the security of the networking equipment of the router according to claim 1, wherein the step of sending the prompt message to the corresponding authorized user specifically comprises:
and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router.
5. The method for monitoring the security of the networking device of the router according to claim 1, wherein the step of analyzing and determining whether the network traffic matches any preset rule further comprises:
and responding to a security monitoring function started by the router, and downloading at least one preset rule into the router.
6. The method for monitoring the security of the networking equipment of the router according to claim 1, wherein the step of analyzing and determining whether the network traffic matches any preset rule further comprises:
and configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
7. The method for monitoring the security of the networking device of the router according to claim 6, wherein the step of configuring the preset rule corresponding to the security event according to the behavior feature of the pre-occurrence of the security event specifically comprises:
prefabricating a network behavior of the security event, which is expected to occur, and analyzing behavior characteristics of the network behavior;
and configuring the preset rules of the corresponding security events according to the behavior characteristics.
8. The method for monitoring the security of the networking equipment of the router according to any one of claims 1 to 7, wherein the step of sending the prompting message to the corresponding authorized user further comprises:
and intercepting the network flow according to an interception instruction triggered by the authorized user.
9. The utility model provides a networking device security protection monitoring system of router which characterized in that includes:
an acquisition unit configured to acquire network traffic generated by networking via a router;
the analysis and judgment unit is used for analyzing and judging whether the network flow is matched with any preset rule or not; the preset rules are information matching rules of corresponding security events which are preset;
the generating unit is used for generating a prompt message that the network flow comes from the corresponding security event if the network flow is matched with the preset rule;
and the sending unit is used for sending the prompt message to a corresponding authorized user.
10. The system of claim 9, wherein the analyzing and determining unit comprises:
the analysis subunit is used for analyzing and obtaining networking equipment, traffic generation time and traffic characteristics corresponding to the network traffic;
and the judging subunit is used for judging whether the networking equipment, the flow generation time and the flow characteristics are all matched with the preset rule.
11. The networked device security monitoring system of a router of claim 10, wherein the analysis subunit is specifically configured to:
extracting a mac address corresponding to the network traffic, and identifying the corresponding networking equipment according to the mac address;
and analyzing and acquiring the flow generation time and the flow characteristics of the network flow according to the network request corresponding to the network flow.
12. The system of claim 9, wherein the sending unit is specifically configured to:
and the server receives the prompt message uploaded by the router and forwards the prompt message to a mobile terminal of an authorized user corresponding to the router.
13. The router's networked device security monitoring system of claim 9, further comprising:
and the rule downloading unit is used for responding to a security monitoring function started by the router and downloading at least one preset rule to the router.
14. The router networking device security monitoring system of claim 9, further comprising:
and the rule configuration unit is used for configuring the preset rule corresponding to the security event according to the behavior characteristics of the pre-occurrence of the security event.
15. The system according to claim 14, wherein the rule configuration unit specifically comprises:
the analysis subunit is used for prefabricating the network behavior of the security event, and analyzing the behavior characteristics of the network behavior;
and the configuration subunit is used for configuring the preset rules of the corresponding security events according to the behavior characteristics.
16. The system for monitoring the security of the networked devices of the router according to any one of claims 9 to 15, further comprising:
and the interception unit is used for intercepting the network flow according to an interception instruction triggered by the authorized user.
17. A storage medium storing a computer program for executing the method for monitoring security of networked devices of a router according to any one of claims 1 to 8.
18. A computer comprising a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the method for monitoring the security of the networked devices of the router according to any one of claims 1 to 8 when executing the computer program.
CN202110397893.8A 2021-04-13 2021-04-13 Method, system, storage medium and computer equipment for security monitoring of networked equipment of router Active CN113132372B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110397893.8A CN113132372B (en) 2021-04-13 2021-04-13 Method, system, storage medium and computer equipment for security monitoring of networked equipment of router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110397893.8A CN113132372B (en) 2021-04-13 2021-04-13 Method, system, storage medium and computer equipment for security monitoring of networked equipment of router

Publications (2)

Publication Number Publication Date
CN113132372A CN113132372A (en) 2021-07-16
CN113132372B true CN113132372B (en) 2023-02-17

Family

ID=76776244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110397893.8A Active CN113132372B (en) 2021-04-13 2021-04-13 Method, system, storage medium and computer equipment for security monitoring of networked equipment of router

Country Status (1)

Country Link
CN (1) CN113132372B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683681A (en) * 2018-06-01 2018-10-19 杭州安恒信息技术股份有限公司 A kind of smart home intrusion detection method and device based on traffic policy
CN111021916A (en) * 2019-08-12 2020-04-17 上海雷盎云智能技术有限公司 Door and window system for smart home
CN111696290A (en) * 2019-03-15 2020-09-22 北京奇虎科技有限公司 Security decision method and device, computing equipment and computer storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10230740B2 (en) * 2015-04-21 2019-03-12 Cujo LLC Network security analysis for smart appliances
CN105187395B (en) * 2015-08-10 2018-10-23 济南大学 The method and system of Malware network behavior detection are carried out based on couple in router
WO2017106206A1 (en) * 2015-12-18 2017-06-22 Cujo LLC Intercepting intra-network communication for smart appliance behavior analysis
CN106412896A (en) * 2016-09-30 2017-02-15 上海斐讯数据通信技术有限公司 Authorization management method and system of wireless router
CN106921658A (en) * 2017-02-14 2017-07-04 上海斐讯数据通信技术有限公司 A kind of router device safety protecting method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683681A (en) * 2018-06-01 2018-10-19 杭州安恒信息技术股份有限公司 A kind of smart home intrusion detection method and device based on traffic policy
CN111696290A (en) * 2019-03-15 2020-09-22 北京奇虎科技有限公司 Security decision method and device, computing equipment and computer storage medium
CN111021916A (en) * 2019-08-12 2020-04-17 上海雷盎云智能技术有限公司 Door and window system for smart home

Also Published As

Publication number Publication date
CN113132372A (en) 2021-07-16

Similar Documents

Publication Publication Date Title
US12143404B2 (en) Cyber defence system
CN105191257B (en) Method and apparatus for detecting multi-stage events
US11003773B1 (en) System and method for automatically generating malware detection rule recommendations
US20220182403A1 (en) Endpoint Network Sensor and Related Cybersecurity Infrastructure
CN110855676B (en) Network attack processing method and device and storage medium
CN107135093B (en) Internet of things intrusion detection method and detection system based on finite automaton
JP7364666B2 (en) Multidimensional periodicity detection of IoT devices
US20180211032A1 (en) Log information generation apparatus and recording medium, and log information extraction apparatus and recording medium
US10984099B2 (en) Unauthorized authentication events
CN103023906A (en) Method and system aiming at remote procedure calling conventions to perform status tracking
US11838329B1 (en) Curating actionable intrusion detection system rules
US20240314152A1 (en) Endpoint network sensor and related cybersecurity infrastructure
CN111866030B (en) An industrial protocol identification device and method for mimicking edge gateways
TWI671655B (en) System and method for program security protection
CN107517238A (en) A smart device control method, device and device for Internet of Things
CN106789486B (en) Method and device for detecting shared access, electronic equipment and computer readable storage medium
CN109800571A (en) Event-handling method and device and storage medium and electronic device
CN113132372B (en) Method, system, storage medium and computer equipment for security monitoring of networked equipment of router
US11876834B1 (en) Secure verification of detection rules on test sensors
CN103036895B (en) A kind of status tracking method and system
CN107517236A (en) A kind of event processing method, device and equipment for internet of things
CN114760083B (en) Method, device and storage medium for issuing attack detection file
CN115378638A (en) Network security honeypot system based on stream data processing and implementation method
WO2025132775A1 (en) Endpoint agent and related cybersecurity infrastructure
CN113259240A (en) Special network control method, system, storage medium and computer equipment for router

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 518000, 3rd Floor, Building A2, Nanshan Zhiyuan, No. 1001 Xueyuan Avenue, Changyuan Community, Taoyuan Street, Nanshan District, Shenzhen, Guangdong Province

Patentee after: Shenzhen 3600 Smart Life Technology Co.,Ltd.

Country or region after: China

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Patentee before: SHENZHEN QIHU INTELLIGENT TECHNOLOGY CO.,LTD.

Country or region before: China

CP03 Change of name, title or address