[go: up one dir, main page]

CN117081857A - A communication security authentication system for smart homes - Google Patents

A communication security authentication system for smart homes Download PDF

Info

Publication number
CN117081857A
CN117081857A CN202311327603.8A CN202311327603A CN117081857A CN 117081857 A CN117081857 A CN 117081857A CN 202311327603 A CN202311327603 A CN 202311327603A CN 117081857 A CN117081857 A CN 117081857A
Authority
CN
China
Prior art keywords
equipment
intrusion
value
analysis
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311327603.8A
Other languages
Chinese (zh)
Other versions
CN117081857B (en
Inventor
候倍倍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangxi University of Technology
Original Assignee
Jiangxi University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangxi University of Technology filed Critical Jiangxi University of Technology
Priority to CN202311327603.8A priority Critical patent/CN117081857B/en
Publication of CN117081857A publication Critical patent/CN117081857A/en
Application granted granted Critical
Publication of CN117081857B publication Critical patent/CN117081857B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Alarm Systems (AREA)

Abstract

本发明属于智能家居领域,涉及数据分析技术,具体是一种用于智能家居的通信安全认证系统,包括安全认证平台,所述安全认证平台通信连接有指令处理模块、认证分析模块、入侵分析模块以及存储模块;指令处理模块用于对用户端发出的控制指令进行处理分析,认证分析模块用于对用户端信息进行认证监测分析,入侵分析模块用于对没有通过安全认证的控制行为进行入侵分析;本发明可以对用户端发出的控制指令进行处理分析,通过对用户端发出的控制指令进行分解,通过子信息在各自序列中的序号生成数字替换码,然后由数字替换码组成传输指令包,并在认证不通过时生成入侵信号,通过传输指令包进行入侵特征分析,提高安全风险的规避处理效率。

The invention belongs to the field of smart homes and relates to data analysis technology. Specifically, it is a communication security authentication system for smart homes, including a security authentication platform. The security authentication platform is communicated with an instruction processing module, an authentication analysis module, and an intrusion analysis module. and a storage module; the instruction processing module is used to process and analyze control instructions issued by the user, the authentication analysis module is used to perform authentication monitoring and analysis of user information, and the intrusion analysis module is used to perform intrusion analysis on control behaviors that have not passed security authentication. ; The present invention can process and analyze the control instructions issued by the user end, decompose the control instructions issued by the user end, generate digital replacement codes through the serial numbers of the sub-information in the respective sequences, and then form a transmission instruction package from the digital replacement codes, It also generates an intrusion signal when the authentication fails, and analyzes the intrusion characteristics by transmitting command packets to improve the efficiency of security risk avoidance.

Description

Communication security authentication system for smart home
Technical Field
The application belongs to the field of intelligent home, relates to a data analysis technology, and particularly relates to a communication security authentication system for intelligent home.
Background
The intelligent home is a system for realizing automatic and intelligent management and control of household equipment through technical means such as the Internet, sensors and automatic control, and the intelligent home can be remotely controlled through terminals such as mobile phones and computers, so that convenience, comfort and safety of household life are improved.
The existing communication security authentication system for intelligent home can lead to illegal control instructions to directly control the intelligent home when the intelligent home communication network is attacked by the network, so that great potential safety hazards exist, meanwhile, the existing communication security authentication system cannot analyze the invasion characteristics of the illegal control instructions, and therefore when the intelligent home communication security is threatened, targeted measures cannot be taken to avoid risks.
The application provides a solution to the technical problem.
Disclosure of Invention
The application aims to provide a communication security authentication system for intelligent home, which is used for solving the problems that the existing communication security authentication system for intelligent home cannot encrypt and transmit control instructions and cannot perform intrusion characteristic analysis on illegal control instructions;
the aim of the application can be achieved by the following technical scheme:
the communication security authentication system for the intelligent home comprises a security authentication platform, wherein the security authentication platform is in communication connection with an instruction processing module, an authentication analysis module, an intrusion analysis module and a storage module;
the instruction processing module is used for processing and analyzing the control instruction sent by the user side: when a user needs to control the smart home, a control instruction is sent to a security authentication platform through a user side, wherein the control instruction comprises equipment information, operation information and amplitude information, an instruction processing module respectively carries out random scrambling and recombination on a equipment data set, an operation data set and sub-data in the amplitude data set in a storage module to obtain an equipment sequence, an operation sequence and an amplitude sequence, a serial number of the equipment information in the equipment sequence is marked as an equipment value, a serial number of the operation information in the operation sequence is marked as an operation value, a serial number of the amplitude information in the amplitude sequence is marked as an amplitude value, a transmission instruction packet is formed by the equipment value, the operation value and the amplitude value, the transmission instruction packet and the user side information are sent to the security authentication platform, and the security authentication platform sends the received transmission instruction packet and the user side information to an authentication analysis module;
the authentication analysis module is used for carrying out authentication monitoring analysis on the user information: the authentication data set is called through the storage module, the user side information is compared with the authentication data set, whether the safety authentication of the control instruction is passed or not is judged through comparison results, and the authentication data set contains identity information of all users passing the identity safety authentication;
the intrusion analysis module is used for performing intrusion analysis on control behaviors which do not pass through security authentication.
As a preferred embodiment of the present application, the specific process of comparing the user side information with the authentication data set includes: if the authentication data set contains user side information, judging that authentication is passed, respectively extracting corresponding equipment information, operation information and amplitude information from the equipment sequence, the operation sequence and the amplitude sequence by using the equipment value, the operation value and the amplitude value in the transmission instruction packet, reorganizing the control instruction according to the equipment information, the operation information and the amplitude information, transmitting the control instruction to a controller through a safety authentication platform, and controlling intelligent household equipment according to the equipment information, the operation information and the amplitude information after the controller receives the control instruction; if the authentication data set does not contain the user side information, the authentication is judged to be failed, an intrusion signal is generated and the intrusion signal and the transmission instruction packet are sent to the security authentication platform, and the security authentication platform sends the received intrusion signal and the transmission instruction packet to the intrusion analysis module.
As a preferred embodiment of the present application, the specific process of intrusion analysis performed by the intrusion analysis module on the control behavior which does not pass the security authentication includes: generating an analysis period, reorganizing a control instruction when an intrusion signal is received in the analysis period, marking equipment information in the control instruction as intrusion equipment, marking the number of times of marking the intelligent household equipment as the intrusion equipment in the analysis period as the marking value of the intelligent household equipment, forming a marking set by the marking values of all the intelligent household equipment, performing variance calculation on the marking set to obtain a concentration coefficient, acquiring a concentration threshold value through a storage module, comparing the concentration coefficient with the concentration threshold value, and judging whether the intrusion equipment in the analysis period has concentration or not through a comparison result; and carrying out risk analysis at the end time of the analysis period.
As a preferred embodiment of the present application, the specific process of comparing the concentration coefficient with the concentration threshold value includes: if the concentration coefficient is smaller than the concentration threshold value, judging that the invasive equipment in the analysis period does not have concentration; if the concentration coefficient is greater than or equal to the concentration threshold, judging that the intrusion equipment in the analysis period has concentration, sequencing the intelligent household equipment according to the sequence of the marking values from large to small to obtain a household sequence, marking L1 intelligent household equipment which are sequenced in the household sequence to be isolation equipment, and adding the isolation equipment into the isolation data set.
As a preferred embodiment of the present application, the specific process of risk analysis at the end of the analysis period comprises: acquiring request values for analysis periodsA random value SJ and an isolation value GL; by +_request value>Carrying out numerical calculation on the random value SJ and the isolation value GL to obtain a risk coefficient FX of an analysis period; the risk threshold FXmax is obtained through the storage module, the risk coefficient FX of the analysis period is compared with the risk threshold FXmax, and whether the communication security risk in the analysis period meets the requirement or not is judged according to the comparison result.
As a preferred embodiment of the present application, the request valueIn order to analyze the number of transmission instruction packets received by the security authentication platform in a period, the process for acquiring the random value SJ and the isolation value GL includes: comparing the intrusion device with the isolated data set: if the isolated data set contains the intrusion equipment, marking the corresponding intrusion equipment as marking equipment; if the isolated data set does not contain the intrusion equipment, marking the corresponding intrusion equipment as random equipment; the marking times of the random device and the marking times of the marking device in the analysis period are respectively marked as a random value SJ and an isolation value GL.
As a preferred embodiment of the present application, the specific process of comparing the risk factor FX of the analysis cycle with the risk threshold FXmax comprises: if the risk coefficient FX is smaller than the risk threshold FXmax, judging that the communication security risk in the analysis period meets the requirement, generating a security signal and sending the security signal to a security authentication platform, and sending the security signal to a mobile phone terminal of a manager after the security authentication platform receives the security signal; if the risk coefficient FX is greater than or equal to the risk threshold FXmax, judging that the communication security risk in the analysis period does not meet the requirement, generating a risk early-warning signal and sending the risk early-warning signal to a security authentication platform, and sending the risk early-warning signal to a mobile phone terminal of a manager after the security authentication platform receives the risk early-warning signal.
The application has the following beneficial effects:
1. the control instruction sent by the user terminal can be processed and analyzed through the instruction processing module, the control instruction sent by the user terminal is decomposed, digital substitution codes are generated through serial numbers of the sub-information in respective sequences, then the digital substitution codes form transmission instruction packets, equipment information, operation information and amplitude information of the control instruction in the transmission process are hidden, encryption transmission of the control instruction is realized, and the probability of tampering and stealing of the control instruction in the transmission process is reduced;
2. the authentication analysis module can carry out authentication monitoring analysis on the user side information, compares the user side information with the authentication data set, judges whether the security authentication is passed or not according to the comparison result, generates an intrusion signal when the authentication is not passed, carries out intrusion feature analysis through a transmission instruction packet, and improves the avoidance processing efficiency of security risks;
3. the intrusion analysis module can carry out intrusion analysis on control behaviors which do not pass through security authentication, an isolation data set is constructed by analyzing the centralization of intrusion equipment in an analysis period, then intelligent household equipment in the isolation data set is isolated, the whole system is prevented from being influenced after one piece of equipment is attacked, then the risk of the whole communication security is fed back by analyzing the risk coefficient of the analysis period, and the communication security of the analysis period is evaluated by combining the whole network security analysis result and the intrusion characteristic analysis result of a single equipment.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a system block diagram of a first embodiment of the present application.
Detailed Description
The technical solutions of the present application will be clearly and completely described in connection with the embodiments, and it is obvious that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Example 1
As shown in fig. 1, a communication security authentication system for smart home comprises a security authentication platform, wherein the security authentication platform is in communication connection with an instruction processing module, an authentication analysis module, an intrusion analysis module and a storage module.
The instruction processing module is used for processing and analyzing the control instruction sent by the user side, when the intelligent home communication network is attacked by the network, the illegal control instruction can directly control the intelligent home, and great potential safety hazards exist, and the specific process of processing and analyzing the control instruction by the instruction processing module comprises the following steps: when a user needs to control the intelligent home, a control instruction is sent to the security authentication platform through the user side, wherein the control instruction comprises equipment information, operation information and amplitude information, for example, when the control instruction is to open a main lying air conditioner and adjust the temperature to twenty-five degrees, the equipment information is the main lying air conditioner, the operation information is to open and adjust, and the amplitude information is twenty-five degrees; the command processing module is used for randomly disturbing and reorganizing the sub-data in the equipment data group, the operation data group and the amplitude data group in the storage module to obtain an equipment sequence, an operation sequence and an amplitude sequence, wherein the equipment data group, the operation data group and the amplitude data group are control command sub-data sets recorded in advance, and the equipment data group comprises a main lying air conditioner, a secondary lying air conditioner, a living room television, a restaurant refrigerator and the like; the operation data sets comprise opening and adjusting, closing, opening, adjusting and the like; the amplitude data comprises an air conditioner temperature scale, an air conditioner function, a refrigerator temperature scale, a refrigerator function, a television channel, a television function and the like; the method comprises the steps of marking a sequence number of equipment information in an equipment sequence as an equipment value, marking a sequence number of operation information in an operation sequence as an operation value, marking a sequence number of amplitude information in an amplitude sequence as an amplitude value, forming a transmission instruction packet by the equipment value, the operation value and the amplitude value, sending the transmission instruction packet and user side information to a security authentication platform, and sending the received transmission instruction packet and the received user side information to an authentication analysis module by the security authentication platform; processing and analyzing a control instruction sent by a user terminal, decomposing the control instruction sent by the user terminal, comparing the decomposed sub-information with a device sequence, an operation sequence and an amplitude sequence, generating a digital replacement code by the serial numbers of the sub-information in the respective sequences, wherein the corresponding digital replacement code of the device sequence is a device value, the digital replacement code of the operation sequence is an operation value, and the digital replacement code of the amplitude sequence is an amplitude value; and then, a transmission instruction packet is formed by the digital substitution code, equipment information, operation information and amplitude information of the control instruction in the transmission process are hidden, the control instruction is encrypted and transmitted, and the probability of tampering and stealing the control instruction in the transmission process is reduced.
The authentication analysis module is used for carrying out authentication monitoring analysis on the user side information: the authentication data set is called through the storage module, the authentication data set contains identity information of all users passing through identity security authentication, and user side information is compared with the authentication data set: if the authentication data set contains user side information, judging that authentication is passed, respectively extracting corresponding equipment information, operation information and amplitude information from the equipment sequence, the operation sequence and the amplitude sequence by using the equipment value, the operation value and the amplitude value in the transmission instruction packet, reorganizing the control instruction according to the equipment information, the operation information and the amplitude information, transmitting the control instruction to a controller through a safety authentication platform, and controlling intelligent household equipment according to the equipment information, the operation information and the amplitude information after the controller receives the control instruction; if the authentication data set does not contain the user side information, judging that authentication does not pass, generating an intrusion signal and sending the intrusion signal and a transmission instruction packet to a security authentication platform, and sending the received intrusion signal and the transmission instruction packet to an intrusion analysis module by the security authentication platform; and carrying out authentication monitoring analysis on the user side information, comparing the user side information with an authentication data set, judging whether the safety authentication is passed or not according to the comparison result, generating an intrusion signal when the authentication is not passed, carrying out intrusion characteristic analysis through a transmission instruction packet, and improving the avoidance processing efficiency of safety risks.
The intrusion analysis module is used for performing intrusion analysis on the control behaviors which do not pass the security authentication: generating an analysis period, reorganizing a control instruction when an intrusion signal is received in the analysis period, marking equipment information in the control instruction as intrusion equipment, marking the number of times of marking the intelligent household equipment as the intrusion equipment in the analysis period as the marking value of the intelligent household equipment, forming a marking set by the marking values of all the intelligent household equipment, performing variance calculation on the marking set to obtain a concentration coefficient, acquiring a concentration threshold value through a storage module, and comparing the concentration coefficient with the concentration threshold value: if the concentration coefficient is smaller than the concentration threshold value, judging that the invasive equipment in the analysis period does not have concentration; if the concentration coefficient is greater than or equal to the concentration threshold, judging that the intrusion equipment in the analysis period has concentration, sequencing the intelligent household equipment according to the sequence of the marking values from large to small to obtain a household sequence, marking L1 intelligent household equipment which are sequenced to the front in the household sequence as isolation equipment, and adding the isolation equipment into an isolation data set; it should be noted that the intrusion device in the isolated data set is a smart home with a concentrationThe device is isolated and controlled by adopting a Virtual Private Network (VPN), so that the possibility of breakdown of the whole communication network when the intrusion device is attacked is reduced, and the running safety of the whole communication network is improved; risk analysis is performed at the end of the analysis period: acquiring request values for analysis periodsA random value SJ, an isolation value GL, a request value +.>In order to analyze the number of transmission instruction packets received by the security authentication platform in a period, the process for acquiring the random value SJ and the isolation value GL includes: comparing the intrusion device with the isolated data set: if the isolated data set contains the intrusion equipment, marking the corresponding intrusion equipment as marking equipment; if the isolated data set does not contain the intrusion equipment, marking the corresponding intrusion equipment as random equipment; marking the marking times of the random equipment and the marking times of the marking equipment in the analysis period as a random value SJ and an isolation value GL respectively; by the formula-> Obtaining a risk coefficient FX of an analysis period, wherein alpha 1, alpha 2 and alpha 3 are all proportional coefficients, alpha 1 is larger than alpha 2 and larger than alpha 3, a random value is the number of times of invasion of random equipment, an isolation value is the number of times of invasion of marking equipment, a risk threshold value obtained through calculation is in direct proportion to the random value and the value of the isolation value, and the larger the value of the risk coefficient is, the larger the number of times of invasion of a security authentication platform in the analysis period is, and the larger the hidden risk is; acquiring a risk threshold FXmax through a storage module, and comparing a risk coefficient FX of an analysis period with the risk threshold FXmax: if the risk coefficient FX is smaller than the risk threshold FXmax, judging that the communication security risk in the analysis period meets the requirement, generating a security signal and sending the security signal to a security authentication platform, and sending the security signal to a mobile phone of a manager after the security authentication platform receives the security signalA terminal; if the risk coefficient FX is greater than or equal to the risk threshold FXmax, judging that the communication security risk in the analysis period does not meet the requirement, generating a risk early-warning signal and sending the risk early-warning signal to a security authentication platform, and sending the risk early-warning signal to a mobile phone terminal of a manager after the security authentication platform receives the risk early-warning signal; the method comprises the steps of carrying out intrusion analysis on control behaviors which do not pass through security authentication, constructing an isolation data set by analyzing the centralization of intrusion devices in an analysis period, then isolating intelligent household devices in the isolation data set, avoiding that one device is affected by the whole system after being attacked, then feeding back the overall communication security risk by analyzing the risk coefficient of the analysis period, and evaluating the communication security of the analysis period by combining the overall network security analysis result with the intrusion characteristic analysis result of a single device.
When the communication security authentication system for the intelligent home is in operation, a user sends a control instruction to the security authentication platform through a user side when the intelligent home needs to be controlled, and a transmission instruction packet is formed by a device value, an operation value and an amplitude value; the authentication data set is called through the storage module, the user side information is compared with the authentication data set, and whether authentication is passed or not is judged through a comparison result; generating an analysis period, reorganizing a control instruction when an intrusion signal is received in the analysis period, marking equipment information in the control instruction as intrusion equipment, and judging whether the intrusion equipment in the analysis period has centralization; risk analysis is performed at the end of the analysis period: acquiring request values for analysis periodsAnd carrying out numerical calculation on the random value SJ and the isolation value GL to obtain a risk coefficient FX, and judging whether the communication security risk in the analysis period meets the requirement or not through the risk coefficient FX.
The formulas are obtained by collecting a large amount of data for software simulation, and a formula close to a true value is selected, the size of the coefficient is a specific numerical value obtained by quantizing each parameter, the subsequent comparison is convenient, and the corresponding risk coefficient is preliminarily set for each group of sample data according to the number of the sample data and the person skilled in the art; as long as the proportional relation between the parameter and the quantized value is not affected, for example, the risk coefficient is directly proportional to the value of the isolation value.
In the description of the present specification, the descriptions of the terms "one embodiment," "example," "specific example," and the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative of the structures of this application and various modifications, additions and substitutions for those skilled in the art can be made to the described embodiments without departing from the scope of the application or from the scope of the application as defined in the accompanying claims.
The preferred embodiments of the application disclosed above are intended only to assist in the explanation of the application. The preferred embodiments are not intended to be exhaustive or to limit the application to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the application and the practical application, to thereby enable others skilled in the art to best understand and utilize the application. The application is limited only by the claims and the full scope and equivalents thereof.

Claims (6)

1. The communication security authentication system for the intelligent home is characterized by comprising a security authentication platform, wherein the security authentication platform is in communication connection with an instruction processing module, an authentication analysis module, an intrusion analysis module and a storage module;
the instruction processing module is used for processing and analyzing the control instruction sent by the user side: when a user needs to control the smart home, a control instruction is sent to a security authentication platform through a user side, wherein the control instruction comprises equipment information, operation information and amplitude information, an instruction processing module respectively carries out random scrambling and recombination on a equipment data set, an operation data set and sub-data in the amplitude data set in a storage module to obtain an equipment sequence, an operation sequence and an amplitude sequence, a serial number of the equipment information in the equipment sequence is marked as an equipment value, a serial number of the operation information in the operation sequence is marked as an operation value, a serial number of the amplitude information in the amplitude sequence is marked as an amplitude value, a transmission instruction packet is formed by the equipment value, the operation value and the amplitude value, the transmission instruction packet and the user side information are sent to the security authentication platform, and the security authentication platform sends the received transmission instruction packet and the user side information to an authentication analysis module;
the authentication analysis module is used for carrying out authentication monitoring analysis on the user information: the authentication data set is called through the storage module, the user side information is compared with the authentication data set, whether the safety authentication of the control instruction is passed or not is judged through comparison results, and the authentication data set contains identity information of all users passing the identity safety authentication;
the intrusion analysis module is used for performing intrusion analysis on control behaviors which do not pass through security authentication: generating an analysis period, reorganizing a control instruction when an intrusion signal is received in the analysis period, marking equipment information in the control instruction as intrusion equipment, marking the number of times of marking the intelligent household equipment as the intrusion equipment in the analysis period as the marking value of the intelligent household equipment, forming a marking set by the marking values of all the intelligent household equipment, performing variance calculation on the marking set to obtain a concentration coefficient, acquiring a concentration threshold value through a storage module, comparing the concentration coefficient with the concentration threshold value, and judging whether the intrusion equipment in the analysis period has concentration or not through a comparison result; and carrying out risk analysis at the end time of the analysis period.
2. The communication security authentication system for smart home according to claim 1, wherein the specific process of comparing the user side information with the authentication data set comprises: if the authentication data set contains user side information, judging that authentication is passed, respectively extracting corresponding equipment information, operation information and amplitude information from the equipment sequence, the operation sequence and the amplitude sequence by using the equipment value, the operation value and the amplitude value in the transmission instruction packet, reorganizing the control instruction according to the equipment information, the operation information and the amplitude information, transmitting the control instruction to a controller through a safety authentication platform, and controlling intelligent household equipment according to the equipment information, the operation information and the amplitude information after the controller receives the control instruction; if the authentication data set does not contain the user side information, the authentication is judged to be failed, an intrusion signal is generated and the intrusion signal and the transmission instruction packet are sent to the security authentication platform, and the security authentication platform sends the received intrusion signal and the transmission instruction packet to the intrusion analysis module.
3. The communication security authentication system for smart home according to claim 2, wherein the specific process of comparing the concentration factor with the concentration threshold comprises: if the concentration coefficient is smaller than the concentration threshold value, judging that the invasive equipment in the analysis period does not have concentration; if the concentration coefficient is greater than or equal to the concentration threshold, judging that the intrusion equipment in the analysis period has concentration, sequencing the intelligent household equipment according to the sequence of the marking values from large to small to obtain a household sequence, marking L1 intelligent household equipment which are sequenced in the household sequence to be isolation equipment, and adding the isolation equipment into the isolation data set.
4. A communication security authentication system for smart home according to claim 3, wherein the specific process of risk analysis at the end of the analysis period comprises: acquiring request values for analysis periodsA random value SJ and an isolation value GL; by +_request value>Carrying out numerical calculation on the random value SJ and the isolation value GL to obtain a risk coefficient FX of an analysis period; the risk threshold FXmax is obtained through the storage module, the risk coefficient FX of the analysis period is compared with the risk threshold FXmax, and whether the communication security risk in the analysis period meets the requirement or not is judged according to the comparison result.
5. The communication security authentication system for smart home as claimed in claim 4, wherein the request value isIn order to analyze the number of transmission instruction packets received by the security authentication platform in a period, the process for acquiring the random value SJ and the isolation value GL includes: comparing the intrusion device with the isolated data set: if the isolated data set contains the intrusion equipment, marking the corresponding intrusion equipment as marking equipment; if the isolated data set does not contain the intrusion equipment, marking the corresponding intrusion equipment as random equipment; the marking times of the random device and the marking times of the marking device in the analysis period are respectively marked as a random value SJ and an isolation value GL.
6. The communication security authentication system for smart home according to claim 5, wherein the specific process of comparing the risk coefficient FX of the analysis period with the risk threshold FXmax comprises: if the risk coefficient FX is smaller than the risk threshold FXmax, judging that the communication security risk in the analysis period meets the requirement, generating a security signal and sending the security signal to a security authentication platform, and sending the security signal to a mobile phone terminal of a manager after the security authentication platform receives the security signal; if the risk coefficient FX is greater than or equal to the risk threshold FXmax, judging that the communication security risk in the analysis period does not meet the requirement, generating a risk early-warning signal and sending the risk early-warning signal to a security authentication platform, and sending the risk early-warning signal to a mobile phone terminal of a manager after the security authentication platform receives the risk early-warning signal.
CN202311327603.8A 2023-10-13 2023-10-13 Communication security authentication system for smart home Active CN117081857B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311327603.8A CN117081857B (en) 2023-10-13 2023-10-13 Communication security authentication system for smart home

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311327603.8A CN117081857B (en) 2023-10-13 2023-10-13 Communication security authentication system for smart home

Publications (2)

Publication Number Publication Date
CN117081857A true CN117081857A (en) 2023-11-17
CN117081857B CN117081857B (en) 2024-01-05

Family

ID=88717438

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311327603.8A Active CN117081857B (en) 2023-10-13 2023-10-13 Communication security authentication system for smart home

Country Status (1)

Country Link
CN (1) CN117081857B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119051979A (en) * 2024-10-28 2024-11-29 山东东方飞扬软件技术有限公司 Anti-intrusion online identification system and method based on AI digital archives

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110258206A1 (en) * 2010-03-19 2011-10-20 University Of Ottawa System and method for evaluating marketer re-identification risk
CN104301303A (en) * 2014-09-15 2015-01-21 汕头大学 Security protection method and system for smart home internet of things
CN105554026A (en) * 2016-01-12 2016-05-04 中北大学 Electronic record information security management system
US20180183827A1 (en) * 2016-12-28 2018-06-28 Palantir Technologies Inc. Resource-centric network cyber attack warning system
US20190058732A1 (en) * 2015-12-01 2019-02-21 Qatar Foundation for Education, Science and and Community Developmen System and method for detection and isolation of network activity
US20210400086A1 (en) * 2020-06-17 2021-12-23 At&T Intellectual Property I, L.P. Methods, systems, and devices coordinating security among different network devices
CN114915465A (en) * 2022-05-06 2022-08-16 深圳市粤大明智慧科技集团有限公司 High-safety intelligent street lamp system
CN116542665A (en) * 2023-04-19 2023-08-04 福州年盛信息科技有限公司 Payment data safety protection system based on cloud computing
CN116668159A (en) * 2023-07-31 2023-08-29 合肥正非数字科技有限公司 Computer network information safety supervision system based on data analysis

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110258206A1 (en) * 2010-03-19 2011-10-20 University Of Ottawa System and method for evaluating marketer re-identification risk
CN104301303A (en) * 2014-09-15 2015-01-21 汕头大学 Security protection method and system for smart home internet of things
US20190058732A1 (en) * 2015-12-01 2019-02-21 Qatar Foundation for Education, Science and and Community Developmen System and method for detection and isolation of network activity
CN105554026A (en) * 2016-01-12 2016-05-04 中北大学 Electronic record information security management system
US20180183827A1 (en) * 2016-12-28 2018-06-28 Palantir Technologies Inc. Resource-centric network cyber attack warning system
US20210400086A1 (en) * 2020-06-17 2021-12-23 At&T Intellectual Property I, L.P. Methods, systems, and devices coordinating security among different network devices
CN114915465A (en) * 2022-05-06 2022-08-16 深圳市粤大明智慧科技集团有限公司 High-safety intelligent street lamp system
CN116542665A (en) * 2023-04-19 2023-08-04 福州年盛信息科技有限公司 Payment data safety protection system based on cloud computing
CN116668159A (en) * 2023-07-31 2023-08-29 合肥正非数字科技有限公司 Computer network information safety supervision system based on data analysis

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
周启扬;李飞;章嘉彦;李亚林;宋佳琦;: "基于区块链技术的车联网匿名身份认证技术研究", 汽车技术, no. 10 *
夏平;: "智能家居系统安全性方案的设计", 电脑知识与技术, no. 17 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119051979A (en) * 2024-10-28 2024-11-29 山东东方飞扬软件技术有限公司 Anti-intrusion online identification system and method based on AI digital archives

Also Published As

Publication number Publication date
CN117081857B (en) 2024-01-05

Similar Documents

Publication Publication Date Title
CN105721242B (en) A kind of encryption method for recognizing flux based on comentropy
CN112953971B (en) Network security flow intrusion detection method and system
CN110719250B (en) Anomaly detection method of Powerlink industrial control protocol based on PSO-SVDD
CN110225067A (en) A kind of Internet of Things safety pre-warning system
CN106302535A (en) Power system attack simulation method, device and attack simulation equipment
CN103577835A (en) Method using multi-dimensional feature vectors to detect IP ID covert channel
Graveto et al. A network intrusion detection system for building automation and control systems
CN117081857B (en) Communication security authentication system for smart home
CN113472547A (en) Safety monitoring system based on block chain
Pinto et al. Attack detection in cyber-physical production systems using the deterministic dendritic cell algorithm
Wen et al. 6g-xsec: Explainable edge security for emerging openran architectures
CN110768842B (en) Intelligent home communication safety management and control method, system and storage medium
Wang et al. Recent advances in machine learning-based anomaly detection for industrial control networks
Möllers et al. Short paper: Extrapolation and prediction of user behaviour from wireless home automation communication
CN112003868B (en) Intelligent home system safety communication method based on white box encryption
Gu et al. IoT device identification based on network traffic
CN117729540A (en) A cloud-edge security management method for sensing devices based on a unified edge computing framework
Zhukabayeva et al. Penetration Testing and Machine Learning-Driven Cybersecurity Framework for IoT and Smart City Wireless Networks
CN117633560B (en) A clustering identification method for abnormal network data transmission behavior based on gravity model
CN120675796A (en) Intrusion detection method and system based on countermeasure generation network and trusted execution environment
CN102073310A (en) Security monitoring system and monitoring method for residential area
CN114339751A (en) Terminal access authentication method, system, device and storage medium
Ponomarev Intrusion Detection System of industrial control networks using network telemetry
CN114520973B (en) A covert wireless communication method of short packets by randomly selecting a single subchannel
Lu et al. A timestamp-based covert data transmission method in Industrial Control System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20231117

Assignee: Nanchang Xinyi CNC Machine Tool Co.,Ltd.

Assignor: JIANGXI University OF TECHNOLOGY

Contract record no.: X2025980013066

Denomination of invention: A communication security authentication system for smart home

Granted publication date: 20240105

License type: Common License

Record date: 20250708

EE01 Entry into force of recordation of patent licensing contract