DNS hijacking detection method based on Internet of Things equipment

A technology of Internet of Things equipment and detection methods, which is applied in the field of information security, can solve problems such as false positives and false positives, and achieve the effect of increasing accuracy and reducing false positives

Active Publication Date: 2019-07-23
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a DNS hijacking detection method based on Internet of Things devices, which is used to solve the problem of detecting DNS hijacking in

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS hijacking detection method based on Internet of Things equipment
  • DNS hijacking detection method based on Internet of Things equipment
  • DNS hijacking detection method based on Internet of Things equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] combined with figure 1 As shown, a DNS hijacking detection method based on IoT devices, including:

[0030] Step S100: Install the agent program on the Internet of Things device, that is, the IOT device. The Agent program adopts the Service form and performs data collection as a background service of the Internet of Things device, and regularly sends messages to the message queue of the rabbitmq message middleware through the mqtt protocol. The data includes device fingerprint information and terminal DNS resolution information, the device fingerprint information is used to uniquely identify the terminal asset device during asset discovery; the terminal DNS resolution information is used to analyze whether DNS hijacking occurs.

[0031] Step S200: The cloud server consumes the rabbitmq message middleware message, analyzes and calculates the detection result, and judges whether DNS hijacking occurs, and saves the original log, and stores the device information of the fir...

Embodiment 2

[0039] On the basis of Example 1, in conjunction with the attached figure 1 and figure 2 As shown, the step S200 includes:

[0040] Step S210: After the cloud server obtains the data collected by the agent from rabbitmq, it finds the asset and judges the source of the log according to the fingerprint information of the device;

[0041] Step S220: storing the device fingerprint information into the MongoDB of the cloud server as a device asset set;

[0042] Step S230: Perform DNS hijacking analysis, specifically including:

[0043] Step A: 1) The cloud analysis program parses the log to be analyzed, obtains the domain name and the terminal DNS resolution result, traverses the DNS resolution set, and obtains the domain name to be analyzed. Traverse the domain name result list to be analyzed, obtain the ip to be analyzed, and update the IP_CACHE. The IP_CACHE is used to cache the historical times when the terminal domain name is resolved to the corresponding IP; as the basis ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DNS hijacking detection method based on Internet of Things equipment. The method comprises the steps that S100, an agent program is installed on the Internet of Things equipment to collect logs and upload the logs to message middleware; and a cloud server consumes middleware message, analyzes and calculates a detection result, judges whether DNS hijacking occurs or not, and stores an original log; S210, after the cloud server obtains the data collected by the agent from the rabbitmq, assets are found according to the equipment fingerprint information, and a log sourceis judged; S220, the equipment fingerprint information is stored into a MongoDB of a cloud server to serve as an equipment asset set; and S230, DNS hijacking analysis is performed. According to the method, analysis and judgment are carried out from multiple dimensions, the detection accuracy is improved, and false alarms and missing alarms are effectively reduced.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a DNS hijacking detection method based on an Internet of Things device. Background technique [0002] Internet of things (Internet of things) devices, that is, IOT devices, with the rise of intelligent hardware technology, the Internet of Things market has shown an exponential growth trend, a large number of IOT devices are released, and IOT devices are vulnerable to malicious software and hackers, because IOT devices It is limited in terms of performance, running speed and capacity, so the device itself does not integrate security mechanisms. Coupled with the huge number of devices, once an effective malicious attack occurs, the damage caused will not be underestimated. The development of IOT is so fast, if the security cannot keep up, it will be unfeasible. At present, many IOT security defense platforms have emerged in the industry, and a series of security dete...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1466H04L61/103H04L61/4511
Inventor 冯其
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap