An AI linkage anti-network-squatter method for routers, gateways, and cameras
By collecting multi-dimensional features of devices through routers and gateways, and using self-learning AI models for accurate classification and coordinated protection, this technology solves the problems of low identification accuracy and insufficient device coordination in existing technologies. It enables in-depth identification and proactive handling of malicious devices, improving the intelligence of network security management and user experience.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- FUJIAN NEWLAND COMM SCI TECH
- Filing Date
- 2026-04-13
- Publication Date
- 2026-07-07
AI Technical Summary
Existing technologies have low accuracy in identifying network unauthorized access, making it difficult to distinguish between legitimate devices, benign visitors, and malicious devices. They are also complex to operate, lack real-time intelligent analysis, cannot adaptively learn user network habits, and lack coordination between network devices such as routers, gateways, and cameras, resulting in insufficient security protection.
By collecting multi-dimensional features of devices in real time through routers and gateways, analyzing them using self-learning AI recognition models, classifying device types, and implementing differentiated network access control, the system also links cameras to enhance security protection, including blocking and encryption, thus building a defense-in-depth system.
It enables accurate identification and proactive handling of malicious devices, enhances the intelligence and automation of network security management, possesses adaptive capabilities, breaks down device silos, constructs a multi-device collaborative three-dimensional protection mechanism, and improves user experience and security level.
Smart Images

Figure CN122348849A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of IoT security technology, and in particular to an AI-linked method for preventing unauthorized network access for routers, gateways, and cameras. Background Technology
[0002] With the widespread application of smart home and IoT technologies, the number of terminal devices in home and office networks has surged. Routers and gateways, as network hubs, bear the crucial responsibility of connecting and managing various smart devices (such as cameras and smart appliances). However, the current network environment faces severe security challenges. Issues such as open Wi-Fi signals and weak password configurations have led to frequent instances of unauthorized network access. Malicious users can illegally access the network by cracking passwords or disguising legitimate devices. This not only consumes valuable network bandwidth, causing problems such as video streaming lag and remote monitoring delays for devices that rely on stable connections (such as security cameras), but also may bring deeper security risks such as data theft and privacy leaks, for example, unauthorized access to cameras to obtain surveillance footage.
[0003] Currently, common solutions to the problem of unauthorized Wi-Fi access on the market mainly include the following categories, but they all have obvious limitations: 1. Password verification protection: This method relies solely on the initial Wi-Fi password as the only barrier. Once the password is cracked, the network is completely exposed, lacking any subsequent defense mechanisms.
[0004] 2. MAC Address Whitelist: This method requires the administrator to manually add the MAC addresses of allowed devices to the whitelist. Its drawback is that whenever a new device (such as a guest device or a newly purchased device) needs to connect, tedious manual configuration is required, resulting in a poor user experience and an inability to handle MAC address spoofing attacks.
[0005] 3. Bandwidth limiting and control: This method limits the network bandwidth of unknown or suspected malicious devices, but it cannot fundamentally prevent them from accessing the network and carrying out malicious activities. It is a passive mitigation measure rather than an active interception solution.
[0006] 4. Simple Behavior Detection: This method usually relies on a single, fixed behavioral indicator (such as device access time, total data transmission volume) for judgment. The model is too simple, resulting in a high false positive rate (mistaking legitimate devices for malicious devices) and a high false negative rate (failing to identify real malicious devices).
[0007] In summary, existing technologies generally suffer from the following shortcomings: low accuracy of identification mechanisms, making it difficult to effectively distinguish between legitimate devices, benevolent visitors, and malicious devices attempting to access the network; reliance on manual maintenance, resulting in complex operations and a poor user experience; lack of real-time, intelligent analysis of device access and behavior; inability to adaptively learn user network habits to counter new network-sharing methods; and, most importantly, existing methods often operate in isolation, lacking coordination and collaboration among key network devices such as routers, gateways, and cameras. This results in security protection remaining only at the network access layer, failing to provide in-depth control and data security protection for malicious devices already connected to the network (especially when they attempt to access sensitive devices such as cameras).
[0008] Therefore, how to provide an AI-linked method for preventing unauthorized network access by routers, gateways, and cameras, and improve the ability to identify, proactively handle, and protect data from malicious devices already connected to the network, has become an urgent technical problem to be solved. Summary of the Invention
[0009] The technical problem to be solved by the present invention is to provide an AI-linked method for preventing unauthorized network access for routers, gateways, and cameras, thereby improving the ability to identify, proactively handle, and protect data from malicious devices already connected to the network.
[0010] This invention is implemented as follows: An AI-linked method for preventing unauthorized network access in routers, gateways, and cameras, comprising the following steps: Step S1: The router and gateway collect multi-dimensional features of devices that request or have already accessed the network in real time. The multi-dimensional features include at least hardware features, behavioral features and network features. Step S2: Input the collected multi-dimensional features into an AI recognition model with self-learning capabilities, analyze and classify the devices based on the AI recognition model, and obtain device type recognition results. The device type recognition results include at least legitimate devices, guest devices, and malicious devices that are trying to access the network. Step S3: Based on the device type identification result, execute the hierarchical network access control policy corresponding to the device type; Step S4: When the device type identification result is a guest device, send an authorization request to the user terminal; receive authorization feedback from the user terminal, and configure corresponding temporary network permissions for the guest device according to the authorization feedback; Step S5: When the device type identification result is a malicious network-sharing device, block the device's MAC address or IP address to perform network access blocking operation, add the corresponding multi-dimensional features to the blacklist, and send a linkage protection command to at least one camera in the network so that the camera performs enhanced security protection operation corresponding to the linkage protection command.
[0011] Furthermore, in step S1, the hardware features include the device MAC address, device model, and operating system type; the behavioral features include the data transmission rate, access protocol type, and target address after the device accesses the network; and the network features include the device's IP address, signal strength, and connection stability when accessing the network.
[0012] Furthermore, in step S1, the multi-dimensional features also include camera-specific features, which include the data stream type and the frequency of access control commands generated after the camera accesses the network.
[0013] Furthermore, in step S3, the hierarchical network access control strategy specifically includes: For devices identified as legitimate devices, normal network permissions are granted, allowing them to access other devices within the network. For devices identified as guest devices and authorized, restricted temporary network permissions are granted, including at least restrictions on access to cameras and setting bandwidth limits.
[0014] Furthermore, in step S4, when the device type identification result is a guest device, sending an authorization request to the user terminal specifically involves: The device type identification result is parsed. When the device type identification result is a guest device, an authorization request containing brief device information is sent to the user terminal, which is used for the user to choose to authorize or refuse.
[0015] Furthermore, in step S5, the linkage protection command includes an enhanced data encryption command and / or a command to suspend remote access function; The enhanced security measures specifically include: increasing the encryption level of video stream transmission and / or temporarily blocking remote access requests from external networks.
[0016] Furthermore, it also includes: Step S6: Based on the continuously collected multi-dimensional features and device type identification results, dynamically update the AI identification model to improve the accuracy of the AI identification model in identifying new device types and new types of network-sharing behaviors.
[0017] Furthermore, it also includes: Step S7: Generate an alarm message indicating that the malicious network-sharing device has been blocked, and push the alarm message to the user terminal.
[0018] Furthermore, it also includes: Step S8: Receive user-defined management policy configurations through a visual interface. The management policy configurations include malicious behavior judgment thresholds, visitor device permission templates, and alarm notification methods.
[0019] Furthermore, it also includes: Step S9: Record the device type identification result, device access log, and enhanced security protection operations performed to form a traceable historical record for querying.
[0020] The advantages of this invention are: 1. By collecting multi-dimensional features of devices in real time through routers and gateways and inputting them into a self-learning AI recognition model for accurate classification, in-depth identification of malicious network-sharing devices is achieved. On this basis, not only is their network access actively blocked, but more importantly, linkage protection instructions are sent to cameras in the network (such as increasing the encryption level of video streams and suspending remote access), thereby extending proactive handling from the network layer to the terminal data layer and building a collaborative in-depth protection system from identification and blocking to proactive reinforcement of core data.
[0021] 2. Significantly improves the accuracy of network device identification and the effectiveness of protection: By collecting multi-dimensional information such as hardware characteristics, behavioral characteristics, and network characteristics, it can comprehensively and three-dimensionally depict the profile of access devices, far exceeding the single-dimensional judgment that relies solely on MAC address filtering in traditional methods; combined with an AI recognition model with self-learning capabilities, it can accurately distinguish between legitimate devices, guest devices, and malicious devices that are trying to steal network access from complex and dynamic network behaviors, thus laying a reliable foundation for implementing differentiated and precise control, greatly reducing the risk of mistakenly killing legitimate devices or missing malicious devices, and fundamentally improving the technical effectiveness of anti-network-stealing measures.
[0022] 3. Achieved a high degree of intelligence and automation in network security management: Constructed a complete intelligent closed loop of "perception-analysis-decision-execution", which can automatically complete feature collection, AI analysis, device classification, and automatically trigger corresponding permission policies (such as allowing legitimate devices, blocking malicious devices, and requesting authorization for guest devices). This process does not require continuous manual intervention from users, freeing them from tedious network device management work, while ensuring the real-time and consistency of security response. It represents an important evolution of network security management from "manual static rules" to "AI dynamic policies".
[0023] 4. Possesses excellent adaptability and evolutionary capabilities to cope with new threats: The AI recognition model has self-learning capabilities and can be dynamically updated through continuously collected feedback data. This means that the system can continuously absorb new device characteristics and behavioral patterns, thereby adapting to new device types and constantly changing network-hacking techniques (such as MAC address spoofing, behavior masquerading, etc.), and continuously improving the recognition accuracy. This self-evolutionary capability gives the technical solution long-term vitality and forward-looking protection, overcoming the shortcomings of traditional fixed rule methods that are prone to becoming outdated.
[0024] 5. Innovatively achieves multi-device collaborative three-dimensional proactive protection: It breaks down the security silos between routers / gateways and IoT devices such as cameras, creating a linkage protection mechanism; when malicious network access is detected, the system not only blocks the network itself (network access point), but also proactively sends instructions to cameras in the network to upgrade their data stream encryption level or suspend remote access, thereby immediately strengthening the security level of key nodes when the threat may move laterally; this linkage of "network layer blocking" and "device layer hardening" constitutes a defense-in-depth system, significantly improving the overall network security level.
[0025] 6. While ensuring security, it also takes into account management flexibility and user experience: By introducing the "guest device" category and user authorization mechanism, a good balance is achieved between strong security and convenience; for temporary visitors, users can remotely and conveniently control them and assign appropriate temporary permissions (such as limiting bandwidth and prohibiting access to internal network cameras); at the same time, users can customize policies (such as thresholds and permission templates) through a visual interface, and complete operation logs and historical records are provided. These designs make high-level security protection capabilities easy to manage, transparent and controllable, and improve the user-friendliness of the product. Attached Figure Description
[0026] The present invention will be further described below with reference to the accompanying drawings and embodiments.
[0027] Figure 1 This is a flowchart of an AI-linked anti-network-theft method for routers, gateways, and cameras according to the present invention. Detailed Implementation
[0028] The overall approach of the technical solution in this application is as follows: A proactive, in-depth defense system is constructed, centered on AI intelligent recognition and linked to key network nodes. Routers and gateways collect multi-dimensional characteristics of access devices in real time, including hardware, behavior, and network features. A self-learning AI recognition model is used for precise analysis, classifying devices as legitimate, guest, or malicious devices. Based on this, the system automatically implements differentiated control: allowing legitimate devices, requesting user authorization and configuring temporary restricted permissions for guest devices, and immediately blocking malicious devices at the network layer (e.g., blocking addresses) and simultaneously linking with network cameras, instructing them to increase data encryption levels or suspend remote access, thereby proactively strengthening the terminal data layer. Furthermore, it has the ability to continuously optimize the AI recognition model through feedback data and supports user-defined policies and full log recording, achieving a complete closed loop from intelligent perception, analysis and decision-making, collaborative execution to self-evolution. Ultimately, this significantly improves the accuracy, response speed, and overall protection depth in identifying unauthorized network activity and internal network threats.
[0029] Please refer to Figure 1As shown, a preferred embodiment of the AI-linked anti-network-theft method for routers, gateways, and cameras according to the present invention includes the following steps: Step S1: The router and gateway collect multi-dimensional features of devices that request or have already accessed the network in real time. The multi-dimensional features include at least hardware features, behavioral features, and network features. The multi-dimensional features are cached locally in real time to form a device feature database. The router / gateway establishes communication with the camera through the local area network (Wi-Fi / Ethernet / Zigbee), issues linkage protection commands, and synchronizes the device type identification results. Routers and gateways, as "gateway" devices in a network, can acquire the aforementioned multi-dimensional characteristics in real time through their operating systems or built-in agent programs. This is achieved by parsing network protocol stack data packets, listening to device communication handshake processes (such as DHCP and ARP requests), and monitoring data interactions between devices and gateways. This data collection is continuous and dynamic, providing a data foundation for subsequent real-time AI analysis and decision-making.
[0030] Step S2: Input the collected multi-dimensional features into an AI recognition model with self-learning capabilities (such as the MobileNetV3+SVM fusion model), analyze and classify the devices based on the AI recognition model, and obtain device type recognition results. The device type recognition results include at least legitimate devices, guest devices, and malicious devices that are trying to access the network. The AI recognition model identifies authorized legitimate devices by comparing hardware features with historical data; it determines device type (such as cameras, mobile phones, computers, and smart home appliances) by combining behavioral characteristics; it identifies malicious devices that are trying to access the network by detecting abnormal behavior (such as high-frequency access during off-peak hours, excessive bandwidth usage, and attempts to access camera monitoring ports); and it supports guest device tagging, distinguishing legitimate visitors from malicious devices by temporary authorization characteristics (such as manual invitation by the user and short access duration).
[0031] Lightweight neural networks such as MobileNetV3 can be used to automatically extract high-level, abstract feature representations from the multidimensional feature sequences of a device. Then, classifiers such as SVM (Support Vector Machine) use these feature representations to perform efficient and accurate "legitimate," "guest," and "malicious" classification tasks. This design balances the depth of feature learning with the efficiency of classification decisions, making it suitable for deployment on routers / gateways with limited computing resources.
[0032] The system can set up a feedback closed-loop mechanism: When the user confirms or corrects the classification result of the AI through the terminal (such as marking a new device of their own that the system misjudged as a "visitor" as "legitimate"), or the system confirms a successful malicious interception through the alarm in step S7, this tagged feedback data will be collected and used for incremental training or fine-tuning of the AI recognition model, so that it can continuously adapt to new device types and attack patterns.
[0033] Step S3: According to the device type recognition result, execute the hierarchical network permission control policy corresponding to the device type; After the AI recognition model outputs the device type label, the policy engine inside the system will immediately trigger the corresponding operation instructions automatically according to the preset or user-defined "policy mapping table" without manual intervention. For example, the mapping relationship is: legitimate device -> release instruction; visitor device -> trigger authorization request instruction; malicious device -> {block instruction, linkage protection instruction}.
[0034] For the temporary permission of a visitor device, an effective time limit (such as 2 hours) can be associated, or it can be bound to a one-time dynamic token. After the time limit expires or the token becomes invalid, the access permission of this device will be automatically revoked. If it needs to access again, it needs to apply for authorization again, so as to prevent the risk caused by the long-term accidental retention of permissions.
[0035] Step S4: When the device type recognition result is a visitor device, send an authorization request to the user terminal through the HTTPS protocol; receive the authorization feedback from the user terminal, and configure the corresponding temporary network permission for the visitor device according to the authorization feedback; Step S5: When the device type recognition result is a malicious network squatting device, block the device MAC address or IP address to perform a network access blocking operation, add the corresponding multi-dimensional features to the blacklist, and send a linkage protection instruction to at least one camera in the network, so that the camera performs enhanced security protection operations corresponding to the linkage protection instruction.
[0036] The router / gateway sends a linkage protection instruction to the camera, relying on a pre-established and secure communication channel between devices, such as a private protocol based on TLS encryption or following the standard Internet of Things management protocol. When the camera receives the linkage protection instruction of "enhanced data encryption", the security module in its firmware will dynamically switch to a higher-strength encryption algorithm (such as upgrading from AES-128 to AES-256); when it receives the linkage protection instruction of "pause remote access", it will temporarily close its cloud service port or disable the remote access account, so as to achieve in-depth protection from the network boundary to the terminal body.
[0037] In step S1, the hardware features include the device MAC address, device model, hardware configuration parameters, and operating system type; the behavioral features include the data transmission rate, access protocol type, internet access duration, access time period, and target address after the device accesses the network; and the network features include the device's IP address, signal strength, and connection stability when accessing the network.
[0038] In step S1, the multi-dimensional features also include camera-specific features, which include the data stream type, video transmission protocol, and frequency of access control commands generated after the camera accesses the network.
[0039] For the "unique features" of the camera, deep packet inspection (DPI) technology or interface with the camera manufacturer's proprietary protocol can be used to identify whether the data stream is a video stream, control signaling, or firmware update stream, and to count the request frequency of specific control commands (such as "rotate" and "zoom"), which can be used as one of the features to determine whether the camera is being manipulated abnormally.
[0040] In step S2, the core of the AI recognition model is a fusion model combining a lightweight neural network and a high-efficiency classifier (e.g., MobileNetV3+SVM). This architecture design is primarily based on the limited computing resources and high real-time requirements of the deployment environment (routers, gateways). Specifically: Lightweight neural networks (such as MobileNetV3) are responsible for automatically extracting and abstracting deep features from a sequence of multi-dimensional features (hardware, behavior, and network features) of a device. They can learn feature combinations and patterns that go beyond simple rules, such as recognizing complex anomaly patterns like "high-frequency, low-signal-strength connection requests initiated by a specific device model during atypical periods".
[0041] Efficient classifiers (such as Support Vector Machines, SVMs) receive high-order feature vectors extracted by the neural network and perform fast and accurate classification decisions, determining whether a device is a "legitimate device," a "guest device," or a "malicious device using the network." This collaborative architecture, while ensuring model recognition accuracy, greatly reduces inference latency and computational overhead on edge devices, meeting the requirements of real-time analysis.
[0042] AI recognition models make decisions based on a comprehensive evaluation of multi-dimensional features: Feature fusion analysis: The model does not analyze single features independently, but rather fuses features such as MAC address, device behavior (e.g., data transmission patterns, access targets), and network status (signal strength, connection stability). For example, if a device's MAC address is not on the whitelist but its behavior pattern is highly similar to a known guest phone, it may be classified as a "guest device" rather than being directly rejected.
[0043] Dynamic thresholds and pattern matching: The model learns and establishes behavioral characteristic benchmarks and dynamic judgment thresholds for three categories of devices: "legitimate," "visitor," and "malicious." It matches and calculates probabilities between real-time collected device features and these learned patterns to arrive at a classification result. Its decision logic can handle fuzzy and boundary cases, reducing misjudgments caused by a single rule.
[0044] The self-learning capability of AI recognition models is reflected in their continuously optimized closed loop: Initial training and data: The initial training of the model relies on a dataset containing a large number of labeled device features, which gathers multi-dimensional feature samples of various devices in normal, visitor and malicious network-sharing scenarios.
[0045] Online learning and feedback optimization: When users confirm (e.g., mark a newly purchased device as "legitimate") or correct (e.g., correct a misjudgment) the AI's classification results through the terminal app, or when the system confirms a successful malicious interception, these "new samples" with clear labels (the fact that the user confirmed or successfully intercepted the malicious activity) are collected. The system can periodically or after accumulating a certain number of new samples, securely initiate incremental training or fine-tuning of the model in the cloud or locally, thereby incorporating the characteristics of new device types, new user habits, and new network hijacking attack patterns into the model's knowledge base, achieving continuous evolution of recognition accuracy.
[0046] Defense against adversarial attacks: The model is designed with adversarial attacks (such as MAC address spoofing and behavioral impersonation) in mind. By continuously learning diverse attack characteristics and behavioral patterns, the model can improve its robustness in identifying such deception techniques.
[0047] To ensure real-time performance on routers / gateways: Lightweight model: The neural network model used (such as MobileNetV3) is a specially optimized version with fewer parameters to adapt to the storage and computing power limitations of embedded devices.
[0048] Localized inference: The analysis and classification decisions of device characteristics are mainly completed on local network devices (routers / gateways), without having to upload all data to the cloud. This protects user privacy, greatly reduces decision-making delays, and ensures an immediate response to malicious access attempts.
[0049] Policy engine linkage: The output of the AI recognition model (device type label) is transmitted to the system's policy execution engine in real time, thereby triggering corresponding automated operations (such as allowing passage, requesting authorization, blocking and linking cameras), forming a millisecond-level closed loop of "perception-analysis-decision-execution".
[0050] In step S3, the hierarchical network access control strategy specifically includes: For devices identified as legitimate devices, normal network permissions are granted, allowing them to access other devices within the network. For devices identified as guest devices and authorized, restricted temporary network permissions are granted, including at least restrictions on access to cameras and setting bandwidth limits.
[0051] Legitimate devices are automatically granted access and assigned corresponding network permissions (e.g., cameras can prioritize bandwidth usage and access cloud storage); guest devices require user authorization (APP push verification request) before being assigned temporary network permissions (restricting access to sensitive devices such as cameras, setting bandwidth limits, and specifying access duration); malicious devices are directly blocked from accessing the network, their MAC addresses and IP addresses are banned, device characteristics are recorded, and they are added to a blacklist; customizable blocking methods are supported (e.g., silent blocking, pop-up alerts, network disconnection notifications); and cameras are linked for risk prevention and control, automatically enhancing video encryption and suspending remote access when malicious devices are detected.
[0052] In step S4, when the device type identification result is a guest device, sending an authorization request to the user terminal specifically involves: The device type identification result is parsed. When the device type identification result is a guest device, an authorization request containing brief device information is sent to the user terminal, which is used for the user to choose to authorize or refuse.
[0053] In step S5, the linkage protection command includes an enhanced data encryption command and / or a command to suspend remote access function; The enhanced security measures specifically include: increasing the encryption level of video stream transmission and / or temporarily blocking remote access requests from external networks.
[0054] Also includes: Step S6: Based on the continuously collected multi-dimensional features and device type identification results, dynamically update the AI identification model to improve the accuracy of the AI identification model in identifying new device types and new types of network-sharing behaviors.
[0055] The model update process needs to balance security (such as using digital signatures to verify update packages) and efficiency (such as using differential updates to download only the changed parts of the model parameters) to ensure the system's own safety and stability during the evolution process.
[0056] Also includes: Step S7: Generate an alarm message indicating that the malicious network-sharing device has been blocked, and push the alarm message to the user terminal.
[0057] Also includes: Step S8: Receive user-defined management policy configurations through a visual interface. The management policy configurations include malicious behavior judgment thresholds, visitor device permission templates, and alarm notification methods.
[0058] Supports device management functions (viewing the list of connected devices, manually adding / removing authorized devices, and editing visitor permissions); supports multi-device collaborative policy synchronization, with routers / gateways sending linkage protection commands to cameras; generates alarm information in real time and notifies users via APP push, SMS, etc. (such as unfamiliar device access, malicious network access interception, and abnormal behavior of authorized devices).
[0059] For example, users can slide to set the threshold for "triggering an alarm if the number of connection attempts exceeds [X] times within a unit of time" through a visual interface; the "guest device permission template" can be a number of preset packages (such as "Internet access only", "Printer access allowed", "NAS access denied") for users to quickly select, reflecting flexibility and ease of use.
[0060] Also includes: Step S9: Record the device type identification results, device access logs, and executed enhanced security protection operations to form a traceable historical record for future reference. This historical record is not only used for post-event auditing but also provides high-quality structured data for network status analysis, fault diagnosis, and retraining of AI recognition models, forming an integral part of the system's intelligence and operability.
[0061] In summary, the advantages of this invention are: 1. By collecting multi-dimensional features of devices in real time through routers and gateways and inputting them into a self-learning AI recognition model for accurate classification, in-depth identification of malicious network-sharing devices is achieved. On this basis, not only is their network access actively blocked, but more importantly, linkage protection instructions are sent to cameras in the network (such as increasing the encryption level of video streams and suspending remote access), thereby extending proactive handling from the network layer to the terminal data layer and building a collaborative in-depth protection system from identification and blocking to proactive reinforcement of core data.
[0062] 2. Significantly improves the accuracy of network device identification and the effectiveness of protection: By collecting multi-dimensional information such as hardware characteristics, behavioral characteristics, and network characteristics, it can comprehensively and three-dimensionally depict the profile of access devices, far exceeding the single-dimensional judgment that relies solely on MAC address filtering in traditional methods; combined with an AI recognition model with self-learning capabilities, it can accurately distinguish between legitimate devices, guest devices, and malicious devices that are trying to steal network access from complex and dynamic network behaviors, thus laying a reliable foundation for implementing differentiated and precise control, greatly reducing the risk of mistakenly killing legitimate devices or missing malicious devices, and fundamentally improving the technical effectiveness of anti-network-stealing measures.
[0063] 3. Achieved a high degree of intelligence and automation in network security management: Constructed a complete intelligent closed loop of "perception-analysis-decision-execution", which can automatically complete feature collection, AI analysis, device classification, and automatically trigger corresponding permission policies (such as allowing legitimate devices, blocking malicious devices, and requesting authorization for guest devices). This process does not require continuous manual intervention from users, freeing them from tedious network device management work, while ensuring the real-time and consistency of security response. It represents an important evolution of network security management from "manual static rules" to "AI dynamic policies".
[0064] 4. Possesses excellent adaptability and evolutionary capabilities to cope with new threats: The AI recognition model has self-learning capabilities and can be dynamically updated through continuously collected feedback data. This means that the system can continuously absorb new device characteristics and behavioral patterns, thereby adapting to new device types and constantly changing network-hacking techniques (such as MAC address spoofing, behavior masquerading, etc.), and continuously improving the recognition accuracy. This self-evolutionary capability gives the technical solution long-term vitality and forward-looking protection, overcoming the shortcomings of traditional fixed rule methods that are prone to becoming outdated.
[0065] 5. Innovatively achieves multi-device collaborative three-dimensional proactive protection: It breaks down the security silos between routers / gateways and IoT devices such as cameras, creating a linkage protection mechanism; when malicious network access is detected, the system not only blocks the network itself (network access point), but also proactively sends instructions to cameras in the network to upgrade their data stream encryption level or suspend remote access, thereby immediately strengthening the security level of key nodes when the threat may move laterally; this linkage of "network layer blocking" and "device layer hardening" constitutes a defense-in-depth system, significantly improving the overall network security level.
[0066] 6. While ensuring security, it also takes into account management flexibility and user experience: By introducing the "guest device" category and user authorization mechanism, a good balance is achieved between strong security and convenience; for temporary visitors, users can remotely and conveniently control them and assign appropriate temporary permissions (such as limiting bandwidth and prohibiting access to internal network cameras); at the same time, users can customize policies (such as thresholds and permission templates) through a visual interface, and complete operation logs and historical records are provided. These designs make high-level security protection capabilities easy to manage, transparent and controllable, and improve the user-friendliness of the product.
[0067] While specific embodiments of the present invention have been described above, those skilled in the art should understand that the specific embodiments described are merely illustrative and not intended to limit the scope of the present invention. Equivalent modifications and variations made by those skilled in the art in accordance with the spirit of the present invention should be covered within the scope of protection of the claims of the present invention.
Claims
1. An AI-linked method for preventing unauthorized network access using routers, gateways, and cameras, characterized in that: Includes the following steps: Step S1: The router and gateway collect multi-dimensional features of devices that request or have already accessed the network in real time. The multi-dimensional features include at least hardware features, behavioral features and network features. Step S2: Input the collected multi-dimensional features into an AI recognition model with self-learning capabilities, analyze and classify the devices based on the AI recognition model, and obtain device type recognition results. The device type recognition results include at least legitimate devices, guest devices, and malicious devices that are trying to access the network. Step S3: Based on the device type identification result, execute the hierarchical network access control policy corresponding to the device type; Step S4: When the device type identification result is a guest device, send an authorization request to the user terminal; receive authorization feedback from the user terminal, and configure corresponding temporary network permissions for the guest device according to the authorization feedback; Step S5: When the device type identification result is a malicious network-sharing device, block the device's MAC address or IP address to perform network access blocking operation, add the corresponding multi-dimensional features to the blacklist, and send a linkage protection command to at least one camera in the network so that the camera performs enhanced security protection operation corresponding to the linkage protection command.
2. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: In step S1, the hardware features include the device MAC address, device model, and operating system type; the behavioral features include the data transmission rate, access protocol type, and target address after the device accesses the network; and the network features include the device's IP address, signal strength, and connection stability when accessing the network.
3. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: In step S1, the multi-dimensional features also include camera-specific features, which include the data stream type and the frequency of access control commands generated after the camera accesses the network.
4. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: In step S3, the hierarchical network access control strategy specifically includes: For devices identified as legitimate devices, normal network permissions are granted, allowing them to access other devices within the network. For devices identified as guest devices and authorized, restricted temporary network permissions are granted, including at least restrictions on access to cameras and setting bandwidth limits.
5. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: In step S4, when the device type identification result is a guest device, sending an authorization request to the user terminal specifically involves: The device type identification result is parsed. When the device type identification result is a guest device, an authorization request containing brief device information is sent to the user terminal, which is used for the user to choose to authorize or refuse.
6. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: In step S5, the linkage protection command includes an enhanced data encryption command and / or a command to suspend remote access function; The enhanced security measures specifically include: increasing the encryption level of video stream transmission and / or temporarily blocking remote access requests from external networks.
7. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: Also includes: Step S6: Based on the continuously collected multi-dimensional features and device type identification results, dynamically update the AI identification model to improve the accuracy of the AI identification model in identifying new device types and new types of network-sharing behaviors.
8. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: Also includes: Step S7: Generate an alarm message indicating that the malicious network-sharing device has been blocked, and push the alarm message to the user terminal.
9. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: Also includes: Step S8: Receive user-defined management policy configurations through a visual interface. The management policy configurations include malicious behavior judgment thresholds, visitor device permission templates, and alarm notification methods.
10. The AI-linked anti-network-theft method for routers, gateways, and cameras as described in claim 1, characterized in that: Also includes: Step S9: Record the device type identification result, device access log, and enhanced security protection operations performed to form a traceable historical record for querying.