[go: up one dir, main page]

CN113849816B - A smart terminal vulnerability repair mechanism and method in a smart home network environment - Google Patents

A smart terminal vulnerability repair mechanism and method in a smart home network environment Download PDF

Info

Publication number
CN113849816B
CN113849816B CN202110987349.9A CN202110987349A CN113849816B CN 113849816 B CN113849816 B CN 113849816B CN 202110987349 A CN202110987349 A CN 202110987349A CN 113849816 B CN113849816 B CN 113849816B
Authority
CN
China
Prior art keywords
vulnerability
home
intelligent terminal
repair
restoration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110987349.9A
Other languages
Chinese (zh)
Other versions
CN113849816A (en
Inventor
袁海
张颖
吕超
张继东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Digital Life Technology Co Ltd
Original Assignee
Tianyi Digital Life Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Digital Life Technology Co Ltd filed Critical Tianyi Digital Life Technology Co Ltd
Priority to CN202110987349.9A priority Critical patent/CN113849816B/en
Publication of CN113849816A publication Critical patent/CN113849816A/en
Application granted granted Critical
Publication of CN113849816B publication Critical patent/CN113849816B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a mechanism and a method for repairing loopholes of an intelligent terminal in an intelligent home network environment. According to the method, the information such as the vulnerability information of the all-network home equipment and the terminal model information is maintained at the cloud, the vulnerability restoration condition and the service load condition in each home network are determined through the home gateway, and the best time for vulnerability restoration is dynamically calculated, so that intelligent terminal equipment vulnerability intelligent restoration is performed in a mode of active pushing at the cloud, unified storage at the gateway side and issuing by the gateway at a proper time.

Description

Intelligent terminal bug repair mechanism and method in intelligent home network environment
Technical Field
The invention relates to the field of information security, in particular to a mechanism and a method for repairing loopholes of an intelligent terminal in a home network environment.
Background
The intelligent home service mainly relates to three links of a terminal, connection and a platform, and along with the rising of the Internet of things technology and the intelligent home service, the intelligent home application scene is increasingly rich, and the application mode is more intelligent and complicated, so that the terminal side gradually presents trends of diversified network access modes, diversified equipment types, terminal equipment intellectualization, complicated equipment configuration and the like. However, in reality, manufacturers of terminal equipment are uneven, and due to reasons of limited terminal manufacturing input cost or technical means, various security problems of different levels exist in a plurality of terminal equipment, particularly security holes, and security defensive capability of a terminal side is weak, so that intelligent terminal equipment is easy to be illegally controlled, and various potential safety hazards are brought to personal property, personal information and privacy of a user. The loopholes of the intelligent terminal equipment are detected and found in time, and the loopholes are repaired conveniently and rapidly, so that the problem to be solved by the intelligent family business scale development function is solved.
The existing common method for repairing the loopholes of the terminal equipment is mainly carried out in a mode that security protection software is installed on the terminal, loopholes are scanned at a client side, scanning results are actively reported to a remote server side, the server side establishes and maintains a loophole repairing library, a user information library, a loophole information library and other relevant information, after receiving the reported information of the client side, the server side inquires, compares and judges the loopholes to be repaired, and then reminds the client side to carry out online upgrading.
The patent ' method and system for presenting the bug fix condition of the local area network terminal ' (CN 102769536B) ' provides a method and system for presenting the bug fix condition of the local area network terminal, which comprises the steps of establishing a server database, adding unrepaired bug information reported by a client into a user information table in the server database, judging the bug distribution and state presented by the client according to the bug information statistics condition, presenting bug fix information to an administrator of the local area network, and carrying out global monitoring and decision by the administrator. The method can be widely applied to vulnerability restoration management of terminal equipment in a traditional network, but the selection of restoration time is not intelligent, and certain randomness often exists or the experience of management personnel is needed to be relied on. However, the processing capacities of the intelligent terminals in the environment of the internet of things are different, and the loads of the devices in different service scenes are different, if the repairing is performed at uniform selection time or the access of management staff is needed, certain influence on the current service is possibly generated, and meanwhile, certain management cost is needed to be input.
The patent 'a method and a device (CN 102750190B) for processing terminal loopholes' proposes that whether the terminal loopholes are repaired currently or not is determined according to the current running state information of the terminal when the loopholes exist in the terminal by periodically collecting the current running state information of the terminal. The method truly considers the resource use conditions of a terminal CPU, a memory and the like, but has three problems that 1) judging whether the terminal is in an operation state mainly depends on whether a process identifier of the terminal in operation is determined by combining a keyboard input of a user, whether the user uses a mouse input and/or an identifier of the process in operation of the terminal, but most of intelligent terminal equipment in an intelligent home business scene in the current Internet of things does not support external input equipment such as a mouse, a keyboard and the like, and has certain limitation on the use scene, 2) periodically scanning and acquiring the process state of the terminal consumes certain resources to reduce the efficiency of the terminal equipment, and 3) the time and the frequency of the scanning period time can reach the optimal value only through accumulation of a great deal of experience.
Therefore, how to adopt a more reasonable detection frequency and data acquisition mode so as to reduce the computing resources and the storage resources as much as possible on the premise of ensuring the effective monitoring of the safety of the home network environment is a problem worthy of further optimization.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
According to one embodiment of the invention, a method for repairing vulnerabilities of intelligent terminal equipment in a home network is disclosed, and comprises the steps of realizing configuration initialization at a home intelligent gateway, wherein the configuration initialization comprises the steps of obtaining equipment state information and business information of each intelligent terminal equipment hung under the home intelligent gateway, repairing preference setting and/or vulnerability information, monitoring and collecting home network business flow states by the home intelligent gateway, obtaining home network flow and home network use related information, calculating repairing priorities of each intelligent terminal equipment hung under the home intelligent gateway by the home intelligent gateway, sorting repairing priorities of one or more vulnerabilities in each intelligent terminal equipment to be repaired, receiving an associated subset of vulnerability list by the home intelligent gateway, and repairing the vulnerabilities of each intelligent terminal equipment to be repaired hung under the home intelligent gateway based on repairing time, repairing priorities and repairing rules of each intelligent terminal equipment to be repaired under the home intelligent gateway.
According to another embodiment of the invention, a system for vulnerability restoration of intelligent terminal equipment in a home network is disclosed, comprising a home intelligent gateway and one or more intelligent terminal equipment. The home intelligent gateway is configured to realize configuration initialization, wherein the configuration initialization comprises the steps of obtaining equipment state information and business information of each intelligent terminal equipment hung under the home intelligent gateway, repairing preference setting and/or vulnerability information, monitoring and collecting home network business flow states, obtaining home network flow and home network use related information, calculating repairing priorities of each intelligent terminal equipment to be repaired hung under the home intelligent gateway to sort repairing priorities of one or more vulnerabilities in each intelligent terminal equipment to be repaired, receiving an associated vulnerability list subset, distributing one or more vulnerability repairing packages corresponding to the intelligent terminal equipment to be repaired in the vulnerability list subset to the intelligent terminal equipment to be repaired in repairing time of each intelligent terminal equipment to be repaired, and triggering vulnerability repairing of the intelligent terminal equipment. The one or more intelligent terminal devices are configured to repair the loopholes of the intelligent terminal device based on one or more loophole repair packages corresponding to the intelligent terminal device, wherein the one or more loophole repair packages repair according to the repair priority of the corresponding one or more loopholes.
These and other features and advantages will become apparent upon reading the following detailed description and upon reference to the associated drawings. It is to be understood that both the foregoing general description and the following detailed description are explanatory only and are not restrictive of aspects as claimed.
Drawings
So that the manner in which the above recited features of the present invention can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only certain typical aspects of this invention and are therefore not to be considered limiting of its scope, for the description may admit to other equally effective aspects.
FIG. 1 illustrates a block diagram of a system 100 for intelligent terminal vulnerability remediation in a home network environment, according to one embodiment of the invention;
Fig. 2 shows a schematic diagram 200 of a home intelligent gateway 103 according to an embodiment of the invention;
Fig. 3 illustrates a flowchart of a method 300 for vulnerability restoration of an intelligent terminal in a home network environment according to one embodiment of the present invention.
Detailed Description
The features of the present invention will become more apparent from the detailed description set forth below when taken in conjunction with the drawings.
In the intelligent home service scene, each home network is a small local area network, all intelligent terminal devices in a conventional mode are required to be connected to a broadband network and perform data exchange and service bearing through unified outlets of gateways, and the home gateway becomes the most important control center of intelligent home service and plays a role of connecting hub centers inside and outside the home network. However, the service scene, the brand, the model and the processing capability of each household and the frequency, the duration, the load peak value and the load trough value used by each service function have certain differences, so that the vulnerability restoration of the intelligent terminal equipment in the household scene can be comprehensively balanced by considering the conditions of combining the service mode, the equipment characteristics, the resource use and the like, and the control capability of the household gateway is fully utilized for unified scheduling and processing so as to smoothly restore and upgrade the vulnerability without affecting the convenience and the stability of daily household services.
The invention provides a mechanism and a method for repairing loopholes of an intelligent terminal in a home network environment. According to the method, the information such as the vulnerability information of the all-network home equipment and the terminal model information is maintained at the cloud, the vulnerability restoration condition and the service load condition in each home network are determined through the home gateway, and the best time for vulnerability restoration is dynamically calculated, so that intelligent terminal equipment vulnerability intelligent restoration is performed in a mode of active pushing at the cloud, unified storage at the gateway side and issuing by the gateway at a proper time.
Fig. 1 illustrates a block diagram of a system 100 for intelligent terminal vulnerability remediation in a home network environment, according to one embodiment of the invention. The system 100 mainly comprises a cloud vulnerability restoration management system 101, a home network connection management platform 102, a home intelligent gateway 103 and intelligent terminal equipment 104.
It will be understood by those skilled in the art that "full network" in the present invention refers to an operator (e.g., china telecommunications, china mobile, etc.) network, and "full network home network" refers to all home networks within the operator network. In general, a plurality of home networks exist within the entire network. The home network mainly comprises two parts, namely a home intelligent gateway and intelligent terminal equipment hung under the home intelligent gateway. For the sake of brevity, other components constituting the home network are not described herein. The home intelligent gateway is a bridge where the whole home network is connected with an external network, and can receive signals from the external network and transmit the signals to a certain intelligent terminal device through the home network. In other words, the home intelligent gateway is a central device for home intelligence, and through the home intelligent gateway, functions of collecting system information, inputting information, outputting information, and performing centralized control, remote control, linkage control and the like on various intelligent terminal devices are realized. The connection between the home intelligent gateway and the intelligent terminal device may be varied, such as using ethernet, WIFI, zigbee, etc., and the connection is not within the scope of the present invention.
Referring to fig. 1, according to one embodiment of the present invention, a cloud vulnerability restoration management system 101 may be considered as a business management system deployed on a cloud server, which may support business requests and centralized data storage of a home network connection management platform 102 and a home intelligent gateway 103. Those skilled in the art will appreciate that, in the cloud architecture, the cloud vulnerability restoration management system 101 may communicate with the home network connection management platform 102 and the home intelligent gateway 103 in a variety of connection manners, and the specific communication manner is not within the protection scope of the present invention.
Specifically, the cloud vulnerability restoration management system 101 is configured to perform full-network home network vulnerability restoration management. The cloud vulnerability restoration management system 101 can know the connection condition and the vulnerability condition of the intelligent terminal equipment of the whole-network home user by means of library information such as a vulnerability information library and a device information library, and provides unified storage and management of vulnerability restoration packages. According to one embodiment of the invention, the vulnerability information base can comprise vulnerability information for various different types of intelligent terminal devices in the whole-network home network and related vulnerability restoration packages, and the device information base can comprise information such as model numbers, configuration and the like of the intelligent terminal devices in the whole-network home network. According to one embodiment of the invention, the cloud vulnerability fix management system 101 may be maintained by an operator and/or by a third party provider to ensure that information in the vulnerability information base, the device information base, is kept up to date.
By adopting the cloud vulnerability restoration management system 101, only one piece of vulnerability restoration information is required to be maintained in the cloud for the intelligent terminal equipment with the same model in the whole home network, and independent vulnerability restoration information is not required to be maintained in each home network.
According to one embodiment of the present invention, the home network connection management platform 102 is configured to serve as a management and control center for the all-network home intelligent gateway 103 (e.g., home intelligent gateways 103-1 to 103N), so as to implement unified operation and control for the all-network home intelligent gateway 103, including operations of issuing and uninstalling plug-in packages, issuing vulnerability repair packages, and the like. For example, the home network connection management platform 102 may store and maintain a home network relationship library, where the relationship library maintains information including a type, a model number, an IP address, etc. of a home intelligent gateway down-hanging intelligent terminal device for subsequent delivery of vulnerability restoration packages.
Fig. 2 shows a schematic diagram 200 of a home intelligent gateway 103 according to an embodiment of the invention. According to one embodiment of the present invention, the home intelligent gateway 103 adds a traffic detection module 105, a vulnerability scanning module 106, a vulnerability storage module 107, a configuration management module 108 and a scheduling module 109 to the basic functions of a general gateway. Wherein any module may communicate with any other module, but not all connections are shown for ease of illustration. Also, it is to be fully understood by one skilled in the art that the various modules described above are merely for illustrative purposes herein, and that the functionality of one or more of the modules described above may be combined into a single module or split into multiple modules. Also, one or more of the above-described modules may be implemented in software, hardware, or a combination thereof.
According to one embodiment of the invention, the traffic detection module 105 is configured to detect all up and down traffic received and sent through the home intelligent gateway 103. Vulnerability scanning module 106 is configured for periodic vulnerability detection and scanning for intelligent terminal device 104. The vulnerability storage module 107 is configured to manage and store a vulnerability repair package of an intelligent terminal device to be repaired of the entire home network. The configuration management module 108 is configured for gateway vulnerability fix-related setup initialization and management. The scheduling module 109 is configured to calculate an optimal scheduling policy and a vulnerability restoration opportunity according to the actual situation of the home network in combination with the configuration setting, and trigger the issuing of the vulnerability restoration package of the intelligent terminal device.
According to one embodiment of the invention, a plurality of intelligent terminal devices 104 (e.g., 104-1 to 104N) may be suspended under one home intelligent gateway 103. As known to those skilled in the art, the types of intelligent terminal devices 104 may be varied, such as intelligent speakers, intelligent televisions, intelligent refrigerators, intelligent microwave ovens, intelligent televisions, intelligent lights, and the like. The smart terminal device 104 may be configured to communicate with the home smart gateway 103, for example, to receive requests from the home smart gateway 103 for bug fixes and reporting of relevant information.
In general, the cloud vulnerability restoration management system 101 is used for performing full-network home network vulnerability restoration management, and maintaining vulnerability information and corresponding restoration packages of each intelligent terminal device in the full-network home network. After receiving the repair requests from all the home intelligent gateways 103 in the whole network, collecting the same loopholes in the repair requests from all the home intelligent gateways 103, and issuing a loophole list to the home network connection management platform 102. The home network connection management platform 102 segments the vulnerability list based on different home intelligent gateways 103 and transmits each subset of the vulnerability list to the corresponding home intelligent gateway 103. The home intelligent gateway 103 obtains the vulnerability restoration policy based on the restoration time, restoration rule and restoration priority of each intelligent terminal device in the down-hanging intelligent terminal device 104, so as to push the restoration packet for the intelligent terminal device 104 to the intelligent terminal device 104 at a proper restoration time to perform vulnerability restoration.
Fig. 3 illustrates a flowchart of a method 300 for vulnerability restoration of an intelligent terminal in a home network environment according to one embodiment of the present invention.
In step 301, configuration initialization is implemented at a home intelligent gateway. In the step, the home intelligent gateway respectively hangs down intelligent terminal equipment to collect equipment state information and business information, acquires repair preference setting from a user, and acquires vulnerability information from a cloud vulnerability repair management system, thereby realizing configuration initialization related to a vulnerability repair strategy. Step 301 may be performed by the configuration management module 108 in the home intelligent gateway, according to one embodiment of the present invention.
According to one embodiment of the invention, the information collected by the home intelligent gateway on-hook intelligent terminal device includes, but is not limited to, 1) device status information such as device name, model, brand, operating system version, presence, MAC, IP, memory capacity, etc., and 2) service information such as primary service type, service name, service priority, service importance, etc.
According to one embodiment of the invention, the information collected by the home intelligent gateway to the user includes, but is not limited to, 3) repair preference settings such as single device/multi-device repair, whether to block current traffic, repair frequency, whether to differentiate vulnerability levels, repair time preferences, etc. According to one embodiment of the invention, the repair preference settings may not be collected from the user, but rather default settings are employed. For example, the smart gateway vendor may set the smart gateway to "single device repair" by default. In general, in the case of "single device repair", the home intelligent gateway down-hanging device is singly repaired. In the case of 'multi-device repair', multiple intelligent terminal devices of the same model in the home intelligent gateway down-hanging device can be repaired in batches.
According to one embodiment of the invention, the information collected by the home intelligent gateway to the cloud vulnerability restoration management system comprises, but is not limited to, vulnerability information (vulnerability association device, vulnerability severity, vulnerability name, vulnerability type) and the like. As described above, the cloud vulnerability restoration management system stores and maintains the latest vulnerability information related to the intelligent terminal device, so that the home intelligent gateway can obtain the current latest vulnerability information. According to the embodiment of the invention, the home intelligent gateway can provide the specific model of the down-hanging intelligent terminal device for the cloud vulnerability restoration management system so as to obtain vulnerability information corresponding to the model of the intelligent terminal device. According to another embodiment of the invention, the home intelligent gateway can acquire all vulnerability information from the cloud vulnerability restoration management system.
In step 302, the home intelligent gateway monitors and collects the home traffic status, and obtains the home network traffic and the home network usage related information. The acquired information includes, but is not limited to, network connection mode, connection state, internal memory capacity of the home intelligent gateway itself, CPU occupancy rate, different traffic up-down peak traffic and time, different traffic up-down valley traffic and valley time set, etc. Step 302 may be performed by the traffic detection module 105 in the home intelligent gateway, according to one embodiment of the invention.
In step 303, the home intelligent gateway calculates the repair priority of each of the to-be-repaired hanging intelligent terminal devices according to the information acquired in step 301 and step 302.
According to one embodiment of the present invention, the vulnerability scanning module 106 in the home intelligent gateway scans and detects vulnerabilities of the down-hung intelligent terminal device, and compares the detected vulnerabilities with vulnerability information collected from the cloud vulnerability repair management system in step 301 to find vulnerabilities existing in the down-hung intelligent terminal device. Those skilled in the art can understand that there are various ways to detect the loopholes in the intelligent terminal device at present, and how to detect the loopholes of the intelligent terminal device is not in the protection scope of the present invention.
And after the loopholes existing in the down-hanging intelligent terminal equipment are found, calculating the loophole repair priority of each intelligent terminal equipment. According to one embodiment of the invention, for the intelligent terminal equipment i, the calculation rule of the priority P fix i of the bug i repair is as follows:
selecting configuration input items, namely vulnerability severity level Si, vulnerability weight ratio P1, restoration time length (namely time length required for modifying the vulnerability) weight P2, service priority set < B1, B2..Bn >, service priority weight P4, service set uplink and downlink flow set < network uplink flow UPin, network downlink flow UDin >, and flow weight P3, wherein the steps are as follows:
therefore, according to the vulnerability situation of each intelligent terminal device, a vulnerability repair priority list set of the intelligent terminal device i can be established:
DEVICE i = (< vulnerability id-1, P fix 1>, < vulnerability id-2, P fix >) is @ is < vulnerability id-i, P fix i >
In step 304, the home intelligent gateway initiates a vulnerability restoration request to the cloud vulnerability restoration management system. According to one embodiment of the invention, the vulnerability repair request may include information of home network broadband number, < device identification code, vulnerability level, vulnerability name (which may be empty) >. According to one embodiment of the present invention, if in the vulnerability comparison process of step 303, the vulnerability detected by the home intelligent gateway is not recorded in the vulnerability information obtained from the cloud vulnerability repair management system, the "vulnerability name" may be empty.
At step 305, the associated subset of vulnerability manifests is issued to the home intelligent gateway. According to one embodiment of the invention, the cloud vulnerability restoration management system gathers according to the requests of different home intelligent gateways, selects vulnerability restoration packages to be issued according to the vulnerability version conditions in the vulnerability information base, forms a whole-network vulnerability list to be distributed and submits the vulnerability list to the home network connection management platform. The home network connection management platform further cuts the vulnerability list according to the home broadband account number, and sends a directly-related vulnerability list subset to each corresponding home intelligent gateway.
For example, when all of the home intelligent gateways 103-1 to 103-N send out the vulnerability repair request to the cloud vulnerability repair management system, the cloud vulnerability repair management system may aggregate the same vulnerabilities (for example, the same vulnerabilities for the devices of the same model) included in the vulnerability repair request, and find a vulnerability repair package corresponding to the vulnerability. The cloud vulnerability restoration management system can form a vulnerability list based on vulnerability information, vulnerability restoration packages, home network broadband numbers and the like so as to be submitted to the home network connection management platform. For example, the vulnerability manifest may have the following fields { device model, vulnerability name, vulnerability version, vulnerability repair package, home network bandwidth number 1, home network bandwidth number 2..the home network bandwidth number N } for each vulnerability to illustrate which home networks have the vulnerability for the current vulnerability. Of course, it is fully understood by those skilled in the art that the above fields are merely illustrative, and that other patterns of field combinations are within the contemplation of the present invention.
After receiving the vulnerability list for the whole home network, the home network connection management platform can divide the vulnerability list on a home network bandwidth number-by-home network bandwidth number basis according to the field of the vulnerability list so as to form a vulnerability list subset corresponding to each home intelligent gateway, and sends the vulnerability list subset to the corresponding home intelligent gateway. For example, the vulnerability inventory subset for home intelligent gateway 1 may include the following fields { device model to be repaired, vulnerability name, vulnerability repair package }. Of course, it is fully understood by those skilled in the art that the above fields are merely illustrative, and that other patterns of field combinations are within the contemplation of the present invention.
In step 306, the vulnerability in the intelligent terminal device to be repaired hung under the home intelligent gateway is repaired. According to one embodiment of the invention, the home intelligent gateway receives the subset of vulnerability manifests to be remediated, stores it locally (e.g., in vulnerability storage module 107), and triggers the computation of the vulnerability remediation policy for the hanging intelligent terminal device (this computation may be performed by scheduling module 109). Vulnerability repair policies comprehensively trade-off from three dimensions, repair time, repair rules (e.g., single device repair, same type device repair, full repair), repair priorities (e.g., vulnerability level from high to low, no vulnerability prioritization). As will be appreciated by those skilled in the art, "single device repair" refers to each of a plurality of devices under the home network intelligent gateway being repaired in turn, i.e., only one device at a time. "same type device repair" refers to that multiple devices of the same type (e.g., multiple intelligent televisions of the same model) that are suspended under a home intelligent gateway can be repaired in bulk. "all repair" means that all devices that are down-hung from the home intelligent gateway are repaired in bulk.
Wherein the repair rules may be taken from the repair preference settings obtained in step 301 or the default settings of the home intelligent gateway, and the repair priority has been calculated in step 303. Next, the calculation of the optimal repair time is performed.
First, based on the repair rule, each vulnerability in the DEVICE i = (< vulnerability id-1, P fix 1>, < vulnerability id-2, P fix >) for the intelligent terminal DEVICE to be repaired calculated in step 303 is ordered to form a vulnerability repair set { leak (vulnerability) i,leakj. Calculating CPU occupancy rate CPU di of the intelligent terminal equipment to be repaired at regular intervals delta t, counting average lowest-usage CPU di-min of the CPU of the intelligent terminal equipment within a week, counting home gateway bandwidth Speed -r, user ordering bandwidth Speed -o and bandwidth utilization rate B u=Speed-o-Speed-r/Speed-o at regular intervals delta t, and counting lowest value B u-min of the home gateway bandwidth utilization rate within a week.
The time for the final triggering of the bug leak i for the intelligent terminal device to be repaired is T recover( Repair of ):
If CPU di≦CPUdi-min +5%, and Then T recover = current time. The above-mentioned "5%" and "10%" are merely illustrative, and the parameter values may be fully reconfigured according to actual conditions, according to one embodiment of the present invention.
And determining the repair triggering time for batch repair of the same type of intelligent terminal equipment according to the calculation method.
And distributing one or more bug fix packages corresponding to the intelligent terminal equipment to be repaired in the bug list subset to the intelligent terminal equipment at the calculated T recover, and triggering bug fixes of the intelligent terminal equipment. In step 307, the home intelligent gateway reports the bug fix information to the cloud bug fix management system according to bug fix conditions of each of the down-hanging intelligent terminal devices to be repaired, and cleans locally stored data. According to the embodiment of the invention, the home intelligent gateway can acquire the bug repair condition (such as bug repair success, bug repair failure, failure reasons and the like) of the down-hanging intelligent terminal equipment, and report the bug repair condition to the cloud bug repair management system. Based on the reported bug fix condition, the cloud bug fix management system can update the bug information base and/or the equipment information base so as to maintain the accuracy of the base information.
Compared with the prior art, the invention has the remarkable advantages that:
(1) The method has universality and usability that the scene of the invention is oriented to all home networks instead of a certain home local area network, only one piece of information is needed to be maintained for all vulnerabilities of the intelligent terminal equipment of the same type in the whole network, the network management and control capability of the gateway is fully utilized to realize the dynamic and personalized automatic vulnerability restoration oriented to millions of families, the manual intervention of network management personnel is not needed, and users have safety perception but do not need additional learning and use cost, so the method is simple and easy to use.
(2) According to the invention, the home network is used as a control center, not only can all intelligent devices be detected, but also intelligent research and judgment can be carried out according to the overall load condition in the home network, a certain type of devices are selected at proper time according to service requirements to carry out batch or directional vulnerability restoration, so that the processing capacity of the home network is optimized, the influence on the existing service is reduced, and the processing efficiency of the overall intelligent home service is improved while the safety is ensured in time.
(3) The invention fully considers the condition of single family business, the load state of network and the resource condition of equipment, provides personalized configuration for users, automatically determines the vulnerability restoration mechanism and mode by means of the control center capability of the family gateway, has higher personalized management and control characteristics, and can dynamically adjust different families according to the actual condition of intelligent family business to better enjoy personalized service.
(4) The method has scene expansibility, can be used for expanding the scene of uniformly repairing the loopholes of the managed intelligent equipment by using the edge node as the central control equipment in the Internet of things, and can also be used for expanding the scene of automatically updating and upgrading the application in the environment of the Internet of things.
Although aspects of the present invention have been described so far with reference to the accompanying drawings, the above-described methods, systems and apparatuses are merely examples, and the scope of the present invention is not limited to these aspects but is limited only by the appended claims and equivalents thereof. Various components may be omitted or replaced with equivalent components. In addition, the steps may also be implemented in a different order than described in the present invention. Furthermore, the various components may be combined in various ways. It is also important that as technology advances, many of the described components can be replaced by equivalent components that appear later.

Claims (10)

1. A method for vulnerability restoration of intelligent terminal equipment in a home network, comprising:
configuration initialization is realized at a home intelligent gateway, wherein the configuration initialization comprises the steps of obtaining equipment state information and business information of each intelligent terminal equipment hung under the home intelligent gateway, repairing preference setting and/or vulnerability information;
The home intelligent gateway monitors and collects the service flow state of the home network and acquires the home network flow and the use related information of the home network;
The home intelligent gateway calculates the repair priority of each intelligent terminal device to be repaired, which is hung under the home intelligent gateway, so as to sort the repair priority of one or more vulnerabilities in each intelligent terminal device to be repaired;
the priority P fix i of the bug i repair is calculated according to the following formula:
Wherein Si represents vulnerability severity level, P1 represents vulnerability weight ratio, P2 represents repair duration weight, and P3 represents flow weight;
The home intelligent gateway receives the associated subset of vulnerability manifests, and
And repairing the loopholes of each intelligent terminal device to be repaired, which is hung under the home intelligent gateway, based on the repair time, the repair priority and the repair rule of each intelligent terminal device to be repaired, which is hung under the home intelligent gateway.
2. The method of claim 1, wherein implementing configuration initialization at a home intelligent gateway further comprises the home intelligent gateway collecting vulnerability information from a cloud vulnerability repair management system, the vulnerability information comprising vulnerability information for each intelligent terminal device under-hung by the home intelligent gateway.
3. The method of claim 2, wherein the home intelligent gateway calculating the repair priority of each intelligent terminal device to be repaired that is down-hung by the home intelligent gateway further comprises:
And the home intelligent gateway scans and detects the loopholes of each hung intelligent terminal device, and compares the detected loopholes with the loopholes information acquired from the cloud loophole repair management system to find loopholes existing in the hung intelligent terminal devices, so that each intelligent terminal device to be repaired hung under the home intelligent gateway is identified.
4. The method of claim 1, wherein the repair preference setting is a preference setting provided by a user or a default setting set by a vendor of the home intelligent gateway.
5. The method of claim 1, wherein the home intelligent gateway receiving the associated subset of vulnerability manifests further comprises:
the home intelligent gateway initiates a vulnerability restoration request to a cloud vulnerability restoration management system, wherein the vulnerability restoration request comprises a home network broadband number, < equipment identification code, vulnerability grade and vulnerability name >;
The cloud vulnerability restoration management system gathers the same vulnerabilities contained in vulnerability restoration requests sent by a plurality of home intelligent gateways in the whole network, and searches for a vulnerability restoration package corresponding to the vulnerabilities;
The cloud vulnerability restoration management system submits a vulnerability list to a home network connection management platform, wherein the vulnerability list comprises, for each vulnerability, the following fields of vulnerability information, a vulnerability restoration package, a home network broadband number and
The home network connection management platform divides the vulnerability list on the basis of home network bandwidth numbers to form vulnerability list subsets corresponding to each home intelligent gateway, and sends the vulnerability list subsets to the corresponding home intelligent gateways, wherein the vulnerability list subsets comprise the fields of equipment model to be repaired, vulnerability names and vulnerability repairing packages.
6. The method of claim 1, wherein the repair rules specify single device repair, same type of device repair, or full repair.
7. The method of claim 5, repairing vulnerabilities of each intelligent terminal device to be repaired that is downlinked to the home intelligent gateway further comprises:
Aiming at each intelligent terminal equipment to be repaired, distributing one or more vulnerability restoration packages corresponding to the intelligent terminal equipment to be repaired in the repair time aiming at the intelligent terminal equipment to be repaired, and triggering vulnerability restoration of the intelligent terminal equipment;
And the one or more bug fix packages fix according to the corresponding fix priorities of the one or more bugs.
8. A system for vulnerability restoration of intelligent terminal equipment in a home network, comprising:
a home intelligent gateway configured for:
Implementing configuration initialization, wherein the configuration initialization comprises the steps of obtaining equipment state information and service information of each intelligent terminal equipment hung under the home intelligent gateway, repairing preference setting and/or vulnerability information;
monitoring and collecting a home network service flow state, and acquiring home network flow and home network use related information;
Calculating the repair priority of each intelligent terminal device to be repaired hung under the home intelligent gateway so as to sort the repair priority of one or more vulnerabilities in each intelligent terminal device to be repaired;
the priority P fix i of the bug i repair is calculated according to the following formula:
Wherein Si represents vulnerability severity level, P1 represents vulnerability weight ratio, P2 represents repair duration weight, and P3 represents flow weight;
Receiving an associated subset of vulnerability manifests;
Aiming at each intelligent terminal equipment to be repaired, distributing one or more vulnerability restoration packages corresponding to the intelligent terminal equipment to be repaired in the repair time aiming at the intelligent terminal equipment to be repaired, and triggering vulnerability restoration of the intelligent terminal equipment;
one or more of the intelligent terminal devices, the one or more intelligent terminal devices are configured to:
And repairing the loopholes of the intelligent terminal equipment based on one or more loophole repairing packages corresponding to the intelligent terminal equipment, wherein the one or more loophole repairing packages repair according to the repairing priority of the corresponding one or more loopholes.
9. The system as recited in claim 8, further comprising:
the cloud vulnerability restoration management system is configured to store and maintain a vulnerability information base and a device information base;
The cloud vulnerability restoration management system is further configured to aggregate identical vulnerabilities contained in vulnerability restoration requests sent by a plurality of home intelligent gateways in a whole network, and find vulnerability restoration packages corresponding to the vulnerabilities to form a vulnerability list, wherein in the vulnerability list, for each vulnerability, the vulnerability list comprises fields including vulnerability information, vulnerability restoration packages and a home network broadband number.
10. The system of claim 9, further comprising a home network connection management platform configured to:
Dividing the received vulnerability list on the basis of the home network bandwidth number to form a vulnerability list subset corresponding to each home intelligent gateway, and sending the vulnerability list subset to the corresponding home intelligent gateway, wherein the vulnerability list subset comprises the following fields of equipment model to be repaired, vulnerability name and vulnerability repairing package.
CN202110987349.9A 2021-08-26 2021-08-26 A smart terminal vulnerability repair mechanism and method in a smart home network environment Active CN113849816B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110987349.9A CN113849816B (en) 2021-08-26 2021-08-26 A smart terminal vulnerability repair mechanism and method in a smart home network environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110987349.9A CN113849816B (en) 2021-08-26 2021-08-26 A smart terminal vulnerability repair mechanism and method in a smart home network environment

Publications (2)

Publication Number Publication Date
CN113849816A CN113849816A (en) 2021-12-28
CN113849816B true CN113849816B (en) 2025-03-25

Family

ID=78976415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110987349.9A Active CN113849816B (en) 2021-08-26 2021-08-26 A smart terminal vulnerability repair mechanism and method in a smart home network environment

Country Status (1)

Country Link
CN (1) CN113849816B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109962903A (en) * 2017-12-26 2019-07-02 中移(杭州)信息技术有限公司 A home gateway security monitoring method, device, system and medium
CN113168473A (en) * 2018-11-20 2021-07-23 沙特阿拉伯石油公司 Classification and repair of network security vulnerabilities based on network utilization

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113139191B (en) * 2021-03-25 2022-07-26 国网浙江省电力有限公司衢州供电公司 Statistical method for bug disposal repair priority

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109962903A (en) * 2017-12-26 2019-07-02 中移(杭州)信息技术有限公司 A home gateway security monitoring method, device, system and medium
CN113168473A (en) * 2018-11-20 2021-07-23 沙特阿拉伯石油公司 Classification and repair of network security vulnerabilities based on network utilization

Also Published As

Publication number Publication date
CN113849816A (en) 2021-12-28

Similar Documents

Publication Publication Date Title
US12278834B1 (en) Subscription-based malware detection
US20250260723A1 (en) Monitoring Device Data and Gateway Data
JP7663684B2 (en) Method, system, and computer-readable medium for ranking process for network feature selection - Patents.com
US11394618B2 (en) Systems and methods for validation of virtualized network functions
US10708146B2 (en) Data driven intent based networking approach using a light weight distributed SDN controller for delivering intelligent consumer experience
US8099488B2 (en) Real-time monitoring of service agreements
US9379953B2 (en) Intelligent management of application connectivity
US9635149B2 (en) Method and apparatus for dynamic association of terminal nodes with aggregation nodes and load balancing
EP3449600B1 (en) A data driven intent based networking approach using a light weight distributed sdn controller for delivering intelligent consumer experiences
US20130080517A1 (en) Device and method for data load balancing
CN106941507B (en) Method and device for scheduling request message
CA2747554C (en) Differentiated priority level communication
WO2006046486A1 (en) Resource management system, resource information providing method, and program
CN103078880A (en) Content information processing method, system and equipment based on multiple content delivery networks
US20130128729A1 (en) Communication network operator traffic regulation manager and data collection manager and method of operation thereof
Masoumi et al. Dynamic online VNF placement with different protection schemes in a MEC environment
CN113228776B (en) Resource allocation for unmanaged communication links
US8396057B2 (en) Method and apparatus for traffic regulation in a communication network
CN113849816B (en) A smart terminal vulnerability repair mechanism and method in a smart home network environment
Tariq et al. Dynamic publish/subscribe to meet subscriber-defined delay and bandwidth constraints
CN108540581A (en) Service system and method for servicing based on more web servers, storage medium
CN109451074B (en) Server load balancing processing method based on portal protocol
US20130205013A1 (en) Network management in a communications network
CN114567648B (en) Distributed cloud system
Masoumi Estahbanati et al. Dynamic Online VNF Placement with Different Protection Schemes in a MEC Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant