TWI727891B - A method and apparatus for network security - Google Patents

Abstract

A method and apparatus for network security is to connect at least one IoT box between IoT devices, connect a WAN box between the said IoT box and the WAN, and connect a terminal box between the said WAN box and the server, thereof the said IoT box, WAN box and terminal box have built-in AI algorithms that can collect information from each other and update parameters to prevent intrusion and do not signal an attack from inside the network.

Description

Network safety protection method and device

The present invention relates to a network security protection method and device, especially a method and device applied between Internet of Things equipment and a terminal platform.

Because network information is very diverse, in order to effectively apply and share digital information, many hardware devices are connected to the wide area network to obtain immediately useful digital information. However, network security has become the most important thing for maintaining the normal operation of the network. One ring.

The current method of network security maintenance, as shown in my country's new patent No. M508729 "Network security protection module applied to IoT devices", is to use a monitoring unit to receive various signals input to the IoT device, and to The signal is sent to the cloud processing unit, and the cloud processing unit uses the processor to determine the type of network attack of the signal, accesses the corresponding protection software in the database and sends it to the monitoring unit to perform the type of network attack on the IoT device The anti-hacking and anti-virus network security protection action.

However, in the protection module disclosed in the above-mentioned patent, the monitoring unit uploads the received signal to the cloud processing unit through the wide area network (WAN) for judgment, and if it is judged to be a harmful signal, it passes through the wide area network (WAN). Protect the IoT device; however, usually the cloud processing unit (ie the terminal platform of the industry) must be connected to thousands of IoT devices via a wide area network (WAN) at the same time. When one of the IoT devices carries harmful signals and uploads it to the cloud for processing The harmful signal can be used to attack other IoT devices through the wide area network (WAN) without passing through the cloud processing unit or install a backdoor to diverge. Therefore, even if the cloud processing unit closes the original connection of the IoT device that carries the harmful signal, Buried in other things The harmful signals of connected devices still cannot be completely eliminated, and they pose a serious threat to the security of the entire network, and there is a clear need for improvement.

In view of this, the inventor of the present case added research and innovation, and finally revealed a network security protection method and device.

The object of the present invention is to provide a network security protection method, which includes: connecting at least one IoT device to an IoT protection box; connecting at least one wide area network protection box between the IoT protection box and the wide area network, and The wide area network protection box is connected to a terminal platform through the wide area network; wherein the IoT protection box is built in at least one algorithm, and the wide area network protection box is built in at least two algorithms, so that the IoT protection box After collecting the received information, perform calculations to generate a parameter (a2), and pass the information to the WAN protection box, and make the WAN protection box the information input by the IoT protection box and the information collected by itself The information is calculated by its built-in algorithm to generate a parameter (b1) to provide the necessary information and update the IoT protection box, and the IoT protection box obtains the parameters (a2) from the IoT protection box and The parameters (b1) of the WAN protection box are analyzed, and one of them is selected as the basis for decision-making to effectively block the attack or divergence of malicious signals.

The network security protection method disclosed in the present invention further connects at least one terminal protection box between the wide area network protection box and the terminal platform, so that the terminal protection box has at least one algorithm built in, and can collect information and connections around it. The information collected by the WAN protection box, and the terminal protection box is calculated by an algorithm to generate parameters (a, b), wherein the parameter (b) is used to update the information of the WAN protection box, and the After the WAN protection box is judged and filtered the parameter (a) of the terminal protection box, a parameter (a1) is generated for the data update of the IoT protection box.

In the network security protection method disclosed in the present invention, each parameter (a2, b1) obtained by the IoT protection box is divided into a low-risk interval, a weak confidence interval, and a high-risk interval, so that the obtained parameter (a2 、B1) When it falls within the weak confidence interval, it is reported to the administrator to do a follow-up inspection and analysis, so that the obtained When the parameters (a2, b1) fall in the high-risk range, turn off the corresponding IOT device, so that when the obtained parameters (a2, b1) fall in the low-risk range, only the information is collected.

In the network security protection method disclosed in the present invention, the parameter (b1) obtained by the wide area network protection box is divided into a low-risk interval, a weak confidence interval and a high-risk interval, so that the obtained parameter (b1) falls in the weak In the confidence interval, the administrator will be reported to perform follow-up inspection and analysis, and when the obtained parameter (b1) falls within the high-risk interval, the corresponding IoT protection box will be closed, and the obtained parameter (b1) will fall within the low-risk interval. Only collect this information at that time.

In the network security protection method disclosed in the present invention, the parameters (a, b) obtained by the terminal protection box are divided into a low-risk interval, a weak confidence interval, and a high-risk interval, so that the obtained parameters (a, b) When it falls in the weak confidence zone, the administrator will be reported to perform follow-up inspection and analysis. When the obtained parameter (a, b) falls in the high risk zone, the corresponding WAN protection box will be closed, and the obtained parameter (a, b) will be closed. b) Only collect the information when it falls in the low-risk zone.

The network security protection method disclosed in the present invention compares the parameter (a2) generated by the IoT protection box with the parameter (b1) generated by the WAN protection box, so that the two parameters (a2) and (b1) When) falls in different intervals, the parameter (b1) generated by the WAN protection box is used as the basis for decision-making. When the two parameters (a2) and (b1) fall in the same interval, the IoT protection box generates The parameter (a2) of is used as the basis for decision-making.

In the network security protection method disclosed in the present invention, when the time of the parameter (b1) generated by the wide area network protection box obtained by the IoT protection box is greater than a predetermined value, it is generated by the IoT protection box Parameter (a2) is used as the basis for decision-making.

In the network security protection method disclosed in the present invention, when the time of the parameter (b1) generated by the WAN protection box is greater than the predetermined value, the parameter (b1) generated by the WAN protection box is entered into the row The process updates the internal information of the IoT protection box.

In the network security protection method disclosed in the present invention, the wide area network protection box is built-in DPPO (Distributed Proximal Policy Optimization) and A3C (Asynchronous Advantage Actor-Critic) two algorithms; the Internet of Things protection box is built-in DDPG (Deep Deterministic Policy Gradient) algorithm.

When the aforementioned wide area network protection box fails to converge in the A3C algorithm, the DPPO algorithm intervenes to assist its convergence.

In the network security protection method disclosed in the present invention, the terminal protection box has a built-in DPPO algorithm.

Another object of the present invention is to disclose a network security protection device, which includes an IoT protection box, at least one input/output terminal for connecting IoT devices, and at least one built-in algorithm to make the The information collected by the IoT protection box is calculated and analyzed by each algorithm to generate at least one parameter and output it to control the IoT device; and a wide area network protection box containing at least one input/output port for It is connected between the IoT protection box and a terminal platform, and has built-in at least two algorithms, so that the information collected by the WAN protection box is calculated and analyzed by each algorithm to generate at least one parameter, and the parameter is transferred to Output to the IoT protective box.

The network security protection device disclosed in the present invention further includes a terminal protection box, which contains at least one input/output terminal for connecting the wide area network protection box and the terminal platform, and has at least one built-in algorithm to make The information collected by the terminal protection box is calculated by the algorithm to generate at least one parameter and output to the wide area network protection box.

The method and device disclosed in the present invention can be clarified by the following description and accompanying drawings.

(10): IoT protection box

(11): Input/output terminal

(20): WAN protection box

(21): Input/output port

(30): Terminal platform

(40): Terminal protection box

(41): Input/output terminal

(a)(a1)(a2)(b)(b1): parameters

(IoT): IoT devices

Figure 1: is a flow chart of the first embodiment of the present invention.

Figure 2: is a flow chart of the second embodiment of the present invention.

Figure 3: The operation flow chart of each protective box of the present invention.

Figure 4: It is a flow chart of the control and management of the IoT protection box of the present invention.

Figure 5: is the decision flow chart of the IoT protection box of the present invention.

Fig. 6: The decision flow chart of the wide area network protection box of the present invention.

Figure 7: The decision-making flow chart of the terminal protection box of the present invention.

Please refer to Figures 1 and 3, the present invention relates to a network security protection method, which includes: connecting at least one Internet of Things (IoT) device to an Internet of Things protection box (10); At least one wide area network protection box (20) is connected between the box (10) and the wide area network (WAN), and the wide area network protection box (20) is connected to a terminal platform (30) through the wide area network; wherein the Internet of Things protection The box (10) has at least one built-in algorithm (AI algorithms), and the wide area network protection box (20) has at least two built-in algorithms (AI algorithms), so that the IoT protection box (10) collects the received After calculating the information, generate a parameter (a2), and transmit the information to the WAN protection box (20), and the WAN protection box (20) will input the information from the IoT protection box (10) The information collected by itself is calculated by its built-in algorithm to generate a parameter (b1) to provide information and update the IoT protection box (10), and the IoT protection box (10) can The parameters (a2) obtained by the networked protection box (10) and the parameters (b1) of the wide area network protection box (20) are analyzed, and one of them is selected as a decision basis to effectively block the attack or divergence of malicious signals.

As shown in Figures 2 and 3, the network security protection method disclosed in the present invention further connects at least one terminal protection box (40) between the wide area network protection box (20) and the terminal platform (30) to make the terminal The protective box (40) is built-in at least one algorithm (AI algorithms), and can collect the information of its surrounding connections and the information collected by the WAN protective box (20), and make the terminal protective box (40) perform the algorithm After the calculation, the parameters (a, b) are generated. The parameter (b) is used to update the information of the WAN protection box (20), and the WAN protection The protective box (20) generates a parameter (a1) after discriminating and screening the parameter (a) of the terminal protective box (40) for data update of the IoT protective box (10).

As shown in Figure 3, the information collected by the IoT protective box (10) refers to wireless signals from the surroundings, such as 3G/4G/5G signals, WiFi or Bluetooth, etc., of course, it can also be connected The present invention is not self-limiting.

The Internet of Things (IoT) connected to the IoT protective box (10) disclosed in the present invention refers to an electronic device that can be connected to a local area network (LAN), such as a mobile device such as a tablet, a laptop or a mobile phone; or Home appliances such as refrigerators, TVs, and air conditioners; or security devices such as monitors, door locks, or automobiles, vending machines, etc., the present invention does not limit the types of IoT devices.

The wide area network protection box (20) disclosed in the present invention can collect information about the surrounding connection, which can refer to the state of the connected wide area network or the information provided by the wide area network, such as transmission speed, connected IP , The number of uploads, the time of connection to the Internet, the information of the connected device (such as the brand, the search record of Internet links)... etc., the present invention is not self-limiting. The surrounding connection information collected by the terminal protection box (40) may refer to monitoring information parameters (SOC), public monitoring information parameters, network equipment information... etc. provided by external equipment manufacturers. It does not limit the type or form of information collected by the terminal protection box (40).

As shown in Figure 3, in the network security protection method disclosed in the present invention, the wide area network protection box (20) extracts the parameters generated by the terminal protection box (40) that can be used by the IoT protection box (10) (a) After discrimination and screening, a parameter (a1) that can be used by the IoT protective box (10) is generated, and the parameter (a1) is transmitted to the IoT protective box (10).

As shown in Figure 4, the network security protection method disclosed in the present invention is a parameter (a2) generated by the IoT protection box (10) and a parameter (b1) generated by the WAN protection box (20) For comparison, when the two parameters (a2) and (b1) fall in different intervals, they are generated by the WAN protection box (20) The parameter (b1) is used as the basis for decision-making, and when the two parameters (a2) and (b1) fall in the same interval, the parameter (a2) generated by the IoT protective box (10) is used as the basis for decision-making.

As shown in FIG. 4, the network security protection method disclosed in the present invention, wherein the time of the parameter (b1) generated by the WAN protection box (20) obtained by the IoT protection box (10) is greater than a predetermined value At this time, the parameter (a2) generated by the IoT protective box (10) is used as the basis for decision-making. The above-mentioned predetermined value can be set according to the user's needs, such as 1 millisecond, and the present invention is not self-limiting.

As shown in FIG. 4, the network security protection method disclosed in the present invention, wherein when the time of the parameter (b1) generated by the WAN protection box (20) is greater than the predetermined value, the WAN protection box (20) ) Enter the generated parameter (b1) into the schedule, and update the internal information of the IoT protective box (10) according to the schedule time.

As shown in Figure 5, in the network security protection method disclosed in the present invention, the parameters (a2, b1) obtained by the IoT protection box (10) can be classified as low-risk according to the needs of the industry There are three intervals: the interval, the weak confidence interval, and the high-risk interval. Of course, the present invention does not limit the number of intervals. In the present invention, when the obtained parameter (a2, b1) falls within the weak confidence interval, it is reported to the administrator to perform follow-up inspection and analysis; when the obtained parameter (a2, b1) falls within the high risk interval, the corresponding problem is closed When the parameters (a2, b1) are in the low-risk range, only the information is collected for the Internet of Things (IoT). When the IoT protection box (10) determines that the connected signal is in a high-risk zone, the Internet of Things (IoT) of the corresponding node can be turned off, so that harmful signals will not enter the wide area network through the IoT protection box (10) (WAN), can block harmful signals in the local area network (LAN) to improve the protection effect of network security.

As shown in Figure 6, in the network security protection method disclosed in the present invention, the parameter (b1) obtained by the wide area network protection box (20) can be divided into a low-risk zone, a weak-confidence zone, and a zone according to the needs of the industry. High-risk interval. When the obtained parameter (b1) falls within the weak confidence interval, the administrator will do a follow-up inspection and analysis. When the obtained parameter (b1) falls within the high-risk interval, the corresponding node will be closed. The networked protection box (10) makes the obtained parameter (b1) fall within the low-risk range only for the information collection. edge Therefore, when the WAN protection box (20) determines that the connected signal is in a high-risk zone, the corresponding IoT protection box (10) can be closed so that harmful signals will not enter the IoT protection box (10) again The other nodes of the wide area network (WAN) enable the present invention to block harmful signals, avoid causing security hazards to the terminal platform (30), and improve the protection effect of network security.

As shown in Figure 7, in the network security protection method disclosed in the present invention, the parameters (a, b) obtained by the terminal protection box (40) are divided into a low-risk interval, a weak confidence interval, and a high-risk interval, so that When the obtained parameters (a, b) fall within the weak confidence interval, the administrator will be reported to perform follow-up inspection and analysis, so that when the obtained parameters (a, b) fall within the high risk interval, the WAN with the corresponding node will be closed. The protective box (20) makes the obtained parameters (a, b) fall within the low-risk range only for the information collection. In this way, the terminal protection box (40) disclosed in the present invention forms the last network security line of defense to effectively protect the security of the terminal platform (30).

In the network security protection method disclosed in the present invention, the wide area network protection box (20) can be built-in DPPO and A3C two algorithms; and the Internet of things protection box (10) is a built-in DDPG algorithm. The terminal protection box (40) has a built-in DPPO algorithm.

In the network security protection method disclosed in the present invention, when the wide area network protection box (20) fails to converge in the A3C algorithm, the DPPO algorithm is intervened to assist its convergence, so that the processing speed of the present invention can be faster.

As shown in Figures 1 and 2, another object of the present invention is to disclose a network security protection device, which includes an IoT protection box (10), at least one input/output terminal (11) for connection The Internet of Things (IoT) device has at least one built-in algorithm, so that the information collected by the Internet of Things protection box (10) is calculated and analyzed by the algorithm to generate a parameter and output it to control the Internet of Things Equipment (IoT); and a wide area network protection box (20), which contains at least one input/input port (21) for connecting between the IoT protection box (10) and a terminal platform (30), and is built-in At least two algorithms to make the WAN protection box collected The information is calculated and analyzed by each algorithm to generate at least one parameter, and output to the IoT protective box (10).

As shown in Figures 1 and 2, the network security protection device disclosed in the present invention further includes a terminal protection box (40), which contains at least one input/output terminal (42) for connecting to the wide area network protection box ( 20) At least one algorithm is built in between the terminal platform (30), and the information collected by the terminal protection box (40) is calculated by the algorithm to generate at least one parameter, and output to the wide area network. Protective box (20).

The method of network security protection disclosed in the present invention is a signal sent by an IoT device (IoT) with security concerns through the IoT protection box (10) between the Internet of Things (IoT) and the Wide Area Network (WAN) Block or turn off the Internet of Things (IoT), so that signals with security concerns can be closed on the local area network (LAN) instead of entering the wide area network (WAN); in addition, when entering the wide area network (WAN) and entering the terminal platform ( Before 30), the two security walls of the wide area network protection box (20) and the terminal protection box (40) were used to block suspicious signals and attacks to improve the reliability of network security protection.

The method for network security protection disclosed in the present invention, wherein the Internet of Things (IoT), wide area network protection box (20) and terminal protection box (40) can use the information collected by each other as the basis of calculation, so that The calculation results can be more accurate and faster.

The methods and devices disclosed in the present invention can be modified and applied without violating the spirit and scope of the present invention, and are not limited to the above-mentioned embodiments.

Claims (10)

A network security protection method includes: connecting at least one IoT device to an IoT protection box, wherein the IoT protection box can collect information from surrounding wireless signals or connected wired signals; At least one WAN protection box is connected between the protection box and the WAN, and the WAN protection box is connected to a terminal platform through the WAN, wherein the WAN protection box can collect the connected WAN status or originate from the WAN The information provided; where the IoT protection box has a built-in DDPG algorithm, and the WAN protection box has built-in DPPO and A3C algorithms, so that the IoT protection box collects the received information and then uses the DDPG algorithm Calculate, generate a parameter (a2), and transmit the information to the WAN protection box, and make the WAN protection box the information input by the IoT protection box and the information collected by itself through its built-in DPPO Or, after the A3C algorithm is calculated, a parameter (b1) is generated to obtain the information corresponding to the parameter (b1) to update the information of the IoT protection box, and the IoT protection box is the parameter obtained by the IoT protection box ( a2) Analyze the parameters (b1) of the WAN protection box, and choose one as the basis for decision-making to block malicious signal attacks or divergence; when the WAN protection box cannot be converged by the A3C algorithm, the The DPPO algorithm intervenes to assist its convergence. In addition, when the time of the parameter (b1) generated by the WAN protection box obtained by the IoT protection box is greater than a predetermined value, the parameter (a2) generated by the IoT protection box is used. ) As the basis for decision-making. According to the network security protection method of claim 1, further connecting at least one terminal protection box between the wide area network connected to the wide area network protection box and the terminal platform, so that the terminal The terminal protection box has a built-in DPPO algorithm, and can collect the information of its surrounding connections and the information collected by the WAN protection box, and make the terminal protection box generate parameters (a, b) after the algorithm calculation, and transmit To the WAN protection box, wherein the parameter (a) is sent to the IoT protection box via the WAN protection box for data update, and the parameter (b) is used to update the information of the WAN protection box, where The terminal protection box can collect the information of its surrounding connections, which refers to the monitoring information parameters (SOC) provided by the external equipment manufacturer, the public monitoring information parameters or the network equipment information. The network security protection method according to claim 2, wherein the wide area network protection box is judged, and the parameter (a) of the terminal protection box is screened to generate a parameter (a1) for the IoT protection box (10) Update the information. The network security protection method according to claim 1, wherein each parameter (a2, b1) obtained by the IoT protection box is divided into a low-risk interval, a weak confidence interval and a high-risk interval, so that the obtained parameter When (a2, b1) falls within the weak confidence interval, the administrator will be reported to perform follow-up inspection and analysis. When the obtained parameters (a2, b1) fall within the high-risk interval, the corresponding problematic IoT device will be shut down, and the result will be When the parameters (a2, b1) fall in the low-risk range, only the information is collected. The network security protection method according to claim 1, wherein the parameter (b1) obtained by the wide area network protection box is divided into a low-risk interval, a weak confidence interval and a high-risk interval, so that the obtained parameter (b1) falls In the weak confidence interval, the administrator is reported to do a follow-up inspection and analysis, and when the obtained parameter (b1) falls in the high-risk interval, the corresponding problematic IoT box is closed, so that the obtained parameter (b1) falls on In the low-risk zone, only this piece of information is collected. The network security protection method according to claim 2, wherein the parameters (a, b) obtained by the terminal protection box are divided into a low-risk interval, a weak confidence interval and a high-risk interval, so that the obtained parameters (a, b) b) When it falls in the weak confidence zone, the administrator will be reported to perform follow-up inspection and analysis. When the obtained parameter (a, b) falls in the high-risk zone, the corresponding WAN protection box will be closed, and the obtained parameter (a 、B) Only collect the information when it falls in the low-risk zone. The network security protection method described in claim 4 is to compare the parameter (a2) generated by the IoT protection box with the parameter (b1) generated by the WAN protection box, so that the two parameters (a2), (b1) When falling in different intervals, the parameter (b1) generated by the WAN protection box is used as the decision basis. When the two parameters (a2) and (b1) fall in the same interval, the IoT protection box The generated parameter (a2) is used as the basis for decision-making. The network security protection method according to claim 1, wherein when the time of the parameter (b1) generated by the WAN protection box is greater than the predetermined value, the parameter (b1) generated by the WAN protection box is Enter the schedule to update the internal information of the IoT protection box. A device for network security protection includes an IoT protection box, at least one input/output terminal for connecting to IoT devices, and a built-in DDPG algorithm to allow the information collected by the IoT protection box to pass through the After the DDPG algorithm is calculated and analyzed, at least one parameter is generated and output externally to control the IoT device; and a wide area network protection box containing at least one input port and one output port for connecting the IoT protection box and Between a terminal platform, the DPPO and A3C algorithms are built in, so that the information collected by the WAN protection box is produced after the calculation and analysis of the DPPO or A3C algorithm Generate at least one parameter, and output the parameter to the IoT protection box. When the WAN protection box cannot be converged by the A3C algorithm, the DPPO algorithm is used to assist its convergence, and the thing is When the time of the parameter generated by the WAN protection box obtained by the networked protection box is greater than a predetermined value, the parameter generated by the IoT protection box is used as a decision basis. The device for network security protection according to claim 9, further comprising a terminal protection box including at least one input/output terminal for connecting between the wide area network connected to the wide area network protection box and the terminal platform, and internal A DPPO algorithm is built, and the information collected by the input terminal is calculated by the DPPO algorithm to generate at least one parameter, and the output terminal is output to the WAN protection box.

Images