欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2017, Vol. 34 ›› Issue (6): 759-770.DOI: 10.7523/j.issn.2095-6134.2017.06.013

• 计算机科学 • 上一篇    

一种基于无线路由器的IoT设备轻量级防御框架

严志涛1,2, 方滨兴3,4, 刘奇旭1,2, 崔翔1,2,3   

  1. 1. 中国科学院大学网络空间安全学院, 北京 100049;
    2. 中国科学院信息工程研究所, 北京 100093;
    3. 北京邮电大学, 北京 100876;
    4. 东莞电子科技大学电子信息工程研究院, 广东 东莞 523808
  • 收稿日期:2016-11-29 修回日期:2017-02-22 发布日期:2017-11-15
  • 通讯作者: 刘奇旭
  • 基金资助:
    国家重点研发计划(2016YFB0801604)、国家自然科学基金(61303239)和广东省产学研合作项目(2016B090921001)资助

A wireless router-based lightweight defense framework for IoT devices

YAN Zhitao1,2, FANG Binxing3,4, LIU Qixu1,2, CUI Xiang1,2,3   

  1. 1. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;
    2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    3. Beijing University of Posts and Telecommunications, Beijing 100876, China;
    4. Institute of Electronic and Information Engineering, Dongguan University of Electronic Science and Technology, Dongguan 523808, Guangdong, China
  • Received:2016-11-29 Revised:2017-02-22 Published:2017-11-15

摘要: 目前IoT(Internet of things,物联网)设备安全问题很多,然而由于IoT设备自身限制(嵌入式系统,资源紧张),传统PC的保护手段已经不再适用。提出一种基于无线路由器的IoT设备轻量级防御框架WRGuardian(wireless router guardian),利用家用无线路由器在网络流量的掌控能力和拓扑结构优势,从被动防御和主动防御两个方面入手,及时监测并阻断目前针对IoT设备的主要攻击行为,同时定期扫描检测安全问题并修复。该框架无需外部硬件或者修改设备原有系统,降低了部署难度和成本,有利于后期推广。实验结果显示WRGuardian能够有效对抗针对IoT设备弱口令、命令注入等主要攻击手段,且能排查修复已知风险,是一种低成本可行的轻量级防护方案。

关键词: 无线路由器, IoT设备, 安全防护, 网络流量

Abstract: It is well known that IoT (Internet of things) devices are vulnerable and can be easily intruded by attackers. However, traditional protection methods for PCs are no longer suitable for IoT devices. In this work, we design a router-based lightweight defense framework WRGuardian (wireless router guardian) which uses the router's network traffic controllability and computing capacity to protect IoT devices. It will monitor and block the attack behaviors to IoT devices, and it will detect and fix the security issues by simulating attacks. Because there is no requirement of additional security hardware for the IoT devices, this protection framework has a low cost, and it is convenient to deploy and beneficial for promotion. Our experimental results show that WRGuardian is feasible and protects IoT devices from main attacks. It is an effective lightweight solution.

Key words: wireless router, IoT device, protection, network traffic

中图分类号: