| With the rapid development of the Internet of things,the number of home routers is increasing year by year,and smart home devices are widely popularized.Routers play the role of the core infrastructure in the entire smart home,responsible for the network connection and interaction of all smart devices,while attacks on routers are increasing.Major security website often have information about the router’s threat information updates,but existing home routers lack detection and prevention capacity for vulnerabilities,once appear new vulnerabilities,often can only passively waiting for manufacturers released a new version of the firmware update or patch,before the new firmware is released,the attacker has enough time to conduct batch attack on the router affected by the vulnerability,which is a serious threat to the user information security.How to quickly respond to the router threat intelligence information and automatically identify and intercept the vulnerability attack is an urgent problem to be solved.In this paper,the threat information of router is crawled regularly and analyzed and classified,and the vulnerability threat information database is automatically maintained.On this basis,the threat information is automatically extracted,and all suspicious requests passing through the router are intercepted and checked to automatically respond to the threat information.At the same time,the key features are extracted through the normal operation of the router,and the relevant request modes are extracted,URL,parameters,request length and other elements are analyzed to build a normal access model,which can be used as a reference for abnormal judgment and timing,effectively reduce false and missed alarms,so as to improve the speed and accuracy of router response to threat intelligence,while not affecting the normal operation of router.Based on the above protection idea,this paper further designs and implements the prototype of router vulnerability automatic protection system based on Threat Intelligence,and introduces the function and implementation of each module of the system.In the experimental part,16 high-risk vulnerabilities of 6 different types of devices are used to test the function of the system prototype,among which 9 command injection and buffer overflow vulnerabilities are successfully identified and blocked based on the normal access model;7 vulnerabilities are successfully automatically responded and protected based on Threat Intelligence,and the performance loss of the system is less than 1% in most of the running time,with certain practicability.The innovation of this paper lies in the real-time monitoring of relevant threat intelligence and automatic vulnerability response without human intervention,to solve the problem that the current mainstream protection method of identifying vulnerability through characteristic rules is difficult to deal with new vulnerabilities;at the same time,by building a normal access model,it can be used to identify abnormal requests,effectively reduce the false positives and false positives,without maintaining a large rule base To some extent,it can also prevent unknown vulnerability attacks.The performance loss of the protection method proposed in this paper is low,and router manufacturers can completely build it into the factory equipment,which can effectively prevent attackers from using firmware vulnerability to attack. |
