摘要
由于物联网设备多且Web登录页面复杂多样,弱口令自动化探测难度较大。针对此问题,设计一套面向物联网设备Web应用系统的弱口令自动化探测框架。结合HTML特征和所提规则,解决口令探测中自动化控件定位和结果判断的难题。基于该框架开发一套自动化弱口令探测系统,对北京市、山东省和浙江省的公网物联网设备进行Web弱口令探测,共发现12 179台存在Web弱口令的设备,占所有发现物联网设备的7.58%,验证了所提框架的有效性。
IoT(internet of things)devices have characters of large quantity,complicated web login pages,and poor automated detection performance for weak password.Aiming at this problem,an automatic web weak key detection framework for IoT equipment was designed.The problem of automatic control positioning and result judgment in automatic weak key detection was solved by combining HTML features and proposed rules.Based on this framework,a set of automatic weak password detection system was developed and applied to detect the IoT devices in Beijing,Shandong and Zhejiang province.The system identifies 12 179 IoT devices with Web weak password,which constitutes 7.58% of all discovered IoT devices.The results verify the effectiveness of the proposed framework.
作者
徐顺超
陈永乐
李志
孙利民
XU Shun-chao;CHEN Yong-le;LI Zhi;SUN Li-min(College of Computer Science and Technology,Taiyuan University of Technology,Jinzhong 030600,China;Beijing Key Laboratory of Internet of Things Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《计算机工程与设计》
北大核心
2019年第1期8-13,共6页
Computer Engineering and Design
基金
国家重点研发计划基金项目(2016YFB0801603)
国家电网公司科学技术基金项目(52110417001B)
国家自然科学基金项目(61401300
61702504)
关键词
Web弱口令探测
设备识别
自动化登录
物联网安全
控件定位
Web weak password detection
device identification
automatic login
IoT security
control location
