Shulou(Shulou.com)05/31 Report--

Editor to share with you what kind of tool IoT-Home-Guard is, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

IoT-Home-Guard 's security detection tool, which can be used by researchers to detect malicious behavior in Internet of things devices.

IoT-Home-Guard

IoT-Home-Guard can not only help users find malware in smart home devices / Internet of things devices, but also help detect invaded smart home devices. For security researchers, it can also carry out network analysis and malicious behavior detection.

We released the first version of the tool in July 2018 and completed the development of the second version in October 2018, which greatly enhanced user experience and increased the number and variety of identifiable devices.

The first-generation IoT-Home-Guard is a hardware device based on the raspberry pie (with a wireless network interface controller). We use the new custom firmware on the second-generation IoT-Home-Guard and support the environment configuration on the notebook, which can be found in the software_tools/ folder of the project directory.

Working mechanism

This tool mainly scans and discovers malicious behavior by detecting malicious network traffic. A device implanted with malware attempts to communicate with a remote server and triggers a remote Shell or sends audio / video to the server.

The following figure shows the network traffic with data sniffing malware implanted:

Red line: traffic between a device and a malicious remote server

Green line: normal traffic flow of the device

Black line: sum of TCP traffic

Function module

1. AP module and data flow capture module: capture network traffic

2. Traffic analysis engine: extract features from network traffic and compare them with device fingerprint database

3. Device fingerprint database: the normal network behavior of each device is stored. This module is based on whitelist and can call 360threat intelligence database (https://ti.360.net/).

4. Web server: Web server was introduced in the second generation.

Work flow chart

Tool demonstration

In the course of our research, we successfully implanted Trojans on eight devices using IoT-Implant-Toolkit (see Freebuf's introduction to the tool), including smart speakers, cameras, traffic recorders, mobile translators, and so on.

We collected the characteristic information of these devices, then ran IoT-Home-Guard, and finally successfully detected the Trojans implanted on all the devices. We believe that, in this way to detect malicious behavior in the target device, coupled with the malicious feature database, the detection accuracy will be very high.

Installation and use of software

Build the environment:

Git clone https://github.com/arthastang/IoT-Home-Guardcd IoT-Home-Guard/software_tools/python setup.py install

You can use the following command to detect whether the target device has been implanted with a Trojan horse:

. / IoT-Home-Guard.py

Run the following command to build the Web server (using port 8080):

. / screenshot of homeguard operation

The above is all the content of this article "what is IoT-Home-Guard?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.