A detecting device obtains a network log and a host log of a device. The detecting device converts the network log into a network feature value in a form which is inputtable to a multimodal generative model which generates output data on the basis of multiple latent variables represented by random variables. The detecting device converts the host log into a host feature value in a form which is inputtable to the generative model. The detecting device also inputs at least one of the network feature value and the host feature value to the generative model and calculates output data. The detecting device detects an abnormality about the device using an anomaly score calculated on the basis of the output data.

A detecting device obtains a network log and a host log of a device. The detecting device converts the network log into a network feature value in a form which is inputtable to a multimodal generative model which generates output data on the basis of multiple latent variables represented by random variables. The detecting device converts the host log into a host feature value in a form which is inputtable to the generative model. The detecting device also inputs at least one of the network feature value and the host feature value to the generative model and calculates output data. The detecting device detects an abnormality about the device using an anomaly score calculated on the basis of the output data.

A key negotiation method and an electronic device are provided, and relate to the field of communications technologies. Specifically, the method includes: An IoT control device multicasts, in a first local area network, a discovery message that carries a first public key, and sends a second ciphertext to a first IoT device after receiving a first ciphertext and a second public key. After receiving a third ciphertext from the first IoT device, the IoT control device decrypts the third ciphertext based on a first session key, to obtain a second signature and second session information; verifies the second signature based on a long-term public key of the first IoT device; and performs encrypted communication with the first IoT device based on the first session key after the second signature is successfully verified.

A key negotiation method and an electronic device are provided, and relate to the field of communications technologies. Specifically, the method includes: An IoT control device multicasts, in a first local area network, a discovery message that carries a first public key, and sends a second ciphertext to a first IoT device after receiving a first ciphertext and a second public key. After receiving a third ciphertext from the first IoT device, the IoT control device decrypts the third ciphertext based on a first session key, to obtain a second signature and second session information; verifies the second signature based on a long-term public key of the first IoT device; and performs encrypted communication with the first IoT device based on the first session key after the second signature is successfully verified.

A method includes identifying a potentially malicious node using a rating assigned to nodes within the network and decrementing the rating based on detected dropped messages to identify a potentially malicious node. The malicious node is identified based on location information obtained from the nodes within the network and comparable distances from the potentially malicious node. The method further includes ending communications with the malicious node and selecting a new parent node based on a presumption that any of the plurality of nodes other than the malicious node are non-malicious.

A method includes identifying a potentially malicious node using a rating assigned to nodes within the network and decrementing the rating based on detected dropped messages to identify a potentially malicious node. The malicious node is identified based on location information obtained from the nodes within the network and comparable distances from the potentially malicious node. The method further includes ending communications with the malicious node and selecting a new parent node based on a presumption that any of the plurality of nodes other than the malicious node are non-malicious.

A device may receive software installation packages that include unique device identifiers and unique security mechanisms associated with corresponding IoT devices and include an address for the device, and may store the software installation packages in a data structure. The device may receive, based on the address for the device and from an IoT device, connection data identifying a request to connect to the device and identifying a device identifier and a security mechanism associated with the IoT device, and may utilize an MQTT protocol to authenticate the connection data based on the device identifier, the security mechanism, and the software installation packages stored in the data structure. The device may identify the IoT device as active when the connection data is authenticated, and may enable, when the connection data is authenticated, the IoT device to publish data to the device or to subscribe to data from the device.

A system on chip including a first master circuit, a second master circuit, a routing circuit, a bridge control circuit, and a peripheral circuit is provided. The first master circuit provides a first command. The second master circuit provides a second command. The routing circuit receives the first command and the second command and provides an output command. The bridge control circuit receives the output command and stores an attribute setting value. In response to the routing circuit receiving the first command and the first command pointing to the peripheral circuit, the routing circuit uses the first command as the output command and the bridge control circuit determines whether attribute information of the output command matches the attribute setting value. In response to the attribute information of the output command matching the attribute setting value, the bridge control circuit provides the output command to the peripheral circuit.

Facilitate configuration of authentication information for a service provided over IP network when there is no shared authentication information between IoT device and service provider device for a service used by IoT device, an intermediary device capable of authenticating legitimate access mediates between devices. An example: a cipher key CK stored in intermediary device and IoT device, as a result of SIM authentication of the SIM of the IoT device, is used as master key for services used by IoT device. By generating unique application key for a service used by IoT device on the intermediary device and IoT device on the basis of master key, and sending it to service provider apparatus from intermediary device by secure connection, common keys are set as authentication information to IoT device and service provider apparatus. A SIM authentication process for generating cipher key can suppress SQN attack based on a bad request.

Disclosed embodiments relate to distributed, crowd-sourced Internet of Things (IoT) discovery using Block Chain. In one example, a method includes scanning a network and generating a signature based on IoT device traits discovered, determining whether the signature is already in a verified or an unverified Block Chain, when the signature exists in the verified Block Chain, providing a verified entry including at least the IoT device type, otherwise, when the signature exists in the unverified Block Chain, providing an unverified entry including at least the IoT device type, incrementing a count, and promoting the unverified entry to the verified Block Chain when the count reaches a threshold, and otherwise, when the signature is in neither Block Chain, using the traits to guess the IoT device type, generating a new entry including the IoT device type, a location, and a timestamp, and storing the new entry in the unverified Block Chain.