CN108574672A - The method and device of ARP attack perception applied to mobile terminal - Google Patents

The method and device of ARP attack perception applied to mobile terminal Download PDF

Info

Publication number
CN108574672A
CN108574672A CN201710142637.8A CN201710142637A CN108574672A CN 108574672 A CN108574672 A CN 108574672A CN 201710142637 A CN201710142637 A CN 201710142637A CN 108574672 A CN108574672 A CN 108574672A
Authority
CN
China
Prior art keywords
arp
address
mac
attacker
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710142637.8A
Other languages
Chinese (zh)
Inventor
关杰文
宋正义
张丽红
马志远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Antian Information Technology Co Ltd
Original Assignee
Wuhan Antian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Antian Information Technology Co Ltd filed Critical Wuhan Antian Information Technology Co Ltd
Priority to CN201710142637.8A priority Critical patent/CN108574672A/en
Publication of CN108574672A publication Critical patent/CN108574672A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of ARP messages cognitive method and device applied to mobile terminal, the data packet received is captured after mobile terminal access net;If the data packet is ARP data packets, extracts the transmission source IP address of ARP data packets and send source MAC;If transmission source IP address is gateway ip address, the transmission source MAC is preserved as doubtful attacker's MAC Address;When doubtful attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.Due to mobile terminal device only received data packet, without forwarding data packet, packet capturing flow is carried out in the bypass of received data packet, ARP attack perception can be carried out in the case where not influencing mobile terminal normal operation in this way, can quick sensing to ARP message aggressions, higher accuracy rate is obtained with smaller cost.

Description

The method and device of ARP attack perception applied to mobile terminal
Technical field
It is perceived the present invention relates to field of information security technology more particularly to a kind of ARP attacks applied to mobile terminal Method and device.
Background technology
ARP protocol (Address Resolution Protocol, address resolution protocol) is one in IPv4 protocol suites In network layer protocol, basic function is that the MAC Address of target device is inquired by the IP address of target device.For going through History reason, ARP protocol consider and not perfect at the beginning of formulation, lack necessary authentication mechanism, cause ARP protocol to become so-called " gentleman's agreement ", there is a large amount of means attacked using ARP protocol weakness and tool on network, caused to network environment Great threat.
ARP message aggressions are common one of attack means, and attacker utilizes the design loophole of ARP protocol, forges ARP Message aggression target terminal (table 1 shows ARP message structures).In conjunction with shown in Fig. 1, if machine A wants to carry out outbound communication, need The data packet of transmission is first passed into gateway B, the destination address of outer net is forwarded to by it.And data packet is passed in link layer It needs to be sent according to the addresses gateway Mac recorded in oneself arp cache table using the addresses Mac of gateway B, machine A when defeated The data packet.Since the processing mode of arp reply lacks authentication mechanism, terminal is answered receiving any ARP for meeting protocol specification The addresses the IP-Mac correspondence in oneself arp cache table can be all updated when answering packet.If at this point, there are attacker C in network, Attacker C can pretend oneself be gateway B, using certain frequency to machine A transmission sources IP as gateway B, the source addresses Mac be attacker C Malice arp reply packet, the true addresses Mac of gateway in covering machine A.At this point, machine A is with being mistakenly considered the Mac of attacker C Location is the addresses Mac of intended gateway B, can all reach attacker C from the data packet of this machine A outgoings, cause the misleading of flow.If Attacker C coordinates man-in-the-middle attack means that communicating pair is pretended to be then further may to steal its wealth using the privacy information of user again Object causes serious consequence.
Table 1
Although ARP message aggressions can cause serious consequence, in the WiFi environment that masses often touch mostly not It disposes ARP and attacks perception mechanism.In addition, even if in the network equipments such as interchanger, router or gateway ARP in existing design There is also shortcomings for attack perception.For example, since the main task of gateway device is forwarding data packet, it is normal not influencing it The detection efficient of ARP attack perception logics will certainly be reduced in the case of forwarding task, perception velocities are slow.Even if in addition, gateway It is found that in its LAN that there are ARP attacks can not also feed back to the attack by complete at attack terminal with lower cost At the flow for entirely reporting and disposing.
Invention content
The purpose of the present invention is to provide a kind of ARP applied to mobile terminal to attack cognitive method and device, can be fast Speed perceives ARP message aggressions, and higher accuracy rate is obtained with smaller cost, protects the privacy and property safety of user.
The invention discloses a kind of ARP applied to mobile terminal to attack cognitive method, includes the following steps:
The data packet received is captured after mobile terminal access net and judges whether it is ARP data packets;
If the data packet is ARP data packets, extracts the transmission source IP address of ARP data packets and send source MAC;If Transmission source IP address is gateway ip address, then preserves the transmission source MAC as doubtful attacker's MAC Address;When preservation Doubtful attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.
Further, when doubtful attacker's MAC Address of preservation has difference and at least one MAC Address is corresponding When the frequency of ARP data packets is more than threshold value, then judge that there are ARP message aggressions.
Further, when judgement is there are after ARP message aggressions, mobile terminal miscellaneous equipment into network sends broadcast message To obtain the IP address and MAC Address of each equipment, if there is any doubtful attacker that the MAC Address of equipment is preserved with mobile terminal MAC Address is consistent, and the IP address of the equipment is not gateway IP, then judges the equipment for attacker.
Further, after judging attacker, mobile terminal is by the essential information of the current gateway equipment of collection and attacks The IP address for the person of hitting and the addresses Mac upload to the remote server for collecting evidence, analyzing together.
The invention also discloses a kind of ARP applied to mobile terminal to attack sensing device, including trapping module, analysis mould Block, wherein:
The trapping module is used to capture the data packet received after mobile terminal accesses net and judges whether it is ARP numbers According to packet;
The analysis module is used to receive the ARP data packets of trapping module transmission, extracts the transmission source of ARP data packets IP address and transmission source MAC;If transmission source IP address is gateway ip address, the transmission source MAC is preserved as doubtful Like attacker's MAC Address;When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
Further, the analysis module is used to work as doubtful attacker's MAC Address with there is different and at least one MAC When the frequency of the corresponding ARP data packets in location is more than threshold value, then judge that there are ARP message aggressions.
Further, ARP attack sensing device further includes module of tracing to the source, and the module of tracing to the source is for when judging presence After ARP message aggressions, into network, miscellaneous equipment sends broadcast message to obtain the IP address and MAC Address of each equipment, if having The MAC Address of equipment is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and the IP address of the equipment is not net IP is closed, then judges the equipment for attacker.
Further, the ARP attacks sensing device further includes feedback module, and the feedback module, which is used to work as, to be judged to attack After the person of hitting, the essential information of current gateway equipment of collection and the IP address of attacker and the addresses Mac are uploaded to be used for together The remote server of evidence obtaining, analysis.
The advantageous effect of the present invention compared with prior art:The present invention is in mobile terminal deployment ARP attack perception, and movement is eventually Termination captures the data packet received after networking;If the data packet is ARP data packets, with extracting the transmission source IP of ARP data packets Location and transmission source MAC;If transmission source IP address is gateway ip address, preserves the transmission source MAC and attacked as doubtful The person's of hitting MAC Address;When doubtful attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.Due to mobile terminal Equipment only received data packet in this way can be in not shadow without forwarding data packet, packet capturing flow to be carried out in the bypass of received data packet ARP attack perception is carried out in the case of ringing mobile terminal normal operation, can quick sensing to ARP message aggressions, with smaller Cost obtains higher accuracy rate.In addition, deployment ARP attacks perception logic can attack thing finding ARP in the terminal Relevant disposal process is carried out after part immediately, preferably to protect the privacy and property safety of user.
Description of the drawings
Fig. 1 is ARP message aggression principle schematics.
Fig. 2 is the flow diagram that a kind of ARP applied to mobile terminal of the present invention attacks cognitive method.
Fig. 3 is the structural schematic diagram that a kind of ARP applied to mobile terminal of the present invention attacks sensing device.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into One step it is described in detail.
In some embodiments, in conjunction with shown in Fig. 2, the ARP disclosed by the invention applied to mobile terminal attacks perception side Method includes the following steps:
S100, mobile terminal access captures the data packet received after netting, and judges whether it is ARP data packets.
It should be understood that mobile terminal can access WiFi WLANs, bluetooth equity WLAN or infrared ray Reciprocity WLAN etc. is described by taking WiFi WLANs as an example in the present embodiment.
After mobile terminal connects upper WiFi, capture what mobile terminal received by packet catchers such as Pcap or Tcpdump Network packet.If the type of the data packet is ARP, step S20 is carried out, otherwise captures data packet again.
S200 includes the following steps:
S201, if the data packet is ARP data packets, with extracting transmission source IP address and the transmission source MAC of ARP data packets Location.
S202 preserves the transmission source MAC as doubtful attacker if transmission source IP address is gateway ip address MAC Address.
Judge whether the transmission source IP address of the data packet is the true gateway ip address preserved, if so, preserving Transmission source MAC corresponding with the IP address, using as doubtful attacker's MAC Address.Otherwise, next ARP data are captured Packet.
S203, when doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
For example, it is assumed that the true IP address of gateway is 192.168.1.1, MAC Address AA:BB:CC:DD:EE:FF is moved Dynamic terminal has received two and sends the data packet that source IP address is gateway real IP address, when doubtful attacker's MAC Address exists When different, then illustrate that at least one is attacker, thus may determine that there are ARP message aggressions in network.As shown in table 2, 2 transmission source IP address having the same of data packet 1 and data packet, and the IP address of gateway and its MAC Address are one in a network One is corresponding, therefore may determine that there are one data packet be attacker's camouflage.
Table 2
Data packet Send source IP address Send source MAC
1 192.168.1.1 AA:BB:CC:DD:EE:FF
2 192.168.1.1 GG:HH:KK:LL:MM:NN
Due to mobile terminal device only received data packet, without forwarding data packet, packet capturing flow is on the side of received data packet Road carry out, can be carried out in this way in the case where not influencing mobile terminal normal operation ARP attack perceive, can quick sensing arrive ARP message aggressions obtain higher accuracy rate with smaller cost.
Certainly, in order to improve the accuracy of ARP attack perception, it can be combined with remaining strategy and carry out ARP attack perception.Example Such as, if mobile terminal receives same IP address and the frequency of the ARP data packets of the addresses Mac is excessively high, there are ARP message aggressions Possibility it is larger.Therefore, if the doubtful attacker's MAC Address preserved there is difference and at least one MAC Address is corresponding When the frequency of ARP data packets is more than threshold value, just judge that there are ARP message aggressions.
In order to protect user security, it is also desirable to attacker can be found, therefore when judging there are after ARP message aggressions, it is mobile Terminal can also send broadcast message to obtain the IP address and MAC Address of each equipment, if there is equipment by miscellaneous equipment into network MAC Address it is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and the IP address of the equipment is not gateway IP then judges the equipment for attacker.
In further embodiments, after judging attacker, mobile terminal can also be by the current gateway equipment of collection Essential information, as the title of WiFi, the IP address of the addresses Mac and attacker and the addresses Mac are uploaded to together for collecting evidence, analyzing Remote server data are provided and are supported for network crime tracking and evidence obtaining in case subsequent evidence obtaining or big data analysis.Thus As it can be seen that deployment ARP attacks perception in the terminal, can carry out relevant disposition stream immediately after finding ARP attacks Journey, preferably to protect the privacy and property safety of user.
The invention also discloses the ARP applied to mobile terminal to attack sensing device 10, as shown in figure 3, the sensing device 10 include trapping module 11, analysis module 12, wherein:
Trapping module 11 is used to capture the data packet received after mobile terminal accesses net and judges whether it is ARP data Packet.
It should be understood that mobile terminal can access WiFi WLANs, bluetooth equity WLAN or infrared ray Reciprocity WLAN etc. is described by taking WiFi WLANs as an example in the present embodiment.
After mobile terminal connects upper WiFi, capture what mobile terminal received by packet catchers such as Pcap or Tcpdump Network packet.If the type of the data packet is ARP, analysis module 12 is sent the packet to, is otherwise captured again Data packet.
Analysis module 12 receives the ARP data packets that trapping module 11 is sent, with extracting the transmission source IP of ARP data packets Location and transmission source MAC;If transmission source IP address is gateway ip address, preserves the transmission source MAC and attacked as doubtful The person's of hitting MAC Address;When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
Judge whether the transmission source IP address of the data packet is the true gateway ip address preserved, if so, preserving Transmission source MAC corresponding with the IP address, using as doubtful attacker's MAC Address.Otherwise, next ARP data are captured Packet.
When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
For example, it is assumed that the true IP address of gateway is 192.168.1.1, MAC Address AA:BB:CC:DD:EE:FF is moved Dynamic terminal has received two and sends the data packet that source IP address is gateway real IP address, when doubtful attacker's MAC Address exists When different, then illustrate that at least one is attacker, thus may determine that there are ARP message aggressions in network.As shown in table 2, 2 transmission source IP address having the same of data packet 1 and data packet, and the IP address of gateway and its MAC Address are one in a network One is corresponding, therefore may determine that there are one data packet be attacker's camouflage.
Certainly, in order to improve the accuracy of ARP attack perception, it can be combined with remaining strategy and carry out ARP attack perception.Example Such as, if mobile terminal receives same IP address and the frequency of the ARP data packets of the addresses Mac is excessively high, there are ARP message aggressions Possibility it is larger.Therefore, if the doubtful attacker's MAC Address preserved there is difference and at least one MAC Address is corresponding When the frequency of ARP data packets is more than threshold value, analysis module 12 just judges that there are ARP message aggressions.
It is also uncommon in order to protect user security when finding in network there are after ARP message aggressions in other are example Prestige can find attacker, therefore ARP attack sensing devices 10 further include module 13 of tracing to the source, and module of tracing to the source 13 is used to exist when judgement After ARP message aggressions, into network, miscellaneous equipment sends broadcast message to obtain the IP address and MAC Address of each equipment, if having The MAC Address of equipment is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and the IP address of the equipment is not net IP is closed, then judges the equipment for attacker.
According to actual needs, in some embodiments, it further includes feedback module 14 that ARP, which attacks sensing device 10, works as judgement After going out attacker, feedback module 14 such as the title of WiFi, the addresses Mac and attacks the essential information of the current gateway equipment of collection The IP address for the person of hitting and the addresses Mac upload to the remote server for collecting evidence, analyzing together, in case subsequent evidence obtaining or big number According to analysis, data are provided and are supported for network crime tracking and evidence obtaining.
The present invention captures the data packet received after mobile terminal deployment ARP attack perception, mobile terminal access net;If should Data packet is ARP data packets, then extracts the transmission source IP address of ARP data packets and send source MAC;If sending source IP address For gateway ip address, then the transmission source MAC is preserved as doubtful attacker's MAC Address;When doubtful attacker's MAC Address is deposited When different, then judge that there are ARP message aggressions.Since mobile terminal device only received data packet is grabbed without forwarding data packet Packet stream journey is carried out in the bypass of received data packet, can carry out ARP in the case where not influencing mobile terminal normal operation in this way Attack perception, can quick sensing to ARP message aggressions, higher accuracy rate is obtained with smaller cost.In addition, mobile whole ARP attack perception logics are disposed in end to carry out relevant disposal process immediately after finding ARP attacks, with preferably Protect the privacy and property safety of user.
Although the step in the present invention is arranged with label, it is not used to limit the precedence of step, unless Based on the execution of the order or certain step that specify step needs other steps, otherwise the relative rank of step is It is adjustable.
Several embodiments of the present invention have shown and described in above description, but as previously described, it should be understood that the present invention is not It is confined to form disclosed herein, is not to be taken as excluding other embodiments, and can be used for various other combinations, modification And environment, and can be carried out by the above teachings or related fields of technology or knowledge in the scope of the invention is set forth herein Change.And changes and modifications made by those skilled in the art do not depart from the spirit and scope of the present invention, then it all should be in institute of the present invention In attached scope of the claims.

Claims (8)

1. a kind of ARP applied to mobile terminal attacks cognitive method, which is characterized in that include the following steps:
The data packet received is captured after mobile terminal access net and judges whether it is ARP data packets;
If the data packet is ARP data packets, extracts the transmission source IP address of ARP data packets and send source MAC;If sending Source IP address is gateway ip address, then preserves the transmission source MAC as doubtful attacker's MAC Address;It is doubtful when preservation Attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.
2. ARP as described in claim 1 attacks cognitive method, which is characterized in that when judging, there are after ARP message aggressions, to move Dynamic terminal miscellaneous equipment into network sends broadcast message to obtain the IP address and MAC Address of each equipment, if there is the MAC of equipment Address is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and IP address is not gateway ip address, then judging should Equipment is attacker.
3. ARP as claimed in claim 2 attacks cognitive method, which is characterized in that after judging attacker, mobile terminal will The essential information of current gateway equipment and the IP address of attacker of collection and the addresses Mac are uploaded to together for collecting evidence, analyzing Remote server.
4. ARP as described in claim 1 attacks cognitive method, which is characterized in that when doubtful attacker's MAC Address of preservation is deposited When different and the corresponding ARP data packets of at least one MAC Address frequencies are more than threshold value, then judge that there are ARP messages to attack It hits.
5. a kind of ARP applied to mobile terminal attacks sensing device, which is characterized in that including trapping module, analysis module, In:
The trapping module is used to capture the data packet received after mobile terminal accesses net and judges whether it is ARP data Packet;
The analysis module is used to receive the ARP data packets of trapping module transmission, with extracting the transmission source IP of ARP data packets Location and transmission source MAC;If transmission source IP address is gateway ip address, preserves the transmission source MAC and attacked as doubtful The person's of hitting MAC Address;When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
6. ARP as claimed in claim 5 attacks sensing device, which is characterized in that the ARP attacks sensing device further includes tracing back Source module, the module of tracing to the source for when judging there are after ARP message aggressions, into network miscellaneous equipment transmission broadcast message with The IP address and MAC Address of each equipment are obtained, if there is any doubtful attacker that the MAC Address of equipment is preserved with mobile terminal MAC Address is consistent, and IP address is not gateway IP, then judges the equipment for attacker.
7. ARP as claimed in claim 6 attacks sensing device, which is characterized in that the ARP attacks sensing device further includes anti- Module is presented, the feedback module is used for after judging attacker, by the essential information of the current gateway equipment of collection and attack The IP address of person and the addresses Mac upload to the remote server for collecting evidence, analyzing together.
8. ARP as claimed in claim 5 attacks sensing device, which is characterized in that the analysis module is used to work as doubtful attack When person's MAC Address has different and the corresponding ARP data packets of at least one MAC Address frequency more than threshold value, judge exist ARP message aggressions.
CN201710142637.8A 2017-03-10 2017-03-10 The method and device of ARP attack perception applied to mobile terminal Pending CN108574672A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710142637.8A CN108574672A (en) 2017-03-10 2017-03-10 The method and device of ARP attack perception applied to mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710142637.8A CN108574672A (en) 2017-03-10 2017-03-10 The method and device of ARP attack perception applied to mobile terminal

Publications (1)

Publication Number Publication Date
CN108574672A true CN108574672A (en) 2018-09-25

Family

ID=63578130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710142637.8A Pending CN108574672A (en) 2017-03-10 2017-03-10 The method and device of ARP attack perception applied to mobile terminal

Country Status (1)

Country Link
CN (1) CN108574672A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333146A (en) * 2020-09-21 2021-02-05 南方电网海南数字电网研究院有限公司 ARP security defense method for intelligent power transformation gateway and intelligent power transformation gateway
CN112583817A (en) * 2020-12-07 2021-03-30 北京威努特技术有限公司 Network oscillation monitoring and early warning method, device and medium
CN113938460A (en) * 2021-11-25 2022-01-14 湖北天融信网络安全技术有限公司 Network detection method and device, electronic equipment and storage medium
CN114980113A (en) * 2022-06-17 2022-08-30 西安紫光展锐科技有限公司 Method for preventing ARP attack on terminal side

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1609291A1 (en) * 2002-09-16 2005-12-28 Cisco Technology, Inc. Method and apparatus for preventing spoofing of network addresses
KR20070106893A (en) * 2006-05-01 2007-11-06 이형우 Method for prevention an arp poison attack
CN101247217A (en) * 2008-03-17 2008-08-20 北京星网锐捷网络技术有限公司 Method, unit and system for preventing address resolution protocol flux attack
CN101415012A (en) * 2008-11-06 2009-04-22 杭州华三通信技术有限公司 Method and system for defending address analysis protocol message aggression
CN104219339A (en) * 2014-09-17 2014-12-17 北京金山安全软件有限公司 Method and device for detecting address resolution protocol attack in local area network
CN104917729A (en) * 2014-03-12 2015-09-16 国基电子(上海)有限公司 Network device and method for preventing address resolution protocol message from being attacked
CN106376003A (en) * 2015-07-23 2017-02-01 中移(杭州)信息技术有限公司 Method and device for detecting wireless local area network connection and wireless local area network data transmission

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1609291A1 (en) * 2002-09-16 2005-12-28 Cisco Technology, Inc. Method and apparatus for preventing spoofing of network addresses
KR20070106893A (en) * 2006-05-01 2007-11-06 이형우 Method for prevention an arp poison attack
CN101247217A (en) * 2008-03-17 2008-08-20 北京星网锐捷网络技术有限公司 Method, unit and system for preventing address resolution protocol flux attack
CN101415012A (en) * 2008-11-06 2009-04-22 杭州华三通信技术有限公司 Method and system for defending address analysis protocol message aggression
CN104917729A (en) * 2014-03-12 2015-09-16 国基电子(上海)有限公司 Network device and method for preventing address resolution protocol message from being attacked
CN104219339A (en) * 2014-09-17 2014-12-17 北京金山安全软件有限公司 Method and device for detecting address resolution protocol attack in local area network
CN106376003A (en) * 2015-07-23 2017-02-01 中移(杭州)信息技术有限公司 Method and device for detecting wireless local area network connection and wireless local area network data transmission

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333146A (en) * 2020-09-21 2021-02-05 南方电网海南数字电网研究院有限公司 ARP security defense method for intelligent power transformation gateway and intelligent power transformation gateway
CN112583817A (en) * 2020-12-07 2021-03-30 北京威努特技术有限公司 Network oscillation monitoring and early warning method, device and medium
CN112583817B (en) * 2020-12-07 2023-04-28 北京威努特技术有限公司 Network oscillation monitoring and early warning method, device and medium
CN113938460A (en) * 2021-11-25 2022-01-14 湖北天融信网络安全技术有限公司 Network detection method and device, electronic equipment and storage medium
CN114980113A (en) * 2022-06-17 2022-08-30 西安紫光展锐科技有限公司 Method for preventing ARP attack on terminal side

Similar Documents

Publication Publication Date Title
US11516239B2 (en) System, device, and method of adaptive network protection for managed internet-of-things services
CN105681353B (en) Defend the method and device of port scan invasion
EP2939454B1 (en) System and method for correlating network information with subscriber information in a mobile network environment
KR101231975B1 (en) Method of defending a spoofing attack using a blocking server
CN101087196B (en) Multi-layer honey network data transmission method and system
CN108574672A (en) The method and device of ARP attack perception applied to mobile terminal
CN101848197B (en) Detection method and device and network with detection function
CN105491060B (en) Method, apparatus, client and the equipment of defending distributed denial of service attack
KR101409563B1 (en) Method and apparatus for identifying application protocol
US10374913B2 (en) Data retention probes and related methods
US20150271194A1 (en) Fake Base Station Detection with Core Network Support
US20170134957A1 (en) System and method for correlating network information with subscriber information in a mobile network environment
CN112219381A (en) Method for data analysis-based message filtering in edge nodes
US9338657B2 (en) System and method for correlating security events with subscriber information in a mobile network environment
JP2010171527A (en) Overlay traffic detection system, and traffic monitoring-control system
CN106899978B (en) Wireless network attack positioning method
CN108574673A (en) ARP message aggression detection method and device applied to gateway
CN108512816B (en) Traffic hijacking detection method and device
KR20150082903A (en) Method and apparatus for application detection
CN107864110A (en) Botnet main control end detection method and device
Guo et al. Forensic analysis of DoS attack traffic in MANET
Khan et al. Real-time cross-layer design for a large-scale flood detection and attack trace-back mechanism in IEEE 802.11 wireless mesh networks
Castiglione et al. Device tracking in private networks via napt log analysis
Park et al. Threats and countermeasures on a 4G mobile network
CN103746918B (en) Message forwarding system and message forwarding method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180925