CN112788035A - Network attack warning method of UPF terminal under 5G and terminal - Google Patents
Network attack warning method of UPF terminal under 5G and terminal Download PDFInfo
- Publication number
- CN112788035A CN112788035A CN202110042996.2A CN202110042996A CN112788035A CN 112788035 A CN112788035 A CN 112788035A CN 202110042996 A CN202110042996 A CN 202110042996A CN 112788035 A CN112788035 A CN 112788035A
- Authority
- CN
- China
- Prior art keywords
- terminal
- log
- upf
- network
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Abstract
The invention discloses a network attack warning method of a UPF terminal under 5G and the terminal, wherein the method comprises the following steps: the terminal detects the discarded or rejected network attack message after each network attack in real time through the log function of preset software, and records the network attack message in a log file; the terminal starts a monitoring thread, reads the log file and distinguishes different attack logs according to prefix information in the log file; and the terminal sends alarm information to a network management center according to the type of the attack log, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time. The invention detects the network attack in time, obtains the type of the network attack, and sends the alarm information to the network management center, thereby facilitating the corresponding maintenance of the network management center.
Description
Technical Field
The invention relates to the technical field of 5G application, in particular to a network attack warning method and a network attack warning terminal of a UPF terminal under 5G.
Background
5G (5th Generation mobile networks or 5th Generation with less systems, 5th-Generation, abbreviated as 5G or 5G technology) represents a fifth Generation mobile communication technology, which is the latest Generation cellular mobile communication technology, and is also an extension following 4G (LTE-A, WiMax), 3G (UMTS, LTE) and 2G (gsm) terminals. The performance goals of 5G are high data rate, reduced latency, energy savings, reduced cost, increased terminal capacity and large-scale device connectivity. The first phase of the 5G specification in Release-15 was to accommodate early commercial deployments. The second phase of Release-16 will be completed in month 4 of 2020 and is submitted to the International Telecommunications Union (ITU) as a candidate for IMT-2020 technology. The ITU IMT-2020 specification requires speeds up to 20Gbit/s, and can implement wide channel bandwidth and large capacity MIMO.
Firewalls, which are a type of access control device between an intranet and an extranet, are often installed at the intersection of the intranet and the extranet. The firewall has good network security protection function. An intruder must first traverse the security line of the firewall to reach the target computer. Firewalls can be configured to many different levels of protection, with a high level of protection potentially prohibiting some services, such as video streaming, etc.
The firewall itself should have very strong immunity against attacks: this is a prerequisite for the firewall to act as a network security guard in the enterprise. The firewall is arranged at the edge of the network, and is just like a border guard, and the firewall faces the invasion of hackers at all times, so that the firewall is required to have very strong anti-invasion capability.
The most classical firewall of Linux (operating terminal kernel) uses Netfilter technology, Netfilter is a sub-terminal introduced by Linux 2.4.x, and serves as a universal and abstract framework to provide a complete set of management mechanisms of hook functions, so that connection tracking such as packet filtering, Network Address Translation (NAT) and based on protocol types is possible; the application layer is software for IPTABLES, which is an IP packet filtering terminal integrated with the latest version 3.5 Linux kernel, which facilitates better control of IP packet filtering and firewall configuration on Linux terminals if they are connected to the internet or to LANs, servers or proxy servers connecting LANs and the internet. After configuration, the network attack message can be intercepted, limited in current and discarded according to rules, and the safe and stable operation of the terminal is protected to the maximum extent.
At present, many network products adopt a centralized network management architecture, and network management software adopts an SNMP (simple network management protocol) protocol to manage a plurality of network element devices. The network element generally adopts a Linux platform, and an IPTABLES network firewall is operated to ensure that the network element can withstand network attack. After the network element is attacked, the network management center wants to know the attack occurrence at the first time, and takes various measures to block the attack occurrence. The network element can send an alarm to the network management center, and the administrator can know the attack, the type of the attack, the attack occurrence frequency, the attack source IP, the attack time and the like at the first time. However, IPTABLES does not generate an alarm and cannot send the alarm to the network manager, so that the network is at a risk of being attacked, and related personnel cannot be informed to take remedial measures in time.
Accordingly, the prior art is yet to be improved and developed.
Disclosure of Invention
The invention mainly aims to provide a network attack warning method and a terminal of a UPF terminal under 5G, and aims to solve the problems that IPTABLES cannot generate warning and cannot send the warning to a network manager in the prior art, so that the network has a risk of being attacked, and related personnel cannot be informed to take remedial measures in time.
In order to achieve the above object, the present invention provides a network attack warning method for a UPF terminal under 5G, where the network attack warning method for the UPF terminal under 5G includes the following steps:
the terminal detects the discarded or rejected network attack message after each network attack in real time through the log function of preset software, and records the network attack message in a log file;
the terminal starts a monitoring thread, reads the log file and distinguishes different attack logs according to prefix information in the log file;
and the terminal sends alarm information to a network management center according to the type of the attack log, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time.
Optionally, the method for alarming network attack of a UPF terminal under 5G, where the terminal sends alarm information to a network management center according to the type of the attack log, and then the method further includes:
and if the terminal does not detect new alarm information continuously within the preset time, canceling the current type alarm to the network management center.
Optionally, in the network attack warning method for the UPF terminal under 5G, the log function is that Netfilter of the kernel monitors incoming and outgoing network messages, and each message discards, receives, forwards, and generates a piece of log information according to a rule.
Optionally, the method for alarming network attack of a UPF terminal under 5G further includes:
the terminal adds a rule for discarding the ICMP message, inputs the ICMP message and discards the ICMP message;
the terminal opens a log function when the ICMP message is discarded, and prefix information is acquired;
the terminal modifies a preset file and generates a log file when detecting that the message is discarded through preset software;
the terminal restarts a Linux command, controls a log function to reload the configuration file, and starts to take effect;
and if the terminal receives the ICMP message, generating a log to acquire the attack type.
Optionally, the method for alarming network attack of a UPF terminal under 5G further includes:
the terminal starts a thread for monitoring the IPTABLES log, and the thread for monitoring the IPTABLES log reads an IPTABLES log file every second;
the terminal reads each log in the logs, and if the keywords of the ICMP-DROP exist, the number of the logs is increased by 1 until the traversal of the logs is completed;
the terminal sends the times of ICMP-DROP, the last recorded time and the source IP address to the network management center in an alarm form;
the terminal empties the log file and controls iptables.log content to be empty;
and in the process of reading the log within the continuous preset time, the terminal generates a message of canceling the alarm to the network management center when the log is not recorded once.
Optionally, in the method for alarming network attack of a UPF terminal under 5G, the terminal sends the number of times of ICMP-DROP, the last recorded time, and the source IP address to the network management center according to a private format using an SNMP protocol.
Optionally, in the network attack warning method for the UPF terminal under 5G, the preset software is IPTABLES.
Optionally, in the method for alarming network attack of a UPF terminal under 5G, the preset time is 5 seconds.
In addition, to achieve the above object, the present invention further provides a terminal, wherein the terminal includes: the network attack warning method comprises the steps of a memory, a processor and a network attack warning program of the UPF terminal under 5G, wherein the network attack warning program of the UPF terminal under 5G is stored on the memory and can run on the processor, and when being executed by the processor, the network attack warning program of the UPF terminal under 5G realizes the network attack warning method of the UPF terminal under 5G.
In addition, in order to achieve the above object, the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores a network attack warning program of a UPF terminal under 5G, and when the network attack warning program of the UPF terminal under 5G is executed by a processor, the steps of the network attack warning method of the UPF terminal under 5G are implemented.
In the invention, the terminal detects the discarded or rejected network attack message after each network attack in real time through the log function of the preset software, and records the network attack message in a log file; the terminal starts a monitoring thread, reads the log file and distinguishes different attack logs according to prefix information in the log file; and the terminal sends alarm information to a network management center according to the type of the attack log, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time. The invention detects the network attack in time, obtains the type of the network attack, and sends the alarm information to the network management center, thereby facilitating the corresponding maintenance of the network management center.
Drawings
FIG. 1 is a flowchart of a network attack warning method for UPF terminals under 5G according to a preferred embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating prohibition of an ICMP function in a preferred embodiment of the network attack warning method for a UPF terminal in 5G of the present invention;
fig. 3 is a schematic flow chart illustrating monitoring of threads for monitoring iptables logs in the preferred embodiment of the network attack warning method for the UPF terminal in 5G of the present invention;
fig. 4 is a schematic operating environment of a terminal according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the method for alarming network attack of UPF terminal under 5G according to the preferred embodiment of the present invention, as shown in fig. 1, the method for alarming network attack of UPF terminal under 5G includes the following steps:
step S10, the terminal detects the discarded or rejected network attack message after each network attack in real time through the log function of the preset software, and records the network attack message in a log file;
step S20, the terminal starts a monitoring thread, reads the log file, and distinguishes different attack logs according to prefix information in the log file;
and step S30, the terminal sends alarm information to a network management center according to the type of the attack log, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time.
Further, after the step S40, the method further includes: and if the terminal does not detect new alarm information continuously within the preset time, canceling the current type alarm to the network management center.
Specifically, the terminal (for example, a Netfilter module of a computer kernel) monitors incoming and outgoing messages, discards, receives, forwards and the like according to an IPTABLES rule of an application layer) and utilizes a log function of the IPTABLES (that is, the preset software is the IPTABLES) (the log function is the Netfilter of the kernel to monitor incoming and outgoing network messages, each message discards, receives, forwards and generates a log message according to the rule), the discarded or rejected message after each attack, the iptles records in a configured log file IPTABLES log, starts a monitoring thread, reads the IPTABLES specially, distinguishes different attack logs (determined according to actual service requirements, for example, the current supported attack types: FLOOD, ICMP-FLOOD, UDP-SYNC, DOS and the like) according to a prefix (after the log is generated, a recorded prefix is in the abp-DRO, for example, the prefix name), and sending alarm information to a network management center, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time. The judgment basis of the alarm cancellation is that no new alarm is generated for 5 continuous seconds (namely the preset time is 5 seconds), and then the current type alarm is cancelled to the network management center.
Further, the terminal adds a rule for discarding the ICMP message, inputs the ICMP message, and discards the ICMP message; the terminal opens a log function when the ICMP message is discarded, and prefix information is acquired; the terminal modifies a preset file and generates a log file when detecting that the message is discarded through preset software; the terminal restarts a Linux command, controls a log function to reload the configuration file, and starts to take effect; and if the terminal receives the ICMP message, generating a log to acquire the attack type.
As shown in fig. 2, the ICMP (ping) function is disabled, once there is a host ping current device, an alarm is triggered to the network element, a rule for discarding the ICMP message is added, the policy is DROP discard (DROP is a key word used in the rule, and chinese is interpreted as discard); the method comprises the following steps that an internet-A INPUT-p ICMP-j DROP is started, a log function when ICMP messages are discarded is started (a Netfilter of a kernel monitors network messages entering and exiting, and each message is discarded, received and forwarded according to rules to generate a piece of log information), and the log prefix is ICMP-DROP; Iptables-A INPUT-p icmp-j LOG- -LOG-prefix "icmp-drop"; modifying/etc/rsyslog. conf file, wherein, when the last added row is modified by using the editing software of Linux, for example, vim and getit can be modified, namely, when the rule of IPTABLES discards the message, log file, kernel.warming/var/log/IPTABLES. log, is generated; restart syslog (this is a linux command to let the system log function reload configuration file, start to take effect), service rsyslog restart; log file it can be seen in the/var/log/iptables log file that a log is generated upon receipt of an ICMP message.
Further, the terminal starts a thread for monitoring the IPTABLES log, and the thread for monitoring the IPTABLES log reads an IPTABLES log file every second; the terminal reads each log in the logs, and if the keywords of the ICMP-DROP exist, the number of the logs is increased by 1 until the traversal of the logs is completed; the terminal sends the times of ICMP-DROP, the last recorded time and the source IP address to the network management center in an alarm form; the terminal empties the log file and controls iptables.log content to be empty; and in the process of reading the log within the continuous preset time, the terminal generates a message of canceling the alarm to the network management center when the log is not recorded once.
As shown in fig. 3, the thread monitoring IPTABLES log is as follows: log files are read every second by the thread (the thread monitoring IPTABLES logs); reading each log in the log, if an ICMP-DROP keyword exists (namely an ICMP message enters, and a kernel protocol stack is discarded and recorded into a log file), increasing the number of records by 1 (the number of records is increased when one kernel Nnetfilter does not discard one packet, the number of records is all recorded, the records are saved into the log, and one record is increased when one packet is discarded) until the log traversal is completed; sending the times of ICMP-DROP, the last recorded time and the source IP address to a network management center in an alarm form (the network management center can analyze the times and the last recorded time and the source IP address by using an SNMP protocol and sending the times and the last recorded time and the source IP address to the network management center according to a private format); log file is emptied, and iptables is empty; and in the process of continuously reading the log for 5 seconds (5 times), if no record exists once, generating a message of canceling the alarm to the network management center.
Further, as shown in fig. 4, based on the above network attack warning method for the UPF terminal under 5G, the present invention also provides a terminal, where the terminal includes a processor 10, a memory 20, and a display 30. Fig. 4 shows only some of the components of the terminal, but it is to be understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.
The memory 20 may in some embodiments be an internal storage unit of the terminal, such as a hard disk or a memory of the terminal. The memory 20 may also be an external storage device of the terminal in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the terminal. Further, the memory 20 may also include both an internal storage unit and an external storage device of the terminal. The memory 20 is used for storing application software installed in the terminal and various types of data, such as program codes of the installation terminal. The memory 20 may also be used to temporarily store data that has been output or is to be output. In an embodiment, the memory 20 stores the network attack warning program 40 of the UPF terminal under 5G, and the network attack warning program 40 of the UPF terminal under 5G can be executed by the processor 10, so as to implement the network attack warning method of the UPF terminal under 5G in the present application.
The processor 10 may be a Central Processing Unit (CPU), a microprocessor or other data Processing chip in some embodiments, and is configured to run program codes stored in the memory 20 or process data, for example, execute a network attack warning method of the UPF terminal under 5G.
The display 30 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch panel, or the like in some embodiments. The display 30 is used for displaying information at the terminal and for displaying a visual user interface. The components 10-30 of the terminal communicate with each other via a system bus.
In one embodiment, when the processor 10 executes the network attack warning program 40 of the UPF terminal under 5G in the memory 20, the following steps are implemented:
the terminal detects the discarded or rejected network attack message after each network attack in real time through the log function of preset software, and records the network attack message in a log file;
the terminal starts a monitoring thread, reads the log file and distinguishes different attack logs according to prefix information in the log file;
and the terminal sends alarm information to a network management center according to the type of the attack log, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time.
Wherein, the terminal sends alarm information to a network management center according to the type of the attack log, and then the method further comprises the following steps:
and if the terminal does not detect new alarm information continuously within the preset time, canceling the current type alarm to the network management center.
The log function is that Netfilter of the kernel monitors the network messages which enter and exit, and each message discards, receives, forwards and generates a piece of log information according to rules.
The network attack warning method of the UPF terminal under 5G further comprises the following steps:
the terminal adds a rule for discarding the ICMP message, inputs the ICMP message and discards the ICMP message;
the terminal opens a log function when the ICMP message is discarded, and prefix information is acquired;
the terminal modifies a preset file and generates a log file when detecting that the message is discarded through preset software;
the terminal restarts a Linux command, controls a log function to reload the configuration file, and starts to take effect;
and if the terminal receives the ICMP message, generating a log to acquire the attack type.
The network attack warning method of the UPF terminal under 5G further comprises the following steps:
the terminal starts a thread for monitoring the IPTABLES log, and the thread for monitoring the IPTABLES log reads an IPTABLES log file every second;
the terminal reads each log in the logs, and if the keywords of the ICMP-DROP exist, the number of the logs is increased by 1 until the traversal of the logs is completed;
the terminal sends the times of ICMP-DROP, the last recorded time and the source IP address to the network management center in an alarm form;
the terminal empties the log file and controls iptables.log content to be empty;
and in the process of reading the log within the continuous preset time, the terminal generates a message of canceling the alarm to the network management center when the log is not recorded once.
And the terminal sends the times of ICMP-DROP, the last recorded time and the source IP address to the network management center according to a private format by using an SNMP protocol.
Wherein the preset software is IPTABLES.
Wherein the preset time is 5 seconds.
The invention also provides a computer readable storage medium, wherein the computer readable storage medium stores the network attack warning program of the UPF terminal under 5G, and the network attack warning program of the UPF terminal under 5G is executed by the processor to implement the steps of the network attack warning method of the UPF terminal under 5G.
In summary, the present invention provides a network attack warning method for a UPF terminal under 5G and a terminal, where the method includes: the terminal detects the discarded or rejected network attack message after each network attack in real time through the log function of preset software, and records the network attack message in a log file; the terminal starts a monitoring thread, reads the log file and distinguishes different attack logs according to prefix information in the log file; and the terminal sends alarm information to a network management center according to the type of the attack log, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time. The invention detects the network attack in time, obtains the type of the network attack, and sends the alarm information to the network management center, thereby facilitating the corresponding maintenance of the network management center.
Of course, it will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by instructing relevant hardware (such as a processor, a controller, etc.) through a computer program, and the program can be stored in a computer readable storage medium, and when executed, the program can include the processes of the embodiments of the methods described above. The computer readable storage medium may be a memory, a magnetic disk, an optical disk, etc.
It is to be understood that the invention is not limited to the examples described above, but that modifications and variations may be effected thereto by those of ordinary skill in the art in light of the foregoing description, and that all such modifications and variations are intended to be within the scope of the invention as defined by the appended claims.
Claims (10)
1. A network attack warning method of a UPF terminal under 5G is characterized in that the network attack warning method of the UPF terminal under 5G comprises the following steps:
the terminal detects the discarded or rejected network attack message after each network attack in real time through the log function of preset software, and records the network attack message in a log file;
the terminal starts a monitoring thread, reads the log file and distinguishes different attack logs according to prefix information in the log file;
and the terminal sends alarm information to a network management center according to the type of the attack log, wherein the alarm information comprises the current attack times, the attack type, the source IP address and the last attack time.
2. The network attack warning method for the UPF terminal under 5G according to claim 1, wherein the terminal sends warning information to a network management center according to the type of the attack log, and then further comprising:
and if the terminal does not detect new alarm information continuously within the preset time, canceling the current type alarm to the network management center.
3. The network attack warning method for the UPF terminal under 5G according to claim 1, characterized in that the log function is that NetFilter of kernel monitors the network messages going in and out, and each message discards, receives, forwards and generates a log message according to rules.
4. The network attack warning method for the UPF terminal under 5G according to claim 1, wherein the network attack warning method for the UPF terminal under 5G further comprises:
the terminal adds a rule for discarding the ICMP message, inputs the ICMP message and discards the ICMP message;
the terminal opens a log function when the ICMP message is discarded, and prefix information is acquired;
the terminal modifies a preset file and generates a log file when detecting that the message is discarded through preset software;
the terminal restarts a Linux command, controls a log function to reload the configuration file, and starts to take effect;
and if the terminal receives the ICMP message, generating a log to acquire the attack type.
5. The network attack warning method for the UPF terminal under 5G according to claim 1, wherein the network attack warning method for the UPF terminal under 5G further comprises:
the terminal starts a thread for monitoring the IPTABLES log, and the thread for monitoring the IPTABLES log reads an IPTABLES log file every second;
the terminal reads each log in the logs, and if the keywords of the ICMP-DROP exist, the number of the logs is increased by 1 until the traversal of the logs is completed;
the terminal sends the times of ICMP-DROP, the last recorded time and the source IP address to the network management center in an alarm form;
the terminal empties the log file and controls iptables.log content to be empty;
and in the process of reading the log within the continuous preset time, the terminal generates a message of canceling the alarm to the network management center when the log is not recorded once.
6. The network attack warning method of UPF terminal under 5G according to claim 5, wherein the terminal sends the number of ICMP-DROP, the last recorded time and the source IP address to the network management center according to a private format using SNMP protocol.
7. The network attack warning method for the UPF terminal under 5G according to claim 1, wherein the preset software is IPTABLES.
8. The network attack warning method for the UPF terminal under 5G according to the claim 1 or 7, characterized in that the preset time is 5 seconds.
9. A terminal, characterized in that the terminal comprises: the network attack warning program of the UPF terminal under 5G is stored on the memory and can run on the processor, and when being executed by the processor, the network attack warning program of the UPF terminal under 5G realizes the steps of the network attack warning method of the UPF terminal under 5G according to any one of claims 1-8.
10. A computer-readable storage medium, wherein the computer-readable storage medium stores a network attack warning program of a UPF terminal under 5G, and the network attack warning program of the UPF terminal under 5G, when executed by a processor, implements the steps of the network attack warning method of the UPF terminal under 5G according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110042996.2A CN112788035B (en) | 2021-01-13 | 2021-01-13 | Network attack warning method of UPF terminal under 5G and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110042996.2A CN112788035B (en) | 2021-01-13 | 2021-01-13 | Network attack warning method of UPF terminal under 5G and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112788035A true CN112788035A (en) | 2021-05-11 |
| CN112788035B CN112788035B (en) | 2023-02-28 |
Family
ID=75755753
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110042996.2A Active CN112788035B (en) | 2021-01-13 | 2021-01-13 | Network attack warning method of UPF terminal under 5G and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112788035B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113453278A (en) * | 2021-05-21 | 2021-09-28 | 深圳震有科技股份有限公司 | TCP packet segmentation packaging method based on 5G UPF and terminal |
| CN113965394A (en) * | 2021-10-27 | 2022-01-21 | 北京天融信网络安全技术有限公司 | Network attack information acquisition method and device, computer equipment and medium |
| CN115225347A (en) * | 2022-06-30 | 2022-10-21 | 烽台科技(北京)有限公司 | Method and device for monitoring shooting range resources |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193943A1 (en) * | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
| US8788817B1 (en) * | 2011-09-30 | 2014-07-22 | Emc Corporation | Methods and apparatus for secure and reliable transmission of messages over a silent alarm channel |
| CN107590227A (en) * | 2017-09-05 | 2018-01-16 | 成都知道创宇信息技术有限公司 | A kind of log analysis method of combination reptile |
| CN107911355A (en) * | 2017-11-07 | 2018-04-13 | 杭州安恒信息技术有限公司 | A kind of website back door based on attack chain utilizes event recognition method |
| CN110677287A (en) * | 2019-09-24 | 2020-01-10 | 杭州安恒信息技术股份有限公司 | Threat alarm generating method and device based on systematic attack |
| CN111726342A (en) * | 2020-06-08 | 2020-09-29 | 中国电信集团工会上海市委员会 | Method and system for improving alarm output accuracy of honeypot system |
-
2021
- 2021-01-13 CN CN202110042996.2A patent/CN112788035B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193943A1 (en) * | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
| US8788817B1 (en) * | 2011-09-30 | 2014-07-22 | Emc Corporation | Methods and apparatus for secure and reliable transmission of messages over a silent alarm channel |
| CN107590227A (en) * | 2017-09-05 | 2018-01-16 | 成都知道创宇信息技术有限公司 | A kind of log analysis method of combination reptile |
| CN107911355A (en) * | 2017-11-07 | 2018-04-13 | 杭州安恒信息技术有限公司 | A kind of website back door based on attack chain utilizes event recognition method |
| CN110677287A (en) * | 2019-09-24 | 2020-01-10 | 杭州安恒信息技术股份有限公司 | Threat alarm generating method and device based on systematic attack |
| CN111726342A (en) * | 2020-06-08 | 2020-09-29 | 中国电信集团工会上海市委员会 | Method and system for improving alarm output accuracy of honeypot system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113453278A (en) * | 2021-05-21 | 2021-09-28 | 深圳震有科技股份有限公司 | TCP packet segmentation packaging method based on 5G UPF and terminal |
| CN113453278B (en) * | 2021-05-21 | 2022-12-09 | 深圳震有科技股份有限公司 | TCP packet segmentation packaging method based on 5G UPF and terminal |
| CN113965394A (en) * | 2021-10-27 | 2022-01-21 | 北京天融信网络安全技术有限公司 | Network attack information acquisition method and device, computer equipment and medium |
| CN113965394B (en) * | 2021-10-27 | 2024-02-02 | 北京天融信网络安全技术有限公司 | Network attack information acquisition method, device, computer equipment and medium |
| CN115225347A (en) * | 2022-06-30 | 2022-10-21 | 烽台科技(北京)有限公司 | Method and device for monitoring shooting range resources |
| CN115225347B (en) * | 2022-06-30 | 2023-12-22 | 烽台科技(北京)有限公司 | Method and device for monitoring target range resources |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112788035B (en) | 2023-02-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112788035B (en) | Network attack warning method of UPF terminal under 5G and terminal | |
| US11503073B2 (en) | Live state transition using deception systems | |
| US10432650B2 (en) | System and method to protect a webserver against application exploits and attacks | |
| US20220239687A1 (en) | Security Vulnerability Defense Method and Device | |
| CA2712542C (en) | Two-tier deep analysis of html traffic | |
| US10970396B2 (en) | Intelligent event collection for rolling back an endpoint state in response to malware | |
| JP6246943B2 (en) | Storage medium, apparatus and method for network forensics | |
| US20060230456A1 (en) | Methods and apparatus to maintain telecommunication system integrity | |
| US8806638B1 (en) | Systems and methods for protecting networks from infected computing devices | |
| US20060288414A1 (en) | Method and system for preventing virus infection | |
| US7610624B1 (en) | System and method for detecting and preventing attacks to a target computer system | |
| US10462134B2 (en) | Network device removal for access control and information security | |
| US10484380B2 (en) | Untrusted network device identification and removal for access control and information security | |
| US10805295B2 (en) | Network switch port access control and information security | |
| US10972470B2 (en) | Network device isolation for access control and information security | |
| CN112583845A (en) | Access detection method and device, electronic equipment and computer storage medium | |
| CN112202821B (en) | Identification defense system and method for CC attack | |
| CN111683063B (en) | Message processing method, system, device, storage medium and processor | |
| CN114257604A (en) | Data processing method and system | |
| CN116015876B (en) | Access control method, device, electronic equipment and storage medium | |
| Fu et al. | An autoblocking mechanism for firewall service | |
| US11848953B1 (en) | Network compromise activity monitoring system | |
| CN115174219B (en) | Management system capable of adapting to various industrial firewalls | |
| JP2023115996A (en) | Communication monitoring device, communication monitoring program, and communication monitoring method | |
| CN116708004A (en) | Malicious process processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |