CN113179225B - Application identification and processing method and system of sub-route, storage medium and computer equipment - Google Patents

Application identification and processing method and system of sub-route, storage medium and computer equipment Download PDF

Info

Publication number
CN113179225B
CN113179225B CN202110456891.1A CN202110456891A CN113179225B CN 113179225 B CN113179225 B CN 113179225B CN 202110456891 A CN202110456891 A CN 202110456891A CN 113179225 B CN113179225 B CN 113179225B
Authority
CN
China
Prior art keywords
network
behavior
application
sub
route
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110456891.1A
Other languages
Chinese (zh)
Other versions
CN113179225A (en
Inventor
李进
王辉
魏文昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qihu Intelligent Technology Co ltd
Original Assignee
Shenzhen Qihu Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qihu Intelligent Technology Co ltd filed Critical Shenzhen Qihu Intelligent Technology Co ltd
Priority to CN202110456891.1A priority Critical patent/CN113179225B/en
Publication of CN113179225A publication Critical patent/CN113179225A/en
Application granted granted Critical
Publication of CN113179225B publication Critical patent/CN113179225B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2475Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention is suitable for the technical field of routers, and provides an application identification and processing method of a sub-route, which comprises the following steps: acquiring a network request sent by a child router on a parent router after the child router is networked again; analyzing and determining the networking equipment correspondingly connected with the sub-route according to the identification information in the network request; monitoring network behaviors networked through a mother router, and analyzing and judging whether the network behaviors are matched with a preset application behavior rule or not; and if the network behavior is matched with the application behavior rule, intercepting and/or early warning the network behavior according to a preprocessing strategy of the networking equipment corresponding to the application behavior rule. A sub-routed application identification and processing system, a storage medium for storing a computer program for executing the method, and a computer apparatus implementing the method are also provided. Therefore, the invention can effectively carry out application identification and processing on the networking equipment hung down by the sub-router through the parent router, and improves the application identification and processing capability of the router.

Description

Application identification and processing method and system of sub-route, storage medium and computer equipment
Technical Field
The present invention relates to the field of router technologies, and in particular, to a method, a system, a storage medium, and a computer device for identifying and processing an application of a sub-router.
Background
A router is a hardware device that connects two or more networks, acts as a gateway between the networks, and is a dedicated intelligent network device that reads the address in each packet and then decides how to transmit. The existing router can intercept the application of the designated equipment through a rule matching technology, but in a gateway system built by a multi-level route, the parent route can only identify the equipment connected to the parent route, but cannot identify the equipment hung under the child route.
Therefore, if the networking device is connected to the child route, the parent route cannot identify the networking device and performs identification, interception and other processing aiming at the networking operation of the application on the networking device, so that a vulnerability exists in which the identification and processing of the application of the parent route can be bypassed, and the supervision of a user on a specific device (such as a children's networking device) in daily life is not utilized.
In view of the above, the conventional methods have many problems in practical use, and therefore, improvement is required.
Disclosure of Invention
In view of the foregoing drawbacks, the present invention provides a method, a system, a storage medium, and a computer device for identifying and processing an application of a child route, which can effectively identify and process an application of a network device under the child route through a parent route, thereby improving the application identification and processing capabilities of a router.
In order to achieve the above object, the present invention provides a method for identifying and processing application of sub-route, comprising the steps of:
acquiring a network request sent by a child router on a parent router after the child router is networked again;
analyzing and determining the networking equipment correspondingly connected with the sub-route according to the identification information in the network request;
monitoring network behaviors networked through the parent router, and analyzing and judging whether the network behaviors are matched with a preset application behavior rule or not; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment;
and if the network behavior is matched with the application behavior rule, intercepting and/or early warning processing is carried out on the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule.
Optionally, the step of monitoring the network behavior networked through the parent route, and analyzing and judging whether the network behavior matches a preset application behavior rule further includes:
and configuring the application behavior rule according to the behavior characteristics of the preset application during network connection, and adding the equipment association information of the networking equipment into the application behavior rule.
Optionally, if the network behavior is matched with the application behavior rule, the step of intercepting and/or performing early warning processing on the network behavior according to the preprocessing policy of the networking device corresponding to the application behavior rule specifically includes:
if the network equipment is matched with the application behavior rule, determining the corresponding network equipment according to the equipment association information in the application behavior rule;
and intercepting and/or early warning the network behavior according to a preprocessing strategy corresponding to the networking equipment.
Optionally, the step of intercepting and/or performing early warning processing on the network behavior according to the preprocessing policy corresponding to the networking device specifically includes:
intercepting a network connection request for the network behavior and/or generating early warning information corresponding to the network behavior.
Optionally, the step of monitoring the network behavior networked through the parent route, and analyzing and judging whether the network behavior matches a preset application behavior rule specifically includes:
monitoring network behavior of the child route networked through the parent route;
and judging whether the network behavior is matched with the application behavior rule or not based on a comparison result between the network behavior and the characteristic information of the application behavior rule.
Optionally, the step of acquiring the network request sent by the child route on the parent route after the network is reconnected includes:
detecting a sub-route connected on a local area network of a parent route, and interrupting the sub-route connected on the local area network;
reconnecting the sub-route to the local area network and obtaining network requests originating from the sub-route on the local area network.
Optionally, the step of analyzing and determining the networking device correspondingly connected to the sub-route according to the identification information in the network request specifically includes:
extracting identification information in the network request; the identification information is dns domain name information and/or http domain name information and/or ua information and/or preset characteristic information;
and analyzing and determining the corresponding networking equipment according to the identification information.
Also provided is a sub-routing application identification and processing system, comprising:
the acquisition unit is used for acquiring a network request sent by a child router on a parent router after the child router is networked again;
the device analysis unit is used for analyzing and determining the networking devices correspondingly connected with the sub-routes according to the identification information in the network request;
the behavior analysis unit is used for monitoring the network behavior networked through the parent router and analyzing and judging whether the network behavior is matched with a preset application behavior rule or not; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment;
and the processing unit is used for intercepting and/or early warning the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule if the application behavior rule is matched with the application behavior rule.
In addition, a storage medium and a computer device are provided, the storage medium storing a computer program for executing the application identification and processing method of the sub-route.
The computer device comprises a storage medium, a processor and a computer program which is stored on the storage medium and can run on the processor, wherein the processor executes the computer program to realize the application identification and processing method of the sub-route.
The application identification and processing method and the system of the sub-route, provided by the invention, carry out network disconnection and reconnection on the sub-route on the parent route, and obtain a network request sent after reconnection; analyzing and determining the networking equipment correspondingly connected with the sub-route according to the identification information in the network request; monitoring network behaviors of networking through the mother router, and analyzing whether the network behaviors are matched with application behavior rules of preset applications corresponding to the networking equipment or not; and if the network behavior is matched with the application behavior rule, intercepting and/or early warning the network behavior according to a preprocessing strategy of the networking equipment corresponding to the application behavior rule. The method and the device can identify which application is used by a certain device below the sub-route, and can intercept some specified applications aiming at a certain specified device, thereby improving the application identification and processing capacity of the router.
Drawings
Fig. 1 is a flowchart illustrating steps of a method for identifying and processing an application of a sub-route according to an embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating optional processing steps of an application identification and processing method for sub-routing according to an embodiment of the present invention;
fig. 3 is a schematic flow chart illustrating optional steps of behavior analysis of a method for identifying and processing sub-routes according to an embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating optional steps of obtaining the application identification and processing method of the sub-route according to an embodiment of the present invention;
FIG. 5 is a block diagram illustrating an exemplary sub-routed application identification and processing system, according to an embodiment of the present invention;
FIG. 6 is a block diagram schematically illustrating an application identification and processing system for sub-routing according to another embodiment of the present invention;
FIG. 7 is a block diagram illustrating an alternative configuration of the processing unit of the sub-routed application identification and processing system in accordance with an embodiment of the present invention;
fig. 8 is a schematic block diagram illustrating an alternative structure of the behavior analysis unit of the application recognition and processing system for sub-routing according to an embodiment of the present invention;
fig. 9 is a schematic block diagram of an alternative configuration of an obtaining unit of an application identification and processing system of a sub-route according to an embodiment of the present invention;
fig. 10 is a schematic block diagram illustrating an alternative structure of a device analysis unit of the sub-routed application identification and processing system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be noted that references in the specification to "one embodiment," "an example embodiment," etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not intended to refer to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to effect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
Moreover, where certain terms are used throughout the description and following claims to refer to particular components or features, those skilled in the art will understand that manufacturers may refer to a component or feature by different names or terms. This specification and the claims that follow do not intend to distinguish between components or features that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. In addition, the term "connected" as used herein includes any direct and indirect electrical connection. Indirect electrical connection means include connection by other means.
Fig. 1 shows an application identification and processing method for sub-routing provided in an embodiment of the present invention, where the method is applied to a gateway system of a secondary routing, and includes:
step S101: and acquiring a network request sent by a child route on the parent route after the child route is re-networked. The parent route is a superior route of the child route; in the embodiment, after the sub-route under the parent route is disconnected and reconnected, all network requests sent to the parent route after the sub-route is reconnected and networked are obtained; the purpose of the network disconnection is to trigger the equipment hung down by the sub-route, send a data request related to network disconnection reconnection, and increase the request quantity of the equipment.
Step S102: and analyzing and determining the networking equipment correspondingly connected with the sub-route according to the identification information in the network request. The networking equipment is a mobile phone, a tablet computer or a computer.
Because some devices have few possible network requests, especially the devices are not in use currently, the devices are difficult to identify under the condition of few requests; therefore, after the sub-route is disconnected from the network momentarily, the networking device under the sub-route re-initiates the network request, so that the parent route can acquire the network requests of all devices under the sub-route, and further can perform analysis according to the identification information in the network request to determine the source of the network request corresponding to the identification information, and can determine the device information connected under the sub-route according to the source; the identification information is at least one type of data information used for determining the type, model, name and the like of the equipment.
Step S103: monitoring network behaviors networked through the parent router, and analyzing and judging whether the network behaviors are matched with a preset application behavior rule or not; the application behavior rule is a preset behavior matching rule which is applied to the networking equipment. The network behavior comprises an interactive behavior of the networking equipment for the router, and can also be an internet surfing behavior of the networking equipment on the router network, and the like; specifically, the embodiment monitors and acquires each network behavior networked through a parent route, and performs rule matching on the network behavior and a preset application behavior rule to judge whether the network behavior conforms to the application behavior rule; the application behavior rules characterize the feature matching rules of a particular application behavior, such as: online payment behavior of online shopping software or appreciation behavior of live broadcast software and the like; in this embodiment, a specific behavior of a specific preset application is configured as the application behavior rule in advance, and if the currently monitored network behavior matches with the application behavior rule, it is determined that the current network behavior belongs to the specific behavior of the preset application that is occurring. When the network behavior rule is specifically implemented, the application behavior rule corresponds to the networking device, namely, when the network behavior rule is specifically analyzed and judged, whether the network behavior originates from the networking device is further analyzed and judged.
Optionally, before the step S103, the method further includes: and configuring the application behavior rule according to the behavior characteristics of the preset application during network connection, and adding the equipment association information of the networking equipment into the application behavior rule. That is, in this embodiment, when it is detected that a plurality of networking devices are hung under the sub-route, application identification may be performed for a certain specific device. In specific implementation, when the router performs application identification rule matching, the router adds relevant information of corresponding networking equipment to the matching rule.
For example, a normal matching rule is { "keystr": ddz.dl.tuyoo.com "," ua ":" };
if a specific networking device is to be taken into effect independently, the device association information ua of the networking device, which has been acquired when the device is detected to be hung down by the sub-route, is ipadAXX, and the following steps are automatically performed: { "keystr": ddz.dl.tuyoo.com "," ua ": ipadAXX" }; at this time, only when the network-connected device uses the corresponding application, it is recognized.
Step S104: and if the network behavior is matched with the application behavior rule, intercepting and/or early warning processing is carried out on the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule. The preprocessing strategy is a processing plan which is configured in advance to correspond to the networking equipment, namely when the network behavior is determined to be the application behavior of certain networking equipment through analysis and judgment, the network behavior can be intercepted and/or early-warning processed correspondingly according to the processing mode of the networking equipment. In a specific implementation, a corresponding preprocessing policy may be set in advance for at least one networking device that is off-hook to the sub-route, for example, if a user of a certain mobile phone terminal is set as a child, the interception processing and/or the early warning processing are performed for a specific application behavior of the networking device (such as ordering an online purchase or playing an online game).
Referring to fig. 2, in one embodiment, step S104 includes:
step S1041: and if the network equipment is matched with the application behavior rule, determining the corresponding network equipment according to the equipment association information in the application behavior rule. Each application behavior rule corresponds to a certain specific networking device, and if the network behavior conforms to the application behavior rule, the network behavior is judged to be from the corresponding networking device; in specific implementation, the network behavior needs to be matched with device association information in an application behavior rule, and the device association information is used for identifying corresponding networking devices; it may then be determined whether the network behavior originated from the corresponding networking device.
Step S1042: and intercepting and/or early warning the network behavior according to a preprocessing strategy corresponding to the networking equipment. The preprocessing strategy can be pre-stored on the parent route, or can be set for the networking equipment after identifying the networking equipment hung down by the child route; the relevant setting operation can be set on the control software corresponding to the mother route.
Optionally, step S1042 specifically includes: intercepting a network connection request for the network behavior and/or generating early warning information corresponding to the network behavior. In specific implementation, the early warning information may be forwarded to an authorized management user terminal, such as a parent mobile phone, through a mother route.
Referring to fig. 3, in one embodiment, step S103 includes:
step S1031: and monitoring the network behavior of the child router networked through the parent router. That is, after the networking device hung down by the child route is identified, the embodiment monitors the network behavior of the parent route from the child route; in specific implementation, the network behavior is a network data connection request.
Step S1031: and judging whether the network behavior is matched with the application behavior rule or not based on a comparison result between the network behavior and the characteristic information of the application behavior rule. And comparing the characteristic information in the network behavior with the information corresponding to the application behavior rule, and judging that the network behavior is matched with the application behavior rule when the characteristic information in the network behavior is consistent with the information corresponding to the application behavior rule.
Referring to fig. 4, in an embodiment, step S101 specifically includes:
step S1011: and detecting a sub-route connected on a local area network of the mother route, and interrupting the sub-route connected on the local area network.
Step S1012: reconnecting the sub-route to the local area network and obtaining network requests originating from the sub-route on the local area network. In specific implementation, the child route may be configured to reconnect to the local area network of the parent route after a preset time.
Optionally, step S102 specifically includes:
extracting identification information in the network request; the identification information is dns (domain name System) domain name information and/or http (Hypertext Transfer Protocol) domain name information and/or ua (User Agent) information and/or preset characteristic information; and analyzing and determining the corresponding networking equipment according to the identification information.
Optionally, step S102 specifically includes: and analyzing and determining the networking equipment corresponding to the identification information through a preset rule matching technology or a machine learning classification technology.
Fig. 5 shows an application identification and processing system 100 for sub-routing provided in an embodiment of the present invention, where the system 100 is applied to a gateway of a secondary routing, and includes an obtaining unit 10, an equipment analysis unit 20, a behavior analysis unit 30, and a processing unit 40, where:
the acquiring unit 10 is configured to acquire a network request sent by a child route on a parent route after re-networking; the device analysis unit 20 is configured to analyze and determine a networking device correspondingly connected to the sub-route according to the identification information in the network request; the behavior analysis unit 30 is configured to monitor a network behavior of the network connected through the parent route, and analyze and determine whether the network behavior matches a preset application behavior rule; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment; the processing unit 40 is configured to, if the application behavior rule is matched with the network behavior, intercept and/or perform early warning processing on the network behavior according to a preprocessing policy of the networking device corresponding to the application behavior rule.
Fig. 6 shows an application identification and processing system 200 for sub-routing, which is applied to a gateway for secondary routing and includes an obtaining unit 10, an equipment analyzing unit 20, a configuring unit 50, a behavior analyzing unit 30, and a processing unit 40, where:
the acquiring unit 10 is configured to acquire a network request sent by a child route on a parent route after being re-networked; the device analysis unit 20 is configured to analyze and determine a networking device correspondingly connected to the sub-route according to the identification information in the network request; the behavior analysis unit 30 is configured to monitor network behaviors networked through the parent route, and analyze and determine whether the network behaviors match preset application behavior rules; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment; the processing unit 40 is configured to intercept and/or perform early warning processing on the network behavior according to a preprocessing policy of the networking device corresponding to the application behavior rule if the application behavior rule is matched with the application behavior rule; the configuration unit 50 is configured to configure the application behavior rule according to the behavior characteristics of the preset application during network connection, and add the device association information of the networking device to the application behavior rule.
Referring to fig. 7, optionally, the processing unit 40 of this embodiment specifically includes a determining subunit 401 and a processing subunit 402, where:
the determining subunit 401 is configured to determine, if the application behavior rule is matched with the network device, the corresponding network device according to the device association information in the application behavior rule; the processing subunit 402 is configured to intercept and/or perform early warning processing on the network behavior according to a preprocessing policy corresponding to the networking device.
In specific implementation, the processing subunit 402 is specifically configured to: intercepting a network connection request for the network behavior and/or generating early warning information corresponding to the network behavior.
Referring to fig. 8, optionally, the behavior analysis unit 30 of this embodiment specifically includes a monitoring subunit 301 and a determining subunit 302, where:
the monitoring subunit 301 is configured to monitor a network behavior of the child route networked through the parent route; the determining subunit 302 is configured to determine, based on a comparison result between the network behavior and the feature information of the application behavior rule, whether the network behavior matches the application behavior rule.
Referring to fig. 9, optionally, the obtaining unit 10 specifically includes a detection and interruption subunit 101 and a reconnection and obtaining subunit 102, where:
the detecting and interrupting subunit 101 is configured to detect a sub-route connected to a local area network of a parent route, and interrupt the sub-route connected to the local area network; the reconnect and acquire subunit 102 is configured to reconnect the sub-route to the local area network and acquire a network request originating from the sub-route on the local area network.
Referring to fig. 10, optionally, the device analysis unit 20 specifically includes an extraction subunit 201 and an analysis determination subunit 202, where:
the extracting subunit 201 is configured to extract the identification information in the network request; the identification information is dns domain name information and/or http domain name information and/or ua information and/or preset characteristic information; the analysis determination subunit 202 is configured to determine a corresponding networking device according to the identification information through analysis.
In particular implementation, the analysis determination subunit 202 is configured to: and analyzing and determining the networking equipment corresponding to the identification information through a preset rule matching technology or a machine learning classification technology.
Optionally, the networking device is a mobile phone, a tablet computer or a computer.
The present invention also provides a storage medium for storing a computer program of the application identification and processing method of the sub-route described in fig. 1 to 4. Such as computer program instructions, which when executed by a computer, may invoke or otherwise provide methods and/or techniques in accordance with the present application through the operation of the computer. Program instructions which invoke the methods of the present application may be stored on fixed or removable storage media and/or transmitted via a data stream over a broadcast or other signal-bearing medium and/or stored on a storage medium of a computer device operating in accordance with the program instructions. Herein, according to an embodiment of the present application, a computer device comprising an application identification and processing system of sub-routing as shown in fig. 5 or fig. 6 preferably comprises a storage medium for storing a computer program and a processor for executing the computer program, wherein when the computer program is executed by the processor, the computer device is triggered to execute the method and/or the technical solution according to the foregoing embodiments.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, implemented using Application Specific Integrated Circuits (ASICs), general purpose computers or any other similar hardware devices. In one embodiment, the software programs of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Additionally, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
The method according to the invention can be implemented on a computer as a computer-implemented method, or in dedicated hardware, or in a combination of both. Executable code for the method according to the invention or parts thereof may be stored on a computer program product. Examples of computer program products include memory devices, optical storage devices, integrated circuits, servers, online software, and so forth. Preferably, the computer program product comprises non-transitory program code means stored on a computer readable medium for performing the method according to the invention when said program product is executed on a computer.
In a preferred embodiment, the computer program comprises computer program code means adapted to perform all the steps of the method according to the invention when the computer program is run on a computer. Preferably, the computer program is embodied on a computer readable medium.
In summary, the application identification and processing method and system for sub-routes according to the present invention reconnects the sub-routes on the parent route by breaking the network, and obtains the network request sent after reconnection; analyzing and determining the networking equipment correspondingly connected with the sub-route according to the identification information in the network request; monitoring network behaviors of networking through the parent router, and analyzing whether the network behaviors are matched with application behavior rules of preset applications corresponding to the networking equipment or not; and if so, intercepting and/or early warning the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule. The method and the device can identify which application is used by a certain device below the sub-route, and can intercept some specified applications aiming at a certain specified device, thereby improving the application identification and processing capacity of the router.
The present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof, and it should be understood that various changes and modifications can be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.
Also provided is A1, a sub-routing application identification and processing method, comprising the steps of:
acquiring a network request sent by a child route on a parent route after the child route is re-networked;
analyzing and determining the networking equipment correspondingly connected with the sub-route according to the identification information in the network request;
monitoring network behaviors networked through the parent router, and analyzing and judging whether the network behaviors are matched with a preset application behavior rule or not; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment;
and if the network behavior is matched with the application behavior rule, intercepting and/or early warning processing is carried out on the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule.
A2, according to the application identification and processing method of the sub-route in A1, the step of monitoring the network behavior networked through the parent route and analyzing and judging whether the network behavior is matched with a preset application behavior rule further comprises the following steps:
and configuring the application behavior rule according to the behavior characteristics of the preset application during network connection, and adding the equipment association information of the networking equipment into the application behavior rule.
A3, according to the application identification and processing method of the sub-route described in A2, if the application behavior rule is matched, the step of intercepting and/or performing early warning processing on the network behavior according to the preprocessing policy of the networking device corresponding to the application behavior rule specifically includes:
if the network equipment is matched with the application behavior rule, determining the corresponding network equipment according to the equipment association information in the application behavior rule;
and intercepting and/or early warning the network behavior according to a preprocessing strategy corresponding to the networking equipment.
A4, according to the application identification and processing method of the sub-route in A3, the step of intercepting and/or early warning processing the network behavior according to the preprocessing strategy corresponding to the networking device specifically includes:
intercepting a network connection request for the network behavior and/or generating early warning information corresponding to the network behavior.
A5, according to the application identification and processing method of the sub-route described in A1, the step of monitoring the network behavior networked through the parent route, and analyzing and judging whether the network behavior matches a preset application behavior rule specifically includes:
monitoring network behavior of the child routes networked through the parent route;
and judging whether the network behavior is matched with the application behavior rule or not based on a comparison result between the network behavior and the characteristic information of the application behavior rule.
A6, according to the application identification and processing method of the child route described in A1, the step of acquiring the network request sent by the child route on the parent route after being re-networked specifically includes:
detecting a sub-route connected on a local area network of a parent route, and interrupting the sub-route connected on the local area network;
reconnecting the sub-route to the local area network and obtaining network requests originating from the sub-route on the local area network.
A7, according to the application identification and processing method of the sub-route described in A1, the step of analyzing and determining the networking device correspondingly connected to the sub-route according to the identification information in the network request specifically includes:
extracting identification information in the network request; the identification information is dns domain name information and/or http domain name information and/or ua information and/or preset characteristic information;
and analyzing and determining the corresponding networking equipment according to the identification information.
A8, according to the application identification and processing method of the sub-route described in A7, the step of analyzing and determining the corresponding networking device according to the identification information specifically includes:
and analyzing and determining the networking equipment corresponding to the identification information through a preset rule matching technology or a machine learning classification technology.
A9, according to the application identification and processing method of the sub-route in the A1, the networking device is a mobile phone or a tablet computer or a computer.
Also provided is a B10, sub-routing application identification and processing system, comprising:
the acquisition unit is used for acquiring a network request sent by a child router on a parent router after the child router is networked again;
the device analysis unit is used for analyzing and determining the networking devices correspondingly connected with the sub-routes according to the identification information in the network request;
the behavior analysis unit is used for monitoring the network behavior networked through the parent router and analyzing and judging whether the network behavior is matched with a preset application behavior rule or not; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment;
and the processing unit is used for intercepting and/or early warning the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule if the application behavior rule is matched with the application behavior rule.
B11, the application identification and processing system according to the sub-route described in B10, further comprising:
and the configuration unit is used for configuring the application behavior rule according to the behavior characteristics of the preset application during network connection, and adding the equipment association information of the networking equipment into the application behavior rule.
B12, according to the application identification and processing system of the sub-route in B11, the processing unit specifically includes:
a determining subunit, configured to determine, if the application behavior rule is matched with the network device, the corresponding network device according to the device association information in the application behavior rule;
and the processing subunit is used for intercepting and/or early warning the network behavior according to the preprocessing strategy corresponding to the networking equipment.
B13, according to the application identification and processing system of the sub-route described in B12, the processing sub-unit is specifically configured to:
intercepting a network connection request for the network behavior and/or generating early warning information corresponding to the network behavior.
B14, according to the application identification and processing system of the sub-route described in B10, the behavior analysis unit specifically includes:
the monitoring subunit is used for monitoring the network behavior of the child router networked through the parent router;
and the judging subunit is used for judging whether the network behavior is matched with the application behavior rule or not based on a comparison result between the network behavior and the characteristic information of the application behavior rule.
B15, according to the application identification and processing system of sub-routes described in B10, the obtaining unit specifically includes:
the detection and interruption subunit is used for detecting a sub-route connected to a local area network of a mother route and interrupting the sub-route connected to the local area network;
and the reconnection and acquisition subunit is used for reconnecting the sub-route to the local area network and acquiring the network request which is originated from the sub-route on the local area network.
B16, according to the application identification and processing system of sub-route described in B10, the device analysis unit specifically includes:
the extracting subunit is used for extracting the identification information in the network request; the identification information is dns domain name information and/or http domain name information and/or ua information and/or preset characteristic information;
and the analysis and determination subunit is used for analyzing and determining the corresponding networking equipment according to the identification information.
B17, according to the application identification and processing system of the sub-route described in B16, the analyzing and determining sub-unit is specifically configured to:
and analyzing and determining the networking equipment corresponding to the identification information through a preset rule matching technology or a machine learning classification technology.
And B18, according to the application identification and processing system of the sub-route in B10, the networking equipment is a mobile phone or a tablet computer or a computer.
C19, a storage medium storing a computer program for executing the application identification and processing method of any one of the sub-routes A1 to A9 is also provided.
The D20 and the computer equipment comprise a storage medium, a processor and a computer program which is stored on the storage medium and can run on the processor, wherein the processor executes the computer program to realize the application identification and processing method of the sub-route of any one of the A1-A9.

Claims (20)

1. A method for identifying and processing application of sub-route is characterized by comprising the following steps:
acquiring a network request sent by a child router on a parent router after the child router is networked again;
analyzing and determining the networking equipment correspondingly connected with the sub-route according to the identification information in the network request;
monitoring network behaviors networked through the parent router, and analyzing and judging whether the network behaviors are matched with a preset application behavior rule or not; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment;
and if the network behavior is matched with the application behavior rule, intercepting and/or early warning processing is carried out on the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule.
2. The method of claim 1, wherein the step of monitoring network behavior networked through the parent router and analyzing and determining whether the network behavior matches a preset application behavior rule further comprises:
and configuring the application behavior rule according to the behavior characteristics of the preset application during network connection, and adding the equipment association information of the networking equipment into the application behavior rule.
3. The sub-route application identification and processing method according to claim 2, wherein if the sub-route is matched with the application behavior rule, the step of intercepting and/or pre-warning the network behavior according to the pre-processing policy of the networking device corresponding to the application behavior rule specifically comprises:
if the network equipment is matched with the application behavior rule, determining the corresponding network equipment according to the equipment association information in the application behavior rule;
and intercepting and/or early warning the network behavior according to a preprocessing strategy corresponding to the networking equipment.
4. The sub-routing application identification and processing method according to claim 3, wherein the step of intercepting and/or pre-warning the network behavior according to the pre-processing policy corresponding to the networking device specifically comprises:
intercepting a network connection request for the network behavior and/or generating early warning information corresponding to the network behavior.
5. The method for identifying and processing application of sub-route according to claim 1, wherein the step of monitoring network behavior networked through the parent route and analyzing and judging whether the network behavior matches a preset application behavior rule specifically comprises:
monitoring network behavior of the child routes networked through the parent route;
and judging whether the network behavior is matched with the application behavior rule or not based on a comparison result between the network behavior and the characteristic information of the application behavior rule.
6. The method for identifying and processing the application of the sub-route according to claim 1, wherein the step of acquiring the network request sent by the sub-route on the parent route after being re-networked specifically comprises:
detecting a sub-route connected on a local area network of a parent route, and interrupting the sub-route connected on the local area network;
reconnecting the sub-route to the local area network and obtaining network requests originating from the sub-route on the local area network.
7. The method for identifying and processing the application of the sub-route according to claim 1, wherein the step of analyzing and determining the networking device correspondingly connected to the sub-route according to the identification information in the network request specifically comprises:
extracting identification information in the network request; the identification information is dns domain name information and/or http domain name information and/or ua information and/or preset characteristic information;
and analyzing and determining the corresponding networking equipment according to the identification information.
8. The sub-routing application recognition and processing method of claim 7, wherein the step of analyzing and determining the corresponding networking device according to the identification information specifically comprises:
and analyzing and determining the networking equipment corresponding to the identification information through a preset rule matching technology or a machine learning classification technology.
9. The sub-routed application identification and processing method of claim 1, wherein the networking device is a cell phone or a tablet computer or a computer.
10. A sub-routing application identification and processing system, comprising:
the acquisition unit is used for acquiring a network request sent by a child router on a parent router after the child router is networked again;
the device analysis unit is used for analyzing and determining the networking devices correspondingly connected with the sub-routes according to the identification information in the network request;
the behavior analysis unit is used for monitoring the network behavior networked through the parent router and analyzing and judging whether the network behavior is matched with a preset application behavior rule or not; the application behavior rule is a behavior matching rule which is preset to apply and corresponds to the networking equipment;
and the processing unit is used for intercepting and/or early warning the network behavior according to the preprocessing strategy of the networking equipment corresponding to the application behavior rule if the application behavior rule is matched with the application behavior rule.
11. The sub-routed application identification and processing system of claim 10, further comprising:
and the configuration unit is used for configuring the application behavior rule according to the behavior characteristics of the preset application during network connection, and adding the equipment association information of the networking equipment into the application behavior rule.
12. The sub-routed application identification and processing system according to claim 11, wherein the processing unit specifically comprises:
a determining subunit, configured to determine, if the application behavior rule is matched with the network device, the corresponding network device according to the device association information in the application behavior rule;
and the processing subunit is used for intercepting and/or early warning the network behavior according to the preprocessing strategy corresponding to the networking equipment.
13. The sub-routed application identification and processing system according to claim 12, wherein the processing subunit is specifically configured to:
intercepting a network connection request of the network behavior and/or generating early warning information corresponding to the network behavior.
14. The sub-routing application recognition and processing system of claim 10, wherein the behavior analysis unit specifically comprises:
the monitoring subunit is used for monitoring the network behavior of the child router networked through the parent router;
a determining subunit, configured to determine whether the network behavior matches the application behavior rule based on a comparison result between the network behavior and the feature information of the application behavior rule.
15. The sub-routing application identification and processing system according to claim 10, wherein the obtaining unit specifically includes:
the detection and interruption subunit is used for detecting a sub-route connected to a local area network of a mother route and interrupting the sub-route connected to the local area network;
and the reconnection and acquisition subunit is used for reconnecting the sub-route to the local area network and acquiring the network request which is originated from the sub-route on the local area network.
16. The sub-routed application recognition and processing system according to claim 10, wherein the device analysis unit specifically comprises:
an extraction subunit, configured to extract the identification information in the network request; the identification information is dns domain name information and/or http domain name information and/or ua information and/or preset characteristic information;
and the analysis and determination subunit is used for analyzing and determining the corresponding networking equipment according to the identification information.
17. The sub-routed application recognition and processing system of claim 16, wherein the analysis determination subunit is specifically configured to:
and analyzing and determining the networking equipment corresponding to the identification information through a preset rule matching technology or a machine learning classification technology.
18. The sub-routed application identification and processing system according to claim 10, wherein the networking device is a cell phone or a tablet computer or a computer.
19. A storage medium storing a computer program for executing the application recognition and processing method of a sub-route according to any one of claims 1 to 9.
20. A computer device comprising a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the application recognition and processing method of sub-routing according to any one of claims 1 to 9 when executing the computer program.
CN202110456891.1A 2021-04-26 2021-04-26 Application identification and processing method and system of sub-route, storage medium and computer equipment Active CN113179225B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110456891.1A CN113179225B (en) 2021-04-26 2021-04-26 Application identification and processing method and system of sub-route, storage medium and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110456891.1A CN113179225B (en) 2021-04-26 2021-04-26 Application identification and processing method and system of sub-route, storage medium and computer equipment

Publications (2)

Publication Number Publication Date
CN113179225A CN113179225A (en) 2021-07-27
CN113179225B true CN113179225B (en) 2022-11-04

Family

ID=76926366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110456891.1A Active CN113179225B (en) 2021-04-26 2021-04-26 Application identification and processing method and system of sub-route, storage medium and computer equipment

Country Status (1)

Country Link
CN (1) CN113179225B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9294492B1 (en) * 2015-03-10 2016-03-22 Iboss, Inc. Software program identification based on program behavior
CN109194749A (en) * 2018-09-11 2019-01-11 福建天泉教育科技有限公司 Monitor method, the storage medium of network request
CN110213076A (en) * 2019-04-18 2019-09-06 广州市高科通信技术股份有限公司 A kind of processing method and processing device of comprehensive network management multilevel device automatic wire charging
CN111263379A (en) * 2020-02-19 2020-06-09 深圳市共进电子股份有限公司 Method for establishing backhaul station connection, network device and storage medium
CN111277611A (en) * 2020-02-25 2020-06-12 深信服科技股份有限公司 Virtual machine networking control method and device, electronic equipment and storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100379231C (en) * 2003-10-21 2008-04-02 西安西邮双维通信技术有限公司 A multimedia communication safe proxy gateway and safety proxy method
CN101582771B (en) * 2009-07-02 2011-06-29 山东盛世光明软件技术有限公司 Method of identity recognition of computer internet under mode of multi-stage routers
CN106790292A (en) * 2017-03-13 2017-05-31 摩贝(上海)生物科技有限公司 The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis
CN107231262B (en) * 2017-06-26 2021-05-14 华南理工大学 Message routing method based on MQTT multi-layer cascade
CN107733860A (en) * 2017-09-04 2018-02-23 努比亚技术有限公司 A kind of processing method of access request, device, family's Cloud Server and computer-readable recording medium
CN109981329A (en) * 2017-12-28 2019-07-05 华为终端有限公司 Determine the method, equipment and system of network equipment connection relationship
CN109379289B (en) * 2018-09-25 2021-08-06 新华三技术有限公司合肥分公司 Method and device for processing route filtering strategy
CN111726364B (en) * 2020-06-29 2023-04-07 杭州安恒信息安全技术有限公司 Host intrusion prevention method, system and related device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9294492B1 (en) * 2015-03-10 2016-03-22 Iboss, Inc. Software program identification based on program behavior
CN109194749A (en) * 2018-09-11 2019-01-11 福建天泉教育科技有限公司 Monitor method, the storage medium of network request
CN110213076A (en) * 2019-04-18 2019-09-06 广州市高科通信技术股份有限公司 A kind of processing method and processing device of comprehensive network management multilevel device automatic wire charging
CN111263379A (en) * 2020-02-19 2020-06-09 深圳市共进电子股份有限公司 Method for establishing backhaul station connection, network device and storage medium
CN111277611A (en) * 2020-02-25 2020-06-12 深信服科技股份有限公司 Virtual machine networking control method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN113179225A (en) 2021-07-27

Similar Documents

Publication Publication Date Title
US10721244B2 (en) Traffic feature information extraction method, traffic feature information extraction device, and traffic feature information extraction program
US20190273749A1 (en) Unauthorized Communication Detection Apparatus and Recording Medium
WO2014187238A1 (en) Application type identification method and network device
CN106411644A (en) Network sharing device detection method and system based on DPI technology
CN106789413B (en) Method and device for detecting proxy internet surfing
CN113825129A (en) Industrial internet asset mapping method under 5G network environment
KR101341596B1 (en) Apparatus and method for monitoring of wep application telecommunication data by user
JP2023516621A (en) Web attack detection and blocking system and method by artificial intelligence machine learning behavior-based web protocol analysis
CN113630418B (en) Network service identification method, device, equipment and medium
CN104363265B (en) Proxy surfing detection method and device
CN106992893A (en) The management method and device of router
CN113179225B (en) Application identification and processing method and system of sub-route, storage medium and computer equipment
CN111565196B (en) KNXnet/IP protocol intrusion detection method, device, equipment and medium
CN113037748A (en) C and C channel hybrid detection method and system
CN109347785A (en) A kind of terminal type recognition methods and device
CN110401626B (en) Hacker attack grading detection method and device
KR102119636B1 (en) Anonymous network analysis system using passive fingerprinting and method thereof
CN108566380B (en) Proxy internet surfing behavior identification and detection method
CN114760216B (en) Method and device for determining scanning detection event and electronic equipment
KR20180042019A (en) Method for analyzing risk element of network packet based on recruuent neural network and apparatus analyzing the same
CN106803830B (en) Method, device and system for identifying internet access terminal and User Identity Module (UIM) card
CN113162824B (en) Method, system, storage medium and computer equipment for identifying equipment under sub-routing by router
CN114363059A (en) Attack identification method and device and related equipment
CN111225378B (en) Intelligent wifi screening method, mobile terminal and terminal readable storage medium
JP6063340B2 (en) Command source specifying device, command source specifying method, and command source specifying program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant