JP5668503B2 - Hazardous site filtering system and filtering method - Google Patents

Description

  The present invention relates to a harmful site filtering system and a filtering method for filtering acquisition of a web page of a harmful site on the Internet. In particular, the present invention relates to a harmful site filtering system and a filtering method for notifying a user that the acquisition of a web page of a harmful site on the Internet has been filtered.

  In recent years, ISPs (Internet Service Providers) that provide Internet services perform filtering services and blocking that prohibit access to harmful sites. Here, filtering refers to prohibiting access to harmful sites based on user consent. On the other hand, blocking is forcibly prohibiting access to a predetermined site without obtaining the user's consent. Recently, blocking of child pornography has attracted attention due to ISP's independent efforts, and as shown in Non-Patent Document 1, an activity report has been made by the working group. Here, filtering and blocking are common in terms of technical contents that prohibit access to harmful sites. Hereinafter, in this specification, both filtering and blocking will be referred to as “filtering”. That is, in the case of “filtering”, blocking is also included.

  Non-Patent Document 1 discloses four methods as conventional filtering methods for accessing harmful sites. The first method is a “DNS poisoning method” that performs filtering when a host name or domain name of a Web site is converted into an IP address by DNS. The second is a “packet filtering method” that performs filtering based on the destination IP address in the IP header or the access destination URL information included in the HTTP content part. The third is a “proxy method” in which HTTP communication is once terminated by an HTTP proxy and then filtering is performed based on access destination URL information. The fourth is a combination of the methods described above.

  Here, the above-mentioned “DNS poisoning method” has a problem that it is not possible to filter communication that does not use DNS, for example, browsing action by directly hitting an IP address on a browser. In addition, the above-described “proxy method” requires that all communications be performed via an HTTP proxy, which increases the load on the HTTP proxy.

  On the other hand, in the above-mentioned “packet filtering”, a method for filtering a harmful site based on information on a destination IP address included in a communication packet is a method by describing an access list in an existing router device or the like owned by an ISP. Yes, generally well used. The block diagram is shown in FIG. Hereinafter, the filtering operation will be described with reference to FIG. The terminal 32 requests access to the Web site 38 via the router 52. The proxy page 50 proxy acquisition unit 54 of the proxy server 50 that has received the access request acquires the Web page data. Next, when the communication packet acquired by the Web page data proxy acquisition unit 54 passes through the filtering unit 58 of the router 52, the transmission source IP address of the communication packet matches the list of IP addresses described in the access list 56. Check whether or not. If they match, the filtering unit 58 determines that the communication packet is a communication packet from a harmful site, and stops sending the Web page data to the terminal 32. Here, the access list 56 can be set by a command from the outside as shown in FIG.

  For the “proxy method”, a harmful site information storage unit is provided in the proxy server, and based on the list stored there, a check is made as to whether or not the Web page that the terminal attempted to access is a harmful site. Patent Document 1 discloses a configuration in which acquisition of a Web page is stopped when it is determined that the site is a harmful site, and proxy acquisition of Web page data is performed when it is determined that the site is not a harmful site.

JP 2008-116998 A JP 2010-161473 A

"ISP Engineer Subworking Report", [online], [searched on November 24, 2010], Internet (URL: http://good-net.jp/modules/news/uploadFile/2010063040.pdf)

  The following analysis is given by the present invention.

  As described above, the method of describing the access list in the router device is often used because it can be realized by describing the access list in the existing router device owned by the ISP. The method shown in FIG. 12 extracts the transmission source information included in the communication packet and checks the match with the access list, but extracts the transmission destination information included in the communication packet of the access request from the terminal to the Web site. There is also a method for checking a match with the access list. In either case, the destination information / source information uses an IP address that can be used in layer 3 of the OSI reference model that can be identified by the router. However, this method has a problem that when filtering is performed, there is no function of notifying the user of filtering. In the case of a router device, only the layer 3 of the OSI reference model can be identified. Therefore, when a notification server attempts to issue a notification to a user terminal, it is necessary to make settings related to the routing of a plurality of router devices existing on the way. There is. Since such a setting is complicated every time filtering is performed, a notification page is not generally displayed on the user terminal. However, when filtering is performed without giving a notification page to the user, there is a concern that, from the viewpoint of the user, it cannot be distinguished from a connection failure and the number of inquiries to the ISP increases. Accordingly, there is a demand for a system that can easily display a notification page.

  Accordingly, an object of the present invention is to provide a system that filters the acquisition of a web page of a harmful site and transmits a notification page that notifies the filtering to a user terminal.

A harmful site filtering system according to a first aspect of the present invention is a harmful site filtering system for filtering acquisition of a web page of a harmful site, comprising a plurality of switches and a management computer connected to the plurality of switches. A network configuration, a terminal requesting acquisition of a web page, and a notification server that notifies that a harmful site has been filtered, wherein the terminal is connected to a first switch of the plurality of switches, The notification server is connected to a second switch among the plurality of switches, stores harmful site information to be filtered in the management computer, and from a communication packet from the terminal by Layer 3 of the OSI reference model Take out identifiable destination information or source information and manage it The computer determines whether the transmission destination information or the transmission source information is included in the harmful site information, and determines that the transmission destination information or the transmission source information is included in the harmful site information. In this case, the management computer filters the acquisition of the Web page of the terminal, instructs the notification server to transmit a notification page that notifies the filtering to the terminal, and The notification page is transmitted to the terminal by the layer 4 of the OSI reference model .

The harmful site filtering method according to the second aspect of the present invention is a harmful site filtering method for filtering acquisition of a web page of a harmful site, and is a transmission that can be identified by layer 3 of the OSI reference model from a communication packet from a terminal. In the step of extracting destination information or transmission source information, the step of determining whether the transmission destination information or the transmission source information is included in harmful site information stored in advance, and the determination step, When it is determined that the transmission destination information or the transmission source information is included in the harmful site information, the notification page that filters the acquisition of the Web page of the terminal and notifies the filtering from the notification server Transmitting to the terminal by layer 4 of the OSI reference model .

  According to the harmful site filtering system of the present invention, filtering the web page acquisition of the harmful site based on the destination information identifiable by the layer 3 of the OSI reference model included in the communication packet from the user's terminal is filtered. Therefore, it is possible to provide a harmful site filtering system capable of transmitting a notification page to notify a user terminal.

  According to the harmful site filtering method of the present invention, filtering the web page acquisition of the harmful site based on the destination information identifiable by the layer 3 of the OSI reference model included in the communication packet from the user's terminal is filtered. It is possible to provide a harmful site filtering method capable of transmitting a notification page to notify the user to the terminal of the user.

It is a block diagram of the harmful site filtering system concerning Example 1 of the present invention. It is a block diagram which shows the detail of the switch 1 in FIG. It is a flowchart for demonstrating the harmful site filtering method which concerns on Example 1 of this invention. It is an example of the 1st packet in Example 1 of this invention. It is an example of the packet arrival notification in Example 1 of this invention. It is an example of the notification page which notifies that it filtered in the harmful site filtering system which concerns on Example 1 of this invention. It is an example of the table transmission command in Example 1 of this invention. It is an example of the transfer table set in Example 1 of this invention. It is an example of the packet transmission command set in Example 1 of this invention. It is a block diagram of the harmful site filtering system which concerns on Example 2 of this invention. It is a flowchart for demonstrating the harmful site filtering method which concerns on Example 1 of this invention. It is a block diagram for demonstrating the conventional harmful site filtering system.

  Embodiments of the present invention will be described with reference to the drawings as necessary. In addition, drawing quoted in description of embodiment and the code | symbol of drawing are shown as an example of embodiment, and, thereby, the variation of embodiment by this invention is not restrict | limited.

  As shown in FIG. 1, the harmful site filtering system according to the first aspect of the present invention is a harmful site filtering system that filters acquisition of Web pages of harmful sites 38, and is connected to a plurality of switches and a plurality of switches. A network configuration including the management computer 12, a terminal 32 that requests acquisition of a Web page, and a notification server 34 that notifies that a harmful site 38 has been filtered. The notification server 34 is connected to the second switch 30 among the plurality of switches, and stores the harmful site information 22 to be filtered in the management computer 12. Destinations that can be identified by layer 3 of the OSI reference model The management computer 12 determines whether the transmission destination information or the transmission source information is included in the harmful site information 22, and the transmission destination information or the transmission source information is included in the harmful site information 22. If it is determined that the management computer 12 includes the Web page of the terminal 32, the management computer 12 filters the acquisition of the Web page of the terminal 32 and displays a notification page (48 in FIG. 6) for notifying the notification server 34 of the filtering. The notification server 34 sends a notification page (48 in FIG. 6) to the terminal 32.

  As shown in FIG. 3, the harmful site filtering method according to the second aspect of the present invention is a harmful site filtering method for filtering the acquisition of a web page of a harmful site. Step S104 for extracting transmission destination information or transmission source information that can be identified by layer 3, and determination of whether transmission destination information or transmission source information is included in the pre-stored harmful site information 22 In the determination step S106, when it is determined that the transmission destination information or the transmission source information is included in the harmful site information 22, the acquisition of the Web page of the terminal is filtered (step S110), and the filtering is performed by the notification server. Sending a notification page 48 to the terminal (step It includes a flop S114, S116), the.

  Hereinafter, embodiments will be described in detail with reference to the drawings.

[Configuration of Example 1]
FIG. 1 is a block diagram of a harmful site filtering system according to Embodiment 1 of the present invention. In FIG. 1, a broken line frame indicates a system in an ISP (Internet Service Provider) 10. Here, a user who has subscribed to the ISP sends a harmful site 38 on the Internet (URL is http: //www.yuugai) via the ISP from the terminal 32 (IP address is 7.8.9.9). .Com with an IP address of 3.4.5.6) and a non-harmful site 70 (URL is http://www.not_yuugai.com, IP address is 15.16.17. 18).

  The harmful site filtering system according to the first embodiment is configured based on an open flow. OpenFlow is a network control technology proposed by the OpenFlow switching consortium (see http://www.openflowswitch.org/). The conventional network control method has been mainly performed by IP address routing. However, in OpenFlow, communication determined by a combination of MAC address, IP address, port number, etc. is defined as "flow", The path control is realized. As a result, it is possible to determine an optimum route, which has the advantage of improving the use efficiency of the network.

  In Patent Document 2, in a system using OpenFlow, switch costs of a plurality of switches on a network are calculated, and based on the calculated switch costs, among route candidates from several transmission sources to transmission destinations. Thus, a method for determining the optimum route is disclosed.

  In general, the OpenFlow system has a network configuration including a plurality of OpenFlow switches and an OpenFlow controller connected thereto. In FIG. 1, a management computer 12 is an OpenFlow controller in OpenFlow, and switches 1 and 2 are OpenFlow switches. Each switch is assigned a DPID (Data Patch ID) as an identifier. In FIG. 1, the DPID of the switch 1 is “00-00-4c-00-11-11”, and the DPID of the switch 2 is “00-00-4c-00-22-22”. In OpenFlow, layers 1 to 4 of the OSI reference model can be identified. In the conventional router device, only layers 1 to 3 can be identified, whereas in OpenFlow, layer 4 can be identified. Therefore, in the OpenFlow system, the switches 1 and 2 that are OpenFlow switches can be operated as L3 switches or L4 switches.

  Next, FIG. 2 is a block diagram showing details of the switch 1 which is an open flow switch. The switch 1 includes a host communication unit 40, a transfer processing unit 46, a table setting unit 42, and a transfer table 44. Here, the transfer table 44 is configured by a memory such as a RAM. The transfer processing unit 46 has a function of transferring communication data (packet data or the like) input to the switch 1. The transfer processing unit 46 has a plurality of ports. In the first embodiment, the transfer processing unit 46 has 22 ports P1 to P22.

  Next, a connection form of the management computer 12, the switch 1, the switch 2, the terminal 32, and the notification server 34 will be described with reference to FIG. The terminal 32 is connected to the port P18 of the switch 1 and can communicate bidirectionally. The notification server (IP address is 11.12.13.14) is connected to the port P17 of the switch 2 and can communicate in both directions. The port P15 of the switch 1 is connected to the port P16 of the switch 2 and can communicate bidirectionally. The port P16 of the switch 1 is connected to the Internet network. Further, the host communication unit (40 in FIG. 2) of the switch 1 is connected to the communication unit 20 of the management computer 12, and can transmit and receive commands, messages, and the like.

  Next, the configuration of the management computer 12 that is an OpenFlow controller will be described in detail. The management computer 12 has a storage unit 14 composed of a memory, and topology information 24, entry status information 26, and harmful site information 22 are stored. Here, the topology information 24 stores the connection form of the switch 1, the switch 2, the terminal 32, and the notification server 34, and is read out and used when obtaining the candidate route of the transmission destination from the transmission source. The entry state information 26 includes the number of empty entries indicating the empty state of the number of entries of each switch and the switch cost indicating how much the used entry rate is. The harmful site information 22 is a list of IP addresses of harmful sites. When information on harmful sites is provided as URL information, it is converted into an IP address in advance by referring to a DNS server. The harmful site information 22 is updated as necessary by the system administrator.

  The management computer 12 includes a communication unit 20 that communicates with the switch, a control unit 18 that controls the operation of the open flow, and a harmful site determination unit 16.

[Operation of Embodiment 1]
Next, the operation of the first embodiment will be described with reference to FIGS. The following steps S100 and S102 are based on the contents described in Patent Document 2 (in the specific example of Patent Document 2, the flow control between two terminals connected to two switches of OpenFlow is disclosed. Have been). In Patent Document 2, a MAC address is used instead of an IP address. In the first embodiment, an IP address is used. First, the operation when the user sends a web page acquisition request for the harmful site 38 (http://www.yuugai.com) from the terminal 32 will be described below. Specifically, the user terminal 32 transmits the first packet to the switch 1 of the ISP (step S100). Here, as shown in FIG. 4, the first packet is IP_DA (3.4.5.6) that is the IP address of the transmission destination as the transmission destination information, and the IP address of the transmission source as the transmission source information. IP_SA (7.8.9.10) is included. When the switch 1 receives the first packet, it takes out IP_DA and IP_SA and refers to the forwarding table 44 in the switch 1. Here, the forwarding table 44 is a list including information on input ports, IP_DA, IP_SA, and output ports for each entry related to the switch 1. Here, the switch 1 searches the transfer table 44 using the IP_DA that is the destination IP address, the IP_SA that is the source IP address, and the input port P18 as search keys. At this time, the corresponding entry does not yet exist.

  If it is found that the corresponding entry does not exist in the transfer table 44, the host communication unit 40 of the switch 1 next sends the control unit 18 of the management computer 12 to the control unit 18 of the management computer 12 via the communication unit 20 of FIG. Is transmitted (step S102). Here, in the packet arrival notification, as shown in FIG. 5, the DPID information is the DPID of the switch 1, the type information is “PACKET_IN” indicating the packet arrival notification, and the input port information is input from the port 18. P18 indicating this and the first packet.

  Next, the control unit 18 of the management computer 12 extracts the IP_DA that is the destination IP address from the packet arrival notification shown in FIG. 5 (step S104). Next, the control unit 18 determines whether or not the Web site from which the user requested acquisition of the Web page is a harmful site as follows. First, the control unit 18 passes IP_DA that is the IP address of the transmission destination to the harmful site determination unit 16. Next, the harmful site determination unit 16 refers to the harmful site information 22 in the storage unit 14 and checks whether the IP_DA that is the destination IP address is in the harmful site information 22 (step S106). . Here, when IP_DA is included in the harmful site information 22, it is determined in step S108 that it is a harmful site (Yes in step S108). On the other hand, if IP_DA is not included in the harmful site information 22, it is determined in step S108 that it is not a harmful site (No in step S108).

  Here, IP_DA (3.4.5.6) that is the IP address of the transmission destination is the IP address of the harmful site 38 and is included in the harmful site information 22. It will be determined. Next, the operation when it is determined as a harmful site in step S108 will be described in detail below. The management computer 12 performs filtering by canceling the acquisition of the Web page from the harmful site 38 (step S110). Next, the management computer 12 instructs the notification server 34 to transmit the notification page 48 to the terminal 32 (step S114). Next, based on the instruction in step S114, the notification server 34 transmits the notification page 48 to the terminal 32 in the layer 4 (step S116). Here, the process of step S116 is performed in layer 4 of the OSI reference model. In OpenFlow, since the layer 4 of the OSI reference model can be identified, processing in the layer 4 automatically sets the forwarding table 44 of the switch 2 and the switch 1 existing in the route between the notification server 34 and the terminal 32. Can be processed. Accordingly, there is an advantage that the management computer 12 does not need to make complicated settings, and the notification page 48 can be easily transmitted. FIG. 6 shows an example of the notification page 48. For example, when the Web page that the user intends to browse from the terminal 32 is a site related to child pornography, it can be notified that the ISP has forcibly blocked.

  Next, a flow when it is determined in step S108 that the site is not a harmful site will be described. Specifically, the user obtains a web page from the terminal 32 to a non-hazardous site 70 (URL is http://www.not_yuugai.com, IP address is 15.16.17.18). Is required.

  Here, the processing of steps S120 to S128 shown below is based on the flow control of OpenFlow, and is based on the method described in Patent Document 2 (in the specific example of Patent Document 2, two processes of OpenFlow are performed). The flow control between two terminals connected to the switch is disclosed).

  First, the management computer 12 transmits a table setting command to the switch 1 (step S120). Next, the switch 1 sets the transfer table 44 of the switch 1 based on the received table setting command (step S122). Below, step S120 and step S122 are demonstrated in detail. In order to set a route from the terminal 32 to the Internet network, the switch 1 may be set to have the port P18 as an input port and the port P16 as an output port. The table setting command transmitted from the management computer 12 in step S120 is shown in FIG. In FIG. 7, the DPID information is DPID indicating the switch 1, the type information is “MODIFY_STATE” indicating table setting, the input port is P18, IP_DA is the IP address of the non-hazardous site 70: 15.16.17.18, IP_SA is the IP address of the terminal 32: 7.8.9.9.10, and the output port is P16. The table setting unit 42 receives this table setting command via the host communication unit 40 and sets it as an additional entry in the transfer table 44. FIG. 8 shows the contents of the forwarding table 44 of the entry that has been added. The input port information, IP_DA information, IP_SA information, and output port information portions in the table setting command shown in FIG. 7 are extracted data.

  Next, in the flowchart of FIG. 3, the management computer 12 transmits a packet transmission command to the switch 1 (step S124). FIG. 9 shows a packet transmission command. The DPID information is the DPID of the switch 1, the type information is “SEND_PACKET” indicating that it is a packet transmission command, the output port is the port P16 set as the output port in the switch 1, and the packet part is It is the first packet. Here, since the first packet is included in the packet arrival notification in step S102, the management computer 12 acquires the data of the first packet from the packet arrival notification, and adds the first packet to the packet transmission command. ing.

  Next, the switch 1 receives the packet transmission command and resumes the transfer of the first packet (step S126). More specifically, the host communication unit 40 of the switch 1 extracts the first packet from the packet transmission command shown in FIG. Then, the transfer processing unit 46 of the switch 1 is instructed to output the first packet from the port P16.

  Next, the transfer processing unit 46 of the switch 1 transfers the first packet from the port P16 (step S128). As described above, based on the flowchart shown in FIG. 3, a flow for requesting acquisition of the Web page of the non-hazardous site 70 from the terminal 32 is established. Thereafter, the packets are sequentially transferred following the first packet.

  As described above, according to the harmful site filtering system according to the first embodiment, when a website acquisition request is made from a user terminal, the destination IP address is extracted from the communication packet, and the destination When it is determined that the IP address is included in the IP address of the harmful site stored in advance in the management computer, it is determined that an attempt is made to acquire the Web page of the harmful site, and filtering is performed. Here, the effect that the notification page can be transmitted from the notification server to the user's terminal is obtained. Since the conventional router device can identify only the layer 3 of the OSI reference model, complicated control is required to transmit the notification page, and the notification page is not transmitted. In the first embodiment of the present invention, by adopting the OpenFlow configuration, layer 4 communication becomes possible, and the notification page can be easily transmitted.

  The notification server 34 in the first embodiment may be configured with a virtual server. In this case, the switch 2 connected to the notification server 34 is configured by a virtual switch that is a software switch. In FIG. 1, the switch 1 is directly connected to the Internet network 36. However, a proxy server is provided between the switch 1 and the Internet network, and a Web page is received by the proxy server. Alternatively, the data may be transferred to the user terminal 32.

  FIG. 10 is a block diagram illustrating a harmful site filtering system according to the second embodiment of the present invention. The difference between the second embodiment and the first embodiment is that the network is configured by more switches (seven in FIG. 10), and the switch 6 is connected to the Internet network 36. These switches are all open flow switches. In FIG. 10, switch 1 and switch 3, switch 1 and switch 5, switch 1 and switch 7, switch 2 and switch 3, switch 2 and switch 4, switch 3 and switch 5, switch 4 and switch 5, switch 4 and switch 6, the switch 5 and the switch 6, the switch 5 and the switch 7, and the switch 6 and the switch 7 are connected, and bidirectional communication is possible. Each of the switches 1 to 7 has a host communication unit therein and is connected to the communication unit 20 of the management computer 12.

  Next, the operation of the second embodiment will be described with reference to FIG. 3, FIG. 10, and FIG. The operation of the second embodiment is obtained by replacing the processing of the broken line frame when it is determined in step S108 that the site is not a harmful site in the flowchart of FIG. 3 showing the operation of the first embodiment with the flowchart shown in FIG.

  When the terminal 32 tries to acquire the Web page of the harmful site 38 (URL is http://www.yuugai.com, IP address is 3.4.5.6), the same operation as in the first embodiment Therefore, the description is omitted.

  Next, when the terminal 32 tries to acquire the Web page of the site 70 that is not harmful (URL is http://www.not_yuugai.com, IP address is 15.16.17.18), that is, step S108. The process after No is selected is the operation of the flowchart shown in FIG. The operation will be described below with reference to the flowchart shown in FIG. The operation shown in FIG. 11 is based on the flow control of the open flow and is based on the method described in Patent Document 2 (in the specific example of Patent Document 2, it is connected to two switches of Open Flow). The flow control between two terminals is disclosed).

  In FIG. 11, the management computer 12 determines a flow path from the flow path candidates (step S219). Hereinafter, step S219 will be described in more detail. In the second embodiment, the port of the switch 6 is connected to the Internet network 36. Therefore, the packet must be transferred from the switch 1 to the switch 6 to which the terminal 32 is connected. Possible candidates for the flow path are switch 1 → switch 5 → switch 6, switch 1 → switch 7 → switch 6, and the like. The management computer 12 determines which flow path should be used as follows. First, the management computer 12 refers to the entry status information 26 in the storage unit 14. The entry status information 26 stores the number of empty entries (or the number of used entries) and the switch cost for each of a plurality of switches included in the network. Here, the number of empty entries is a difference obtained by subtracting the number of used entries from the threshold value of the number of entries in which the switch causes entry overflow, as described in Patent Document 2. The smaller the number of empty entries, the higher the switch cost. The greater the switch cost, the higher the risk of entry overflow and the worse the network utilization efficiency. Therefore, the control unit 18 of the management computer 12 compares the total switch cost of the switches existing on the path for each flow path candidate, and selects the path with the lower switch cost. Here, one of the two candidate routes described above includes the switch 5, while the other includes the switch 7. Accordingly, the switch costs of the switch 5 and the switch 7 in the entry status information 26 are compared, and a path including the smaller switch is selected. Here, when the switch cost of the switch 5 is smaller, the route of the switch 1 → the switch 5 → the switch 6 is selected.

  Next, in FIG. 11, the management computer 12 transmits a table setting command to each switch on the flow path (step S220). Specifically, as shown in FIG. 7 described in the first embodiment, a table setting command for designating each input port and output port is transmitted to the switch 1, the switch 5, and the switch 6. Detailed description is omitted.

  Next, each switch (switch 1, switch 5, and switch 6) on the flow path receives the table setting command, and sets the transfer table based on the command (step S222).

  Next, the management computer 12 transmits a packet transmission command to the switch 1 (step S224). Since this is the same as FIG. 9 shown in the first embodiment, the description is omitted.

  Next, the switch 1 receives the packet transmission command and resumes the transfer of the first packet (step S226). Next, the first packet is transferred from the switch 1 (step S228). Steps S226 and S228 are the same as those in the first embodiment, and a description thereof will be omitted. As described above, based on the flowchart shown in FIG. 11, a flow is established when the terminal 32 requests acquisition of a Web page from a non-hazardous site 70. Thereafter, the packets are sequentially transferred following the first packet.

  As described above, the harmful site filtering system according to the second embodiment performs filtering of harmful sites and notifies the user terminal of the notification page from the notification server in the same manner as in the first embodiment. The effect that it can transmit is acquired. Furthermore, since the harmful site filtering system according to the second embodiment has an open flow configuration, when there are a plurality of flow route candidates on the network, the network usage is calculated by calculating the optimum flow route. The effect that efficiency can be improved is acquired.

  The notification server 34 in the second embodiment may be configured with a virtual server. In this case, the switch 2 connected to the notification server 34 is configured by a virtual switch that is a software switch. In FIG. 10, the switch 6 is directly connected to the Internet network 36. However, a proxy server is provided between the switch 1 and the Internet network, and the Web page is received by the proxy server. You may make it the structure transferred to a user's terminal 32. FIG.

  The harmful site filtering system of the present invention is applicable to a harmful site filtering system implemented by an ISP (Internet Service Provider). In addition, since it has an open flow configuration, it can be applied to applications such as performing flow control of related actions during filtering. Related actions include sending a notification page as shown in the example.

  It should be noted that the embodiments and examples can be changed and adjusted within the scope of the entire disclosure (including claims) of the present invention and based on the basic technical concept. Various combinations and selections of various disclosed elements are possible within the scope of the claims of the present invention. That is, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the entire disclosure including the claims and the technical idea.

10: ISP (Internet Service Provider)
12: Management computer (OpenFlow controller)
14: storage unit 16: harmful site determination unit 18: control unit 20: communication unit 22: harmful site information 24: topology information 26: entry state information 28: switch 1
30: Switch 2
32: Terminal 34: Notification server 36: Internet network 38: Harmful site 40: Host communication unit 42: Table setting unit 44: Transfer table 46: Transfer processing unit 48: Notification page 50: Proxy server 52: Router 54: Web page data Proxy acquisition unit 56: access list 58: filtering unit 70: non-harmful site 72: switch 6

Claims (5)

A harmful site filtering system for filtering acquisition of a harmful site web page,
A network configuration comprising a plurality of switches and a management computer connected to the plurality of switches;
A terminal requesting acquisition of a web page;
A notification server for notifying that harmful sites have been filtered,
The terminal is connected to a first switch of the plurality of switches;
The notification server is connected to a second switch of the plurality of switches;
The management computer stores harmful site information to be filtered,
From the communication packet from the terminal, the destination information or source information that can be identified by layer 3 of the OSI reference model is extracted,
The management computer determines whether the transmission destination information or the transmission source information is included in the harmful site information,
When it is determined that the transmission destination information or the transmission source information is included in the harmful site information, the management computer filters the acquisition of the web page of the terminal and performs filtering on the notification server. Instructing them to send a notification page to the device,
The harmful site filtering system, wherein the notification page is transmitted from the notification server to the terminal by layer 4 of an OSI reference model .   The harmful site filtering system according to claim 1, wherein the harmful site information, the transmission destination information, and the transmission source information are IP addresses. The management computer determines a flow path from a transmission source to a transmission destination,
The plurality of switches includes a transfer table for setting a transfer input destination and an output destination,
The harmful site filtering system according to claim 1 or 2 , wherein a forwarding table of a plurality of switches on the flow path is set according to an instruction from the management computer based on the determined flow path. . A harmful site filtering method for filtering acquisition of web pages of harmful sites,
Extracting destination information or source information identifiable by layer 3 of the OSI reference model from a communication packet from the terminal;
Determining whether the destination information or the source information is included in prestored harmful site information;
In the determination step, when it is determined that the transmission destination information or the transmission source information is included in the harmful site information, the acquisition of the Web page of the terminal is filtered and the filtering is performed by the notification server. Transmitting a notification page to be notified to the terminal by using layer 4 of the OSI reference model . The harmful site filtering method according to claim 4 , wherein the harmful site information, the transmission destination information, and the transmission source information are IP addresses.

Images