CN102088754A - Network access behavior-based access control method and system for wireless local area network - Google Patents
Network access behavior-based access control method and system for wireless local area network Download PDFInfo
- Publication number
- CN102088754A CN102088754A CN2010105800359A CN201010580035A CN102088754A CN 102088754 A CN102088754 A CN 102088754A CN 2010105800359 A CN2010105800359 A CN 2010105800359A CN 201010580035 A CN201010580035 A CN 201010580035A CN 102088754 A CN102088754 A CN 102088754A
- Authority
- CN
- China
- Prior art keywords
- network
- bss
- website
- information
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a network access behavior-based access control method and system for a wireless local area network. The method comprises the following steps: a network side acquires information of data packets of different network service types in a BSS (Base Station Subsystem) according to a network service type; the network side establishes information of a network flow statistical table of the BSS according to the acquired information of the data packets of different network service types, wherein the information of the network flow statistical table comprises source sites, destination sites, service types, network access behavior durations and network access behavior occurring time of the data packets; and the network side generates information of the relation among the network service type, corresponding time and corresponding network data flow of each site in the BSS according to the established information of the network statistical table of the BSS, and performs access control according to the generated information of the relation among the sites in the BSS. By applying the method and the system, the problem of effective distribution of network resources in the wireless local area network is solved.
Description
Technical field
The present invention relates to network insertion control technology in the WLAN (wireless local area network) field, relate to a kind of wireless local network access control method and system of visit behavior Network Based especially.
Background technology
Along with the numerous and complicatedization day by day of the continuous growth and the network application of network traffics, simply, unrestrictedly increase the network bandwidth and be the root problem that can not solve network traffics.In WLAN (wireless local area network), insert in the work that is controlled at of behavior and the life general realistic meaning is arranged by the statistics of access to netwoks behavior being realized website.Can give different websites, different business with different access priorities according to customer demand by the WLAN (wireless local area network) access control, thereby fully effectively utilize bandwidth resources, can effectively guarantee the high-priority service bandwidth of the website that priority is higher, suppress to limit the bandwidth of the specific transactions of website.
Existing access control technology mainly is the control mode of fixed constraint condition, is not based on the dynamic access control mode of access to netwoks behavior, more is directed to the monitoring of illegal Internet resources rather than is used for distribution to the local area network (LAN) resource.
This shows that the technical scheme of the access control of a kind of visit behavior Network Based of current needs solves the problem of Resource Allocation in Networks.
Summary of the invention
Technical problem to be solved by this invention provides a kind of wireless local network access control method and system of visit behavior Network Based, has solved the problem of how effectively Internet resources to be distributed in the WLAN (wireless local area network).
In order to address the above problem, the invention provides a kind of wireless local network access control method of visit behavior Network Based, comprising:
Network side obtains the information of the packet of different network service type among the Basic Service Set BSS according to the Network type;
Described network side is according to the information of the packet of the different network service type of obtaining, and sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavior duration length and the access to netwoks behavior time of origin that comprise packet;
Described network side is according to the information of the network statistics table of the described BSS that sets up, generate the relation information between the Network type of each website among this BSS, corresponding time and the corresponding network data traffic, carry out access control according to the relation information of each website among this BSS that generates.
Further, said method also can comprise, when described network side judgement moves to other BSS as if a website among the BSS, then the information of the network flow statistic table of the relation information that this website is generated in former BSS and this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website among each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between the different B SS.
Further, said method also can comprise, described network side carries out access control according to the relation information of each website among the BSS that generates, comprise: described network side is judged if Network, corresponding time and the corresponding network data traffic of each website are not subjected to user's particular restriction among this BSS, the bandwidth of then distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
Further, said method also can comprise, described network side carries out access control according to the relation information of each website among the BSS that generates, comprise: described network side is judged if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, then distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
Further, said method can comprise that also the information that described network side obtains the packet of different network service type among the BSS comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavior duration length and access to netwoks behavior time of origin.
The present invention also provides a kind of access control of visit behavior Network Based: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit is used for according to the Network type, obtains the information of the packet of different network service type among the Basic Service Set BSS, and sends to described network statistics table and set up the unit;
Described network statistics table is set up the unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavior duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, be used to receive the information of the network statistics table of described BSS, generate relation information between the Network type of each website among this BSS, corresponding time and the corresponding network data traffic according to this information that receives, carry out access control according to the relation information of each website among this BSS that generates.
Further, said system also can comprise, described access control unit, also be used for judging if when a BSS one website moves to other BSS, then the information of the network flow statistic table of the relation information that this website is generated in former BSS and this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website among each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between the different B SS.
Further, said system also can comprise, described access control unit carries out access control according to the relation information of each website among the BSS that generates, be meant: this access control unit judges is not if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, the bandwidth of then distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
Further, said system also can comprise, described access control unit carries out access control according to the relation information of each website among the BSS that generates, be meant: this access control unit judges is if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, then distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
Further, said system can comprise that also the information of the packet of different network service type comprises among the BSS that described acquiring unit obtains: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavior duration length and access to netwoks behavior time of origin.
Compared with prior art, use the present invention, method by traffic statistics, set up the detailed valid wireless local area network (LAN) statistical model of different observation cycles, set up restriction relation from type of service, website demand, realize based on the dynamic access control of history visit behavior and the combination of artificial access control; Realize the transmission of constraints between the Basic Service Set, made the validity and the continuity that when WLAN (wireless local area network) Basic Service Set website number changes, can keep statistics.The present invention has made full use of network operations information, and General layout Plan is easy to realize, cost is relatively low can effectively popularize.
Description of drawings
Fig. 1 is the flow chart of the wireless local network access control method of visit behavior Network Based among the present invention;
Fig. 2 is the structural representation of the access control system of visit Network Based among the present invention;
Fig. 3 is the schematic diagram that a Basic Service Set inserts the Internet in the example of the present invention by AP;
Fig. 4 is the transmission schematic diagram of the relation information of website between the different Basic Service Sets among the present invention.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments.
The present invention is the dynamic control technology that a kind of WLAN (wireless local area network) of visit behavior Network Based inserts, and Internet resources is configured according to user's request by access control is more effective.The present invention passes through at access point (AP, access point) runs application on each website of local area network (LAN) is added up via the corresponding service that AP visits wide area network, local area network (LAN) or wireless network, set up statistical model, the bandwidth of the miscellaneous service of each website is carried out dynamic access control according to client's web-based history visit behavior.
AP carries out buffer memory to its data of transmitting in the WLAN (wireless local area network), the information such as time that the time that the source IP address of statistical data packet, purpose IP address, MAC Address, type of service, access to netwoks behavior continue, access to netwoks behavior take place, according to client's demand to the different constraints of different main frames, different traffic set to carry out dynamic access control, and when the user can transmit this constraints from a BSS (Basic Service Set, basic service set) when moving to another BSS.
In network insertion control of the present invention, realize the distribution of WLAN (wireless local area network) resource by network traffics seizure and classification, network traffics supervision (statistics and analysis) and control strategy.
1. network traffics are caught and identification: this is the first step of carrying out network insertion control.Have only by the seizure point is set, network traffics are caught and discerned, just can carry out follow-up analysis and Control work.Here it is emphasized that very macroscopic viewization of net flow assorted especially, also can refinement.Such as classification such as TCP, UDP, ICMP macroscopic view relatively just, and HTTP, FTP or even such as just relatively refinement of the classification of P2P flows such as Kazza, Skype and identification.Can adopt well-known message seizure such as Wireshark, TCPDump and analysis software to carry out flow catches and classification work.
2. network traffics monitor (analysis): monitor the operation conditions that is used for showing flow, help to find the problem and carry out corresponding management strategy.Application program and network management can be collected classification, displaying and acquisition of information, comprise bandwidth availability ratio, active main frame and network efficiency and active application program.This target can realize in real work by adopting common on the market visual analyzing management tools such as NTOP.
3. control strategy: next step of network traffics analysis is to distribute bandwidth resources according to priority level.The foundation of distributing can be main frame, use or the like, and what need especially to consider is to note considerations that lags behind such as the P2P program of consumption of natural resource or audio frequency and video downloads.Can use popular flow control tool during concrete operations and carry out and realize, as classify and monitor and the Control Network flow that like this, we just can effectively manage network traffics get up, unordered network traffics are originally become in order.
The present invention is by catching analysis to network data on AP, set up the statistical form of network operation state informations such as website, type of service, demand according to the user is provided with different constraints to different websites, business etc., thereby realize of the access control of whole WLAN (wireless local area network), and this constraints can be transmitted mutually between Basic Service Set with outer net.Performing step is as follows:
As shown in Figure 1, the connection control method of visit behavior Network Based of the present invention specifically may further comprise the steps:
Step 110: network side obtains the information such as source IP address, purpose IP address, MAC (medium access control) address, access to netwoks behavior duration length and access to netwoks behavior time of origin of the packet of different network service type among the BSS according to the Network type;
Step 120: network side is according to the information of the packet of the different network service type obtained, sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavior duration length and the access to netwoks behavior time of origin that comprise packet;
Step 130: network side is according to the information of the network flow statistic table of the described BSS that sets up, generate the relation information between the Network type of each website among this BSS, corresponding time and the corresponding network data traffic, carry out access control according to the relation information of each website among this BSS that generates.
The relation information of each website can be meant each website based on historical statistics, the time distribution function of different business among the BSS.
Also comprise: when the network side judgement moves to other BSS as if a website among the BSS, then the information of the network flow statistic table of the relation information that this website is generated in former BSS and this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website among each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between the different B SS.
Network side carries out access control according to the relation information of each website among the BSS that generates, comprise: judge if Network, corresponding time and the corresponding network data traffic of each website are not subjected to user's particular restriction among this BSS, the bandwidth of then distributing each Network as far as possible can both be respectively greater than the minimum value of the bandwidth of each default Network, and distribute bandwidth to meet the restriction of described relation information;
Described network side carries out access control according to the relation information of each website among the BSS that generates, comprise: described network side is judged if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, then distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
Network side judges if the total bandwidth of network is restricted, and then can distribute the minimum value of the bandwidth of each Network that the bandwidth of each Network equals to preset.
As shown in Figure 2, the access control system of visit behavior Network Based of the present invention comprises: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit is used for according to the Network type, obtains the information of the packet of different network service type among the Basic Service Set BSS, and sends to described network statistics table and set up the unit;
Described network statistics table is set up the unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavior duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, be used to receive the information of the network statistics table of described BSS, generate relation information between the Network type of each website among this BSS, corresponding time and the corresponding network data traffic according to this information that receives, carry out access control according to the relation information of each website among this BSS that generates.
Described access control unit, also be used for judging if when a BSS one website moves to other BSS, then the information of the network flow statistic table of the relation information that this website is generated in former BSS and this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website among each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between the different B SS.
Described access control unit carries out access control according to the relation information of each website among the BSS that generates, be meant: this access control unit judges is not if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, the bandwidth of then distributing each Network as far as possible can both be respectively greater than the minimum value of the default required primary bandwidth of each Network, and in certain domain of walker, distribute bandwidth to meet the restriction of relation information.
Described access control unit carries out access control according to the relation information of each website among the BSS that generates, be meant: this access control unit judges is if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, then distribute the bandwidth of each Network at first should meet the bandwidth of user's specific demand, distribute bandwidth should in certain domain of walker, meet the restriction of relation information on this basis.
Relation information can comprise three aspect contents: 1. the required primary bandwidth of miscellaneous service; 2. based on the time distribution function of historical statistics business; 3. user's specific demand.
The information of the packet of different network service type comprises among the BSS that described acquiring unit obtains: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavior duration and access to netwoks behavior time of origin.
The present invention mainly is to set up comprehensively, effective network statistics model, set up network insertion constraints on this basis based on the visit behavioral statistics, network insertion is controlled, stride when website and can effectively transmit the related constraint condition when Basic Service Set moves, main meaning of the present invention just is this.
The invention will be further described below in conjunction with instantiation.
The case scene as shown in Figure 3, five terminals (can be PC) are formed a Basic Service Set and are inserted the Internet by AP, all data all will be transmitted by AP and arrive each terminal.Therefore just can realize the statistical analysis of whole network data and effective distribution of Internet resources by the software of operational network access control on AP.The specific implementation step of software comprises: network traffics are added up and set up statistical model, according to the constraints of modelling network insertion network insertion dynamically controlled, realized the transfer of constraints between Basic Service Set.
1. network flow statistic model
By on AP, the LAN data bag being caught the ASSOCIATE STATISTICS that obtains network service outside the visit of local area network (LAN) domestic site, set up statistical form and set up restriction relation according to customer demand.
At different time, the proportion that different business is shared comprises http, email, ftp, p2p and VOIP or the like according to different websites of statistics such as website id, purpose IP address, target MAC (Media Access Control) address.The client is the input constraint condition according to demand, increases or dwindle certain business of particular station.
We adopt the method for refinement step by step to set the timing statistics interval on timing statistics, comprise at year, the moon, week, sky, hour statistics, at applied situation difference, can manually set timing statistics, comprise work, rest, meeting or the like.Set up detailed model by the statistics of system, for the dynamic access control of the visit of local area network (LAN) provides reliable basis.According to different timing statisticses, it is as shown in table 1 to set up statistical form, thereby sets up a detailed data system.Suppose table 1 for being the data statistic of unit, then w in the table with the year
11The flow of representing the http business of a certain year website 1, x
11The http business of representing a certain year website 1 accounts for website 1 all professional ratios, y
11Represent that the http business of a certain year website 1 accounts for the ratio of the whole network http business, z
11The http business of representing a certain year website 1 accounts for the total professional ratio of the whole network.W
1The http traffic carrying capacity of representing the whole network in a certain year, Z
1Represent a certain year in the whole network http business account for the ratio of the whole network total traffic, W
1The total business volume of representing a certain year website 1, Z
1Represent that the total business volume of a certain year website 1 accounts for the ratio of the whole network total traffic, W represents the total traffic of a certain year the whole network, and the value of Z is 1.
Table 1: network flow statistic table
According to the network flow statistic table, can obtain website m n kind business flow with year, the moon, week, sky, hour distribution
The n kind business of website m account for the total business proportion of this website with year, the moon, week, sky, hour distribution
The ratio that the n kind business of website m accounts for the whole network n kind business with year, the moon, week, sky, hour distribution
The n kind business of website m account for the total professional ratio of the whole network with year, the moon, week, sky, hour distribution
The flow of n kind business with year, the moon, week, sky, hour distribution
N kind business account for the total professional ratio of the whole network with year, the moon, week, sky, hour distribution
The flow of m website with year, the moon, week, sky, hour distribution
The flow of m website account for the total professional ratio of the whole network with year, the moon, week, sky, hour distribution
The whole network total flow with year, the moon, week, sky, hour distribution f
Year W(i), f
Moon W(i), f
Week W(i), f
It W(i), f
The time W(i).
All data are regularly upgraded, and the update cycle is respectively half of corresponding observation cycle, make that all data all are up-to-date, effective.
2. the foundation of constraints
By the network flow statistic of certain hour, can obtain professional distributed intelligence.Consider from the time, can obtain a certain local area network (LAN) and distribute 1 year, the service traffics in January, a week, a day, a hour; Consider the business demand rule that to seek different main frames from each terminal.By effective combination of above information, can set up an effective dynamic constrained condition, intelligence, in real time, effectively control the resource distribution of the whole network.The minimum bandwidth of supposing service needed such as http, ftp, VOIP, P2P is respectively B
Http, B
Ftp, B
VOIP, B
P2PDeng, then consider in the following several ways:
If website, business, time do not have specific (special) requirements, make as far as possible that then the miscellaneous service bandwidth can both be respectively greater than B
Http, B
Ftp, B
VOIP, B
P2P,, then make miscellaneous service bandwidth energy geometric ratio in B if total bandwidth is limited
Http, B
Ftp, B
VOIP, B
P2P
Carry out access control by the time statistical information, the priority of statistical information according to year, the moon, week, sky, hour order choose, make the validity of access control be protected, but can fully take into account professional in short-term randomness, variability.According to the flow distribution function of statistics, the business of the whole network is retrained, make the flow of n kind business meet
Requirement, further each business is given each website of corresponding the whole network again, the method for salary distribution meets
Requirement.Here for hour constraints to allow domain of walker be 50%, allowing domain of walker for the constraints in sky is 40%, it is 30% that the constraints in week allows domain of walker.If can not being fully utilized, the bandwidth that the discovery website distributes this resource can be given other professional uses.
Self-defined constraints is carried out in specific demand according to the special period of user, and the factor that mainly needs to consider has work, rest, meeting etc. special website particular service to be had the period of specific demand.Operating time we can reduce the screen business, the restriction website total traffic, the time of having a rest then can be decontroled these restrictions relatively, the time of meeting then needs according to actual conditions particular service, special website to be ensured.These constraintss need manually be configured, and its priority is higher than the dynamic access control based on historical behavior.
The transmission of constraints between 3 Basic Service Sets
As shown in Figure 4, when terminal A when a Basic Service Set 1 moves to another Basic Service Set 2, AP2 can send claim frame when learning new website A ' adding, require the AP1 of the Basic Service Set at original A place to reply network flow statistic table and the corresponding relation information that AP1 had, thereby realize statistical form and the corresponding transmission of relation information between Basic Service Set, the availability that makes moving of website can not cause statistics reduces.AP2 adjusts relation information after the related constraint condition of website A obtaining, and does following adjustment according to the distributed needs of the different business of website A:
AP2 place Basic Service Set website traffic carrying capacity and the corresponding statistical function that accounts for the whole network total traffic ratio thereof multiply by
Upgrade, for example: the distribution that the n kind business of website m changed with the time
The ratio that certain traffic carrying capacity of Basic Service Set website at AP2 place accounts for the whole network corresponding service total amount multiply by
Upgrade, for example: the n kind business of website m accounts for the distribution that the whole network n kind total business volume ratio changed with the time
AP1 place Basic Service Set also can upgrade relevant entries after definite website A leaves, particular content is as follows:
AP1 place Basic Service Set website traffic carrying capacity and the corresponding statistical function that accounts for the whole network total traffic ratio thereof multiply by
Upgrade.For example: the distribution that the n kind business of website m changed with the time
The ratio that certain traffic carrying capacity of Basic Service Set website at AP2 place accounts for the whole network corresponding service total amount multiply by
Upgrade, for example: the n kind business of website m accounts for the distribution that the whole network n kind total business volume ratio changed with the time
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1. the wireless local network access control method of a visit behavior Network Based is characterized in that, comprising:
Network side obtains the information of the packet of different network service type among the Basic Service Set BSS according to the Network type;
Described network side is according to the information of the packet of the different network service type of obtaining, and sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavior duration length and the access to netwoks behavior time of origin that comprise packet;
Described network side is according to the information of the network statistics table of the described BSS that sets up, generate the relation information between the Network type of each website among this BSS, corresponding time and the corresponding network data traffic, carry out access control according to the relation information of each website among this BSS that generates.
2. the method for claim 1 is characterized in that,
Also comprise: when described network side judgement moves to other BSS as if a website among the BSS, then the information of the network flow statistic table of the relation information that this website is generated in former BSS and this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website among each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between the different B SS.
3. the method for claim 1 is characterized in that,
Described network side carries out access control according to the relation information of each website among the BSS that generates, comprise: described network side is judged if Network, corresponding time and the corresponding network data traffic of each website are not subjected to user's particular restriction among this BSS, the bandwidth of then distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
4. the method for claim 1 is characterized in that,
Described network side carries out access control according to the relation information of each website among the BSS that generates, comprise: described network side is judged if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, then distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
5. the method for claim 1 is characterized in that,
The information that described network side obtains the packet of different network service type among the BSS comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavior duration length and access to netwoks behavior time of origin.
6. the access control system of a visit behavior Network Based is characterized in that,
Comprise: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit is used for according to the Network type, obtains the information of the packet of different network service type among the Basic Service Set BSS, and sends to described network statistics table and set up the unit;
Described network statistics table is set up the unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavior duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, be used to receive the information of the network statistics table of described BSS, generate relation information between the Network type of each website among this BSS, corresponding time and the corresponding network data traffic according to this information that receives, carry out access control according to the relation information of each website among this BSS that generates.
7. access control system as claimed in claim 6 is characterized in that,
Described access control unit, also be used for judging if when a BSS one website moves to other BSS, then the information of the network flow statistic table of the relation information that this website is generated in former BSS and this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website among each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between the different B SS.
8. access control system as claimed in claim 6 is characterized in that,
Described access control unit carries out access control according to the relation information of each website among the BSS that generates, be meant: this access control unit judges is not if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, the bandwidth of then distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
9. access control system as claimed in claim 6 is characterized in that,
Described access control unit carries out access control according to the relation information of each website among the BSS that generates, be meant: this access control unit judges is if Network, corresponding time and the corresponding network data traffic of each website are subjected to user's particular restriction among this BSS, then distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
10. access control system as claimed in claim 6 is characterized in that,
The information of the packet of different network service type comprises among the BSS that described acquiring unit obtains: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavior duration length and access to netwoks behavior time of origin.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105800359A CN102088754B (en) | 2010-12-06 | 2010-12-06 | Network access behavior-based access control method and system for wireless local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105800359A CN102088754B (en) | 2010-12-06 | 2010-12-06 | Network access behavior-based access control method and system for wireless local area network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102088754A true CN102088754A (en) | 2011-06-08 |
| CN102088754B CN102088754B (en) | 2013-11-13 |
Family
ID=44100307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105800359A Expired - Fee Related CN102088754B (en) | 2010-12-06 | 2010-12-06 | Network access behavior-based access control method and system for wireless local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102088754B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102781016A (en) * | 2012-06-21 | 2012-11-14 | 华中科技大学 | Method for analyzing user behaviors in wireless local area network |
| CN103249047A (en) * | 2012-02-10 | 2013-08-14 | 中兴通讯股份有限公司 | Wireless local area network hotspot access authentication method and device |
| CN103298061A (en) * | 2012-03-05 | 2013-09-11 | 美国博通公司 | System and method for wireless local area network airtime fairness |
| CN103414634A (en) * | 2013-08-08 | 2013-11-27 | 杭州华三通信技术有限公司 | Method and device for flooding service flow |
| CN103916463A (en) * | 2014-03-18 | 2014-07-09 | 北京京东尚科信息技术有限公司 | Network access statistical analysis method and system |
| CN103997791A (en) * | 2014-06-13 | 2014-08-20 | 重庆大学 | Wireless network resource distribution method and system based on use preference of user terminal resources |
| CN104468411A (en) * | 2014-11-28 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Bandwidth allocation method and device and router |
| CN104813702A (en) * | 2013-06-09 | 2015-07-29 | 华为技术有限公司 | Method for controlling wireless local area network flow and wireless local area network gateway |
| CN106330778A (en) * | 2016-08-22 | 2017-01-11 | 深圳广联赛讯有限公司 | Network flow control method and apparatus |
| CN106357559A (en) * | 2016-09-21 | 2017-01-25 | 东软集团股份有限公司 | Bandwidth allocation method and device |
| WO2017028738A1 (en) * | 2015-08-20 | 2017-02-23 | 阿里巴巴集团控股有限公司 | Region-based risk control method and device |
| CN107248959A (en) * | 2017-06-30 | 2017-10-13 | 联想(北京)有限公司 | A kind of flow optimization method and device |
| CN107819791A (en) * | 2017-12-11 | 2018-03-20 | 迈普通信技术股份有限公司 | Visitor accesses authentication method, certificate server and the system of network |
| TWI665899B (en) * | 2017-01-19 | 2019-07-11 | 香港商阿里巴巴集團服務有限公司 | Area-based risk control method and equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070041385A1 (en) * | 2005-08-17 | 2007-02-22 | Vipin Sali | Prioritization techniques for quality of service packet transmission over EV-DO network |
| CN101064733A (en) * | 2006-04-26 | 2007-10-31 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for controlling user equipment access based on data packet package types |
-
2010
- 2010-12-06 CN CN2010105800359A patent/CN102088754B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070041385A1 (en) * | 2005-08-17 | 2007-02-22 | Vipin Sali | Prioritization techniques for quality of service packet transmission over EV-DO network |
| CN101064733A (en) * | 2006-04-26 | 2007-10-31 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for controlling user equipment access based on data packet package types |
Non-Patent Citations (1)
| Title |
|---|
| 祝建建: "异构无线网络融合相关技术研究", 《中国优秀硕士学位论文全文数据库(信息科技辑)》, 15 November 2010 (2010-11-15) * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103249047B (en) * | 2012-02-10 | 2018-11-23 | 南京中兴新软件有限责任公司 | The access authentication method and device of WLAN hot spot |
| CN103249047A (en) * | 2012-02-10 | 2013-08-14 | 中兴通讯股份有限公司 | Wireless local area network hotspot access authentication method and device |
| CN103298061A (en) * | 2012-03-05 | 2013-09-11 | 美国博通公司 | System and method for wireless local area network airtime fairness |
| CN103298061B (en) * | 2012-03-05 | 2015-10-28 | 美国博通公司 | The method and apparatus of duration fairness is taken for WLAN (wireless local area network) |
| CN102781016A (en) * | 2012-06-21 | 2012-11-14 | 华中科技大学 | Method for analyzing user behaviors in wireless local area network |
| CN102781016B (en) * | 2012-06-21 | 2015-06-03 | 华中科技大学 | Method for analyzing user behaviors in wireless local area network |
| CN104813702A (en) * | 2013-06-09 | 2015-07-29 | 华为技术有限公司 | Method for controlling wireless local area network flow and wireless local area network gateway |
| CN103414634A (en) * | 2013-08-08 | 2013-11-27 | 杭州华三通信技术有限公司 | Method and device for flooding service flow |
| CN103414634B (en) * | 2013-08-08 | 2016-08-31 | 杭州华三通信技术有限公司 | A kind of method and apparatus that flooding of service traffics |
| CN103916463A (en) * | 2014-03-18 | 2014-07-09 | 北京京东尚科信息技术有限公司 | Network access statistical analysis method and system |
| CN103916463B (en) * | 2014-03-18 | 2020-03-31 | 北京京东尚科信息技术有限公司 | Network access statistical analysis method and system |
| CN103997791A (en) * | 2014-06-13 | 2014-08-20 | 重庆大学 | Wireless network resource distribution method and system based on use preference of user terminal resources |
| CN103997791B (en) * | 2014-06-13 | 2017-10-27 | 重庆大学 | The wireless network resource distribution method and system of preference are used based on user terminals resources |
| CN104468411A (en) * | 2014-11-28 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Bandwidth allocation method and device and router |
| WO2017028738A1 (en) * | 2015-08-20 | 2017-02-23 | 阿里巴巴集团控股有限公司 | Region-based risk control method and device |
| CN106469346A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of risk control method based on region and equipment |
| CN106469346B (en) * | 2015-08-20 | 2018-10-02 | 阿里巴巴集团控股有限公司 | A kind of risk control method and equipment based on region |
| CN106330778A (en) * | 2016-08-22 | 2017-01-11 | 深圳广联赛讯有限公司 | Network flow control method and apparatus |
| CN106357559A (en) * | 2016-09-21 | 2017-01-25 | 东软集团股份有限公司 | Bandwidth allocation method and device |
| CN106357559B (en) * | 2016-09-21 | 2020-02-21 | 东软集团股份有限公司 | Bandwidth allocation method and device |
| TWI665899B (en) * | 2017-01-19 | 2019-07-11 | 香港商阿里巴巴集團服務有限公司 | Area-based risk control method and equipment |
| CN107248959A (en) * | 2017-06-30 | 2017-10-13 | 联想(北京)有限公司 | A kind of flow optimization method and device |
| CN107819791A (en) * | 2017-12-11 | 2018-03-20 | 迈普通信技术股份有限公司 | Visitor accesses authentication method, certificate server and the system of network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102088754B (en) | 2013-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102088754B (en) | Network access behavior-based access control method and system for wireless local area network | |
| Li et al. | Control plane optimization in software-defined vehicular ad hoc networks | |
| Xu et al. | A survey of opportunistic offloading | |
| US10484881B2 (en) | Optimization of cellular network architecture based on device type-specific traffic dynamics | |
| Triantafyllou et al. | Network protocols, schemes, and mechanisms for internet of things (iot): Features, open challenges, and trends | |
| Zhou et al. | QoE-driven power scheduling in smart grid: architecture, strategy, and methodology | |
| CN108028780A (en) | method and apparatus for data analysis management | |
| Mavromoustakis et al. | An energy-aware scheme for efficient spectrum utilization in a 5G mobile cognitive radio network architecture | |
| Huang et al. | Software-defined QoS provisioning for fog computing advanced wireless sensor networks | |
| Koubâa et al. | A vision of cyber-physical internet | |
| CN107113243A (en) | For the system and method using Virtual network operator managing network flow | |
| CN105634992A (en) | CDN platform self-adaptive bandwidth control method and system | |
| JP2018523442A (en) | Software defined topology for user plane (SDT) | |
| CN104158755A (en) | Method, device and system used for transmitting messages | |
| CN105230081A (en) | Based on the connectedness of cloud | |
| CN103248451A (en) | Service rate control method, system and device | |
| CN105100276B (en) | A kind of region content caching devices and methods therefor towards inferior content distribution system | |
| CN105227396B (en) | A kind of inferior commending contents dissemination system and its method towards mobile communications network | |
| CN106302230A (en) | A kind of data transmission method and device | |
| Tsai et al. | Reducing energy consumption by data aggregation in M2M networks | |
| Zheleva et al. | Internet bandwidth upgrade: implications on performance and usage in rural zambia | |
| CN103298145A (en) | Configuration method, device and system of differentiated services code point (DSCP) information | |
| CN103427884A (en) | Multi-terminal cooperation obtaining method based on ubiquitous business generation in mobile ad hoc network | |
| CN102845042B (en) | The aggregation of bandwidth system and method for the multiple movable physical interface of a kind of application layer | |
| WO2021014267A1 (en) | Cognitively controlling data delivery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131113 Termination date: 20141206 |
|
| EXPY | Termination of patent right or utility model |