CN102088754B - Network access behavior-based access control method and system for wireless local area network - Google Patents
Network access behavior-based access control method and system for wireless local area network Download PDFInfo
- Publication number
- CN102088754B CN102088754B CN2010105800359A CN201010580035A CN102088754B CN 102088754 B CN102088754 B CN 102088754B CN 2010105800359 A CN2010105800359 A CN 2010105800359A CN 201010580035 A CN201010580035 A CN 201010580035A CN 102088754 B CN102088754 B CN 102088754B
- Authority
- CN
- China
- Prior art keywords
- network
- bss
- information
- website
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 230000003542 behavioural effect Effects 0.000 claims description 13
- PEDCQBHIVMGVHV-UHFFFAOYSA-N Glycerine Chemical compound OCC(O)CO PEDCQBHIVMGVHV-UHFFFAOYSA-N 0.000 description 11
- 238000004458 analytical method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000003780 insertion Methods 0.000 description 4
- 230000037431 insertion Effects 0.000 description 4
- 238000005315 distribution function Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000013179 statistical model Methods 0.000 description 3
- 238000011217 control strategy Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000013468 resource allocation Methods 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开了一种基于网络访问行为的无线局域网接入控制方法及系统,包括:网络侧根据网络业务类型,获取一BSS中不同网络业务类型的数据包的信息;网络侧根据获取的不同网络业务类型的数据包的信息,建立包括数据包的源站点、目的站点、业务类型、网络访问行为持续时间长度和网络访问行为发生时间的所述BSS的网络流量统计表的信息;网络侧根据建立的所述BSS的网络统计表的信息,生成该BSS中各站点的网络业务类型、相应时间和相应网络数据流量之间的关系信息,根据生成的该BSS中各站点的关系信息进行接入控制。应用本发明,解决了无线局域网中如何有效的对网络资源进行分配的问题。
The invention discloses a wireless local area network access control method and system based on network access behavior. The information of the data packets of the business type, establishes the information of the network traffic statistics table of the BSS including the source site of the data packets, the destination site, the business type, the duration of the network access behavior and the time when the network access behavior occurs; the network side according to the established According to the information of the network statistics table of the BSS, generate the relationship information between the network service type, corresponding time and corresponding network data flow of each site in the BSS, and perform access control according to the generated relationship information of each site in the BSS . The application of the invention solves the problem of how to effectively allocate network resources in the wireless local area network.
Description
Technical field
The present invention relates to Network access control technology in the WLAN (wireless local area network) field, relate to especially a kind of wireless local network access control method and system of access behavior Network Based.
Background technology
, along with the numerous and complicated increasingly of continuous growth and the network application of network traffics, simply, unrestrictedly increase the network bandwidth and be the root problem that can not solve network traffics.In WLAN (wireless local area network), by the statistics to the access to netwoks behavior, realize, in the work that is controlled at of website access behavior and life, general realistic meaning is arranged.Can give different websites, different business with different access priorities according to customer demand by the WLAN (wireless local area network) access control, thereby fully effectively utilize bandwidth resources, can effectively guarantee the bandwidth of the high-priority service of the website that priority is higher, suppress to limit the bandwidth of the specific transactions of website.
Existing Access Control Technique is mainly the control mode of fixed constraint condition, is not based on the dynamic access control mode of access to netwoks behavior, more is directed to the monitoring of illegal Internet resources rather than is used for the distribution of local area network resource.
This shows, the technical scheme of the access control of a kind of access behavior Network Based of current needs solves the problem of Resource Allocation in Networks.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of wireless local network access control method and system of access behavior Network Based, has solved the problem of how effectively Internet resources to be distributed in the WLAN (wireless local area network).
In order to address the above problem, the invention provides a kind of wireless local network access control method of access behavior Network Based, comprising:
Network side, according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS;
Described network side is according to the information of the packet of the different network service type of obtaining, and sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet;
Described network side is according to the information of the network statistics table of the described BSS that sets up, generate the relation information between the Network type of each website in this BSS, corresponding time and corresponding network data traffic, according to the relation information of each website in this BSS that generates, carry out access control.
Further, said method also can comprise, when if in described network side judgement one BSS, a website moves to other BSS, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between different B SS.
Further, said method also can comprise, described network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of described network side judgement judgement, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
Further, said method also can comprise, described network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of described network side judgement, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
Further, said method also can comprise, the information that described network side obtains the packet of different network service type in a BSS comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
The present invention also provides a kind of access control of access behavior Network Based: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit, be used for according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS, and send to described network statistics table to set up unit;
Described network statistics table is set up unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, information for the network statistics table that receives described BSS,, according to the relation information between Network type, corresponding time and the corresponding network data traffic of each website in this BSS of this Information generation that receives, according to the relation information of each website in this BSS that generates, carry out access control.
Further, said system also can comprise, described access control unit, judge when BSS one website moves to other BSS if also be used for, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between different B SS.
Further, said system also can comprise, described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
Further, said system also can comprise, described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
Further, said system also can comprise, in the BSS that described acquiring unit obtains, the information of the packet of different network service type comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
Compared with prior art, application the present invention, method by traffic statistics, set up the detailed valid wireless local area network (LAN) statistical model of different observation cycles, set up restriction relation from type of service, website demand, realize based on the dynamic access control of history access behavior and the combination of artificial access control; Realize the transmission of constraints between Basic Service Set, made validity and the continuity that can keep statistics when WLAN (wireless local area network) Basic Service Set website number changes.The present invention takes full advantage of network operations information, and General layout Plan is easy to realize, cost is relatively low can effectively popularize.
Description of drawings
Fig. 1 is the flow chart of the wireless local network access control method of access behavior Network Based in the present invention;
Fig. 2 is the structural representation of the access control system of access Network Based in the present invention;
Fig. 3 is the schematic diagram that in example of the present invention, a Basic Service Set passes through the AP accessing Internet;
Fig. 4 is the transmission schematic diagram of the relation information of website between different Basic Service Sets in the present invention.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments.
The present invention is a kind of dynamic control technology of WLAN (wireless local area network) access of access behavior Network Based, by access control is more effective, according to user's request, Internet resources is configured.The present invention passes through at access point (AP, access point) each website of local area network that runs application on is added up via the corresponding service that AP accesses wide area network, local area network (LAN) or wireless network, set up statistical model, according to client's web-based history access behavior, the bandwidth of the miscellaneous service of each website is carried out dynamic access control.
In WLAN (wireless local area network), AP carries out buffer memory to its data that forward, the information such as time that the time that the source IP address of statistical data packet, purpose IP address, MAC Address, type of service, access to netwoks behavior continue, access to netwoks behavior occur, according to client's demand to the different constraints of different main frames, different traffic set to carry out dynamic access control, and when the user can transmit this constraints from a BSS (Basic Service Set, basic service set) while moving to another BSS.
In Network access control of the present invention, realize the distribution of WLAN (wireless local area network) resource by network traffics seizure and classification, network traffics supervision (statistics and analysis) and control strategy.
1. network traffics catch and identification: this is the first step of carrying out Network access control.Only have by the seizure point is set, network traffics are caught and identify, just can carry out follow-up analysis and control work.Here it is emphasized that especially very macroscopicalization of net flow assorted, also can refinement.Such as the classification such as TCP, UDP, ICMP are just more macroscopical, and the classification of HTTP, FTP or even the flow such as the P2P such as Kazza, Skype and identification have just been compared refinement.Can adopt the well-known message seizure such as Wireshark, TCPDump and analysis software to carry out flow catches and classification work.
2. network traffics monitor (analysis): monitor the operation conditions that is used for showing flow, help find the problem and carry out corresponding management strategy.Application program and network management can be collected classification, displaying and collection information, comprise bandwidth availability ratio, active main frame and network efficiency and active application program.This target can realize by adopting the common on the market visual analyzing management tools such as NTOP in real work.
3. control strategy: next step of network traffic analysis is to distribute bandwidth resources according to priority level.The foundation of distributing can be main frame, application etc., and what need especially consideration is to note considerations that lags behind such as the P2P program of consumption of natural resource or audio frequency and video downloads.Can apply popular flow control tool during concrete operations and carry out and realize, as the monitoring and controlling network traffics of classifying, like this, we just can effectively manage network traffics get up, and original unordered network traffics are become in order.
The present invention is by catching analysis to network data on AP, set up the statistical form of the network operation state informations such as website, type of service, according to user's demand, different websites, business etc. are arranged different constraints, thereby realize the access control of whole WLAN (wireless local area network) with outer net, and this constraints can be transmitted mutually between Basic Service Set.Performing step is as follows:
As shown in Figure 1, the connection control method of access behavior Network Based of the present invention specifically comprises the following steps:
Step 110: network side, according to the Network type, obtains the information such as source IP address, purpose IP address, MAC (medium access control) address, access to netwoks behavioral duration length and access to netwoks behavior time of origin of the packet of different network service type in a BSS;
Step 120: network side is according to the information of the packet of the different network service type obtained, sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet;
Step 130: network side is according to the information of the network flow statistic table of the described BSS that sets up, generate the relation information between the Network type of each website in this BSS, corresponding time and corresponding network data traffic, according to the relation information of each website in this BSS that generates, carry out access control.
In BSS, the relation information of each website can refer to each website based on historical statistics, the time distribution function of different business.
Also comprise: if when in network side judgement one BSS, a website moves to other BSS, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between different B SS.
Network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of judgement, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network as far as possible can be respectively greater than the minimum value of the bandwidth of each default Network, and distribute bandwidth to meet the restriction of described relation information;
Described network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of described network side judgement, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
, if the total bandwidth of network side judgement network is restricted, can distribute the minimum value of the bandwidth of each Network that the bandwidth of each Network equals to preset.
As shown in Figure 2, the access control system of access behavior Network Based of the present invention comprises: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit, be used for according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS, and send to described network statistics table to set up unit;
Described network statistics table is set up unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, information for the network statistics table that receives described BSS,, according to the relation information between Network type, corresponding time and the corresponding network data traffic of each website in this BSS of this Information generation that receives, according to the relation information of each website in this BSS that generates, carry out access control.
Described access control unit, judge when BSS one website moves to other BSS if also be used for, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between different B SS.
Described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network as far as possible can be respectively greater than the minimum value of the default required primary bandwidth of each Network, and distribute bandwidth to meet the restriction of relation information in certain domain of walker.
Described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first should meet the bandwidth of user's specific demand, distribute on this basis bandwidth should meet the restriction of relation information in certain domain of walker.
Relation information can comprise three aspects: 1. the required primary bandwidth of miscellaneous service; 2. based on the time distribution function of historical statistics business; 3. user's specific demand.
In the BSS that described acquiring unit obtains, the information of the packet of different network service type comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration and access to netwoks behavior time of origin.
The present invention mainly is to set up comprehensively, effective network statistics model, set up on this basis the network insertion constraints based on the access behavioral statistics, network insertion is controlled, can effectively transmit the related constraint condition when website moves across Basic Service Set, major significance of the present invention just is this.
The invention will be further described below in conjunction with instantiation.
As shown in Figure 3, five terminals (can be PC) form a Basic Service Set by the AP accessing Internet to the case scene, and all data all will forward and arrive each terminal by AP.Therefore just can realize the statistical analysis of whole network data and effective distribution of Internet resources by the software of operational network access control on AP.The specific implementation step of software comprises: to network traffics add up and set up statistical model, the constraints of setting up network insertion according to model dynamically controls, realizes the transfer of constraints between Basic Service Set to network insertion.
1. network flow statistic model
Catch the ASSOCIATE STATISTICS that obtains network service outside the access of local area network (LAN) domestic site by local area network packet on AP, set up statistical form and according to customer demand, set up restriction relation.
At different time, the proportion that different business is shared, comprise http, email, ftp, p2p and VOIP etc. according to different websites of statistics such as website id, purpose IP address, target MAC (Media Access Control) address.The client is the input constraint condition according to demand, increases or dwindle certain business of particular station.
On timing statistics we to adopt the method for refinement step by step to set timing statistics interval, comprise for year, moon, week, sky, hour statistics,, for applied situation difference, can manually set timing statistics, comprise work, rest, meeting etc.Set up detailed model by the statistics of system, for the dynamic access control of the access of local area network (LAN) provides reliable basis., according to different timing statisticses, set up statistical form as shown in table 1, thereby set up a detailed data system.Suppose that table 1 is the data statistic take year as unit, w in the table
11The flow that represents the http business of a certain year website 1, x
11Represent that the http business of a certain year website 1 accounts for the ratio of website 1 all business, y
11Represent that the http business of a certain year website 1 accounts for the ratio of the whole network http business, z
11Represent that the http business of a certain year website 1 accounts for the ratio of the total business of the whole network.W
1The http traffic carrying capacity that represents the whole network in a certain year, Z
1Represent a certain year in the whole network http business account for the ratio of the whole network total traffic, W
1The total business volume that represents a certain year website 1, Z
1Represent that the total business volume of a certain year website 1 accounts for the ratio of the whole network total traffic, W represents the total traffic of a certain year the whole network, and the value of Z is 1.
Table 1: network flow statistic table
According to the network flow statistic table, can obtain website m n kind business flow with year, the moon, week, sky, hour distribution
The n kind business of website m account for the total business proportion of this website with year, the moon, week, sky, hour distribution
The ratio that the n kind business of website m accounts for the whole network n kind business with year, the moon, week, sky, hour distribution
The ratio that the n kind business of website m accounts for the total business of the whole network with year, the moon, week, sky, hour distribution
The flow of n kind business with year, the moon, week, sky, hour distribution
The ratio that n kind business accounts for the total business of the whole network with year, the moon, week, sky, hour distribution
The flow of m website with year, the moon, week, sky, hour distribution
The ratio that the flow of m website accounts for the total business of the whole network with year, the moon, week, sky, hour distribution
The whole network total flow with year, the moon, week, sky, hour distribution f
Year W(i), f
Moon W(i), f
Week W(i), f
It W(i), f
The time W(i).
All data timings upgrade, and the update cycle is respectively half of corresponding observation cycle, and it is all up-to-date, effective making all data.
2. the foundation of constraints
, by the network flow statistic of certain hour, can obtain the distributed intelligence of business.Consider from the time, can obtain a certain local area network (LAN) and distribute 1 year, the service traffics in January, a week, a day, a hour; Consider the business demand rule that can seek different main frames from each terminal., by effective combination of above information, can set up an effective dynamic constrained condition, intelligent, as in real time, effectively to control the whole network resource distribution.The minimum bandwidth of supposing the service needed such as http, ftp, VOIP, P2P is respectively B
Http, B
ftp, B
VOIP, B
P2PDeng, consider in the following several ways:
, if website, business, time do not have specific (special) requirements, make the miscellaneous service bandwidth can be respectively greater than B as far as possible
Http, B
ftp, B
VOIP, B
P2P, if total bandwidth is limited, make miscellaneous service bandwidth energy geometric ratio in B
Http, B
ftp, B
VOIP, B
P2P.
Carry out access control by the time statistical information, the priority of statistical information according to year, the moon, week, sky, hour order choose, make the validity of access control be protected, but can fully take into account randomness, the variability of business in short-term.According to the flow distribution function of statistics, the business of the whole network is retrained, make the flow of n kind business meet
Requirement, more further each business is given each website of corresponding the whole network, the method for salary distribution meets
Requirement.Here for hour constraints to allow domain of walker be 50%, allowing domain of walker for the constraints in sky is 40%, it is 30% that the constraints in week allows domain of walker.If find that the bandwidth that website distributes can not be fully utilized this resource can be given other business and use.
Carry out self-defined constraints according to the specific demand of special period of user, mainly need the factor of considering to have work, rest, meeting etc. special website particular service to be had the period of specific demand.Operating time we can reduce the screen business, the restriction website total traffic, the time of having a rest can be decontroled these restrictions relatively, the time of meeting needs according to actual conditions, particular service, special website to be ensured.These constraintss need to manually be configured, and its priority is higher than the dynamic access control based on historical behavior.
The transmission of constraints between 3 Basic Service Sets
As shown in Figure 4, when terminal A moves to another Basic Service Set 2 from a Basic Service Set 1, AP2 learns that new website A ' can send claim frame when adding, require the AP1 of the Basic Service Set at original A place to reply network flow statistic table and the corresponding relation information that AP1 has, thereby realize statistical form and the corresponding transmission of relation information between Basic Service Set, make the movement of website can not cause the availability of statistics to reduce.AP2 adjusts relation information after the related constraint condition of website A obtaining, and according to the distributed needs of the different business of website A, does following adjustment:
AP2 place Basic Service Set website traffic carrying capacity and the corresponding statistical function that accounts for the whole network total traffic ratio thereof multiply by
Upgrade, for example: the distribution that the n kind business of website m changed with the time
The ratio that certain traffic carrying capacity of Basic Service Set website at AP2 place accounts for the whole network corresponding service total amount multiply by
Upgrade, for example: the n kind business of website m accounts for the distribution that the whole network n kind total business volume ratio changed with the time
AP1 place Basic Service Set after definite website A leaves, also can upgrade relevant entries, and particular content is as follows:
AP1 place Basic Service Set website traffic carrying capacity and the corresponding statistical function that accounts for the whole network total traffic ratio thereof multiply by
Upgrade.For example: the distribution that the n kind business of website m changed with the time
The ratio that certain traffic carrying capacity of Basic Service Set website at AP2 place accounts for the whole network corresponding service total amount multiply by
Upgrade, for example: the n kind business of website m accounts for the distribution that the whole network n kind total business volume ratio changed with the time
The above; only for the better embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (6)
1. the wireless local network access control method of an access behavior Network Based, is characterized in that, comprising:
Network side, according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS;
Described network side is according to the information of the packet of the different network service type of obtaining, and sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet;
Described network side is according to the information of the network statistics table of the described BSS that sets up, generate the relation information between the Network type of each website in this BSS, corresponding time and corresponding network data traffic, if judge that the Network of each website in this BSS, corresponding time and corresponding network data traffic are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information; Otherwise at first the bandwidth of distributing each Network meets the bandwidth of user's specific demand, and distributes bandwidth to meet the restriction of described relation information.
2. the method for claim 1, is characterized in that,
Also comprise: if when in described network side judgement one BSS, a website moves to other BSS, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between different B SS.
3. the method for claim 1, is characterized in that,
The information that described network side obtains the packet of different network service type in a BSS comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
4. the access control system of an access behavior Network Based, is characterized in that,
Comprise: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit, be used for according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS, and send to described network statistics table to set up unit;
Described network statistics table is set up unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, information for the network statistics table that receives described BSS, according to the relation information between Network type, corresponding time and the corresponding network data traffic of each website in this BSS of this Information generation that receives, if judge that the Network of each website in this BSS, corresponding time and corresponding network data traffic are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information; Otherwise at first the bandwidth of distributing each Network meets the bandwidth of user's specific demand, and distributes bandwidth to meet the restriction of described relation information.
5. access control system as claimed in claim 4, is characterized in that,
Described access control unit, judge when BSS one website moves to other BSS if also be used for, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between different B SS.
6. access control system as claimed in claim 4, is characterized in that,
In the BSS that described acquiring unit obtains, the information of the packet of different network service type comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105800359A CN102088754B (en) | 2010-12-06 | 2010-12-06 | Network access behavior-based access control method and system for wireless local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105800359A CN102088754B (en) | 2010-12-06 | 2010-12-06 | Network access behavior-based access control method and system for wireless local area network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102088754A CN102088754A (en) | 2011-06-08 |
| CN102088754B true CN102088754B (en) | 2013-11-13 |
Family
ID=44100307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105800359A Expired - Fee Related CN102088754B (en) | 2010-12-06 | 2010-12-06 | Network access behavior-based access control method and system for wireless local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102088754B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103249047B (en) * | 2012-02-10 | 2018-11-23 | 南京中兴新软件有限责任公司 | The access authentication method and device of WLAN hot spot |
| US8818293B2 (en) * | 2012-03-05 | 2014-08-26 | Broadcom Corporation | System and method for wireless local area network airtime fairness |
| CN102781016B (en) * | 2012-06-21 | 2015-06-03 | 华中科技大学 | Method for analyzing user behaviors in wireless local area network |
| CN104813702A (en) * | 2013-06-09 | 2015-07-29 | 华为技术有限公司 | Method for controlling wireless local area network flow and wireless local area network gateway |
| CN103414634B (en) * | 2013-08-08 | 2016-08-31 | 杭州华三通信技术有限公司 | A kind of method and apparatus that flooding of service traffics |
| CN103916463B (en) * | 2014-03-18 | 2020-03-31 | 北京京东尚科信息技术有限公司 | Network access statistical analysis method and system |
| CN103997791B (en) * | 2014-06-13 | 2017-10-27 | 重庆大学 | The wireless network resource distribution method and system of preference are used based on user terminals resources |
| CN104468411A (en) * | 2014-11-28 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Bandwidth allocation method and device and router |
| CN106469346B (en) * | 2015-08-20 | 2018-10-02 | 阿里巴巴集团控股有限公司 | A kind of risk control method and equipment based on region |
| CN106330778B (en) * | 2016-08-22 | 2020-01-24 | 深圳广联赛讯有限公司 | Network flow control method and device |
| CN106357559B (en) * | 2016-09-21 | 2020-02-21 | 东软集团股份有限公司 | Bandwidth allocation method and device |
| TWI665899B (en) * | 2017-01-19 | 2019-07-11 | 香港商阿里巴巴集團服務有限公司 | Area-based risk control method and equipment |
| CN107248959B (en) * | 2017-06-30 | 2020-07-24 | 联想(北京)有限公司 | Flow optimization method and device |
| CN107819791A (en) * | 2017-12-11 | 2018-03-20 | 迈普通信技术股份有限公司 | Visitor accesses authentication method, certificate server and the system of network |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064733A (en) * | 2006-04-26 | 2007-10-31 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for controlling user equipment access based on data packet package types |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8634422B2 (en) * | 2005-08-17 | 2014-01-21 | Qualcomm Incorporated | Prioritization techniques for quality of service packet transmission over a network lacking quality of service support at the media access control layer |
-
2010
- 2010-12-06 CN CN2010105800359A patent/CN102088754B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064733A (en) * | 2006-04-26 | 2007-10-31 | 上海贝尔阿尔卡特股份有限公司 | Method and apparatus for controlling user equipment access based on data packet package types |
Non-Patent Citations (1)
| Title |
|---|
| 祝建建.异构无线网络融合相关技术研究.《中国优秀硕士学位论文全文数据库(信息科技辑)》.2010, * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102088754A (en) | 2011-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102088754B (en) | Network access behavior-based access control method and system for wireless local area network | |
| Xu et al. | A survey of opportunistic offloading | |
| Li et al. | Control plane optimization in software-defined vehicular ad hoc networks | |
| Zhou et al. | QoE-driven power scheduling in smart grid: architecture, strategy, and methodology | |
| Huang et al. | Software-defined QoS provisioning for fog computing advanced wireless sensor networks | |
| Mavromoustakis et al. | An energy-aware scheme for efficient spectrum utilization in a 5G mobile cognitive radio network architecture | |
| CN110351571A (en) | Live video cloud transcoding resource allocation and dispatching method based on deeply study | |
| CN104158755A (en) | Method, device and system used for transmitting messages | |
| CN103944917B (en) | A kind of video distribution optimization method being applied to microblogging social networks | |
| CN110881054B (en) | An edge cache method, device and system | |
| CN115665227B (en) | Universal heterogeneous integrated computing network resource intelligent adaptation network architecture and method | |
| Pacifici et al. | Cache bandwidth allocation for P2P file-sharing systems to minimize inter-ISP traffic | |
| Kim | 5G Network Communication, Caching, and Computing Algorithms Based on the Two‐Tier Game Model | |
| Tsai et al. | Reducing energy consumption by data aggregation in M2M networks | |
| Eghbali et al. | Bandwidth allocation and pricing for SDN-enabled home networks | |
| WO2016197458A1 (en) | Traffic control method and apparatus | |
| CN104519106B (en) | A kind of task immigration method and network controller | |
| Zhong et al. | Joint optimal multicast scheduling and caching for improved performance and energy saving in wireless heterogeneous networks | |
| Wang et al. | Software defined autonomic QoS model for future Internet | |
| Nguyen et al. | A cross-layer green information-centric networking design toward the energy internet | |
| Chunlin et al. | Distributed QoS-aware scheduling optimization for resource-intensive mobile application in hybrid cloud | |
| Zheleva et al. | Internet bandwidth upgrade: implications on performance and usage in rural zambia | |
| Li et al. | Towards QoE named content-centric wireless multimedia sensor networks with mobile sinks | |
| CN107801207B (en) | Data transmission method and system in wireless multimedia sensor network | |
| Araújo et al. | A longitudinal analysis of internet rate limitations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131113 Termination date: 20141206 |
|
| EXPY | Termination of patent right or utility model |