CN104137503A - Method, apparatus and network device for monitoring network - Google Patents

Method, apparatus and network device for monitoring network Download PDF

Info

Publication number
CN104137503A
CN104137503A CN201280003110.2A CN201280003110A CN104137503A CN 104137503 A CN104137503 A CN 104137503A CN 201280003110 A CN201280003110 A CN 201280003110A CN 104137503 A CN104137503 A CN 104137503A
Authority
CN
China
Prior art keywords
terminal device
data
identification information
message
uploaded
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201280003110.2A
Other languages
Chinese (zh)
Other versions
CN104137503B (en
Inventor
郭伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN104137503A publication Critical patent/CN104137503A/en
Application granted granted Critical
Publication of CN104137503B publication Critical patent/CN104137503B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to the technical field of wireless communications. Disclosed are a method, an apparatus and a network device for monitoring a network, so that the propagation speed of malicious information in a network can be reduced by limiting traffic of a terminal device that sends the malicious information. The method of the present invention comprises: detecting whether malicious information exists in data uploaded by a terminal device; if malicious information exists in the data uploaded by the terminal device, obtaining a preset information control policy, the information control policy being used for indicating a data traffic limiting manner; and limiting data traffic of the terminal device according to the information control policy. The present invention can be used for controlling the propagation speed of malicious information in a network.

Description

Method, apparatus and network device for monitoring network
Monitor method, device and the network equipment of network
Technical field
The present invention relates to wireless communication technique field, more particularly to a kind of method, device and network equipment for monitoring network.
Background technology
With the development of wireless communication technique, terminal device is gradually intelligent, and forms very big market.But, the fallacious message such as virus, rogue software for attacking intelligent terminal also begins to be full of communication network, and this compromises the information security of intelligent terminal, also have impact on the operational efficiency of wireless network.
The Main Means ensured information security at present include:
In network side access antivirus equipment, the data sent by terminal device to network side are monitored by equipment of killing virus and filter virus.For example:In communication network conventional at present, Viral diagnosis equipment can be connected to GPRS serving GPRS support nodes by optical splitter GE(Serving GPRS SUPPORT NODE, SGSN) and Gateway GPRS Support Node(Gateway GPRS Support Node, GGSN between), then the data between all process SGSN and GGSN can all be generated a mirror image by optical splitter and be sent to Viral diagnosis equipment, so that Viral diagnosis equipment can be monitored and the work such as filter virus to the data by network side.
Problem of the prior art
In the prior art, when more terminal device has infected virus or rogue software, the fallacious message in data received by network side can also become many, the speed propagated in a network due to virus or the fallacious message such as rogue software is quickly, a large amount of fallacious messages can be included by often occurring in the data traffic that network side joint is received in the short time, this can increase the load of network side, reduce the operational efficiency of communication network, or even cause the major accidents such as periods of network disruption.
The content of the invention
Embodiments of the invention provide a kind of method, device and network equipment for monitoring network, Neng Goutong The flow that limitation sends the terminal device of fallacious message is crossed, to reduce the speed that fallacious message is propagated in a network, so that the load of network side is reduced, the problem of operational efficiency that Slow subtracts communication network is reduced.
To reach above-mentioned purpose, embodiments of the invention are adopted the following technical scheme that:
First aspect there is provided it is a kind of monitor network method, including:Detect and whether there is fallacious message in the data that terminal device is uploaded;
If there is fallacious message in the data that the terminal device is uploaded, default information governance policies are obtained, described information control strategy is used for the mode for representing limitation data traffic;
According to described information control strategy, the data traffic of the terminal device is limited.
With reference in a first aspect, in the first possible implementation of first aspect, the data traffic of the limitation terminal device includes:The priority of the terminal device is reduced, the priority includes:The service bearer priority of the current business of the terminal device, or the terminal equipment access network priority.
With reference in a first aspect, in second of possible implementation of first aspect, the data traffic of the limitation terminal device includes:Reduce the message transmission rate of the terminal device.
With reference in a first aspect, in the third possible implementation of first aspect, the data traffic of the limitation terminal device includes:The data that the received terminal device of shielding is sent, or cut off the network connection of the terminal device.
With reference in a first aspect, in the 4th kind of possible implementation of first aspect, in addition to:The identification information of the terminal device is obtained, the identification information includes:The terminal device
MAC Address, IP address, international mobile subscriber identity IMSI or mobile station ISDN number MSISDN;
Detect whether the identification information of the terminal device has been recorded, if the identification information of the terminal device has been recorded, obtain described information control strategy, and according to described information control strategy, limit the data traffic of the terminal device.
With reference to first aspect or the 4th kind of possible implementation of first aspect, in the 5th kind of possible implementation, in addition to:If there is fallacious message in the data that the terminal device is uploaded, if or the identification information of the terminal device send prompt message, institute to the terminal device when being recorded State prompt message and represent there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
With reference to the 5th kind of possible implementation of first aspect, in the 6th kind of possible implementation, in addition to:It is determined that currently carrying out other terminal devices of data interaction with the terminal device;The prompt message is sent to other terminal devices.
Second aspect there is provided it is a kind of monitor network device, including:
Detection module, fallacious message is whether there is for detecting in the data that terminal device is uploaded;Control strategy acquisition module, if there is fallacious message in the data uploaded for the terminal device, obtains default information governance policies, described information control strategy is used for the mode for representing limitation data traffic;
Control module, for according to described information control strategy, limiting the data traffic of the terminal device.
With reference to second aspect, in the first possible implementation of second aspect, the control module includes:Two priority classes unit, the priority for reducing the terminal device, the priority includes:The service bearer priority of the current business of the terminal device, or the terminal equipment access network priority.
With reference to second aspect, in second of possible implementation of second aspect, the control module includes:Transmission rate control unit, the message transmission rate for reducing the terminal device.
With reference to second aspect, in the third possible implementation of second aspect, the control module includes:Screen unit, for shielding the data that the received terminal device is sent, or cuts off the network connection of the terminal device.
With reference to second aspect, in the 4th kind of possible implementation of second aspect, in addition to:Identification module, the identification information for obtaining the terminal device, the identification information includes:MAC Address, IP address, international mobile subscriber identity IMSI or the mobile station ISDN number MSISDN of the terminal device;
Enquiry module, for detecting whether the identification information of the terminal device has been recorded, if the identification information of the terminal device has been recorded, obtains described information control strategy, and according to the letter Control strategy is ceased, the data traffic of the terminal device is limited.
With reference to second aspect or the 4th kind of possible implementation of second aspect, in the 5th kind of possible implementation, in addition to:Sending module, if there is fallacious message in the data uploaded for the terminal device, if or the identification information of the terminal device is when being recorded, prompt message is sent to the terminal device, the prompt message represents there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
With reference to the 5th kind of possible implementation of second aspect, in the 6th kind of possible implementation, in addition to:
Tracing module, for determining other terminal devices currently with terminal device progress data interaction;
The sending module, is additionally operable to send the prompt message to other terminal devices.The third aspect there is provided it is a kind of monitor network the network equipment, including:Processor, communication interface, memory, bus, the processor, the communication interface and the memory, by the bus complete mutual communication, wherein:
The processor, fallacious message is whether there is for obtaining the data that terminal device is uploaded by the communication interface, and detecting in the data that the terminal device is uploaded;
The processor, if there is fallacious message in being additionally operable to the data that the terminal device is uploaded, default information governance policies are then obtained from the memory, described information control strategy is used for the mode for representing limitation data traffic, and according to described information control strategy, the data traffic of the terminal device is limited by the communication interface;
The memory, for storing the default information governance policies;
The communication interface, for the data transfer that uploads the terminal device to the processor, and transmits the information for being used to limit the data traffic of the terminal device that the processor is sent.
With reference to the third aspect, in the first possible implementation of the third aspect, the processor is additionally operable to reduce the priority of the terminal device by the communication interface, the priority includes:The service bearer priority of the current business of the terminal device, or the terminal equipment access network priority. With reference to the third aspect, in second of possible implementation of the third aspect, the processor is additionally operable to reduce the message transmission rate of the terminal device by the communication interface.
With reference to the third aspect, in the third possible implementation of the third aspect, the processor is additionally operable to shield the data that the received terminal device is sent by the communication interface, or cut off the network connection of the terminal device.
With reference to the third aspect, in the 4th kind of possible implementation of the third aspect, in addition to:The processor, is additionally operable to obtain the identification information of the terminal device by the communication interface, and the identification information includes:MAC Address, IP address, international mobile subscriber identity IMSI or the mobile station ISDN number MSISDN of the terminal device;And detect whether the identification information of the terminal device has been recorded in the memory, if the identification information of the terminal device has been recorded in the memory, described information control strategy is then obtained from the memory, and according to described information control strategy, the data traffic of the terminal device is limited by the communication interface;The memory, the knowledge that is additionally operable to store the terminal device is another ' J information.
With reference to the third aspect or the 4th kind of possible implementation of the third aspect, in the 5th kind of possible implementation, in addition to:The processor, if there is fallacious message in being additionally operable to the data that the terminal device is uploaded, if or the identification information of the terminal device is when being recorded, prompt message is then sent to the terminal device by the communication interface, the prompt message represents there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
With reference to the 5th kind of possible implementation of the third aspect, in the 6th kind of possible implementation, the processor, it is additionally operable to determine currently to carry out other terminal devices of data interaction with the terminal device, and the prompt message is sent to other terminal devices by the communication interface.
Method, device and the network equipment of monitoring network provided in an embodiment of the present invention, can to upload fallacious message terminal device, take corresponding information governance policies, and the data traffic of the terminal device is limited according to information governance policies, so as to reduce the speed that the terminal device transmits fallacious message into network.Relative to prior art, the present invention can send the flow of the terminal device of fallacious message by limitation, to reduce the speed that fallacious message is propagated in a network, so as to reduce the load of network side, Slow The problem of subtracting the operational efficiency of communication network and reduce.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, cylinder will be made to the required accompanying drawing used in embodiment below singly to introduce, apparently, drawings in the following description are only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of flow chart for the method for monitoring network provided in an embodiment of the present invention;Fig. 2 a are a kind of flow chart of the method for another monitoring network provided in an embodiment of the present invention;Fig. 2 b are another flow chart of the method for another monitoring network provided in an embodiment of the present invention;Fig. 2 c are another flow chart of the method for another monitoring network provided in an embodiment of the present invention;Fig. 3 is the flow chart of the method for another monitoring network provided in an embodiment of the present invention;Fig. 3 a are a kind of schematic diagram of instantiation of the method for another monitoring network provided in an embodiment of the present invention;Fig. 3 b are the schematic diagram of another instantiation of another monitoring network provided in an embodiment of the present invention;A kind of Fig. 4 a structural representations for the device for monitoring network provided in an embodiment of the present invention;A kind of structural representation of the device of Fig. 4 b another monitoring networks provided in an embodiment of the present invention;Another structural representation of the device of Fig. 4 c another monitoring networks provided in an embodiment of the present invention;The yet another construction schematic diagram of the device of Fig. 4 d another monitoring networks provided in an embodiment of the present invention; Fig. 5 is a kind of structural representation for the network equipment for monitoring network provided in an embodiment of the present invention.Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, all other embodiment that those of ordinary skill in the art are obtained under the premise of creative work is not made belongs to the scope of protection of the invention.
In embodiments of the present invention there is provided a kind of method for monitoring network, as shown in figure 1, including:101, detect and whether there is fallacious message in the data that terminal device is uploaded.
If in the absence of fallacious message, not dealing with.
It should be noted that the scheme in the present embodiment can be performed by the network equipment, such as:It can be performed by the traffic monitoring equipment in core net, such as:By business monitoring gateway(Service Inspection Gateway, SIG) perform.The net that the embodiment of the present invention can be used for can have a variety of to standard, for example:Global system for mobile communications(Global System for Mobile Communications, GSM), UMTS (Universal Mobile Telecommunications System, UMTS), Long Term Evolution (Long Term Evolution, LTE) or Wi-Fi etc..
In the present embodiment, the traffic monitoring such as SIG equipment can be detected in the data that terminal device is uploaded with the presence or absence of such as by conventional technological means:The fallacious messages such as virus, trojan horse program, Malware, the address information of malicious web pages, address resolution protocol (Address Resolution Protocol, ARP) attack information, TCP/IP attack information.
102, if there is fallacious message in the data that the terminal device is uploaded, obtain default information governance policies.
In the present embodiment, information governance policies can be preset in the memory of traffic monitoring equipment by technical staff, can also be obtained by the automatic server from operator of traffic monitoring equipment, and prestore in memory.Wherein, information governance policies are used for the mode for representing limitation data traffic, i.e. traffic monitoring equipment can be controlled according to default information governance policies to the flow of terminal device, so as to limit The flow of terminal device processed, for example:
In GSM and UMTS network, traffic monitoring equipment can trigger the base station controller in core net by conventional technological means(Base Station Controller, BSC) service quality is carried out to terminal device(Quality of Service, QoS) control, in the lte networks, traffic monitoring equipment can also trigger the base transceiver station in core net by conventional technological means(Base Transceiver Station, BTS) QoS controls are carried out to terminal device.Wherein, the embodiment of QoS controls can include what is commonly used:By reducing the service bearer priority of terminal device, the flow of terminal device is reduced;Or uplink/downlink flow velocity during reduction terminal device transmission data;Or the uplink/downlink flow velocity of service bearer of reduction terminal device etc..By performing the embodiment of QoS controls, traffic monitoring equipment can be further added by by triggering the flow of the network equipment limiting terminal equipment such as BSC, BTS, or reduce the flow of terminal device.
Again for example:Traffic monitoring equipment can intercept the packet that terminal device is transmitted by conventional technological means, so as to block the flow of terminal device;The connection that the network equipments such as BSC, BTS cut off terminal device can also can also be triggered, such as:In LTE, traffic monitoring equipment can trigger the packet switch PS connections of BTS disconnected end equipment, or disconnect 7 loads of user plane(Radio Access Bearer, RAB) carrying, or disconnect single transmission control protocol (Transmission Control Protocol, TCP) connection.
Further, in the present embodiment, the type for the fallacious message that traffic monitoring equipment can also be uploaded according to terminal device, obtains different information governance policies, for example:As shown in Table 1 be default fallacious message type and information governance policies between mapping relations, traffic monitoring equipment can according to table one mapping relations, the type of the fallacious message uploaded according to terminal device, selects corresponding information governance policies.
Table one
If fallacious message is not present in the data that the terminal device is uploaded, do not deal with. Further, in the present embodiment, traffic monitoring equipment can also obtain information governance policies according to the flow of fallacious message.For example:Terminal device is within a time cycle(Such as half an hour)Send more than predetermined threshold value(Such as 20)Fallacious message.And predetermined threshold value can be a series of threshold value classifications, such as:As shown in Table 2 be fallacious message flow threshold value and information governance policies between mapping relations,
Table two
Wherein, terminal device have sent in 1 hour takes the fallacious messages such as viruliferous multimedia message more than or equal to 5, then sends the prompt messages such as short message warning to terminal device;More than or equal to 10 fallacious messages are have sent when terminal device is interior when 1 is small, then intercept the packet of terminal device transmission;More than or equal to 20 fallacious messages are have sent when terminal device is interior when 1 is small, then cut off the connection of terminal device.
103, according to described information control strategy, limit the data traffic of the terminal device.
Traffic monitoring equipment can be according to acquired information governance policies, and the data traffic to the terminal device is limited, for example:Traffic monitoring equipment can perform QoS controls by triggering the network equipments such as BSC, BTS, so as to which the flow of limiting terminal equipment is not further added by, reduced the flow of terminal device or cuts off the connection of terminal device, traffic monitoring equipment can also directly block the flow of terminal device.
The method for the monitoring network that the present embodiment is provided, can to upload fallacious message terminal device, corresponding information governance policies are taken, and the data traffic of the terminal device is limited according to information governance policies, so as to reduce the speed that the terminal device transmits fallacious message into network.Relative to prior art, the present invention can send the flow of the terminal device of fallacious message by limitation, to reduce the speed that fallacious message is propagated in a network, so that the load of network side is reduced, the problem of operational efficiency that Slow subtracts communication network is reduced. Optionally, in embodiments of the present invention there is provided the method for another monitoring network, as shown in Fig. 2 a, including:
201, detect and whether there is fallacious message in the data that terminal device is uploaded.
If in the absence of fallacious message, not dealing with.
202, if there is fallacious message in the data that the terminal device is uploaded, obtain default information governance policies.
Wherein, information governance policies are used for the mode for representing limitation data traffic.
203a, according to described information control strategy, reduces the priority of the terminal device.
Wherein, priority includes:The service bearer priority of the current business of terminal device, or terminal equipment access network priority.
In practical application, the service bearer priority of the current business of terminal device, the priority isopreference level of access network are higher, the flow of terminal device is also bigger, therefore, traffic monitoring equipment can trigger the network equipments such as BSC, BTS and perform QoS controls, the priority of terminal device is reduced, so that the flow of terminal device does not increase further, or the flow of terminal device is reduced.It is optional side by side, in embodiments of the present invention there is provided the method for another monitoring network, as shown in Fig. 2 b, including:
201, detect and whether there is fallacious message in the data that terminal device is uploaded.
If in the absence of fallacious message, not dealing with.
202, if there is fallacious message in the data that the terminal device is uploaded, obtain default information governance policies.
Wherein, information governance policies are used for the mode for representing limitation data traffic.
203b, according to described information control strategy, reduces the message transmission rate of the terminal device.In practical application, traffic monitoring equipment can reduce the message transmission rate of terminal device, so as to reduce the flow of terminal device for example:Traffic monitoring equipment can trigger the network equipments such as BSC, BTS and perform QoS controls, the transmission rate for the service link that reduction terminal device currently takes so that terminal The data volume that equipment is transmitted within the unit interval by shared service link is reduced, so as to reduce flow.It is optional side by side, in embodiments of the present invention there is provided the method for another monitoring network, as shown in Figure 2 c, including:
201, detect and whether there is fallacious message in the data that terminal device is uploaded.
If in the absence of fallacious message, not dealing with.
202, if there is fallacious message in the data that the terminal device is uploaded, obtain default information governance policies.
Wherein, information governance policies are used for the mode for representing limitation data traffic.
203c, according to described information control strategy, the data that the received terminal device of shielding is sent, or cut off the network connection of the terminal device.
In practical application, traffic monitoring equipment can shield the data that received terminal device is sent, or cut off the network connection of terminal device by the network equipment, so that the flow of terminal device is reduced into zero.The method for the monitoring network that the present embodiment is provided, can to upload fallacious message terminal device, corresponding information governance policies are taken, and the data traffic of the terminal device is limited according to information governance policies, so as to reduce the speed that the terminal device transmits fallacious message into network.Relative to prior art, the present invention can send the flow of the terminal device of fallacious message by limitation, to reduce the speed that fallacious message is propagated in a network, so that the load of network side is reduced, the problem of operational efficiency that Slow subtracts communication network is reduced.
It is further alternative, in embodiments of the present invention there is provided the method for another monitoring network, as shown in figure 3, including:
It whether there is fallacious message in 301a, the data that detection terminal device is uploaded. If in the absence of fallacious message, not dealing with.
Arranged side by side, as shown in figure 3, also including:
301b, obtains the identification information of the terminal device.
Wherein, identification information includes:MAC Address, IP address, the international mobile subscriber of terminal device know another ll codes (International Mobile Subscriberldentification Number, IMSI) or mobile station ISDN/PSTN numbers( Mobile Subscriber International ISDN/PSTN number, MSISDN ).
In the present embodiment, traffic monitoring equipment can obtain the information such as MAC Address, IP address, international mobile subscriber identity IMSI or the mobile station ISDN number MSISDN of terminal device by conventional technological means, for example:Traffic monitoring equipment can obtain MAC Address, the IP address of terminal device by equipment such as BTS;The information such as the IMSI or MSISDN of terminal device are often carried in the packet sent by terminal device, traffic monitoring equipment can decapsulate to the packet that terminal device is sent and obtain the IMSI or MSISDN of terminal device.
302b, detects whether the identification information of the terminal device has been recorded.
In the present embodiment, traffic monitoring equipment can be after 302a be performed, by the identification informations such as the MAC Address for the terminal device that there is fallacious message in the data uploaded, IP address, international mobile subscriber identity IMSI or mobile station ISDN number MSISDN record in memory.For example:When traffic monitoring equipment performs 302b, the identification information for detecting terminal device has been recorded in blacklist in memory, illustrate that third the terminal device has fallacious message in the data of preceding upload, then there is potential safety hazard in the terminal device, need to limit the data traffic of the terminal device according to default information governance policies, fallacious message spread speed is subtracted with Slow.
If the identification information of terminal device is not recorded, do not deal with.
303, if there is fallacious message in the data that the terminal device is uploaded, if or the identification information of the terminal device according to described information control strategy, limit the data traffic of the terminal device when being recorded.
In the present embodiment, when there is fallacious message in the data that terminal device is uploaded, the identification information of terminal device has been recorded, when the two conditions meet wherein any one, traffic monitoring equipment can be with Information governance policies are obtained, and according to information governance policies, the data traffic of limiting terminal equipment.
304, if there is fallacious message in the data that the terminal device is uploaded, if or the identification information of the terminal device send prompt message to the terminal device when being recorded.
Wherein, prompt message represents there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
In the present embodiment, when terminal device upload data in there is fallacious message, the identification information of terminal device has been recorded, the two conditions meet wherein any one when, traffic monitoring equipment can to terminal device send prompt message.For example:The IMSI of terminal device 1 has been recorded in the blacklist of traffic monitoring equipment, then traffic monitoring equipment can automatically generate a character message by conventional technological means, such as:" there is potential safety hazard in your equipment ", and the character message is delivered into terminal device 1.Again for example:Include the address information of malicious web pages in the uplink message of terminal device 1, then traffic monitoring equipment can automatically generate one by conventional technological means is used for the webpage of display reminding word, such as:" you have potential safety hazard by the webpage to be accessed " is shown on webpage, and by the Web page push of generation to terminal device 1.So that terminal device is after it have received prompt message, the security procedures such as the antivirus software installed in terminal device are started by user, or by terminal device according to security procedures such as the antivirus softwares installed in prompt message automatic start terminal device.
Further, as shown in figure 3, also including:
305, it is determined that currently carrying out other terminal devices of data interaction with the terminal device.In the present embodiment, traffic monitoring equipment can determine currently to carry out other terminal devices of data interaction with uploading the terminal device of fallacious message, for example:As it is well known to the skilled in the art, smart mobile phone 1 to smart mobile phone 2 to send multimedia message, the traffic signaling such as short message, then traffic signaling can be transmitted first to BTS by smart mobile phone 1, and purpose terminal can be included in traffic signaling(That is smart mobile phone 2) MSISDN, core net again sends the short message to smart mobile phone 2.When short message in the core network when, traffic monitoring equipment obtains the MSISDN of the smart mobile phone 2 in the short message, it is possible to send prompt message to smart mobile phone 2 by conventional technological means.
306, send the prompt message to other terminal devices.
In the present embodiment, traffic monitoring equipment sends to the terminal device with uploading fallacious message The prompt message of other terminal devices of row data interaction can have a variety of, for example:Traffic monitoring equipment can automatically generate a character message by conventional technological means, such as:" there is potential safety hazard in the source of the short message ", and the character message is delivered into terminal device 2.Again for example:Traffic monitoring equipment can automatically generate one by conventional technological means is used for the webpage of display reminding word, such as:Display " there is potential safety hazard in the terminal communicated with you " on webpage, and by the Web page push of generation to terminal device 2.
It should be noted that in the present embodiment, 305-306 can simultaneously be performed with 304, it can also perform, be not limited thereto according to certain sequencing.
In the case of dynamic, plurality of application scenes is obtained, for example:
Shown in Fig. 3 a is that under the scene of such as GSM 2G networks or such as UMTS 3G network, the traffic signaling for carrying fallacious message is sent to the flow for monitoring network during other-end equipment by a terminal device, wherein:
1st, UE1 carries fallacious message to the UE2 multimedia messages sent, then traffic monitoring equipment can obtain the mirror image of a multimedia message from core net.
2nd, traffic monitoring equipment detects that multimedia message is carried after fallacious message in mirror image, and traffic monitoring equipment can directly block to performing UE1 progress flows according to information governance policies, send the flows such as prompt message.
3rd, it is arranged side by side with 2, traffic monitoring equipment can also perform QoS controls to UE1 by BSC, i.e. controller can obtain information governance policies from traffic monitoring equipment, and root is it is believed that control strategy performs the flows such as QoS controls, limitation access PS services to UE1.
4th, when UE2 downloads when carrying the multimedia message of fallacious message of UE1 transmissions, traffic monitoring equipment can perform the flow that prompt message is sent to UE2.
It should be noted that in this scene, the data flow such as control/service flow, Business Stream, interactive information stream between each equipment can realize that therefore not to repeat here by means well-known to those skilled in the art on the physical link of core net. Again for example:
Shown in Fig. 3 b is the flow for monitoring network when a terminal browses malicious web pages, wherein:Traffic monitoring equipment can obtain the mirror image for the HTTP Request flows that portion UE is sent from Gn nodes;
If the URL in the HTTP Request flows that UE is sent belongs to the address information of malicious web pages, traffic monitoring equipment can be according to information governance policies to UE transmission prompt messages, to notify that the webpage that UE is currently being browsed is malicious web pages.
The method for the monitoring network that the present embodiment is provided, can to upload fallacious message terminal device, corresponding information governance policies are taken, and the data traffic of the terminal device is limited according to information governance policies, so as to reduce the speed that the terminal device transmits fallacious message into network.Relative to prior art, the present invention can send the flow of the terminal device of fallacious message by limitation, to reduce the speed that fallacious message is propagated in a network, so that the load of network side is reduced, the problem of operational efficiency that Slow subtracts communication network is reduced.In embodiments of the present invention, a kind of device for monitoring network is additionally provided, as shown in fig. 4 a, including:
Detection module 41, fallacious message is whether there is for detecting in the data that terminal device is uploaded.Control strategy acquisition module 42, if there is fallacious message in the data uploaded for the terminal device, obtains default information governance policies
Wherein, information governance policies are used for the mode for representing limitation data traffic.
Control module 43, for according to described information control strategy, limiting the data traffic of the terminal device.Optionally, as shown in Figure 4 b, the control module 43 includes:
Two priority classes unit 431, the priority for reducing the terminal device.
Wherein, priority includes:The service bearer priority of the current business of terminal device, or terminal equipment access network priority. Optional side by side, as illustrated in fig. 4 c, the control module 43 includes:
Transmission rate control unit 432, the message transmission rate for reducing the terminal device.Optional side by side, as shown in figure 4d, the control module 43 includes:
Screen unit 433, for shielding the data that the received terminal device is sent, or cuts off the network connection of the terminal device.Further, as shown in fig 4e, in the device of monitoring network provided in an embodiment of the present invention, it can also include:
Identification module 44, the identification information for obtaining the terminal device.
Wherein, identification information includes:MAC Address, IP address, international mobile subscriber identity IMSI or the mobile station ISDN number MSISDN of terminal device.
Enquiry module 45, for detecting whether the identification information of the terminal device has been recorded, if the identification information of the terminal device has been recorded, described information control strategy is obtained, and according to described information control strategy, limit the data traffic of the terminal device.
Sending module 46, if there is fallacious message in the data uploaded for the terminal device, if or the identification information of the terminal device send prompt message to the terminal device when being recorded.
Wherein, prompt message represents there is fallacious message in the data that terminal device is uploaded, or the identification information of terminal device has been recorded.
Optionally, the sending module 46, is additionally operable to send the prompt message to other terminal devices.
Tracing module 47, for determining other terminal devices currently with terminal device progress data interaction.
The device for the monitoring network that the present embodiment is provided, can to upload fallacious message terminal device, corresponding information governance policies are taken, and the data traffic of the terminal device is limited according to information governance policies, so as to reduce the speed that the terminal device transmits fallacious message into network.Relative to prior art, The present invention can send the flow of the terminal device of fallacious message by limitation, to reduce the speed that fallacious message is propagated in a network, so that the load of network side is reduced, the problem of operational efficiency that Slow subtracts communication network is reduced.
In embodiments of the present invention, a kind of network equipment for monitoring network is provided again, as shown in figure 5, including:Processor 51, communication interface 52, memory 53, bus 54, the processor 51, the communication interface 52 and the memory 53, by the bus 54 complete mutual communication, wherein:The processor 51, fallacious message is whether there is for obtaining the data that terminal device is uploaded by the communication interface 52, and detecting in the data that the terminal device is uploaded.
The processor 51, if there is fallacious message in being additionally operable to the data that the terminal device is uploaded, then default information governance policies are obtained from the memory 53, described information control strategy is used for the mode for representing limitation data traffic, and according to described information control strategy, the data traffic of the terminal device is limited by the communication interface 52.
The memory 53, for storing the default information governance policies.
The communication interface 52, for the data transfer that uploads the terminal device to the processor 51, and transmits the information for being used to limit the data traffic of the terminal device that the processor 51 is sent.
Optionally, the processor 51, is additionally operable to reduce the priority of the terminal device by the communication interface 52, the priority includes:The service bearer priority of the current business of the terminal device, or the terminal equipment access network priority.
Optional side by side, the processor 51 is additionally operable to reduce the message transmission rate of the terminal device by the communication interface 52.
Optional side by side, the processor 51 is additionally operable to shield the data that the received terminal device is sent by the communication interface 52, or cut off the network connection of the terminal device.
Further alternative, the processor 51 is additionally operable to obtain the identification information of the terminal device by the communication interface 52, and the identification information includes:MAC Address, the IP of the terminal device Address, international mobile subscriber identity IMSI or mobile station ISDN number MSISDN.And detect whether the identification information of the terminal device has been recorded in the memory 53, if the identification information of the terminal device has been recorded in the memory 53, described information control strategy is then obtained from the memory 53, and according to described information control strategy, the data traffic of the terminal device is limited by the communication interface 52.
Wherein, the memory 53, is additionally operable to store the identification information of the terminal device.
It is further optional, the processor 51, if there is fallacious message in being additionally operable to the data that the terminal device is uploaded, if or the identification information of the terminal device is when being recorded, prompt message is then sent to the terminal device by the communication interface 52, the prompt message represents there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
Wherein, the processor 51, is additionally operable to determine currently to carry out other terminal devices of data interaction with the terminal device, and send the prompt message to other terminal devices by the communication interface 52.
The network equipment for the monitoring network that the present embodiment is provided, can to upload fallacious message terminal device, corresponding information governance policies are taken, and the data traffic of the terminal device is limited according to information governance policies, so as to reduce the speed that the terminal device transmits fallacious message into network.Relative to prior art, the present invention can send the flow of the terminal device of fallacious message by limitation, to reduce the speed that fallacious message is propagated in a network, so that the load of network side is reduced, the problem of operational efficiency that Slow subtracts communication network is reduced.Each embodiment in this specification is described by the way of progressive, and identical similar part is mutually referring to what each embodiment was stressed is the difference with other embodiment between each embodiment.For apparatus embodiments, because it is substantially similar to embodiment of the method, so describing that cylinder list must be compared, the relevent part can refer to the partial explaination of embodiments of method.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can be realized with hardware, or firmware is realized, or combinations thereof mode is realized.When implemented in software, above-mentioned functions can be stored in computer-readable medium or as computer-readable One or more instructions or code on medium are transmitted.Computer-readable medium includes computer-readable storage medium and communication media, and wherein communication media includes being easy to any medium that computer program is transmitted from a place to another place.Storage medium can be any usable medium that computer can be accessed.As example but it is not limited to:Computer-readable medium can include RAM, ROM, EEPROM, CD-ROM or other optical disc storages, magnetic disk storage medium or other magnetic storage apparatus or can be used in carrying or store with instruct or data structure form desired program code and can by computer access any other medium.In addition.Any connection can be suitably turn into computer-readable medium.For example, if software is to be transmitted using coaxial cable, optical fiber cable, twisted-pair feeder, Digital Subscriber Line (DSL) or such as wireless technology of infrared ray, radio and microwave etc from website, server or other remote sources, then the wireless technology of coaxial cable, optical fiber cable, twisted-pair feeder, DSL or such as infrared ray, wireless and microwave etc be included in belonging to medium it is fixing in.As used in the present invention, disk() and dish Disk(Disc compression laser disc) is included(CD), laser disc, laser disc, Digital Versatile Disc(DVD), floppy disk and Blu-ray Disc, the replicate data of the usual magnetic of which disk, and dish is then with laser come optical replicate data.Above combination above should also be as being included within the protection domain of computer-readable medium.
In a word, the preferred embodiment of technical solution of the present invention is the foregoing is only, is not intended to limit the scope of the present invention.Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in the scope of the protection.

Claims (1)

  1. Claims
    1st, a kind of method for monitoring network, it is characterised in that including:
    Detect and whether there is fallacious message in the data that terminal device is uploaded;
    If there is fallacious message in the data that the terminal device is uploaded, default information governance policies are obtained, described information control strategy is used for the mode for representing limitation data traffic;
    According to described information control strategy, the data traffic of the terminal device is limited.
    2nd, the method for monitoring network according to claim 1, it is characterised in that the data traffic of the limitation terminal device includes:
    The priority of the terminal device is reduced, the priority includes:The service bearer priority of the current business of the terminal device, or the terminal equipment access network priority.
    3rd, the method for monitoring network according to claim 1, it is characterised in that the data traffic of the limitation terminal device includes:
    Reduce the message transmission rate of the terminal device.
    4th, the method for monitoring network according to claim 1, it is characterised in that the data traffic of the limitation terminal device includes:
    The data that the received terminal device of shielding is sent, or cut off the network connection of the terminal device.
    5th, the method for monitoring network according to claim 1, it is characterised in that also include:The identification information of the terminal device is obtained, the identification information includes:The terminal device MAC Address, IP address, international mobile subscriber identity IMSI or mobile station ISDN number MSISDN;Detect whether the identification information of the terminal device has been recorded, if the identification information of the terminal device has been recorded, obtain described information control strategy, and according to described information control strategy, limit the data traffic of the terminal device.
    6th, the method for monitoring network according to claim 1 or 5, it is characterised in that also include:If there is fallacious message in the data that the terminal device is uploaded, if or the identification information of the terminal device is when being recorded, prompt message is sent to the terminal device, the prompt message represents there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
    7th, the method for monitoring network according to claim 6, it is characterised in that also include:It is determined that currently carrying out other terminal devices of data interaction with the terminal device;
    The prompt message is sent to other terminal devices.
    8th, a kind of device for monitoring network, it is characterised in that including:
    Detection module, fallacious message is whether there is for detecting in the data that terminal device is uploaded;Control strategy acquisition module, if there is fallacious message in the data uploaded for the terminal device, obtains default information governance policies, described information control strategy is used for the mode for representing limitation data traffic;
    Control module, for according to described information control strategy, limiting the data traffic of the terminal device. 9th, the device of monitoring network according to claim 8, it is characterised in that the control module includes:
    Two priority classes unit, the priority for reducing the terminal device, the priority includes:The service bearer priority of the current business of the terminal device, or the terminal equipment access network priority.
    10th, the device of monitoring network according to claim 8, it is characterised in that the control module includes:
    Transmission rate control unit, the message transmission rate for reducing the terminal device.
    11st, the device of monitoring network according to claim 8, it is characterised in that the control module includes:
    Screen unit, for shielding the data that the received terminal device is sent, or cuts off the network connection of the terminal device.
    12nd, the device of monitoring network according to claim 8, it is characterised in that also include:Identification module, the identification information for obtaining the terminal device, the identification information includes:MAC Address, IP address, international mobile subscriber identity IMSI or the mobile station ISDN number MSISDN of the terminal device;
    Enquiry module, for detecting whether the identification information of the terminal device has been recorded, if the identification information of the terminal device has been recorded, described information control strategy is obtained, and according to described information control strategy, limit the data traffic of the terminal device. 13rd, the device of the monitoring network according to claim 8 or 12, it is characterised in that also include:Sending module, if there is fallacious message in the data uploaded for the terminal device, if or the identification information of the terminal device is when being recorded, prompt message is sent to the terminal device, the prompt message represents there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
    14th, the device of monitoring network according to claim 13, it is characterised in that also include:Tracing module, for determining other terminal devices currently with terminal device progress data interaction;
    The sending module, is additionally operable to send the prompt message to other terminal devices.
    15th, a kind of network equipment for monitoring network, it is characterised in that including:Processor, communication interface, memory, bus, the processor, the communication interface and the memory, by the bus complete mutual communication, wherein:
    The processor, fallacious message is whether there is for obtaining the data that terminal device is uploaded by the communication interface, and detecting in the data that the terminal device is uploaded;
    The processor, if there is fallacious message in being additionally operable to the data that the terminal device is uploaded, default information governance policies are then obtained from the memory, described information control strategy is used for the mode for representing limitation data traffic, and according to described information control strategy, the data traffic of the terminal device is limited by the communication interface; The memory, for storing the default information governance policies;
    The communication interface, for the data transfer that uploads the terminal device to the processor, and transmits the information for being used to limit the data traffic of the terminal device that the processor is sent.
    16th, the network equipment of monitoring network according to claim 15, it is characterised in that the processor, is additionally operable to reduce the priority of the terminal device by the communication interface, the priority includes:The service bearer priority of the current business of the terminal device, or the terminal equipment access network priority.
    17th, the network equipment of monitoring network according to claim 15, it is characterised in that the processor, is additionally operable to reduce the message transmission rate of the terminal device by the communication interface.
    18th, the network equipment of monitoring network according to claim 15, it is characterized in that, the processor, is additionally operable to shield the data that the received terminal device is sent by the communication interface, or cut off the network connection of the terminal device.
    19th, the network equipment of monitoring network according to claim 15, it is characterised in that also include:
    The processor, is additionally operable to obtain the identification information of the terminal device by the communication interface, and the identification information includes:MAC Address, IP address, international mobile subscriber identity IMSI or the mobile station ISDN number MSISDN of the terminal device;And detect whether the identification information of the terminal device has been recorded in the memory, if the identification information of the terminal device has been recorded in the memory, described information control strategy is then obtained from the memory, and according to the letter Control strategy is ceased, the data traffic of the terminal device is limited by the communication interface;The memory, is additionally operable to store the identification information of the terminal device.
    20th, the network equipment of the monitoring network according to claim 15 or 19, it is characterised in that also include:
    The processor, if there is fallacious message in being additionally operable to the data that the terminal device is uploaded, if or the identification information of the terminal device is when being recorded, prompt message is then sent to the terminal device by the communication interface, the prompt message represents there is fallacious message in the data that the terminal device is uploaded, or the identification information of the terminal device has been recorded.
    21st, the network equipment of monitoring network according to claim 20, it is characterized in that, the processor, it is additionally operable to determine currently to carry out other terminal devices of data interaction with the terminal device, and the prompt message is sent to other terminal devices by the communication interface.
CN201280003110.2A 2012-12-19 2012-12-19 Monitor the method, apparatus and the network equipment of network Active CN104137503B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/086947 WO2014094254A1 (en) 2012-12-19 2012-12-19 Method, apparatus and network device for monitoring network

Publications (2)

Publication Number Publication Date
CN104137503A true CN104137503A (en) 2014-11-05
CN104137503B CN104137503B (en) 2019-01-18

Family

ID=50977548

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280003110.2A Active CN104137503B (en) 2012-12-19 2012-12-19 Monitor the method, apparatus and the network equipment of network

Country Status (2)

Country Link
CN (1) CN104137503B (en)
WO (1) WO2014094254A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112947246A (en) * 2021-03-19 2021-06-11 南京仁谷系统集成有限公司 Control method of network monitoring management equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1716868A (en) * 2004-06-29 2006-01-04 华为技术有限公司 Method for combatting rejection service attack
US20060288417A1 (en) * 2005-06-21 2006-12-21 Sbc Knowledge Ventures Lp Method and apparatus for mitigating the effects of malicious software in a communication network
CN101018156A (en) * 2007-02-16 2007-08-15 华为技术有限公司 Method, device and system for preventing the broadband rejection service attack
CN101022459A (en) * 2007-03-05 2007-08-22 华为技术有限公司 System and method for preventing virus invading network
CN102577240A (en) * 2009-10-28 2012-07-11 惠普发展公司,有限责任合伙企业 Method and apparatus for virus throttling with rate limiting
CN102821002A (en) * 2011-06-09 2012-12-12 中国移动通信集团河南有限公司信阳分公司 Method and system for network flow anomaly detection

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155034A (en) * 2006-09-30 2008-04-02 中兴通讯股份有限公司 Method for preventing specific package attack on network appliance
CN102263788B (en) * 2011-07-14 2014-06-04 百度在线网络技术(北京)有限公司 Method and equipment for defending against denial of service (DDoS) attack to multi-service system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1716868A (en) * 2004-06-29 2006-01-04 华为技术有限公司 Method for combatting rejection service attack
US20060288417A1 (en) * 2005-06-21 2006-12-21 Sbc Knowledge Ventures Lp Method and apparatus for mitigating the effects of malicious software in a communication network
CN101018156A (en) * 2007-02-16 2007-08-15 华为技术有限公司 Method, device and system for preventing the broadband rejection service attack
CN101022459A (en) * 2007-03-05 2007-08-22 华为技术有限公司 System and method for preventing virus invading network
CN102577240A (en) * 2009-10-28 2012-07-11 惠普发展公司,有限责任合伙企业 Method and apparatus for virus throttling with rate limiting
CN102821002A (en) * 2011-06-09 2012-12-12 中国移动通信集团河南有限公司信阳分公司 Method and system for network flow anomaly detection

Also Published As

Publication number Publication date
WO2014094254A1 (en) 2014-06-26
CN104137503B (en) 2019-01-18

Similar Documents

Publication Publication Date Title
US9288828B2 (en) Method, apparatus and system for accessing service by mobile station
WO2019080799A1 (en) Traffic processing method, user plane apparatus, and terminal device
CN102177697B (en) Method for controlling internet services, and relevant device and system
CN110536375A (en) Method for network access, device, the network equipment and computer readable storage medium
US10165618B2 (en) Service processing method and device
KR101903533B1 (en) Service quality index calculation method and calculation apparatus, and communications system
CN109120524B (en) Link aggregation method and related equipment
CN109196889B (en) User information acquisition method, identification corresponding relation storage method, device and equipment
EP2978277B1 (en) Data transmission methods and gateways
EP3866506A1 (en) Method and device for controlling terminal and network connection
CN107666694A (en) The method and its relevant device switched between distributed AP
CN104509060A (en) Method and device for transmitting streaming media data
KR101541348B1 (en) METHOD AND APPARATUS FOR MANAGING SESSION BASED GPRS Tunneling Protocol NETWORK
US20190253880A1 (en) Interception method and apparatus based on local breakout
US10129079B2 (en) Telecommunications system and method
CN102571581B (en) The method of heavy-route, system and base station controller, equipment of the core network in MOCN network
CN102655474B (en) Method, device and system for identifying equipment-crossing traffic types
EP2818021B1 (en) Systems and methods for priority based session and mobility management of dual-priority mtc devices
CN105393503A (en) Message processing method and device
CN104137503B (en) Monitor the method, apparatus and the network equipment of network
JP2015526937A (en) Data packet processing method, system, and device
US20160295456A1 (en) Data compression in wireless communications network
EP2887727B1 (en) Method and device for congestion control
CN101771726A (en) System and method for providing Internet browsing control service for mobile telephone subscriber
CN105122926A (en) Circuit switched fall back user device identification method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant