CN105187446A - System and method for home gateway to detect and shield user Internet surfing services - Google Patents
System and method for home gateway to detect and shield user Internet surfing services Download PDFInfo
- Publication number
- CN105187446A CN105187446A CN201510633338.5A CN201510633338A CN105187446A CN 105187446 A CN105187446 A CN 105187446A CN 201510633338 A CN201510633338 A CN 201510633338A CN 105187446 A CN105187446 A CN 105187446A
- Authority
- CN
- China
- Prior art keywords
- business
- home gateway
- networking
- file
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Abstract
The invention discloses a system and a method for a home gateway to detect and shield user Internet surfing services. The method comprises the following steps that: the home gateway obtains a characteristic value file and a black list file from a management platform; the home gateway detects related services from data packets of the user Internet surfing services through the obtained characteristic value file, generates a corresponding Internet surfing service record file and transmits the generated file back to the management platform for storage; meanwhile, the home gateway shields specific devices from accessing specific Internet surfing services according to the black list file; and users inquire the Internet surfing service record of the device connected with the home gateway, through the management platform. According to the invention, the home gateway detects types of the user Internet surfing services through the characteristic values of the to-be-detected Internet surfing services and the black list file obtained from the management platform, and shields the specific Internet surfing services accessed by the specific devices, thus, the problem that the home gateway have to upgrade image files thereof due to change of the to-be-detected characteristic values is avoided.
Description
Technical field
The present invention relates to home gateway, be specifically related to the system and method that a kind of home gateway detects and shields user's business of networking.
Background technology
Along with the development of broadband technology and the popularization and application of intelligent terminal, in one family except computer, also there is plurality of devices needs accessing Internet, as the portable equipment such as smart mobile phone, PAD.The major way addressed this is that is kind home gateway access various kinds of equipment and forwards multiple business, to realize internet, applications.
Dragons and fishes jumbled together for internet content, in order to realize distinct device safety, healthily applying Internet (green internet) in family, very urgent to the demand detecting and shield user's business of networking, such as:
(1) consider the protection to family's underage users, the head of a family wishes to know for which equipment, have accessed which business, and shields some business of some device access;
(2) operator considers the angle that public safety is protected for mechanism of linked groups, the demand understood user's business of networking under also there is specific occasion.
In view of the above circumstances, the home gateway as home network networking nucleus equipment needs to possess the function detecting and shield user's business of networking.At present, the function of home gateway detection and shielding user business of networking is mainly completed by home gateway deep packet inspection technical.But the realization of this detection mode is gone in the image file being cured to home gateway, if having new business to occur or existing characteristic value vicissitudinous, then need to utilize new image file upgraded home gateway again.Utilize image file upgraded home gateway to be not that any ordinary person can complete, be difficult to by this way make vast domestic consumer flexible Application.
In view of the above circumstances, the mode detecting and shield user's business of networking to existing home gateway is needed to improve, to facilitate domestic consumer's flexible Application.
Summary of the invention
Technical problem to be solved by this invention is that existing home gateway detects and the mode of shielding user business of networking is improved, to facilitate the problem of domestic consumer's flexible Application.
In order to solve the problems of the technologies described above, the technical solution adopted in the present invention is to provide a kind of method that home gateway detects and shields user's business of networking, comprises the following steps:
Home gateway obtains characteristic value file and blacklist file from management platform, described characteristic value file is used for detecting related service and captures related keyword field, and described blacklist file accesses specific business of networking for the particular device shielding access home gateway;
The characteristic value file that home gateway utilizes it to obtain, detects related service from the packet of user's business of networking, and the internet records file generating correspondence returns to management platform preservation; Meanwhile, utilize blacklist file to access or shield the specific business of networking of particular device access;
User utilizes management platform to inquire about the business of networking record of the equipment that home gateway accesses.
In the above-mentioned methods, include the characteristic information of business of networking in described characteristic value file, home gateway detects related service according to the characteristic information of described business of networking and captures related keyword field.
In the above-mentioned methods, described characteristic value file is used for defining the rule detecting user's business of networking, comprises type, action, agreement, port, number Sum fanction 6 fields, wherein:
Type is the numbering of detected business, and often kind of business is all provided with the type field corresponding with the type in characteristic value file and numbers;
Action is the mode that this business of detection is taked, and comprises coupling and captures;
Agreement is the IP protocol type of detected business;
Port is the transport layer order ground port numbers of detected business;
Number be the number of rule that needs of detection business coupling action, or the number of rule that grasping movement needs;
Rule refers to the foundation of coupling and grasping movement.
In the above-mentioned methods, the rule of mating action corresponding comprises following field successively: skew, characteristic length and characteristic, and the deviation post of specifying referring to transport layer load will have the characteristic of characteristic length;
Rule corresponding to grasping movement comprises following field successively: skew, header length and header data, tail length and tail data, refer to transport layer load from deviation post, there is the header data of corresponding header length and the tail data of tail length, then also capture data wherein.
In the above-mentioned methods, utilize blacklist file screen particular device to access in specific business of networking, described particular device is identified by its source MAC, and concrete grammar is as follows:
For the business of coupling action, follow-up field is some sources MAC fields, represents for certain class business, as long as source MAC meets arbitrary source MAC field, then shields;
For the business of grasping movement, follow-up field is an additional some keyword field of source MAC field, represents for certain class business, if from particular source MAC, and capture value in the arbitrary keyword field of data fit, then shield.
In the above-mentioned methods, certain equipment of described business record document addresses access home gateway in last time of the relevant business of networking of section access sometime, access frequency, continue the data that duration and the related service that comprises rules for grasping capture; Each record is by type, source MAC and capture data tlv triple mark, wherein:
Type field is consistent with the type in routine characteristic value file;
Source MAC field is the equipment MAC of access home gateway;
Nearest access field is the time of the last business of networking;
Hit-count field is the number of times that this business of networking is detected by home gateway service detection module;
Duration field is the duration of this business of networking;
Capturing data field is the data that grasping movement obtains, and is empty for this field value of coupling action.
In the above-mentioned methods, the characteristic value file that home gateway utilizes it to obtain, detects that the method for related service is as follows from the packet of user's business of networking:
First Netlink communication interface is created, registering communication Hook Function;
Then hang up data packet analysis Hook Function at the NF_BR_PRE_ROUTING node of linux kernel Netfliter framework, when each terminal data bag under home gateway is forwarded by home gateway, the very first time is analyzed by priority treatment, wherein:
Communication Hook Function is used for accepting user's space platform interactive module characteristic value setup message, blacklist setup message, generates corresponding matched rule chained list and blacklist chained list;
Data packet analysis Hook Function is analyzed each two layer message entering home gateway, if message characteristic mates with certain the node diagnostic value in matched rule chained list, then refers to and relevant business of networking detected;
If mate with certain node rule in blacklist chained list from the business of certain source MAC, then by this packet loss, do not forward; In other situations, then forward, and notify the business information that detects to the platform interactive module of user's space.
Present invention also offers the system that a kind of home gateway detects and shields user's business of networking, comprise home gateway, also comprise management platform,
Described home gateway is provided with business detection module and platform interactive module, and described management platform is provided with gateway interactive module, customer data base and user's man-machine interface;
Business detection module obtains characteristic value file and blacklist file from management platform, and according in characteristic value file to different business setting rule, related service is detected from the packet of user's business of networking, the relevant field captured in packet passes platform interactive module back, user's business of networking record write business record file that business detection module returns by platform interactive module, and pass to the gateway interactive module of management platform, gateway interactive module is carried out renewal to the related content in customer data base again and is preserved; Business detection module is according to the specific business of networking of the specific device access of blacklist file screen;
User utilizes user's man-machine interface to inquire about the business of networking record of home gateway institute access device.
The present invention, home gateway utilizes the characteristic value and the blacklist file that obtain business of networking to be detected from management platform, detect user's business of networking type, and shield the specific business of networking of specific device access, when the characteristic value of business of networking to be detected changes, only need to change the characteristic value file in management platform, so home gateway will obtain characteristic value and the blacklist file of up-to-date business of networking to be detected from management platform, without the need to the image file of upgraded home gateway because of characteristic value change to be detected, domestic consumer also will to operate easily.
Accompanying drawing explanation
Fig. 1 is the schematic diagram that in the present invention, home gateway detected and shielded the system of user's business of networking;
Fig. 2 is the characteristic value File structural representation in the present invention;
Fig. 3 is the blacklist file structure schematic diagram in the present invention;
Fig. 4 is the business record file structure schematic diagram in the present invention;
Fig. 5 is matched rule list structure schematic diagram in the present invention;
Fig. 6 is that in the present invention, business detection module generates matched rule chained list and blacklist chained list flow chart;
Fig. 7 is business detection module data packet analysis flow chart in the present invention;
Fig. 8 is business detection module blacklist decision flow chart in the present invention;
Fig. 9 is platform interactive module business record list structure schematic diagram in the present invention;
Figure 10 is platform interactive module workflow diagram in the present invention.
Embodiment
The invention provides the system and method that a kind of home gateway detects and shields user's business of networking, home gateway utilizes characteristic value file and the blacklist file of the business of networking to be detected got from management platform, detect user's business of networking type, and shield the specific business of networking of particular device access, avoid the characteristic value change of business of networking to be detected and cause home gateway to have to upgrade the problem of its image file, making domestic consumer also can flexible Application.Below in conjunction with specification drawings and specific embodiments, the present invention is described in detail.
As shown in Figure 1, the system of home gateway detection provided by the invention and shielding user business of networking comprises home gateway 10 and management platform 20.
Management platform 20 is provided with gateway interactive module 21, customer data base 22 and user's man-machine interface 23, wherein:
The user's business of networking record collected in characteristic value file, blacklist file and every platform home gateway certain hour can be kept on customer data base.
Characteristic value file comprises the characteristic information of different business of networking, for detecting related service and capturing related keyword field.
Blacklist file accesses specific business of networking for the particular device shielding access home gateway.
User can inquire the business of networking record of home gateway institute load bearing equipment in a period of time by Man Machine Interface.
Home gateway 10 is provided with business detection module 11 and platform interactive module 12, home gateway obtains characteristic value file and blacklist file from management platform, and according in characteristic value file to different business setting rule, from the packet of user's business of networking, detect related service, the relevant field captured in packet passes platform interactive module back.User's business of networking record write business record file that business detection module returns by platform interactive module, and pass to the gateway interactive module of management platform, gateway interactive module is carried out renewal to the related content in customer data base again and is preserved.In addition, home gateway is according to the specific business of networking of the specific device access of blacklist file screen, if when the equipment of the business of current accessed and correspondence is positioned at blacklist, then directly abandon association message, reach the object of forbidding the relevant business of networking of relevant device access.
First check when home gateway starts at every turn whether characteristic value file in management platform and blacklist file have renewal, if there is renewal, then first home gateway downloads up-to-date characteristic value file and blacklist file from management platform after starting, and cover original characteristic value file and blacklist file, then use up-to-date characteristic value file and blacklist file to monitor; Otherwise, up-to-date characteristic value file and blacklist file need not be downloaded from management platform, continue to use original characteristic value file and blacklist file to monitor.
The record of whole access device access businesss of networking that home gateway detects deposited by business record file, and carries out real-time update (additional record) by platform interactive module to the user's business of networking record in management platform.
Characteristic value file is used for defining the rule detecting user's business of networking, and comprise type, action, agreement, port, number Sum fanction 6 fields, different business can identify according to different characteristic values, and as shown in Figure 2, characteristic value file specifically describes as follows:
" type " refers to the numbering of detected business;
" action " refers to and detects two kinds of modes taking of this business, comprises coupling and captures (the present embodiment represents coupling with 0,1 represent capture), mates to refer to detect in packet load and comprise associated eigenvalue; Capture to refer to and detect in packet load and comprise paired characteristic value, and capture the data in packet between this paired characteristic value;
" agreement " refers to the IP protocol type of detected business;
" port " refers to the transport layer order ground port numbers of detected business;
" number " refer to the rule number that needs of detection business " coupling action ", or the rule number that " grasping movement " needs.For convenience of description, " number " maximum is 2 to the present embodiment.
The rule of mating action corresponding comprises following field successively: " skew ", " characteristic length " and " characteristic ", will there be " characteristic " of " characteristic length " " skew " position of specifying referring to transport layer load.
Rule corresponding to grasping movement comprises following field successively: " skew ", " header length " and " header data ", " tail length " and " tail data ", refer to transport layer load from " skew " position, exist " tail data " of " header data " and " tail length " of corresponding " header length ", then also capture data wherein.
The implication detecting a kind of message field (MFLD) rule of QQ in figure is as follows:
Characteristic value " 1,0,17,8000,2 " represents that the type of this business is 1, and action is coupling, is udp protocol, and order ground port is 8000, there are 2 matched rules.Article 1, matched rule is " 0,1,0x02 ", and represent from transport layer offset load amount 0 and mate, critical field length is 1, and content is 0x02.Article 2 matched rule is " 255,1,0x03 ", represents that length is 1, and content is 0x03 from transport layer load afterbody coupling.In the present embodiment, " skew " field unsignedchar stores, and 255 are used for referring to from afterbody coupling specially, and 0 ~ 254 refers to actual offset address.
The implication detecting the Host field in HTTPGET message in figure is as follows:
" 0,1,6,80,1 " represents that the type of this business is 0 respectively, and action captures, and is Transmission Control Protocol, and order ground port is 80, there is 1 rules for grasping.This rules for grasping " 0,8,0x0d, 0x0a, 0x48; 0x6f, 0x73,0x74,0x3a, 0x20; 2,0x0d, 0x0a " represents the location lookup from transport layer offset load amount 0, and first critical field length is 8, content is " 0x0d, 0x0a, 0x48,0x6f; 0x73,0x74,0x3a, 0x20 ", second critical field length is 2, and content is " 0x0d, 0x0a ", and captures the related data in this paired keyword.
Above only describes two characteristic values detecting QQUDP message, and detect HTTPGET message and capture Host field, concrete implement in can just different business and capture the corresponding characteristic value of field set as required.
As shown in Figure 3, the particular device that blacklist file is used for shielding access home gateway accesses specific business of networking, and particular device is identified by its source MAC.
For the business of coupling action, follow-up field is some sources MAC fields, as long as show to meet arbitrary source MAC field to certain class business source MAC, then shields.
For the business of grasping movement, follow-up field is one " source MAC field " additional some " keyword (KeyString) field ", show certain class business, if from particular source MAC and capture value in the arbitrary KeyString field of data fit, then shield.
As shown in Figure 4, certain equipment of business record document addresses access home gateway in last time of the relevant business of networking of the access of section sometime, access frequency, continue the data that duration and the related service that comprises rules for grasping capture.
Each record is by " type ", " source MAC ", " crawl data " tlv triple mark;
" type " in characteristic value file shown in " type " field with Fig. 2 is consistent;
" source MAC " field shows the equipment MAC accessing home gateway;
" access " time that field shows the last business of networking recently;
" hit-count " field shows the number of times that this business of networking is detected by home gateway service detection module, can reflect the access frequency of user;
" duration " field shows the duration of this business of networking, and the embodiment of the present invention, with minute to represent, if business detection module detected same " type " the multiple message from " source MAC " in one minute, only continues process in 1 minute by business.
" crawl data " field shows the data that grasping movement obtains, and for coupling action, this field value is empty.
As shown in Figure 5, business detection module carries out check processing by the mode of matched rule chained list, configuration is passed to business matching module after resolving characteristic value file by platform interactive module, business matching module generates corresponding node to every rule, insert matched rule chained list, its field and characteristic value file one_to_one corresponding.
Corresponding blacklist chained list also can refer to matched rule chained list and realizes, and is not again repeating.
Business detection module operates in kernel spacing.After load operating, first create Netlink communication interface, registering communication Hook Function; Then hang up data packet analysis Hook Function at the NF_BR_PRE_ROUTING node of linux kernel Netfliter framework, when each terminal data bag under home gateway is forwarded by home gateway, the very first time is analyzed by priority treatment.
Communication Hook Function is wherein used for accepting the setting of user's space platform interactive module characteristic value, blacklist setup message, generates corresponding matched rule chained list and blacklist chained list.
Data packet analysis Hook Function is wherein analyzed each two layer message entering home gateway, if message characteristic mates with certain the node diagnostic value in matched rule chained list, then shows relevant business of networking to be detected; If mate with certain node rule in blacklist chained list from the business of certain source MAC, then by this packet loss, do not forward; In other situations, then forward, and notify the business information that detects to the platform interactive module of user's space.
As shown in Figure 6, after in the present invention, business detection module receives the Netlink message that platform interactive module transmits at every turn, this Hook Function all can be called, and idiographic flow is as follows:
S101, receive user's space message;
S102, analytic message type;
If S103 characteristic value setting message, forwards S104 to, otherwise forwards S110 to;
S104, message load to be resolved, if legal, forward S105 to, otherwise forward S117 to, terminate the analysis to message;
S105, distribution matched rule node memory, forward S106 to;
S106, by the related words segment value that parses to the node assignment in S105, forward S107 to;
S107, matched rule chained list are locked, and forward S108 to;
S108, by node city matched rule chained list, forward S109 to;
S109, matched rule chained list unlock, and forward S117 to, terminate the analysis to message;
If S110 blacklist setting message, forwards S111 to, otherwise forwards S117 to, terminate the analysis to message;
S111, message load to be resolved, if legal, forward S112 to, otherwise forward S117 to, terminate the analysis to message;
S112, distribution blacklist regular node internal memory, forward S113 to;
S113, by the related words segment value that parses to the node assignment in S112, forward S114 to;
S114, blacklist regulation linked are locked, and forward S115 to;
S115, by node city blacklist regulation linked, forward S116 to;
S116, blacklist regulation linked unlock, and forward S117 to, terminate the analysis to message;
S117, end.
As shown in Figure 7, in the present invention, the analysis process of business detection module to packet is as follows:
S201, receive network packet, forward S202 to;
S202, be resolved to the source MAC of this packet, protocol number, order ground port numbers, forwards S203 to;
S203, matched rule chained list are locked, and forward S204 to;
S204, Iterative matching regulation linked, obtain corresponding node successively, forward S205 to;
If the protocol number of S205 packet mates with current matching regular node protocol number, forward S206 to, otherwise forward S223 to;
If the order ground port numbers of S206 packet is mated with current matching regular node port numbers, forward S207 to, otherwise forward S223 to;
If the action of S207 current matching regular node is coupling, forward S208 to; Otherwise forward S215 to;
S208, Iterative matching rule, often obtains a matched rule, forwards S209 to;
If S209 can in the load of current data packet transport layer, " skew " position in current matching rule, there is " characteristic " of corresponding " characteristic length ", then show business correspondence " type " being detected.Forward S210 to, otherwise forward S223 to;
If S210 Iterative matching rule completes, then forward S211 to, otherwise forward S208 to;
S211, matched rule chained list unlock, and forward S212 to;
S212, judge whether to exist in blacklist regulation linked (Fig. 8 can introduce in detail) from these type of " type " data of this " source MAC ", forward S213 to if exist, otherwise forward S214 to;
S213, packet discard, forward S225 to;
S214, by current matched rule " type ", packet " source MAC " beams back the platform interactive module of user's space; Forward S225 to;
If the action of S215 current matching regular node captures, forward S216 to; Otherwise forward S223 to;
S216, iteration rules for grasping, often obtain a rules for grasping, forward S217 process to;
If S217 can in the load of current data packet transport layer, search from " skew " position in current rules for grasping, exist " tail data " of " header data " and " tail length " of corresponding " header length ", then show business correspondence " crawl " being detected, and capture data wherein.Forward S218 to, otherwise forward S223 to;
If S218 iteration rules for grasping completes, then forward S219 to, otherwise forward S216 to;
S219, matched rule chained list unlock, and forward S220 to;
S220, judge whether to exist in blacklist regulation linked (Fig. 8 can introduce in detail) from these type of " type " data of this " source MAC ", forward S221 to if exist, otherwise forward S222 to;
S221, packet discard, forward S225 to;
S222, by current matched rule " type ", packet " source MAC " and the data grabbed beam back the platform interactive module of user's space; Forward S225 to;
If S223 matched rule chained list iteration completes, forward S224 to, otherwise forward S204 to;
S224, matched rule chained list unlock;
S225, end.
As shown in Figure 8, in the present invention, business detection module is as follows according to the flow process of the specific business of networking of the specific device access of blacklist file screen:
S301, blacklist regulation linked are locked, and forward S302 to;
S302, iteration blacklist regulation linked, obtain corresponding node successively;
If the type of S303 blacklist node is consistent with current matching regulation linked node type, forwards S304 to, otherwise forward S311 to;
If S304 current matching regulation linked node action, for capturing, forwards S305 to, otherwise forwards S309 to;
S305, judge that whether current data packet source MAC is consistent with blacklist node source MAC; Judge that whether the data that current data packet captures are consistent with a certain KeyString field of blacklist node; Forward S306 to;
If S306 comparing result is very, then thinks that blacklist is hit, and forwards S307 to, otherwise forward S311 to;
S307, blacklist regulation linked unlock, and forward S308 to;
S308, function return very, show that blacklist is hit;
Whether S309, correction data bag source MAC be consistent with blacklist node source MAC list field;
If S310 comparing result is true, forward S307 to; Otherwise forward S311 to;
If S311 blacklist regulation linked iteration completes, forward S312 to, otherwise forward S302 to;
S312, blacklist regulation linked unlock;
S313, function return vacation, show that blacklist is miss.
As shown in Figure 9, in the present invention, platform interactive module has three fields " type ", " source MAC ", " crawl data " (note: type of action is that the business of coupling captures data for empty) to the detection user business of networking information that platform interactive module returns, and these information temporary storages go by platform interactive module in business record chained list." type " wherein, " source MAC ", " crawl data " " hit-count " " recently access " " duration " describe consistent with Fig. 4." last time clocks the time " is wherein used to the intermediate variable of computing service access duration.
As shown in Figure 10, in the present invention, platform interactive module workflow is as follows:
S401, initialization Netlink socket, set up communication interface with kernel, forward S402 to;
S402, Access Management Access platform, obtain characteristic value file and blacklist file, forward S403 to;
S403, resolve characteristic value file and to business detection module setting characteristic value; Forward S404 to;
S404, resolve blacklist file and to business detection module setting blacklist; Forward S405 to;
S405, monitoring Netlink socket, forward S406 to after receiving the message of business detection module;
S406, from message, parse " type " " source MAC " " crawl data ", forward S407 to;
S407, business record chained list are locked; Forward S408 to;
If S408 current business record chained list is empty, forwards S409 to, otherwise forward S410 to;
S409, generation record node: " type ", " source MAC ", the data that " crawl data " parse for S406; " hit-count ", " duration " are initialized as 1; " recently access ", " timing time last time ", be initialized as current time and add chained list; Overall situation chained list node number is+1; Forward S413 to;
S410, search in business record chained list whether there is identical node---namely tlv triple " type ", " source MAC ", " crawl data " are completely the same; If forward S412 to, otherwise forward S411 to;
S411, generation record node: " type ", " source MAC ", the data that " crawl data " parse for S406; " hit-count ", " duration " are initialized as 1; " recently access ", " timing time last time ", be initialized as current time and add chained list; Overall situation chained list node number is+1, forwards S413 to;
S412, revise this Node field already present: " hit-count "+1; " access recently " and be set as current time; If current time exceedes " timing time last time " 60s, then " timing time last time " is set as current time, and " duration "+1; Forward S413 to;
If the overall chained list node number of S413 exceedes threshold value, forward S415 to, otherwise forward S414 to;
S414, business record chained list unlock, and forward S405 to;
S415, iteration business record chained list, " type " of corresponding node, " source MAC ", " crawl data ", " hit-count ", " accessing recently ", " duration " are write business record file, release corresponding node resource, overall chained list joint number successively-1; Forward S416 to;
S416, business record chained list unlock, and forward S417 to;
S417, business record chained list is uploaded to management platform, forwards S405 to;
In sum, home gateway provided by the invention detects and shields the method for user's business of networking, comprises the following steps:
Home gateway obtains characteristic value file and blacklist file from management platform;
The characteristic value file that home gateway utilizes it to obtain, detects related service from the packet of user's business of networking, and generate user's business of networking record return to management platform preserve; Meanwhile, utilize blacklist file to access or shield the specific business of networking of particular device access;
User utilizes management platform to inquire about the business of networking record of the equipment that home gateway accesses.
Because home gateway to obtain characteristic value and the blacklist file of business of networking to be detected from management platform, when the characteristic value of business of networking to be detected changes, only need to change the characteristic value file in management platform, so home gateway will obtain characteristic value and the blacklist file of up-to-date business of networking to be detected from management platform, without the need to the image file of upgraded home gateway because of characteristic value change to be detected, domestic consumer also to operate easily, will substantially increase domestic consumer's flexibility.
The present invention is not limited to above-mentioned preferred forms, and anyone should learn the structural change made under enlightenment of the present invention, and every have identical or close technical scheme with the present invention, all falls within protection scope of the present invention.
Claims (9)
1. home gateway detects and shields a method for user's business of networking, it is characterized in that, comprises the following steps:
Home gateway obtains characteristic value file and blacklist file from management platform, described characteristic value file is used for detecting related service and captures related keyword field, and described blacklist file accesses specific business of networking for the particular device shielding access home gateway;
The characteristic value file that home gateway utilizes it to obtain, detects related service from the packet of user's business of networking, and the internet records file generating correspondence returns to management platform preservation; Meanwhile, the specific business of networking of the specific device access of blacklist file screen is utilized;
User utilizes management platform to inquire about the business of networking record of the equipment that home gateway accesses.
2. the method for claim 1, is characterized in that, includes the characteristic information of business of networking in described characteristic value file, and home gateway detects related service according to the characteristic information of described business of networking and captures related keyword field.
3. the method for claim 1, is characterized in that, described characteristic value file is used for defining the rule detecting user's business of networking, comprises type, action, agreement, port, number Sum fanction 6 fields, wherein:
Type is the numbering of detected business, and often kind of business is all provided with the type field corresponding with the type in characteristic value file and numbers;
Action is the mode that this business of detection is taked, and comprises coupling and captures;
Agreement is the IP protocol type of detected business;
Port is the transport layer order ground port numbers of detected business;
Number be the number of rule that needs of detection business coupling action, or the number of rule that grasping movement needs;
Rule refers to the foundation of coupling and grasping movement.
4. method as claimed in claim 3, is characterized in that,
The rule of mating action corresponding comprises following field successively: skew, characteristic length and characteristic, and the deviation post of specifying referring to transport layer load will have the characteristic of characteristic length;
Rule corresponding to grasping movement comprises following field successively: skew, header length and header data, tail length and tail data, refer to transport layer load from deviation post, there is the header data of corresponding header length and the tail data of tail length, then also capture data wherein.
5. the method for claim 1, is characterized in that, utilize blacklist file to access or shield in the specific business of networking of particular device access, described particular device is identified by its source MAC, and concrete grammar is as follows:
For the business of coupling action, follow-up field is some sources MAC fields, represents for certain class business, as long as source MAC meets arbitrary source MAC field, then shields;
For the business of grasping movement, follow-up field is an additional some keyword field of source MAC field, represents for certain class business, if from particular source MAC, and capture value in the arbitrary keyword field of data fit, then shield.
6. the method for claim 1, it is characterized in that, certain equipment of described business record document addresses access home gateway in last time of the relevant business of networking of section access sometime, access frequency, continue the data that duration and the related service that comprises rules for grasping capture; Each record is by type, source MAC and capture data tlv triple mark, wherein:
Type field is consistent with the type in routine characteristic value file;
Source MAC field is the equipment MAC of access home gateway;
Nearest access field is the time of the last business of networking;
Hit-count field is the number of times that this business of networking is detected by home gateway service detection module;
Duration field is the duration of this business of networking;
Capturing data field is the data that grasping movement obtains, and is empty for this field value of coupling action.
7. the method for claim 1, is characterized in that, the characteristic value file that home gateway utilizes it to obtain, from the packet of user's business of networking, detect that the method for related service is as follows:
First Netlink communication interface is created, registering communication Hook Function;
Then hang up data packet analysis Hook Function at the NF_BR_PRE_ROUTING node of linux kernel Netfliter framework, when each terminal data bag under home gateway is forwarded by home gateway, the very first time is analyzed by priority treatment, wherein:
Communication Hook Function is used for receiving user's space platform interactive module characteristic value setup message, blacklist setup message, generates corresponding matched rule chained list and blacklist chained list;
Data packet analysis Hook Function is analyzed each two layer message entering home gateway, if message characteristic mates with certain the node diagnostic value in matched rule chained list, then shows relevant business of networking to be detected;
If mate with certain node rule in blacklist chained list from the business of certain source MAC, then by this packet loss, do not forward; In other situations, then forward, and notify the business information that detects to the platform interactive module of user's space.
8. the method for claim 1, is characterized in that, after home gateway starts, according to the more new state of characteristic value file in management platform and blacklist file, determines whether again download up-to-date characteristic value file and blacklist file.
9. home gateway detects and shields the system of user's business of networking, comprises home gateway, it is characterized in that, also comprise management platform,
Described home gateway is provided with business detection module and platform interactive module, and described management platform is provided with gateway interactive module, customer data base and user's man-machine interface;
Business detection module obtains characteristic value file and blacklist file from management platform, and according in characteristic value file to different business setting rule, related service is detected from the packet of user's business of networking, the relevant field captured in packet passes platform interactive module back, user's business of networking record write business record file that business detection module returns by platform interactive module, and pass to the gateway interactive module of management platform, gateway interactive module is carried out renewal to the related content in customer data base again and is preserved; The specific business of networking that business detection module is accessed according to blacklist file screen particular device;
User utilizes user's man-machine interface to inquire about the business of networking record of the equipment that home gateway accesses.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510633338.5A CN105187446B (en) | 2015-09-29 | 2015-09-29 | A kind of home gateway detection and the system and method for shielding user's business of networking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510633338.5A CN105187446B (en) | 2015-09-29 | 2015-09-29 | A kind of home gateway detection and the system and method for shielding user's business of networking |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105187446A true CN105187446A (en) | 2015-12-23 |
| CN105187446B CN105187446B (en) | 2018-03-20 |
Family
ID=54909290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510633338.5A Active CN105187446B (en) | 2015-09-29 | 2015-09-29 | A kind of home gateway detection and the system and method for shielding user's business of networking |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105187446B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487797A (en) * | 2016-10-25 | 2017-03-08 | 腾讯科技(深圳)有限公司 | A kind of network data processing method and system |
| CN109934754A (en) * | 2019-03-18 | 2019-06-25 | 重庆替比网络科技有限公司 | A kind of information issuing system for supervision and service |
| CN110048891A (en) * | 2019-04-22 | 2019-07-23 | 上海市共进通信技术有限公司 | The intelligent flow control method of man-machine interaction mode is realized based on residential gateway APP management terminal |
| CN112866140A (en) * | 2020-12-16 | 2021-05-28 | 中国联合网络通信集团有限公司 | Service matching method, gateway management platform, gateway device and server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008086224A2 (en) * | 2007-01-04 | 2008-07-17 | Quest Software, Inc. | Systems and methods for detecting and blocking malicious content in instant messages |
| CN103124226A (en) * | 2012-12-03 | 2013-05-29 | 深圳市共进电子股份有限公司 | Household broadband net-system play monitoring system and method |
| CN103595692A (en) * | 2012-08-13 | 2014-02-19 | 中兴通讯股份有限公司 | A method and a system which both analyze user network behaviors through household gateways |
| CN103888305A (en) * | 2012-12-19 | 2014-06-25 | 中国电信股份有限公司 | Home gateway-based monitoring method and system |
| CN104349370A (en) * | 2013-08-01 | 2015-02-11 | 中兴通讯股份有限公司 | Access control method, apparatus and system |
-
2015
- 2015-09-29 CN CN201510633338.5A patent/CN105187446B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008086224A2 (en) * | 2007-01-04 | 2008-07-17 | Quest Software, Inc. | Systems and methods for detecting and blocking malicious content in instant messages |
| CN103595692A (en) * | 2012-08-13 | 2014-02-19 | 中兴通讯股份有限公司 | A method and a system which both analyze user network behaviors through household gateways |
| CN103124226A (en) * | 2012-12-03 | 2013-05-29 | 深圳市共进电子股份有限公司 | Household broadband net-system play monitoring system and method |
| CN103888305A (en) * | 2012-12-19 | 2014-06-25 | 中国电信股份有限公司 | Home gateway-based monitoring method and system |
| CN104349370A (en) * | 2013-08-01 | 2015-02-11 | 中兴通讯股份有限公司 | Access control method, apparatus and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487797A (en) * | 2016-10-25 | 2017-03-08 | 腾讯科技(深圳)有限公司 | A kind of network data processing method and system |
| CN109934754A (en) * | 2019-03-18 | 2019-06-25 | 重庆替比网络科技有限公司 | A kind of information issuing system for supervision and service |
| CN110048891A (en) * | 2019-04-22 | 2019-07-23 | 上海市共进通信技术有限公司 | The intelligent flow control method of man-machine interaction mode is realized based on residential gateway APP management terminal |
| CN112866140A (en) * | 2020-12-16 | 2021-05-28 | 中国联合网络通信集团有限公司 | Service matching method, gateway management platform, gateway device and server |
| CN112866140B (en) * | 2020-12-16 | 2023-06-06 | 中国联合网络通信集团有限公司 | Service matching method, gateway management platform, gateway equipment and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105187446B (en) | 2018-03-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230110131A1 (en) | Internet of things | |
| CN104182488B (en) | Searching method, server and client | |
| CN112640381B (en) | Method and system for detecting undesirable behaviors of internet of things equipment | |
| CN105187395B (en) | The method and system of Malware network behavior detection are carried out based on couple in router | |
| CN107852410A (en) | Dissect rogue access point | |
| CN105072045B (en) | A kind of wireless router with Malware network behavior ability of discovery | |
| CN105323247A (en) | Intrusion detection system for mobile terminal | |
| CN105187446A (en) | System and method for home gateway to detect and shield user Internet surfing services | |
| CN110213212A (en) | A kind of classification method and device of equipment | |
| CN103761479B (en) | Scanning method and scanning device for malicious programs | |
| US20210256126A1 (en) | Privacy-preserving content classification | |
| Tambe et al. | Detection of threats to IoT devices using scalable VPN-forwarded honeypots | |
| CN103581909B (en) | The localization method of a kind of doubtful mobile phone Malware and device thereof | |
| CN104937897B (en) | The system and method analyzed for the redundant safety eliminated to network packet | |
| US20240089343A1 (en) | Service layer-based methods to enable efficient analytics of iot data | |
| CN104281809A (en) | Method, device and system for searching and killing viruses | |
| CN107240029A (en) | A kind of data processing method and device | |
| CN112769838B (en) | Access user filtering method, device, equipment and storage medium | |
| CN104239798B (en) | Mobile terminal, server end in mobile office system and its virus method and system | |
| CN105429996B (en) | A method of intelligence discovery and positioning address conversion equipment | |
| CN107148022B (en) | A kind of anti-loiter network based reminding method and relevant device | |
| CN106067879A (en) | The detection method of information and device | |
| CN111190950B (en) | Asset retrieval method and device | |
| CN102510563A (en) | Method and system for detecting malicious software of mobile Internet | |
| WO2018019010A1 (en) | Dynamic behavioral analysis method, device, system, and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |