CN105978844A - Network access control method, router and system based on router - Google Patents
Network access control method, router and system based on router Download PDFInfo
- Publication number
- CN105978844A CN105978844A CN201510305623.4A CN201510305623A CN105978844A CN 105978844 A CN105978844 A CN 105978844A CN 201510305623 A CN201510305623 A CN 201510305623A CN 105978844 A CN105978844 A CN 105978844A
- Authority
- CN
- China
- Prior art keywords
- network
- monitoring
- router
- information
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a network access control method, router and system based on a router. At one side of the router, the method comprises: receiving the monitoring content issued by a server, and configuring itself network monitoring information according to the monitoring content; when a monitored device is detected, detecting the message data of the monitored device according to the network monitoring information; when the detection result is not passed, dropping the data message to forbid the monitored device from accessing the web page corresponding to the data message; and when the detection result is passed, sending the data message to the network. Therefore, the router is able to control the network access of the monitored device, the data message which accesses invalid data such as undesirable websites and the like is discarded, and the safety of the device is protected while preventing from wasting the data resource.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of NS software based on router
Method, a kind of router, and a kind of network access control system.
Background technology
Router (Router) is for connecting multiple logically separate network, and so-called logic network is generation
One single network of table or a subnet.When data are transferred to another subnet from a subnet,
Can be completed by the routing function of router.Therefore, router have judge the network address and select IP
The function in path, it can be set up and connect flexibly in Multi net voting Interconnection Environment, available diverse
Packet and media access method connect various subnets, belong to a kind of InterWorking Equipment of Internet.Therefore
Subscriber equipment can connect the Internet by router.
But, in current network needed for offer user while various resources, also it is flooded with a lot of bad letter
Breath, such as violence, pornographic website etc., and uses router may have access to have bad when connecting network
The website of information, accesses objectionable website and not only can cause the waste of data resource, there is likely to be in website
The hostile content such as virus affect the safety of subscriber equipment.
Summary of the invention
Embodiment of the present invention technical problem to be solved is to provide a kind of network based on router and accesses
Control method, to be controlled the website accessed.
Accordingly, the embodiment of the present invention additionally provides a kind of router and a kind of network access control system,
In order to ensure realization and the application of said method.
In order to solve the problems referred to above, the embodiment of the invention discloses a kind of network based on router and access control
Method processed, it is characterised in that in router side, including: receive the monitoring content that server issues,
Network monitoring information according to described monitoring content configuration self;When monitored device being detected, according to
The message data of described monitored device is detected by described network monitoring information;When testing result is not
By time, abandon described data message with forbid monitored device access described data message correspondence webpage;
When testing result be by time, described data message is sent to network.
The embodiment of the invention also discloses a kind of router, including: receive and configure module, being used for receiving
The monitoring content that server issues, according to the network monitoring information of described monitoring content configuration self;Message
Detection module, for when monitored device being detected, is supervised described according to described network monitoring information
The message data of control equipment detects;Access control module, is used for when testing result is obstructed out-of-date,
Abandon described data message to forbid that monitored device accesses described data message correspondence webpage;When detection knot
Fruit be by time, described data message is sent to network.
Compared with prior art, the method for network access control based on router of the embodiment of the present invention, road
Advantages below is included by device and system:
The monitoring content configuration network monitoring information that router issues based on server, so that it is determined that to monitor
Data message information, after monitored device sends datagram to router, router is according to described
The message data of described monitored device is detected by network monitoring information, when testing result is not for pass through
Time, determine that data message has illegal contents, abandon described data message to forbid that monitored device accesses
Described data message correspondence webpage, when testing result for by time determine that data message is valid data, will
Described data message is sent to network, thus the network of monitored device can be accessed and control by router
System, abandons the data message conducting interviews the invalid datas such as objectionable website, prevents from causing data resource
Waste protection equipment safety simultaneously.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality
Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that under,
Accompanying drawing during face describes is some embodiments of the present invention, for those of ordinary skill in the art,
On the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the steps flow chart of a kind of based on router the method for network access control embodiment of the present invention
Figure;
Fig. 2 be the present invention another kind method for network access control based on router embodiment in router
The flow chart of steps of configuration;
Fig. 3 be the present invention another kind method for network access control based on router embodiment in access control
The flow chart of steps of system;
Fig. 4 is a kind of mutual schematic diagram accessing control system of the embodiment of the present invention;
Fig. 5 is the structured flowchart of a kind of router embodiment of the present invention;
Fig. 6 is the structured flowchart of another kind router embodiment of the present invention;
Fig. 7 is the structured flowchart of the present invention a kind of network access control system embodiment.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with this
Accompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention,
Obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments.Based on
Embodiment in the present invention, those of ordinary skill in the art are obtained under not making creative work premise
The every other embodiment obtained, broadly falls into the scope of protection of the invention.
One of core idea of the embodiment of the present invention is, a kind of NS software side based on router
Method, router and system, to be controlled the website accessed.The prison that router issues based on server
Control content configuration network monitoring information, so that it is determined that data message information to be monitored, in monitored device
After sending datagram to router, router according to described network monitoring information to described monitored device
Message data detect, when testing result is obstructed out-of-date, determine that data message has illegal contents,
Abandon described data message with forbid monitored device access described data message correspondence webpage, when detection knot
Fruit for by time determine that data message is valid data, described data message is sent to network, thus road
The network of monitored device can be accessed by device and be controlled, abandon and the invalid datas such as objectionable website are entered
The data message that row accesses, prevents the waste causing data resource from protecting equipment safety simultaneously.
Embodiment one
With reference to Fig. 1, it is shown that a kind of based on router the method for network access control embodiment of the present invention
Flow chart of steps, specifically may include steps of:
Step 102, receives the monitoring content that server issues, according to described monitoring content configuration self
Network monitoring information.
In the present embodiment, in order to user is monitored by the network address of router access, by clothes
The NS software rule of business device configuration router, it is achieved the data message of the router equipment to connecting
Control.
By modes such as data analysiss, server determines that monitoring content, described monitoring content are that server passes through
The information content that network access data is monitored that data analysis determines.Server is by under monitoring content
Issuing router, router configures corresponding network monitoring information, this network monitoring according to this monitoring content
The data message of connected device is monitored by information for router.
In the embodiment of the present invention, the various equipment referred to as user that can connect network that user uses is set
Standby, i.e. subscriber equipment includes the various calculating equipment that can connect network, such as computer, and for example flat board electricity
The mobile device such as brain, mobile phone.Wherein, set by the subscriber equipment referred to as LAN of router connection network
Standby, not by the equipment of router direct interconnection network be referred to as outer net equipment, such as mobile phone by 3G,
When the communication networks such as 4G connect the Internet, this mobile phone is outer net equipment, and the mobile devices such as mobile phone are opened
When WIFI (WIreless-Fidelity, Wireless Fidelity) connection route device and then connection network, mobile phone is local
Net equipment.
In the present embodiment, using router as the monitoring device of NS software, then from lan device
In choose need monitoring equipment as monitored device, i.e. monitored device is all or part of local
Net equipment.
Step 104, when monitored device being detected, is supervised described according to described network monitoring information
The message data of control equipment detects.
When user accesses network by lan device connection route device, the LAN accessed is set by router
Standby it is monitored, when detecting that the mobile device of currently transmitted data message is monitored device, according to
The message data of described monitored device is detected by described network monitoring information, according to testing result pair
Message data processes operation accordingly.The most legal data message correspondence testing result for passing through,
Illegal data message correspondence testing result is not for pass through.
Step 106, abandons described data message.
When testing result is obstructed out-of-date, and it is illegal for characterizing this data message, what i.e. it was asked forbids visiting
The network data asked, router abandons this data message, to forbid monitored device (i.e. monitored office
Territory net equipment) access described data message correspondence webpage.
Thus for invalid datas such as objectionable websites, can be configured in network monitoring information, thus
Block the request to invalid data in router side, not only can save data resource, moreover it is possible to prevent these
In invalid data correspondence website virus etc. hostile content local area network equipment safety impact.
Step 108, is sent to network by described data message.
When testing result be by time, characterize this data message and there is not illegal contents, router is by described
Data message is normally forwarded in network, and the most normally send datagram requested webpage, thus described
Monitored device can normally access corresponding Webpage.
In sum, the monitoring content configuration network monitoring information that router issues based on server, thus
Determine data message information to be monitored, after monitored device sends datagram to router, route
The message data of described monitored device is detected by device according to described network monitoring information, when data are tied
Fruit is obstructed out-of-date, determines that data message has illegal contents, abandons described data message to forbid being supervised
Control equipment access described data message correspondence webpage, when data result for by time determine that data message is conjunction
Method data, are sent to described data message network, thus router can be to the networks of monitored device
Access is controlled, and abandons the data message conducting interviews the invalid datas such as objectionable website, prevents from causing
Equipment safety is protected in the waste of data resource simultaneously.
Embodiment two
On the basis of above-described embodiment, the present embodiment is discussed in detail network browsing based on router and controls
Method.
Router, when local area network equipment conducts interviews control, needs configuration monitoring the most in the router
Content, then router to access lan device be monitored.
1, the configuration of router
With reference to Fig. 2, it is shown that the another kind method for network access control based on router of the present invention is implemented
The flow chart of steps of configuration of routers in example, specifically may include steps of:
Step 202, the facility information collecting each lan device accessing described router generates LAN
List of devices.
Lan device can connect network by router after couple in router, and router can be to access
The facility information of lan device be collected, generate corresponding lan device list.This local i.e.
Train table for recording the facility information of lan device of couple in router, as device name, model,
Mark, MAC (Media Access Control, the medium access control) address of equipment, during access
Between etc. information.
Step 204, the facility information fed back in described lan device list selects to be monitored for user
Equipment.
Step 206, determines monitored device, according to described lan device according to the instruction information of user
List obtains the facility information of described monitored device and adds in watch-list.
User is to be monitored equipment, and the children devices of such as head of a family monitoring to be specified, user is permissible
By equipment and router, monitored device is set alternately.Wherein, user can be by the management of router
The APP (Application, application program) of the page i.e. web page or mobile device arranges router institute
Constitute the monitored device in LAN.
A, the setting of web page
User uses lan device connection route device to access the web page of router, this web page
On can feed back router collect lan device list in facility information, identified by facility information
In the information such as different lan devices, such as device name, unit type, device mac address
At least one.User can be with the youngster selecting equipment to be monitored, such as family child to use on web page
Virgin machine, and for example Ipad etc., instruction information can be sent after having selected, this instruction information carries
The device identification of equipment, determines, by this device identification, the local device that user selects, the local that will select
Net equipment is set to monitored device, by the facility information of monitored device such as device name, MAC
Locations etc. are added in watch-list.
B, the setting of the mobile device APP page
As the mobile devices such as mobile phone can connect the Internet, in APP by router or communication network
Arranging monitored device, i.e. a kind of mode is that mobile device passes through APP page from as during lan device
Face carries out the setting of monitored device, and another way is that mobile device passes through APP as outer net equipment
The page carries out the setting of monitored device.This app is mounted on mobile phone, and router is carried out function
The app controlled.
Wherein, when mobile device is as lan device, mobile device connects the Internet by router,
After starting APP in a mobile device, after the monitoring of entrance router arranges related pages, on this page
The facility information in the lan device list that router is collected can be fed back, be now understandable that this office
Territory net list of devices has the facility information of this mobile device, the page is identified not by facility information
With lan device, such as in the information such as device name, unit type, device mac address extremely
One item missing.User can send refer to select equipment to be monitored on web page after having selected
Show information, this instruction information carries the device identification of equipment, determines that user selects by this device identification
The local device selected, is set to monitored device by the lan device of selection, setting monitored device
Standby information such as device name, MAC Address etc. is added in watch-list.
When mobile device is as outer net equipment, mobile device is by nets such as communication network such as 2G, 3G, 4G
Network connects the Internet, and after starting APP in a mobile device, now mobile phone is taken by high in the clouds with router
Business device communicates, and after the monitoring of entrance router arranges related pages, this page can feed back router
Facility information in the lan device list collected, is now understandable that this lan device list
In can not have the facility information of this mobile device, if this equipment was once connected by this router certainly
Cross the Internet, then lan device list is the facility information can with this mobile device.In the page
Different lan devices, such as device name, unit type, equipment is identified by facility information
At least one in the information such as MAC Address.User can select on the page to monitor arranging of app
Equipment, instruction information can be sent after having selected, this instruction information carries the equipment of equipment
Mark, determines, by this device identification, the local device that user selects, and is arranged by the lan device selected
For monitored device, the facility information of monitored device such as device name, MAC Address etc. are added to
In watch-list.
Step 208, receives the monitoring content that server issues.
Router first local area network equipment conducts interviews when controlling, and can receive the monitoring that server issues
Content, thus according to the network monitoring information of this monitoring content configuration router.
In one alternative embodiment of the present invention, receive the monitoring content of server update;According to described renewal
Monitoring content update described network monitoring information.
In the present embodiment, server can also obtain the data message of feedback from router, and collects
The information such as the network data in network, by updating prison to the analysis of above-mentioned information and the rule etc. of setting
Control content.Such as, by the Internet, the info web etc. collected after data message is transferred to the number of platform
After server, by the big data intelligence center of cloud platform, above-mentioned data message analysis can be determined
Corresponding data frame information, thus the online rule forming renewal generates corresponding monitoring content, and will update
Monitoring in being sent to router, with the network monitoring information of more new router.
Step 210, obtains website data to be monitored from described monitoring content.
Step 212, is configured to described website data to be monitored in the fire wall list of described router,
Using described fire wall list as network monitoring information.
In the embodiment of the present invention, monitoring content include following at least one: website data to be monitored, time
Data and message recognition rule, can configure corresponding monitoring project by above-mentioned monitoring content.
Wherein, website data to be monitored is prohibited from accessing the website data of website, as IP address, again
Such as the rhizosphere name etc. for website, from described monitoring content, obtain website data to be monitored, by net to be monitored
Fire wall list, in the fire wall list Iptable of described router, is supervised by location data configuration as network
One of control information, follow-up is monitored monitored device.
Such as, website data to be monitored includes that an IP address is 1.1.0.0, it is assumed that its corresponding network address is
Violence illegal website, then can be arranged IP address 1.1.0.0 in the Iptable table of router.
Step 214, obtains described time data from described monitoring content.
Step 216, according to the monitoring period of described time data configuration network monitoring information;
Time data is the data being monitored the time accessing network, prohibits as being set to Monday to Saturday
Only accessing network, the time outside 18 o'clock to 20 o'clock every day that is and for example set to forbids accessing network etc..From
Described monitoring content obtains described time data, according to described time data configuration network monitoring information
Monitoring period, this monitoring period is configurable to the time forbidding accessing network, it is also possible to be configured to allow
Access the time of network, according to actual demand equipment, the embodiment of the present invention, this can be not construed as limiting.
Step 218, obtains message recognition rule from described monitoring content.
Step 220, stores described router using described message recognition rule as network monitoring information
In local cache.
Message recognition rule is the phase that router performs during NS software to be identified message
Close rule, from described monitoring content, obtain message recognition rule, using described message recognition rule as net
Network monitoring information, then stores message recognition rule in the local cache of described router.
Thus the lan device list configuration monitored device collected by router, by the prison issued
Control content configuration network monitoring information, can configure respectively to network address, time and access content etc.,
Generate network monitoring information accurately, it is provided that access control more accurately.
2, control is accessed
With reference to Fig. 3, it is shown that the another kind method for network access control based on router of the present invention is implemented
Example accesses the flow chart of steps of control, specifically may include steps of:
Step 302, receives data message.
Step 304, determines the lan device sending message according to described data message.
Step 306, detects whether described lan device is the monitored device in watch-list.
User uses lan device router access to be passed through network, needs first to send the datagram of request
Router given in literary composition, if data message is TCP/IP (Transmission Control Protocol/Internet
Protocol, transmission control protocol/Internet Protocol) message, this data message is analyzed really
Surely send the MAC Address of the lan device of this message, search watch-list based on this MAC Address
In, determine whether this MAC Address is the MAC Address of monitored device in watch-list.
If the MAC Address of monitored device in watch-list, then perform step 308.If not prison
In control list, the MAC Address of monitored device, performs step 314.
Step 308, obtains current temporal information, detects whether described temporal information is positioned at monitoring period
In.
Needing to be controlled access for monitored device, the time accessing network is controlled by the first
System.Obtain current temporal information and i.e. access the time of network, when monitoring period is configured to forbid accessing net
During time of network, detect whether described temporal information is positioned at monitoring period.If being positioned at monitoring period,
Perform step 316;If not being positioned at monitoring period to perform step 310.
Certainly, if monitoring period is configured to the time allowing to access network, then the described time can be detected
Whether information is positioned at outside monitoring period.I.e. forbidding that the time accessing network abandons network message, do not allowing
Monitored device accesses network.
Such as, the time outside 18 o'clock to 20 o'clock every day forbids accessing network, if current temporal information
Not 21 point, then abandon network message and forbid accessing network, if current temporal information is 19 points, be then
Allow to access the time of network.
Whether step 310, detect and ask the network address that accesses in the message data of described monitored device
In fire wall list.
In addition to the access time is controlled, it is also possible to network of network address is controlled, i.e.
If current temporal information does not allows to access the time of network, then detect the message number of described monitored device
According to the middle network address asking to access whether in fire wall list.
Fire wall list is configured with the website data forbidding accessing, it is thus determined that request is visited in message data
Whether the network address asked is in fire wall list, if in fire wall list, performs step 316, if
In fire wall list, do not perform step 312.If certainly data message not being identified, then judging
Step 314 can be directly performed after asking the network address accessed not in fire wall list.
Such as, the network address that request accesses is 1.1.0.0, determines its Iptable at router by detection
In table, then dropping packets conducts interviews this network address.
Step 312, determines whether to be capable of identify that described data according to the message recognition rule in local cache
Message.
In the embodiment of the present invention, NS software also includes the identification to data message, i.e. when not allowing
Access the time of network, and when message data being asked the network address accessed not in fire wall list,
Still can continue according to the message recognition rule in local cache, data message to be identified, determine energy
Enough identify this data message.
If being capable of identify that data message, perform step 314;If data message can not be identified, perform step
318。
Step 314, is sent to network by described data message.
When the lan device sent datagram is not monitored device, it is not necessary to data message is examined
The external networks such as survey, directly can be sent to network by data message, the Internet that i.e. router connects.
Do not allow to access the time of network in current temporal information, message data is asked the network accessed
Data message, not in fire wall list, directly can be sent to network so that monitored device by address
It is able to access that the webpage of this data message corresponding requests.
Or, not allowing to access the time of network in current temporal information, in message data, request accesses
The network address not in fire wall list, and be capable of identify that according to the message recognition rule in local cache
During data message, the data message characterizing request is valid data, can be directly sent to by data message
Network so that monitored device is able to access that the webpage of this data message corresponding requests.
Step 316, abandons described data message.
When current temporal information is the time forbidding accessing network, abandons network message, forbid this quilt
Monitoring device accesses network.
Do not allow to access the time of network in current temporal information, but message data is asked the net accessed
Network address is in fire wall list, and the network address characterizing message data request access comprises invalid data,
Abandon network message, forbid that this monitored device accesses network.
Step 318, replicates described data message, and the data message of duplication is uploaded to server.
Do not allow to access the time of network in current temporal information, message data is asked the network accessed
Address not in fire wall list, but according to the message recognition rule None-identified data in local cache
During message, characterize the data that data message is nonrecognition of request, replicate described data message, will replicate
Data message be uploaded to server.Subsequent server can be analyzed according to this packet, determines this
Message data is the most legal, thus determines post-treatment operations based on whether legal analysis result, such as
Analysis determines that data message is invalid data, then can be as monitoring content follow-up renewal network monitoring
Information.
Thus the lan device accessed is monitored, by the net configured by router by watch-list
The data message of monitored device is detected by network monitoring information, by the time, accesses network address and number
According to each side such as message contents, data message is comprehensively detected, more accurately to monitored device
Access be controlled.
It is understood that the embodiment of the present invention is not limited by described sequence of movement, some step
Suddenly can use other orders or carry out simultaneously, the most not performing step 312, and for example in step 308
Performing step 312 etc., therefore those skilled in the art know, embodiment described in this description before
Belong to preferred embodiment, necessary to the involved action not necessarily embodiment of the present invention.
In the embodiment of the present invention, a kind of access the mutual schematic diagram of control system as shown in Figure 4.This access
Control system includes subscriber equipment, router, cloud platform server and external network.Subscriber equipment includes
Lan device and outer net equipment.
Determine that it is lan device after subscriber equipment couple in router, hereafter send TCP/IP message to
Router, whether the source MAC of this TCP/IP message of data stream monitoring process detection in router is positioned at
In monitored device list.When determining that source MAC is positioned in monitored device list, by this data message
Hand to safety detection process, otherwise, i.e. determine that source MAC is non-and be positioned in monitored device list, table
Levying data message correspondence lan device is non-supervised equipment, directly by data message forwarding to extranets
Network, such as the Internet.
Data message is analyzed by safety detection process according to the network monitoring information of configuration, including analyzing
Access network temporal information (i.e. surf time), request access the network address (i.e. purpose IP) with
And the message recognition rule etc. of local cache.If by the analysis of network monitoring information, then router turns
Send out TCP/IP message in the Internet;If determining this TCP/IP message by network monitoring information analysis
For invalid data, then forbidding that monitored device accesses network, safety detection process directly abandons this message;
If determined the data of None-identified TCP/IP message by network monitoring information analysis, then copy portion
TCP/IP message, by the Internet transmission to the data server of cloud platform.
Follow-up TCP/IP message, by big data intelligence center, analyzes the Frame of TCP/IP message, shape
The online rule of Cheng Xin, the monitoring content i.e. updated, and issue the monitoring content of renewal in router,
The safety monitoring process of router updates network monitoring information based on this monitoring content.
In the embodiment of the present invention, intercepted and captured the data message needing to monitor in router side by network flow analysis
Data stream, the process built-in by router is analyzed, and can be forwarded to the service of cloud platform
Mating with safety database in device, be once found to have illegal data stream, router can be somebody's turn to do with automatic shield
Equipment and the data cube computation of illegal website.
In the present embodiment, the monitoring content issued by server automatically configures the network monitoring letter of router
Breath, it is not necessary to user understands the network security protocol of complexity, configuration is simple, and user only need to indicate and to monitor
Lan device, remaining can be automatically obtained equipment based on server of cloud platform and configuration of routers
Access control.
Substantial amounts of logical process is placed on server side by the present embodiment, as data analysis is determined monitoring content
Deng, thus reduce the hardware cost of router, the CPU configuration of router can be reduced.
Further, by server side ceaselessly analytical data, and the safety of server side is constantly updated
Data base and monitoring content so that the network monitoring information of configuration of routers is also constantly updated, thus accurate
The true access controlling network so that network accesses safer.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as one it be
The combination of actions of row, but those skilled in the art should know, and the embodiment of the present invention is not by described
The restriction of sequence of movement because according to the embodiment of the present invention, some step can use other orders or
Person is carried out simultaneously.Secondly, those skilled in the art also should know, embodiment described in this description
Belong to preferred embodiment, necessary to the involved action not necessarily embodiment of the present invention.
Embodiment three
On the basis of above-described embodiment, the present embodiment additionally provides a kind of router.
With reference to Fig. 5, it is shown that the structured flowchart of a kind of router embodiment of the present invention, specifically can include
Such as lower module:
Receive and configure module 502, for receiving the monitoring content that server issues, according to described monitoring
The network monitoring information of content configuration self.
Packet check module 504, for when monitored device being detected, believes according to described network monitoring
Cease the message data to described monitored device to detect.
Access control module 506, for when being obstructed out-of-date when testing result, abandoning described data message
To forbid that monitored device accesses described data message correspondence webpage;When testing result be by time, by institute
State data message and be sent to network.
In sum, the monitoring content configuration network monitoring information that router issues based on server, thus
Determine data message information to be monitored, after monitored device sends datagram to router, route
The message data of described monitored device is detected by device according to described network monitoring information, when detection knot
Fruit is obstructed out-of-date, determines that data message has illegal contents, abandons described data message to forbid being supervised
Control equipment access described data message correspondence webpage, when testing result for by time determine that data message is conjunction
Method data, are sent to described data message network, thus router can be to the networks of monitored device
Access is controlled, and abandons the data message conducting interviews the invalid datas such as objectionable website, prevents from causing
Equipment safety is protected in the waste of data resource simultaneously.
With reference to Fig. 6, it is shown that the structured flowchart of another kind router embodiment of the present invention, specifically can wrap
Include such as lower module:
Receive and configure module 602, for receiving the monitoring content issued according to server, according to described
The network monitoring information of monitoring content configuration self.
Packet check module 604, for when monitored device being detected, believes according to described network monitoring
Cease the message data to described monitored device to detect.
Access control module 606, for when testing result be obstructed out-of-date, abandon described data message with
Forbid that monitored device accesses described data message correspondence webpage;When testing result be by time, by described
Data message is sent to network so that described monitored device normally accesses described data message correspondence webpage;
When testing result is nonrecognition, described data message is uploaded to server and is analyzed.
In one alternative embodiment of the present invention, described monitoring content include following at least one: net to be monitored
Location data, time data and recognition rule.
Described reception also configures module 602, including:
Network address configuration submodule 60202, for obtaining website data to be monitored from described monitoring content;
Described website data to be monitored is configured in the fire wall list of described router, described fire wall is arranged
Table is as network monitoring information.
Time configuration submodule 60204, for obtaining described time data from described monitoring content, depends on
Monitoring period according to described time data configuration network monitoring information.
Recognition rule configuration submodule 60206, for obtaining message recognition rule from described monitoring content,
Described message recognition rule is stored as network monitoring information in the local cache of described router.
Described packet check module 604, including:
Network address detection sub-module 60402, in the message data detecting described monitored device, request is visited
Whether the network address asked is in fire wall list;The network address accessed when described request arranges at fire wall
In table, confirming that described data message mates with described network monitoring information, record testing result is not for pass through;
When the network address that described request accesses is not in fire wall list, confirm described data message and described net
Network monitoring information is not mated, and record testing result is for passing through.
Time detecting submodule 60404, for obtaining current temporal information, detects described temporal information
Whether it is positioned at monitoring period;When described temporal information is positioned at monitoring period, and record testing result is not
Pass through;When described temporal information is not positioned at monitoring period, the network address performing detection request access is
No step in fire wall list.
Recognition rule detection sub-module 60406, is used for according to the message recognition rule in local cache institute
Stating data message to be identified, when data message described in None-identified, record testing result is nonrecognition,
Perform that described data message is sent to the step of network to be analyzed to be uploaded to server;When knowing
Not during described data message, perform that described data message is sent to the step of network so that described monitored
Equipment accesses the webpage that described data message is corresponding.
In another alternative embodiment of the present invention, described reception also configures module 602, is additionally operable to obtain clothes
The monitoring content that business device updates;Described network monitoring information is updated according to the monitoring content of described renewal.
Monitored device configuration module 608, for collecting each lan device of the described router of access
Facility information generates lan device list;Feed back facility information in described lan device list for
User selects monitored device;Instruction information selection office from described lan device list according to user
Territory net equipment adds watch-list to as monitored device, the facility information obtaining described monitored device
In.
Equipment Inspection module 610, receives the data message that lan device sends, according to described datagram
Literary composition obtains the address information of lan device;Whether described lan device is detected according to described address information
For the monitored device of configuration in watch-list;When described lan device is non-monitored device, will
Described data message is sent to network.
Embodiment four
On the basis of above-described embodiment, the present embodiment additionally provides a kind of network access control system.
With reference to Fig. 7, it is shown that the structured flowchart of the present invention a kind of network access control system embodiment.
This network access control system includes: subscriber equipment 702, server 704 and such as above-described embodiment
Router 706 described in three.
In the embodiment of the present invention, intercepted and captured the data message needing to monitor in router side by network flow analysis
Data stream, the process built-in by router is analyzed, and can be forwarded to the service of cloud platform
Mating with safety database in device, be once found to have illegal data stream, router can be somebody's turn to do with automatic shield
Equipment and the data cube computation of illegal website.
In the present embodiment, the monitoring content issued by server automatically configures the network monitoring letter of router
Breath, it is not necessary to user understands the network security protocol of complexity, configuration is simple, and user only need to indicate and to monitor
Subscriber equipment, remaining can be automatically obtained equipment based on server of cloud platform and configuration of routers
Access and control.
Substantial amounts of logical process is placed on server side by the present embodiment, as data analysis is determined monitoring content
Deng, thus reduce the hardware cost of router, the CPU configuration of router can be reduced.
Further, by server side ceaselessly analytical data, and the safety of server side is constantly updated
Data base and monitoring content so that the network monitoring information of configuration of routers is also constantly updated, thus accurate
The true access controlling network so that network accesses safer.
For device embodiment, due to itself and embodiment of the method basic simlarity, so the comparison described
Simply, relevant part sees the part of embodiment of the method and illustrates.
Each embodiment in this specification all uses the mode gone forward one by one to describe, and each embodiment stresses
Be all the difference with other embodiments, between each embodiment, identical similar part sees mutually
?.
Those skilled in the art are it should be appreciated that the embodiment of the embodiment of the present invention can be provided as method, dress
Put or computer program.Therefore, the embodiment of the present invention can use complete hardware embodiment, completely
Software implementation or the form of the embodiment in terms of combining software and hardware.And, the embodiment of the present invention
Can use and can be situated between with storage at one or more computers wherein including computer usable program code
The upper computer journey implemented of matter (including but not limited to disk memory, CD-ROM, optical memory etc.)
The form of sequence product.
The embodiment of the present invention is with reference to method according to embodiments of the present invention, terminal unit (system) and meter
The flow chart of calculation machine program product and/or block diagram describe.It should be understood that can be by computer program instructions
Each flow process in flowchart and/or block diagram and/or square frame and flow chart and/or square frame
Flow process in figure and/or the combination of square frame.Can provide these computer program instructions to general purpose computer,
The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipment is to produce
One machine so that performed by the processor of computer or other programmable data processing terminal equipment
Instruction produce for realizing at one flow process of flow chart or multiple flow process and/or one square frame of block diagram or
The device of the function specified in multiple square frames.
These computer program instructions may be alternatively stored in and computer or other programmable datas can be guided to process
In the computer-readable memory that terminal unit works in a specific way so that be stored in this computer-readable
Instruction in memorizer produces the manufacture including command device, and this command device realizes flow chart one
The function specified in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded into computer or other programmable data processing terminals set
Standby upper so that on computer or other programmable terminal equipment, to perform sequence of operations step in terms of producing
The process that calculation machine realizes, thus the instruction performed on computer or other programmable terminal equipment provides and uses
In realizing in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame
The step of the function specified.
Although having been described for the preferred embodiment of the embodiment of the present invention, but those skilled in the art being once
Know basic creative concept, then these embodiments can be made other change and amendment.So,
Claims are intended to be construed to include preferred embodiment and fall into the institute of range of embodiment of the invention
There are change and amendment.
Finally, in addition it is also necessary to explanation, in this article, the relational terms of such as first and second or the like
It is used merely to separate an entity or operation with another entity or operating space, and not necessarily requires
Or imply relation or the order that there is any this reality between these entities or operation.And, art
Language " includes ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that
Process, method, article or terminal unit including a series of key elements not only include those key elements, and
Also include other key elements being not expressly set out, or also include for this process, method, article or
The key element that person's terminal unit is intrinsic.In the case of there is no more restriction, statement " include one
It is individual ... " key element that limits, it is not excluded that including the process of described key element, method, article or end
End equipment there is also other identical element.
Above to a kind of method for network access control based on router provided by the present invention, a kind of route
Device, and a kind of network access control system, be described in detail, specific case used herein
Principle and embodiment to the present invention are set forth, and the explanation of above example is only intended to help reason
Solve method and the core concept thereof of the present invention;Simultaneously for one of ordinary skill in the art, according to this
The thought of invention, the most all will change, in sum, and this
Description should not be construed as limitation of the present invention.
Claims (17)
1. a method for network access control based on router, it is characterised in that in router side,
Including:
Receive the monitoring content that server issues, according to the network monitoring letter of described monitoring content configuration self
Breath;
When monitored device being detected, according to the described network monitoring information report to described monitored device
Literary composition data detect;
When testing result is obstructed out-of-date, abandon described data message described to forbid that monitored device accesses
Data message correspondence webpage;
When testing result be by time, described data message is sent to network.
Method the most according to claim 1, it is characterised in that described monitoring content includes waiting to supervise
Control website data, the described network monitoring information according to described monitoring content configuration self, including:
Website data to be monitored is obtained from described monitoring content;
Described website data to be monitored is configured in the fire wall list of described router, by described fire prevention
Wall list is as network monitoring information.
Method the most according to claim 2, it is characterised in that described network monitoring information is to institute
The message data stating monitored device detects, including:
Whether detect the network address asking to access in the message data of described monitored device at fire wall
In list;
When the network address that described request accesses is in fire wall list, confirm that described data message is with described
Network monitoring information mates, and record testing result is not for pass through;
When the network address that described request accesses is not in fire wall list, confirm described data message and institute
Stating network monitoring information not mate, record testing result is for passing through.
Method the most according to claim 3, it is characterised in that described monitoring content also includes:
Time data;
The described network monitoring information according to described monitoring content configuration self, also includes: from described monitoring
Content obtains described time data, configures the monitoring of described network monitoring information according to described time data
Time;
The message data of the described monitored device of described detection is asked the network address accessed whether anti-
Before in wall with flues list, also include:
Obtain current temporal information, detect whether described temporal information is positioned at monitoring period;
When described temporal information is positioned at monitoring period, and record testing result is not for pass through;
When described temporal information is not positioned at monitoring period, and whether the network address that execution detection request accesses
Step in fire wall list.
Method the most according to claim 3, it is characterised in that described monitoring content also includes:
Message recognition rule,
The described network monitoring information according to described monitoring content configuration self, including: in described monitoring
Appearance obtains message recognition rule, described message recognition rule is stored as described network monitoring information
In the local cache of described router;
The network address that the request that detects accesses is not after fire wall list, and described method also includes:
According to the message recognition rule in local cache, described data message is identified;
When data message described in None-identified, record testing result is nonrecognition, performs described data
Message is sent to the step of network and is analyzed to be uploaded to server;
When being capable of identify that described data message, perform the step that described data message is sent to network with
Described monitored device is made to access the webpage that described data message is corresponding.
6. according to the method described in any one of claim 1 to 5, it is characterised in that also include:
Receive the monitoring content of server update;
Described network monitoring information is updated according to the monitoring content of described renewal.
Method the most according to claim 1, it is characterised in that also include:
The facility information collecting each lan device accessing described router generates lan device list;
The facility information fed back in described lan device list selects monitored device for user;
From described lan device list, select monitored device according to the instruction information of user, obtain institute
The facility information stating monitored device adds in watch-list.
Method the most according to claim 7, it is characterised in that also include:
Receive the data message that lan device sends, obtain lan device according to described data message
Address information;
Whether detect described lan device according to described address information is being supervised of configuration in watch-list
Control equipment;
When described lan device is non-monitored device, described data message is sent to network.
9. a router, it is characterised in that including:
Receive and configure module, for receiving the monitoring content that server issues, according to described monitoring content
Configure the network monitoring information of self;
Packet check module, for when detecting monitored device, according to described network monitoring information pair
The message data of described monitored device detects;
Access control module, for being obstructed out-of-date when testing result, abandons described data message to forbid
Monitored device accesses described data message correspondence webpage;When testing result be by time, by described data
Message is sent to network.
Router the most according to claim 9, it is characterised in that described monitoring content includes treating
Monitoring website data, described reception also configures module, including:
Network address configuration submodule, for obtaining website data to be monitored from described monitoring content;By described
Website data to be monitored is configured in the fire wall list of described router, using described fire wall list as
Network monitoring information.
11. routers according to claim 10, it is characterised in that described network monitoring information
To described packet check module, including:
Network address detection sub-module, asks the net accessed in the message data detecting described monitored device
Whether network address is in fire wall list;When the network address that described request accesses is in fire wall list,
Confirming that described data message mates with described network monitoring information, record testing result is not for pass through;Work as institute
The network address that request of stating accesses, not in fire wall list, confirms that described data message is supervised with described network
Control information is not mated, and record testing result is for passing through.
12. routers according to claim 11, it is characterised in that described monitoring content also wraps
Include: time data;
Described reception also configures module, also includes: time configuration submodule, for from described monitoring content
The described time data of middle acquisition, when configuring the monitoring of described network monitoring information according to described time data
Between;
Described packet check module, also includes: time detecting submodule, for obtaining current time letter
Breath, detects whether described temporal information is positioned at monitoring period;When described temporal information is positioned at monitoring period
In, record testing result is not for pass through;When described temporal information is not positioned at monitoring period, call network address
Detection sub-module performs the network address whether step in fire wall list that detection request accesses.
13. routers according to claim 11, it is characterised in that described monitoring content also wraps
Include: message recognition rule,
Described reception also configures module, including: recognition rule configuration submodule, in described monitoring
Appearance obtains message recognition rule, described message recognition rule is stored as described network monitoring information
In the local cache of described router;
Described packet check module, also includes: recognition rule detection sub-module, for according to local cache
In message recognition rule described data message is identified, when data message described in None-identified,
Record testing result is nonrecognition, performs the step that described data message is sent to network to be uploaded to clothes
Business device is analyzed;When being capable of identify that described data message, perform described data message is sent to net
The step of network is so that described monitored device accesses the webpage that described data message is corresponding.
14. according to the router described in any one of claim 9 to 13, it is characterised in that
Described reception also configures module, is additionally operable to receive the monitoring content of server update;According to described more
New monitoring content updates described network monitoring information.
15. routers according to claim 9, it is characterised in that also include:
Monitored device configuration module, for collecting the equipment of each lan device accessing described router
Information generates lan device list;Feed back the facility information in described lan device list for user
Select monitored device;From described lan device list, LAN is selected according to the instruction information of user
Equipment adds in watch-list as monitored device, the facility information obtaining described monitored device.
16. routers according to claim 15, it is characterised in that also include:
Equipment Inspection module, receives the data message that lan device sends, obtains according to described data message
Take the address information of lan device;Detect whether described lan device is prison according to described address information
The monitored device of configuration in control list;When described lan device is non-monitored device, by described
Data message is sent to network.
17. 1 kinds of network access control systems, it is characterised in that including: subscriber equipment, server and
Router described in the claims 9-13,15 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510305623.4A CN105978844A (en) | 2015-06-04 | 2015-06-04 | Network access control method, router and system based on router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510305623.4A CN105978844A (en) | 2015-06-04 | 2015-06-04 | Network access control method, router and system based on router |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105978844A true CN105978844A (en) | 2016-09-28 |
Family
ID=56988124
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510305623.4A Pending CN105978844A (en) | 2015-06-04 | 2015-06-04 | Network access control method, router and system based on router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105978844A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270751A (en) * | 2016-12-30 | 2018-07-10 | 阿里巴巴集团控股有限公司 | Application management method, device and data sending processing method and apparatus |
| CN109768935A (en) * | 2019-03-14 | 2019-05-17 | 海南梯易易智能科技有限公司 | Wireless router and its method for safe operation with intelligent recognition and filtering function |
| CN109933001A (en) * | 2019-04-11 | 2019-06-25 | 韩拥军 | Firewall, method and system for programmable logic controller (PLC) |
| CN110620799A (en) * | 2018-06-20 | 2019-12-27 | 深圳市从晶科技有限公司 | Data processing method and system |
| CN111131163A (en) * | 2019-11-26 | 2020-05-08 | 视联动力信息技术股份有限公司 | Data processing method and device based on video network |
| CN113010122A (en) * | 2021-03-12 | 2021-06-22 | 珠海奔图电子有限公司 | Image forming apparatus monitoring apparatus, method, system, and storage medium |
| CN113472602A (en) * | 2021-05-25 | 2021-10-01 | 南京智数科技有限公司 | Monitoring system and monitoring method of LORA gateway |
| CN114980097A (en) * | 2022-04-11 | 2022-08-30 | 荣耀终端有限公司 | Camera information management method and camera information management device |
| CN116567629A (en) * | 2023-07-07 | 2023-08-08 | 深圳市江元科技(集团)有限公司 | Method, system and medium for realizing intelligent management and control of android device surfing Internet |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581804A (en) * | 2004-05-21 | 2005-02-16 | 许仁祥 | Home network content filtering system base on broadband intelligent network-screening hardware |
| CN101056306A (en) * | 2006-04-11 | 2007-10-17 | 中兴通讯股份有限公司 | Network device and its access control method |
| CN101951380A (en) * | 2010-09-28 | 2011-01-19 | 杭州华三通信技术有限公司 | Access control method and device used therein in dual-stack lite network |
| US8090856B1 (en) * | 2000-01-31 | 2012-01-03 | Telecommunication Systems, Inc. | Intelligent messaging network server interconnection |
| CN102316034A (en) * | 2011-09-06 | 2012-01-11 | 中兴通讯股份有限公司 | Method for preventing manual Internet protocol (IP) address specification in local area network and device |
| EP2480019A1 (en) * | 2011-01-18 | 2012-07-25 | Iniwan GmbH | Provision of a pre-defined content over an open wireless network |
| CN103532917A (en) * | 2012-07-06 | 2014-01-22 | 天讯天网(福建)网络科技有限公司 | Website-filtering method based on mobile Internet and cloud computing |
| CN104202360A (en) * | 2014-08-13 | 2014-12-10 | 小米科技有限责任公司 | Webpage access method, device and router |
| CN104254070A (en) * | 2013-06-25 | 2014-12-31 | 中兴通讯股份有限公司 | WiFi access method, intelligent terminal and router equipment |
| CN104580252A (en) * | 2015-01-29 | 2015-04-29 | 小米科技有限责任公司 | Network access control method and device |
-
2015
- 2015-06-04 CN CN201510305623.4A patent/CN105978844A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8090856B1 (en) * | 2000-01-31 | 2012-01-03 | Telecommunication Systems, Inc. | Intelligent messaging network server interconnection |
| CN1581804A (en) * | 2004-05-21 | 2005-02-16 | 许仁祥 | Home network content filtering system base on broadband intelligent network-screening hardware |
| CN101056306A (en) * | 2006-04-11 | 2007-10-17 | 中兴通讯股份有限公司 | Network device and its access control method |
| CN101951380A (en) * | 2010-09-28 | 2011-01-19 | 杭州华三通信技术有限公司 | Access control method and device used therein in dual-stack lite network |
| EP2480019A1 (en) * | 2011-01-18 | 2012-07-25 | Iniwan GmbH | Provision of a pre-defined content over an open wireless network |
| CN102316034A (en) * | 2011-09-06 | 2012-01-11 | 中兴通讯股份有限公司 | Method for preventing manual Internet protocol (IP) address specification in local area network and device |
| CN103532917A (en) * | 2012-07-06 | 2014-01-22 | 天讯天网(福建)网络科技有限公司 | Website-filtering method based on mobile Internet and cloud computing |
| CN104254070A (en) * | 2013-06-25 | 2014-12-31 | 中兴通讯股份有限公司 | WiFi access method, intelligent terminal and router equipment |
| CN104202360A (en) * | 2014-08-13 | 2014-12-10 | 小米科技有限责任公司 | Webpage access method, device and router |
| CN104580252A (en) * | 2015-01-29 | 2015-04-29 | 小米科技有限责任公司 | Network access control method and device |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270751A (en) * | 2016-12-30 | 2018-07-10 | 阿里巴巴集团控股有限公司 | Application management method, device and data sending processing method and apparatus |
| CN110620799A (en) * | 2018-06-20 | 2019-12-27 | 深圳市从晶科技有限公司 | Data processing method and system |
| CN109768935A (en) * | 2019-03-14 | 2019-05-17 | 海南梯易易智能科技有限公司 | Wireless router and its method for safe operation with intelligent recognition and filtering function |
| CN109768935B (en) * | 2019-03-14 | 2023-10-10 | 海南梯易易智能科技有限公司 | Wireless router with intelligent recognition and filtering functions and safe operation method thereof |
| CN109933001A (en) * | 2019-04-11 | 2019-06-25 | 韩拥军 | Firewall, method and system for programmable logic controller (PLC) |
| CN111131163A (en) * | 2019-11-26 | 2020-05-08 | 视联动力信息技术股份有限公司 | Data processing method and device based on video network |
| CN113010122A (en) * | 2021-03-12 | 2021-06-22 | 珠海奔图电子有限公司 | Image forming apparatus monitoring apparatus, method, system, and storage medium |
| CN113472602A (en) * | 2021-05-25 | 2021-10-01 | 南京智数科技有限公司 | Monitoring system and monitoring method of LORA gateway |
| CN114980097A (en) * | 2022-04-11 | 2022-08-30 | 荣耀终端有限公司 | Camera information management method and camera information management device |
| CN116567629A (en) * | 2023-07-07 | 2023-08-08 | 深圳市江元科技(集团)有限公司 | Method, system and medium for realizing intelligent management and control of android device surfing Internet |
| CN116567629B (en) * | 2023-07-07 | 2023-09-19 | 深圳市江元科技(集团)有限公司 | Method, system and medium for realizing intelligent management and control of android device surfing Internet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105978844A (en) | Network access control method, router and system based on router | |
| JP7530610B2 (en) | NETWORK SECURITY MONITORING METHOD, NETWORK SECURITY MONITORING DEVICE, AND SYSTEM | |
| US10904277B1 (en) | Threat intelligence system measuring network threat levels | |
| Huang et al. | Service chaining for hybrid network function | |
| US11509532B2 (en) | Switch triggered traffic tracking | |
| TW201830929A (en) | Context-based detection of anomalous behavior in network traffic patterns | |
| WO2013186870A1 (en) | Service monitoring system and service monitoring method | |
| US20160043919A1 (en) | Identifying unauthorized changes to network elements and determining the impact of unauthorized changes to network elements on network services | |
| US10944641B1 (en) | Systems and methods for application traffic simulation using captured flows | |
| CN112134866B (en) | Service access control method, device and system and computer readable storage medium | |
| CN105610993B (en) | A kind of domain name analytic method, apparatus and system | |
| US10805271B2 (en) | Method and system for intrusion detection and prevention | |
| CN105262835A (en) | Data storage method and device of multiple machine rooms | |
| Petroulakis et al. | Reactive security for SDN/NFV‐enabled industrial networks leveraging service function chaining | |
| US20230099370A1 (en) | Network flow attribution in service mesh environments | |
| EP2973192B1 (en) | Online privacy management | |
| Gilani et al. | SDN-based multi-level framework for smart home services | |
| KR102314557B1 (en) | System for managing security control and method thereof | |
| CN108234431A (en) | A kind of backstage logs in behavioral value method and detection service device | |
| Zhang et al. | Atomic predicates-based data plane properties verification in software defined networking using spark | |
| CN109906462A (en) | The technology of analysis data collection for the policy control in large scale system | |
| CN105813114A (en) | Method and device for confirming sharing host access | |
| CN116647572B (en) | Access endpoint switching method, device, electronic equipment and storage medium | |
| JP2019514315A (en) | Graph-Based Joining of Heterogeneous Alerts | |
| Yassein et al. | Combining software-defined networking with Internet of Things: Survey on security and performance aspects |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160928 |