CN106161349B - The method and apparatus for getting rid of network abduction - Google Patents
The method and apparatus for getting rid of network abduction Download PDFInfo
- Publication number
- CN106161349B CN106161349B CN201510146522.7A CN201510146522A CN106161349B CN 106161349 B CN106161349 B CN 106161349B CN 201510146522 A CN201510146522 A CN 201510146522A CN 106161349 B CN106161349 B CN 106161349B
- Authority
- CN
- China
- Prior art keywords
- network
- data packet
- client
- character string
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of method and apparatus for getting rid of network abduction.The device for getting rid of network abduction includes: resolve packet unit, for parsing by one or more data packets to the client for being sent to network application by the server-side of network application before network occurs and kidnaps, one or more logical message packets corresponding with one or more data packets are obtained;And message package encryption unit, for obtaining the alternate data packet of one or more data packets by carrying out encryption to one or more logical message packets, and the alternate data packet of one or more data packets is sent to client.The present invention is by being transformed to another data packet comprising identical content for the data packet kidnapped by network for being sent to the client of network application by the server-side of network application, so that the network connection between the server-side and client of network application gets rid of network abduction.
Description
Technical field
This invention relates generally to internet areas, relate more specifically to a kind of method and apparatus for getting rid of network abduction.
Background technique
With the development of computer technology and network technology, user relies on carrier network to use such as net more and more
It goes to bank, online game, the network application of online shopping mall etc.When user uses network application by outgoing telecommunication, often
The local network that will appear user is still always at broken string-reconnection between the client and server-side of network application without abnormal
The case where state.Many times, such case is the client and server-side kidnapped due to carrier network in network application
Between caused by the data packet transmitted, and be difficult positive solution.
Summary of the invention
In view of above-described one or more problems, the present invention provides a kind of novel methods for getting rid of network abduction
And device.
It is according to an embodiment of the present invention get rid of network abduction device, comprising: resolve packet unit, for by
Occur to be carried out before network is kidnapped by one or more data packets that the server-side of network application is sent to the client of network application
Parsing obtains one or more logical message packets corresponding with one or more data packets;And message package encryption unit, it uses
In the alternate data packet by the way that one or more logical message packets are carried out with the one or more data packets of encryption acquisition, and by one
Or the alternate data packet of multiple data packets is sent to client.
The method according to an embodiment of the present invention for getting rid of network abduction, comprising: by preceding by net to being kidnapped in generation network
The one or more data packets for the client that the server-side of network application is sent to network application are parsed, and are obtained and one or more
The corresponding one or more logical message packets of a data packet;And it is obtained by carrying out encryption to one or more logical message packets
The alternate data packet of one or more data packets is taken, and the alternate data packet of one or more data packets is sent to client.
The present invention can be by will be sent to being kidnapped by network for the client of network application by the server-side of network application
Data packet be transformed to another data packet comprising identical content so that the network between the server-side and client of network application
Connection gets rid of network abduction.
Detailed description of the invention
From the description with reference to the accompanying drawing to a specific embodiment of the invention, the present invention may be better understood,
In:
Fig. 1 is the block diagram for showing the device according to an embodiment of the present invention for getting rid of network abduction;
Fig. 2 is the flow chart for showing the method according to an embodiment of the present invention for getting rid of network abduction;
Fig. 3 is the flow chart for showing the processing for the character string that detection causes network to be kidnapped.
Specific embodiment
Below in conjunction with the feature and exemplary embodiment of attached drawing detailed description of the present invention various aspects.Following detailed
In thin description, many details are proposed, in order to provide complete understanding of the present invention.But for those skilled in the art
It will be apparent that the present invention can be implemented in the case where not needing some details in these details for member.Below
The description of embodiment is used for the purpose of providing by showing example of the invention and better understanding of the invention.The present invention
It is never limited to any concrete configuration and algorithm set forth below, but is covered under the premise of without departing from the spirit of the present invention
Any modification, replacement and the improvement of element, component and algorithm.In the the accompanying drawings and the following description, well known structure is not shown
And technology, it is unnecessary fuzzy to avoid causing the present invention.
Packet capturing analysis is carried out by the data flow between the client and server-side to network application, is traced from network application
Client to the network link of server-side, last simulated experiment after confirm, carrier network can be in the client of network application
The data flow between them is kidnapped when occurring designated character string in the data flow between server-side, and forges one and comes
Reset connection (RST) message of the client of automatic network application is sent to the server-side of network application so as to cause network application
Occurs the case where broken string-reconnection between client and server-side repeatedly.That is, the client of network application and server-side it
Between network connection on the network abduction that occurs result between the client of network application and server-side and occur breaking repeatedly-weighing
Even the case where.
It is kidnapped to get rid of network, provides a kind of novel device and method for getting rid of network abduction here.In the following, knot
It closes attached drawing and the device and method according to an embodiment of the present invention for getting rid of network abduction is described in detail.Fig. 1 is to show according to the present invention
The block diagram of the device for getting rid of network abduction of embodiment.Fig. 2 is the stream for showing analysis network according to an embodiment of the present invention and kidnapping
Cheng Tu.
As shown in Figure 1, the device 100 according to an embodiment of the present invention for getting rid of network abduction includes resolve packet unit
106 and message package encryption unit 108.Wherein, resolve packet unit 106 be configured as by occur network kidnap before by
(for convenience of description, referred to below as the server-side of network application is sent to one or more data packets of the client of network application
0 integer is greater than for data packet D0-DN, N) it is parsed, obtain one or more logics corresponding with data packet D0-DN
(for convenience of description, hereinafter referred to as logical message packet L0-LM, M are greater than 0 integer to message package, and M can be equal to N or not
Equal to N) (that is, executing step S106);Message package encryption unit 108 is configured as by adding to logical message packet L0-LM
(for convenience of description, hereinafter referred to as alternate data packet P0-K, K are greater than 0 to the close alternate data packet for obtaining data packet D0-DN
Integer, K can be equal to N or be not equal to N), and the alternate data packet P0-PK of data packet D0-DN is sent to network application
Client (that is, execute step S108).It here, is by carrying out encryption life to logical message packet L0-LM in data packet D0-DN
In the case where, message package encryption unit 108, which can be used, to be different from for being encrypted logical message packet L0-LM to generate
Any one Encryption Algorithm of the Encryption Algorithm of data packet D0-DN logical message packet L0-LM is encrypted (for example, using from
Any one randomly selected Encryption Algorithm encrypts logical message packet L0-LM in multiple encryption algorithms, or is keeping
For being encrypted to logical message packet L0-LM with generate the Encryption Algorithm of data packet D0-DN it is constant in the case where change should plus
The seed that close algorithm uses encrypts logical message packet L0-LM).
Here, once occur disconnecting repeatedly between the client and server-side of network application-reconnection the case where, according to this hair
In the network connection that the device 100 for getting rid of network abduction of bright embodiment is considered as between the client of network application and server-side
There is network to kidnap and execute step S106-S108 shown in Fig. 2, but regardless of the client and server-side of network application
Between network connection on whether really there is network abduction.
Although the device and method more than passing through can be in the network connection between the client and server-side of network application
On occur getting off quickly when network abduction network abduction, but there is a situation where such: the client and server-side of network application
Between occur disconnecting repeatedly-reconnection the case where be that network connection between client and server-side due to network application is really broken
Caused by line.In this case, device 100 operation that is carried out according to an embodiment of the present invention for getting rid of network abduction will be
It is skimble-skamble.
In order to occur disconnecting repeatedly between the client of network application and server-side-reconnection in the case where further confirm that
Whether such case is that the device 100 according to an embodiment of the present invention for getting rid of network abduction can be into caused by being kidnapped as network
One step includes data packet picking unit 102 and abduction detection unit 104.Wherein, data packet picking unit 102 is configured as grabbing
By the received data packet of the client of network application and by network application the received data packet of server-side (that is, execute step
S102);It kidnaps detection unit 104 and is configured as judging that the network connection between the client and server-side of network application disconnects
Data packet by received first number of the client of network application and received second number of the server-side by network application before
Whether the hop count of each of purpose data packet data packet is continuous, and by network application client and/
Or in the discontinuous situation of hop count of any one received data packet of server-side determine network application client with
Network has occurred in network connection between server-side and kidnaps (that is, executing step S104).Note that the first number here and the
Two numbers can be the same or different, and data packet picking unit 102 can be used Wireshark or other have number
Data packet is grabbed according to the network package analysis tool of packet crawl function.
Here, it is according to an embodiment of the present invention get rid of network abduction device 100 by will occur network abduction before by
The data packet D0-DN that the server-side of network application is sent to the client of network application changes into the data packet comprising identical content
P0-PK gets rid of abduction of the carrier network to some or certain data packets in data packet D0-DN.
It is supposed that the server-side of network application successively sends data packet D0-DN, and net to the client of network application
Network is kidnapped to be occurred after the server-side of network application sends data packet DN to the client of network application.In this case, net
Caused by the server-side that network abduction is most likely due to network application sends data packet DN to the client of network application, if
It is put by parse and encrypt logical message packet L0-LM corresponding with data packet D0-DN to data packet D0-DN
Off-grid network kidnaps the burden that undoubtedly will increase the device 100 according to an embodiment of the present invention for getting rid of network abduction, because to data
Wrap the parsing of D0-D (N-1) and to the encryption of logical message packet corresponding with data packet D0-D (N-1) for getting rid of network
It is otiose for kidnapping for this purpose.
Therefore, in the present embodiment, resolve packet unit 106 can be only preceding by network application to kidnapping in generation network
The last one data packet (that is, data packet DN) of the server-side client that is sent to network application parsed, obtain and number
According to the corresponding logical message packet of packet DN;And message package encryption unit 108 can be only to logic corresponding with data packet DN
Message package is encrypted, and obtains the alternate data packet of data packet DN and the alternate data packet of data packet DN is sent to network application
Client.
When it is to send data packet DN to the client of network application due to the server-side of network application to cause that network, which is kidnapped,
It is according to an embodiment of the present invention to get rid of network in order to which determination is that network caused by which character string in data packet DN is kidnapped actually
The device 100 of abduction may further include character string detection unit 110, be configured as analog network application client with watch
The network connection between end is taken, and forces method to find out the character string for causing network to be kidnapped in data packet DN using two points of folders.
Fig. 3 is the flow chart for showing the processing for the character string that detection causes network to be kidnapped.As shown in figure 3, detection data packet
The processing of the character string for causing network to be kidnapped in DN includes: S302, and the entire character string for including using data packet DN is as test
Character string is filled into character string detection unit 110;S304 judges the network application simulated by character string detection unit 110
Whether the network connection between client and server-side breaks;S306, if the net simulated by character string detection unit 110
Network connection between the client and server-side of network application is broken, then is reduced to test character string, and return to
Step S302 is filled into the character string after reduction as new test character string in character string detection unit 110;S308, if
Network connection between the client and server-side of the network application simulated by character string detection unit 110 is not broken,
Then restore the last character string that can reappear network abduction as leading to the character string of network abduction (under for convenience of explanation,
Face is known as Str).
After accurately finding out the character string Str for causing network to be kidnapped in data packet DN, resolve packet unit 106 is not necessarily to
Entire data packet DN is parsed, and can be by being parsed to the character string Str in data packet DN, acquisition and character string
The corresponding logical message packet of Str;And message package encryption unit 108 can be by logic corresponding with character string Str
Message package carries out the substitution character string Str ' that encryption obtains character string Str, and substitution character string Str ' is added to data packet DN
In to replace character string Str.
Here, before it will substitute character string Str ' and be added in data packet DN to replacement character string Str, in order to ensure
Substitution character string Str ' not will lead to network abduction, and message package encryption unit 108 can be using substitution character string Str ' as test
Character string is filled into character string detection unit 110 and is tested, and not will lead to network in substitution character string Str ' and kidnap
Character string will be substituted in the case where (that is, not will lead to the network connection broken string between the client of network application and server-side)
Str ' is added in data packet DN.
Further, if substitution character string Str ' leads to network application in the test of character string detection unit 110
Between client and server-side network connection broken string, then message package encryption unit 108 can change for character string Str into
Seed used in the Encryption Algorithm and/or the Encryption Algorithm of row encryption, then again encrypts character string Str.
It is understood that the above-described device and method for getting rid of network abduction can be embodied in and be stored in meter
Computer executable instructions on calculation machine readable storage medium storing program for executing, these computer executable instructions can when being executed by processor
Realize the function of above-mentioned apparatus and the processing step of the above method.
The present invention can be by will be sent to being kidnapped by network for the client of network application by the server-side of network application
Data packet be transformed to another data packet comprising identical content so that the network between the server-side and client of network application
Connection gets rid of network abduction.
It will be understood by those skilled in the art that there is also can be used for realizing the embodiment of the present invention more optional embodiments and
Improved procedure, and above embodiment and example are only the explanations of one or more embodiments.Therefore, the scope of the present invention is only
It is limited by the appended claims.
Claims (11)
1. a kind of device for getting rid of network abduction, comprising:
Resolve packet unit, for by being sent to the network by the server-side of network application to before network occurs and kidnaps
One or more data packets of the client of application are parsed, and obtain one corresponding with one or more of data packets
Or multiple logical message packets;And
Message package encryption unit, for one or more by carrying out encryption acquisition to one or more of logical message packets
The alternate data packet of a data packet, and the alternate data packet of one or more of data packets is sent to the client;
Data packet picking unit, for grabbing by the received data packet of the client and by the received data of the server-side
Packet;
Detection unit is kidnapped, for judging before the network connection between the client and the server-side disconnects by described
The data packet of received first number of client and by each of data packet of received second number of the server-side number
It whether is continuous according to the hop count of packet, and by the client and/or the received any one number of the server-side
Occur in the network connection between the client and the server-side according to judgement in the discontinuous situation of the hop count of packet
Network abduction.
2. the device according to claim 1 for getting rid of network abduction, which is characterized in that
The resolve packet unit is by being sent to the client most by the server-side to before network occurs and kidnaps
The latter data packet is parsed, and logical message packet corresponding with the last one described data packet is obtained, and
The message package encryption unit is obtained by carrying out encryption to logical message packet corresponding with the last one described data packet
The alternate data packet of the last one data packet is taken, and the alternate data packet of the last one data packet is sent to described
Client.
3. the device according to claim 2 for getting rid of network abduction, which is characterized in that
The resolve packet unit is by solving the character string for causing network to be kidnapped in the last one described data packet
Analysis obtains logical message packet corresponding with the character string for causing network to be kidnapped, and
The message package encryption unit is by carrying out logical message packet corresponding with the character string for causing network to be kidnapped
Encryption obtain described in cause network kidnap character string substitution character string, and by the substitution character string be added to it is described finally
Character string in one data packet to cause network to be kidnapped described in replacement.
4. the device according to claim 2 or 3 for getting rid of network abduction, which is characterized in that further include:
Character string detection unit for simulating the network connection between the client and the server-side, and uses two points
Folder forces method to find out the character string for causing network to be kidnapped in the last one described data packet.
5. the device according to claim 4 for getting rid of network abduction, which is characterized in that the message package encryption unit is obtaining
After the substitution character string for getting the character string for causing network to be kidnapped, the character string is sent by the substitution character string and is examined
Unit is surveyed to detect whether the substitution character string will lead to network abduction.
6. a kind of method for getting rid of network abduction, comprising:
Pass through one to the client for being sent to the network application by the server-side of network application before network occurs and kidnaps
Or multiple data packets are parsed, and one or more logical message packets corresponding with one or more of data packets are obtained;
And
By carrying out the alternate data that encryption obtains one or more of data packets to one or more of logical message packets
Packet, and the alternate data packet of one or more of data packets is sent to the client;
Crawl is by the received data packet of the client and by the received data packet of the server-side;
Judge before network connection between the client and the server-side disconnects by the client received first
The data packet of number and by the hop count of each of the data packet of received second number of server-side data packet it is
No is continuous, and by the hop count of the client and/or any one received data packet of the server-side not
Determine that network abduction has occurred in the network connection between the client and the server-side in continuous situation.
7. the method according to claim 6 for getting rid of network abduction, which is characterized in that
By being solved to before network occurs and kidnaps by the last one data packet that the server-side is sent to the client
Analysis obtains logical message packet corresponding with the last one described data packet, and
The last one described data are obtained by carrying out encryption to logical message packet corresponding with the last one described data packet
The alternate data packet of packet, and the alternate data packet of the last one data packet is sent to the client.
8. the method according to claim 7 for getting rid of network abduction, which is characterized in that
By parsing to the character string for causing network to be kidnapped in the last one described data packet, obtaining leads to net with described
The corresponding logical message packet of character string that network is kidnapped, and
By carrying out leading to net described in encryption acquisition to logical message packet corresponding with the character string for causing network to be kidnapped
The substitution character string for the character string that network is kidnapped, and the substitution character string was added in the last one described data packet to generation
For the character string for causing network to be kidnapped.
9. the method according to claim 7 or 8 for getting rid of network abduction, which is characterized in that further include:
Simulate the network connection between the client and the server-side, and using two points of folders force method find out it is described last
The character string for causing network to be kidnapped in a data packet.
10. the method according to claim 9 for getting rid of network abduction, which is characterized in that further include:
After the substitution character string for getting the character string for causing network to be kidnapped, the client and the server-side are simulated
Between network connection, and detect the substitution character string whether will lead to network abduction.
11. a kind of computer readable storage medium for being stored with computer executable instructions, the computer executable instructions exist
It is performed any in function or the claim 6-10 that can be realized in device of any of claims 1-5
The processing in method described in.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510146522.7A CN106161349B (en) | 2015-03-31 | 2015-03-31 | The method and apparatus for getting rid of network abduction |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510146522.7A CN106161349B (en) | 2015-03-31 | 2015-03-31 | The method and apparatus for getting rid of network abduction |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106161349A CN106161349A (en) | 2016-11-23 |
CN106161349B true CN106161349B (en) | 2019-05-07 |
Family
ID=57337175
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510146522.7A Active CN106161349B (en) | 2015-03-31 | 2015-03-31 | The method and apparatus for getting rid of network abduction |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106161349B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101610259A (en) * | 2009-07-28 | 2009-12-23 | 北京网康科技有限公司 | A kind of network behavior control system and method |
CN101656638A (en) * | 2009-09-08 | 2010-02-24 | 中国科学院计算技术研究所 | Inter-domain prefix hijacking detection method for error configuration |
CN101980506A (en) * | 2010-10-29 | 2011-02-23 | 北京航空航天大学 | Flow characteristic analysis-based distributed intrusion detection method |
CN103051722A (en) * | 2012-12-26 | 2013-04-17 | 新浪网技术(中国)有限公司 | Method and related equipment for determining whether page is hijacked or not |
WO2013082365A1 (en) * | 2011-12-02 | 2013-06-06 | Mcafee, Inc. | Preventing execution of task scheduled malware |
-
2015
- 2015-03-31 CN CN201510146522.7A patent/CN106161349B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101610259A (en) * | 2009-07-28 | 2009-12-23 | 北京网康科技有限公司 | A kind of network behavior control system and method |
CN101656638A (en) * | 2009-09-08 | 2010-02-24 | 中国科学院计算技术研究所 | Inter-domain prefix hijacking detection method for error configuration |
CN101980506A (en) * | 2010-10-29 | 2011-02-23 | 北京航空航天大学 | Flow characteristic analysis-based distributed intrusion detection method |
WO2013082365A1 (en) * | 2011-12-02 | 2013-06-06 | Mcafee, Inc. | Preventing execution of task scheduled malware |
CN103051722A (en) * | 2012-12-26 | 2013-04-17 | 新浪网技术(中国)有限公司 | Method and related equipment for determining whether page is hijacked or not |
Also Published As
Publication number | Publication date |
---|---|
CN106161349A (en) | 2016-11-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9571373B2 (en) | System and method for combining server side and network side transaction tracing and measurement data at the granularity level of individual transactions | |
CN104219316B (en) | A kind of call request processing method and processing device in distributed system | |
US8407160B2 (en) | Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models | |
US10862921B2 (en) | Application-aware intrusion detection system | |
Ramanathan et al. | Towards a debugging system for sensor networks | |
US20150326486A1 (en) | Application identification in records of network flows | |
US9251367B2 (en) | Device, method and program for preventing information leakage | |
CN108777679A (en) | Flow access relation generation method, device and the readable storage medium storing program for executing of terminal | |
CN107315952A (en) | Method and apparatus for determining application program suspicious actions | |
Gharakheili et al. | iTeleScope: Softwarized network middle-box for real-time video telemetry and classification | |
Luo et al. | Design and Implementation of TCP Data Probes for Reliable and Metric-Rich Network Path Monitoring. | |
Pan et al. | QoE assessment of encrypted YouTube adaptive streaming for energy saving in Smart Cities | |
US10775751B2 (en) | Automatic generation of regular expression based on log line data | |
CN108566368A (en) | A kind of data processing method, server and diagnosis connector | |
CN103685298A (en) | Deep packet inspection based SSL (Secure Sockets Layer) man-in-the-middle attack discovering method | |
CN206461664U (en) | A kind of data collecting system | |
CN106161349B (en) | The method and apparatus for getting rid of network abduction | |
CN103297480A (en) | System and method for automatically detecting application service | |
Canuto et al. | CoAP flow signatures for the internet of things | |
CN105611406B (en) | One kind access net service provider monitors user to video server lag characteristic method | |
Díaz et al. | Security estimation in wireless sensor network simulator | |
CN114422200A (en) | Domain name interception method and device and electronic equipment | |
Koushik et al. | Generation of true random numbers using entropy sources present within portable computers | |
Heigl et al. | A resource-preserving self-regulating Uncoupled MAC algorithm to be applied in incident detection | |
JP2012169756A (en) | Encrypted communication inspection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |