CN107241354A - Malicious act based on wireless WIFI equipment finds blocking equipment and method - Google Patents

Malicious act based on wireless WIFI equipment finds blocking equipment and method Download PDF

Info

Publication number
CN107241354A
CN107241354A CN201710594134.4A CN201710594134A CN107241354A CN 107241354 A CN107241354 A CN 107241354A CN 201710594134 A CN201710594134 A CN 201710594134A CN 107241354 A CN107241354 A CN 107241354A
Authority
CN
China
Prior art keywords
malicious act
flow
wireless wifi
user
wifi equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710594134.4A
Other languages
Chinese (zh)
Inventor
钟鸣
蔡斌
刘岩
顾晓鸣
曹芸
陈侃黎
钱巍斌
周伟
冯天兵
汪传毅
何正宇
唐海强
金浩纯
石英超
杨波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Shanghai Electric Power Co Ltd
Original Assignee
State Grid Shanghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Shanghai Electric Power Co Ltd filed Critical State Grid Shanghai Electric Power Co Ltd
Priority to CN201710594134.4A priority Critical patent/CN107241354A/en
Publication of CN107241354A publication Critical patent/CN107241354A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Blocking equipment is found the invention discloses a kind of malicious act based on wireless WIFI equipment of network safety filed, it is located in wireless WIFI equipment, including:Protocol resolution module:Flow for being received to wireless WIFI equipment carries out protocol analysis, and therefrom extracts the characteristic value of the flow;Malicious act pattern base:Characteristic value for storing malicious act pattern;Comparison module:For the characteristic value of the characteristic value of the flow and malicious act pattern in the malicious act pattern base to be compared, so that the malicious act in the flow received to wireless WIFI equipment judges;Block module:User for the flow that there is malicious act to transmission shields.It has the technical effect that:Without be modified to network and terminal, wireless WIFI equipment and the use safety of user are improved.Blocking-up method is found the invention also discloses a kind of malicious act based on wireless WIFI equipment of network safety filed.

Description

Malicious act based on wireless WIFI equipment finds blocking equipment and method
Technical field
The present invention relates to a kind of malicious act based on wireless WIFI equipment of network safety filed find blocking equipment and Method.
Background technology
It is easy with the access terminals such as the maturation and notebook computer of radio network technique, smart mobile phone, tablet personal computer In carrying and variation, wireless networking has been incorporated among study and work and daily life.Current WIFI traps have two kinds:First It is " setting set " to plant, and second is " attack ".The former builds free WIFI in public, lures the user of " ignorant of the fact " Infect, and record all operation informations that user is carried out on the net.The latter makes mainly for some home network users in user With while also to hacker provide invasion facilitate.
The content of the invention
The invention aims to overcome the deficiencies in the prior art, there is provided a kind of malice row based on wireless WIFI equipment To find blocking equipment and method, it only needs to change wireless WIFI equipment, without being modified to network and terminal, and passes through The flow for passing in and out wireless WIFI equipment is carried out protocol analysis and extracts characteristic value to be compared to find malicious act and blocking, Improve wireless WIFI equipment and the use safety of user.
Realizing a kind of technical scheme of above-mentioned purpose is:A kind of malicious act based on wireless WIFI equipment finds that blocking is set Standby, it is located in wireless WIFI equipment, including:
Protocol resolution module:Flow for being received to wireless WIFI equipment carries out protocol analysis, and therefrom extracts institute State the characteristic value of flow;
Malicious act pattern base:Characteristic value for storing malicious act pattern;
Comparison module:For by the spy of malicious act pattern in the characteristic value of the flow and the malicious act pattern base Value indicative is compared, so that the malicious act in the flow received to wireless WIFI equipment judges;
Block module:User for the flow that there is malicious act to transmission shields.
Further, the malicious act pattern base for can cloud update malicious act pattern base.
Further, in the malicious act pattern base cloud renewal process, described all users of blocking module shield.
Further, the protocol resolution module synchronously parsing send the flow user user profile, and by institute The user profile for stating user is sent to the blocking module.
Further, the network address or device coding of the user profile of the user for the user.
Realizing a kind of technical scheme of above-mentioned purpose is:A kind of malicious act based on wireless WIFI equipment finds blocking side Method, comprises the following steps:
Protocol analysis step:The flow received to wireless WIFI equipment carries out protocol analysis, extracts the spy of the flow Value indicative;
Comparison step:The characteristic value of the characteristic value of the flow and the malicious act pattern in malicious act pattern base is entered Row compares;If the characteristic value of the characteristic value of the flow and any one malicious act pattern in the malicious act pattern base Matching, then judge there is malicious act in the flow;
Block step:The user for sending the flow that there is malicious act is found, the user is shielded.
Further, it is additionally included in the malicious act pattern base cloud renewal step carried out when the wireless WIFI equipment starts Suddenly, malicious act pattern base cloud, which is updated in step, shields all users.
Further, in the protocol analysis step, first pass through protocol analysis and protocol assembly is carried out to the flow, then carry Take the characteristic value of the flow.
Further, synchronously parsing sends the user profile of the user of the flow in data protocol analyzing step;Block The user profile of the user for the flow that there is malicious act according to sending in step, shielding correspondence user.
Further, the network address or device coding of the user profile of the user for the user.
A kind of malicious act based on wireless WIFI equipment for employing the present invention finds the technical scheme of blocking equipment, its In wireless WIFI equipment, including:Protocol resolution module:Flow for being received to wireless WIFI equipment carries out agreement solution Analysis, and therefrom extract the characteristic value of the flow;Malicious act pattern base:Characteristic value for storing malicious act pattern;Than Compared with module:For the characteristic value of the characteristic value of the flow and malicious act pattern in the malicious act pattern base to be compared Compared with so that the malicious act in the flow received to wireless WIFI equipment judges;Block module:For existing to sending The user of the flow of malicious act is shielded.It has the technical effect that:It only needs to change wireless WIFI equipment, without to network And terminal is modified, and by carrying out protocol analysis to the flow for passing in and out wireless WIFI equipment and extracting characteristic value to be compared To find malicious act and blocking, wireless WIFI equipment and the use safety of user are improved.
A kind of malicious act based on wireless WIFI equipment for employing the present invention finds the technical scheme of blocking-up method, bag Include the following steps:Protocol analysis step:The flow received to wireless WIFI equipment carries out protocol analysis, extracts the flow Characteristic value;Comparison step:The characteristic value of the characteristic value of the flow and the malicious act pattern in malicious act pattern base is entered Row compares;If the characteristic value of the characteristic value of the flow and any one malicious act pattern in the malicious act pattern base Matching, then judge there is malicious act in the flow;Block step:The user for sending the flow that there is malicious act is found, Shield the user.It has the technical effect that:It only needs to change wireless WIFI equipment, without being modified to network and terminal, and By protocol analysis is carried out to the flow for passing in and out wireless WIFI equipment and extract characteristic value be compared with find malicious act and Blocking, WIFI equipment that raising is wireless and user's uses safety.
Brief description of the drawings
Fig. 1 has found the schematic diagram of blocking equipment for a kind of malicious act based on wireless WIFI equipment of the present invention.
Fig. 2 has found the flow chart of blocking-up method for a kind of malicious act based on wireless WIFI equipment of the present invention.
Embodiment
Refer to Fig. 1 and Fig. 2, the present inventor in order to be able to preferably understand technical scheme, It is described in detail below by specifically embodiment, and with reference to accompanying drawing:
Embodiment 1
The part in dotted line in Fig. 1 is referred to, a kind of malicious act based on wireless WIFI equipment of the invention finds resistance Disconnected equipment, in wireless WIFI equipment, including:
Protocol resolution module 1:Flow for being received to wireless WIFI equipment carries out protocol analysis, and therefrom extracts institute State the characteristic value of flow.
Malicious act pattern base 2:Characteristic value for storing malicious act pattern.
Comparison module 3:For by the spy of the malicious act pattern in the characteristic value of the flow and malicious act pattern base 2 Value indicative is compared, so that the malicious act in the flow received to wireless WIFI equipment judges.If the flow Characteristic value is matched with the characteristic value of any one malicious act pattern in malicious act pattern base 2, then is judged in the flow There is malicious act.If the characteristic value of the characteristic value of the flow and whole malicious act patterns in malicious act pattern base 2 Mismatch, then judge malicious act is not present in the flow.
Block module 4:For there is the user of the flow of malicious act to transmission, i.e. attacker is shielded, and blocking should Access of the user for wireless WIFI equipment.
Malicious act pattern base 2 for can cloud update malicious act pattern base, malicious act pattern base 2 connection block module 4, opened in wireless WIFI equipment, malicious act pattern base 2 enters the mistake for racking and updating or remotely updating by wireless WIFI equipment Cheng Zhong, blocks module 4 to block all users for the access of wireless WIFI equipment.
The connection of protocol resolution module 1 blocks module 4, during protocol analysis is carried out to wireless WIFI equipment, synchronous Parsing sends the user profile of the user of the flow, and the user profile of the user is the network address or the equipment of the user Coding.The user profile of the user of transmitted traffic is sent to blocking module 4 by protocol resolution module 1.When comparison module 3 is found After the flow that there is malicious act, module 4 is blocked to have the user profile of user of the flow of malicious act, screen according to transmission The user is covered, the user is blocked for the access of wireless WIFI equipment, it is ensured that the safety of other users.
A kind of malicious act based on wireless WIFI equipment of the present invention finds blocking equipment, positioned at wireless WIFI equipment On, the flow for passing in and out wireless WIFI is monitored, therefore without being modified to network and terminal, while by turnover nothing The flow of line WIFI equipment carries out protocol analysis and extracted after characteristic value, the malice Sexual pattern with malicious act pattern base 2 Characteristic value be compared, to find malicious act and corresponding user, corresponding user is blocked, it is wireless to ensure WIFI equipment and do not send the flow that there is malicious act user using safety and normal access.
Embodiment 2
Referring to Fig. 2, a kind of malicious act based on wireless WIFI equipment of the present invention finds blocking-up method, including it is following Step:
Malicious act pattern base cloud updates step:The wireless WIFI equipment is carried out when starting, to malicious act pattern base Enter to rack renewal or it is long-range update, malicious act pattern base enter to rack to shield in renewal or long-range renewal process all users for The access of wireless WIFI equipment.
Protocol analysis step:The flow received to wireless WIFI equipment carries out protocol analysis, extracts the spy of the flow Value indicative;Its common practice is to first pass through protocol analysis to carry out protocol assembly to the flow, then extracts the feature of the flow Value, and parsing sends the user profile of the user of the flow simultaneously.The user profile of the user is the network of the user Address or device coding.
Comparison step:The characteristic value of the characteristic value of the flow and the malicious act pattern in malicious act pattern base is entered Row compares;The traffic characteristic value is matched with the characteristic value of the malicious act pattern in malicious act pattern base, if the stream The characteristic value of amount is matched with the characteristic value of any one malicious act pattern in the malicious act pattern base, then judges described There is malicious act in flow.If the characteristic value of the flow and whole malicious act patterns in the malicious act pattern base Characteristic value mismatch, then judge in the flow be not present malicious act.
Block step:The user profile of the user, i.e. attacker of the flow that there is malicious act according to sending, shielding correspondence User, blocks its normal access to wireless WIFI equipment, and to not sending the user for the flow that there is malicious act, it is ensured that its It is normal to access.
A kind of malicious act based on wireless WIFI equipment of the present invention finds blocking-up method, is by wireless WIFI equipment Carry out, it is monitored to the flow for passing in and out wireless WIFI, therefore without being modified to network and terminal, while by right The flow for passing in and out wireless WIFI equipment carries out protocol analysis and extracted after characteristic value, the malice sexual behaviour with malicious act pattern base The characteristic value of pattern is compared, and to find malicious act and corresponding user, corresponding user is blocked, to ensure Wireless WIFI equipment and do not send the flow that there is malicious act user using safety and normal access.
Those of ordinary skill in the art it should be appreciated that the embodiment of the above be intended merely to explanation the present invention, And be not used as limitation of the invention, as long as in the spirit of the present invention, the change to embodiment described above Change, modification will all fall in the range of claims of the present invention.

Claims (10)

1. a kind of malicious act based on wireless WIFI equipment finds blocking equipment, it is located in wireless WIFI equipment, its feature It is, including:
Protocol resolution module:Flow for being received to wireless WIFI equipment carries out protocol analysis, and therefrom extracts the stream The characteristic value of amount;
Malicious act pattern base:Characteristic value for storing malicious act pattern;
Comparison module:For by the characteristic value of malicious act pattern in the characteristic value of the flow and the malicious act pattern base It is compared, so that the malicious act in the flow received to wireless WIFI equipment judges;
Block module:User for the flow that there is malicious act to transmission shields.
2. a kind of malicious act based on wireless WIFI equipment according to claim 1 finds blocking equipment, its feature exists In:The malicious act pattern base for can cloud update malicious act pattern base.
3. a kind of malicious act based on wireless WIFI equipment according to claim 2 finds blocking equipment, its feature exists In:In the malicious act pattern base cloud renewal process, described all users of blocking module shield.
4. a kind of malicious act based on wireless WIFI equipment according to claim 1 finds blocking equipment, its feature exists In:The protocol resolution module synchronously parses the user profile for the user for sending the flow, and the user of the user is believed Breath is sent to the blocking module.
5. a kind of malicious act based on wireless WIFI equipment according to claim 4 finds blocking equipment, its feature exists In:The network address or device coding of the user profile of the user for the user.
6. a kind of malicious act based on wireless WIFI equipment finds blocking-up method, comprise the following steps:
Protocol analysis step:The flow received to wireless WIFI equipment carries out protocol analysis, extracts the characteristic value of the flow;
Comparison step:The characteristic value of the characteristic value of the flow and the malicious act pattern in malicious act pattern base is compared Compared with;If the characteristic value of the characteristic value of the flow and any one malicious act pattern in the malicious act pattern base Match somebody with somebody, then judge there is malicious act in the flow;
Block step:The user for sending the flow that there is malicious act is found, the user is shielded.
7. a kind of malicious act based on wireless WIFI equipment according to claim 6 finds blocking-up method, its feature exists In:It is additionally included in the malicious act pattern base cloud carried out when the wireless WIFI equipment starts and updates step, malicious act mould Formula storehouse cloud, which is updated in step, shields all users.
8. a kind of malicious act based on wireless WIFI equipment according to claim 6 finds blocking-up method, its feature exists In:In the protocol analysis step, first pass through protocol analysis and protocol assembly is carried out to the flow, then extract the spy of the flow Value indicative.
9. a kind of malicious act based on wireless WIFI equipment according to claim 6 finds blocking-up method, its feature exists In:Synchronously parsing sends the user profile of the user of the flow in data protocol analyzing step;Block in step according to transmission There is the user profile of the user of the flow of malicious act, shielding correspondence user.
10. a kind of malicious act based on wireless WIFI equipment according to claim 9 finds blocking-up method, its feature exists In:The network address or device coding of the user profile of the user for the user.
CN201710594134.4A 2017-07-20 2017-07-20 Malicious act based on wireless WIFI equipment finds blocking equipment and method Pending CN107241354A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710594134.4A CN107241354A (en) 2017-07-20 2017-07-20 Malicious act based on wireless WIFI equipment finds blocking equipment and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710594134.4A CN107241354A (en) 2017-07-20 2017-07-20 Malicious act based on wireless WIFI equipment finds blocking equipment and method

Publications (1)

Publication Number Publication Date
CN107241354A true CN107241354A (en) 2017-10-10

Family

ID=59991187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710594134.4A Pending CN107241354A (en) 2017-07-20 2017-07-20 Malicious act based on wireless WIFI equipment finds blocking equipment and method

Country Status (1)

Country Link
CN (1) CN107241354A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10863358B2 (en) 2017-07-13 2020-12-08 Sophos Limited Threat index based WLAN security and quality of service

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090172821A1 (en) * 2004-06-30 2009-07-02 Faycal Daira System and method for securing computer stations and/or communication networks
CN102571796A (en) * 2012-01-13 2012-07-11 电子科技大学 Protection method and protection system for corpse Trojans in mobile Internet
CN203233438U (en) * 2013-04-24 2013-10-09 成都艺创科技有限公司 Internet surfing traffic control router
CN104378762A (en) * 2014-11-19 2015-02-25 北京极科极客科技有限公司 Method for monitoring Internet surfing flow of user
CN106778229A (en) * 2016-11-29 2017-05-31 北京瑞星信息技术股份有限公司 A kind of malicious application based on VPN downloads hold-up interception method and system
CN106789980A (en) * 2016-12-07 2017-05-31 北京亚鸿世纪科技发展有限公司 A kind of monitoring administration method and device of website legitimacy

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090172821A1 (en) * 2004-06-30 2009-07-02 Faycal Daira System and method for securing computer stations and/or communication networks
CN102571796A (en) * 2012-01-13 2012-07-11 电子科技大学 Protection method and protection system for corpse Trojans in mobile Internet
CN203233438U (en) * 2013-04-24 2013-10-09 成都艺创科技有限公司 Internet surfing traffic control router
CN104378762A (en) * 2014-11-19 2015-02-25 北京极科极客科技有限公司 Method for monitoring Internet surfing flow of user
CN106778229A (en) * 2016-11-29 2017-05-31 北京瑞星信息技术股份有限公司 A kind of malicious application based on VPN downloads hold-up interception method and system
CN106789980A (en) * 2016-12-07 2017-05-31 北京亚鸿世纪科技发展有限公司 A kind of monitoring administration method and device of website legitimacy

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10863358B2 (en) 2017-07-13 2020-12-08 Sophos Limited Threat index based WLAN security and quality of service

Similar Documents

Publication Publication Date Title
CN104143078B (en) Living body faces recognition methods, device and equipment
CN104168625B (en) Smart machine and its method and wireless routing device for being connected to wireless routing device
CN105578491B (en) A kind of method and device of 4G user information and application data correlation
CN104283918B (en) A kind of WLAN terminal type acquisition methods and system
Zhao et al. Secure machine-type communications toward LTE heterogeneous networks
CN104615585B (en) Handle the method and device of text message
CN104144462B (en) Obtain the method, device and mobile terminal of mobile terminal network access way
CN109275145A (en) Equipment behavior detection and barrier processing method, medium and electronic equipment
CN102685147B (en) Mobile communication honeypot capturing system and implementation method thereof
CN105323736A (en) IMSI obtaining method and device, and signal monitoring system
CN103997566A (en) Mobile phone-based remote door opening system and method thereof
CN105992245A (en) Data acquiring method, data acquiring device and data acquiring system
CN106921460A (en) Signal shielding system and method based on wireless network
CN104010060B (en) The method and electronic equipment of identification incoming call incoming call side's identity
CN107241354A (en) Malicious act based on wireless WIFI equipment finds blocking equipment and method
CN110519556A (en) A kind of method that electricity encloses base station Yu video detection target association
CN103220277A (en) Method, device and system for monitoring cross site scripting attacks
CN109673011B (en) Mobile terminal identity information correlation analysis method and device
CN205100755U (en) Intelligence safe deposit box device
WO2016134608A1 (en) Method and apparatus for identifying pseudo base station
CN109413637A (en) Electromagnetic interference control method and relevant device
CN106792712B (en) Automatic monitoring framework system for SIP (Session initiation protocol) of VoLTE (Voice over Long term evolution) equipment
CN103167502B (en) Based on the method for the illegal calling of OTA technology regulation
CN106991747A (en) A kind of long-range control method of intelligent coffer
CN105516093B (en) A kind of method and router of anti-loiter network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20171010

WD01 Invention patent application deemed withdrawn after publication