CN107306264B - Network security monitoring method and apparatus - Google Patents
Network security monitoring method and apparatus Download PDFInfo
- Publication number
- CN107306264B CN107306264B CN201610259891.1A CN201610259891A CN107306264B CN 107306264 B CN107306264 B CN 107306264B CN 201610259891 A CN201610259891 A CN 201610259891A CN 107306264 B CN107306264 B CN 107306264B
- Authority
- CN
- China
- Prior art keywords
- packet
- data access
- access request
- address
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
The invention discloses a kind of network security monitoring methods, comprising the following steps: captures IP packet by the IP address that terminal local is reserved;IP packet is assembled according to the information in IP packet, generates data access request packet;Safety detection is carried out to data access request packet, if the testing result of data access request packet is safety, forwards data access request packet;If the testing result of data access request packet be it is dangerous, execute interception operation.Above-mentioned network security monitoring method carries out the process of network security monitoring instead of tradition using server, it may not be necessary to additionally set up server, and the speed for accessing network is more quick.The invention also discloses a kind of network security monitoring devices.
Description
Technical field
The present invention relates to computers and Internet technical field, more particularly to a kind of network security monitoring method and dress
It sets.
Background technique
Currently, disparate networks attack emerges one after another, and user is easy to pass through fake site, such as Fishing net by criminal
Stand, network swindle etc. modes malice steal information, to bring increasing harm to network security.For this purpose, traditional technology
In to solve the above problems, being usually to force the data flow of network packet to be sent to server to carry out the detection of network security and turn
Hair, to play positive effect to the realization of general network safety system framework.
But in traditional technology, need additionally to set up server, cost of implementation is high, and the speed of equipment access network is due to clothes
Business device load excessive, speed are low.
Summary of the invention
Based on this, it is necessary to provide a kind of network security monitoring method and apparatus that can accelerate network access speed.
A kind of network security monitoring method, comprising the following steps:
IP packet is captured by the IP address that terminal local is reserved;
The IP packet is assembled according to the information in the IP packet, generates data access request packet;
Safety detection is carried out to the data access request packet, if the testing result of the data access request packet is peace
Entirely, then the data access request packet is forwarded;
If the testing result of the data access request packet be it is dangerous, execute interception operation.
A kind of network security monitoring device, comprising:
Trapping module, the IP address for being reserved by terminal local capture IP packet;
Module is assembled, for assembling according to the information in the IP packet to the IP packet, generates data access request
Packet;
Detection module, for carrying out safety detection to the data access request packet;
Forwarding module forwards the data access if the testing result for the data access request packet is safety
Request packet;
Blocking module, if for the data access request packet testing result be it is dangerous, execute interception operation.
Above-mentioned network security monitoring method and apparatus capture IP packet by the IP address that terminal local is reserved, according to IP packet
In information IP packet is assembled, generate data access request packet, to data access request packet carry out safety detection, if data
The testing result of access request packet is safety, then data access request packet is forwarded, if the testing result of data access request packet is
It is dangerous, then execute interception operation.Above-mentioned network security monitoring method carries out network security prison using server instead of tradition
The process of control, it may not be necessary to additionally set up server, and the speed of terminal access network is more quick.
Detailed description of the invention
Fig. 1 is the applied environment figure of network security monitoring method in one embodiment;
Fig. 2 is the internal structure chart of terminal in one embodiment;
Fig. 3 is the flow diagram of network security monitoring method in one embodiment;
Fig. 4 is the flow diagram of network security monitoring method in another embodiment;
Fig. 5 is the exemplary diagram of network security monitoring method in one embodiment;
Fig. 6 is the schematic diagram for being directed to the preset warning page in one embodiment in network security monitoring method;
Fig. 7 is the structural schematic diagram of network security monitoring device in one embodiment;
Fig. 8 is the structural schematic diagram of the detection module in one embodiment in network security monitoring device.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, by the following examples, it and combines attached
Figure, is further elaborated the specific embodiment of inventive network method for safety monitoring and device.It should be appreciated that this
Place is described, and specific examples are only used to explain the present invention, is not intended to limit the present invention.
Network security monitoring method provided by the embodiment of the present invention can be applied in environment as shown in Figure 1.It please refers to
Shown in Fig. 1, IP packet is captured by the IP address that terminal 102 is locally reserved.Wherein, the IP address that terminal 102 is locally reserved is practical
On be equivalent to a virtual IP address, a part of space in the caching of counterpart terminal 102.Terminal local network is generated
IP packet, such as the IP packet received by network interface card or the IP packet for needing to send by network interface card, can be by the IP of local network
Packet is forcibly fed into this virtual IP address, and the IP packet in the IP address is assembled and detected.Specifically, according to
Information in the IP packet of capture assembles IP packet, generates data access request packet, carries out safety to data access request packet
Detection forwards data access request packet to network server 104 if the testing result of data access request packet is safety;If
The testing result of data access request packet be it is dangerous, then execute interception operation.That is, in the reserved IP of terminal local
Location is used to capture the IP packet of terminal local network, routes to IP packet, is determined whether according to the safety detection result to IP packet
It directly forwards or intercepts, to improve network security.
Wherein, terminal 102 can be but not limited to be the personal computer that can be networked, laptop, smart phone,
Tablet computer, portable wearable device etc..
In one embodiment, as shown in Fig. 2, additionally providing a kind of terminal 102, which includes total by system
Processor, graphics processing unit, storage medium, memory, network interface, display and the input equipment of line connection, storage medium
In be stored with operating system and a kind of network security monitoring device, the network security monitoring device is for realizing a kind of network security
The method of monitoring.The processor supports the operation of terminal for improving calculating and control ability.Graphics processing unit in terminal
For at least providing the drawing ability at display application operating interface, for example, drawing preset police when detecting that IP packet is dangerous
The page is accused, memory is used to provide environment for the operation of the network security monitoring device in storage medium, and network interface is used for and clothes
Business device carries out network communication, data is sended and received, for example, sending server etc. for the data access request packet of safety.Touching
Screen is touched for the icon of various applications and the display at interface, for example, the successful link information of display connection network or display connect
Connect the warning page info etc. of network failure.
Referring to Fig. 3, in one embodiment, a kind of network security monitoring method is provided, this method can be applied to such as Fig. 1 institute
It is illustrated in the terminal shown, comprising the following steps:
Step 302, IP packet is captured by the IP address that terminal local is reserved.
In the present embodiment, the reserved IP address of terminal local is effectively equivalent to a virtual IP address, counterpart terminal
A part of space in caching.
Wherein, IP packet is according to preset protocol, such as the packet transmitted on internet that ICP/IP protocol defines.
In the present embodiment, IP packet is at least one, and IP packet is made of stem and data two parts, and the front portion of stem is fixed length
Degree, totally 20 bytes, are the information that all IP packets must have, for example, version information, protocol information, identification information, mark letter
Breath, piece offset, raw address information and destination address information;Some Optional Fields are followed by the fixed part of stem,
Length is variable.
Step 304, IP packet is assembled according to the information in IP packet, generates data access request packet.
It is to want according to the information judgement such as the identification information, flag information of stem in IP packet and piece offset in the present embodiment
The type for the packet being assembled into.
Step 306, safety detection is carried out to data access request packet.
In the present embodiment, can according to the type of data access request packet to certain some type of data access request packet into
Row safety detection, when carrying out safety detection, whether the destination address that mainly detection data access request packet requests access to pacifies
Entirely.
Step 308, if the testing result of data access request packet is safety, data access request packet is forwarded.
Step 310, if the testing result of data access request packet be it is dangerous, execute interception operation.
In the present embodiment, if the testing result of data access request packet is safety, the data access can be directly forwarded to ask
Seek packet.If the testing result of data access request packet be it is dangerous, data access request can be redirected to preset
The page is alerted, thus ensured when dangerous website is accessed in user, such as fishing website, when swindling webpage, the browsing of user
The beneficial effect that webpage behavior is terminated in time.Further, it can also be prompted by being directed on the preset warning page
Information further grasps the harm of website, has stronger safety.
Above-mentioned network security monitoring method captures IP packet by the IP address that terminal local is reserved, according to the letter in IP packet
Breath assembles IP packet, generates data access request packet, safety detection is carried out to data access request packet, if data access is asked
Ask the testing result of packet for safety, then forward data access request packet, if the testing result of data access request packet be it is dangerous,
Then execute interception operation.The present embodiment utilizes server instead of tradition by introducing the network security monitoring method of tunneling technique
Carry out the process of network security monitoring, it may not be necessary to additionally set up server, and the speed for accessing network is more quick.
In one embodiment, the step of IP packet being captured by the IP address that terminal local is reserved, comprising: pass through tunnel skill
The data flow of the IP packet of local network is forcibly fed into the reserved IP address of terminal local by art, the IP reserved from terminal local
IP packet is obtained in address.
In one embodiment, IP packet is assembled according to the information in IP packet, generates the step of data access request packet
Suddenly, comprising: IP packet is assembled according to the header message in IP packet, generates TCP packet or UDP packet;Data access request packet
The step of carrying out safety detection, comprising: safety detection is carried out to TCP packet, UDP packet is forwarded.
In one embodiment, the step of safety detection being carried out to data access request packet, comprising: obtain data access and ask
The destination address for seeking packet sends destination address in safety database and carries out safety detection.
In one embodiment, the step of intercepting operation is executed, comprising: redirect to data access request preset
Alert the page.
As shown in figure 4, in one embodiment, providing a kind of network security monitoring method, this method is to be applied to such as
It is illustrated in terminal shown in FIG. 1, comprising the following steps:
Step 402, IP packet is captured by the IP address that terminal local is reserved.
In the present embodiment, specifically included by the step of terminal local reserved IP address capture IP packet: by tunnel skill
The data flow of the IP packet of local network is forcibly fed into the reserved IP address of terminal local by art, the IP reserved from terminal local
IP packet is obtained in address.For example, with reference to Fig. 5, the IP packet of at least one APP is received by network interface card, incite somebody to action this by tunneling technique
The IP packet of ground network is forcibly fed into the reserved IP address of terminal local, and in the IP address IP packet progress TCP packet or
The assembling of person's UDP packet and following detection step.
Wherein, tunneling technique is the side that a kind of infrastructure by using internet transmits data between networks
Formula.The data (or load) transmitted using tunnel can be the data frame or IP packet of different agreement.Tunnel protocol is by other agreements
Data frame or packet Reseal then by tunnel transmission.By the foundation in tunnel, may be implemented to force to be sent to by data flow
The effect of specific address.
Step 404, IP packet is assembled according to the header message in IP packet, generates TCP packet or UDP packet.
It is to want according to the information judgement such as the identification information, flag information of stem in IP packet and piece offset in the present embodiment
The type for the packet being assembled into.For example, TCP (Transmission Control Protocol, transmission control protocol) packet or UDP
(User Datagram Protocol, User Datagram Protocol) packet.Further, judge the TCP packet to be assembled or UDP
After packet, assembled according to the format of TCP packet or UDP packet.
Step 406, safety detection is carried out to TCP packet, if the testing result of TCP packet is safety, TCP packet is forwarded, if TCP
The testing result of packet be it is dangerous, then execute interception operation.
In the present embodiment, referring to Fig. 5, the detailed process of safety detection is carried out to TCP packet are as follows: TCP packet is converted into HTTP
Packet, there are destination addresses in the HTTP packet being assembled into, and send destination address in safety database to detect destination address
It is whether safe.Wherein, multiple safe network destination address are stored in advance in safety database, when the destination address of TCP packet exists
In safety database, then determine the destination address of TCP packet for secure address, it can to carry out subsequent forwarding networking operation.Into
One step, if the testing result of TCP packet is dangerous address, interception operation is executed, and further by data access request
The preset warning page is redirected to, is wanted as shown in fig. 6, can be further appreciated that according to the prompt information on the warning page
Access the harm information of website.For example, when clicking a link, or click a confirming button and personal information is uploaded to certain
A website, when this website is the dangerous websites such as fishing website, user's used terminal will pop up the warning page, and at this moment user just knows
There are risks for which behavior in road itself.
Step 408, UDP packet is forwarded.
In the present embodiment, referring to Fig. 5, only need data access request packet be assembled into TCP packet carry out safety detection, and for
Data access request packet is assembled into UDP packet and is then directly forwarded operation.It should be noted that being assembling in the present embodiment
It is true by flag bit field in the header message of IP packet such as identification information, flag information, piece offset etc. at TCP packet or UDP packet
It is fixed, therefore for some IP packets, the flag bit field in header message can identify which kind of IP packet it belongs to, for this kind
IP packet be usually safety, can direct-assembling at UDP packet, and for the IP packet of certain classifications, need to be assembled into TCP packet to carry out
Safety detection.
The data flow pressure of IP packet is sent to terminal local by establishing a tunneled network in terminal by above-described embodiment
Reserved IP address captures data to be tested packet, then, based on safety database to the data captured by the IP address
Packet carries out safety detection.If it find that the data packet captured is dangerous, then packet discard, achievees the purpose that safety filtering;
If the data packet captured meets safety condition, data packet is directly forwarded.Further, above-described embodiment provides a kind of high
Effect, method at low cost, not loaded the network security monitoring excessively influenced because of user volume by server, and can effectively ensure
The safety of network prevents user by the infringement of the modes such as fishing website, network swindle.
Based on the same inventive concept, in one embodiment, it is also proposed that a kind of network security monitoring device.Such as Fig. 7, the net
Network safety monitoring device 10 includes trapping module 100, assembling module 200, detection module 300, forwarding module 400 and blocking module
500。
Wherein, trapping module 100 is used to capture IP packet by the IP address that terminal local is reserved;Assembling module 200 is used for
IP packet is assembled according to the information in IP packet, generates data access request packet;Detection module 300 is for asking data access
Packet is asked to carry out safety detection;If testing result of the forwarding module 400 for data access request packet is safety, data is forwarded to visit
Ask request packet;If blocking module 500 for data access request packet testing result be it is dangerous, execute interception operation.
In addition, in one embodiment, trapping module 100 is used to pass through tunneling technique for the data of the IP packet of local network
Stream is forcibly fed into the reserved IP address of terminal local, and IP packet is obtained from the IP address that terminal local is reserved.
In the present embodiment, the reserved IP address of terminal local is effectively equivalent to a virtual IP address, counterpart terminal
A part of space in caching.In order to facilitate understanding, above-mentioned virtual IP address can also be interpreted as a virtual routing
Device.
Wherein, IP packet is according to preset protocol, such as the packet transmitted on internet that ICP/IP protocol defines.
In the present embodiment, IP packet is at least one, and IP packet is made of stem and data two parts, and the front portion of stem is fixed length
Degree, totally 20 bytes, are the information that all IP packets must have, for example, version information, protocol information, identification information, mark letter
Breath, piece offset, raw address information and destination address information;Some Optional Fields are followed by the fixed part of stem,
Length is variable.
In addition, in one embodiment, assembling module 200 is used to carry out group to IP packet according to the header message in IP packet
Dress generates TCP packet or UDP packet.
It is to want according to the information judgement such as the identification information, flag information of stem in IP packet and piece offset in the present embodiment
The type for the packet being assembled into, for example, TCP packet or UDP packet.Further, judge the TCP packet to be assembled or UDP packet it
Afterwards, it is assembled according to the format of TCP packet or UDP packet.
Further, as shown in figure 8, in one embodiment, detection module 300 includes 310 He of TCP packet detection module
UDP packet forward module 320.Wherein, detection module 300 is used to obtain the destination address of data access request packet, by destination address
It is sent in safety database whether safe to detect destination address;TCP packet detection module 310 is used to carry out safety to TCP packet
Detection;UDP packet forward module 320 is for being forwarded UDP packet.
In the present embodiment, the detailed process of safety detection is carried out to TCP packet are as follows: TCP packet is converted into HTTP packet, is being assembled
At HTTP packet in there are destination address, send destination address in safety database with detect destination address whether safety.
Wherein, multiple safe network destination address are stored in advance in safety database, when the destination address of TCP packet is in safety database
In, then determine the destination address of TCP packet for secure address, it can to carry out subsequent forwarding networking operation.Further, if
The testing result of TCP packet is dangerous address, then executes interception operation, and further redirect to data access request
The preset warning page.For example, when clicking a link, or click a confirming button and personal information is uploaded into some net
It stands, when this website is the dangerous websites such as fishing website, user's used terminal will pop up the warning page, and at this moment user is known that certainly
There are risks for which behavior of body.And in the present embodiment, only needs data access request packet to be assembled into TCP packet and carry out safe inspection
It surveys, and UDP packet is assembled into for data access request packet and is then directly forwarded operation.
Further, in one embodiment, blocking module 500 is default for redirecting to data access request
The warning page.
In the present embodiment, data access request is redirected into the preset warning page, is visited to ensure in user
When asking dangerous website, such as fishing website, when swindling webpage, beneficial effect that the browsing webpage behavior of user is terminated in time
Fruit.Further, the harm of website, tool can also be further grasped by being directed to the information prompted on the preset warning page
There is stronger safety.
Above-mentioned network security monitoring device captures IP packet by the IP address that terminal local is reserved by trapping module 100,
IP packet is assembled according to the information in IP packet by assembling module 200 again, data access request packet is generated, then passes through inspection
It surveys module 300 and safety detection is carried out to data access request packet, if eventually by the inspection of 400 data access request packet of forwarding module
Surveying result is safety, then forwards data access request packet;If the testing result of 500 data access request packet of blocking module is uneasiness
Entirely, then interception operation is executed.The present embodiment utilizes clothes instead of tradition by introducing the network security monitoring method of tunneling technique
Business device carries out the process of network security monitoring, it may not be necessary to additionally set up server, and the speed for accessing network is more quick.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory ROM) or random access memory (Random Access
Memory, RAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Protect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (8)
1. a kind of network security monitoring method, which comprises the following steps:
IP packet is captured by the IP address that terminal local is reserved;
The IP packet is assembled according to the information in the IP packet, generates data access request packet;
Safety detection is carried out to the data access request packet, if the testing result of the data access request packet is safety,
Forward the data access request packet;
If the testing result of the data access request packet be it is dangerous, execute interception operation;
Wherein, the step of IP address reserved by terminal local captures IP packet, comprising: by tunneling technique by local network
The data flow of the IP packet of network is forcibly fed into the reserved IP address of the terminal local, the IP reserved from the terminal local
IP packet is obtained in location.
2. the method according to claim 1, wherein the information according in IP packet assembles IP packet,
The step of generating data access request packet, comprising: the IP packet is assembled according to the header message in the IP packet, is generated
TCP packet or UDP packet;
Described the step of safety detection is carried out to data access request packet, comprising: safety detection is carried out to the TCP packet, to institute
UDP packet is stated to be forwarded.
3. the method according to claim 1, wherein the step for carrying out safety detection to data access request packet
Suddenly, comprising:
The destination address for obtaining the data access request packet, sends the destination address in safety database to detect
Whether safe state destination address.
4. the method according to claim 1, wherein the execution intercepts the step of operation, comprising: visit data
Ask that request redirects to the preset warning page.
5. a kind of network security monitoring device characterized by comprising
Trapping module, the IP address for being reserved by terminal local capture IP packet;
Module is assembled, for assembling according to the information in the IP packet to the IP packet, generates data access request packet;
Detection module, for carrying out safety detection to the data access request packet;
Forwarding module forwards the data access request if the testing result for the data access request packet is safety
Packet;
Blocking module, if for the data access request packet testing result be it is dangerous, execute interception operation;
Wherein, the trapping module, it is described for being forcibly fed into the data flow of the IP packet of local network by tunneling technique
In the reserved IP address of terminal local, IP packet is obtained from the IP address that the terminal local is reserved.
6. device according to claim 5, which is characterized in that the assembling module, for according to the head in the IP packet
Portion's information assembles the IP packet, generates TCP packet or UDP packet;
The detection module includes: TCP packet detection module and UDP packet forward module;
The TCP packet detection module, for carrying out safety detection to the TCP packet;
The UDP packet forward module, for being forwarded to the UDP packet.
7. device according to claim 5, which is characterized in that the detection module is asked for obtaining the data access
Whether the destination address is sent in safety database safe to detect the destination address by the destination address for seeking packet.
8. device according to claim 5, which is characterized in that the blocking module is used for data access request again
It is directed to the preset warning page.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610259891.1A CN107306264B (en) | 2016-04-25 | 2016-04-25 | Network security monitoring method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610259891.1A CN107306264B (en) | 2016-04-25 | 2016-04-25 | Network security monitoring method and apparatus |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107306264A CN107306264A (en) | 2017-10-31 |
CN107306264B true CN107306264B (en) | 2019-04-02 |
Family
ID=60150942
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610259891.1A Active CN107306264B (en) | 2016-04-25 | 2016-04-25 | Network security monitoring method and apparatus |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107306264B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105978885A (en) * | 2016-05-30 | 2016-09-28 | 刘华英 | Network security monitoring method and network security monitoring device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101009699A (en) * | 2006-01-25 | 2007-08-01 | 姜斌斌 | Transparent local security environment system and its implementation method |
CN101141447A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | HTTPS communication tunnel security check and content filtering system and method |
CN101188613A (en) * | 2007-12-11 | 2008-05-28 | 北京大学 | A method for redirecting network attack by combining route with the tunnel |
CN101252576A (en) * | 2008-03-13 | 2008-08-27 | 苏州爱迪比科技有限公司 | Method for detecting virus based on network flow with DFA in gateway |
US7992206B1 (en) * | 2006-12-14 | 2011-08-02 | Trend Micro Incorporated | Pre-scanner for inspecting network traffic for computer viruses |
CN104994094A (en) * | 2015-07-01 | 2015-10-21 | 北京奇虎科技有限公司 | Virtualization platform safety protection method, device and system based on virtual switch |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101913313B1 (en) * | 2011-12-28 | 2018-10-31 | 삼성전자주식회사 | A implementation method of contents centric network in a gateway using internet protocol based networks and a gateway thereof |
CN104348637B (en) * | 2013-07-26 | 2018-07-03 | 中国科学院声学研究所 | A kind of method that TCP connection is kept in failover |
GB2518460B (en) * | 2013-12-09 | 2015-10-28 | F Secure Corp | Unauthorised/Malicious redirection |
-
2016
- 2016-04-25 CN CN201610259891.1A patent/CN107306264B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101009699A (en) * | 2006-01-25 | 2007-08-01 | 姜斌斌 | Transparent local security environment system and its implementation method |
CN101141447A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | HTTPS communication tunnel security check and content filtering system and method |
US7992206B1 (en) * | 2006-12-14 | 2011-08-02 | Trend Micro Incorporated | Pre-scanner for inspecting network traffic for computer viruses |
CN101188613A (en) * | 2007-12-11 | 2008-05-28 | 北京大学 | A method for redirecting network attack by combining route with the tunnel |
CN101252576A (en) * | 2008-03-13 | 2008-08-27 | 苏州爱迪比科技有限公司 | Method for detecting virus based on network flow with DFA in gateway |
CN104994094A (en) * | 2015-07-01 | 2015-10-21 | 北京奇虎科技有限公司 | Virtualization platform safety protection method, device and system based on virtual switch |
Also Published As
Publication number | Publication date |
---|---|
CN107306264A (en) | 2017-10-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101662605B1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
Rao et al. | Using the middle to meddle with mobile | |
US20210258791A1 (en) | Method for http-based access point fingerprint and classification using machine learning | |
US9954873B2 (en) | Mobile device-based intrusion prevention system | |
EP2447878B1 (en) | Web based remote malware detection | |
CN101834866B (en) | CC (Communication Center) attack protective method and system thereof | |
US9817969B2 (en) | Device for detecting cyber attack based on event analysis and method thereof | |
US8719944B2 (en) | Detecting secure or encrypted tunneling in a computer network | |
CN106936791B (en) | Method and device for intercepting malicious website access | |
US9379952B2 (en) | Monitoring NAT behaviors through URI dereferences in web browsers | |
CN103023906B (en) | Method and system aiming at remote procedure calling conventions to perform status tracking | |
US20150326486A1 (en) | Application identification in records of network flows | |
US20140115705A1 (en) | Method for detecting illegal connection and network monitoring apparatus | |
CN104253785B (en) | Dangerous network address recognition methods, apparatus and system | |
EP3590061A1 (en) | Managing data encrypting application | |
WO2023045196A1 (en) | Access request capturing method and apparatus, computer device, and storage medium | |
CN107306264B (en) | Network security monitoring method and apparatus | |
CN114531258A (en) | Network attack behavior processing method and device, storage medium and electronic equipment | |
CN104993935B (en) | Cyberthreat reminding method, equipment and system | |
Čermák et al. | Detection of DNS traffic anomalies in large networks | |
Wu et al. | IoT network traffic analysis: Opportunities and challenges for forensic investigators? | |
US20230164119A1 (en) | Network device protection | |
CN113794731B (en) | Method, device, equipment and medium for identifying CDN (content delivery network) -based traffic masquerading attack | |
US10454965B1 (en) | Detecting network packet injection | |
CN105978885A (en) | Network security monitoring method and network security monitoring device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210927 Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd. Address before: 2, 518000, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. |
|
TR01 | Transfer of patent right |