CN107306264B - Network security monitoring method and apparatus - Google Patents

Network security monitoring method and apparatus Download PDF

Info

Publication number
CN107306264B
CN107306264B CN201610259891.1A CN201610259891A CN107306264B CN 107306264 B CN107306264 B CN 107306264B CN 201610259891 A CN201610259891 A CN 201610259891A CN 107306264 B CN107306264 B CN 107306264B
Authority
CN
China
Prior art keywords
packet
data access
access request
address
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610259891.1A
Other languages
Chinese (zh)
Other versions
CN107306264A (en
Inventor
肖权浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610259891.1A priority Critical patent/CN107306264B/en
Publication of CN107306264A publication Critical patent/CN107306264A/en
Application granted granted Critical
Publication of CN107306264B publication Critical patent/CN107306264B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

The invention discloses a kind of network security monitoring methods, comprising the following steps: captures IP packet by the IP address that terminal local is reserved;IP packet is assembled according to the information in IP packet, generates data access request packet;Safety detection is carried out to data access request packet, if the testing result of data access request packet is safety, forwards data access request packet;If the testing result of data access request packet be it is dangerous, execute interception operation.Above-mentioned network security monitoring method carries out the process of network security monitoring instead of tradition using server, it may not be necessary to additionally set up server, and the speed for accessing network is more quick.The invention also discloses a kind of network security monitoring devices.

Description

Network security monitoring method and apparatus
Technical field
The present invention relates to computers and Internet technical field, more particularly to a kind of network security monitoring method and dress It sets.
Background technique
Currently, disparate networks attack emerges one after another, and user is easy to pass through fake site, such as Fishing net by criminal Stand, network swindle etc. modes malice steal information, to bring increasing harm to network security.For this purpose, traditional technology In to solve the above problems, being usually to force the data flow of network packet to be sent to server to carry out the detection of network security and turn Hair, to play positive effect to the realization of general network safety system framework.
But in traditional technology, need additionally to set up server, cost of implementation is high, and the speed of equipment access network is due to clothes Business device load excessive, speed are low.
Summary of the invention
Based on this, it is necessary to provide a kind of network security monitoring method and apparatus that can accelerate network access speed.
A kind of network security monitoring method, comprising the following steps:
IP packet is captured by the IP address that terminal local is reserved;
The IP packet is assembled according to the information in the IP packet, generates data access request packet;
Safety detection is carried out to the data access request packet, if the testing result of the data access request packet is peace Entirely, then the data access request packet is forwarded;
If the testing result of the data access request packet be it is dangerous, execute interception operation.
A kind of network security monitoring device, comprising:
Trapping module, the IP address for being reserved by terminal local capture IP packet;
Module is assembled, for assembling according to the information in the IP packet to the IP packet, generates data access request Packet;
Detection module, for carrying out safety detection to the data access request packet;
Forwarding module forwards the data access if the testing result for the data access request packet is safety Request packet;
Blocking module, if for the data access request packet testing result be it is dangerous, execute interception operation.
Above-mentioned network security monitoring method and apparatus capture IP packet by the IP address that terminal local is reserved, according to IP packet In information IP packet is assembled, generate data access request packet, to data access request packet carry out safety detection, if data The testing result of access request packet is safety, then data access request packet is forwarded, if the testing result of data access request packet is It is dangerous, then execute interception operation.Above-mentioned network security monitoring method carries out network security prison using server instead of tradition The process of control, it may not be necessary to additionally set up server, and the speed of terminal access network is more quick.
Detailed description of the invention
Fig. 1 is the applied environment figure of network security monitoring method in one embodiment;
Fig. 2 is the internal structure chart of terminal in one embodiment;
Fig. 3 is the flow diagram of network security monitoring method in one embodiment;
Fig. 4 is the flow diagram of network security monitoring method in another embodiment;
Fig. 5 is the exemplary diagram of network security monitoring method in one embodiment;
Fig. 6 is the schematic diagram for being directed to the preset warning page in one embodiment in network security monitoring method;
Fig. 7 is the structural schematic diagram of network security monitoring device in one embodiment;
Fig. 8 is the structural schematic diagram of the detection module in one embodiment in network security monitoring device.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, by the following examples, it and combines attached Figure, is further elaborated the specific embodiment of inventive network method for safety monitoring and device.It should be appreciated that this Place is described, and specific examples are only used to explain the present invention, is not intended to limit the present invention.
Network security monitoring method provided by the embodiment of the present invention can be applied in environment as shown in Figure 1.It please refers to Shown in Fig. 1, IP packet is captured by the IP address that terminal 102 is locally reserved.Wherein, the IP address that terminal 102 is locally reserved is practical On be equivalent to a virtual IP address, a part of space in the caching of counterpart terminal 102.Terminal local network is generated IP packet, such as the IP packet received by network interface card or the IP packet for needing to send by network interface card, can be by the IP of local network Packet is forcibly fed into this virtual IP address, and the IP packet in the IP address is assembled and detected.Specifically, according to Information in the IP packet of capture assembles IP packet, generates data access request packet, carries out safety to data access request packet Detection forwards data access request packet to network server 104 if the testing result of data access request packet is safety;If The testing result of data access request packet be it is dangerous, then execute interception operation.That is, in the reserved IP of terminal local Location is used to capture the IP packet of terminal local network, routes to IP packet, is determined whether according to the safety detection result to IP packet It directly forwards or intercepts, to improve network security.
Wherein, terminal 102 can be but not limited to be the personal computer that can be networked, laptop, smart phone, Tablet computer, portable wearable device etc..
In one embodiment, as shown in Fig. 2, additionally providing a kind of terminal 102, which includes total by system Processor, graphics processing unit, storage medium, memory, network interface, display and the input equipment of line connection, storage medium In be stored with operating system and a kind of network security monitoring device, the network security monitoring device is for realizing a kind of network security The method of monitoring.The processor supports the operation of terminal for improving calculating and control ability.Graphics processing unit in terminal For at least providing the drawing ability at display application operating interface, for example, drawing preset police when detecting that IP packet is dangerous The page is accused, memory is used to provide environment for the operation of the network security monitoring device in storage medium, and network interface is used for and clothes Business device carries out network communication, data is sended and received, for example, sending server etc. for the data access request packet of safety.Touching Screen is touched for the icon of various applications and the display at interface, for example, the successful link information of display connection network or display connect Connect the warning page info etc. of network failure.
Referring to Fig. 3, in one embodiment, a kind of network security monitoring method is provided, this method can be applied to such as Fig. 1 institute It is illustrated in the terminal shown, comprising the following steps:
Step 302, IP packet is captured by the IP address that terminal local is reserved.
In the present embodiment, the reserved IP address of terminal local is effectively equivalent to a virtual IP address, counterpart terminal A part of space in caching.
Wherein, IP packet is according to preset protocol, such as the packet transmitted on internet that ICP/IP protocol defines. In the present embodiment, IP packet is at least one, and IP packet is made of stem and data two parts, and the front portion of stem is fixed length Degree, totally 20 bytes, are the information that all IP packets must have, for example, version information, protocol information, identification information, mark letter Breath, piece offset, raw address information and destination address information;Some Optional Fields are followed by the fixed part of stem, Length is variable.
Step 304, IP packet is assembled according to the information in IP packet, generates data access request packet.
It is to want according to the information judgement such as the identification information, flag information of stem in IP packet and piece offset in the present embodiment The type for the packet being assembled into.
Step 306, safety detection is carried out to data access request packet.
In the present embodiment, can according to the type of data access request packet to certain some type of data access request packet into Row safety detection, when carrying out safety detection, whether the destination address that mainly detection data access request packet requests access to pacifies Entirely.
Step 308, if the testing result of data access request packet is safety, data access request packet is forwarded.
Step 310, if the testing result of data access request packet be it is dangerous, execute interception operation.
In the present embodiment, if the testing result of data access request packet is safety, the data access can be directly forwarded to ask Seek packet.If the testing result of data access request packet be it is dangerous, data access request can be redirected to preset The page is alerted, thus ensured when dangerous website is accessed in user, such as fishing website, when swindling webpage, the browsing of user The beneficial effect that webpage behavior is terminated in time.Further, it can also be prompted by being directed on the preset warning page Information further grasps the harm of website, has stronger safety.
Above-mentioned network security monitoring method captures IP packet by the IP address that terminal local is reserved, according to the letter in IP packet Breath assembles IP packet, generates data access request packet, safety detection is carried out to data access request packet, if data access is asked Ask the testing result of packet for safety, then forward data access request packet, if the testing result of data access request packet be it is dangerous, Then execute interception operation.The present embodiment utilizes server instead of tradition by introducing the network security monitoring method of tunneling technique Carry out the process of network security monitoring, it may not be necessary to additionally set up server, and the speed for accessing network is more quick.
In one embodiment, the step of IP packet being captured by the IP address that terminal local is reserved, comprising: pass through tunnel skill The data flow of the IP packet of local network is forcibly fed into the reserved IP address of terminal local by art, the IP reserved from terminal local IP packet is obtained in address.
In one embodiment, IP packet is assembled according to the information in IP packet, generates the step of data access request packet Suddenly, comprising: IP packet is assembled according to the header message in IP packet, generates TCP packet or UDP packet;Data access request packet The step of carrying out safety detection, comprising: safety detection is carried out to TCP packet, UDP packet is forwarded.
In one embodiment, the step of safety detection being carried out to data access request packet, comprising: obtain data access and ask The destination address for seeking packet sends destination address in safety database and carries out safety detection.
In one embodiment, the step of intercepting operation is executed, comprising: redirect to data access request preset Alert the page.
As shown in figure 4, in one embodiment, providing a kind of network security monitoring method, this method is to be applied to such as It is illustrated in terminal shown in FIG. 1, comprising the following steps:
Step 402, IP packet is captured by the IP address that terminal local is reserved.
In the present embodiment, specifically included by the step of terminal local reserved IP address capture IP packet: by tunnel skill The data flow of the IP packet of local network is forcibly fed into the reserved IP address of terminal local by art, the IP reserved from terminal local IP packet is obtained in address.For example, with reference to Fig. 5, the IP packet of at least one APP is received by network interface card, incite somebody to action this by tunneling technique The IP packet of ground network is forcibly fed into the reserved IP address of terminal local, and in the IP address IP packet progress TCP packet or The assembling of person's UDP packet and following detection step.
Wherein, tunneling technique is the side that a kind of infrastructure by using internet transmits data between networks Formula.The data (or load) transmitted using tunnel can be the data frame or IP packet of different agreement.Tunnel protocol is by other agreements Data frame or packet Reseal then by tunnel transmission.By the foundation in tunnel, may be implemented to force to be sent to by data flow The effect of specific address.
Step 404, IP packet is assembled according to the header message in IP packet, generates TCP packet or UDP packet.
It is to want according to the information judgement such as the identification information, flag information of stem in IP packet and piece offset in the present embodiment The type for the packet being assembled into.For example, TCP (Transmission Control Protocol, transmission control protocol) packet or UDP (User Datagram Protocol, User Datagram Protocol) packet.Further, judge the TCP packet to be assembled or UDP After packet, assembled according to the format of TCP packet or UDP packet.
Step 406, safety detection is carried out to TCP packet, if the testing result of TCP packet is safety, TCP packet is forwarded, if TCP The testing result of packet be it is dangerous, then execute interception operation.
In the present embodiment, referring to Fig. 5, the detailed process of safety detection is carried out to TCP packet are as follows: TCP packet is converted into HTTP Packet, there are destination addresses in the HTTP packet being assembled into, and send destination address in safety database to detect destination address It is whether safe.Wherein, multiple safe network destination address are stored in advance in safety database, when the destination address of TCP packet exists In safety database, then determine the destination address of TCP packet for secure address, it can to carry out subsequent forwarding networking operation.Into One step, if the testing result of TCP packet is dangerous address, interception operation is executed, and further by data access request The preset warning page is redirected to, is wanted as shown in fig. 6, can be further appreciated that according to the prompt information on the warning page Access the harm information of website.For example, when clicking a link, or click a confirming button and personal information is uploaded to certain A website, when this website is the dangerous websites such as fishing website, user's used terminal will pop up the warning page, and at this moment user just knows There are risks for which behavior in road itself.
Step 408, UDP packet is forwarded.
In the present embodiment, referring to Fig. 5, only need data access request packet be assembled into TCP packet carry out safety detection, and for Data access request packet is assembled into UDP packet and is then directly forwarded operation.It should be noted that being assembling in the present embodiment It is true by flag bit field in the header message of IP packet such as identification information, flag information, piece offset etc. at TCP packet or UDP packet It is fixed, therefore for some IP packets, the flag bit field in header message can identify which kind of IP packet it belongs to, for this kind IP packet be usually safety, can direct-assembling at UDP packet, and for the IP packet of certain classifications, need to be assembled into TCP packet to carry out Safety detection.
The data flow pressure of IP packet is sent to terminal local by establishing a tunneled network in terminal by above-described embodiment Reserved IP address captures data to be tested packet, then, based on safety database to the data captured by the IP address Packet carries out safety detection.If it find that the data packet captured is dangerous, then packet discard, achievees the purpose that safety filtering; If the data packet captured meets safety condition, data packet is directly forwarded.Further, above-described embodiment provides a kind of high Effect, method at low cost, not loaded the network security monitoring excessively influenced because of user volume by server, and can effectively ensure The safety of network prevents user by the infringement of the modes such as fishing website, network swindle.
Based on the same inventive concept, in one embodiment, it is also proposed that a kind of network security monitoring device.Such as Fig. 7, the net Network safety monitoring device 10 includes trapping module 100, assembling module 200, detection module 300, forwarding module 400 and blocking module 500。
Wherein, trapping module 100 is used to capture IP packet by the IP address that terminal local is reserved;Assembling module 200 is used for IP packet is assembled according to the information in IP packet, generates data access request packet;Detection module 300 is for asking data access Packet is asked to carry out safety detection;If testing result of the forwarding module 400 for data access request packet is safety, data is forwarded to visit Ask request packet;If blocking module 500 for data access request packet testing result be it is dangerous, execute interception operation.
In addition, in one embodiment, trapping module 100 is used to pass through tunneling technique for the data of the IP packet of local network Stream is forcibly fed into the reserved IP address of terminal local, and IP packet is obtained from the IP address that terminal local is reserved.
In the present embodiment, the reserved IP address of terminal local is effectively equivalent to a virtual IP address, counterpart terminal A part of space in caching.In order to facilitate understanding, above-mentioned virtual IP address can also be interpreted as a virtual routing Device.
Wherein, IP packet is according to preset protocol, such as the packet transmitted on internet that ICP/IP protocol defines. In the present embodiment, IP packet is at least one, and IP packet is made of stem and data two parts, and the front portion of stem is fixed length Degree, totally 20 bytes, are the information that all IP packets must have, for example, version information, protocol information, identification information, mark letter Breath, piece offset, raw address information and destination address information;Some Optional Fields are followed by the fixed part of stem, Length is variable.
In addition, in one embodiment, assembling module 200 is used to carry out group to IP packet according to the header message in IP packet Dress generates TCP packet or UDP packet.
It is to want according to the information judgement such as the identification information, flag information of stem in IP packet and piece offset in the present embodiment The type for the packet being assembled into, for example, TCP packet or UDP packet.Further, judge the TCP packet to be assembled or UDP packet it Afterwards, it is assembled according to the format of TCP packet or UDP packet.
Further, as shown in figure 8, in one embodiment, detection module 300 includes 310 He of TCP packet detection module UDP packet forward module 320.Wherein, detection module 300 is used to obtain the destination address of data access request packet, by destination address It is sent in safety database whether safe to detect destination address;TCP packet detection module 310 is used to carry out safety to TCP packet Detection;UDP packet forward module 320 is for being forwarded UDP packet.
In the present embodiment, the detailed process of safety detection is carried out to TCP packet are as follows: TCP packet is converted into HTTP packet, is being assembled At HTTP packet in there are destination address, send destination address in safety database with detect destination address whether safety. Wherein, multiple safe network destination address are stored in advance in safety database, when the destination address of TCP packet is in safety database In, then determine the destination address of TCP packet for secure address, it can to carry out subsequent forwarding networking operation.Further, if The testing result of TCP packet is dangerous address, then executes interception operation, and further redirect to data access request The preset warning page.For example, when clicking a link, or click a confirming button and personal information is uploaded into some net It stands, when this website is the dangerous websites such as fishing website, user's used terminal will pop up the warning page, and at this moment user is known that certainly There are risks for which behavior of body.And in the present embodiment, only needs data access request packet to be assembled into TCP packet and carry out safe inspection It surveys, and UDP packet is assembled into for data access request packet and is then directly forwarded operation.
Further, in one embodiment, blocking module 500 is default for redirecting to data access request The warning page.
In the present embodiment, data access request is redirected into the preset warning page, is visited to ensure in user When asking dangerous website, such as fishing website, when swindling webpage, beneficial effect that the browsing webpage behavior of user is terminated in time Fruit.Further, the harm of website, tool can also be further grasped by being directed to the information prompted on the preset warning page There is stronger safety.
Above-mentioned network security monitoring device captures IP packet by the IP address that terminal local is reserved by trapping module 100, IP packet is assembled according to the information in IP packet by assembling module 200 again, data access request packet is generated, then passes through inspection It surveys module 300 and safety detection is carried out to data access request packet, if eventually by the inspection of 400 data access request packet of forwarding module Surveying result is safety, then forwards data access request packet;If the testing result of 500 data access request packet of blocking module is uneasiness Entirely, then interception operation is executed.The present embodiment utilizes clothes instead of tradition by introducing the network security monitoring method of tunneling technique Business device carries out the process of network security monitoring, it may not be necessary to additionally set up server, and the speed for accessing network is more quick.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory ROM) or random access memory (Random Access Memory, RAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention Protect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.

Claims (8)

1. a kind of network security monitoring method, which comprises the following steps:
IP packet is captured by the IP address that terminal local is reserved;
The IP packet is assembled according to the information in the IP packet, generates data access request packet;
Safety detection is carried out to the data access request packet, if the testing result of the data access request packet is safety, Forward the data access request packet;
If the testing result of the data access request packet be it is dangerous, execute interception operation;
Wherein, the step of IP address reserved by terminal local captures IP packet, comprising: by tunneling technique by local network The data flow of the IP packet of network is forcibly fed into the reserved IP address of the terminal local, the IP reserved from the terminal local IP packet is obtained in location.
2. the method according to claim 1, wherein the information according in IP packet assembles IP packet, The step of generating data access request packet, comprising: the IP packet is assembled according to the header message in the IP packet, is generated TCP packet or UDP packet;
Described the step of safety detection is carried out to data access request packet, comprising: safety detection is carried out to the TCP packet, to institute UDP packet is stated to be forwarded.
3. the method according to claim 1, wherein the step for carrying out safety detection to data access request packet Suddenly, comprising:
The destination address for obtaining the data access request packet, sends the destination address in safety database to detect Whether safe state destination address.
4. the method according to claim 1, wherein the execution intercepts the step of operation, comprising: visit data Ask that request redirects to the preset warning page.
5. a kind of network security monitoring device characterized by comprising
Trapping module, the IP address for being reserved by terminal local capture IP packet;
Module is assembled, for assembling according to the information in the IP packet to the IP packet, generates data access request packet;
Detection module, for carrying out safety detection to the data access request packet;
Forwarding module forwards the data access request if the testing result for the data access request packet is safety Packet;
Blocking module, if for the data access request packet testing result be it is dangerous, execute interception operation;
Wherein, the trapping module, it is described for being forcibly fed into the data flow of the IP packet of local network by tunneling technique In the reserved IP address of terminal local, IP packet is obtained from the IP address that the terminal local is reserved.
6. device according to claim 5, which is characterized in that the assembling module, for according to the head in the IP packet Portion's information assembles the IP packet, generates TCP packet or UDP packet;
The detection module includes: TCP packet detection module and UDP packet forward module;
The TCP packet detection module, for carrying out safety detection to the TCP packet;
The UDP packet forward module, for being forwarded to the UDP packet.
7. device according to claim 5, which is characterized in that the detection module is asked for obtaining the data access Whether the destination address is sent in safety database safe to detect the destination address by the destination address for seeking packet.
8. device according to claim 5, which is characterized in that the blocking module is used for data access request again It is directed to the preset warning page.
CN201610259891.1A 2016-04-25 2016-04-25 Network security monitoring method and apparatus Active CN107306264B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610259891.1A CN107306264B (en) 2016-04-25 2016-04-25 Network security monitoring method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610259891.1A CN107306264B (en) 2016-04-25 2016-04-25 Network security monitoring method and apparatus

Publications (2)

Publication Number Publication Date
CN107306264A CN107306264A (en) 2017-10-31
CN107306264B true CN107306264B (en) 2019-04-02

Family

ID=60150942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610259891.1A Active CN107306264B (en) 2016-04-25 2016-04-25 Network security monitoring method and apparatus

Country Status (1)

Country Link
CN (1) CN107306264B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105978885A (en) * 2016-05-30 2016-09-28 刘华英 Network security monitoring method and network security monitoring device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009699A (en) * 2006-01-25 2007-08-01 姜斌斌 Transparent local security environment system and its implementation method
CN101141447A (en) * 2006-09-08 2008-03-12 飞塔信息科技(北京)有限公司 HTTPS communication tunnel security check and content filtering system and method
CN101188613A (en) * 2007-12-11 2008-05-28 北京大学 A method for redirecting network attack by combining route with the tunnel
CN101252576A (en) * 2008-03-13 2008-08-27 苏州爱迪比科技有限公司 Method for detecting virus based on network flow with DFA in gateway
US7992206B1 (en) * 2006-12-14 2011-08-02 Trend Micro Incorporated Pre-scanner for inspecting network traffic for computer viruses
CN104994094A (en) * 2015-07-01 2015-10-21 北京奇虎科技有限公司 Virtualization platform safety protection method, device and system based on virtual switch

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101913313B1 (en) * 2011-12-28 2018-10-31 삼성전자주식회사 A implementation method of contents centric network in a gateway using internet protocol based networks and a gateway thereof
CN104348637B (en) * 2013-07-26 2018-07-03 中国科学院声学研究所 A kind of method that TCP connection is kept in failover
GB2518460B (en) * 2013-12-09 2015-10-28 F Secure Corp Unauthorised/Malicious redirection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009699A (en) * 2006-01-25 2007-08-01 姜斌斌 Transparent local security environment system and its implementation method
CN101141447A (en) * 2006-09-08 2008-03-12 飞塔信息科技(北京)有限公司 HTTPS communication tunnel security check and content filtering system and method
US7992206B1 (en) * 2006-12-14 2011-08-02 Trend Micro Incorporated Pre-scanner for inspecting network traffic for computer viruses
CN101188613A (en) * 2007-12-11 2008-05-28 北京大学 A method for redirecting network attack by combining route with the tunnel
CN101252576A (en) * 2008-03-13 2008-08-27 苏州爱迪比科技有限公司 Method for detecting virus based on network flow with DFA in gateway
CN104994094A (en) * 2015-07-01 2015-10-21 北京奇虎科技有限公司 Virtualization platform safety protection method, device and system based on virtual switch

Also Published As

Publication number Publication date
CN107306264A (en) 2017-10-31

Similar Documents

Publication Publication Date Title
KR101662605B1 (en) System and method for correlating network information with subscriber information in a mobile network environment
Rao et al. Using the middle to meddle with mobile
US20210258791A1 (en) Method for http-based access point fingerprint and classification using machine learning
US9954873B2 (en) Mobile device-based intrusion prevention system
EP2447878B1 (en) Web based remote malware detection
CN101834866B (en) CC (Communication Center) attack protective method and system thereof
US9817969B2 (en) Device for detecting cyber attack based on event analysis and method thereof
US8719944B2 (en) Detecting secure or encrypted tunneling in a computer network
CN106936791B (en) Method and device for intercepting malicious website access
US9379952B2 (en) Monitoring NAT behaviors through URI dereferences in web browsers
CN103023906B (en) Method and system aiming at remote procedure calling conventions to perform status tracking
US20150326486A1 (en) Application identification in records of network flows
US20140115705A1 (en) Method for detecting illegal connection and network monitoring apparatus
CN104253785B (en) Dangerous network address recognition methods, apparatus and system
EP3590061A1 (en) Managing data encrypting application
WO2023045196A1 (en) Access request capturing method and apparatus, computer device, and storage medium
CN107306264B (en) Network security monitoring method and apparatus
CN114531258A (en) Network attack behavior processing method and device, storage medium and electronic equipment
CN104993935B (en) Cyberthreat reminding method, equipment and system
Čermák et al. Detection of DNS traffic anomalies in large networks
Wu et al. IoT network traffic analysis: Opportunities and challenges for forensic investigators?
US20230164119A1 (en) Network device protection
CN113794731B (en) Method, device, equipment and medium for identifying CDN (content delivery network) -based traffic masquerading attack
US10454965B1 (en) Detecting network packet injection
CN105978885A (en) Network security monitoring method and network security monitoring device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210927

Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors

Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd.

Address before: 2, 518000, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

TR01 Transfer of patent right