CN107948199B - Method and device for rapidly detecting terminal shared access - Google Patents
Method and device for rapidly detecting terminal shared access Download PDFInfo
- Publication number
- CN107948199B CN107948199B CN201711447129.7A CN201711447129A CN107948199B CN 107948199 B CN107948199 B CN 107948199B CN 201711447129 A CN201711447129 A CN 201711447129A CN 107948199 B CN107948199 B CN 107948199B
- Authority
- CN
- China
- Prior art keywords
- access
- internet
- terminal
- information
- accessing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000000903 blocking effect Effects 0.000 claims abstract description 23
- 238000004891 communication Methods 0.000 claims description 20
- 238000001514 detection method Methods 0.000 claims description 15
- 238000013507 mapping Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 4
- 238000011084 recovery Methods 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 11
- 230000006399 behavior Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 238000011217 control strategy Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/04—Arrangements for maintaining operational condition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a method and a device for rapidly detecting terminal shared access, wherein the method judges whether the access terminal accesses the Internet according with a control rule after detecting the access terminal accessing the Internet through a preset routing device, and marks the access terminal if the access terminal does not access the Internet. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The method marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the problem of network safety caused by the fact that the access to the internet can not be blocked in time. On the other hand, the method improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a method and an apparatus for quickly detecting a terminal shared access.
Background
With the development of communication and electronics, various forms of mobile terminals (e.g., cell phones or ipads) have entered people's lives. In order to be convenient and fast to surf the internet, various mobile terminals are wirelessly accessed to the internet, so that great potential safety hazards are generated while convenience is brought to users. Especially, in companies, in order to prevent security incidents caused by shared access, stricter management regulations are proposed, such as limiting the number of access terminals and the types of terminals. In order to achieve fast detection, a higher requirement is also put on the detection speed of the shared access. .
There are many existing detection techniques for shared access, such as packet-based detection and feature-based detection. The detection based on the data packet characteristics is mainly performed by detecting the type of the terminal or some characteristics of a network layer and a transmission layer in the terminal. For example, the number of shared terminals is counted by detecting TTL values, and the number of terminals is counted by continuously changing IPID values, source ports, and TCP window values. However, since these parameters have limited effects, false recognition and missing recognition are easily caused. The feature-based detection mainly filters the traffic of the user continuously, and finds some special signs, such as the unique identification information for identifying the user, such as the IMEI, IMSI, etc., of the user. However, this method relies on special flow triggers, which are prone to false positives.
In the process of implementing the embodiment of the present invention, the inventor finds that the existing detection method for the mobile terminal shared access cannot timely prevent the access of an illegal terminal and easily causes misjudgment or missed judgment by detecting the data packet characteristics or the terminal characteristics obtained during the access.
Disclosure of Invention
The technical problem to be solved by the invention is how to solve the problem that the access of an illegal terminal cannot be prevented in time and erroneous judgment or missed judgment is easily caused by detecting the characteristics of a data packet or the characteristics of a terminal obtained in the access of the conventional detection method for the shared access of the mobile terminal.
In view of the above technical problems, an embodiment of the present invention provides a method for quickly detecting a terminal shared access, including:
after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet;
judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal;
and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet.
Optionally, the determining, according to the request information, whether the access terminal accesses the internet and meets a preset control rule, and if the access terminal accesses the internet and does not meet the control rule, marking the access terminal as an illegal terminal includes:
acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information;
matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result;
judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
Optionally, if access information for accessing the internet is received, determining whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, blocking access to the internet by all terminals accessing the internet through the preset routing device, including:
if access information for accessing the internet is received, resolving an IP corresponding to the access terminal according to the access information, taking the IP as an access IP, judging whether the access IP belongs to a marked illegal IP, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet.
Optionally, the method further comprises:
and if the access terminal corresponding to the access information belongs to the marked illegal terminal, displaying the equipment information of the access terminal.
Optionally, the method further comprises:
and after the access of all the terminals accessing the Internet through the preset routing equipment to the Internet is blocked, the access of the terminals which are not marked as illegal terminals to the Internet is recovered after a preset time period.
In a second aspect, an embodiment of the present invention provides an apparatus for quickly detecting shared access of a terminal, including:
the access device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring request information of an access terminal requesting to access the internet after detecting the access terminal accessing the internet through a preset routing device;
the judging module is used for judging whether the access terminal access to the internet meets a preset control rule or not according to the request information, and if the access terminal access to the internet does not meet the control rule, the access terminal is marked as an illegal terminal;
and the execution module is used for judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal or not if the access information for accessing the internet is received, and blocking the access of all terminals accessing the internet through the preset routing equipment to the internet if the access information for accessing the internet is received.
Optionally, the determining module is further configured to obtain a preset feature library, and extract feature information corresponding to the access terminal from the request information, as target feature information; matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result; judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
Optionally, the execution module is further configured to, if access information for accessing the internet is received, parse an IP corresponding to the access terminal according to the access information, and use the IP as an access IP, determine whether the access IP belongs to a marked illegal IP, and block access to the internet by all terminals accessing the internet through the preset routing device if the access information is received.
Optionally, the system further comprises a display module, where the display module is configured to display the device information of the access terminal if the access terminal corresponding to the access information belongs to the marked illegal terminal.
Optionally, the system further comprises a recovery module, and the recovery module is configured to recover, after a preset time period elapses after access to the internet from all terminals accessing the internet through the preset routing device is blocked, access to the internet from terminals that are not marked as illegal terminals.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
at least one processor, at least one memory, a communication interface, and a bus; wherein the content of the first and second substances,
the processor, the memory and the communication interface complete mutual communication through the bus;
the communication interface is used for information transmission between the electronic equipment and the communication equipment of the server or the communication equipment of the terminal;
the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the methods described above.
In a fourth aspect, embodiments of the invention also provide a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the method described above.
The embodiment of the invention provides a method and a device for rapidly detecting terminal shared access, wherein the method judges whether the access terminal accesses the Internet according with a control rule after detecting the access terminal accessing the Internet through a preset routing device, and marks the access terminal if the access terminal does not access the Internet. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The method marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the problem of network safety caused by the fact that the access to the internet can not be blocked in time. On the other hand, compared with a method for judging whether the terminal access internet accords with the control rule through various parameters in the access process, the method improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a method for rapidly detecting a terminal shared access according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an apparatus for rapidly detecting shared access of a terminal according to another embodiment of the present invention;
FIG. 3 is a schematic diagram of a process for generating a feature library according to another embodiment of the present invention;
FIG. 4 is a schematic diagram of a control rule execution process provided by another embodiment of the present invention;
fig. 5 is a block diagram illustrating an apparatus for rapidly detecting a terminal shared access according to another embodiment of the present invention;
fig. 6 is a block diagram of an electronic device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flowchart of a method for quickly detecting shared access of a terminal according to this embodiment, and referring to fig. 1, the method includes:
101: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet;
102: judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal;
103: and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet.
It should be noted that the method provided in this embodiment is generally used for controlling access to the internet (internet) from a terminal connected to the internet through an intranet or a private network, and is performed by an access management device (e.g., a firewall) disposed between the intranet or the private network and the internet. The terminal accessed to the internet can be a mobile phone, a tablet computer or a computer.
The request message is a data packet, usually an http request, sent by the access terminal when requesting to connect to the internet. For example, when the access terminal is connected to the internet through wifi of a company, the request data packet for accessing the internet generated when the access terminal is connected to the wifi is the request information. Generally, the request information carries device information for the access terminal (e.g., whether the type of access terminal is a PC or a handset).
The control rule is a preset rule for limiting the access of a terminal accessing the internet through a preset routing device to the internet. For example, the control rule is to allow only the access terminal of the type PC to access the internet, or the control rule is to allow only 3 access terminals to access the internet, and the control rule may be set according to needs, which is not specifically limited in this embodiment.
For example, the control rule is to allow only an access terminal of type PC to access the internet. And when the type of the access terminal is judged to be the mobile phone through the request information of a certain access terminal, marking the access terminal as an illegal terminal. When access information for accessing the internet is received, whether a terminal corresponding to the access information is marked as an illegal terminal is judged, if so, access of all terminals accessing the internet through the preset routing equipment to the internet is blocked. The process of marking the terminal as the illegal terminal can be marked by the identification information or other parameters of the terminal, as long as whether the terminal is marked as the illegal terminal can be identified by the access information of the terminal.
Understandably, when the terminal is an illegal terminal, all terminals accessing the internet through the preset routing equipment are directly blocked from accessing the internet. After a preset time period, the access of the terminal to the internet needs to be restored.
The embodiment provides a method for rapidly detecting terminal shared access, which is characterized in that after an access terminal accessing the internet through a preset routing device is detected, whether the access terminal accesses the internet and meets a control rule is judged, and if not, the access terminal is marked. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The method marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the problem of network safety caused by the fact that the access to the internet can not be blocked in time. On the other hand, compared with a method for judging whether the terminal access internet accords with the control rule through various parameters in the access process, the method improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.
Further, on the basis of the foregoing embodiment, the determining, according to the request information, whether the access terminal accesses the internet and meets a preset control rule, and if the access terminal accesses the internet and does not meet the control rule, marking the access terminal as an illegal terminal includes:
acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information;
matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result;
judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
It should be noted that the feature library is used for identifying the device information of the terminal, so as to determine whether the internet access by the terminal meets the control rule. The feature library stores the correspondence between the device information of the terminal and the feature information (i.e., a field in the request information, for example, a usergent field) in the request information when the terminal requests to connect to the internet. For example, by matching the feature information in the request information with the feature information in the feature library, the type, device model, and the like of the terminal can be identified.
When a certain terminal is identified as an illegal terminal, the equipment information of the terminal can be displayed, so that a manager can perform specific analysis by combining the equipment information and the access information of the equipment, and timely perform corresponding adjustment on the control rule.
The embodiment provides a method for rapidly detecting terminal shared access, which identifies the equipment information of a terminal through a pre-generated feature library, and provides a more specific basis for judging whether the internet accessed by the terminal meets the control rule. Meanwhile, the identification of the equipment information provides a basis for an administrator to analyze the behavior of each equipment, and provides convenience for better control over the internet surfing behavior of the terminal.
Further, on the basis of the foregoing embodiments, if access information for accessing the internet is received, determining whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, blocking access to the internet by all terminals accessing the internet through the preset routing device, includes:
if access information for accessing the internet is received, resolving an IP corresponding to the access terminal according to the access information, taking the IP as an access IP, judging whether the access IP belongs to a marked illegal IP, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet.
The embodiment provides a method for rapidly detecting terminal shared access, which marks an IP corresponding to a certain access terminal when detecting that the access terminal to the Internet does not conform to a control rule, so that after receiving access information, the IP can be analyzed through the access information, and a control strategy is rapidly executed.
Further, on the basis of the above embodiments, the method further includes:
and if the access terminal corresponding to the access information belongs to the marked illegal terminal, displaying the equipment information of the access terminal.
The embodiment provides a method for rapidly detecting terminal shared access, which displays the marked equipment information of the illegal terminal and provides convenience for an administrator to monitor the behavior of the illegal equipment in time.
Further, on the basis of the above embodiments, the method further includes:
and after the access of all the terminals accessing the Internet through the preset routing equipment to the Internet is blocked, the access of the terminals which are not marked as illegal terminals to the Internet is recovered after a preset time period.
It should be noted that after the access is blocked, the access to the internet needs to be resumed after a preset time period, so as to ensure that the device that needs to access the internet can normally access the internet. The preset time period is set by human, for example, the preset time period is 30 minutes, 1 hour or 3 hours, which is not limited in this embodiment.
As a more specific embodiment, fig. 2 shows a schematic structural diagram of a device for quickly detecting shared access of a terminal according to this embodiment, and referring to fig. 2, the device includes a display interface 101, a user-mode program running part 102, and a kernel-mode program running part 103. A channel 2022 for data transmission is provided between the user mode program execution portion 102 and the kernel mode program execution portion 103, and is used for transmitting information.
When it is detected that the access terminal accesses the internet through the preset routing device, the obtaining module 2031 in the kernel mode program running part 103 of the device intercepts an http data packet from a website protocol stack as request information for the access terminal to request to access the internet;
the recognition module 2032 performs a preliminary analysis on the data packet, and extracts only get and post requests of http. For example, the identifying module 2032 obtains the usergent field in the request message; as target characteristic information.
The matching module 2033 performs multi-mode matching on a plurality of fields of the data packet, performs data retrieval efficiently, and returns the IP and the matching rule to the matching module for the data packet satisfying the condition. For example, the target feature information is matched through a feature library, and the device information of the access terminal is identified according to the matching result. And judging whether the access terminal access to the Internet conforms to the control rule or not according to the control rule written in advance, and if not, marking the IP as an illegal IP.
The matching module 2033 sends the marked illegal IP to the control module 2021 through the channel 2022.
The control module 2021 is a module for performing shared access control, and the control module 2021 records an illegal IP, and implements a control policy when it is detected that a terminal corresponding to the illegal IP accesses the internet. For example, when the control rule is to limit the number of terminals accessing the internet, the control module 2021 records the number of terminals accessing the internet through the IP, and implements a control policy that all terminals accessing the internet through the predetermined routing device are blocked from accessing the internet.
In summary, with reference to the schematic structural diagram in fig. 2, the method for quickly detecting a terminal shared access provided in this embodiment includes:
acquiring a data packet on the Internet;
judging the http request through the identification module;
acquiring http method, host and usergent fields in the http method through an analysis module;
by the matching module, whether the request meets the specific domain name and usergent rule is seen;
and then the matching result is sent to the control module, and the number of the shared access terminals is output.
The method provided by the embodiment is based on that the mobile terminal accesses the wireless network and sends out specific domain name detection, the type and time of the accessed terminal can be known by detecting the special domain name, and the control is carried out before the user carries out further network activities.
Fig. 3 is a schematic diagram of a generation process of the feature library provided in this embodiment, and referring to fig. 3, the generation process of the feature library includes:
301: the connection request is analyzed. I.e., analyzing requests for mobile terminals (access terminals) to connect into wifi and other hotspots.
302: and (5) extracting features. That is, according to the access request, the feature rule (mapping relation between the device information of the terminal and the feature information in the request information of the terminal for accessing the internet) is extracted.
303: and generating a matching feature library. The feature rules are organized into a feature library, and the feature library is compiled according to different algorithms.
304: and issuing a matching rule. The compiled feature library is directly issued to the kernel, and the kernel can be loaded and operated quickly.
Fig. 4 is a schematic diagram of a control rule execution process provided in this embodiment, and referring to fig. 4, the process includes:
401: and receiving user configuration and recording policy configuration. That is, the control module accepts policies set by the user, for example, accepts control rules set by a certain company.
402: and extracting the IP which does not meet the user configuration. That is, the user policy is matched according to the number of terminals under each IP, and the IP which does not meet the policy is recorded separately.
403: and issuing the IP to the kernel. And adding a control rule in the kernel, and adding an illegal IP into the IPset.
404: blocking access requests for this IP. When illegal IP accesses network, it blocks immediately.
The method for rapidly detecting shared access of a terminal provided in this embodiment detects whether a certain IP access internet meets a control rule according to domain name detection generated when a mobile terminal is connected to wifi, for example, the control rule is to limit the number of terminals accessing the internet. Because the detection coverage range of wifi access is wide, and the detection process occurs before the terminal performs network access, the security is higher.
The method realizes rule matching through a kernel engine and sends matching results to a control module through a connecting channel. The matching engine is matched with the method, and the detection speed is higher than that of all other methods.
The method issues the control strategy to the kernel through the control module, realizes quick access control, is simple and effective, and has light burden on the system.
Fig. 5 is a block diagram illustrating a structure of an apparatus for rapidly detecting a terminal shared access according to an embodiment of the present invention, and referring to fig. 5, the apparatus for rapidly detecting a terminal shared access according to the embodiment includes an obtaining module 501, a determining module 502, and an executing module 503, wherein,
an obtaining module 501, configured to obtain request information that an access terminal requests to access the internet after detecting that the access terminal accesses the internet through a preset routing device;
a determining module 502, configured to determine whether the access terminal accesses the internet according to the request information, and if the access terminal accesses the internet and does not comply with the control rule, mark the access terminal as an illegal terminal;
the executing module 503 is configured to, if access information for accessing the internet is received, determine whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, block access to the internet by all terminals accessing the internet through the preset routing device.
The apparatus for rapidly detecting terminal shared access provided in this embodiment is suitable for the method for rapidly detecting terminal shared access provided in the foregoing embodiment, and is not described herein again.
The embodiment provides a device for rapidly detecting terminal shared access, which judges whether the access terminal accesses the internet according with a control rule after detecting the access terminal accessing the internet through a preset routing device, and marks the access terminal if the access terminal does not access the internet. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The device marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the network safety problem caused by the fact that the access to the internet can not be blocked in time. On the other hand, compared with a device for judging whether the terminal access internet accords with the control rule through various parameters in the access process, the device improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.
Fig. 6 is a block diagram showing the structure of the electronic apparatus provided in the present embodiment.
Referring to fig. 6, the electronic device includes: a processor (processor)601, a memory (memory)602, a communication Interface (Communications Interface)603, and a bus 604;
wherein the content of the first and second substances,
the processor 601, the memory 602 and the communication interface 603 complete mutual communication through the bus 604;
the communication interface 603 is used for information transmission between the electronic device and a communication device of a terminal or the internet;
the processor 601 is configured to call program instructions in the memory 602 to perform the methods provided by the above-mentioned method embodiments, for example, including: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet; judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal; and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet.
The present embodiments provide a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the methods provided by the above method embodiments, for example, including: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet; judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal; and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet. .
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments, for example, comprising: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet; judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal; and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet. .
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of the electronic device and the like are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may also be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention, and are not limited thereto; although embodiments of the present invention have been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A method for rapidly detecting terminal shared access is characterized by comprising the following steps:
after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet;
judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal;
if access information for accessing the internet is received, judging whether an access terminal corresponding to the access information belongs to a marked illegal terminal or not, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet;
further comprising:
after the access of all terminals accessing the internet through the preset routing equipment to the internet is blocked, the access of the terminals which are not marked as illegal terminals to the internet is recovered after a preset time period;
the judging whether the access terminal access internet accords with a preset control rule according to the request information, if the access terminal access internet does not accord with the control rule, marking the access terminal as an illegal terminal, and the method comprises the following steps:
acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information;
matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result; the equipment information comprises the type and the equipment model of the terminal;
judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
2. The method of claim 1, wherein if access information for accessing the internet is received, determining whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, blocking access to the internet by all terminals accessing the internet through the preset routing device, comprises:
if access information for accessing the internet is received, resolving an IP corresponding to the access terminal according to the access information, taking the IP as an access IP, judging whether the access IP belongs to a marked illegal IP, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet.
3. The method of claim 1, further comprising:
and if the access terminal corresponding to the access information belongs to the marked illegal terminal, displaying the equipment information of the access terminal.
4. An apparatus for fast detection of terminal shared access, comprising:
the access device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring request information of an access terminal requesting to access the internet after detecting the access terminal accessing the internet through a preset routing device;
the judging module is used for judging whether the access terminal access to the internet meets a preset control rule or not according to the request information, and if the access terminal access to the internet does not meet the control rule, the access terminal is marked as an illegal terminal;
the execution module is used for judging whether an access terminal corresponding to the access information belongs to a marked illegal terminal or not if the access information for accessing the internet is received, and blocking access to the internet by all terminals accessing the internet through the preset routing equipment if the access information is received;
the recovery module is used for recovering the access of the terminal which is not marked as an illegal terminal to the internet after a preset time period after the access of all terminals accessing the internet through the preset routing equipment to the internet is blocked;
the judging module is also used for acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information; matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result; judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP; the equipment information comprises the type and the equipment model of the terminal;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
5. The apparatus of claim 4, wherein the execution module is further configured to, if access information for accessing the internet is received, parse an IP corresponding to the access terminal according to the access information, as an access IP, determine whether the access IP belongs to a marked illegal IP, and block access to the internet by all terminals accessing the internet through the predetermined routing device if the access information is received.
6. The apparatus according to claim 4, further comprising a display module, configured to display the device information of the access terminal if the access terminal corresponding to the access information belongs to the marked illegal terminal.
7. An electronic device, comprising:
at least one processor, at least one memory, a communication interface, and a bus; wherein the content of the first and second substances,
the processor, the memory and the communication interface complete mutual communication through the bus;
the communication interface is used for information transmission between the electronic equipment and the communication equipment of the server or the communication equipment of the terminal;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 3.
8. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of any one of claims 1-3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711447129.7A CN107948199B (en) | 2017-12-27 | 2017-12-27 | Method and device for rapidly detecting terminal shared access |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711447129.7A CN107948199B (en) | 2017-12-27 | 2017-12-27 | Method and device for rapidly detecting terminal shared access |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107948199A CN107948199A (en) | 2018-04-20 |
CN107948199B true CN107948199B (en) | 2021-05-25 |
Family
ID=61939455
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711447129.7A Active CN107948199B (en) | 2017-12-27 | 2017-12-27 | Method and device for rapidly detecting terminal shared access |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107948199B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965386B (en) * | 2018-06-08 | 2021-12-14 | 奇安信科技集团股份有限公司 | Identification method and device for shared access terminal |
CN108900429A (en) * | 2018-06-12 | 2018-11-27 | 北京奇安信科技有限公司 | A kind of more policy control methods of shared access and device |
CN109495538B (en) * | 2018-09-19 | 2021-11-12 | 奇安信科技集团股份有限公司 | Method and device for detecting number of shared access terminals |
CN109275145B (en) * | 2018-09-21 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Device behavior detection and barrier processing method, medium and electronic device |
CN112543203B (en) * | 2020-12-28 | 2023-04-28 | 杭州迪普科技股份有限公司 | Terminal access method, device and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471912A (en) * | 2015-12-31 | 2016-04-06 | 深圳市深信服电子科技有限公司 | Security defense method and system of monitoring system |
CN105991647A (en) * | 2016-01-21 | 2016-10-05 | 李明 | Data transmission method |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102469078B (en) * | 2010-11-08 | 2015-05-27 | 中国移动通信集团公司 | Method and system for accessing campus network to external network |
CN102857515B (en) * | 2012-09-21 | 2015-06-17 | 北京神州绿盟信息安全科技股份有限公司 | Network access control method and network access control device |
US9917668B2 (en) * | 2014-06-13 | 2018-03-13 | Ciena Corporation | Systems and methods for detecting and propagating resizability information of oduflex connections |
CN105610839A (en) * | 2015-12-31 | 2016-05-25 | 国网浙江奉化市供电公司 | Controlling method and device for accessing network by terminal |
CN105939231B (en) * | 2016-05-16 | 2020-04-03 | 杭州迪普科技股份有限公司 | Shared access detection method and device |
CN106027518B (en) * | 2016-05-19 | 2019-04-12 | 中国人民解放军装备学院 | A kind of trusted network connection method based on quasi real time state feedback |
CN106789486B (en) * | 2017-03-17 | 2020-08-04 | 杭州迪普科技股份有限公司 | Method and device for detecting shared access, electronic equipment and computer readable storage medium |
-
2017
- 2017-12-27 CN CN201711447129.7A patent/CN107948199B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471912A (en) * | 2015-12-31 | 2016-04-06 | 深圳市深信服电子科技有限公司 | Security defense method and system of monitoring system |
CN105991647A (en) * | 2016-01-21 | 2016-10-05 | 李明 | Data transmission method |
Also Published As
Publication number | Publication date |
---|---|
CN107948199A (en) | 2018-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107948199B (en) | Method and device for rapidly detecting terminal shared access | |
CN111401416B (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
CN110417778B (en) | Access request processing method and device | |
CN108092975A (en) | Recognition methods, system, storage medium and the electronic equipment of abnormal login | |
US10958657B2 (en) | Utilizing transport layer security (TLS) fingerprints to determine agents and operating systems | |
CN108632227A (en) | A kind of malice domain name detection process method and device | |
CN109327439B (en) | Risk identification method and device for service request data, storage medium and equipment | |
CN108183900B (en) | Method, server, system, terminal device and storage medium for detecting mining script | |
CN110650117B (en) | Cross-site attack protection method, device, equipment and storage medium | |
CN103346972A (en) | Flow control device and method based on user terminal | |
CN110933103A (en) | Anti-crawler method, device, equipment and medium | |
CN111404937B (en) | Method and device for detecting server vulnerability | |
CN103746992A (en) | Reverse-based intrusion detection system and reverse-based intrusion detection method | |
CN105959294B (en) | A kind of malice domain name discrimination method and device | |
CN104486320A (en) | Intranet sensitive information disclosure evidence collection system and method based on honeynet technology | |
CN108512805B (en) | Network security defense method and network security defense device | |
CN106790073B (en) | Blocking method and device for malicious attack of Web server and firewall | |
CN117527412A (en) | Data security monitoring method and device | |
CN110460593B (en) | Network address identification method, device and medium for mobile traffic gateway | |
CN110808997B (en) | Method and device for remotely obtaining evidence of server, electronic equipment and storage medium | |
CN107995167B (en) | Equipment identification method and server | |
CN115051867B (en) | Illegal external connection behavior detection method and device, electronic equipment and medium | |
CN115643044A (en) | Data processing method, device, server and storage medium | |
CN110868410B (en) | Method and device for acquiring webpage Trojan horse connection password, electronic equipment and storage medium | |
CN113765924A (en) | Safety monitoring method, terminal and equipment based on cross-server access of user |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |