CN107948199B - Method and device for rapidly detecting terminal shared access - Google Patents

Method and device for rapidly detecting terminal shared access Download PDF

Info

Publication number
CN107948199B
CN107948199B CN201711447129.7A CN201711447129A CN107948199B CN 107948199 B CN107948199 B CN 107948199B CN 201711447129 A CN201711447129 A CN 201711447129A CN 107948199 B CN107948199 B CN 107948199B
Authority
CN
China
Prior art keywords
access
internet
terminal
information
accessing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711447129.7A
Other languages
Chinese (zh)
Other versions
CN107948199A (en
Inventor
张洪钏
金科
岳勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qax Technology Group Inc
Original Assignee
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qianxin Technology Co Ltd filed Critical Beijing Qianxin Technology Co Ltd
Priority to CN201711447129.7A priority Critical patent/CN107948199B/en
Publication of CN107948199A publication Critical patent/CN107948199A/en
Application granted granted Critical
Publication of CN107948199B publication Critical patent/CN107948199B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention discloses a method and a device for rapidly detecting terminal shared access, wherein the method judges whether the access terminal accesses the Internet according with a control rule after detecting the access terminal accessing the Internet through a preset routing device, and marks the access terminal if the access terminal does not access the Internet. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The method marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the problem of network safety caused by the fact that the access to the internet can not be blocked in time. On the other hand, the method improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.

Description

Method and device for rapidly detecting terminal shared access
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a method and an apparatus for quickly detecting a terminal shared access.
Background
With the development of communication and electronics, various forms of mobile terminals (e.g., cell phones or ipads) have entered people's lives. In order to be convenient and fast to surf the internet, various mobile terminals are wirelessly accessed to the internet, so that great potential safety hazards are generated while convenience is brought to users. Especially, in companies, in order to prevent security incidents caused by shared access, stricter management regulations are proposed, such as limiting the number of access terminals and the types of terminals. In order to achieve fast detection, a higher requirement is also put on the detection speed of the shared access. .
There are many existing detection techniques for shared access, such as packet-based detection and feature-based detection. The detection based on the data packet characteristics is mainly performed by detecting the type of the terminal or some characteristics of a network layer and a transmission layer in the terminal. For example, the number of shared terminals is counted by detecting TTL values, and the number of terminals is counted by continuously changing IPID values, source ports, and TCP window values. However, since these parameters have limited effects, false recognition and missing recognition are easily caused. The feature-based detection mainly filters the traffic of the user continuously, and finds some special signs, such as the unique identification information for identifying the user, such as the IMEI, IMSI, etc., of the user. However, this method relies on special flow triggers, which are prone to false positives.
In the process of implementing the embodiment of the present invention, the inventor finds that the existing detection method for the mobile terminal shared access cannot timely prevent the access of an illegal terminal and easily causes misjudgment or missed judgment by detecting the data packet characteristics or the terminal characteristics obtained during the access.
Disclosure of Invention
The technical problem to be solved by the invention is how to solve the problem that the access of an illegal terminal cannot be prevented in time and erroneous judgment or missed judgment is easily caused by detecting the characteristics of a data packet or the characteristics of a terminal obtained in the access of the conventional detection method for the shared access of the mobile terminal.
In view of the above technical problems, an embodiment of the present invention provides a method for quickly detecting a terminal shared access, including:
after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet;
judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal;
and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet.
Optionally, the determining, according to the request information, whether the access terminal accesses the internet and meets a preset control rule, and if the access terminal accesses the internet and does not meet the control rule, marking the access terminal as an illegal terminal includes:
acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information;
matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result;
judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
Optionally, if access information for accessing the internet is received, determining whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, blocking access to the internet by all terminals accessing the internet through the preset routing device, including:
if access information for accessing the internet is received, resolving an IP corresponding to the access terminal according to the access information, taking the IP as an access IP, judging whether the access IP belongs to a marked illegal IP, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet.
Optionally, the method further comprises:
and if the access terminal corresponding to the access information belongs to the marked illegal terminal, displaying the equipment information of the access terminal.
Optionally, the method further comprises:
and after the access of all the terminals accessing the Internet through the preset routing equipment to the Internet is blocked, the access of the terminals which are not marked as illegal terminals to the Internet is recovered after a preset time period.
In a second aspect, an embodiment of the present invention provides an apparatus for quickly detecting shared access of a terminal, including:
the access device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring request information of an access terminal requesting to access the internet after detecting the access terminal accessing the internet through a preset routing device;
the judging module is used for judging whether the access terminal access to the internet meets a preset control rule or not according to the request information, and if the access terminal access to the internet does not meet the control rule, the access terminal is marked as an illegal terminal;
and the execution module is used for judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal or not if the access information for accessing the internet is received, and blocking the access of all terminals accessing the internet through the preset routing equipment to the internet if the access information for accessing the internet is received.
Optionally, the determining module is further configured to obtain a preset feature library, and extract feature information corresponding to the access terminal from the request information, as target feature information; matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result; judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
Optionally, the execution module is further configured to, if access information for accessing the internet is received, parse an IP corresponding to the access terminal according to the access information, and use the IP as an access IP, determine whether the access IP belongs to a marked illegal IP, and block access to the internet by all terminals accessing the internet through the preset routing device if the access information is received.
Optionally, the system further comprises a display module, where the display module is configured to display the device information of the access terminal if the access terminal corresponding to the access information belongs to the marked illegal terminal.
Optionally, the system further comprises a recovery module, and the recovery module is configured to recover, after a preset time period elapses after access to the internet from all terminals accessing the internet through the preset routing device is blocked, access to the internet from terminals that are not marked as illegal terminals.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
at least one processor, at least one memory, a communication interface, and a bus; wherein the content of the first and second substances,
the processor, the memory and the communication interface complete mutual communication through the bus;
the communication interface is used for information transmission between the electronic equipment and the communication equipment of the server or the communication equipment of the terminal;
the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the methods described above.
In a fourth aspect, embodiments of the invention also provide a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the method described above.
The embodiment of the invention provides a method and a device for rapidly detecting terminal shared access, wherein the method judges whether the access terminal accesses the Internet according with a control rule after detecting the access terminal accessing the Internet through a preset routing device, and marks the access terminal if the access terminal does not access the Internet. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The method marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the problem of network safety caused by the fact that the access to the internet can not be blocked in time. On the other hand, compared with a method for judging whether the terminal access internet accords with the control rule through various parameters in the access process, the method improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a method for rapidly detecting a terminal shared access according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an apparatus for rapidly detecting shared access of a terminal according to another embodiment of the present invention;
FIG. 3 is a schematic diagram of a process for generating a feature library according to another embodiment of the present invention;
FIG. 4 is a schematic diagram of a control rule execution process provided by another embodiment of the present invention;
fig. 5 is a block diagram illustrating an apparatus for rapidly detecting a terminal shared access according to another embodiment of the present invention;
fig. 6 is a block diagram of an electronic device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flowchart of a method for quickly detecting shared access of a terminal according to this embodiment, and referring to fig. 1, the method includes:
101: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet;
102: judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal;
103: and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet.
It should be noted that the method provided in this embodiment is generally used for controlling access to the internet (internet) from a terminal connected to the internet through an intranet or a private network, and is performed by an access management device (e.g., a firewall) disposed between the intranet or the private network and the internet. The terminal accessed to the internet can be a mobile phone, a tablet computer or a computer.
The request message is a data packet, usually an http request, sent by the access terminal when requesting to connect to the internet. For example, when the access terminal is connected to the internet through wifi of a company, the request data packet for accessing the internet generated when the access terminal is connected to the wifi is the request information. Generally, the request information carries device information for the access terminal (e.g., whether the type of access terminal is a PC or a handset).
The control rule is a preset rule for limiting the access of a terminal accessing the internet through a preset routing device to the internet. For example, the control rule is to allow only the access terminal of the type PC to access the internet, or the control rule is to allow only 3 access terminals to access the internet, and the control rule may be set according to needs, which is not specifically limited in this embodiment.
For example, the control rule is to allow only an access terminal of type PC to access the internet. And when the type of the access terminal is judged to be the mobile phone through the request information of a certain access terminal, marking the access terminal as an illegal terminal. When access information for accessing the internet is received, whether a terminal corresponding to the access information is marked as an illegal terminal is judged, if so, access of all terminals accessing the internet through the preset routing equipment to the internet is blocked. The process of marking the terminal as the illegal terminal can be marked by the identification information or other parameters of the terminal, as long as whether the terminal is marked as the illegal terminal can be identified by the access information of the terminal.
Understandably, when the terminal is an illegal terminal, all terminals accessing the internet through the preset routing equipment are directly blocked from accessing the internet. After a preset time period, the access of the terminal to the internet needs to be restored.
The embodiment provides a method for rapidly detecting terminal shared access, which is characterized in that after an access terminal accessing the internet through a preset routing device is detected, whether the access terminal accesses the internet and meets a control rule is judged, and if not, the access terminal is marked. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The method marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the problem of network safety caused by the fact that the access to the internet can not be blocked in time. On the other hand, compared with a method for judging whether the terminal access internet accords with the control rule through various parameters in the access process, the method improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.
Further, on the basis of the foregoing embodiment, the determining, according to the request information, whether the access terminal accesses the internet and meets a preset control rule, and if the access terminal accesses the internet and does not meet the control rule, marking the access terminal as an illegal terminal includes:
acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information;
matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result;
judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
It should be noted that the feature library is used for identifying the device information of the terminal, so as to determine whether the internet access by the terminal meets the control rule. The feature library stores the correspondence between the device information of the terminal and the feature information (i.e., a field in the request information, for example, a usergent field) in the request information when the terminal requests to connect to the internet. For example, by matching the feature information in the request information with the feature information in the feature library, the type, device model, and the like of the terminal can be identified.
When a certain terminal is identified as an illegal terminal, the equipment information of the terminal can be displayed, so that a manager can perform specific analysis by combining the equipment information and the access information of the equipment, and timely perform corresponding adjustment on the control rule.
The embodiment provides a method for rapidly detecting terminal shared access, which identifies the equipment information of a terminal through a pre-generated feature library, and provides a more specific basis for judging whether the internet accessed by the terminal meets the control rule. Meanwhile, the identification of the equipment information provides a basis for an administrator to analyze the behavior of each equipment, and provides convenience for better control over the internet surfing behavior of the terminal.
Further, on the basis of the foregoing embodiments, if access information for accessing the internet is received, determining whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, blocking access to the internet by all terminals accessing the internet through the preset routing device, includes:
if access information for accessing the internet is received, resolving an IP corresponding to the access terminal according to the access information, taking the IP as an access IP, judging whether the access IP belongs to a marked illegal IP, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet.
The embodiment provides a method for rapidly detecting terminal shared access, which marks an IP corresponding to a certain access terminal when detecting that the access terminal to the Internet does not conform to a control rule, so that after receiving access information, the IP can be analyzed through the access information, and a control strategy is rapidly executed.
Further, on the basis of the above embodiments, the method further includes:
and if the access terminal corresponding to the access information belongs to the marked illegal terminal, displaying the equipment information of the access terminal.
The embodiment provides a method for rapidly detecting terminal shared access, which displays the marked equipment information of the illegal terminal and provides convenience for an administrator to monitor the behavior of the illegal equipment in time.
Further, on the basis of the above embodiments, the method further includes:
and after the access of all the terminals accessing the Internet through the preset routing equipment to the Internet is blocked, the access of the terminals which are not marked as illegal terminals to the Internet is recovered after a preset time period.
It should be noted that after the access is blocked, the access to the internet needs to be resumed after a preset time period, so as to ensure that the device that needs to access the internet can normally access the internet. The preset time period is set by human, for example, the preset time period is 30 minutes, 1 hour or 3 hours, which is not limited in this embodiment.
As a more specific embodiment, fig. 2 shows a schematic structural diagram of a device for quickly detecting shared access of a terminal according to this embodiment, and referring to fig. 2, the device includes a display interface 101, a user-mode program running part 102, and a kernel-mode program running part 103. A channel 2022 for data transmission is provided between the user mode program execution portion 102 and the kernel mode program execution portion 103, and is used for transmitting information.
When it is detected that the access terminal accesses the internet through the preset routing device, the obtaining module 2031 in the kernel mode program running part 103 of the device intercepts an http data packet from a website protocol stack as request information for the access terminal to request to access the internet;
the recognition module 2032 performs a preliminary analysis on the data packet, and extracts only get and post requests of http. For example, the identifying module 2032 obtains the usergent field in the request message; as target characteristic information.
The matching module 2033 performs multi-mode matching on a plurality of fields of the data packet, performs data retrieval efficiently, and returns the IP and the matching rule to the matching module for the data packet satisfying the condition. For example, the target feature information is matched through a feature library, and the device information of the access terminal is identified according to the matching result. And judging whether the access terminal access to the Internet conforms to the control rule or not according to the control rule written in advance, and if not, marking the IP as an illegal IP.
The matching module 2033 sends the marked illegal IP to the control module 2021 through the channel 2022.
The control module 2021 is a module for performing shared access control, and the control module 2021 records an illegal IP, and implements a control policy when it is detected that a terminal corresponding to the illegal IP accesses the internet. For example, when the control rule is to limit the number of terminals accessing the internet, the control module 2021 records the number of terminals accessing the internet through the IP, and implements a control policy that all terminals accessing the internet through the predetermined routing device are blocked from accessing the internet.
In summary, with reference to the schematic structural diagram in fig. 2, the method for quickly detecting a terminal shared access provided in this embodiment includes:
acquiring a data packet on the Internet;
judging the http request through the identification module;
acquiring http method, host and usergent fields in the http method through an analysis module;
by the matching module, whether the request meets the specific domain name and usergent rule is seen;
and then the matching result is sent to the control module, and the number of the shared access terminals is output.
The method provided by the embodiment is based on that the mobile terminal accesses the wireless network and sends out specific domain name detection, the type and time of the accessed terminal can be known by detecting the special domain name, and the control is carried out before the user carries out further network activities.
Fig. 3 is a schematic diagram of a generation process of the feature library provided in this embodiment, and referring to fig. 3, the generation process of the feature library includes:
301: the connection request is analyzed. I.e., analyzing requests for mobile terminals (access terminals) to connect into wifi and other hotspots.
302: and (5) extracting features. That is, according to the access request, the feature rule (mapping relation between the device information of the terminal and the feature information in the request information of the terminal for accessing the internet) is extracted.
303: and generating a matching feature library. The feature rules are organized into a feature library, and the feature library is compiled according to different algorithms.
304: and issuing a matching rule. The compiled feature library is directly issued to the kernel, and the kernel can be loaded and operated quickly.
Fig. 4 is a schematic diagram of a control rule execution process provided in this embodiment, and referring to fig. 4, the process includes:
401: and receiving user configuration and recording policy configuration. That is, the control module accepts policies set by the user, for example, accepts control rules set by a certain company.
402: and extracting the IP which does not meet the user configuration. That is, the user policy is matched according to the number of terminals under each IP, and the IP which does not meet the policy is recorded separately.
403: and issuing the IP to the kernel. And adding a control rule in the kernel, and adding an illegal IP into the IPset.
404: blocking access requests for this IP. When illegal IP accesses network, it blocks immediately.
The method for rapidly detecting shared access of a terminal provided in this embodiment detects whether a certain IP access internet meets a control rule according to domain name detection generated when a mobile terminal is connected to wifi, for example, the control rule is to limit the number of terminals accessing the internet. Because the detection coverage range of wifi access is wide, and the detection process occurs before the terminal performs network access, the security is higher.
The method realizes rule matching through a kernel engine and sends matching results to a control module through a connecting channel. The matching engine is matched with the method, and the detection speed is higher than that of all other methods.
The method issues the control strategy to the kernel through the control module, realizes quick access control, is simple and effective, and has light burden on the system.
Fig. 5 is a block diagram illustrating a structure of an apparatus for rapidly detecting a terminal shared access according to an embodiment of the present invention, and referring to fig. 5, the apparatus for rapidly detecting a terminal shared access according to the embodiment includes an obtaining module 501, a determining module 502, and an executing module 503, wherein,
an obtaining module 501, configured to obtain request information that an access terminal requests to access the internet after detecting that the access terminal accesses the internet through a preset routing device;
a determining module 502, configured to determine whether the access terminal accesses the internet according to the request information, and if the access terminal accesses the internet and does not comply with the control rule, mark the access terminal as an illegal terminal;
the executing module 503 is configured to, if access information for accessing the internet is received, determine whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, block access to the internet by all terminals accessing the internet through the preset routing device.
The apparatus for rapidly detecting terminal shared access provided in this embodiment is suitable for the method for rapidly detecting terminal shared access provided in the foregoing embodiment, and is not described herein again.
The embodiment provides a device for rapidly detecting terminal shared access, which judges whether the access terminal accesses the internet according with a control rule after detecting the access terminal accessing the internet through a preset routing device, and marks the access terminal if the access terminal does not access the internet. And after receiving the access information of the terminal accessing the Internet, judging whether the terminal is marked, if so, blocking the access of all terminals accessing the Internet through the preset routing equipment to the Internet. The device marks the terminal which can not access the internet through the request information of the terminal accessing the internet, thereby being capable of blocking the access of the marked terminal to the internet in time when detecting that the marked terminal accesses the internet, and avoiding the network safety problem caused by the fact that the access to the internet can not be blocked in time. On the other hand, compared with a device for judging whether the terminal access internet accords with the control rule through various parameters in the access process, the device improves the accuracy of judgment and reduces the probability of misjudgment or missed judgment.
Fig. 6 is a block diagram showing the structure of the electronic apparatus provided in the present embodiment.
Referring to fig. 6, the electronic device includes: a processor (processor)601, a memory (memory)602, a communication Interface (Communications Interface)603, and a bus 604;
wherein the content of the first and second substances,
the processor 601, the memory 602 and the communication interface 603 complete mutual communication through the bus 604;
the communication interface 603 is used for information transmission between the electronic device and a communication device of a terminal or the internet;
the processor 601 is configured to call program instructions in the memory 602 to perform the methods provided by the above-mentioned method embodiments, for example, including: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet; judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal; and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet.
The present embodiments provide a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the methods provided by the above method embodiments, for example, including: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet; judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal; and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet. .
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments, for example, comprising: after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet; judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal; and if the access information for accessing the internet is received, judging whether the access terminal corresponding to the access information belongs to the marked illegal terminal, and if so, blocking the access of all terminals accessing the internet through the preset routing equipment to the internet. .
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of the electronic device and the like are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may also be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention, and are not limited thereto; although embodiments of the present invention have been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (8)

1. A method for rapidly detecting terminal shared access is characterized by comprising the following steps:
after detecting an access terminal accessing the Internet through a preset routing device, acquiring request information of the access terminal requesting to access the Internet;
judging whether the access terminal accesses the Internet according to the request information and accords with a preset control rule, if the access terminal accesses the Internet and does not accord with the control rule, marking the access terminal as an illegal terminal;
if access information for accessing the internet is received, judging whether an access terminal corresponding to the access information belongs to a marked illegal terminal or not, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet;
further comprising:
after the access of all terminals accessing the internet through the preset routing equipment to the internet is blocked, the access of the terminals which are not marked as illegal terminals to the internet is recovered after a preset time period;
the judging whether the access terminal access internet accords with a preset control rule according to the request information, if the access terminal access internet does not accord with the control rule, marking the access terminal as an illegal terminal, and the method comprises the following steps:
acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information;
matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result; the equipment information comprises the type and the equipment model of the terminal;
judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
2. The method of claim 1, wherein if access information for accessing the internet is received, determining whether an access terminal corresponding to the access information belongs to a marked illegal terminal, and if so, blocking access to the internet by all terminals accessing the internet through the preset routing device, comprises:
if access information for accessing the internet is received, resolving an IP corresponding to the access terminal according to the access information, taking the IP as an access IP, judging whether the access IP belongs to a marked illegal IP, and if so, blocking access of all terminals accessing the internet through the preset routing equipment to the internet.
3. The method of claim 1, further comprising:
and if the access terminal corresponding to the access information belongs to the marked illegal terminal, displaying the equipment information of the access terminal.
4. An apparatus for fast detection of terminal shared access, comprising:
the access device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring request information of an access terminal requesting to access the internet after detecting the access terminal accessing the internet through a preset routing device;
the judging module is used for judging whether the access terminal access to the internet meets a preset control rule or not according to the request information, and if the access terminal access to the internet does not meet the control rule, the access terminal is marked as an illegal terminal;
the execution module is used for judging whether an access terminal corresponding to the access information belongs to a marked illegal terminal or not if the access information for accessing the internet is received, and blocking access to the internet by all terminals accessing the internet through the preset routing equipment if the access information is received;
the recovery module is used for recovering the access of the terminal which is not marked as an illegal terminal to the internet after a preset time period after the access of all terminals accessing the internet through the preset routing equipment to the internet is blocked;
the judging module is also used for acquiring a preset feature library, and extracting feature information corresponding to the access terminal from the request information to serve as target feature information; matching the target characteristic information with the characteristic information in the characteristic library, and identifying the equipment information of the access terminal according to the matching result; judging whether the access terminal access internet accords with the control rule or not according to the equipment information, and if not, marking the IP corresponding to the access terminal as an illegal IP; the equipment information comprises the type and the equipment model of the terminal;
the characteristic library is a mapping relation between the equipment information of the terminal and the characteristic information in the request information of the terminal for accessing the Internet, which is input in advance.
5. The apparatus of claim 4, wherein the execution module is further configured to, if access information for accessing the internet is received, parse an IP corresponding to the access terminal according to the access information, as an access IP, determine whether the access IP belongs to a marked illegal IP, and block access to the internet by all terminals accessing the internet through the predetermined routing device if the access information is received.
6. The apparatus according to claim 4, further comprising a display module, configured to display the device information of the access terminal if the access terminal corresponding to the access information belongs to the marked illegal terminal.
7. An electronic device, comprising:
at least one processor, at least one memory, a communication interface, and a bus; wherein the content of the first and second substances,
the processor, the memory and the communication interface complete mutual communication through the bus;
the communication interface is used for information transmission between the electronic equipment and the communication equipment of the server or the communication equipment of the terminal;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 3.
8. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of any one of claims 1-3.
CN201711447129.7A 2017-12-27 2017-12-27 Method and device for rapidly detecting terminal shared access Active CN107948199B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711447129.7A CN107948199B (en) 2017-12-27 2017-12-27 Method and device for rapidly detecting terminal shared access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711447129.7A CN107948199B (en) 2017-12-27 2017-12-27 Method and device for rapidly detecting terminal shared access

Publications (2)

Publication Number Publication Date
CN107948199A CN107948199A (en) 2018-04-20
CN107948199B true CN107948199B (en) 2021-05-25

Family

ID=61939455

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711447129.7A Active CN107948199B (en) 2017-12-27 2017-12-27 Method and device for rapidly detecting terminal shared access

Country Status (1)

Country Link
CN (1) CN107948199B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965386B (en) * 2018-06-08 2021-12-14 奇安信科技集团股份有限公司 Identification method and device for shared access terminal
CN108900429A (en) * 2018-06-12 2018-11-27 北京奇安信科技有限公司 A kind of more policy control methods of shared access and device
CN109495538B (en) * 2018-09-19 2021-11-12 奇安信科技集团股份有限公司 Method and device for detecting number of shared access terminals
CN109275145B (en) * 2018-09-21 2022-04-12 腾讯科技(深圳)有限公司 Device behavior detection and barrier processing method, medium and electronic device
CN112543203B (en) * 2020-12-28 2023-04-28 杭州迪普科技股份有限公司 Terminal access method, device and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471912A (en) * 2015-12-31 2016-04-06 深圳市深信服电子科技有限公司 Security defense method and system of monitoring system
CN105991647A (en) * 2016-01-21 2016-10-05 李明 Data transmission method

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102469078B (en) * 2010-11-08 2015-05-27 中国移动通信集团公司 Method and system for accessing campus network to external network
CN102857515B (en) * 2012-09-21 2015-06-17 北京神州绿盟信息安全科技股份有限公司 Network access control method and network access control device
US9917668B2 (en) * 2014-06-13 2018-03-13 Ciena Corporation Systems and methods for detecting and propagating resizability information of oduflex connections
CN105610839A (en) * 2015-12-31 2016-05-25 国网浙江奉化市供电公司 Controlling method and device for accessing network by terminal
CN105939231B (en) * 2016-05-16 2020-04-03 杭州迪普科技股份有限公司 Shared access detection method and device
CN106027518B (en) * 2016-05-19 2019-04-12 中国人民解放军装备学院 A kind of trusted network connection method based on quasi real time state feedback
CN106789486B (en) * 2017-03-17 2020-08-04 杭州迪普科技股份有限公司 Method and device for detecting shared access, electronic equipment and computer readable storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471912A (en) * 2015-12-31 2016-04-06 深圳市深信服电子科技有限公司 Security defense method and system of monitoring system
CN105991647A (en) * 2016-01-21 2016-10-05 李明 Data transmission method

Also Published As

Publication number Publication date
CN107948199A (en) 2018-04-20

Similar Documents

Publication Publication Date Title
CN107948199B (en) Method and device for rapidly detecting terminal shared access
CN111401416B (en) Abnormal website identification method and device and abnormal countermeasure identification method
CN110417778B (en) Access request processing method and device
CN108092975A (en) Recognition methods, system, storage medium and the electronic equipment of abnormal login
US10958657B2 (en) Utilizing transport layer security (TLS) fingerprints to determine agents and operating systems
CN108632227A (en) A kind of malice domain name detection process method and device
CN109327439B (en) Risk identification method and device for service request data, storage medium and equipment
CN108183900B (en) Method, server, system, terminal device and storage medium for detecting mining script
CN110650117B (en) Cross-site attack protection method, device, equipment and storage medium
CN103346972A (en) Flow control device and method based on user terminal
CN110933103A (en) Anti-crawler method, device, equipment and medium
CN111404937B (en) Method and device for detecting server vulnerability
CN103746992A (en) Reverse-based intrusion detection system and reverse-based intrusion detection method
CN105959294B (en) A kind of malice domain name discrimination method and device
CN104486320A (en) Intranet sensitive information disclosure evidence collection system and method based on honeynet technology
CN108512805B (en) Network security defense method and network security defense device
CN106790073B (en) Blocking method and device for malicious attack of Web server and firewall
CN117527412A (en) Data security monitoring method and device
CN110460593B (en) Network address identification method, device and medium for mobile traffic gateway
CN110808997B (en) Method and device for remotely obtaining evidence of server, electronic equipment and storage medium
CN107995167B (en) Equipment identification method and server
CN115051867B (en) Illegal external connection behavior detection method and device, electronic equipment and medium
CN115643044A (en) Data processing method, device, server and storage medium
CN110868410B (en) Method and device for acquiring webpage Trojan horse connection password, electronic equipment and storage medium
CN113765924A (en) Safety monitoring method, terminal and equipment based on cross-server access of user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Patentee after: QAX Technology Group Inc.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd.