CN111092893A - Network security protection method based on XDR ticket data - Google Patents
Network security protection method based on XDR ticket data Download PDFInfo
- Publication number
- CN111092893A CN111092893A CN201911332489.1A CN201911332489A CN111092893A CN 111092893 A CN111092893 A CN 111092893A CN 201911332489 A CN201911332489 A CN 201911332489A CN 111092893 A CN111092893 A CN 111092893A
- Authority
- CN
- China
- Prior art keywords
- user
- network
- behavior
- security protection
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention relates to a network security protection method based on XDR (X data interchange) ticket data, which identifies user abnormal behaviors according to the XDR ticket data so as to perform network security protection, wherein the user abnormal behaviors are specifically identified according to indexes of the XDR ticket data, the indexes comprise signaling connection times, air interface time, flow, destination or source IP (Internet protocol), destination or source port numbers, data packet quantity and/or application service types, and the user abnormal behaviors comprise threat behaviors of a network to a user, threat behaviors of the user to the Internet and abuse behaviors of the user to wireless resources. Compared with the prior art, the method and the device realize effective monitoring of the abnormal behavior of the wireless user network, further adopt network safety protection measures, are beneficial to purifying network bad behaviors, realize a green and safe network environment, and have the advantages of wide and effective identification and the like.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a network security protection method based on XDR ticket data.
Background
With the application services on wireless mobile user terminals becoming more and more colorful, the use modes of the services by users have changed greatly, and the basic voice call and text message communication are changed into a multifunctional media leader integrating video, audio, picture, text and interconnection and intercommunication, and along with the change process, the behavior threatening the security of users and networks has also changed, and the virus and Trojan originally targeting the final user is changed into malicious attack or threat of link elements such as interconnection equipment, regional user perception, bearing network resources, service providing equipment and the like, and the corresponding precautionary measures are also changed from the original mending loopholes of the terminal operating system into the perception of the abnormal behavior of the users in the networks and the adoption of limiting measures.
For users in the wireless new environment, the abnormal behaviors are complex and various, and can be described by using an actual scene: company A and company B are two companies operating the same kind of products, both have the ability of providing remote service access for customers, but both often adopt irregular measures in order to develop respective markets, for example, company A implements a large amount of data packet attacks on the server port providing services for company B, consumes the server port resources, makes the customer group of company B unable to normally access the services, and these customers are forced to turn to the business of company A only, thus achieving the purpose of company A developing the customer group. Due to the occurrence of similar events, the unordered competition of industries causes the phenomenon that the Internet is not standard, and a plurality of new problems are faced.
Through the analysis of wireless data samples, the influence of the abnormal behavior of the user is summarized from the aspects of universality, growth speed, risk and occurrence frequency as follows.
1) Abnormal behavior is increasingly common: battery attacks, port scanning, signaling attacks, resource abuse.
2) The growing security threat: for example, the network security behavior is increased by 214% compared with the 2G and 3G era since the LTE is online.
3) Bringing risks to the network: complaints increase, brands are impaired; the network is threatened; the user perception decreases; network performance is degraded; radio resources are in short supply.
4) The frequency of occurrence is very high: the user behavior is complex and variable, the abuse of wireless resources is frequent, and the monitoring and the discovery are required in time; the abnormal behavior events of the user are frequent, and potential hidden dangers need to be found in time by analyzing the internet surfing behavior of the user.
The prior art has the following defects:
for increasingly serious influence, the adopted prevention means are relatively poor, and the performance is as follows: the method has the advantages that a discovery-free means and a network state event discovery means are lacked, a monitoring means is lacked aiming at abnormal service behaviors, an end-to-end delimiting positioning tool for the abnormal network behaviors is lacked, the abnormal network behaviors can be found only by depending on complaints in an unknown customization mode, the user perception is poor, and the problems cannot be eradicated. The method can not be completely inhibited, only part of network state behaviors can be responded through the control strategy of the EPC, and no effective inhibiting means exists for battery attack, signaling attack and the like. The response speed is slow, and the implementation period from finding to inhibiting measures is too long after the reason of the problem is confirmed through manual analysis.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provide a network security protection method based on XDR ticket data.
The purpose of the invention can be realized by the following technical scheme:
the invention analyzes multidimensional data of users, terminals, networks, application services and the like according to transmission streams acquired in an operator bearing network, and performs multidimensional correlation statistics to form a system for analyzing user perception indexes, network KPI indexes, data stream transmission directions, destination or source IP addresses or port numbers, application service perception indexes and the like end to end, comprehensively compares and calculates security behaviors between the users and the networks, finds threats existing between the users and abuse of wireless network resources, summarizes the behaviors into behavior events, takes the events as analysis objects, sets threshold values, divides security levels, generates alarm messages, interfaces a policy control system, formulates an intelligent control policy and implements a restriction policy. By the method and the system, intelligent monitoring and control can be implemented on wireless user behaviors, network adverse behaviors are purified, and a green and safe network environment is realized.
The content perceived by the abnormal behavior of the user includes three major categories: and (3) the threat behavior of the wireless network to the user, the behavior of scanning a wireless network port by the user and abusing wireless network resources by the user.
The definition and inclusion of each class of behavior is specified below.
1. Threat behavior of the wireless network to the user: when a user uses a wireless network, a large amount of signaling interaction occurs and is used for completing registration processes such as information synchronization, identity calibration, authentication and the like, the possibility of malicious utilization exists in the processes, and four action events of single-source signaling attack, multi-source signaling attack, malicious power consumption attack and mobile phone flooding are summarized by deeply analyzing the signaling processes.
2. User scanning wireless network port behavior: a user embeds a malicious program into wireless terminal equipment to initiate malicious preemption to wireless network port resources, so that the false appearance that a network port is busy is caused, the time for processing and responding a request event is prolonged, and the port cannot be used, even the network is paralyzed. Three behavior events of horizontal port scanning, vertical port scanning and passive transmission flow are summarized for the behavior.
3. Misuse of wireless network resource behavior: resources in a wireless network comprise bandwidth, flow, signaling and air interface time, which are relatively short, and each resource has strict quantity limitation, so that reasonable allocation and utilization of the wireless resources are very important, and malicious users can misuse the resources by using distributed application advantages, so that the network cannot normally work. Four events of high bandwidth utilization behavior, high signaling consumption behavior, long-term activity behavior and high P2P service utilization behavior are summarized for the behavior.
Specifically, the invention provides a network security protection method based on XDR ticket data, which identifies the abnormal behavior of a user according to the XDR ticket data so as to perform network security protection.
Further, the identification of the user abnormal behavior is specifically to identify the user abnormal behavior according to an index of XDR ticket data, where the index includes signaling connection times, air interface time, flow, destination or source IP, destination or source port number, data packet number, and/or application service type.
Further, the abnormal behavior of the user comprises threat behavior of the network to the user, threat behavior of the user to the internet and/or abuse behavior of the user to the wireless resources.
Further, the threat behaviors of the network to the user include single-source battery attack, distributed battery attack, single-source mobile phone flooding and/or distributed mobile phone flooding;
and the single-source battery attack, the distributed battery attack, the single-source mobile phone flooding and the distributed mobile phone flooding are judged according to the destination or source IP, the destination or source port number and the data packet number.
Further, the threat behaviors of the user to the internet comprise horizontal scanning port attack, vertical scanning port attack and/or passive data stream attack;
the horizontal scanning port attack, the vertical scanning port attack and the passive data stream attack are judged according to the destination or source IP, the destination or source port number and the data packet number.
Further, the abuse behavior of the user on the wireless resources comprises high bandwidth consumption users, high signaling consumption users, long-term active users and/or high P2P service users;
the high bandwidth consumption user judges according to the flow;
the high signaling consumption user judges according to the signaling connection times;
the long-term active user is judged according to air interface time and flow;
and the high P2P service user is judged according to the flow and the application service type.
Further, the performing network security protection specifically includes docking the identified abnormal behavior of the user to a policy control system, and performing network security protection by the policy control system according to a preset control policy.
Further, the management and control strategy comprises the steps of identifying and blocking threat behaviors of the network to the user from the network side; and issuing a strategy through the PCRF for protection according to the threat behavior of the user to the Internet.
Further, the management and control strategy also comprises the step of protecting by limiting the bandwidth according to the abuse behavior of the user on the wireless resources.
Further, the network security protection method also comprises the steps of judging the grade of the user abnormal behavior, and automatically sending an alarm message according to the grade, wherein the grade of the user abnormal behavior is judged specifically by learning and summarizing historical data, determining the grade of a network state event, counting a window period and a grade definition unit threshold value, and judging the grade of the user abnormal behavior, wherein the network state event is caused by the corresponding user abnormal behavior.
Compared with the prior art, the invention has the following advantages:
(1) the invention realizes effective monitoring of the abnormal behavior of the wireless user network by monitoring and analyzing the XDR ticket data, and further adopts network safety protection measures, thereby being beneficial to purifying network bad behaviors and realizing green and safe network environment.
(2) According to various indexes of XDR ticket data, the method and the device can effectively identify the threat behaviors of the network to the user, the threat behaviors of the user to the Internet and the abuse behaviors of the user to wireless resources, can specifically identify up to eleven user abnormal behaviors, and have the advantages of wide and effective identification and the like.
(3) The invention provides an effective and rapid coping means after identifying the abnormal behavior of the user.
Drawings
FIG. 1 is a schematic flow chart illustrating the process of identifying abnormal behavior of a user according to the present invention;
FIG. 2 is a schematic diagram of a system architecture for recognizing abnormal user behavior according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating an automatically identified network state event according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating an automatic identification result of a network status event according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a network flow record according to an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating details of a network flow according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of network performance indicators according to an embodiment of the present invention;
fig. 8 is a schematic diagram of an internet path according to an embodiment of the present invention, in which TAI-guigan-30896, SAEGW34, and 117.142.100.97 are nodes in the internet path respectively.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. The present embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.
Example 1
The embodiment is a network security protection method based on XDR ticket data, which identifies the abnormal behavior of a user according to the index of the XDR ticket data, thereby carrying out network security protection. The steps are described in detail below.
1. XDR ticket data index
As shown in fig. 1, the index of the XDR ticket data includes the number of signaling connections, air interface time, flow, destination or source IP, destination or source port number, number of data packets, and/or application service type.
2. Abnormal behavior of user
The abnormal behavior of the user comprises the threat behavior of the network to the user, the threat behavior of the user to the internet and/or the abuse behavior of the user to the wireless resources.
1) The threat behaviors of the network to the user comprise single-source battery attack, distributed battery attack, single-source mobile phone flooding and distributed mobile phone flooding; the single-source battery attack, the distributed battery attack, the single-source mobile phone flooding and the distributed mobile phone flooding are judged according to the destination or source IP, the destination or source port number and the data packet number.
2) Threat behaviors of a user to the internet comprise horizontal scanning port attack, vertical scanning port attack and passive data stream attack; the horizontal scanning port attack, the vertical scanning port attack and the passive data stream attack are judged according to the destination or source IP, the destination or source port number and the data packet number.
3) User abuse behavior of wireless resources including high bandwidth consuming users, high signaling consuming users, long term active users, and/or high P2P traffic users; the high bandwidth consumption user judges according to the flow; the high signaling consumption user judges according to the signaling connection times; judging the long-term active user according to the air interface time and the flow; the high P2P service user is judged according to the flow and the application service type.
The eleven interpretations of the user's abnormal behavior are shown in table 1.
As shown in fig. 2, the present embodiment implements statistical analysis of network status events based on the existing data collection system. Data of interfaces such as S1-MME, S1-U, S11 and S6a are collected in the existing unified DPI, and 11 types of security events can be analyzed and filtered by adapting the generated user internet ticket and call ticket with the threshold value of the network state event judgment rule, wherein the data are divided into three directions: threat behaviors of a network to a user, threat behaviors of the user to the internet, and abuse behaviors of the user to wireless resources.
As shown in fig. 3 and 4, this embodiment illustrates an automatic identification process of a network state event, and realizes automatic identification and analysis of behavior events such as battery attack, signaling attack, and high resource consumption users.
As shown in fig. 5 to 8, which are specific illustrations of the automatic identification process of the network status event in this embodiment, end-to-end drill-down analysis is implemented, and drill-down analysis of the security event is implemented, and a user- > internet flow details- > internet performance index- > path- > deep packet analysis is implemented.
3. Network security protection
Specifically, the identified abnormal behavior of the user is connected to a policy control system, and the policy control system performs network security protection according to a preset control policy.
The control strategy comprises the steps of protecting from a network side according to the threat behavior of the network to the user; according to the threat behavior of the user to the Internet, the PCRF issues a strategy for protection; and according to the abuse behavior of the user on the wireless resources, the protection is carried out by limiting the bandwidth.
The method for performing network security protection in this embodiment is as follows:
3.1, timing and loading sector control strategies based on historical data of network states, wherein the historical data is used for judging and identifying abnormal behaviors, and the control strategies include but are not limited to: the method implements shunting control and network element expansion planning strategies according to busy and idle periods of the network, implements current limiting and abnormal behavior limiting strategies according to the user capacity of the base station carrier fan, and effectively solves the problem of unreasonable utilization of network resources in busy hours and busy areas.
3.2, based on the congestion state of the cell, the real-time management and control of abusing users by P2P in the congested cell are realized, and the reduction of user experience brought by P2P is effectively relieved.
3.3, aiming at the busy area, the experience of high-end users is guaranteed by limiting the bandwidth of common users.
And 3.4, the experience of the self-service business is ensured by the strategy control system aiming at the differentiated QoS control of the mobile self-service business and the related Internet business.
And 3.5, scanning the instant discovery of the users aiming at the ports, and issuing a strategy by the PCRF to terminate the users so as to protect network resources and network security. The policy issuing by the PCRF is prior art.
3.6, through the continuous discovery of the battery attack to the customer, the data channel from the abnormal port is cut off from the network side, for example, an interception strategy to the abnormal port is added into a network firewall, so that the data request from the customer terminal cannot reach a destination server, the running time of the abnormal port is reduced, the consumption of the terminal battery is reduced, the battery service time is prolonged, the customer feels that the battery is durable in use under the network, the customer service perception is guaranteed, and the customer viscosity can be improved.
3.7, aiming at the vicious attack of the customers, discovering and timely managing and controlling abnormal behaviors before customer complaints, improving customer perception and reducing customer complaints.
3.8, end-to-end delimiting positioning: starting from the network state behaviors, performance KPI indexes such as user dimensionality, network dimensionality, terminal dimensionality, service dimensionality and service servers are gradually drilled, and the influence of the network state behaviors on perception is comprehensively monitored.
The network security protection method also comprises the steps of judging the grade of the abnormal behavior of the user, automatically sending an alarm message according to the grade, judging the grade of the abnormal behavior of the user, determining the grade of the abnormal behavior of the user by learning and summarizing historical data, determining the grade of a network state event, a statistical window period and a grade definition unit threshold value, and judging the grade of the abnormal behavior of the user, wherein the network state event is caused by the corresponding abnormal behavior of the user.
The determination rule for the user abnormal behavior level in this embodiment is as follows: through learning summary of historical data, the grade of the network state event, the statistical window period and the grade definition unit threshold value are determined, 5 different grades can be set to represent the strength of the influence on the network, and the grade values are 1-5 and are sequentially enhanced. The statistical window uses a time dimension, takes seconds as a unit, and sets different statistical periods according to different events. In the statistical period, the statistical indexes are used as units for defining levels, and threshold values of each unit at different levels are formulated.
In this embodiment, the docking process of the network security protection method and the policy management and control system of the present invention is as follows:
1) developing an interface with a policy management and control system;
2) realizing automatic sending of the alarm message according to the grade;
3) associating the minute granularity statistical result of the unified DPI collected data, and adding safety event judgment in each time period;
4) the method realizes that a network security behavior factor is added into a user perception QoE algorithm;
5) designing a flexible report output mode and monitoring the management and control effect;
6) improving the statistical result display output function, and displaying the statistical result on a foreground in a chart mode;
7) the processing performance of the system is improved, and with the increase of data volume, the load of the equipment performance is high, so that the processing capacity of a single equipment needs to be improved by an optimization algorithm.
The network security protection method of the invention analyzes multidimensional data of users, terminals, networks, application services and the like according to transmission streams acquired in an operator bearing network, and forms a system for analyzing user perception indexes, network KPI indexes, data stream transmission directions, destination or source IP addresses or port numbers, application service perception indexes and the like end to end by adding multidimensional correlation statistics, comprehensively compares and calculates security behaviors between the users and the network, finds threats existing between the users and abuse of wireless network resources, summarizes the threats and the abuse of the wireless network resources into behavior events, sets a threshold value, divides security levels, generates an alarm message, interfaces a policy control system, formulates an intelligent control policy and implements a restriction policy. The invention can form intelligent monitoring and control on wireless user behaviors, purify network bad behaviors and realize green and safe network environment.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (10)
1. A network security protection method based on XDR ticket data is characterized in that the network security protection method identifies user abnormal behaviors according to the XDR ticket data so as to carry out network security protection.
2. The method according to claim 1, wherein the identifying of the user abnormal behavior is specifically identifying the user abnormal behavior according to an index of the XDR ticket data, where the index includes signaling connection times, air interface time, traffic, destination or source IP, destination or source port number, packet number, and/or application service type.
3. The method for network security protection based on XDR ticket data as claimed in claim 2, wherein said user abnormal behavior comprises threat behavior of network to user, threat behavior of user to Internet and/or abuse behavior of user to wireless resource.
4. The method for network security protection based on XDR ticket data according to claim 3, wherein the threat behavior of the network to the user comprises single-source battery attack, distributed battery attack, single-source mobile phone flooding and/or distributed mobile phone flooding;
and the single-source battery attack, the distributed battery attack, the single-source mobile phone flooding and the distributed mobile phone flooding are judged according to the destination or source IP, the destination or source port number and the data packet number.
5. The method for protecting network security based on XDR ticket data according to claim 3, wherein the threat behavior of the user to the Internet comprises horizontal scanning port attack, vertical scanning port attack and/or passive data stream attack;
the horizontal scanning port attack, the vertical scanning port attack and the passive data stream attack are judged according to the destination or source IP, the destination or source port number and the data packet number.
6. The method for network security protection based on XDR ticket data as claimed in claim 3, wherein the abuse behavior of the user to the wireless resource comprises high bandwidth consuming user, high signaling consuming user, long term active user and/or high P2P service user;
the high bandwidth consumption user judges according to the flow;
the high signaling consumption user judges according to the signaling connection times;
the long-term active user is judged according to air interface time and flow;
and the high P2P service user is judged according to the flow and the application service type.
7. The method according to claim 3, wherein the performing of the network security protection specifically comprises interfacing the identified abnormal behavior of the user with a policy control system, and the policy control system performs the network security protection according to a preset control policy.
8. The method for network security protection based on XDR ticket data as claimed in claim 3, wherein the management and control strategy comprises identifying and blocking the threat behavior of the network to the user from the network side; and issuing a strategy through the PCRF for protection according to the threat behavior of the user to the Internet.
9. The method according to claim 3, wherein the management and control strategy further comprises protection by limiting bandwidth according to abuse of wireless resources by users.
10. The network security protection method based on the XDR ticket data as claimed in claim 1, wherein the network security protection method further comprises the steps of judging the level of the user abnormal behavior, and automatically sending an alarm message according to the level, wherein the judgment of the level of the user abnormal behavior is specifically that the level of the user abnormal behavior is judged by determining the level of a network state event, a statistical window period and a level definition unit threshold value through learning and summarizing historical data, and the network state event is caused by the corresponding user abnormal behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911332489.1A CN111092893A (en) | 2019-12-22 | 2019-12-22 | Network security protection method based on XDR ticket data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911332489.1A CN111092893A (en) | 2019-12-22 | 2019-12-22 | Network security protection method based on XDR ticket data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111092893A true CN111092893A (en) | 2020-05-01 |
Family
ID=70395466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911332489.1A Pending CN111092893A (en) | 2019-12-22 | 2019-12-22 | Network security protection method based on XDR ticket data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111092893A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865923A (en) * | 2020-06-23 | 2020-10-30 | 宜通世纪物联网研究院(广州)有限公司 | Method, system, device and medium for identifying abnormal behavior of Internet of things card |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020188712A1 (en) * | 2001-03-20 | 2002-12-12 | Worldcom, Inc. | Communications system with fraud monitoring |
| CN106454882A (en) * | 2015-08-07 | 2017-02-22 | 中兴通讯股份有限公司 | Method and device used for obtaining user call ticket xDR |
| CN106911523A (en) * | 2017-04-25 | 2017-06-30 | 杭州东方通信软件技术有限公司 | The method and system that mobile interchange network users are positioned by LTE indulging in the internet |
| CN108337652A (en) * | 2017-01-20 | 2018-07-27 | 中国移动通信集团河南有限公司 | A kind of method and device of detection flows fraud |
| CN108683527A (en) * | 2018-04-25 | 2018-10-19 | 武汉虹信技术服务有限责任公司 | A kind of user's perceived depth detection method based on MR and XDR |
| CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
-
2019
- 2019-12-22 CN CN201911332489.1A patent/CN111092893A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020188712A1 (en) * | 2001-03-20 | 2002-12-12 | Worldcom, Inc. | Communications system with fraud monitoring |
| CN106454882A (en) * | 2015-08-07 | 2017-02-22 | 中兴通讯股份有限公司 | Method and device used for obtaining user call ticket xDR |
| CN108337652A (en) * | 2017-01-20 | 2018-07-27 | 中国移动通信集团河南有限公司 | A kind of method and device of detection flows fraud |
| CN106911523A (en) * | 2017-04-25 | 2017-06-30 | 杭州东方通信软件技术有限公司 | The method and system that mobile interchange network users are positioned by LTE indulging in the internet |
| CN108683527A (en) * | 2018-04-25 | 2018-10-19 | 武汉虹信技术服务有限责任公司 | A kind of user's perceived depth detection method based on MR and XDR |
| CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
Non-Patent Citations (3)
| Title |
|---|
| POLINA REPP: "Theoretical Aspects of Cyber-Atack Modeling", 《2018 INTERNATIONAL RUSSIAN AUTOMATION CONFERENCE (RUSAUTOCON)》 * |
| 赵清等: "一种基于用户话单的业务感知监测技术研究", 《通讯世界》 * |
| 郑颖航等: "基于XDR分析互联网业务质量的方案", 《电信快报》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865923A (en) * | 2020-06-23 | 2020-10-30 | 宜通世纪物联网研究院(广州)有限公司 | Method, system, device and medium for identifying abnormal behavior of Internet of things card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101431449B (en) | Network flux cleaning system | |
| Phan et al. | OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks | |
| US11546266B2 (en) | Correlating discarded network traffic with network policy events through augmented flow | |
| US20040146006A1 (en) | System and method for internal network data traffic control | |
| CN100454895C (en) | Method for raising network security via message processing | |
| CN101286996A (en) | Storm attack resisting method and apparatus | |
| Huang et al. | Countering denial-of-service attacks using congestion triggered packet sampling and filtering | |
| WO2017035717A1 (en) | Distributed denial of service attack detection method and associated device | |
| CN102882894A (en) | Method and device for identifying attack | |
| KR20040057257A (en) | System and method for protecting from ddos, and storage media having program thereof | |
| CN107749863B (en) | Method for network security isolation of information system | |
| CN101635720A (en) | Filtering method of unknown flow rate and bandwidth management equipment | |
| CN115484047A (en) | Method, device, equipment and storage medium for identifying flooding attack in cloud platform | |
| CN111092893A (en) | Network security protection method based on XDR ticket data | |
| CN110719286A (en) | Network optimization scheme sharing system and method based on big data | |
| CN100393047C (en) | Intrusion detecting system and network apparatus linking system and method | |
| WO2020063661A1 (en) | Flow congestion monitoring method and device | |
| CN1684425A (en) | Method for realizing legal monitoring | |
| CN110753007B (en) | QoS-based flow strategy configuration method and device | |
| CN101668034A (en) | Method for recognizing two voice flows of Skype in real time | |
| CN114978604A (en) | Security gateway system for software defined service perception | |
| Maheshwar et al. | Black hole effect analysis and prevention through IDS in MANET environment | |
| CN111147516B (en) | SDN-based dynamic interconnection and intelligent routing decision system and method for security equipment | |
| CN110138773B (en) | Protection method for goose attack | |
| KR101466895B1 (en) | Method of detecting voip fraud, apparatus performing the same and storage media storing the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200501 |