CN111405080A - Terminal IP management system and user behavior auditing method based on same - Google Patents
Terminal IP management system and user behavior auditing method based on same Download PDFInfo
- Publication number
- CN111405080A CN111405080A CN202010158533.8A CN202010158533A CN111405080A CN 111405080 A CN111405080 A CN 111405080A CN 202010158533 A CN202010158533 A CN 202010158533A CN 111405080 A CN111405080 A CN 111405080A
- Authority
- CN
- China
- Prior art keywords
- terminal
- module
- record
- source
- record source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5061—Pools of addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The invention discloses a terminal IP management system, which comprises an automatic IP distribution module, a DNS access management module and a user behavior audit module, wherein the automatic IP distribution module is used for distributing IP data to a terminal; the automatic IP distribution module is used for providing a record source IP of a current terminal for the user behavior auditing module, the DNS access management module is used for providing a domain name accessed by the record source IP for the user behavior auditing module, and the user behavior auditing module is used for auditing record source IP terminals of all illegal access domain names; the automatic IP distribution module is provided with a recording source IP automatic binding function, a recording source IP unbinding function and a recording source IP automatic recovery function; the record source IP is an IP automatically distributed when the terminal request is received for the first time; also disclosed is a user behavior auditing method, comprising: the terminal starts to request IP and obtains a record source IP; the terminal access domain name of the record source IP is obtained; and auditing the responsible person who accesses the illegal domain name according to the record source IP. The invention combines automation and manual maintenance, and solves the problem of fixed management of the terminal IP.
Description
Technical Field
The invention belongs to the technical field of computer networks, and particularly relates to a terminal IP management system and a user behavior auditing method based on the system.
Background
With the popularization of the internet, accessing various network domain names becomes an indispensable part of daily life and office work of people. In the world of the internet, a network domain name is the only mark of a network identity like a resident identification card, but in the real society, the public security department can strictly and effectively manage the resident identity, and the domain name registration in the network world is very simple. Some bad organizations in the world handle domain name registration services for the benefit even without any audit. The loose domain name registration management system causes the continuous occurrence of illegal domain names, and the network domain names are registered by using false identities, and computers in different physical positions are used for initiating network attacks or network crimes to become the most used attack modes of the cyber crime group at present.
The auditing of the access behavior of the illegal domain name user is to detect the access of the illegal domain name from the perspective of the terminal user so as to detect whether the terminal is attacked, and the auditing of the access behavior of the illegal domain name user becomes one of effective measures for reducing the damage caused by network crime at present. However, there has been a problem that it is not possible to correspond an IP accessed by an illegal domain name to a responsible terminal for a long time, that is, it is not possible to know which terminal the IP accessed by the illegal domain name is currently. This difficulty arises because of the dynamically allocated IP function of the DHCP (dynamic host configuration protocol) server. The dynamic IP allocation is to use IP according to a set time length, after a client acquires an IP address from a DHCP server for the first time, the IP is not used permanently but used within the set time length, after each use, the DHCP client needs to release the IP for other clients, and when the client with the released IP is reused, the IP needs to be reapplied, so that one machine has a plurality of IPs. In the case where the IP is not fixed, although an illegal domain name access can be localized to a certain IP, it is not known to which terminal the IP belongs.
DHCP servers have two other IP allocation modes, but are not generally adopted by humans. One mode is an automatic IP allocation mode, namely, the automatic IP allocation mode is to set the lease time length of the IP to be infinite long, and when a DHCP client successfully acquires an IP address used for the unlimited lease time length from a DHCP server for the first time, the IP address is used permanently. The fact that the lease period is infinite means that other machines cannot be used means that if one machine once allocates an IP address in the network environment, and the machine is scrapped or used for other purposes, the permanent IP address allocated by the machine cannot be used by other machines, and the IP address is wasted. This means that for an office with a new batch of machines changed for two or three years, the IP of the entire batch of terminals will be wasted, which is undoubtedly a loss; a third IP allocation mode for DHCP servers is manual allocation of IP. The manual IP allocation increases the manual management cost and also brings inconvenience to the terminal user, because the address conflict of two machines often happens and the IP cannot be normally accessed to the network, and moreover, the manual labor management is also easy to cause working errors.
Because the automatic IP allocation and the manual IP allocation of the DHCP server bring inconvenience to people, in the prior art, the IP address with an infinite lease period cannot be allocated by using DHCP, which can cause the waste of the IP address. Therefore, in the prior art, the dynamic allocation IP function of the DHCP server is adopted, and the DHCP dynamic allocation IP is inconvenient for supervising and managing the behavior of the illegal domain name visitor because the IP is not fixed.
Disclosure of Invention
The invention provides a terminal IP management system and a user behavior auditing method based on the system for solving the problems in the prior art, and aims to solve the problems that an IP accessed by an illegal domain name cannot correspond to a responsible terminal and the fixed IP of a DHCP server cannot be recovered.
The invention adopts the following technical scheme for solving the technical problem.
A terminal IP management system comprises an automatic IP distribution module, a DNS access management module and a user behavior audit module; the automatic IP allocation module is used for providing a record source IP of a current terminal for the user behavior auditing module, the DNS access management module is used for providing a domain name accessed by the record source IP for the user behavior auditing module, and the user behavior auditing module is used for auditing record source IP terminals of all illegal access domain names; the method is characterized in that: the automatic IP distribution module is provided with a source IP automatic binding function, a source IP unbinding function and a source IP automatic recovery function; and the record source IP is an IP automatically distributed when the terminal request is received for the first time.
The IP automatic allocation module comprises an IP address pool, an IP allocation and maintenance module and a terminal information management module, wherein the IP address pool is used for providing an effective IP address, and the IP allocation and maintenance module is provided with an IP inquiry module, an IP allocation module and an IP binding and unbinding module; the terminal information management module is provided with a recording source IP and MAC automatic binding module, a recording source IP and terminal MAC comparison table and a recording source IP and responsible person information comparison table; the IP query module is used for querying whether the current terminal is allocated with the IP from the record source IP and terminal MAC comparison table, and the IP allocation module is used for acquiring the IP from an IP address pool or the record source IP and terminal MAC comparison table and then allocating the IP to the terminal; the IP binding module is used for calling an IP and MAC automatic binding module of the terminal information management module so as to realize the automatic binding function of the record source IP; and the unbinding module deletes redundant IP through a maintenance interface, thereby realizing the record source IP unbinding function.
A record source IP and MAC automatic binding module of the terminal information management module receives the record source IP and MAC sent by the IP binding module, binds the record source IP and MAC, and then automatically writes the bound record into a record source IP and terminal MAC comparison table; and deleting the record of the redundant IP through the record of the record source IP and the terminal MAC comparison table through the unbinding maintenance interface, and rewriting the unbound record source IP into an IP address pool, thereby realizing the automatic recovery function of the record source IP.
The IP address pool is provided with an effective IP record table, a recovered IP record table and an allocated IP record table; automatically writing in an effective IP record table and a recovered record table after the record source IP and the terminal MAC are unbound; when the IP distribution module extracts the distributed IP from the effective IP record table, the effective IP record table automatically removes the IP to the distributed IP record table.
The DNS access management module is provided with a DNS analysis module, a record source IP and an access domain name record table, the DNS analysis module analyzes the domain name after receiving the record source IP and the access domain name of the terminal, and then stores the record source IP and the access domain name into the record source IP and access domain name record table.
The user behavior auditing module is used for receiving the record source IP and the information of the responsible person from the IP automatic allocation module, receiving the record source IP and the information of the access domain name from the DNS access management module, and binding the two types of information of the same record source IP, thereby obtaining the information table of the responsible person who illegally accesses the domain name.
A user behavior auditing method of a terminal IP management system is characterized in that: the method comprises the following steps:
the method comprises the following steps that firstly, a terminal starts to request an IP and obtains a record source IP;
secondly, the terminal access domain name of the record source IP is obtained;
and step three, auditing and accessing the responsible person of the illegal domain name according to the record source IP.
The terminal starting up request IP and obtaining the record source IP in the first step comprises the following specific processes:
⑴ terminal startup request IP;
⑵ inquiring through the terminal MAC whether the terminal has allocated IP;
⑶ if no IP is allocated, extracting available IP from IP address pool, binding the available IP as record source IP with MAC of the terminal, and storing after binding;
⑷ if an IP has been allocated, the record source IP is reassigned to the terminal.
The second step is that the terminal having obtained the record source IP accesses the domain name, and the specific process is as follows:
⑴ has obtained the terminal access domain name of the record source IP;
⑵ DNS access management module receives the record source IP and resolves the domain name;
⑶ records the record source IP and the domain name accessed.
The third step is that the responsible person who accesses the illegal domain name according to the record source IP audit comprises the following specific processes:
⑴ obtaining record source IP and responsible person information comparison table from terminal information management module;
⑵ obtaining 'record source IP and access domain name comparison table' from DNS access management module;
⑶, the information of the same record source IP is integrated, so as to audit the responsible person who accesses the illegal domain name.
Advantageous effects of the invention
1. The invention realizes the practicability, the implementability, the scientificity and the validity of the fixed management of the terminal IP for the first time through the automatic binding function, the unbinding function and the automatic recovery function of the record source IP of the terminal IP management system, lays a foundation for the audit management of user behaviors and provides a scientific and effective tool.
2. The IP address allocation method of the invention can be combined with a terminal management system to delete redundant terminals, namely delete expired unused IP addresses equivalently, thereby playing the role of saving IP addresses.
3. The invention overcomes the prejudice that the field depends on automation or manual operation for a long time, combines automation and manual maintenance and perfectly solves the problem of fixed management of the terminal IP. The method and the system have the advantages that foreign DHCP software is localized, the function of manually maintaining the IP is added, and the problem of IP recovery is solved. It has been proven that human attempts historically relied entirely on automation are unsuccessful, and a clever combination of automation and manual work is the evergreen tree.
Drawings
FIG. 1 is a diagram of a terminal IP management system framework according to the present invention;
FIG. 2 is a schematic diagram of the terminal IP management system of the present invention;
fig. 3 is a diagram of a terminal information management module according to the present invention for automatic IP distribution __;
FIG. 4 is a block diagram of an automatic IP assignment __ IP assignment and maintenance module of the present invention;
Detailed Description
The invention will be further explained with reference to the drawings
Design principle of the invention
1. The design principle of the terminal IP management system of the invention is as follows: aiming at the defects and shortcomings of the DHCP server in the prior art, the invention develops a program package which can replace the DHCP function and improve the DHCP function, and the program package is the terminal IP management system. The terminal IP management system and the DHCP server in the prior art have essential difference for the method of fixing the IP: the fixed IP of the DHCP server adopts a fixed method with an infinite lease time, and once the infinite lease time is changed into a finite lease time, the method becomes a method for dynamically allocating the IP, and the method has natural defects: the binding of IP and terminal is not maintainable and is permanently occupied once allocated. The invention also realizes the function of fixed IP, but adopts the method of inquiring and judging when receiving the request each time, if the IP is distributed, the original IP, namely the record source IP is distributed to the terminal again, thereby realizing the fixed IP. The difference with the prior art DHCP server is that: the most critical difference is that whether an IP has been allocated is determined by looking up a "record source IP and terminal MAC lookup table" which can be maintained. The system adds a deletable function to the table through the maintenance interface, when the machine is scrapped or other uses need to release the bound IP, the original binding record can be deleted through the maintenance interface, and the deleted record source IP is rewritten into the IP address pool at the same time of deletion, thereby realizing the recovery of redundant IP.
2. The design principle of the user behavior auditing method. The invention solves the worries behind fixed IP, namely solves the problem of recovering redundant IP, thereby really realizing fixed terminal IP. Because the fixed terminal IP is realized, the IP can be bound with the terminal responsible person, and the supervision and management of illegal access of the terminal user to the domain name can be realized.
Based on the principle, the invention designs a terminal IP management system.
As shown in fig. 1, a terminal IP management system includes an automatic IP allocation module, a DNS access management module, and a user behavior audit module; the automatic IP allocation module is used for providing a record source IP of a current terminal for the user behavior auditing module, the DNS access management module is used for providing a domain name accessed by the record source IP for the user behavior auditing module, and the user behavior auditing module is used for auditing record source IP terminals of all illegal access domain names; the method is characterized in that: the automatic IP distribution module is provided with a source IP automatic binding function, a source IP unbinding function and a source IP automatic recovery function; and the record source IP is an IP automatically distributed when the terminal request is received for the first time.
As shown in fig. 2, 3 and 4, the IP automatic allocation module includes an IP address pool, an IP allocation and maintenance module, and a terminal information management module, where the IP address pool is used to provide a valid IP address, and the IP allocation and maintenance module is provided with an IP query module, an IP allocation module, and an IP binding and unbinding module; the terminal information management module is provided with a recording source IP and MAC automatic binding module, a recording source IP and terminal MAC comparison table and a recording source IP and responsible person information comparison table; the IP query module is used for querying whether the current terminal is allocated with the IP from the record source IP and terminal MAC comparison table, and the IP allocation module is used for acquiring the IP from an IP address pool or the record source IP and terminal MAC comparison table and then allocating the IP to the terminal; the IP binding module is used for calling an IP and MAC automatic binding module of the terminal information management module so as to realize the automatic binding function of the record source IP; and the unbinding module deletes redundant IP through a maintenance interface, thereby realizing the record source IP unbinding function.
As shown in fig. 3, the record source IP and MAC automatic binding module of the terminal information management module receives the record source IP and MAC sent by the IP binding module, binds them, and then automatically writes the bound record into the "record source IP and terminal MAC comparison table"; and deleting the record of the redundant IP through the record of the record source IP and the terminal MAC comparison table through the unbinding maintenance interface, and rewriting the unbound record source IP into an IP address pool, thereby realizing the automatic recovery function of the record source IP.
The IP address pool is provided with an effective IP record table, a recovered IP record table and an allocated IP record table; automatically writing in an effective IP record table and a recovered record table after the record source IP and the terminal MAC are unbound; when the IP distribution module distributes an IP from the effective IP record table, the effective IP record table automatically removes the IP to the distributed IP record table, and simultaneously deletes the IP from the current effective IP record table.
The DNS access management module is provided with a DNS analysis module, a record source IP and an access domain name record table, the DNS analysis module analyzes the domain name after receiving the record source IP and the access domain name of the terminal, and then stores the record source IP and the access domain name into the record source IP and access domain name record table.
The user behavior auditing module is used for receiving the record source IP and the information of the responsible person from the IP automatic allocation module, receiving the record source IP and the information of the access domain name from the DNS access management module, and binding the two types of information of the same record source IP, thereby obtaining the information table of the responsible person who illegally accesses the domain name.
Supplementary explanation:
the illegal domain name is judged by identifying through a black, white and grey list library in a DNS access management module. The DNS access management module matches the domain name access record with a list library while recording the terminal IP and the domain name access record, and if the access record exists in a white list, the domain name is a normal domain name; if the access record exists in the grey list, the validity of the domain name needs to be further confirmed; if the access record exists in the blacklist, the domain name is an illegal domain name, and further represents that the device may be attacked or invaded by a virus Trojan horse.
Based on the terminal IP management system, the invention designs a user behavior auditing method, which is characterized by comprising the following steps: the method comprises the following steps:
the method comprises the following steps that firstly, a terminal starts to request an IP and obtains a record source IP;
secondly, the terminal access domain name of the record source IP is obtained;
and step three, auditing and accessing the responsible person of the illegal domain name according to the record source IP.
The terminal starting up request IP and obtaining the record source IP in the first step comprises the following specific processes:
⑴ terminal startup request IP;
⑵ inquiring through the terminal MAC whether the terminal has allocated IP;
⑶ if no IP is allocated, extracting available IP from IP address pool, binding the available IP as record source IP with MAC of the terminal, and storing after binding;
⑷ if an IP has been allocated, the record source IP is reassigned to the terminal.
The second step is that the terminal having obtained the record source IP accesses the domain name, and the specific process is as follows:
⑴ has obtained the terminal access domain name of the record source IP;
⑵ DNS access management module receives the record source IP and resolves the domain name;
⑶ records the record source IP and the domain name accessed.
The third step is that the responsible person who accesses the illegal domain name according to the record source IP audit comprises the following specific processes:
⑴ obtaining record source IP and responsible person information comparison table from terminal information management module;
⑵ obtaining 'record source IP and access domain name comparison table' from DNS access management module;
⑶, the information of the same record source IP is integrated, so as to audit the responsible person who accesses the illegal domain name.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (10)
1. A terminal IP management system comprises an automatic IP distribution module, a DNS access management module and a user behavior audit module; the automatic IP allocation module is used for providing a record source IP of a current terminal for the user behavior auditing module, the DNS access management module is used for providing a domain name accessed by the record source IP for the user behavior auditing module, and the user behavior auditing module is used for auditing record source IP terminals of all illegal access domain names; the method is characterized in that: the automatic IP distribution module is provided with a source IP automatic binding function, a source IP unbinding function and a source IP automatic recovery function; and the record source IP is an IP automatically distributed when the terminal request is received for the first time.
2. The IP management system of claim 1, wherein: the IP automatic allocation module comprises an IP address pool, an IP allocation and maintenance module and a terminal information management module, wherein the IP address pool is used for providing an effective IP address, and the IP allocation and maintenance module is provided with an IP inquiry module, an IP allocation module and an IP binding and unbinding module; the terminal information management module is provided with a recording source IP and MAC automatic binding module, a recording source IP and terminal MAC comparison table and a recording source IP and responsible person information comparison table; the IP query module is used for querying whether the current terminal is allocated with the IP from the record source IP and terminal MAC comparison table, and the IP allocation module is used for acquiring the IP from an IP address pool or the record source IP and terminal MAC comparison table and then allocating the IP to the terminal; the IP binding module is used for calling an IP and MAC automatic binding module of the terminal information management module so as to realize the automatic binding function of the record source IP; and the unbinding module deletes redundant IP through a maintenance interface, thereby realizing the record source IP unbinding function.
3. The IP management system of claim 2, wherein: a record source IP and MAC automatic binding module of the terminal information management module receives the record source IP and MAC sent by the IP binding module, binds the record source IP and MAC, and then automatically writes the bound record into a record source IP and terminal MAC comparison table; and deleting the record of the redundant IP through the record of the record source IP and the terminal MAC comparison table through the unbinding maintenance interface, and rewriting the unbound record source IP into an IP address pool, thereby realizing the automatic recovery function of the record source IP.
4. The IP management system of claim 2, wherein: the IP address pool is provided with an effective IP record table, a recovered IP record table and an allocated IP record table; automatically writing in an effective IP record table and a recovered record table after the record source IP and the terminal MAC are unbound; when the IP distribution module extracts the distributed IP from the effective IP record table, the effective IP record table automatically removes the IP to the distributed IP record table.
5. The IP management system of claim 1, wherein: the DNS access management module is provided with a DNS analysis module, a record source IP and an access domain name record table, the DNS analysis module analyzes the domain name after receiving the record source IP and the access domain name of the terminal, and then stores the record source IP and the access domain name into the record source IP and access domain name record table.
6. The IP management system of claim 1, wherein: the user behavior auditing module is used for receiving the record source IP and the information of the responsible person from the IP automatic allocation module, receiving the record source IP and the information of the access domain name from the DNS access management module, and binding the two types of information of the same record source IP, thereby obtaining the information table of the responsible person who illegally accesses the domain name.
7. A user behavior auditing method based on a terminal IP management system of claim 1, characterized in that: the method comprises the following steps:
the method comprises the following steps that firstly, a terminal starts to request an IP and obtains a record source IP;
secondly, the terminal access domain name of the record source IP is obtained;
and step three, auditing and accessing the responsible person of the illegal domain name according to the record source IP.
8. The user behavior auditing method of a terminal IP management system according to claim 7, characterized by: the terminal starting up request IP and obtaining the record source IP in the first step comprises the following specific processes:
⑴ terminal startup request IP;
⑵ inquiring through the terminal MAC whether the terminal has allocated IP;
⑶ if no IP is allocated, extracting available IP from IP address pool, binding the available IP as record source IP with MAC of the terminal, and storing after binding;
⑷ if an IP has been allocated, the record source IP is reassigned to the terminal.
9. The user behavior auditing method of a terminal IP management system according to claim 7, characterized by: the second step is that the terminal having obtained the record source IP accesses the domain name, and the specific process is as follows:
⑴ has obtained the terminal access domain name of the record source IP;
⑵ DNS access management module receives the record source IP and resolves the domain name;
⑶ records the record source IP and the domain name accessed.
10. The user behavior auditing method of a terminal IP management system according to claim 7, characterized by: the third step is that the responsible person who accesses the illegal domain name according to the record source IP audit comprises the following specific processes:
⑴ obtaining record source IP and responsible person information comparison table from terminal information management module;
⑵ obtaining 'record source IP and access domain name comparison table' from DNS access management module;
⑶, the information of the same record source IP is integrated, so as to audit the responsible person who accesses the illegal domain name.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010158533.8A CN111405080A (en) | 2020-03-09 | 2020-03-09 | Terminal IP management system and user behavior auditing method based on same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010158533.8A CN111405080A (en) | 2020-03-09 | 2020-03-09 | Terminal IP management system and user behavior auditing method based on same |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111405080A true CN111405080A (en) | 2020-07-10 |
Family
ID=71432405
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010158533.8A Pending CN111405080A (en) | 2020-03-09 | 2020-03-09 | Terminal IP management system and user behavior auditing method based on same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111405080A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932492A (en) * | 2011-09-12 | 2013-02-13 | 微软公司 | Correlation of users to ip address lease events |
| CN103188104A (en) * | 2011-12-31 | 2013-07-03 | 中国移动通信集团浙江有限公司 | Method and device for analyzing user behaviors |
| CN103581910A (en) * | 2012-07-31 | 2014-02-12 | 西门子公司 | Method and device for tracking mobile user |
| CN104378457A (en) * | 2014-11-26 | 2015-02-25 | 中国联合网络通信集团有限公司 | Method, device and system for distributing IP address |
| CN105933466A (en) * | 2016-04-21 | 2016-09-07 | 广西广播电视信息网络股份有限公司 | Method for accurate user identification and serving in data transmission network |
| CN106332064A (en) * | 2015-06-23 | 2017-01-11 | 中兴通讯股份有限公司 | IP address management method, networking method, traceablility method and apparatus, and system |
| CN106657001A (en) * | 2016-11-10 | 2017-05-10 | 广州赛讯信息技术有限公司 | Botnet detection method based on Netflow and DNS blog |
| CN106790734A (en) * | 2016-01-29 | 2017-05-31 | 新华三技术有限公司 | A kind of network address assignment method and device |
| CN110401614A (en) * | 2018-04-24 | 2019-11-01 | 中移(杭州)信息技术有限公司 | The source tracing method and device of malice domain name |
| CN110807487A (en) * | 2019-10-31 | 2020-02-18 | 北京邮电大学 | Method and device for identifying user based on domain name system flow record data |
-
2020
- 2020-03-09 CN CN202010158533.8A patent/CN111405080A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932492A (en) * | 2011-09-12 | 2013-02-13 | 微软公司 | Correlation of users to ip address lease events |
| CN103188104A (en) * | 2011-12-31 | 2013-07-03 | 中国移动通信集团浙江有限公司 | Method and device for analyzing user behaviors |
| CN103581910A (en) * | 2012-07-31 | 2014-02-12 | 西门子公司 | Method and device for tracking mobile user |
| CN104378457A (en) * | 2014-11-26 | 2015-02-25 | 中国联合网络通信集团有限公司 | Method, device and system for distributing IP address |
| CN106332064A (en) * | 2015-06-23 | 2017-01-11 | 中兴通讯股份有限公司 | IP address management method, networking method, traceablility method and apparatus, and system |
| CN106790734A (en) * | 2016-01-29 | 2017-05-31 | 新华三技术有限公司 | A kind of network address assignment method and device |
| CN105933466A (en) * | 2016-04-21 | 2016-09-07 | 广西广播电视信息网络股份有限公司 | Method for accurate user identification and serving in data transmission network |
| CN106657001A (en) * | 2016-11-10 | 2017-05-10 | 广州赛讯信息技术有限公司 | Botnet detection method based on Netflow and DNS blog |
| CN110401614A (en) * | 2018-04-24 | 2019-11-01 | 中移(杭州)信息技术有限公司 | The source tracing method and device of malice domain name |
| CN110807487A (en) * | 2019-10-31 | 2020-02-18 | 北京邮电大学 | Method and device for identifying user based on domain name system flow record data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111698228B (en) | System access authority granting method, device, server and storage medium | |
| CN100452715C (en) | Intelligent terminal managing method | |
| CN100490377C (en) | Method and arrangement for preventing illegitimate use of IP addresses | |
| CN102833262B (en) | Phishing website collection and identification method and system based on whois information | |
| CN100546304C (en) | A kind of method and system that improves network dynamic host configuration DHCP safety | |
| WO2011065708A2 (en) | System and method for managing ipv6 address and access policy | |
| CA2682767A1 (en) | Network group name for virtual machines | |
| CN101064717A (en) | Safety protection system of information system or equipment and its working method | |
| EP1486050A2 (en) | A ddns server, a ddns client terminal and a ddns system, and a web server terminal, its network system and an access control method | |
| CN102790809B (en) | Domain name system resolution, device and client | |
| CA2565077A1 (en) | System and methods for domain name acquisition and management | |
| CN102624750B (en) | Resist the method and system that DNS recurrence is attacked | |
| CN101094129A (en) | Method for accessing domain name, and client terminal | |
| CN112187740B (en) | Network access control method and device, electronic equipment and storage medium | |
| WO2013024986A2 (en) | Network identifier position determining system and method for same | |
| CN114238879A (en) | Data processing method and device | |
| CN111405080A (en) | Terminal IP management system and user behavior auditing method based on same | |
| CN101150582A (en) | Method and device for configuration information allocation | |
| CN102882861A (en) | Method of achieving IP address cheating prevention based on analysis of dynamic host configuration protocol (DHCP) message | |
| CN111200645A (en) | Service request processing method, device, equipment and readable storage medium | |
| EP1039724A2 (en) | Method and apparatus providing for internet protocol address authentication | |
| CN111542001B (en) | Network system with distributed server clusters and construction method thereof | |
| CN114401251A (en) | Internet-based IP address database processing system and method thereof | |
| CN102299836A (en) | Method and device for accessing access equipment | |
| JP2004240819A (en) | Packet communication device with authentication function, network authentication access control server, application authentication access control server and distributed authentication access control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200710 |
|
| WD01 | Invention patent application deemed withdrawn after publication |