CN113692015B - Terminal equipment identification method and system for simultaneously accessing wired network and wireless network - Google Patents
Terminal equipment identification method and system for simultaneously accessing wired network and wireless network Download PDFInfo
- Publication number
- CN113692015B CN113692015B CN202111033025.8A CN202111033025A CN113692015B CN 113692015 B CN113692015 B CN 113692015B CN 202111033025 A CN202111033025 A CN 202111033025A CN 113692015 B CN113692015 B CN 113692015B
- Authority
- CN
- China
- Prior art keywords
- wireless network
- preset time
- terminal device
- workplace
- time precision
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000004891 communication Methods 0.000 claims description 62
- 239000013598 vector Substances 0.000 claims description 55
- 238000004364 calculation method Methods 0.000 claims description 13
- 238000011524 similarity measure Methods 0.000 claims description 11
- 230000006870 function Effects 0.000 description 5
- 238000012806 monitoring device Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000011835 investigation Methods 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Abstract
The invention relates to a terminal equipment identification method and a system for simultaneously accessing a wired network and a wireless network, which utilize a first correlation coefficient to represent the correlation between each first moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision, provide a judgment basis for identifying the terminal equipment simultaneously accessing the wired network and the wireless network, can meet the special network safety protection requirement, is suitable for a plurality of workplaces with a large number of terminal equipment, has high precision and efficiency and reduces the management cost compared with the existing manual identification mode.
Description
Technical Field
The invention relates to the technical field of monitoring, in particular to a terminal equipment identification method and a system for simultaneously accessing a wired network and a wireless network.
Background
In some workplaces, especially in particular in a particular place with network security requirements, such as a substation, a nuclear power station, etc., provision is often made for: the wireless network interface is not allowed to be used for connecting the wireless network while the wired network interface is used for connecting the wireless network, or the wireless network interface is not allowed to be used for connecting the wired network while the wireless network interface is used for connecting the wireless network.
If the workplace has only one terminal device such as computer device/wireless access device, the terminal device can judge whether the terminal device has the illegal simultaneous connection of the wired network and the wireless network through the connection condition of the wired network and the connection condition of the wireless network. If there are multiple terminal devices on site, there are many temporary wired network connection records and wireless network connection records, but in these temporary wired network connection records and wireless network connection records, there are cases where the same terminal device is connected to both wired network and wireless network? If it is not known in advance which terminal device the wired network and the wireless network belong to, it is difficult to know whether the wired network and the wireless network are connected simultaneously or not at all, and finally, it is impossible to make an accurate judgment whether or not any terminal device violates the special network protection requirement.
Moreover, since the wired network and the wireless network used in a terminal device such as a portable computer device are independent of each other—there is no correlation between the wired network and the wireless network, there is no technical means currently available to accurately correlate the wired network and the wireless network to a terminal device, and the wired network and the wireless network belonging to the same terminal device cannot be identified from a certain moment and a certain working scenario, so that the terminal device connected to the wired network and the wireless network simultaneously cannot be identified from a certain moment.
Currently, management means can be used to manually transcribe unique identification information of the wired network and the wireless network, and then manually associate the two together. The terminal equipment connected with the wired network and the wireless network is judged by a manual identification mode, the identification efficiency is low, the management cost is increased, the phenomenon that the unique identification information of the wired network and the wireless network cannot be accurately and completely transcribed due to management negligence and the like is likely to exist, and the identification precision is low. .
Disclosure of Invention
The invention aims to solve the technical problem of providing a terminal equipment identification method and a system for simultaneously accessing a wired network and a wireless network aiming at the defects of the prior art.
The invention discloses a terminal equipment identification method for simultaneously accessing a wired network and a wireless network, which comprises the following steps:
According to the wired network communication data of each workplace, a first movement track of each terminal device connected with the wired network under each preset time precision is obtained, and according to the wireless network communication data of each workplace, a second movement track of each terminal device connected with the wireless network under each preset time precision is obtained, wherein each preset workplace comprises at least one terminal device;
calculating a first correlation coefficient between each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the first correlation coefficient corresponding to each preset time precision is obtained;
and identifying terminal equipment which is simultaneously accessed into the wired network and the wireless network according to the obtained first correlation coefficients.
The terminal equipment identification method for simultaneously accessing the wired network and the wireless network has the following beneficial effects:
The correlation between each first moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision is characterized by utilizing the first correlation coefficient, a judgment basis is provided for identifying whether terminal equipment which is simultaneously connected with a wired network and a wireless network at the same time or at the same moment, the special network safety protection requirement can be met, the method is suitable for a plurality of workplaces with a large number of terminal equipment, and compared with the existing manual identification mode, the method is high in precision and efficiency, and management cost is reduced.
Based on the scheme, the terminal equipment identification method for simultaneously accessing the wired network and the wireless network can be improved as follows.
Further, the method further comprises the following steps:
Acquiring a third movement track of each wireless network under each preset time precision according to the wireless network communication data of each workplace;
Calculating a second correlation coefficient between each third moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the second correlation coefficient corresponding to each preset time precision is obtained;
And identifying the portable terminal equipment according to the obtained plurality of second correlation numbers.
The beneficial effects of adopting the further scheme are as follows: the smart phone, the portable computer equipment and the like which are currently mainstream can provide a wireless hotspot function, other terminal equipment such as the computer equipment which can be accessed into a wireless network in a workplace can be connected with the wireless hotspot so as to access and interconnect, the correlation between each third moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision is characterized by utilizing a second correlation table, a judgment basis is provided for identifying the portable terminal equipment, special network safety protection requirements can be met, and the wireless hotspot is suitable for a plurality of workplaces with a large number of terminal equipment.
Further, the obtaining, according to the wired network communication data of each workplace, a first movement track of each terminal device accessing the wired network under each preset time precision includes:
According to the wired network communication data of each workplace, acquiring workplaces and time stamps corresponding to each terminal device accessed to the wired network;
According to the workplace and the time stamp corresponding to each terminal device accessed to the wired network, a first vector of each terminal device accessed to the wired network under each preset time precision is respectively constructed and used as a first moving track of each terminal device accessed to the wired network under each preset time precision.
Further, the obtaining, according to the wireless network communication data of each workplace, a second movement track of each terminal device connected to the wireless network under each preset time precision includes:
According to the wireless network communication data of each workplace, acquiring workplaces and time stamps corresponding to terminal equipment accessed to the wireless network;
And respectively constructing a second vector of each terminal device accessed to the wireless network under each preset time precision according to the workplace and the time stamp corresponding to each terminal device accessed to the wireless network, and taking the second vector as a second movement track of each terminal device accessed to the wireless network under each preset time precision.
Further, the obtaining, according to the wireless network communication data of each workplace, a third movement track of each wireless network under each preset time precision includes:
according to the wireless network communication data of each workplace, acquiring a workplace and a time stamp corresponding to each wireless network;
And respectively constructing a third vector of each wireless network under each preset time precision according to the workplace and the time stamp corresponding to each wireless network, and taking the third vector as a third movement track of each wireless network under each preset time precision.
Further, the first correlation coefficient or the second correlation coefficient is a distance or a similarity measure between vectors.
The technical scheme of the terminal equipment identification system for simultaneously accessing the wired network and the wireless network is as follows:
The system comprises a movement track acquisition module, a correlation coefficient calculation module and an identification module;
The movement track acquisition module is used for: according to the wired network communication data of each workplace, a first movement track of each terminal device connected with the wired network under each preset time precision is obtained, and according to the wireless network communication data of each workplace, a second movement track of each terminal device connected with the wireless network under each preset time precision is obtained, wherein each preset workplace comprises at least one terminal device;
The correlation coefficient calculation module is used for: calculating a first correlation coefficient between each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the first correlation coefficient corresponding to each preset time precision is obtained;
the identification module is used for identifying terminal equipment which is simultaneously accessed into the wired network and the wireless network according to the obtained first correlation coefficients.
The terminal equipment identification system for simultaneously accessing the wired network and the wireless network has the following beneficial effects:
The correlation between each first moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision is characterized by utilizing the first correlation coefficient, a judgment basis is provided for identifying whether terminal equipment which is simultaneously connected with a wired network and a wireless network at the same time or at the same moment, the special network safety protection requirement can be met, the method is suitable for a plurality of workplaces with a large number of terminal equipment, and compared with the existing manual identification mode, the method is high in precision and efficiency, and management cost is reduced.
Based on the scheme, the terminal equipment identification system for simultaneously accessing the wired network and the wireless network can be improved as follows.
Further, the movement track acquisition module is further configured to: acquiring a third movement track of each wireless network under each preset time precision according to the wireless network communication data of each workplace;
The correlation coefficient calculation module is further configured to: calculating a second correlation coefficient between each third moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the second correlation coefficient corresponding to each preset time precision is obtained;
The identification module is also used for identifying the portable terminal equipment according to the obtained plurality of second correlation numbers.
The beneficial effects of adopting the further scheme are as follows: the smart phone, the portable computer equipment and the like which are currently mainstream can provide a wireless hotspot function, other terminal equipment such as the computer equipment which can be accessed into a wireless network in a workplace can be connected with the wireless hotspot so as to access and interconnect, the correlation between each third moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision is characterized by utilizing a second correlation table, a judgment basis is provided for identifying the portable terminal equipment, special network safety protection requirements can be met, and the wireless hotspot is suitable for a plurality of workplaces with a large number of terminal equipment.
Further, the movement track acquisition module is specifically configured to:
According to the wired network communication data of each workplace, acquiring workplaces and time stamps corresponding to each terminal device accessed to the wired network;
According to the workplace and the time stamp corresponding to each terminal device accessed to the wired network, a first vector of each terminal device accessed to the wired network under each preset time precision is respectively constructed and used as a first moving track of each terminal device accessed to the wired network under each preset time precision.
Further, the movement track acquisition module is specifically further configured to:
According to the wireless network communication data of each workplace, acquiring workplaces and time stamps corresponding to terminal equipment accessed to the wireless network;
And respectively constructing a second vector of each terminal device accessed to the wireless network under each preset time precision according to the workplace and the time stamp corresponding to each terminal device accessed to the wireless network, and taking the second vector as a second movement track of each terminal device accessed to the wireless network under each preset time precision.
Further, the movement track acquisition module is specifically further configured to: according to the wireless network communication data of each workplace, acquiring a workplace and a time stamp corresponding to each wireless network;
And respectively constructing a third vector of each wireless network under each preset time precision according to the workplace and the time stamp corresponding to each wireless network, and taking the third vector as a third movement track of each wireless network under each preset time precision.
Further, the first correlation coefficient is a distance or similarity measure between vectors.
The technical scheme of the electronic equipment is as follows:
Comprising a memory, a processor and a program stored on the memory and running on the processor, the processor implementing the steps of a method for identifying a terminal device accessing both a wired network and a wireless network as defined in any one of the above when the program is executed.
Drawings
Fig. 1 is a flow chart of a method for identifying terminal equipment accessing to a wired network and a wireless network simultaneously according to an embodiment of the present invention;
FIG. 2 is a statistical result of a wired network and a wireless network;
Fig. 3 is a schematic structural diagram of a terminal device identification system for simultaneously accessing a wired network and a wireless network according to an embodiment of the present invention;
Detailed Description
As shown in fig. 1, a method for identifying a terminal device accessing a wired network and a wireless network simultaneously according to an embodiment of the present invention includes the following steps:
S1, acquiring a first movement track of each terminal device connected with the wired network under each preset time precision according to wired network communication data of each workplace, and acquiring a second movement track of each terminal device connected with the wireless network under each preset time precision according to wireless network communication data of each workplace, wherein each preset workplace comprises at least one terminal device.
The wireless network may be provided by a wireless hotspot released by a mobile phone, a wireless hotspot signal of a resident nearby the transformer substation, hotspot information of an operator base station, etc., for example, provided by a wireless hotspot released by a CMCC, etc. or an intelligent patrol device, and the wireless network communication data is obtained by the following method:
The on-site monitoring device with wireless network communication data monitoring is deployed in each workplace, and can be a flow acquisition device, which can acquire flow data on an exchanger for analysis, and can monitor information of wireless networks in each workplace, such as SSID (Service Set Identifier) of the wireless network, BSSID of wireless hotspots and the like, and information of terminal equipment accessed to the wireless network, such as ip address, mac address, access time and the like, so as to obtain wireless network communication data of each workplace.
The wireless network communication data specifically includes: information of each wireless network in each workplace such as a name, SSID (Service Set Identifier) of the wireless network, BSSID of the wireless hotspot, etc., and mac address of a terminal device connected to the wireless network, etc., a time stamp (here, the time stamp is the time when the terminal device accesses the wireless network), etc., and a workplace identification number preset for each workplace to distinguish each workplace, the data format of each wireless network communication data is as follows:
Wherein stationId represents a preset workplace identification number, deviceId represents an identification number of a field monitoring device for monitoring communication data of a wireless network, ip represents an ip address of a terminal device accessed to the wireless network, mac represents a mac address of the terminal device accessed to the wireless network, and time represents a time stamp of the terminal device connected to the wireless network;
In another embodiment, a management control platform can be deployed in a management center to receive wireless network communication data reported by field monitoring devices arranged in each workplace; wherein the deployment management control platform may comprise: a system is deployed in a management center, and the system can be used for receiving wireless network communication data monitored by a plurality of monitoring devices on each site, collecting the wireless network communication data in a centralized manner and carrying out unified storage and unified analysis.
The second moving track of each terminal device connected with the wireless network under each preset time precision is specifically:
The mobile trace is drawn according to the behavior trace drawing method with a plurality of preset time accuracies such as every 24 hours (0 to 24 points per day), every 8 hours (0 to 8 points per day, 8 to 16 points, 16 to 24 points per day), every 4 hours (0 to 4 points per day, 4 to 8 points, 8 to 12 points, 12 to 16 points, 16 to 20 points, 20 to 24 points), every 1 hour (24 hours per day), every 15 minutes (every 15 minutes per day), every 5 minutes (every 5 minutes per day), within 30 days after searching according to the mac address of the terminal device connected with the wireless network, and the mobile trace is expressed by: in different time periods, the terminal equipment connected with the wireless network appears in different workplaces, or in different time periods, the terminal equipment connected with the wireless network appears in the same workplace repeatedly, so that a second moving track of each terminal equipment connected with the wireless network under each preset time precision is obtained.
In an embodiment, when the wireless hotspot of the mobile phone generates the wireless network, the movement track is drawn according to the behavior track drawing method with a plurality of preset time accuracies of 24 hours, 8 hours, 4 hours, 1 hour, 15 minutes, 5 minutes and the like, so as to obtain a second movement track of each terminal device connected with the wireless network under each preset time accuracy.
The wired network communication data is acquired by the following steps:
the on-site monitoring device can be a flow acquisition device, can acquire flow data on a switch for analysis, and can monitor information of terminal equipment connected with a wired network in each workplace, such as ip address, mac address, connection time, namely time stamp and the like, so as to obtain the wired network communication data of each workplace.
Wherein the wired network communication data includes: the device identifier (device_id), the workplace identifier (station_id), the timestamp (where the timestamp is the time when the terminal device accesses the wired network), the ip of the terminal device connected to the wired network, and the mac address of the terminal device connected to the wired network, where each piece of wired network communication data refers to the data format of each piece of wireless network communication data, and will not be described herein.
S2, calculating a first correlation coefficient between each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the first correlation coefficient corresponding to each preset time precision is obtained; specifically:
When the first correlation coefficient is calculated, all terminal devices connected with the wired network and connected with the wireless network can be selected first, the first correlation coefficient between each first moving track corresponding to any preset time precision of any terminal device in all terminal devices connected with the wired network and connected with the wireless network and each second moving track corresponding to the preset time precision is calculated until the first correlation coefficient corresponding to each preset time precision of the terminal device is obtained, and compared with the method for directly calculating the first correlation coefficient between each first moving track and each second moving track, the calculation process is simpler and the calculation speed is high.
S3, identifying terminal equipment which is simultaneously accessed into the wired network and the wireless network according to the obtained first correlation coefficients.
The correlation between each first moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision is characterized by utilizing the first correlation coefficient, a judgment basis is provided for identifying whether terminal equipment which is simultaneously connected with a wired network and a wireless network at the same time or at the same moment, the special network safety protection requirement can be met, the method is suitable for a plurality of workplaces with a large number of terminal equipment, and compared with the existing manual identification mode, the method is high in precision and efficiency, and management cost is reduced.
In S1, the obtaining, according to the wireless network communication data of each workplace, a second movement track of each terminal device connected to the wireless network under each preset time precision includes:
s10, acquiring workplaces and time stamps corresponding to terminal equipment accessed to a wireless network according to wireless network communication data of each workplace;
s11, respectively constructing a second vector of each terminal device accessed to the wireless network under each preset time precision according to the workplace and the time stamp corresponding to each terminal device accessed to the wireless network, and taking the second vector as a second movement track of each terminal device accessed to the wireless network under each preset time precision, specifically:
1) The second vector may be a two-dimensional vector, specifically: x i represents an ith time period under any preset time precision, i is a positive integer, the value range of i changes along with the time range of wireless network communication data of each workplace and the preset time precision, n is a positive integer, and represents the total number of workplaces, and the description is given by taking a two-dimensional vector corresponding to each 24 hours at the preset time precision as an example of a first terminal device connected with the wireless network, specifically:
For example, there are 10 workplaces, from the wireless network communication data of each workplace within approximately 30 days, obtain the workplace and the timestamp corresponding to the first terminal device, let the current day be the 30 th day, x 1 be the 1 st day, x 2 be the 2 nd day, … … x 30 be the 30 th day, that is, the value range of i is 1-30, the position of y 1 in the two-dimensional matrix is the 1 st workplace, the position of y 2 in the two-dimensional matrix is the 2 nd workplace, and the positions of … … and y 10 in the two-dimensional matrix are the 10 th workplace, then:
When determined from the time stamp and workplace identification number: on day 1, when the first terminal device appears at the 1 st workplace and the 4 th workplace, the first terminal device is not connected, and the first terminal device is connected and appears at 1, and the two-dimensional vector corresponding to the first day is: Thereby obtaining a two-dimensional vector corresponding to each day; the two-dimensional vector corresponding to each day is used as a second movement track of the first terminal equipment under the preset time precision, and the second movement track of each wireless network under each preset time precision is obtained;
Similarly, according to the wired network communication data of each workplace, the workplace and the time stamp corresponding to each terminal device accessed to the wired network are obtained; according to the workplace and the time stamp corresponding to each terminal device accessed with the wired network, respectively constructing a first vector of each terminal device accessed with the wired network under each preset time precision, taking the first vector as a first moving track of each terminal device accessed with the wired network under each preset time precision, obtaining a first moving track of each terminal device connected with the wired network under each preset time precision, and calculating a distance or similarity measure between vectors between each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision as a first correlation coefficient until a first correlation coefficient corresponding to each preset time precision is obtained;
The distance between vectors may be minkowski distance, euclidean distance, manhattan distance, chebyshev distance, or angle cosine, and the calculation method is known to those skilled in the art, and will not be described herein;
the calculation formula of the similarity measure is as follows:
Wherein ρ XY represents a correlation coefficient, cov (X, Y) represents a variance of XY, D (X) represents a standard deviation of X, D (Y) represents a standard deviation of Y, EX represents an average value of X, EY represents an average value of Y, a similarity measure, that is, a correlation coefficient is a method for measuring a degree of correlation between a random variable X and Y, and a value range of the correlation coefficient is [ -1,1]; wherein the random variable X represents a second moving track of any wireless network under any preset time precision, the random variable Y represents a second moving track of the same preset time precision as the X, and the larger the absolute value of the correlation coefficient is, the higher the correlation degree between the X and the Y is.
When X and Y are linearly related, the correlation coefficient takes on a value of 1 (positive linear correlation) or-1 (negative linear correlation).
The correlation coefficients between (1, 2,3, 4) and (3,8,7,6) are calculated by Matlab, for example:
X=[1 2 3 4;3 8 7 6]
C= corrcoef (X') will return the correlation coefficient matrix
Results:
C=1.0000 0.4781
0.4781 1.0000
wherein 0.4781 is a correlation coefficient, i.e., a similarity measure, and the specific process of calculating the similarity measure is known to those skilled in the art, and will not be described herein.
For example, a plurality of first correlation coefficients corresponding to each preset time accuracy every 24 hours, every 8 hours, every 4 hours, every 1 hour, every 15 minutes, 5 minutes, etc. are calculated, respectively, then:
① For example, at each preset precision, the first correlation coefficient exceeds 0.9, then it is stated that: the wireless network and the wired network connected with the same terminal equipment are closely related in time and have high simultaneity, so that the terminal equipment which is connected with the wired network and the wireless network simultaneously is judged to exist, and the terminal equipment which is connected with the wired network and the wireless network simultaneously is identified according to the wireless network and the wired network which are connected with each other simultaneously, and further investigation and processing can be performed at the moment;
② For example, under all preset accuracies, if the number of the first correlation coefficients between the first wireless network and the first terminal device exceeds 0.9 and exceeds the preset number threshold, then it is indicated that the wireless network and the wired network connected by the same terminal device are closely related in time and have high simultaneity, so that it is determined that the terminal devices which are simultaneously connected to the wired network and the wireless network at the same time or moment exist, and thus the terminal devices which are simultaneously connected to the wired network and the wireless network are identified, and at this time, further investigation and processing can be performed.
2) The second vector may also be a multidimensional vector, e.g.,Wherein P 1 represents a 1 st time period under any preset time precision, and the meaning of P N is analogized, the value range of N changes with the time range of the wireless network communication data of each workplace and the preset time precision, the position of Q 1 in the first row in the vector represents the first workplace, the position of Q n in the first row represents the nth workplace, N is a positive integer, and N represents the total number of workplaces, and a two-dimensional vector corresponding to the first terminal device connected to the wireless network at the preset time precision of every 24 hours is taken as an example for explanation, specifically:
for example, there are 10 workplaces, and the workplace and the timestamp corresponding to the first terminal device are acquired from the wireless network communication data of each workplace within approximately 30 days, if the current day is taken as the 30 th day, P 1 represents the 1 st day, P 2 represents the 2 nd day, … … P 30 represents the 30 th day, that is, the value range of N is 1-30:
When determined from the time stamp and workplace identification number: on the 1 st to 30 th days, when the first terminal equipment appears and connects at the 1 st workplace and the 3 rd workplace, the first terminal equipment is not connected by the identifier 0, and the first terminal equipment appears and connects by the identifier 1, so that the multidimensional vector corresponding to the preset time precision is as follows: And obtaining the second movement track of each terminal device connected with the wireless network under each preset time precision by analogy.
Similarly, according to the wired network communication data of each workplace, the workplace and the time stamp corresponding to each terminal device accessed to the wired network are obtained; according to the workplace and the time stamp corresponding to each terminal device connected with the wired network, a first vector of each terminal device connected with the wired network under each preset time precision is respectively constructed and used as a first moving track of each terminal device connected with the wired network under each preset time precision, a first moving track of each terminal device connected with the wired network under each preset time precision is obtained, a distance or similarity measure between vectors of each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision is calculated and used as a first correlation coefficient until a first correlation coefficient corresponding to each preset time precision is obtained, and then recognition is carried out, wherein the recognition process is described above and is not repeated. Wherein the first vector and the second vector may be established based on the statistics in fig. 2.
Preferably, in the above technical solution, the method further includes:
S4, acquiring a third movement track of each wireless network under each preset time precision according to the wireless network communication data of each workplace;
s5, calculating a second correlation coefficient between each third movement track corresponding to any preset time precision and each second movement track corresponding to the preset time precision respectively until the second correlation coefficient corresponding to each preset time precision is obtained;
s6, identifying the portable terminal equipment according to the obtained plurality of second correlation numbers.
The current mainstream smart phones can provide a wireless hotspot function, and can be used for terminal devices such as computer devices which can access a wireless network in a workplace to connect the wireless hotspots for access interconnection, however, in certain occasions, particularly specific places such as transformer substations, nuclear power stations and the like which have network security requirements, the internal network is forbidden to be communicated with an external wireless network, so that the terminal devices such as the forbidden computer devices (including desktop computer devices and portable computer devices) are regulated in management to connect the external wireless network;
However, the portable computer device may intentionally or unintentionally violate the management rule, and the wireless network interface is used to connect to the external wireless network, so that if only a few portable computer devices are connected to the site, whether or not there is an illegal portable computer device, i.e., an abnormal portable computer device, can be identified by the connection condition of the internal network and the connection condition of the wireless network. However, if there are a plurality of workplaces, at least one portable computer device in each workplace temporarily generates a plurality of wireless network connection records, and if it is not known in advance which portable computer device the wireless network belongs to, it is difficult to know whether or not there is any abnormal portable computer device simply by virtue of the plurality of wireless network connection records temporarily generated. S4 to S6 utilize the second correlation table to characterize the correlation between each third movement track corresponding to each preset time precision and each second movement track corresponding to each corresponding preset time precision, and provide a judgment basis for identifying portable terminal equipment, so that the special network safety protection requirements can be met, and the method is applicable to a plurality of workplaces where a large number of terminal equipment exist.
In S4, the obtaining, according to the wireless network communication data of each workplace, a third movement track of each wireless network under each preset time precision includes:
S40, acquiring workplaces and time stamps corresponding to each wireless network according to the wireless network communication data of each workplace;
S41, respectively constructing a third vector of each wireless network under each preset time precision according to the workplace and the time stamp corresponding to each wireless network, and taking the third vector as a third movement track of each wireless network under each preset time precision.
The specific implementation process of S40 to S41 is described in detail in S10 to S11, the third vector is analogous to the second vector, the third movement track is analogous to the second movement track, and details are not described herein, and the second correlation coefficient is also the distance or similarity measure between vectors, and the calculation process of the second correlation coefficient is referred to the calculation process of the first correlation coefficient, and details are not described herein.
For example, a plurality of second phase relation numbers corresponding to each preset time accuracy of 24 hours, 8 hours, 4 hours, 1 hour, 15 minutes, 5 minutes, and the like are calculated, respectively, then:
1) For example, with a certain preset time accuracy, the second correlation coefficients between the first wireless network and the first terminal device exceed 0.9, which indicates that the first wireless network is closely related to the first terminal device, specifically: the first wireless network is likely to be generated by a mobile phone hot spot carried by staff in a workplace, the first terminal equipment is likely to be portable terminal equipment, and particularly the terminal equipment connected with the first wireless network is a portable computer, so that further investigation and processing can be performed;
2) For example, with all preset time accuracies, the number of second correlation coefficients between the first wireless network and the first terminal device exceeding 0.9 exceeds a preset number threshold, then it is stated that the first wireless network is closely related to the first terminal device, specifically: the first wireless network is likely to be generated by a mobile phone hot spot carried by staff in a workplace, and the first terminal device is likely to be a portable terminal device, specifically, the terminal device connected with the first wireless network is a portable computer, and at this time, further investigation and processing can be performed.
In one embodiment, when the wireless network is generated by the fixed hot spot in the workplace, the fixed hot spot in the house of the nearby resident and the wireless hot spot of the mobile phone, the search is performed according to the SSID of the wireless network, and the movement track is drawn according to the movement track drawing method under a plurality of preset time accuracies such as every 24 hours (0 point to 24 points per day), every 8 hours (0 point to 8 points per day, 8 points to 16 points, 16 to 24 points per day), every 4 hours (0 point to 4 points per day, 4 points to 8 points, 8 points to 12 points, 12 points to 16 points, 16 to 20 points, 20 to 24 points per day), every 1 hour (24 hours per day), every 15 minutes (every 15 minutes per day), every 5 minutes (every 5 minutes per day) and the like, so as to obtain the third movement track of each wireless network.
In another embodiment, hot spots that occur in the station, i.e., workplace, from 0 a.m. to 3 a.m. for several consecutive days (e.g., 5 days) are excluded. Such a hot spot may be a fixed hot spot in a station or a fixed hot spot in a nearby resident's home. Not portable mobile hotspots, i.e., cell phone hotspots.
Searching the wireless network generated by each wireless hotspot in all intelligent terminal databases connected with the wireless network according to the mac address of the intelligent terminal according to a plurality of preset time accuracies such as every 24 hours, every 8 hours, every 4 hours, every 1 hour, every 15 minutes and every 5 minutes, and drawing a moving track according to a behavior track drawing method to obtain a third moving track of each wireless network.
In the above embodiments, although steps S1, S2, etc. are numbered, only specific embodiments of the present application are given, and those skilled in the art may adjust the execution sequence of S1, S2, etc. according to the actual situation, which is also within the scope of the present application, and it is understood that some embodiments may include some or all of the above embodiments.
As shown in fig. 3, a terminal device identification system 200 for simultaneously accessing a wired network and a wireless network according to an embodiment of the present invention includes a movement track acquisition module 210, a correlation coefficient calculation module 220, and an identification module 230;
The movement track acquisition module 210 is configured to: according to the wired network communication data of each workplace, a first movement track of each terminal device connected with the wired network under each preset time precision is obtained, and according to the wireless network communication data of each workplace, a second movement track of each terminal device connected with the wireless network under each preset time precision is obtained, wherein each preset workplace comprises at least one terminal device;
the correlation coefficient calculating module 220 is configured to: calculating a first correlation coefficient between each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the first correlation coefficient corresponding to each preset time precision is obtained;
The identifying module 230 is configured to identify terminal devices that access to the wired network and the wireless network at the same time according to the obtained plurality of first correlation coefficients.
The correlation between each first moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision is characterized by utilizing the first correlation coefficient, a judgment basis is provided for identifying terminal equipment which is simultaneously connected with a wired network and a wireless network, special network safety protection requirements can be met, the method is suitable for a plurality of workplaces where a large number of terminal equipment exist, and compared with the existing manual identification mode, the method is high in precision and efficiency, and management cost is reduced.
Preferably, in the above technical solution, the movement track obtaining module 210 is further configured to: acquiring a third movement track of each wireless network under each preset time precision according to the wireless network communication data of each workplace;
The correlation coefficient calculating module 220 is further configured to: calculating a second correlation coefficient between each third moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the second correlation coefficient corresponding to each preset time precision is obtained;
The identification module 230 is further configured to identify the portable terminal device according to the obtained plurality of second correlation numbers.
The smart phone, the portable computer equipment and the like which are currently mainstream can provide a wireless hotspot function, other terminal equipment such as the computer equipment which can be accessed into a wireless network in a workplace can be connected with the wireless hotspot so as to access and interconnect, the correlation between each third moving track corresponding to each preset time precision and each second moving track corresponding to each corresponding preset time precision is characterized by utilizing a second correlation table, a judgment basis is provided for identifying the portable terminal equipment, special network safety protection requirements can be met, and the wireless hotspot is suitable for a plurality of workplaces with a large number of terminal equipment.
Preferably, in the above technical solution, the movement track obtaining module 220 is specifically configured to:
According to the wired network communication data of each workplace, acquiring workplaces and time stamps corresponding to each terminal device accessed to the wired network;
According to the workplace and the time stamp corresponding to each terminal device accessed to the wired network, a first vector of each terminal device accessed to the wired network under each preset time precision is respectively constructed and used as a first moving track of each terminal device accessed to the wired network under each preset time precision.
Preferably, in the above technical solution, the movement track obtaining module 220 is further specifically configured to:
According to the wireless network communication data of each workplace, acquiring workplaces and time stamps corresponding to terminal equipment accessed to the wireless network;
And respectively constructing a second vector of each terminal device accessed to the wireless network under each preset time precision according to the workplace and the time stamp corresponding to each terminal device accessed to the wireless network, and taking the second vector as a second movement track of each terminal device accessed to the wireless network under each preset time precision.
Preferably, in the above technical solution, the movement track obtaining module 220 is further specifically configured to: according to the wireless network communication data of each workplace, acquiring a workplace and a time stamp corresponding to each wireless network;
And respectively constructing a third vector of each wireless network under each preset time precision according to the workplace and the time stamp corresponding to each wireless network, and taking the third vector as a third movement track of each wireless network under each preset time precision.
Preferably, in the above technical solution, the first correlation coefficient is a distance or similarity measure between vectors.
The steps for implementing the corresponding functions of the parameters and the unit modules in the terminal device identification system 200 for simultaneously accessing the wired network and the wireless network according to the present invention may refer to the parameters and the steps in the embodiment of the terminal device identification method for simultaneously accessing the wired network and the wireless network according to the present invention, which are not described herein.
The electronic equipment comprises a memory, a processor and a program stored in the memory and running on the processor, wherein the processor realizes the steps of the terminal equipment identification method which is implemented by any one of the above methods and is accessed to a wired network and a wireless network at the same time when executing the program.
The electronic device may be a computer, a mobile phone, or the like, and the program is computer software or mobile phone APP, and the parameters and steps in the above electronic device according to the present invention may refer to the parameters and steps in the above embodiment of a terminal device identification method for accessing a wired network and a wireless network at the same time, which are not described herein.
Those skilled in the art will appreciate that the present invention may be implemented as a system, method, or computer program product.
Accordingly, the present disclosure may be embodied in the following forms, namely: either entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or entirely software, or a combination of hardware and software, referred to herein generally as a "circuit," module "or" system. Furthermore, in some embodiments, the invention may also be embodied in the form of a computer program product in one or more computer-readable media, which contain computer-readable program code.
Any combination of one or more computer readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination thereof. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.
Claims (6)
1. A method for identifying a terminal device that accesses a wired network and a wireless network simultaneously, comprising:
According to the wired network communication data of each workplace, a first movement track of each terminal device connected with the wired network under each preset time precision is obtained, and according to the wireless network communication data of each workplace, a second movement track of each terminal device connected with the wireless network under each preset time precision is obtained, wherein each preset workplace comprises at least one terminal device;
calculating a first correlation coefficient between each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the first correlation coefficient corresponding to each preset time precision is obtained;
Identifying terminal equipment which is simultaneously accessed into a wired network and a wireless network according to the obtained first correlation coefficients;
the method for obtaining the first movement track of each terminal device accessed to the wired network under each preset time precision according to the wired network communication data of each workplace comprises the following steps:
According to the wired network communication data of each workplace, acquiring workplaces and time stamps corresponding to each terminal device accessed to the wired network;
According to the workplace and the time stamp corresponding to each terminal device accessed to the wired network, respectively constructing a first vector of each terminal device accessed to the wired network under each preset time precision, and taking the first vector as a first moving track of each terminal device accessed to the wired network under each preset time precision;
the obtaining, according to the wireless network communication data of each workplace, a second movement track of each terminal device connected with the wireless network under each preset time precision includes:
According to the wireless network communication data of each workplace, acquiring workplaces and time stamps corresponding to terminal equipment accessed to the wireless network;
And respectively constructing a second vector of each terminal device accessed to the wireless network under each preset time precision according to the workplace and the time stamp corresponding to each terminal device accessed to the wireless network, and taking the second vector as a second movement track of each terminal device accessed to the wireless network under each preset time precision.
2. The method for identifying a terminal device accessing both a wired network and a wireless network according to claim 1, further comprising:
Acquiring a third movement track of each wireless network under each preset time precision according to the wireless network communication data of each workplace;
Calculating a second correlation coefficient between each third moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the second correlation coefficient corresponding to each preset time precision is obtained;
And identifying the portable terminal equipment according to the obtained plurality of second correlation numbers.
3. The method for identifying a terminal device accessing both a wired network and a wireless network according to claim 2, wherein the step of obtaining a third movement track of each wireless network at each preset time precision according to wireless network communication data of each workplace comprises:
according to the wireless network communication data of each workplace, acquiring a workplace and a time stamp corresponding to each wireless network;
And respectively constructing a third vector of each wireless network under each preset time precision according to the workplace and the time stamp corresponding to each wireless network, and taking the third vector as a third movement track of each wireless network under each preset time precision.
4. The method for identifying a terminal device simultaneously accessing a wired network and a wireless network according to claim 2, wherein the first correlation coefficient or the second correlation coefficient is a distance or a similarity measure between vectors.
5. The terminal equipment identification system for simultaneously accessing the wired network and the wireless network is characterized by comprising a movement track acquisition module, a correlation coefficient calculation module and an identification module;
The movement track acquisition module is used for: according to the wired network communication data of each workplace, a first movement track of each terminal device connected with the wired network under each preset time precision is obtained, and according to the wireless network communication data of each workplace, a second movement track of each terminal device connected with the wireless network under each preset time precision is obtained, wherein each preset workplace comprises at least one terminal device;
The correlation coefficient calculation module is used for: calculating a first correlation coefficient between each first moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the first correlation coefficient corresponding to each preset time precision is obtained;
the identification module is used for identifying terminal equipment which is simultaneously accessed into a wired network and a wireless network according to the obtained first correlation coefficients;
The movement track acquisition module is specifically configured to:
According to the wired network communication data of each workplace, acquiring workplaces and time stamps corresponding to each terminal device accessed to the wired network;
According to the workplace and the time stamp corresponding to each terminal device accessed to the wired network, respectively constructing a first vector of each terminal device accessed to the wired network under each preset time precision, and taking the first vector as a first moving track of each terminal device accessed to the wired network under each preset time precision;
the movement track acquisition module is further specifically configured to:
According to the wireless network communication data of each workplace, acquiring workplaces and time stamps corresponding to terminal equipment accessed to the wireless network;
And respectively constructing a second vector of each terminal device accessed to the wireless network under each preset time precision according to the workplace and the time stamp corresponding to each terminal device accessed to the wireless network, and taking the second vector as a second movement track of each terminal device accessed to the wireless network under each preset time precision.
6. The terminal device identification system of claim 5, wherein the movement track acquisition module is further configured to: acquiring a third movement track of each wireless network under each preset time precision according to the wireless network communication data of each workplace;
The correlation coefficient calculation module is further configured to: calculating a second correlation coefficient between each third moving track corresponding to any preset time precision and each second moving track corresponding to the preset time precision respectively until the second correlation coefficient corresponding to each preset time precision is obtained;
The identification module is further configured to identify that the terminal device is a portable terminal device according to the obtained plurality of second correlation numbers.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111033025.8A CN113692015B (en) | 2021-09-03 | Terminal equipment identification method and system for simultaneously accessing wired network and wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111033025.8A CN113692015B (en) | 2021-09-03 | Terminal equipment identification method and system for simultaneously accessing wired network and wireless network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113692015A CN113692015A (en) | 2021-11-23 |
| CN113692015B true CN113692015B (en) | 2024-07-05 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714359A (en) * | 2013-07-25 | 2014-04-09 | 范志广 | Radio frequency identification method and system based on wireless communication terminal |
| CN112654028A (en) * | 2020-12-15 | 2021-04-13 | 烽火通信科技股份有限公司 | Easymesh protocol-based networking management method and system |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714359A (en) * | 2013-07-25 | 2014-04-09 | 范志广 | Radio frequency identification method and system based on wireless communication terminal |
| CN112654028A (en) * | 2020-12-15 | 2021-04-13 | 烽火通信科技股份有限公司 | Easymesh protocol-based networking management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111325561B (en) | Intelligent complaint processing method and device, electronic equipment and storage medium | |
| CN109633327B (en) | Intelligent line loss analysis device for transformer area | |
| CN103675492B (en) | A kind of electricity consumption monitoring analytical approach, portable electricity consumption monitoring analytical equipment and system | |
| CN102208983B (en) | Identity recognition management system and method focused on households in social security housing | |
| CN109444800B (en) | Station area identification method based on wireless communication acquisition | |
| CN103259679A (en) | Method for identifying equipment and automatically reporting broken-down equipment for repair based on mobile terminal | |
| CN102158379B (en) | Identification network managing system and method for residents of indemnificatory residences | |
| CN207473028U (en) | Distribution Fault Location System | |
| CN101986757A (en) | Positioning method and device for mobile terminal | |
| CN106787169A (en) | A kind of method of multi-data source comparison techniques diagnosis transformer station remote measurement failure | |
| CN110083640A (en) | A kind of recognition methods of platform area and device based on power failure data | |
| CN107734458A (en) | A kind of residential property personnel management methods and system | |
| CN104661303A (en) | Wireless LAN Device Positioning | |
| CN111415107A (en) | Power distribution network platform region portrait generation method and device, computer equipment and storage medium | |
| CN113692015B (en) | Terminal equipment identification method and system for simultaneously accessing wired network and wireless network | |
| CN104881820A (en) | Electric power equipment external damage hidden danger troubleshooting system utilizing intelligent mobile phone and control method thereof | |
| US6101186A (en) | Method and system for organizing data in a relational database | |
| CN204463278U (en) | A kind of some inspection terminal, marking equipment and some cruising inspection system | |
| CN104299065A (en) | Dispatching automation host and backup model correctness checking method | |
| CN113692015A (en) | Terminal equipment identification method and system for simultaneously accessing wired network and wireless network | |
| CN106358287B (en) | A kind of intelligent terminal Passive Location based on Probe Request frame | |
| CN110888949A (en) | Equipment alarm shielding method, device, equipment and medium based on three-dimensional map | |
| CN102547678A (en) | Number portability short message log analysis method, system and device | |
| CN111836196B (en) | Indoor positioning method and system | |
| CN111917840B (en) | Remote communication information processing method and system for lithium battery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |