CN114189865B - Network attack protection method in communication network, computer device and storage medium - Google Patents
Network attack protection method in communication network, computer device and storage medium Download PDFInfo
- Publication number
- CN114189865B CN114189865B CN202111671124.9A CN202111671124A CN114189865B CN 114189865 B CN114189865 B CN 114189865B CN 202111671124 A CN202111671124 A CN 202111671124A CN 114189865 B CN114189865 B CN 114189865B
- Authority
- CN
- China
- Prior art keywords
- network
- network slice
- user terminal
- service data
- slice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Abstract
The invention discloses a network attack protection method, a computer device and a storage medium in a communication network, wherein the network attack protection method comprises the steps of acquiring service data of a user terminal, distributing a first network slice to the user terminal, carrying out aggressive identification on the service data, adding information of the user terminal into a first blacklist corresponding to the first network slice when the service data is identified to have the aggressive performance on the first network slice, and the like. The invention can respectively accept or refuse the user terminal to access the corresponding network slice; because the network slices are independent and isolated from each other, even if a user terminal attacks some of the network slices to cause network slice failure, the application of other network slices cannot be influenced; due to the fact that the economic value or the strategic value of different communication services are different, the network attack threats are different, the sensitivity of the different communication services to the network attack is different, and therefore the safety and the efficiency of the communication network are considered. The invention is widely applied to the technical field of communication.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a network attack protection method, a computer apparatus, and a storage medium in a communication network.
Background
Communication networks have been widely used in various aspects of human activities, bringing about a deep revolution to human life and production, and also having a great influence on various aspects of national and social public safety, network and information safety, safety supervision and the like. Communication networks have been exposed to cyber attacks, which, due to their infrastructure, may not only damage the communication network itself, but also other aspects such as social security and economic security.
The new communication network technologies such as 5G bring new characteristics of super-large bandwidth, mass connection, ultra-low time delay, interconnection of everything and the like, but correspondingly enlarge the harm brought by the communication network being attacked and the corresponding protection difficulty. For example, the ultra-large bandwidth and ultra-large flow characteristics greatly improve the security protection difficulty based on technologies such as flow detection, content identification, encryption and decryption and the like; the terminal used in the Internet of things has weak safety protection capability and is easy to become an attacked and controlled object; the ultra-large connection is easy to cause attack of the whole network or local scale, and the mass terminals simultaneously initiate flow attack, so that the network defense capability is more likely to be surpassed or even destroyed; the infrastructure cloud and IT further break a network closed state, network attack threats are spread faster and easy to attack and prevent, and the foundation network brings new challenges to network and information security guarantee through comprehensive cloud and IT; the novel service flows such as edge cloud and the like bypass the existing centralized information security monitoring system without passing through a core network, and are difficult to be effectively monitored and managed; the small base station which is widely applied is difficult to be placed in a special machine room, the physical safety is difficult to be guaranteed, and the small base station needs to be transmitted back through a public network, is easy to become an attacked object, and attacks are initiated according to the attacked object, so that the network and the information safety are threatened.
Disclosure of Invention
In view of at least one technical problem that it is difficult to protect a current communication network, especially a new communication network such as 5G, from a network attack, the present invention aims to provide a network attack protecting method, a computer device and a storage medium in a communication network.
In one aspect, an embodiment of the present invention includes a method for protecting against network attacks in a communication network, including:
acquiring service data of a user terminal;
distributing a first network slice to the user terminal according to the service data; the first network slice is one of a plurality of network slices, and the network slices are isolated from each other;
the first network slice identifies the aggressivity of the service data;
and when the service data is identified to have the aggressivity to the first network slice, adding the information of the user terminal into a first blacklist corresponding to the first network slice.
Further, the network attack protection method in the communication network further includes:
and rejecting the user terminal corresponding to the information in the first blacklist to access the first network slice.
Further, the allocating a first network slice to the user terminal according to the service data includes:
identifying a service type corresponding to the service data;
finding out a network slice supporting the service type from a plurality of network slices as the first network slice;
accepting the user terminal to access the first network slice;
denying the user terminal access to other network slices than the first network slice.
Further, the first network slice identifies the offensiveness of the traffic data, including:
analyzing the service data to obtain characteristic information;
matching in a feature database according to the feature information;
and when the information corresponding to the characteristic information is matched in the characteristic database, determining that the service data has aggressivity to the first network slice.
Further, the first network slice identifies the offensiveness of the traffic data, including:
counting the number of times of requests initiated by the user terminal by the service data;
and when the request times reach a time threshold value, determining that the first network slice of the service data has aggressivity.
Further, the network attack protection method in the communication network further includes:
finding a second network slice from the plurality of network slices; the similarity between the service type supported by the second network slice and the service type supported by the first network slice reaches a similarity threshold value;
the second network slice leads the information in the first blacklist into a second blacklist;
and rejecting the user terminal corresponding to the information in the second blacklist to access the second network slice.
Further, the network attack protection method in the communication network further includes:
when the service data is identified to have no aggressivity to the first network slice, accepting the user terminal to access a third network slice; the service type supported by the third network slice is the same as the service type supported by the first network slice;
and when the service data is identified to have the aggressivity to the first network slice, refusing the user terminal to access the third network slice.
Further, the network attack protection method in the communication network further includes:
stopping the user terminal from accessing the first network slice after the user terminal accesses the third network slice.
In another aspect, an embodiment of the present invention further includes a computer apparatus, including a memory and a processor, where the memory is used to store at least one program, and the processor is used to load the at least one program to perform a network attack protection method in a communication network in an embodiment.
In another aspect, an embodiment of the present invention further includes a storage medium in which a processor-executable program is stored, where the processor-executable program is used to execute the network attack protecting method in the communication network in the embodiment when executed by a processor.
The invention has the beneficial effects that: in the network attack protection method in the embodiment, a communication network is cut into a plurality of mutually independent network slices, different network slices can respectively execute a blacklist system, and whether a user terminal is added into a respective blacklist of each network slice is respectively determined by detecting the aggressivity of service data of the user terminal, so that the user terminal can be respectively accepted or rejected to be accessed into the corresponding network slice; because the network slices are independent and isolated from each other, even if a user terminal attacks some of the network slices to cause network slice failure, the application of other network slices cannot be influenced; on the other hand, because the economic value or the strategic value of different communication services are different, the network attack threats are different, and the sensitivity of different communication services to the network attack is different, thereby being beneficial to considering the safety and the efficiency of the communication network.
Drawings
FIG. 1 is a system structure diagram of a network attack protection method applied in a communication network in an embodiment;
FIG. 2 is a flowchart of a network attack prevention method in a communication network according to an embodiment;
FIG. 3 is a diagram illustrating different types of services provided by different network slices in an embodiment;
FIG. 4 is a diagram illustrating denial of access to a user equipment according to a blacklist in an embodiment;
fig. 5 is a schematic diagram illustrating introduction of blacklist information corresponding to different network slices of similar service types in an embodiment;
fig. 6 and fig. 7 are schematic diagrams illustrating introduction of blacklist information corresponding to different network slices of the same service type in the embodiment.
Detailed Description
In this embodiment, the network attack protection method in the communication network may be applied to the communication network system shown in fig. 1. Fig. 1 includes a 5G core network, a base station (LTE, NR), and a user terminal, where the user terminal may be a device such as a mobile phone or a tablet computer, and the user terminal is connected to the base station to access the 5G core network. The 5G core network may be replaced with other types of communication network control devices.
In this embodiment, referring to fig. 2, a network attack protection method in a communication network includes the following steps:
s1, acquiring service data of a user terminal;
s2, distributing a first network slice to the user terminal according to the service data; the first network slice is one of a plurality of network slices, and the network slices are isolated from each other;
s3, carrying out offensive identification on the service data by the first network slice;
s4, when the fact that the service data have aggressivity to the first network slice is identified, adding information of the user terminal into a first blacklist corresponding to the first network slice;
and S5, rejecting the user terminal corresponding to the information in the first blacklist to access the first network slice.
In this embodiment, the communication network may be divided into a plurality of different network slices, such as a first network slice, a second network slice, a third network slice, and a fourth network slice, where each network slice may provide the same or different types of service to the user terminal, for example, the first network slice provides a small-scale internet of things service, the second network slice provides an internet of vehicles service, the third network slice provides a large-scale internet of things service, and the fourth network slice provides an ultra high definition video service.
In particular, different network slices may be implemented by different hardware devices, or by the same hardware device running different software processes. For example, for the first network slice and the second network slice in fig. 3, the base station in the first network slice and the base station in the second network slice may be different base stations, and the core network in the first network slice and the core network in the second network slice may also be different core networks; the base station in the first network slice and the base station in the second network slice may be the same base station, the core network in the first network slice and the core network in the second network slice may also be the same core network, and the core network in the first network slice runs the software process related to the internet of things service, thereby implementing the function of the first network slice, and the core network in the second network slice runs the software process related to the internet of vehicles service, thereby implementing the function of the second network slice.
In this embodiment, different network slices are isolated from each other, for example, for the same core network, data received or generated by the same core network operating as the first network slice does not enter the second network slice, the third network slice, the fourth network slice or other network slices; the software processes of the same core network for running different network slices are also independently run, for example, the same core network stops running the second network slice, or the second network slice abnormally exits from working, and the running of the first network slice, the third network slice, the fourth network slice or other network slices cannot be influenced.
In this embodiment, the core network respectively establishes a corresponding blacklist for each network slice, for example, a first network slice establishes a corresponding first blacklist, a second network slice establishes a corresponding second blacklist, a third network slice establishes a corresponding third blacklist, and a fourth network slice establishes a corresponding fourth blacklist.
The network attack prevention method in this embodiment will be described below with respect to a specific communication process between a user terminal, i.e., a user terminal a, and a 5G core network.
In step S1, the core network acquires the service data of the user terminal a. Specifically, the user terminal a accesses the core network through the base station, and the user terminal a sends the service data to the base station, and the base station forwards the service data to the core network.
When the core network performs step S2, that is, the step of assigning the first network slice to the user equipment according to the service data, the core network may specifically perform the following steps:
s201, identifying a service type corresponding to service data;
s202, searching out a network slice supporting the service type from a plurality of network slices as a first network slice;
s203, receiving the user terminal A to access the first network slice;
and S204, the user terminal A is refused to access other network slices except the first network slice.
In step S201, the core network parses the service data and identifies the service type corresponding to the service data. For example, the core network recognizes keywords such as a target object ID to which the user terminal a is to be connected from the service data, and thus recognizes that the service type corresponding to the service data sent by the user terminal a is the internet of things.
In step S202, the core network finds out a network slice supporting the service type from the multiple network slices as a first network slice. Wherein the network slice supporting the networking may be the first network slice. Referring to fig. 3, the core network finds an mtc slice in which the support network is networked as a first network slice.
In step S203, the core network accepts that the user terminal a accesses the first network slice, and the user terminal a may access the core network through the base station according to the first network slice in fig. 3, so that the core network provides the internet of things service for the user terminal a.
In step S204, the core network rejects the user terminal a to access other network slices except the first network slice, for example, the core network rejects the user terminal a to access the second network slice, the third network slice, and the fourth network slice, so as to maintain data isolation between different network slices. Unless the user terminal a sends new service data to the core network, the core network may re-execute steps S1 and S201 to S203 to re-match the first network slice for the new service data (the first network slice corresponding to the new service data may be different from the first network slice corresponding to the original service data in service type, that is, the first network slice corresponding to the new service data may not be the same network slice as the first network slice corresponding to the original service data).
When the core network performs step S3, that is, performs the step of identifying the offensiveness of the service data, the following steps may be specifically performed:
S301A, analyzing the service data to obtain characteristic information;
S302A, matching in a feature database according to the feature information;
and S303A, when the information corresponding to the characteristic information is matched in the characteristic database, determining that the service data has aggressivity to the first network slice.
Since the service data with offensive features, such as service data capable of attacking the core network through DDos or other means, is generally sent after the user terminal a is infected with computer viruses or is implanted with trojan software, in step S301A, the core network may analyze the service data to obtain feature information according to the principle of antivirus software; in step S302A, the core network matches the feature database such as the computer virus feature database according to the feature information, and if the corresponding information is matched, it indicates that the service data received by the core network may be sent after the user terminal a infects a computer virus or is implanted with trojan horse software, and it may be determined in step S303A that the service data has an offensive nature to the first network slice; if the core network does not match the corresponding information in the computer virus signature library, it may be determined in step S303A that the service data is not aggressive to the first network slice.
When the core network performs step S3, that is, performs the step of identifying the offensiveness of the service data, the core network may specifically perform the following steps:
S301B, counting the number of times of requests initiated by the user terminal A with service data;
and S302B, when the number of times of the request reaches a threshold number of times, determining that the first network slice of the service data has aggressivity.
Since there is a characteristic that a plurality of requests are sent to the core network in a short time due to aggressive service data, for example, service data that can be attacked to the core network by means of a data storm, etc., in step S301B, the core network can count the number of times that the user terminal a sends service data to the core network within a period of time to send a request, and set a number threshold according to experience of protecting the data storm, in step S302B, compare the counted number of times of requests with the number threshold, and if the number of times of requests reaches the number threshold, it can be determined that the service data is aggressive to the first network slice; before the number of requests reaches a threshold number of times, it may be determined that the traffic data is not offensive to the first network slice.
The conclusion of whether the traffic data determined in steps S301A-S303A or steps S301B-S302B is offensive may be limited with respect to the first network slice. For example, if the traffic data determined through steps S301A-S303A is offensive, it may be further limited that the traffic data is offensive to a first network slice, and whether the traffic data is offensive to other network slices such as a second network slice, may be additionally determined by the core network.
If the core network identifies that the service data is aggressive to the first network slice by performing steps S1-S3, the core network adds the information of the ue to a first blacklist corresponding to the first network slice in step S4, and rejects the ue corresponding to the information in the first blacklist from accessing the first network slice in step S5, referring to fig. 4.
Referring to fig. 4, after steps S1-S4 are performed, the first blacklist includes information such as the ID or MAC address of the user terminal a, and the first blacklist may further include information such as the ID or MAC address of other user terminals. When step S5 is executed, taking the example of rejecting the user terminal a in the first blacklist to access the first network slice, if the user terminal a has accessed the first network slice, the core network may stop providing the service to the user terminal a through the first network slice, or the core network may send an instruction to the user terminal a, and the user terminal a applies for the core network to stop providing the service to the user terminal a through the first network slice, specifically, the core network may open the link with the user terminal a established by the first network slice, and interrupt the communication with the user terminal a established by the first network slice; if the user terminal A does not access the first network slice, the user terminal A can be refused to access when the user terminal A applies to access the core network through the first network slice.
In this embodiment, the communication network may be cut into a plurality of mutually independent network slices by executing steps S1-S4, different network slices may respectively execute a blacklist system, and whether to add the user terminal to a respective blacklist of each network slice is respectively determined by detecting aggressiveness of service data of the user terminal, so that the user terminal can be respectively accepted or rejected to access the corresponding network slice; because the network slices are mutually independent and isolated, even if a user terminal initiates attacks to some of the network slices to cause network slice faults, the application of other network slices cannot be influenced; on the other hand, because different communication services have different economic or strategic values, the network attack threats are different, and the sensitivity of different communication services to network attacks, such as the damage degrees after the communication services face the same strength of network attacks, are different, by cutting the communication network into a plurality of mutually independent network slices, it is possible to implement attack identification of different degrees of severity, for example, implement strict attack identification and a broader blacklist for a network slice that provides a communication service with a higher value and is more sensitive to network attacks, and implement looser attack identification and a small-scale blacklist for a network slice that provides a communication service with a lower value and is insensitive to network attacks, thereby facilitating the security and efficiency of the communication network.
In this embodiment, the method for protecting against network attack in a communication network further includes the following steps:
s6, searching a second network slice from the plurality of network slices; the similarity between the service type supported by the second network slice and the service type supported by the first network slice reaches a similarity threshold value;
s7, the second network slice leads the information in the first blacklist into a second blacklist;
and S8, rejecting the user terminal corresponding to the information in the second blacklist to access the second network slice.
In step S6, the service types supported by each network slice may be numbered, and the closer the number is, the greater the similarity is. For example, the service types related to each network slice in fig. 3 include an internet of things, an internet of vehicles, and an ultra high definition video, and the service type for the internet of things may be numbered as 5, the service type for the internet of vehicles may be numbered as 6, and the service type for the ultra high definition video may be numbered as 10. Thus, by querying the numbers of two service types and calculating the difference, the similarity between the two service types can be quantified. For example, the number difference between the "internet of things" and the "internet of vehicles" is 1, the number difference between the "internet of vehicles" and the "ultra high definition video" is 4, and the similarity between the "internet of things" and the "internet of vehicles" is higher than the similarity between the "internet of vehicles" and the "ultra high definition video".
In step S6, the similarity threshold may be set to a value such as 2 or 3. Comparing the number difference (6-5 ═ 1) corresponding to the service type (internet of things) supported by the first network slice and the service type (internet of vehicles) supported by the second network slice with the similarity threshold, wherein the difference is smaller than the similarity threshold, which indicates that the service type (internet of things) supported by the first network slice and the service type (internet of vehicles) supported by the second network slice are similar, and the sensitivity and the protection mode of the first network slice and the second network slice to the same network attack can be further considered to be similar.
Based on the logic of step S6, in step S7, referring to fig. 5, the information in the first blacklist corresponding to the first network slice is imported into the second blacklist corresponding to the second network slice, so that the first network slice and the second network slice have a common object of rejecting access, for example, the user terminal a in this embodiment.
In step S8, the second network slice rejects the ue corresponding to the information in the second blacklist, which is the same as the principle in step S5. If the user terminal a has accessed the second network slice, the core network may stop providing the service to the user terminal a through the second network slice, or the core network may send an instruction to the user terminal a, and the user terminal a applies for the core network to stop providing the service to the user terminal a through the second network slice, specifically, the core network may open a link with the user terminal a established by the second network slice, and interrupt communication with the user terminal a established by the second network slice; if the user terminal A does not access the second network slice, the user terminal A can be refused to access when the user terminal A applies to access the core network through the second network slice.
Through executing steps S6-S8, blacklist information can be shared between network slices with similar service types, thereby avoiding network resource waste caused by the fact that network slices with similar network attacks to be protected respectively establish their own blacklists.
In this embodiment, the method for protecting against network attack in a communication network further includes the following steps:
s9, when the fact that the service data do not have aggressivity to the first network slice is identified, receiving the access of the user terminal to a third network slice; the service type supported by the third network slice is the same as the service type supported by the first network slice;
s10, when the service data are identified to have aggressivity to the first network slice, the user terminal is refused to access a third network slice;
and S11, after the user terminal accesses the third network slice, stopping the user terminal from accessing the first network slice.
In steps S9-S11, the service type supported by the third network slice is the same as the service type supported by the first network slice, specifically, the third network slice and the first network slice may be network slices that are run formally at the same time, and the difference between the third network slice and the first network slice may be the difference in performance and load, for example, in fig. 6, the third network slice and the first network slice are both network slices capable of supporting networking services, while the third network slice supports a large-scale internet of things, and the first network slice supports a small-scale internet of things, that is, the third network slice supports more user terminal accesses, and the first network slice supports less user terminal accesses; it is also possible to use only the third network slice as the formal long-running network slice, and the first network slice as the temporary running network slice, and the first network slice ends running after the trigger condition is met.
The result of executing step S3 includes identifying that the traffic data of user terminal a is not offensive to the first network slice, or identifying that the traffic data of user terminal a is offensive to the first network slice. Since the type of service supported by the third network slice is the same as the type of service supported by the first network slice, it can be reasonably inferred that if the service data of the user terminal a does not have an offensive nature to the first network slice, the service data of the user terminal a does not have an offensive nature to the third network slice; if the traffic data of user terminal a is aggressive to the first network slice, the traffic data of user terminal a is also aggressive to the third network slice.
If it is identified that the service data has an attack on the first network slice in step S3, it indicates that the service data also has an attack on the third network slice, and in step S10, referring to fig. 6, the user terminal information in the first blacklist is imported into a third blacklist corresponding to the third network slice, so that the third network slice denies the user terminal a access according to the third blacklist, thereby ensuring the operation security of the third network slice. If step S3 is executed to recognize that the service data does not have an aggression property to the first network slice, it indicates that the service data does not have an aggression property to the third network slice, in step S9, with reference to fig. 7, the information of the user terminal a is deleted from the first blacklist, if the information of the user terminal a already exists in the third blacklist corresponding to the third network slice, the information of the user terminal a is deleted from the third blacklist, and if the information of the user terminal a does not exist in the third blacklist corresponding to the third network slice, the information of the user terminal a is not written into the third blacklist, so that the third network slice accepts the access of the user terminal, thereby providing a communication service for the user terminal;
when steps S9-S10 are executed, the first network slice with a small scale or a temporary scale may be first allocated to the user terminal a, the service data sent by the user terminal a is identified by the first network slice with an offensive nature, if the service data sent by the user terminal a is not offensive, the user terminal a may be accessed to a third network slice which can provide the same service and has a larger scale or a more stable scale to receive the communication service; if the service data sent by the user terminal A has aggressivity, the user terminal A can be refused to access the third network slice, even if the user terminal A initiates the network attack, the damage of the attack can be limited in the range of the first network slice, and the damage brought by the network attack is reduced.
If it is determined that the service data sent by the user terminal a is not aggressive, after the step S9 is executed and the third network slice accepts the user terminal access, the step S11 may be executed, where the first network slice stops the user terminal access and only the third network slice provides the internet of things service to the user terminal a.
The network attack protection method in the communication network in the embodiment may be implemented by writing a computer program for implementing the network attack protection method in the communication network in the embodiment, writing the computer program into a computer device or a storage medium, and executing the network attack protection method in the communication network in the embodiment when the computer program is read out and run, thereby achieving the same technical effect as the network attack protection method in the communication network in the embodiment.
It should be noted that, unless otherwise specified, when a feature is referred to as being "fixed" or "connected" to another feature, it may be directly fixed or connected to the other feature or indirectly fixed or connected to the other feature. Furthermore, the descriptions of upper, lower, left, right, etc. used in the present disclosure are only relative to the mutual positional relationship of the constituent parts of the present disclosure in the drawings. As used in this disclosure, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. In addition, unless defined otherwise, all technical and scientific terms used in this example have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description of the embodiments herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this embodiment, the term "and/or" includes any combination of one or more of the associated listed items.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one type of element from another. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of the present disclosure. The use of any and all examples, or exemplary language ("e.g.," such as "or the like") provided with this embodiment is intended merely to better illuminate embodiments of the invention and does not pose a limitation on the scope of the invention unless otherwise claimed.
It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer-readable storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, operations of processes described in this embodiment can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described in this embodiment (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described in this embodiment includes these and other different types of non-transitory computer-readable storage media when such media includes instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
A computer program can be applied to input data to perform the functions described in the present embodiment to convert the input data to generate output data that is stored to a non-volatile memory. The output information may also be applied to one or more output devices, such as a display. In a preferred embodiment of the invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on a display.
The above description is only a preferred embodiment of the present invention, and the present invention is not limited to the above embodiment, and any modifications, equivalent substitutions, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention as long as the technical effects of the present invention are achieved by the same means. The invention is capable of other modifications and variations in its technical solution and/or its implementation, within the scope of protection of the invention.
Claims (9)
1. A network attack protection method in a communication network is characterized by comprising the following steps:
acquiring service data of a user terminal;
distributing a first network slice to the user terminal according to the service data; the first network slice is one of a plurality of network slices, and the network slices are isolated from each other;
the first network slice identifies the aggressivity of the service data;
when the service data is identified to have aggressivity to the first network slice, adding the information of the user terminal into a first blacklist corresponding to the first network slice;
the first network slice identifies the aggressivity of the service data, and the identifying comprises the following steps:
analyzing the service data to obtain characteristic information;
matching in a feature database according to the feature information;
and when the information corresponding to the characteristic information is matched in the characteristic database, determining that the service data has aggressivity to the first network slice.
2. The method of claim 1, further comprising:
and rejecting the user terminal corresponding to the information in the first blacklist to access the first network slice.
3. The method according to claim 1, wherein the allocating the first network slice to the ue according to the traffic data comprises:
identifying a service type corresponding to the service data;
finding out a network slice supporting the service type from a plurality of network slices as the first network slice;
accepting the user terminal to access the first network slice;
denying the user terminal access to other network slices than the first network slice.
4. The method of claim 1, wherein the identifying the traffic data as offensive by the first network slice comprises:
counting the number of times of requests initiated by the user terminal by the service data;
and when the request times reach a time threshold value, determining that the first network slice of the service data has aggressivity.
5. The method for defending against network attacks in a communication network according to claim 2, wherein the method for defending against network attacks in a communication network further comprises:
finding a second network slice from the plurality of network slices; the similarity between the service type supported by the second network slice and the service type supported by the first network slice reaches a similarity threshold value;
the second network slice imports the information in the first blacklist into a second blacklist;
and rejecting the user terminal corresponding to the information in the second blacklist to access the second network slice.
6. The method of claim 1, further comprising:
when the service data is identified to have no aggressivity to the first network slice, accepting the user terminal to access a third network slice; the service type supported by the third network slice is the same as the service type supported by the first network slice;
and when the service data is identified to have the aggressivity to the first network slice, refusing the user terminal to access the third network slice.
7. The method of claim 6, further comprising:
stopping the user terminal from accessing the first network slice after the user terminal accesses the third network slice.
8. A computer arrangement comprising a memory for storing at least one program and a processor for loading the at least one program to perform the method of network attack protection in a communications network of any of claims 1 to 7.
9. A storage medium in which a processor-executable program is stored, wherein the processor-executable program is configured to perform the network attack prevention method in a communication network according to any one of claims 1 to 7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111671124.9A CN114189865B (en) | 2021-12-31 | 2021-12-31 | Network attack protection method in communication network, computer device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111671124.9A CN114189865B (en) | 2021-12-31 | 2021-12-31 | Network attack protection method in communication network, computer device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114189865A CN114189865A (en) | 2022-03-15 |
| CN114189865B true CN114189865B (en) | 2022-09-13 |
Family
ID=80545462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111671124.9A Active CN114189865B (en) | 2021-12-31 | 2021-12-31 | Network attack protection method in communication network, computer device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114189865B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116074844B (en) * | 2023-04-06 | 2023-06-09 | 广东电力交易中心有限责任公司 | 5G slice escape attack detection method based on full-flow adaptive detection |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113852483A (en) * | 2020-06-28 | 2021-12-28 | 中兴通讯股份有限公司 | Network slice connection management method, terminal and computer readable storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248472A (en) * | 2013-04-16 | 2013-08-14 | 华为技术有限公司 | Operation request processing method and system and attack identification device |
| US10581914B2 (en) * | 2016-06-03 | 2020-03-03 | Ciena Corporation | Method and system of mitigating network attacks |
| CN107231384B (en) * | 2017-08-10 | 2020-11-17 | 北京科技大学 | DDoS attack detection and defense method and system for 5g network slices |
| CN109039742A (en) * | 2018-08-03 | 2018-12-18 | 西安电子科技大学 | A kind of network slice and its switching method servicing different service types |
| CN112616124B (en) * | 2020-12-03 | 2023-11-24 | 广东电力通信科技有限公司 | Electric power Internet of things safety management method and system based on 5G network slice |
-
2021
- 2021-12-31 CN CN202111671124.9A patent/CN114189865B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113852483A (en) * | 2020-06-28 | 2021-12-28 | 中兴通讯股份有限公司 | Network slice connection management method, terminal and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114189865A (en) | 2022-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10657251B1 (en) | Multistage system and method for analyzing obfuscated content for malware | |
| US9323929B2 (en) | Pre-identifying probable malicious rootkit behavior using behavioral contracts | |
| CN107005543B (en) | System and method for preventing unauthorized network intrusion | |
| EP2779574A1 (en) | Attack detection and prevention using global device fingerprinting | |
| US10320833B2 (en) | System and method for detecting creation of malicious new user accounts by an attacker | |
| CN104426906A (en) | Identifying malicious devices within a computer network | |
| CN108141408B (en) | Determination system, determination device, and determination method | |
| CN109766694B (en) | Program protocol white list linkage method and device of industrial control host | |
| CN112513848A (en) | Privacy protected content classification | |
| US20160110544A1 (en) | Disabling and initiating nodes based on security issue | |
| CN112165455A (en) | Data access control method and device, computer equipment and storage medium | |
| CN108183884B (en) | Network attack determination method and device | |
| CN114189865B (en) | Network attack protection method in communication network, computer device and storage medium | |
| US10469535B1 (en) | Systems and methods for network security | |
| JP6592196B2 (en) | Malignant event detection apparatus, malignant event detection method, and malignant event detection program | |
| CN111181967B (en) | Data stream identification method, device, electronic equipment and medium | |
| US11552986B1 (en) | Cyber-security framework for application of virtual features | |
| US9769187B2 (en) | Analyzing network traffic based on a quantity of times a credential was used for transactions originating from multiple source devices | |
| KR20140126633A (en) | Method and appratus for detecting malicious message | |
| CN114726579B (en) | Method, device, equipment, storage medium and program product for defending network attack | |
| CN104380686A (en) | Method and system used for applying NG firewall, NG firewall client-side and NG firewall servicer | |
| KR101427412B1 (en) | Method and device for detecting malicious code for preventing outflow data | |
| CN109218315B (en) | Safety management method and safety management device | |
| CN109691158A (en) | Mobile flow Redirectional system | |
| US20190230103A1 (en) | Method To Detect A Summoning Attack By A Rogue WiFi Access Point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |