CN114389977A - PCDN (Primary Contourlet distribution network) violation service detection method and device, electronic equipment and storage medium - Google Patents

PCDN (Primary Contourlet distribution network) violation service detection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114389977A
CN114389977A CN202111637659.4A CN202111637659A CN114389977A CN 114389977 A CN114389977 A CN 114389977A CN 202111637659 A CN202111637659 A CN 202111637659A CN 114389977 A CN114389977 A CN 114389977A
Authority
CN
China
Prior art keywords
broadband
target
account
address
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111637659.4A
Other languages
Chinese (zh)
Other versions
CN114389977B (en
Inventor
叶钧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111637659.4A priority Critical patent/CN114389977B/en
Publication of CN114389977A publication Critical patent/CN114389977A/en
Application granted granted Critical
Publication of CN114389977B publication Critical patent/CN114389977B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a PCDN violation service detection method, a device, electronic equipment and a storage medium, relating to the field of network technology and safety technology, and providing broadband internet access data generated by user internet access at a preset time point from a target network device for each target network device in an operator network; determining at least one internet behavior characteristic according to the acquired broadband internet data; if the number of the target internet behavior characteristics in the internet behavior characteristics exceeds the preset number, determining a target broadband account number using a broadband in the plurality of target internet behavior characteristics; if the account number type of the target broadband account number is a family account number, determining that the PCDN violation business exists in the target broadband account number; and if the account number type of the target broadband account number is a government-enterprise account number, detecting whether the PCDN violation business exists in the target broadband account number according to the business type of the target broadband account number. The invention can improve the accuracy of detection through behavior analysis and type verification.

Description

PCDN (Primary Contourlet distribution network) violation service detection method and device, electronic equipment and storage medium
Technical Field
The invention relates to the field of network technology and security technology, in particular to a PCDN violation service detection method, a device, electronic equipment and a storage medium.
Background
The PCDN is a P2P content distribution network (English name: P2P CDN), and is a low-cost high-quality content distribution network service constructed by excavating and utilizing massive fragmentation idle resources of a telecommunication edge network on the basis of a P2P technology. After the client accesses the service through the integrated PCDN SDK (SDK for short), the distribution quality equal to (or slightly higher than) the CDN can be obtained, and the distribution cost is obviously reduced. The method is suitable for service scenes such as video on demand, live broadcast, large file downloading and the like.
The PCDN violation business is the condition that enterprises and individual customers rent a large number of broadband (including family broadband products, business broadband products and business private line products) of telecommunication operators, the usage of the products is freely changed, the self-used uplink bandwidths are aggregated to form large bandwidths for flow management, and the PCDN violation business is sold at low price in a PCDN service form. PCDN violation traffic is often accompanied by illegal arbitrage behavior, while there is also a serious trust and security risk.
At present, the PCDN illegal service detection method in the industry is still the traditional data analysis, such as a big data analysis method based on the service installed address data or AAA online bill. According to the method for analyzing the address data of the service installation machine, the data source is the registration information when the broadband account is opened, authenticity and timeliness are poor, and the accuracy of a detection result is extremely low. The AAA online bill analysis method is online data in a long time period, so that the problems of overlarge data volume and large detection difficulty are faced, and the whole network cannot be efficiently and comprehensively checked and detected.
Disclosure of Invention
The invention provides a PCDN violation service detection method and device, electronic equipment and a storage medium, wherein the network equipment directly acquires data on the internet at a preset time point to analyze the online behavior and type verification, so that the detection accuracy is improved.
In a first aspect, a method for detecting a PCDN violation service provided in an embodiment of the present invention includes:
aiming at each target network device in an operator network, acquiring broadband internet access data generated by user internet access at a preset time point from the target network device; the target network equipment is network equipment used for allocating an IP address for a broadband internet user;
determining at least one internet behavior characteristic according to the acquired broadband internet data;
if the number of the target internet behavior features in the internet behavior features exceeds the preset number, determining a target broadband account number using a broadband in the plurality of target internet behavior features; the target internet behavior characteristic is an internet behavior characteristic which does not meet the limitation condition of the household broadband;
for each target broadband account, if the account type of the target broadband account is a family account, determining that the target broadband account has PCDN violation business;
and if the account number type of the target broadband account number is a government-enterprise account number, detecting whether the PCDN violation business exists in the target broadband account number according to the business type and the account number use information of the target broadband account number.
According to the method, broadband internet data at a preset time point can be acquired through target network equipment, internet behavior characteristics are analyzed, internet behavior characteristics which do not meet the limitation condition of using broadband by a family are found, when the number of the internet behavior characteristics exceeds the preset number, the broadband account numbers of the internet behavior characteristics are considered to have violation risks, if the account number type is determined to be a family account number, the account number is determined to have violation, and if the account number type is determined to be a government and enterprise account number, whether violation is caused or not is determined according to the service type and the account number use information.
In a possible implementation manner, the internet behavior feature includes part or all of the following:
the same logic internet access address uses the number of different broadband account numbers;
the number of times of dialing of the same broadband account number;
the number of times of dialing the same broadband account under the same MAC address;
the IP address type used in the dialing connection process of the broadband account number;
total upstream flow rate of the same logical internet address.
According to the method, the characteristics of the internet behavior can be determined through the logic internet access address, the number of times of dialing the broadband account number, the address type and the flow rate, the violation behavior is analyzed, and the accuracy of detection is improved.
In one possible implementation, the logical internet access address is determined by:
and taking the address formed by the Loopback address of the target network equipment, the port of the target network equipment and the Internet VLAN in the broadband Internet access data as a logic Internet access address.
The method can make the address formed by the three information of the Loopback address of the target network equipment, the port of the target network equipment and the Internet access VLAN be the unique address as the logical Internet access address, thereby making the logical Internet access address unique and improving the detection convenience.
In a possible implementation manner, if the internet access behavior characteristics are the number of different broadband used by the same logical internet access address, the corresponding household broadband use limitation condition is that the number of different broadband used by the same logical internet access address exceeds a preset number;
if the internet access behavior characteristics are the dialing times of the same broadband account number, the corresponding household broadband using limitation condition is that the dialing times of the same broadband account number exceed a first preset time;
if the internet access behavior characteristic is the dialing times of the same broadband account under the same MAC address, the corresponding household broadband use limiting condition is that the dialing times of the same broadband account under the same MAC address exceed a second preset time;
if the internet behavior characteristic is the IP address type used in the broadband account dialing connection process, the corresponding household broadband use limiting condition is that the IP address type used in the broadband account dialing connection process is an IPv4 public network type;
if the internet access behavior characteristic is the total upstream flow rate of the same logical internet access address, the corresponding household broadband use restriction condition is that the total upstream flow rate of the same logical internet access address is greater than the total downstream flow rate.
According to the method, each internet access behavior characteristic is judged according to the household broadband use limiting condition corresponding to each internet access behavior characteristic, so that the judgment is targeted, and the judgment accuracy is improved.
In a possible implementation manner, detecting whether a PCDN violation service exists in the target broadband account according to the service type and the account usage information of the target broadband account includes:
if the company service type of the target broadband account is not a preset type and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account; the preset type is a company business type without using requirements; the use requirements comprise part or all of the same-address multi-dialing, the public network single stack and the public network double stack;
if the service type of the target broadband account is a preset type, the target broadband account has authentication information required by the account of the preset type, and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account;
and if the service type of the target broadband account is a preset type and the target broadband account does not have authentication information required by the account of the preset type or the internet-surfing geographic address in the account use information of the target broadband account is inconsistent with the installed address, determining that the target broadband account has PCDN violation service.
According to the method, whether the violation exists is determined by judging the service type and judging whether the internet-surfing geographic address and the installed address are consistent, whether the violation exists is judged by triple judgment of the service type, the authentication information and the account use information, and the judgment accuracy is improved.
In a second aspect, a device for detecting a PCDN violation traffic provided in an embodiment of the present invention includes:
the system comprises an acquisition module, a processing module and a control module, wherein the acquisition module is used for acquiring broadband internet surfing data generated by user internet surfing at a preset time point from each target network device in an operator network; the target network equipment is network equipment used for allocating an IP address for a broadband internet user;
the determining module is used for determining at least one internet behavior characteristic according to the acquired broadband internet data; if the number of the target internet behavior features in the internet behavior features exceeds the preset number, determining a target broadband account number used in a plurality of target internet behavior features; the target internet behavior characteristic is an internet behavior characteristic which does not meet the limitation condition of the household broadband;
the violation judgment module is used for determining that a PCDN violation business exists in the target broadband account if the account type of the target broadband account is a family account for each target broadband account; and if the account number type of the target broadband account number is a government-enterprise account number, detecting whether the PCDN violation business exists in the target broadband account number according to the business type and the account number use information of the target broadband account number.
In a possible implementation manner, the internet behavior feature includes part or all of the following:
the same logic internet access address uses the number of different broadband account numbers;
the number of times of dialing of the same broadband account number;
the number of times of dialing the same broadband account under the same MAC address;
the IP address type used in the dialing connection process of the broadband account number;
total upstream flow rate of the same logical internet address.
In a possible implementation manner, the violation determining module is specifically configured to:
if the company service type of the target broadband account is not a preset type and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account; the preset type is a company business type without using requirements; the use requirements comprise part or all of the same-address multi-dialing, the public network single stack and the public network double stack;
if the service type of the target broadband account is a preset type, the target broadband account has authentication information required by the account of the preset type, and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account;
and if the service type of the target broadband account is a preset type and the target broadband account does not have authentication information required by the account of the preset type or the internet-surfing geographic address in the account use information of the target broadband account is inconsistent with the installed address, determining that the target broadband account has PCDN violation service.
In a third aspect, the present application further provides an electronic device, including: a processor and a memory;
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the PCDN violation traffic detection method as claimed in any one of the first aspects.
In a fourth aspect, the present application further provides a storage medium, where instructions executed by a processor of an electronic device enable the electronic device to perform the PCDN violation traffic detection method according to any one of the first aspects.
In addition, for technical effects brought by any one implementation manner of the first aspect when being executed by the processing unit in the second aspect to the fourth aspect, reference may be made to technical effects brought by different implementation manners of the first aspect, and details are not described here again.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention and are not to be construed as limiting the invention.
Fig. 1 is a flowchart of a method for detecting a PCDN violation service according to an embodiment of the present invention;
fig. 2 is a structural diagram of a connection relationship between an electronic device and a plurality of target network devices according to an embodiment of the present invention;
fig. 3 is a flowchart of acquiring broadband internet data according to an embodiment of the present invention;
fig. 4 is a structural diagram of a PCDN violation traffic detection apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings.
At present, enterprises and individual customers rent a large amount of broadband of telecommunication operators, the use of products is arbitrarily changed, and the self-used uplink bandwidth is aggregated to form large bandwidth for flow management, so that the security is lower.
In order to avoid the above situation, the embodiments of the present invention propose a solution, which is described in detail below with reference to the accompanying drawings.
With reference to fig. 1, an embodiment of the present invention provides a method for detecting a PCDN violation service, which is applied to an electronic device, and includes:
s100: aiming at each target network device in an operator network, acquiring broadband internet access data generated by user internet access at a preset time point from the target network device; the target network equipment is used for allocating an IP address for a broadband internet user;
the target network equipment is BAS/MSE network equipment; the preset time point may be any time point, for example, the preset time point is a time point after the connection to the electronic device, and the broadband internet access data is real-time broadband service online information on the BAS/MSE network device.
The broadband internet data includes, for example, a broadband account, an IP address, an MAC address, an internet VLAN, a BAS/MSE Loopback address, a BAS port, and the like.
S101: determining at least one internet behavior characteristic according to the acquired broadband internet data;
the internet behavior characteristics comprise part or all of the following:
the same logic internet access address uses the number of different broadband account numbers;
the number of times of dialing of the same broadband account number;
the number of times of dialing the same broadband account under the same MAC address;
the IP address type used in the dialing connection process of the broadband account number;
total upstream flow rate of the same logical internet address.
The same logic internet access address uses the number of different broadband account numbers to indicate that a user accesses the internet through different bandwidth account numbers under the same internet access path, so that a plurality of broadband are installed in the same logic internet access address. Common families are 2-8 families, so that the family account does not have the requirement of installing a plurality of broadband. Therefore, the number of different broadband account numbers used by the same logic internet access address is counted, and whether the broadband account number is a family account number or not can be verified.
The number of times of dialing the same broadband account number indicates the number of times of surfing the internet by a user using the same broadband account number, and the number of times of surfing the internet by a common family is not too many, so that the number of times of dialing the same broadband account number is counted, and whether the broadband account number is a family account number can be verified.
The number of times of dialing of the same broadband account under the same MAC address indicates the address of a terminal, the address is factory-set by the terminal and indicates the number of times of surfing the internet by a user using the same terminal, and the number of times of surfing the internet cannot be too many times at the same time point of common conversation, so that the number of times of dialing of the same broadband account under the same MAC address is counted, and whether the broadband account is a family account can be verified.
Generally, the type of the use address configured for the family is not an IPV4 public network address, so that the IP address type used in the broadband account dialing connection process can verify whether the broadband account is a family account.
Generally, the internet flow rate of a family is not greater than the downlink flow rate, and the total uplink flow rate of the same logic internet address can verify whether the broadband account is a family account.
The logic internet access address is determined in the following mode:
and taking the address formed by the Loopback address of the target network equipment, the port of the target network equipment and the Internet VLAN in the broadband Internet access data as a logic Internet access address.
The target network equipment is BAS/MSE network equipment;
because the address composed of the Loopback address of the BAS/MSE network device, the port of the target network device and the Internet access VLAN is unique, the unique address is used as a logic Internet access address for distinguishing, and the number of different broadband account numbers used by the same logic Internet access address is researched.
S102: if the number of the target internet behavior characteristics in the internet behavior characteristics exceeds the preset number, determining a target broadband account number using a broadband in the plurality of target internet behavior characteristics; the target internet behavior characteristic is an internet behavior characteristic which does not meet the limitation condition of the household broadband;
if the internet access behavior characteristics are the number of different broadband used by the same logic internet access address, the corresponding household broadband use limiting condition is that the number of the different broadband used by the same logic internet access address exceeds the preset number;
if the internet behavior characteristics are the dialing times of the same broadband account number, the corresponding household broadband using limitation condition is that the dialing times of the same broadband account number exceed a first preset time;
if the internet access behavior characteristic is the dialing times of the same broadband account under the same MAC address, the corresponding household broadband use limiting condition is that the dialing times of the same broadband account under the same MAC address exceed a second preset time; for example, the second preset number is 1;
if the internet behavior characteristic is the IP address type used in the broadband account dialing connection process, the corresponding household broadband use limiting condition is that the IP address type used in the broadband account dialing connection process is an IPv4 public network type;
if the internet access behavior characteristic is the total upstream flow rate of the same logical internet access address, the corresponding household broadband use restriction condition is that the total upstream flow rate of the same logical internet access address is greater than the total downstream flow rate.
Further, the number obtained by weighting and summing the number may be compared with a preset number. For example, the number is obtained by weighting each target internet behavior feature.
The formula is as follows:
Q=∑Ki×Ti
wherein, KiIs the weight value of the ith target internet behavior characteristic, TiAnd the characteristics of the ith target internet behavior. The weight of each target internet behavior characteristic is preset, for example, the number of different broadband account numbers used by the same logic internet address exceeds the preset number, then Ki×Ti0.5 times 1; the number of dialing times of the same broadband account number exceeds a first preset number, and K isi×Ti0.3 times 1; the number of times of dialing the same broadband account under the same MAC address exceeds a second preset number, and K isi×Ti0.3 times 1; the IP address type used in the dial-up connection process of the broadband account is IPv4 public network type, then Ki×Ti0.7 times 1; the total upstream flow rate is greater than the total downstream flow rate for the same logical internet address, then Ki×Ti0.5 times 1; then the number is 2.3 compared to a preset number.
The first preset number may be the number of uses of a general household, for example, 4, or the maximum value of the BAS/MSE limit for a single user. Of course, if the number of times of use of a general household is 0.3, the BAS/MSE may have a weight of 0.8 for the maximum value of the single user limit.
The above-described manner is merely exemplary, and the present invention is not particularly limited.
S103: for each target broadband account, if the account type of the target broadband account is a family account, determining that the PCDN violation business exists in the target broadband account;
s104: and if the account number type of the target broadband account number is a government-enterprise account number, detecting whether the PCDN violation business exists in the target broadband account number according to the business type and the account number use information of the target broadband account number.
In detail, if the company service type of the target broadband account is not a preset type and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account; the preset type is a company business type without using requirements; the use requirements comprise part or all of the same-address multi-dialing, the public network single stack and the public network double stack;
if the service type of the target broadband account is a preset type, the target broadband account has authentication information required by the account of the preset type, and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account;
and if the service type of the target broadband account is a preset type and the target broadband account does not have authentication information required by the account of the preset type or the internet-surfing geographic address in the account use information of the target broadband account is inconsistent with the installed address, determining that the target broadband account has PCDN violation service.
The network access geographic address may determine the network access physical address according to the logical network access address of the target broadband account by calling data of the CRM system, that is, the network access physical address, for example, the number of the a-building 102 in a certain cell, is determined according to the Loopback address of the target network device, the port of the target network device, the installation location of the device in the network access VLAN, the area where the device is used, and the like.
The installed address records the installed address in the data of the CRM system by calling the data of the CRM system, so that the corresponding installed address can be directly found according to the target broadband account.
The preset type is a scientific type, and the non-preset type can be a hospital, a hotel and the like. The authentication information required by the preset type of account can be a qualification certificate and an information security promissory book.
In detail, information such as user identity, service usage, and operation qualification of the target broadband account can be queried through CRM (customer relationship management) data.
The method comprises the steps that through a CRM system (customer relationship management), the account type of a target broadband account is found to be a family account, and then the target broadband account is determined to have PCDN violation business;
finding out that the account type of the target broadband account is a government-enterprise account, judging whether the service type of the target broadband account is scientific or not, judging whether the internet-surfing geographic address and the installed address in the account use information of the target broadband account are consistent or not, and if the target broadband account is not scientific or not and the internet-surfing geographic address and the installed address in the account use information of the target broadband account are consistent, avoiding PCDN violation service; if the target broadband account number is scientific and technological, whether the operation qualification exists or not needs to be checked, if the operation qualification exists and the internet access geographic address and the installed address in the account number using information of the target broadband account number are consistent, no PCDN violation business exists, and if the operation qualification does not exist or the internet access geographic address and the installed address in the account number using information of the target broadband account number are inconsistent, the PCDN violation business exists.
As an example, referring to fig. 2, the electronic device 200 is connected to the target network devices 1 to n, respectively, and the electronic device 200 collects broadband internet access data on the target network devices 1 to n in the IP metropolitan area network at any time node; for example, n pieces of broadband internet data are collected together, and each piece of broadband internet data obtains information mn to obtain an information sequence M ═ { M1, M2 … mn }.
Determining internet surfing behavior characteristics of broadband internet surfing data in each target network device, analyzing whether the internet surfing behavior characteristics meet corresponding household broadband use limiting conditions or not, and determining target broadband account numbers using broadband in a plurality of target internet surfing behavior characteristics if the number of the target internet surfing behavior characteristics in the internet surfing behavior characteristics exceeds a preset number; and determining whether the PCDN violation business exists in the target broadband account by analyzing the account type, the business type and the account use information.
The process of obtaining broadband internet data from a target network device is shown in fig. 3:
s300: TCP/IP data transmission between the electronic equipment and target network equipment is realized by using a Socket application programming interface, and Telnet remote control connection is simulated;
s301: after telnet connection is established, target network equipment sends user name input prompt information to electronic equipment; the electronic equipment sends a user name field;
s302: the target network equipment sends password input prompt information to the electronic equipment; the electronic equipment sends the password;
s303: the target network equipment verifies the user name and password information input before, and if the verification is passed, the electronic equipment is allowed to enter the target network equipment to obtain the operation authority;
s304: if the verification fails, the verification process of the password is repeated; the target network equipment supports the verification of a plurality of groups of passwords; if all the password checks fail, the connection is interrupted and failure information is returned;
s305: the electronic equipment sends a query instruction to the network equipment and starts a timer;
s306: continuously monitoring socket connection and acquiring a data stream;
s307: detecting data flow at regular time, and detecting whether an execution finishing signal is received; if so, ending, otherwise, executing S308;
s308: and checking whether the time is out, if so, ending, otherwise, executing S306.
The broadband internet data is acquired information logs, and when internet behavior characteristics are determined, broadband internet data such as broadband account numbers, IP addresses, MAC addresses, internet VLAN (virtual local area network), BAS/MSE (base/mean square error) Loopback addresses and BAS ports are read from character strings of the information logs;
counting the number of different broadband account numbers used by the same logic internet access address; the number of times of dialing of the same broadband account number; the number of times of dialing the same broadband account under the same MAC address; the IP address type used in the dialing connection process of the broadband account number; total upstream flow rate of the same logical internet address.
The logical internet address is obtained according to BAS/MSE Loopback address, BAS port and internet VLAN.
Further, the information sequence m is grouped according to the BAS/MSE Loopback address, namely, is grouped according to different target network devices; the broadband internet access data corresponding to each BAS/MSE can be regarded as an independent access area, and cross-area comparison is not needed; independent feature analysis operation is performed on the groups M1 and M2 … mn, and the following steps are described in terms of broadband internet data of a single target network device M.
The length of an information sequence M to be processed is N, and cyclic operation is performed on all elements M [ i ] in M; the loop operation is executed from the serial number i being 0 to N-1;
(1) when i < N, defining a feature counter M [ i ]. count ═ 0, and defining a valid flag M [ i ]. tag ═ F;
(2) when i is equal to 0, the characteristic counter of M [ i ] is equal to 1, and M [ i ] is marked with a valid mark;
(3) i +1, skipping the process (1);
(4) when i < N, starting sequence internal feature comparison, and executing loop operation on the element M [ j ] before M [ i ]; the loop operation is executed from the serial number j being 0 to i-1;
(5) when j is equal to i, judging the characteristic consistency of M [ i ] and M [ j ], if so, performing the flow (6); otherwise, carrying out the flow (7);
(6) m [ j ] feature counter +1, skipping flow (3);
(7) j equals j +1, and the process is skipped (5);
(8) when j > is i, M [ j ] cycle task execution is finished; judging whether the M [ i ] is marked with a valid mark or not, if so, carrying out a characteristic counter +1 on the M [ i ], and skipping to the flow (3); if not, directly jumping to the flow (3);
(9) and when i > is equal to N, finishing the execution of the M [ i ] cycle task, and outputting all the information data with the valid marks of T.
Performing internet behavior characteristic analysis on m, and counting and calculating the number of different broadband account numbers used by the same logic internet address; the number of times of dialing of the same broadband account number; the number of times of dialing the same broadband account under the same MAC address; the IP address type used in the dialing connection process of the broadband account number; total upstream flow rate of the same logical internet address. Screening out an internet information sequence f with an effective mark set as T from m;
analyzing the internet behavior characteristics as follows:
whether the number of different broadband used by the same logic internet access address exceeds the preset number is 10. In detail, more than 10 broadband are installed on the same logic internet address, and most of the broadband internet addresses are customers with real same address and multiple broadband requirements, such as the party, the government, the campus, the hospital and the like; the logical internet address is obtained by BAS/MSE Loopback address, BAS port and internet VLAN;
whether the dialing times of the same broadband account number exceed a first preset time or not, wherein the first preset time is 4; the first preset number of times can also be the maximum value of the limit of the BAS/MSE to a single user;
whether the number of times of dialing the same broadband account under the same MAC address exceeds a second preset number is judged, namely, the same broadband account is dialed for multiple times, and the same MAC address is reused by the multiple dialing;
whether the IP address type used in the dial-up connection process of the broadband account is an IPv4 public network type or not;
whether the total upstream flow rate of the same logic internet address is greater than the total downstream flow rate;
screening out an information sequence M' which accords with the suspected illegal PCDN surfing characteristic; if the number of the target internet behavior features in the internet behavior features exceeds the preset number, determining that a target broadband account number of a broadband is used in the target internet behavior features, wherein the target broadband account number is suspected to be an illegal account number, and setting a mark to be 1;
CRM system (customer relationship management) data is introduced, and information such as user identity, service use, operation qualification, account use information and the like corresponding to the target broadband account with the mark set as 1 is inquired;
checking the account type: if the account number type is a family account number, namely the user corresponding to the account number type is a person, namely PCDN violation business exists, reserving a suspected violation mark for the target broadband account number;
and (3) service type checking: if the account type is an enterprise account, that is, the user corresponding to the account type is a company, some companies use part or all of the same-address multi-dialing, the single stack of the public network and the double stack of the public network. For such companies, the internet access geographic address in the account use information of the target broadband account is consistent with the installed address, and no PCDN violation business exists. For example, the name of the analysis company, which includes hospitals and hotels, i.e., non-scientific types.
And (4) qualification verification: if the name of the company is analyzed and the name comprises science and technology, the business type is the science and technology type, whether a related qualification certificate is provided or not and whether an information security promissory book is signed or not are required to be checked, and if the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, the suspected violation mark is set to be 0; otherwise, keeping the suspected violation mark;
deleting the entry marked with the suspected violation as 0, and forming an analysis result according to the user corresponding to the target broadband account with the suspected violation mark.
An embodiment of the present invention further provides a device for detecting a PCDN violation service, which is shown in fig. 4 and includes:
an obtaining module 400, configured to obtain, from each target network device in an operator network, broadband internet access data generated by a user accessing the internet at a preset time point; the target network equipment is network equipment used for allocating an IP address for a broadband internet user;
a determining module 401, configured to determine at least one internet behavior feature according to the obtained broadband internet data; if the number of the target internet behavior features in the internet behavior features exceeds the preset number, determining a target broadband account number used in a plurality of target internet behavior features; the target internet behavior characteristic is an internet behavior characteristic which does not meet the limitation condition of the household broadband;
a violation judgment module 402, configured to determine, for each target broadband account, that a PCDN violation service exists in the target broadband account if the account type of the target broadband account is a home account; and if the account number type of the target broadband account number is a government-enterprise account number, detecting whether the PCDN violation business exists in the target broadband account number according to the business type and the account number use information of the target broadband account number.
Optionally, the internet behavior characteristics include part or all of the following:
the same logic internet access address uses the number of different broadband account numbers;
the number of times of dialing of the same broadband account number;
the number of times of dialing the same broadband account under the same MAC address;
the IP address type used in the dialing connection process of the broadband account number;
total upstream flow rate of the same logical internet address.
Optionally, the determining module 401 is specifically configured to:
and taking the address formed by the Loopback address of the target network equipment, the port of the target network equipment and the Internet VLAN in the broadband Internet access data as a logic Internet access address.
Optionally, if the internet access behavior characteristic is the number of different broadband used by the same logical internet access address, the corresponding household broadband use limitation condition is that the number of different broadband used by the same logical internet access address exceeds a preset number;
if the internet access behavior characteristics are the dialing times of the same broadband account number, the corresponding household broadband using limitation condition is that the dialing times of the same broadband account number exceed a first preset time;
if the internet access behavior characteristic is the dialing times of the same broadband account under the same MAC address, the corresponding household broadband use limiting condition is that the dialing times of the same broadband account under the same MAC address exceed a second preset time;
if the internet behavior characteristic is the IP address type used in the broadband account dialing connection process, the corresponding household broadband use limiting condition is that the IP address type used in the broadband account dialing connection process is an IPv4 public network type;
if the internet access behavior characteristic is the total upstream flow rate of the same logical internet access address, the corresponding household broadband use restriction condition is that the total upstream flow rate of the same logical internet access address is greater than the total downstream flow rate.
Optionally, the violation determining module 402 is specifically configured to:
if the company service type of the target broadband account is not a preset type and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account; the preset type is a company business type without using requirements; the use requirements comprise part or all of the same-address multi-dialing, the public network single stack and the public network double stack;
if the service type of the target broadband account is a preset type, the target broadband account has authentication information required by the account of the preset type, and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account;
and if the service type of the target broadband account is a preset type and the target broadband account does not have authentication information required by the account of the preset type or the internet-surfing geographic address in the account use information of the target broadband account is inconsistent with the installed address, determining that the target broadband account has PCDN violation service.
In an exemplary embodiment, there is also provided a storage medium, such as a memory, including instructions executable by a processor of an electronic device to perform the PCDN violation traffic detection method described above. Alternatively, the storage medium may be a non-transitory computer readable storage medium, which may be, for example, a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
An embodiment of the present invention provides an electronic device, including:
the method comprises the following steps: a processor and a memory;
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the PCDN violation traffic detection method as described in any of the above.
Based on the above description, the electronic device structure of fig. 5 is exemplarily presented.
The electronic device may include a processor 510 and a memory 520 that stores computer program instructions.
In particular, the processor 510 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 520 may include mass storage for data or instructions. By way of example, and not limitation, memory 520 may include a Hard Disk Drive (HDD), a floppy Disk Drive, flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 520 may include removable or non-removable (or fixed) media, where appropriate. The memory 520 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 520 is a non-volatile solid-state memory. In certain embodiments, memory 520 comprises Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 510 may implement any of the PCDN violation traffic detection methods in the above embodiments by reading and executing computer program instructions stored in the memory 520.
In one example, the electronic device can also include a communication interface 530 and a bus 540. As shown in fig. 5, the processor 510, the memory 520, and the communication interface 530 are connected via a bus 540 to complete communication.
The communication interface 530 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present invention.
The bus 540 includes hardware, software, or both to couple the components of the electronic device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 540 may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
The electronic device may execute the PCDN violation traffic detection method in the embodiment of the present invention based on the received task, thereby implementing the PCDN violation traffic detection method and apparatus described in conjunction with fig. 1 to 4.
In addition, in combination with the electronic device in the foregoing embodiments, an embodiment of the present invention may provide a storage medium, where instructions in the storage medium, when executed by a processor of the electronic device, enable the electronic device to perform the PCDN violation traffic detection method according to any one of the above embodiments.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A method for detecting PCDN violation service is characterized by comprising the following steps:
aiming at each target network device in an operator network, acquiring broadband internet access data generated by user internet access at a preset time point from the target network device; the target network equipment is network equipment used for allocating an IP address for a broadband internet user;
determining at least one internet behavior characteristic according to the acquired broadband internet data;
if the number of the target internet behavior features in the internet behavior features exceeds the preset number, determining a target broadband account number using a broadband in the plurality of target internet behavior features; the target internet behavior characteristic is an internet behavior characteristic which does not meet the limitation condition of the household broadband;
for each target broadband account, if the account type of the target broadband account is a family account, determining that the target broadband account has PCDN violation business;
and if the account number type of the target broadband account number is a government-enterprise account number, detecting whether the PCDN violation business exists in the target broadband account number according to the business type and the account number use information of the target broadband account number.
2. The PCDN violation traffic detection method of claim 1, wherein the internet behavior features comprise some or all of the following:
the same logic internet access address uses the number of different broadband account numbers;
the number of times of dialing of the same broadband account number;
the number of times of dialing the same broadband account under the same MAC address;
the IP address type used in the dialing connection process of the broadband account number;
total upstream flow rate of the same logical internet address.
3. The PCDN violation traffic detection method of claim 2, wherein the logical internet access address is determined by:
and taking the address formed by the Loopback address of the target network equipment, the port of the target network equipment and the Internet VLAN in the broadband Internet access data as a logic Internet access address.
4. The PCDN violation traffic detection method of claim 2, wherein:
if the internet access behavior characteristics are the number of different broadband used by the same logic internet access address, the corresponding household broadband use limiting condition is that the number of the different broadband used by the same logic internet access address exceeds the preset number;
if the internet access behavior characteristics are the dialing times of the same broadband account number, the corresponding household broadband using limitation condition is that the dialing times of the same broadband account number exceed a first preset time;
if the internet access behavior characteristic is the dialing times of the same broadband account under the same MAC address, the corresponding household broadband use limiting condition is that the dialing times of the same broadband account under the same MAC address exceed a second preset time;
if the internet behavior characteristic is the IP address type used in the broadband account dialing connection process, the corresponding household broadband use limiting condition is that the IP address type used in the broadband account dialing connection process is an IPv4 public network type;
if the internet access behavior characteristic is the total upstream flow rate of the same logical internet access address, the corresponding household broadband use restriction condition is that the total upstream flow rate of the same logical internet access address is greater than the total downstream flow rate.
5. The method for detecting the PCDN violation business according to any one of claims 1-4, wherein detecting whether the PCDN violation business exists in the target broadband account according to the business type and the account usage information of the target broadband account comprises:
if the company service type of the target broadband account is not a preset type and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account; the preset type is a company business type without using requirements; the use requirements comprise part or all of the same-address multi-dialing, the public network single stack and the public network double stack;
if the service type of the target broadband account is a preset type, the target broadband account has authentication information required by the account of the preset type, and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account;
and if the service type of the target broadband account is a preset type and the target broadband account does not have authentication information required by the account of the preset type or the internet-surfing geographic address in the account use information of the target broadband account is inconsistent with the installed address, determining that the target broadband account has PCDN violation service.
6. A PCDN violation traffic detection apparatus, comprising:
the system comprises an acquisition module, a processing module and a control module, wherein the acquisition module is used for acquiring broadband internet surfing data generated by user internet surfing at a preset time point from each target network device in an operator network; the target network equipment is network equipment used for allocating an IP address for a broadband internet user;
the determining module is used for determining at least one internet behavior characteristic according to the acquired broadband internet data; if the number of the target internet behavior features in the internet behavior features exceeds the preset number, determining a target broadband account number used in a plurality of target internet behavior features; the target internet behavior characteristic is an internet behavior characteristic which does not meet the limitation condition of the household broadband;
the violation judgment module is used for determining that a PCDN violation business exists in the target broadband account if the account type of the target broadband account is a family account for each target broadband account; and if the account number type of the target broadband account number is a government-enterprise account number, detecting whether the PCDN violation business exists in the target broadband account number according to the business type and the account number use information of the target broadband account number.
7. The PCDN violation traffic detection device of claim 6, wherein the internet behavior features comprise some or all of:
the same logic internet access address uses the number of different broadband account numbers;
the number of times of dialing of the same broadband account number;
the number of times of dialing the same broadband account under the same MAC address;
the IP address type used in the dialing connection process of the broadband account number;
total upstream flow rate of the same logical internet address.
8. The PCDN violation traffic detection device of claim 6 or 7, wherein the violation determining module is specifically configured to:
if the company service type of the target broadband account is not a preset type and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account; the preset type is a company business type without using requirements; the use requirements comprise part or all of the same-address multi-dialing, the public network single stack and the public network double stack;
if the service type of the target broadband account is a preset type, the target broadband account has authentication information required by the account of the preset type, and the internet access geographic address and the installed address in the account use information of the target broadband account are consistent, determining that no PCDN violation service exists in the target broadband account;
and if the service type of the target broadband account is a preset type and the target broadband account does not have authentication information required by the account of the preset type or the internet-surfing geographic address in the account use information of the target broadband account is inconsistent with the installed address, determining that the target broadband account has PCDN violation service.
9. An electronic device, comprising: a processor and a memory;
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the PCDN violation traffic detection method according to any one of claims 1-5.
10. A storage medium, comprising: the instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the PCDN violation traffic detection method of any one of claims 1-5.
CN202111637659.4A 2021-12-29 2021-12-29 PCDN (physical downlink packet access) illegal service detection method and device, electronic equipment and storage medium Active CN114389977B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111637659.4A CN114389977B (en) 2021-12-29 2021-12-29 PCDN (physical downlink packet access) illegal service detection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111637659.4A CN114389977B (en) 2021-12-29 2021-12-29 PCDN (physical downlink packet access) illegal service detection method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114389977A true CN114389977A (en) 2022-04-22
CN114389977B CN114389977B (en) 2024-03-19

Family

ID=81200673

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111637659.4A Active CN114389977B (en) 2021-12-29 2021-12-29 PCDN (physical downlink packet access) illegal service detection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114389977B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116962255A (en) * 2023-09-20 2023-10-27 武汉博易讯信息科技有限公司 Detection method, system, equipment and readable medium for finding PCDN user

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130053166A (en) * 2011-11-15 2013-05-23 주식회사 크레블 Isp managed p2p cdn service system and providing method thereof
CN111600750A (en) * 2020-05-11 2020-08-28 北京庭宇科技有限公司 Speed limit detection method and system for PCDN network node flow
CN111988745A (en) * 2020-09-02 2020-11-24 腾讯科技(深圳)有限公司 Target user determination method, device, equipment and medium based on WiFi connection data
CN113179328A (en) * 2021-05-19 2021-07-27 上海七牛信息技术有限公司 Resource distribution method and system for PCDN (Primary Contourlet distribution) network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130053166A (en) * 2011-11-15 2013-05-23 주식회사 크레블 Isp managed p2p cdn service system and providing method thereof
CN111600750A (en) * 2020-05-11 2020-08-28 北京庭宇科技有限公司 Speed limit detection method and system for PCDN network node flow
CN111988745A (en) * 2020-09-02 2020-11-24 腾讯科技(深圳)有限公司 Target user determination method, device, equipment and medium based on WiFi connection data
CN113179328A (en) * 2021-05-19 2021-07-27 上海七牛信息技术有限公司 Resource distribution method and system for PCDN (Primary Contourlet distribution) network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116962255A (en) * 2023-09-20 2023-10-27 武汉博易讯信息科技有限公司 Detection method, system, equipment and readable medium for finding PCDN user
CN116962255B (en) * 2023-09-20 2023-11-21 武汉博易讯信息科技有限公司 Detection method, system, equipment and readable medium for finding PCDN user

Also Published As

Publication number Publication date
CN114389977B (en) 2024-03-19

Similar Documents

Publication Publication Date Title
CN107770182B (en) Data storage method of home gateway and home gateway
CN109951436B (en) Trusted terminal verification method and device
US8832816B2 (en) Authentication tokens for use in voice over internet protocol methods
CN108011873B (en) Illegal connection judgment method based on set coverage
CN112134893B (en) Internet of things safety protection method and device, electronic equipment and storage medium
CN109861968A (en) Resource access control method, device, computer equipment and storage medium
KR20160055130A (en) Method and system related to authentication of users for accessing data networks
CN107124420A (en) Auth method and device
WO2023041039A1 (en) Secure access control method, system and apparatus based on dns resolution, and device
CN107454040A (en) The login method and device of application
CN115694932A (en) Method and equipment for realizing community sensitive data protection based on block chain technology
CN114389977B (en) PCDN (physical downlink packet access) illegal service detection method and device, electronic equipment and storage medium
CN110298691A (en) Legality identification method, device and electronic equipment
CN111181967B (en) Data stream identification method, device, electronic equipment and medium
CN110166474B (en) Message processing method and device
CN108881484B (en) Method for detecting whether terminal can access internet or not
CN113938312B (en) Method and device for detecting violent cracking flow
CN113806800B (en) Privacy protection method and system for improving communication efficiency and reasonably distributing rewards
CN109302381B (en) Radius attribute extension method, device, electronic equipment and computer readable medium
CN113923021A (en) Sandbox-based encrypted flow processing method, system, device and medium
CN109995733B (en) Capability service opening method, device, system, equipment and medium
CN113507450B (en) Method and device for filtering internal and external network data based on parameter feature vector
Jansky et al. Hunting sip authentication attacks efficiently
CN113347136B (en) Access authentication method, device, equipment and storage medium
CN114301635B (en) Access control method, device and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant