CN115396125A - WIFI attack detection method and device, WIFI attack detection equipment and computer program - Google Patents
WIFI attack detection method and device, WIFI attack detection equipment and computer program Download PDFInfo
- Publication number
- CN115396125A CN115396125A CN202110495848.6A CN202110495848A CN115396125A CN 115396125 A CN115396125 A CN 115396125A CN 202110495848 A CN202110495848 A CN 202110495848A CN 115396125 A CN115396125 A CN 115396125A
- Authority
- CN
- China
- Prior art keywords
- wifi
- preset
- attack
- wireless access
- attack detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 103
- 238000004590 computer program Methods 0.000 title claims abstract description 15
- 238000005336 cracking Methods 0.000 claims description 15
- 239000000523 sample Substances 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 6
- 238000002347 injection Methods 0.000 claims description 5
- 239000007924 injection Substances 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 14
- 238000012545 processing Methods 0.000 abstract description 13
- 238000012423 maintenance Methods 0.000 abstract description 5
- 230000008439 repair process Effects 0.000 abstract description 5
- 238000000034 method Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 6
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of communication, and discloses a WIF I attack detection method, a device, equipment and a computer program. According to the invention, the data packet in the preset time period is obtained from the preset channel, and whether the WI F I is attacked currently is detected through the difference value between the WI flow value of the preset type data frame in the data packet and the data packet sequence number of the wireless access point at different moments, so that a new WI F I attack detection mode is provided, the WI F I attack detection mode is enriched, and the WI F I attack detection precision is improved; meanwhile, two types of attacks can be detected specifically through the data packet, so that the detection comprehensiveness is improved, and operation and maintenance personnel can conveniently carry out targeted repair and the like according to the attack types; and the difference value between the WIF I flow value and the sequence number of the data packet of the wireless access point at different moments is compared with the corresponding threshold value, so that whether the WIF I is attacked at present is judged, the detection mode is simple, and the data processing amount is small.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a WIFI (wireless communication technology) attack detection method, a WIFI attack detection apparatus, a WIFI attack detection device, and a computer program.
Background
With the rise of wireless WIFI technology, wireless WIFI security becomes a focus of people's attention. At present, the attack detection mode of wireless WIFI is single, so that the accuracy of WIFI attack detection is low.
Therefore, how to improve the accuracy of WIFI attack detection is an urgent problem to be solved.
Disclosure of Invention
The invention mainly aims to provide a WIFI attack detection method, a WIFI attack detection device, equipment and a computer program, and aims to improve the accuracy of WIFI attack detection.
In order to achieve the above object, the present invention provides a WIFI attack detection method, which comprises the following steps:
acquiring a plurality of data packets in a preset time period from a preset channel;
acquiring WIFI traffic values of preset type data frames from the data packets, and if the WIFI traffic values exceed a preset traffic threshold, determining that the WIFI is attacked by password cracking currently;
and acquiring a wireless access point identifier and a data packet serial number of each data packet from the plurality of data packets, acquiring data packet serial number difference values of different wireless access points at different moments according to the wireless access point identifiers and the data packet serial numbers, and determining that the WIFI is currently attacked by phishing if the difference values are greater than preset difference values.
Optionally, after the step of obtaining the plurality of data packets within the preset time period from the preset channel, the WIFI attack detection method further includes:
acquiring a Service Set Identification (SSID) of a wireless access point of each data packet from the plurality of data packets;
judging whether the SSID is in a preset white list or not; a plurality of safe wireless access points and an SSID (service set identifier) corresponding to each safe wireless access point are preset in the preset white list;
and if the SSID is not in the preset white list, determining that the WIFI is attacked currently.
Optionally, after the step of determining whether the SSID is in a preset white list, the method further includes:
if the SSID is in the preset white list, judging whether the SSID corresponds to a plurality of physical MAC addresses;
and if the SSID corresponds to the plurality of physical MAC addresses, determining that the WIFI is attacked currently.
Optionally, after the step of obtaining the plurality of data packets within the preset time period from the preset channel, the WIFI attack detection method further includes:
obtaining the quantity values of different types of data frames from the plurality of data packets;
judging whether the quantity value is larger than a preset quantity threshold value or not;
and if the quantity value is larger than the preset quantity threshold value, determining that the WIFI is attacked by the DOS.
Optionally, after the step of determining that the WIFI is currently attacked by the denial of service DOS if the quantity value is greater than the preset quantity threshold, the method further includes:
determining the type of the DOS attack according to the type of the data frame; wherein the type of DOS attack comprises: at least one of a quality of service QoS injection attack, a probe request overflow attack, an availability attack, an authentication attack, and an association attack.
Optionally, after the step of obtaining the multiple data packets within the preset time period from the preset channel, the WIFI attack detection method further includes:
carrying out attack test on the WIFI equipment under the current network environment to obtain an attack result;
judging whether the attack result meets a preset attack condition or not;
and if the attack result meets the preset attack condition, determining that the WIFI equipment has a bug.
Optionally, the step of obtaining the difference between the sequence numbers of the data packets of different wireless access points at different times according to the identifier of the wireless access point and the sequence number of the data packet includes:
dividing the same wireless access point identification into the same wireless access point;
and performing differencing on the data packet sequence numbers of the same wireless access point at different moments to obtain the data packet sequence number difference of the same wireless access point at different moments.
In addition, to achieve the above object, the present invention further provides a WIFI attack detection apparatus, including:
the acquisition module is used for acquiring a plurality of data packets in a preset time period from a preset channel;
the determining module is used for acquiring a WIFI traffic value of a preset type data frame from the data packets, and if the WIFI traffic value exceeds a preset traffic threshold value, determining that the WIFI is attacked by password cracking currently;
the determining module is further configured to obtain a wireless access point identifier and a data packet serial number of each data packet from the plurality of data packets, obtain a data packet serial number difference value of different wireless access points at different moments according to the wireless access point identifiers and the data packet serial numbers, and determine that the WIFI is currently under the phishing attack if the difference value is greater than a preset difference value.
In addition, to achieve the above object, the present invention further provides a WIFI attack detection apparatus, including: the system comprises a memory, a processor and a WIFI attack detection program stored on the memory and running on the processor, wherein the WIFI attack detection program realizes the steps of the WIFI attack detection method when being executed by the processor.
Furthermore, to achieve the above object, the present invention also provides a computer program having a WIFI attack detection program stored thereon, which when executed by a processor, implements the steps of the above WIFI attack detection method.
According to the technical scheme, the data packets in the preset time period are obtained from the preset channel, and whether WIFI is attacked or not is detected through the difference value between the WIFI flow value of the preset type data frame in the data packet and the sequence number of the data packet of the wireless access point at different moments, so that a new WIFI attack detection mode is provided, the WIFI attack detection mode is enriched, and the WIFI attack detection precision is improved; meanwhile, two types of attacks can be detected specifically through the data packet, so that the detection comprehensiveness is improved, and operation and maintenance personnel can conveniently carry out targeted repair and the like according to the attack types; and the difference value between the WIFI flow value and the data packet serial number of the wireless access point at different moments is compared with the corresponding threshold value, so that whether the WIFI is attacked or not is judged, the detection mode is simple, the data processing capacity is small, and the power consumption is reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the structures shown in the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a WIFI attack detection device in a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a WIFI attack detection method according to a first embodiment of the present invention;
fig. 3 is a schematic flowchart of a WIFI attack detection method according to a second embodiment of the present invention;
fig. 4 is a schematic flowchart of a WIFI attack detection method according to a second embodiment of the present invention;
fig. 5 is a schematic flowchart of a third embodiment of a WIFI attack detection method according to the present invention;
fig. 6 is a schematic flowchart of a WIFI attack detection method according to a fourth embodiment of the present invention;
fig. 7 is a block diagram of a WIFI attack detection apparatus according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a WIFI attack detection device in a hardware operating environment according to an embodiment of the present invention.
WIFI attack detection equipment includes: at least one processor 101, a memory 102, and a WIFI attack detection program stored on the memory and executable on the processor, the WIFI attack detection program configured to implement the steps of the WIFI attack detection method of any of the following embodiments.
The memory 102 may include one or more computer programs, which may be non-transitory. Memory 102 may also include high-speed random access memory, as well as non-volatile memory, such as one or more disk storage WIFI attack detection devices, flash storage WIFI attack detection devices. In some embodiments, the non-transitory computer program in the memory 102 is configured to store at least one instruction for execution by the processor 101 to implement the WIFI attack detection model training method provided by the method embodiments herein.
In some examples, the WIFI attack detection device may also optionally include: a communication interface 103 and at least one peripheral device. The processor 101, memory 102 and communication interface 103 may be connected by a bus or signal lines. Various peripheral devices may be connected to the communication interface 103 via a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of radio frequency circuitry 104, display screen 105, and power supply 106.
The communication interface 103 can be used to connect at least one peripheral device related to I/O (Input/Output) to the processor 101 and the memory 102. In some embodiments, the processor 101, memory 102, and communication interface 103 are integrated on the same chip or circuit board; in some other embodiments, any one or two of the processor 101, the memory 102 and the communication interface 103 may be implemented on a single chip or circuit board, which is not limited in this embodiment.
The Radio Frequency circuit 104 is used for receiving and transmitting RF (Radio Frequency) signals, also called electromagnetic signals. Radio frequency circuit 104 communicates with the communication network and other communication WIFI attack detection devices through electromagnetic signals. The rf circuit 104 converts an electrical signal into an electromagnetic signal for transmission, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 104 comprises: an antenna system, an RF transceiver, one or more amplifiers, a tuner, an oscillator, a digital signal processor, a codec chipset, a subscriber identity module card, and so forth. The radio frequency circuitry 104 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocols include, but are not limited to: metropolitan area networks, various generation mobile communication networks (2G, 3G, 4G, and 5G), wireless local area networks, and/or WiFi (Wireless Fidelity) networks. In some embodiments, the rf circuit 104 may further include NFC (Near Field Communication) related circuits, which are not limited in this application.
The display screen 105 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display screen 105 is a touch display screen, the display screen 105 also has the ability to capture touch signals on or over the surface of the display screen 105. The touch signal may be input to the processor 101 as a control signal for processing. At this point, the display screen 105 may also be used to provide virtual buttons and/or a virtual keyboard, also referred to as soft buttons and/or a soft keyboard. In some embodiments, the display screen 105 may be one, the front panel of the WIFI attack detection device; in other embodiments, the number of the display screens 105 may be at least two, and the display screens are respectively disposed on different surfaces of the WIFI attack detection device or are in a folding design; in some embodiments, the display screen 105 may be a flexible display screen disposed on a curved surface or a folded surface of the WIFI attack detection device. Even further, the display screen 105 may be arranged in a non-rectangular irregular pattern, i.e. a shaped screen. The Display screen 105 may be made of LCD (liquid crystal Display), OLED (Organic Light-Emitting Diode), and the like.
The power supply 106 is used for supplying power to each component in the WIFI attack detection device. The power source 106 may be alternating current, direct current, disposable batteries, or rechargeable batteries. When power source 106 comprises a rechargeable battery, the rechargeable battery may support wired or wireless charging. The rechargeable battery can also be used to support fast charge technology.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of WIFI attack detection devices and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
Based on the above hardware structure, embodiments of the present invention are proposed.
Referring to fig. 2, fig. 2 is a schematic flowchart of a WIFI attack detection method according to a first embodiment of the present invention, where the WIFI attack detection method includes the following steps:
step S201: and acquiring a plurality of data packets in a preset time period from a preset channel.
In this embodiment, the execution main body of steps S201 to S203 may be a WIFI attack detection device, where the WIFI attack detection device is used to protect an AP in a near field environment, and the core of the WIFI attack detection device is based on a network card with a monitoring function.
In some examples, the default channels may be 13 channels in the 2.4GHz band, where please see table one.
Watch 1
| Channel with a plurality of channels | Center frequency | Channel with a plurality of channels | Center frequency |
| 1 | 2412MHz | 8 | 2447MHz |
| 2 | 2417MHz | 9 | 2452MHz |
| 3 | 2422MHz | 10 | 2457MHz |
| 4 | 2427MHz | 11 | 2462MHz |
| 5 | 2432MHz | 12 | 2467MHz |
| 6 | 2437MHz | 13 | 2472MHz |
| 7 | 2442MHz |
In some examples, the preset channels may be 5 channels of a 5GHz band.
In some examples, the preset channels may be 13 channels in the 2.4GHz band and 5 channels in the 5GHz band; in practical application, the preset channel can be flexibly adjusted according to a specific application scene.
The preset time period in this embodiment refers to a preset period of time, for example, 10 minutes; in practical application, the preset time period can be flexibly adjusted according to a specific application scene.
In the embodiment, a plurality of data in a period of time are acquired from a preset channel; for example, a plurality of packets are obtained by grabbing packets for each channel for 20 minutes from 13 channels in the 2.4GHz band and 5 channels in the 5GHz band.
Step S202: and acquiring a WIFI flow value of a preset type data frame from the plurality of data packets, and if the WIFI flow value exceeds a preset flow threshold value, determining that the WIFI is attacked by password cracking currently.
Further, after a plurality of data packets within a preset time period are acquired from a preset channel, a WIFI flow value of a preset type data frame can be acquired from the data packets, whether the WIFI flow value exceeds a preset flow threshold value or not is judged, and if the WIFI flow value exceeds the preset flow threshold value, it can be determined that the WIFI is attacked by password cracking currently.
It should be clear that, in the prior art, an attacker can obtain handshake information between the device and the wireless access point and use a dictionary file generated by social engineering and other ways to perform brute force cracking, and if the password itself is a weak password such as a pure number, the attacker can complete the cracking in a short time. The key point for realizing the password cracking attack is that a user frequently disconnects to grab a handshake packet, and the common attacks for disconnecting the client side include Deauthentication attack and Disassociation Flood attack; the Deauthentication attack turns the client into an unassociated state by spoofing a Deauthentication frame from the wireless access point to the client unicast address, and the Disassociation Flood attack forces the client into an unassociated state by spoofing a Deauthentication frame from the wireless access point to the client.
Therefore, in this embodiment, the preset type data frames, such as the Deauthentication frame and the Disassociation frame, may be monitored, so as to detect whether the WIFI is currently attacked by password cracking according to the flow value of the preset type data frames. It is understood that the preset type data frame in this embodiment includes, but is not limited to, a Deauthentication frame and a disassivation frame, wherein the preset type data frame may include one or more of the Deauthentication frame and the disassivation frame; in practical application, the preset type data frame can be flexibly adjusted according to a specific application scene.
In some examples, when the WIFI traffic value of the Deauthentication frame is obtained from multiple data packets, it needs to be determined whether the WIFI traffic value of the Deauthentication frame exceeds a preset traffic threshold, and if the WIFI traffic value of the Deauthentication frame exceeds the preset traffic threshold, it may be determined that the WIFI is currently attacked by password cracking.
It can be understood that when it is determined that the WIFI is currently attacked by password cracking, the abnormal traffic information of the Deauthentication frame may be obtained at this time, and then the attack object is determined according to the device address in the abnormal traffic information.
In some examples, when the WIFI traffic value of the distribution frame is obtained from the plurality of data packets, it needs to be determined whether the WIFI traffic value of the distribution frame exceeds a preset traffic threshold, and if the WIFI traffic value of the distribution frame exceeds the preset traffic threshold, it may be determined that the WIFI is currently attacked by crypto cracking.
It can be understood that when it is determined that the WIFI is currently attacked by password cracking, the abnormal traffic information of the Disassociation frame may be obtained, and then the attack object may be determined according to the device address in the abnormal traffic information.
Step S203: the method comprises the steps of obtaining a wireless access point identification and a data packet serial number of each data packet from a plurality of data packets, obtaining data packet serial number difference values of different wireless access points at different moments according to the wireless access point identifications and the data packet serial numbers, and determining that the WIFI is currently attacked by phishing if the difference values are larger than preset difference values.
Further, after a plurality of data packets within a preset time period are acquired from a preset channel, the wireless access point identification and the data packet serial number of each data packet can be acquired from the plurality of data packets, then, the data packet serial number difference value of different wireless access points at different moments is acquired according to the wireless access point identification and the data packet serial number, whether the difference value is larger than the preset difference value or not is judged, and if the difference value is larger than the preset difference value, it can be determined that the WIFI is currently attacked by phishing.
It should be clear that phishing WIFI in the prior art is usually that an attacker sets up a WIFI network with the same or similar name as the public WIFI network in a public place, lures a user to access a mobile device to the network, generally requires the user to input sensitive information such as an identity card number, a mobile phone number, a name and the like when accessing the internet or directly performs information interaction on the device of the access user, monitors information submitted by the user, and steals internet access information of the user under the condition that the user is not aware of the information; the phishing WIFI can have a sequence of serial numbers of the phishing WIFI, and therefore the serial numbers are not continuous with the serial numbers of the real wireless access points.
Therefore, in this embodiment, the serial numbers of the same wireless access point at different times can be obtained, so that whether the WI-FI is currently under phishing attack or not can be detected according to the difference of the serial numbers of the same wireless access point at different times.
The wireless access point identifier in this embodiment refers to information for uniquely identifying a wireless access point; the same wireless access point may send out a plurality of data packets with sequence numbers having a certain rule, where the sequence number in this embodiment is used to identify which data packet is in the current sequence.
First, in this embodiment, the wireless access point identifier and the packet sequence number of each packet are obtained from a plurality of packets.
For example, it is assumed that 100 data packets N1-N50 are obtained, where the wireless access point identifiers corresponding to the data packets N1-N20 are AP1, the data packet sequence numbers k1, k2, \8230, 82303030, k20, the wireless access point identifiers corresponding to the data packets N21-N25 are AP2, the data packet sequence numbers k21, k2, \8230, k25, the wireless access point identifiers corresponding to the data packets N25-N40 are AP3, the data packet sequence numbers k80, k85, \82308230, 8230, k900, the wireless access point identifiers corresponding to the data packets N40-N50 are AP4, the data packet sequence numbers k40, k41, \8230, 8230, and k50.
Then, in this embodiment, after acquiring the wireless access point identifier and the data packet sequence number of each data packet from a plurality of data packets, it is necessary to acquire the data packet sequence number difference of different wireless access points at different times according to the wireless access point identifier and the data packet sequence number.
In this embodiment, the step of obtaining the difference between the sequence numbers of the data packets of different wireless access points at different times according to the identifier of the wireless access point and the sequence number of the data packet may include the following steps:
dividing the same wireless access point identification into the same wireless access point; and performing difference calculation on the data packet serial numbers of the same wireless access point at different moments to obtain the data packet serial number difference values of the same wireless access point at different moments.
That is, in this embodiment, according to the wireless access point identifier and the packet serial number, the packet serial number difference of different wireless access points at different times is obtained, which may be specifically realized by first dividing the same wireless access point identifier into the same wireless access point, and then performing a difference calculation on the packet serial numbers of the same wireless access point at different times to obtain the packet serial number difference of the same wireless access point at different times.
For example, taking the above example as an example, if the packet sequence number corresponding to the time T1 is k1 and the packet sequence number corresponding to the time T20 is k20 for the AP1, the packet sequence number difference between the time T2 and the time T1 is k20-k1; for the AP2, if the packet sequence number corresponding to the time T3 is k21, and the packet sequence number corresponding to the time T4 is k25, the packet sequence number difference between the time T4 and the time T3 is k25-k21; for AP3, if the packet sequence number corresponding to time T7 is k80, and the packet sequence number corresponding to time T8 is k900, the packet sequence number difference between time T8 and time T7 is k900-k80; for AP4, assuming that the packet sequence number corresponding to time T5 is k40, and the packet sequence number corresponding to time T6 is k50, the packet sequence number difference between time T6 and time T5 is k50-k40.
In this embodiment, after the difference value of the data packet sequence numbers of different wireless access points at different times is obtained, it is necessary to determine whether the difference value is greater than a preset difference value, and if the difference value is greater than the preset difference value, it can be determined that the WIFI is currently attacked by phishing.
For example, the above example is taken, if the preset difference is K, the relationships between K20-K1, K25-K21, K900-K80, and K50-K40 and K are respectively determined, if K20-K1 is greater than K, it can be determined that WIFI is currently attacked by phishing, if K25-K21 is greater than K, it can be determined that WIFI is currently attacked by phishing, if K900-K80 is greater than K, it can be determined that WIFI is currently attacked by phishing, and if K50-K40 is greater than K, it can be determined that WIFI is currently attacked by phishing.
It should be noted that, in practical applications, for the same wireless access point, flexible adjustment may be performed at different times in obtaining the packet sequence number difference values at the corresponding different times, for example, 10 minutes is separated between the time T1 and the time T2 in the above example, or a set period of time is set.
It should be noted that step S202 and step S203 may be executed simultaneously, or may be executed after any execution.
In the embodiment, the data packets within the preset time period are acquired from the preset channel, and whether WIFI is currently attacked or not is judged according to the difference value between the WIFI flow value of the preset type data frame in the data packet and the data packet sequence number of the wireless access point at different moments, so that a new WIFI attack detection mode is provided, the WIFI attack detection mode is enriched, and the WIFI attack detection precision is improved; meanwhile, two types of attacks can be detected specifically through the data packet, so that the detection comprehensiveness is improved, and operation and maintenance personnel can conveniently carry out targeted repair and the like according to the attack types; and the difference value between the WIFI flow value and the data packet serial number of the wireless access point at different moments is compared with the corresponding threshold value, so that whether the WIFI is attacked or not is judged, the detection mode is simple, the data processing capacity is small, and the power consumption is reduced.
Referring to fig. 3, fig. 3 is a schematic flowchart illustrating a WIFI attack detection method according to a second embodiment of the present invention; in this embodiment, after the step S201 acquires a plurality of data packets within a preset time period from a preset channel, the WIFI attack detection method may further include the following steps:
step S301: the SSID (Service Set Identifier) of the wireless access point of each packet is obtained from the plurality of packets.
Step S302: judging whether the SSID is in a preset white list or not; the preset white list is preset with a plurality of safe wireless access points and SSIDs corresponding to the safe wireless access points.
Step S303: and if the SSID is not in the preset white list, determining that the WIFI is attacked currently.
That is, another new detection method is proposed for phishing WIFI in this embodiment; it will be appreciated that each wireless access point has a corresponding SSID and MAC address, where there is only one SSID and MAC address for the secure wireless access point. Therefore, in this embodiment, the SSID of the wireless access point of each data packet may be acquired from the acquired data packets, and then, by determining whether the SSID is in the preset white list, if the SSID is not in the preset white list, it may be determined that the WIFI is currently attacked by phishing, and if the SSID is in the preset white list, it may be further determined whether the WIFI is currently attacked by phishing according to the physical MAC address.
In this embodiment, a plurality of secure wireless access points and SSIDs corresponding to the secure wireless access points are preset in a preset white list; for example, please refer to table two, which is an exemplary white list, in practical applications, the white list may be flexibly adjusted according to a specific application scenario.
Watch two
Referring to fig. 4, in this embodiment, after the step of determining whether the SSID is in the preset white list in step S302, the method may further include the following steps:
step S304: if the SSID is in the preset white list, judging whether the SSID corresponds to a plurality of physical MAC addresses (Media Access Control addresses);
step S305: and if the SSID corresponds to the plurality of physical MAC addresses, determining that the WIFI is attacked currently.
That is, in this embodiment, if the SSID is in the preset white list, it is necessary to determine whether the SSID corresponds to the multiple physical MAC addresses, and if the SSID corresponds to the multiple physical MAC addresses, it may be determined that the WIFI is currently attacked by phishing, and if the SSID does not correspond to the multiple physical MAC addresses, it may be determined that the WIFI is not currently attacked by phishing, or it may be determined whether the WIFI is currently attacked by phishing through other detection methods. Therefore, when the SSID is judged not to be in the preset white list, whether the WIFI is attacked or not can be further determined according to the physical MAC address, and therefore detection is more comprehensive and accurate.
It should be noted that, it is determined whether the SSID corresponds to two or more of the plurality of physical MAC addresses, and in practical applications, the number of the SSID corresponding to the plurality of physical MAC addresses may be flexibly adjusted according to specific application scenarios, for example, 4 or 5 SSID.
In the embodiment, whether WIFI is currently attacked or not is detected through the SSID and the physical MAC address of the wireless access point in the data packet, so that a new WIFI attack detection mode is provided, the WIFI attack detection mode is enriched, and the WIFI attack detection precision is improved.
Referring to fig. 5, fig. 5 is a schematic flowchart illustrating a WIFI attack detection method according to a third embodiment of the present invention; in this embodiment, after the step S201 acquires a plurality of data packets within a preset time period from a preset channel, the WIFI attack detection method may further include the following steps:
step S501: acquiring the quantity values of different types of data frames from a plurality of data packets;
step S502: judging whether the quantity value is larger than a preset quantity threshold value or not;
step S503: and if the quantity value is larger than the preset quantity threshold value, determining that the WIFI is attacked by DOS (denial of service) currently.
It should be clear that DOS attacks in the prior art are very serious attacks that aim to make the network unusable or to disturb the normal experience of the user. In order to implement such DOS attacks, it is common to send a large amount of messages to exhaust network bandwidth, or send a large amount of association and authentication messages to a wireless access point, so that the wireless access point is overloaded and crashed.
Therefore, in this embodiment, different types of Data frames, such as Qos Data frames, probeRequest frames, beacon frames, authentication frames, and Association frames, may be monitored, so as to detect whether WIFI is currently attacked by DOS according to the quantity values of the different types of Data frames. It is understood that the different types of Data frames in this embodiment include, but are not limited to, qos Data frames, probe request frames, beacon (availability) frames, authentication frames, and Association frames, wherein the different types of Data frames may include one or more of Qos frames, probe request flow frames, beacon frames, authentication frames, and Association frames; in practical application, different types of data frames can be flexibly adjusted according to specific application scenes.
In some examples, when the quantity value of the QosData frames is obtained from a plurality of data packets, it needs to be determined whether the quantity value of the QosData frames exceeds a preset quantity threshold, and if the quantity value of the QosData frames exceeds the preset flow threshold, it may be determined that the WIFI is currently attacked by DOS.
It can be understood that when it is determined that the WIFI is currently under the DOS attack, it may be further determined that the Qos injection attack belongs to the DOS attack according to the type of the data frame.
In some examples, when the number value of the ProbeRequest frames is acquired from the plurality of data packets, it is required to determine whether the number value of the ProbeRequest frames exceeds a preset number threshold, and if the number value of the ProbeRequest frames exceeds a preset traffic threshold, it may be determined that the WIFI is currently attacked by DOS.
It can be understood that when it is determined that the WIFI is currently under the DOS attack, it may further be determined that the WIFI is a ProbeRequest Flood attack among the DOS attacks according to the type of the data frame.
In some examples, when the number value of the Beacon frames is acquired from a plurality of data packets, it needs to be determined whether the number value of the Beacon frames exceeds a preset number threshold, and if the number value of the Beacon frames exceeds a preset traffic threshold, it can be determined that the WIFI is currently attacked by DOS.
It can be understood that when it is determined that the WIFI is currently under the DOS attack, it may be further determined that the WIFI belongs to the Beacon attack among the DOS attacks according to the type of the data frame.
In some examples, when the quantity value of the Authentication frame is acquired from the plurality of data packets, it is determined whether the quantity value of the Authentication frame exceeds a preset quantity threshold, and if the quantity value of the Authentication frame exceeds a preset flow threshold, it may be determined that the WIFI is currently attacked by DOS.
It can be understood that when it is determined that the WIFI is currently under the DOS attack, it may be further determined that the WIFI is an Authentication attack among DOS attacks according to the type of the data frame.
In some examples, when the Association frame quantity value is obtained from a plurality of data packets, it needs to be determined whether the Association frame quantity value exceeds a preset quantity threshold, and if the Association frame quantity value exceeds a preset flow threshold, it may be determined that the WIFI is currently attacked by DOS.
It can be understood that when it is determined that WIFI is currently attacked by DOS, it may be further determined that WIFI belongs to an Association attack in DOS attack according to the type of the data frame.
In this embodiment, if the quantity value is greater than the preset quantity threshold in step S503, it may be determined that the WIFI is currently under the denial of service DOS attack, and the method may further include the following steps:
determining the type of the DOS attack according to the type of the data frame; wherein, the types of DOS attacks include: qoS injection attack, probe request Flood attack, beacon attack, authentication attack and Association attack.
The description has been given above and will not be repeated here.
In the embodiment, whether WIFI is attacked at present is detected through the quantity values of different types of data frames in the data packet, so that a new WIFI attack detection mode is provided, the WIFI attack detection mode is enriched, and the WIFI attack detection precision is improved; meanwhile, whether the DOS attack exists or not can be detected specifically through the data packet, and operation and maintenance personnel can repair the DOS attack in a targeted manner more conveniently; and the quantity value is compared with the corresponding threshold value, so that whether the WIFI is attacked at present is judged, the detection mode is simple, the data processing amount is small, and the power consumption is reduced.
Referring to fig. 6, fig. 6 is a schematic flowchart illustrating a WIFI attack detection method according to a fourth embodiment of the present invention; in this embodiment, after the step S201 obtains a plurality of data packets within a preset time period from a preset channel, the WIFI attack detection method may further include the following steps:
step S601: carrying out attack test on the WIFI equipment under the current network environment to obtain an attack result;
step S602: judging whether the attack result meets a preset attack condition or not;
step S603: and if the attack result meets the preset attack condition, determining that the WIFI equipment has a bug.
It should be clear that, although security has been fully considered in the beginning of the protocol design of the 802.11 series in the prior art, due to the irregularity of the downstream devices, vulnerabilities for the WiFi chip and the wireless access point are often exposed, thereby seriously affecting the security of the whole WiFi network ecology.
Therefore, in this embodiment, an attack test may be performed on the WIFI device in the current network environment to obtain an attack result, and then whether the attack result meets the preset attack condition is determined, and if the attack result meets the preset attack condition, it may be determined that the WIFI device has a bug.
It should be noted that, in practical applications, the preset attack condition may be flexibly adjusted according to a specific application scenario.
In the embodiment, an attack result is obtained by performing attack test on the WIFI equipment in the current network environment, and a vulnerability of the WIFI equipment is determined when the attack result meets a preset attack condition; therefore, operation and maintenance personnel carry out targeted repair according to the attack result, and the ecological safety of the whole WiFi network is improved.
In addition, as shown in fig. 7, an embodiment of the present invention further provides a WIFI attack detection device based on the above WIFI attack detection method, where the WIFI attack detection device includes:
an obtaining module 701, configured to obtain multiple data packets in a preset time period from a preset channel;
the determining module 702 is configured to acquire a WIFI traffic value of a preset type of data frame from a plurality of data packets, and if the WIFI traffic value exceeds a preset traffic threshold, determine that the WIFI is currently attacked by password cracking;
the determining module 702 is further configured to obtain a wireless access point identifier and a data packet serial number of each data packet from the plurality of data packets, obtain a data packet serial number difference value of different wireless access points at different times according to the wireless access point identifier and the data packet serial number, and determine that the WIFI is currently under the phishing attack if the difference value is greater than a preset difference value.
In some embodiments, the obtaining module 701 is further configured to obtain, from a plurality of data packets, a service set identification SSID of a wireless access point of each data packet; the determining module 702 is further configured to determine whether the SSID is in a preset white list; the preset white list is preset with a plurality of safe wireless access points and SSIDs corresponding to the safe wireless access points; if the SSID is not in the preset white list, the WIFI can be determined to be attacked by phishing;
it can be understood that the determining module 702 is further configured to determine whether the SSID corresponds to multiple physical MAC addresses if the SSID is in the preset white list; and if the SSID corresponds to a plurality of physical MAC addresses, the fact that the WIFI is attacked currently can be determined.
In some embodiments, the obtaining module 701 is further configured to obtain a quantity value of different types of data frames from a plurality of data packets; a determining module 702, configured to determine whether the quantity value is greater than a preset quantity threshold; if the quantity value is larger than the preset quantity threshold value, the fact that the WIFI is attacked by the DOS can be determined.
It is to be understood that the determining module 702 is further configured to determine the type of DOS attack according to the type of the data frame; wherein, the types of DOS attacks include: at least one of a quality of service QoS injection attack, a probe request overflow attack, an availability attack, an authentication attack, and an association attack.
In some embodiments, the obtaining module 701 is further configured to perform an attack test on the WIFI device in the current network environment, and obtain an attack result; the determining module 702 is further configured to determine whether an attack result meets a preset attack condition; and if the attack result meets the preset attack condition, determining that the WIFI equipment has a bug.
It should be noted that the WIFI attack detection apparatus in this embodiment may further optionally include other corresponding modules, so as to implement the steps of the above WIFI attack detection method.
The WIFI attack detection device of the present invention adopts all technical solutions of all embodiments of the above WIFI attack detection method, so that at least all beneficial effects brought by the technical solutions of all embodiments of the above WIFI attack detection method are achieved, and no further description is given here.
In addition, this embodiment further provides a computer program, where a WIFI attack detection program is stored on the computer program, and when the WIFI attack detection program is executed by the processor, the steps of the WIFI attack detection method as above are implemented.
The computer program includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, computer program modules or other data. Computer programs include, but are not limited to, RAM (Random Access Memory), ROM (Read-Only Memory), EEPROM (Electrically erasable Programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact Disc Read-Only Memory), digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage, or any other medium which can be used to store the desired information and which can be accessed by a computer.
It will be apparent to one skilled in the art that all or some of the steps of the methods, systems, functional modules/units in the integrated cooker disclosed above may be implemented as software, firmware, hardware and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A WIFI attack detection method is characterized by comprising the following steps:
acquiring a plurality of data packets in a preset time period from a preset channel;
acquiring WIFI flow values of preset type data frames from the data packets, and if the WIFI flow values exceed a preset flow threshold, determining that the WIFI is attacked by password cracking currently;
and acquiring a wireless access point identifier and a data packet serial number of each data packet from the plurality of data packets, acquiring data packet serial number difference values of different wireless access points at different moments according to the wireless access point identifiers and the data packet serial numbers, and determining that the WIFI is currently attacked by phishing if the difference values are greater than preset difference values.
2. The WIFI attack detection method according to claim 1, wherein after the step of obtaining the plurality of data packets within the preset time period from the preset channel, the WIFI attack detection method further includes:
acquiring a Service Set Identification (SSID) of a wireless access point of each data packet from the plurality of data packets;
judging whether the SSID is in a preset white list or not; a plurality of safe wireless access points and an SSID (service set identifier) corresponding to each safe wireless access point are preset in the preset white list;
and if the SSID is not in the preset white list, determining that the WIFI is attacked currently.
3. The WIFI attack detection method of claim 2, wherein after the step of determining whether the SSID is on a preset white list, further comprising:
if the SSID is in the preset white list, judging whether the SSID corresponds to a plurality of physical MAC addresses;
and if the SSID corresponds to the plurality of physical MAC addresses, determining that the WIFI is attacked currently.
4. The WIFI attack detection method according to claim 1, wherein after the step of obtaining the plurality of data packets within the preset time period from the preset channel, the WIFI attack detection method further comprises:
obtaining the quantity values of different types of data frames from the plurality of data packets;
judging whether the quantity value is larger than a preset quantity threshold value or not;
and if the quantity value is larger than a preset quantity threshold value, determining that the WIFI is attacked by the DOS (denial of service) currently.
5. The WIFI attack detection method according to claim 4, wherein if the quantity value is larger than the preset quantity threshold, after the step of determining that WIFI is currently under a denial of service DOS attack, further comprising:
determining the type of the DOS attack according to the type of the data frame; wherein the types of DOS attacks include: at least one of a quality of service (QoS) injection attack, a probe request overflow attack, an availability attack, an authentication attack, and an association attack.
6. The WIFI attack detection method according to claim 1, wherein after the step of obtaining the plurality of data packets within the preset time period from the preset channel, the WIFI attack detection method further includes:
carrying out attack test on the WIFI equipment under the current network environment to obtain an attack result;
judging whether the attack result meets a preset attack condition or not;
and if the attack result meets a preset attack condition, determining that the WIFI equipment has a bug.
7. The WIFI attack detection method according to any of claims 1-6, wherein the step of obtaining the data packet sequence number difference of different wireless access points at different time according to the wireless access point identifier and the data packet sequence number includes:
dividing the same wireless access point identification into the same wireless access point;
and performing difference calculation on the data packet serial numbers of the same wireless access point at different moments to obtain the data packet serial number difference values of the same wireless access point at different moments.
8. A WIFI attack detection device, comprising:
the acquisition module is used for acquiring a plurality of data packets in a preset time period from a preset channel;
the determining module is used for acquiring a WIFI traffic value of a preset type data frame from the data packets, and if the WIFI traffic value exceeds a preset traffic threshold value, determining that the WIFI is attacked by password cracking currently;
the determining module is further configured to obtain a wireless access point identifier and a data packet serial number of each data packet from the plurality of data packets, obtain a data packet serial number difference value of different wireless access points at different moments according to the wireless access point identifiers and the data packet serial numbers, and determine that the WIFI is currently under the phishing attack if the difference value is greater than a preset difference value.
9. A WIFI attack detection device, comprising: a memory, a processor, and a WIFI attack detection program stored on the memory and running on the processor, the WIFI attack detection program when executed by the processor implementing the steps of the WIFI attack detection method of any of claims 1-7.
10. A computer program, characterized in that the computer program has stored thereon a WIFI attack detection program, which when executed by a processor implements the steps of the WIFI attack detection method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110495848.6A CN115396125A (en) | 2021-05-07 | 2021-05-07 | WIFI attack detection method and device, WIFI attack detection equipment and computer program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110495848.6A CN115396125A (en) | 2021-05-07 | 2021-05-07 | WIFI attack detection method and device, WIFI attack detection equipment and computer program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115396125A true CN115396125A (en) | 2022-11-25 |
Family
ID=84113734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110495848.6A Pending CN115396125A (en) | 2021-05-07 | 2021-05-07 | WIFI attack detection method and device, WIFI attack detection equipment and computer program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115396125A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116156505A (en) * | 2023-04-18 | 2023-05-23 | 南京桂瑞得信息科技有限公司 | WiFi equipment detection method based on denoising self-encoder and metric learning |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101895887A (en) * | 2009-05-22 | 2010-11-24 | 巴比禄股份有限公司 | Wireless LAN access point device, unauthorized management frame detection method |
| KR20110087972A (en) * | 2010-01-28 | 2011-08-03 | 한남대학교 산학협력단 | Method for blocking abnormal traffic using session table |
| CN102905256A (en) * | 2012-10-30 | 2013-01-30 | 东南大学 | Security assessment method for wireless local area network card based on penetration test |
| CN102917360A (en) * | 2012-10-24 | 2013-02-06 | 北京邮电大学 | Device and method for detecting Zigbee protocol vulnerabilities |
| CN105611534A (en) * | 2014-11-25 | 2016-05-25 | 阿里巴巴集团控股有限公司 | Method and device for recognizing pseudo WiFi network by wireless terminal |
| CN105681272A (en) * | 2015-12-08 | 2016-06-15 | 哈尔滨工业大学(威海) | Method for detecting and defensing fishing WiFi of mobile terminal |
| CN106790299A (en) * | 2017-03-20 | 2017-05-31 | 京信通信技术(广州)有限公司 | A kind of wireless attack defence method and device applied in wireless access point AP |
-
2021
- 2021-05-07 CN CN202110495848.6A patent/CN115396125A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101895887A (en) * | 2009-05-22 | 2010-11-24 | 巴比禄股份有限公司 | Wireless LAN access point device, unauthorized management frame detection method |
| KR20110087972A (en) * | 2010-01-28 | 2011-08-03 | 한남대학교 산학협력단 | Method for blocking abnormal traffic using session table |
| CN102917360A (en) * | 2012-10-24 | 2013-02-06 | 北京邮电大学 | Device and method for detecting Zigbee protocol vulnerabilities |
| CN102905256A (en) * | 2012-10-30 | 2013-01-30 | 东南大学 | Security assessment method for wireless local area network card based on penetration test |
| CN105611534A (en) * | 2014-11-25 | 2016-05-25 | 阿里巴巴集团控股有限公司 | Method and device for recognizing pseudo WiFi network by wireless terminal |
| CN105681272A (en) * | 2015-12-08 | 2016-06-15 | 哈尔滨工业大学(威海) | Method for detecting and defensing fishing WiFi of mobile terminal |
| CN106790299A (en) * | 2017-03-20 | 2017-05-31 | 京信通信技术(广州)有限公司 | A kind of wireless attack defence method and device applied in wireless access point AP |
Non-Patent Citations (1)
| Title |
|---|
| 吴刚,薛质: ""针对WLAN的特定攻击手段与相关检测技术"", 《信息安全与保密通信》, 31 July 2006 (2006-07-31), pages 2 - 3 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116156505A (en) * | 2023-04-18 | 2023-05-23 | 南京桂瑞得信息科技有限公司 | WiFi equipment detection method based on denoising self-encoder and metric learning |
| CN116156505B (en) * | 2023-04-18 | 2023-08-04 | 南京桂瑞得信息科技有限公司 | WiFi equipment detection method based on denoising self-encoder and metric learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8879576B2 (en) | Method and apparatus for unlicensed band operation | |
| CN106954225B (en) | wireless roaming method and device and wireless equipment | |
| CN110661600A (en) | Measurement configuration method, measurement method, network side equipment and terminal | |
| CN106790299B (en) | Wireless attack defense method and device applied to wireless Access Point (AP) | |
| WO2022117021A1 (en) | Random access method and apparatus, terminal and network side device | |
| US20150341789A1 (en) | Preventing clients from accessing a rogue access point | |
| WO2022135267A1 (en) | Positioning measurement method and apparatus, device and readable storage medium | |
| US20230126936A1 (en) | Measurement indication method, terminal, and network-side device | |
| EP2833675A1 (en) | Message sending and receiving method, device and system for proximity service | |
| KR20230122668A (en) | DC position processing method and related devices | |
| CN115396125A (en) | WIFI attack detection method and device, WIFI attack detection equipment and computer program | |
| US10999738B2 (en) | Detection of internet-of-things devices in enterprise networks | |
| CN111371896B (en) | Network acceleration method, terminal and storage medium | |
| Gelenbe et al. | Detection and mitigation of signaling storms in mobile networks | |
| CN111818642B (en) | Parameter processing method, device and computer readable storage medium | |
| CN105487637A (en) | Radio-frequency link control method and apparatus | |
| WO2022028597A1 (en) | Secondary cell control method, terminal, and network side device | |
| CN112203338B (en) | Networking method and device for wireless terminal | |
| WO2022022635A1 (en) | Access control method and apparatus, and terminal and network device | |
| WO2022068813A1 (en) | Congestion control method and apparatus, and terminal and network-side device | |
| KR20200085877A (en) | Synchronization block and paging-method, method and apparatus for associating scheduling signaling message | |
| CN113098902A (en) | Method and device for managing vulnerability of network equipment, management terminal equipment and storage medium | |
| EP2858336B1 (en) | System and method for preventing mobile terminal from abnormal uploading of information | |
| US20190230103A1 (en) | Method To Detect A Summoning Attack By A Rogue WiFi Access Point | |
| EP4319349A1 (en) | Paging method and apparatus, terminal, and network side device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |