CN115484600A - Wireless access detection method and device, electronic equipment and storage medium - Google Patents

Wireless access detection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115484600A
CN115484600A CN202210901623.0A CN202210901623A CN115484600A CN 115484600 A CN115484600 A CN 115484600A CN 202210901623 A CN202210901623 A CN 202210901623A CN 115484600 A CN115484600 A CN 115484600A
Authority
CN
China
Prior art keywords
access
matching
foreground
address
process template
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210901623.0A
Other languages
Chinese (zh)
Inventor
朱帅
周济
李伟泽
王小乾
李超明
单元元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Cloud Technology Co Ltd
Original Assignee
Tianyi Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Cloud Technology Co Ltd filed Critical Tianyi Cloud Technology Co Ltd
Priority to CN202210901623.0A priority Critical patent/CN115484600A/en
Publication of CN115484600A publication Critical patent/CN115484600A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of network security, in particular to a detection method, a device, electronic equipment and a storage medium for wireless access, wherein the method is applied to a foreground wireless access point which is correspondingly arranged with a target wireless access point, and comprises the following steps: receiving an access request sent by a sending end; analyzing the access request to determine an analysis result, wherein the analysis result comprises the current access step; matching the current access step with an access process template to determine a matching result, wherein the access process template is determined based on an authentication mode of a foreground wireless access point, and the access process template comprises an access step; and when the matching result is that the access is finished, forwarding the received data of the transmitting end to the target wireless access point for processing. The access process template is used for matching the current access step so as to segment the access process, and the connection process template is established, so that the difference between different authentication modes is eliminated, and the detection efficiency is improved.

Description

Wireless access detection method and device, electronic equipment and storage medium
Technical Field
The invention relates to the technical field of network security, in particular to a wireless access detection method, a wireless access detection device, electronic equipment and a storage medium.
Background
In recent years, wireless local area networks are more and more widely applied, have the characteristics of high access rate and flexible networking, and have great advantages in the aspect of transmitting mobile data. But in the process of rapid development, the security problem of the wireless local area network also becomes more and more important. In theory, any computer within radio range can monitor and access the wireless network. Therefore, for enterprise users, if the security measures of their wireless lan are not tight enough, there is a full possibility that they may be eavesdropped, hijacked, or even obtain internal information. In order to avoid malicious access to the wlan, security is important.
In the existing wireless access detection method, additional information is generally added to a data frame sent by a terminal connected to a wireless network, and access detection is performed through the additional information. However, this method needs to modify the original data frame, and also needs to add extra information, which increases the transmission load of the network, which makes it difficult to detect the wireless access in time in the case of network congestion.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for detecting a wireless access, an electronic device, and a storage medium, so as to solve the problem of low efficiency of detecting a wireless access.
According to a first aspect, an embodiment of the present invention provides a method for detecting a wireless access, which is applied to a foreground wireless access point, where the foreground wireless access point is corresponding to a target wireless access point, and the method includes:
receiving an access request sent by a sending end;
analyzing the access request to determine an analysis result, wherein the analysis result comprises the current access step;
matching the current access step with an access process template to determine a matching result, wherein the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template comprises an access step;
and when the matching result is that the access is finished, forwarding the received data of the sending end to the target wireless access point for processing.
According to the wireless access detection method provided by the embodiment of the invention, malicious access detection is carried out by setting the foreground wireless access point corresponding to the target wireless access point, and data are forwarded to the target wireless access point for processing only after the foreground wireless access point passes the detection, so that the safety of the target wireless access point is ensured. Meanwhile, in the detection process of the foreground wireless access point, the access process template is used for matching the current access step so as to divide the access process, the connection process template is established to eliminate the difference between different authentication modes, the compatibility of the detection method is improved, information adopted by access detection is obtained from the access request, additional information is not required to be added, the original access request is not required to be changed, the data processing amount is reduced, and the detection efficiency is improved.
In some embodiments, the parsing result includes a sender address, and the matching the current access step with an access procedure template to determine a matching result includes:
acquiring access state data corresponding to the address of the sending terminal, wherein the access state data comprises the access steps completed by the sending terminal;
matching the completed access step with the access process template to determine the next access step to the last completed access step;
and matching the current access step with the determined next access step, and determining the matching result.
The wireless access detection method provided by the embodiment of the invention stores the access steps of each sending terminal address by using the access state data, is convenient for quickly determining the last completed access step in the subsequent matching process, and improves the detection efficiency.
In some embodiments, the matching the current access step with the determined next access step and determining the matching result include:
and when the current access step is matched with the determined next access step, sending an access response to the sending end and updating the access state data.
The method for detecting the wireless access, provided by the embodiment of the invention, sends the access response to the sending end when the matching is detected so as to remind the sending end to carry out the subsequent access steps.
In some embodiments, the matching the current access step with the determined next access step and determining the matching result include:
and when the current access step is not matched with the determined next access step, adding the sending end address into a blacklist and ignoring the access request.
The method for detecting the wireless access provided by the embodiment of the invention has the advantages that the address of the sending terminal is accessed into the blacklist when mismatching is detected, and the sending terminal in the blacklist is ignored when the wireless access point of the foreground processes the high concurrent access request, so that the detection efficiency under the high concurrent access request is improved.
In some embodiments, the parsing further includes a receiver address, and the step of matching the completed access step with the access procedure template to determine the next access step to the last completed access step is preceded by the step of:
comparing the receiving end address with a receiving end address in the access state data;
and when the address of the receiving end is consistent with the address of the receiving end in the access state data, executing the step of matching the completed access step with the access process template and determining the next access step of the last completed access step.
According to the wireless access detection method provided by the embodiment of the invention, before the matching of the access steps, the address of the receiving end is used for matching, and the matching of the access process template can be carried out only under the condition that the addresses of the receiving ends are consistent, so that the data volume of the matching is reduced, and the detection efficiency is improved.
In some embodiments, the obtaining access status data corresponding to the sender address includes:
inquiring whether corresponding access state data exist by using the sending end address;
when the corresponding access state data does not exist, establishing the access state data corresponding to the address of the sending end, and sending a response frame to the sending end to obtain the next access step;
and when corresponding access state data exist, extracting the access state data corresponding to the sending end address.
In some embodiments, the determining of the access procedure template includes:
acquiring an authentication mode of the foreground wireless access point;
and establishing the access process template in a key value pair mode based on the flow of the authentication mode.
The wireless access detection method provided by the embodiment of the invention adopts a key value pair mode to establish the access process template, has high search speed and improves the detection efficiency. Meanwhile, an access process template is established by using an authentication mode, so that the access process template is consistent with the authentication mode, and the unification of detection modes under different authentication modes can be realized; the access detection is realized by multiplexing the data in the access request, and the load of a communication link is not additionally increased.
According to a second aspect, an embodiment of the present invention provides a wireless access detection apparatus, which is applied to a foreground wireless access point, where the foreground wireless access point is set corresponding to a target wireless access point, and the apparatus includes:
the receiving module is used for receiving an access request sent by a sending end;
the analysis module is used for analyzing the access request to determine an analysis result, and the analysis result comprises the current access step;
the matching module is used for matching the current access step with an access process template to determine a matching result, the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template comprises an access step;
and the forwarding module is used for forwarding the received data of the sending end to the target wireless access point for processing when the matching result is that the access is completed.
According to a third aspect, an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing therein computer instructions, and the processor executing the computer instructions to perform the method for detecting radio access according to the first aspect or any one of the embodiments of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium storing computer instructions for causing a computer to perform the method for detecting radio access described in the first aspect or any one of the implementation manners of the first aspect.
It should be noted that, for corresponding beneficial effects of the wireless access detection apparatus, the electronic device and the computer readable storage medium provided in the embodiment of the present invention, please refer to the description of the corresponding beneficial effects of the wireless access detection method above, which is not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a diagram of a scenario of radio access detection according to an embodiment of the present invention;
fig. 2 is a flowchart of a method of detecting a radio access according to an embodiment of the present invention;
fig. 3 is a flowchart of a method of detecting a radio access according to an embodiment of the present invention;
fig. 4 is a block diagram of a detecting apparatus of a radio access according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The threats faced by the wireless lan at present mainly include seven major categories, namely passive eavesdropping and network traffic analysis, active eavesdropping and message injection, message deletion and interception, impersonation and malicious AP, session hijacking, man-in-the-middle attack, and Denial of Service (DoS) attack. The CCMP encryption mechanism of AES specified in 802.11 is executed in the network, so that passive interception and network flow analysis, active interception and message injection, and message deletion and interception can be solved; the RSN solution proposed in 802.11 can eliminate spoofing and malicious APs, session hijacking, and man-in-the-middle attacks. However, the current security protocol does not provide a good solution for DoS attacks, and due to some characteristics of the wireless lan, the wireless lan suffers from DoS attacks in the conventional wired network and DoS attacks peculiar to some wireless lans.
The most common of the DOS attacks is the correlated flood attack, which is characterized by high concurrent operation in the access phase of the wlan, causing the wlan Access Point (AP) to exceed the workload, eventually resulting in denial of service. Correlated flood attacks, known collectively as correlated flood (flooding) attacks, often referred to simply as Asso attacks, are a form of denial of service attacks on wireless networks. It attempts to overwhelm the AP by populating its client association table with a large number of emulated and fake wireless client associations. At the 802.11 level, shared decryption authentication is flawed and difficult to reuse. The only other alternative is open authentication (empty authentication), which relies on higher levels of authentication, such as 802.1x or VPN. Open authentication allows any client to authenticate and then associate. An attacker exploiting such a vulnerability can overwhelm the client association table of the target AP by impersonating many clients by creating multiple arrivals to a connected or associated client. After the client association table overflows, the legal client can not be associated any more, so the denial of service attack is finished.
Currently, there are some methods for security detection in the access phase of the wlan, such as: a terminal (STA) connected with a wireless access point can acquire parameters for constructing the puzzle when sending a request authentication to the AP, after the authentication is successful, the STA needs to carry puzzle solution in an association stage, and after the puzzle solution carried in the AP verification request is answered, whether the STA is accessed is determined, so that the legality of STA access is checked, and the malicious access of the STA is avoided. Or, a tag and a key management center (KDC) are added in the connection model to realize bidirectional verification of information between the STA and the AP, so that the behavior of the STA in the access process is restricted, and malicious attack on the AP is avoided.
However, the above methods all require extra information to be added to the data frame of the STA and the STA to perform calculation, which increases the calculation load of the STA and the transmission load of the network, which has a certain disadvantage in the case of network congestion.
Based on this, the embodiment of the present invention provides a method for detecting wireless access, where the method analyzes an access request through a foreground wireless access point, and only after the foreground wireless access point confirms that access of a certain transmitting end is completed, data of the transmitting end is forwarded to a target wireless access point. The foreground wireless access point is arranged corresponding to the target wireless access point.
For example, fig. 1 illustrates an alternative application scenario for wireless access detection. The target AP is a real wireless access point, and the foreground AP and the target AP are correspondingly arranged. In a wireless network, all access requests of an STA are analyzed and processed through a foreground AP, and then after the foreground AP detects the STA, the foreground AP forwards data of the STA to a target AP. The foreground AP analyzes the access request by using the access process template corresponding to the access and authentication modes, and only when the access request is matched with the access process template, the access detection of the sending end sending the access request is determined to be passed. The access process template is used for representing several steps of access authentication, for example, authentication steps corresponding to the authentication mode a are a-b-c-d in sequence, after receiving an access request, matching the current access step in the access request with the access process template, and determining whether the matching is available, thereby determining whether the STA sending the access request is a legal STA or a malicious STA.
A specific process of the detection method regarding the radio access will be described in detail below.
In accordance with an embodiment of the present invention, there is provided an embodiment of a method for detecting radio access, it should be noted that the steps illustrated in the flowchart of the accompanying drawings may be executed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be executed in an order different from that described herein.
In this embodiment, a method for detecting radio access is provided, and is used in the foregoing foreground AP, fig. 2 is a flowchart of a method for detecting radio access according to an embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
s11, receiving an access request sent by a sending end.
When a sending end (STA) accesses a wireless access point (target AP), it needs to send an access request to a foreground AP first, and since the foreground AP corresponds to the target AP, the foreground AP can receive the access request sent by the sending end. For different access authentication modes, if one-time complete wireless access needs to be completed, multiple interactions need to be performed, and the sending end sends a corresponding data frame to the foreground AP during each interaction so as to indicate which access step is currently performed.
And S12, analyzing the access request to determine an analysis result.
Wherein the analysis result comprises the current access step.
The foreground AP parses the received access request, for example, parses a corresponding field of the access request by the foreground AP, and determines a current access step.
And S13, matching the current access step with the access process template to determine a matching result.
The access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template comprises an access step.
As described above, the access procedure template corresponds to the authentication method of the foreground AP, and indicates several steps required to be performed for wireless access. Namely, the access process is divided to obtain corresponding access steps, and the access steps are stored according to the logic between the access steps to obtain an access process template.
When the foreground AP obtains the current access step, the foreground AP matches the current access step with the access process template, and determines whether the current access step exists in the access process template or whether the current access step should be executed currently according to the sequence among the access steps, and the like. If the current access step cannot be matched with the access process template, the transmitting end can be confirmed to be a malicious STA; if the current access step can be matched with the access process template, determining whether the current access step is the last step of the access process, and if the current access step is the last step, indicating that the access process is finished; if not, sending an access response to the sending end to obtain the next access step.
Details about this step will be described later.
And S14, when the matching result is that the access is finished, the received data of the sending end is forwarded to the target wireless access point for processing.
As described above, if the current access step is a step after the access procedure and can be matched with the access procedure template, it indicates that the access is completed. And the foreground AP forwards the received data of the transmitting end to the target AP for processing. Specifically, when the STA and the AP perform data interaction, the foreground AP may check the corresponding access state according to the MAC address of the STA, and only when the STA is in the access completion state, the data packet of the STA may be forwarded to the target AP by the foreground AP. If the access status of the STA does not pertain to connection completion or the data structure does not exist, the data is ignored.
According to the wireless access detection method provided by the embodiment, malicious access detection is performed by setting the foreground wireless access point corresponding to the target wireless access point, and only after the foreground wireless access point passes the detection, the data is forwarded to the target wireless access point for processing, so that the safety of the target wireless access point is ensured. Meanwhile, in the detection process of the foreground wireless access point, the access process template is used for matching the current access step so as to divide the access process, the connection process template is established to eliminate the difference between different authentication modes, the compatibility of the detection method is improved, information adopted by access detection is obtained from the access request, additional information is not required to be added, the original access request is not required to be changed, the data processing amount is reduced, and the detection efficiency is improved.
In this embodiment, a method for detecting a radio access is provided, and is used in the foregoing foreground AP, fig. 3 is a flowchart of a method for detecting a radio access according to an embodiment of the present invention, and as shown in fig. 3, the flowchart includes the following steps:
and S21, receiving the access request sent by the sending end.
Please refer to S11 in fig. 2 for details, which are not described herein again.
And S22, analyzing the access request to determine an analysis result.
Wherein, the analysis result comprises the current access step and the address of the sending end.
Please refer to S12 in fig. 2 for details, which are not described herein.
And S23, matching the current access step with the access process template, and determining a matching result.
The access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template comprises an access step.
Specifically, the above S23 includes:
s231, obtaining the access state data corresponding to the sending end address.
Wherein the access status data comprises the access steps completed by the sending end.
A plurality of access status data are stored in the foreground AP, the access status data corresponding to the address of the transmitting end. Therefore, the foreground AP can query the corresponding access status data from the multiple access status data by using the sending end address.
The access status data is used to indicate that the sending end has completed the access procedure, for example, the data structure of the STA access status data stored in the foreground AP is as follows:
{ MAC address of STA: [ MAC Address of AP, completed step ] }
The data structure is a dictionary data type, the key of the dictionary is the MAC address of the STA, the value is a list, the first element of the list is the MAC address of the AP, the second element of the list is a linked list, and the steps which are finished in the access process of the STA are recorded. If the access request is in the form of an 802.11 frame, then Address2 in the 802.11 frame indicates the MAC Address of the STA, and Address1 in the 802.11 frame indicates the MAC Address of the AP.
In some embodiments, the S231 includes:
(1) And inquiring whether corresponding access state data exist or not by using the address of the sending end.
(2) And when the corresponding access state data does not exist, establishing the access state data corresponding to the address of the sending end, and sending a response frame to the sending end to obtain the next access step.
(3) And when the corresponding access state data exists, extracting the access state data corresponding to the sending end address.
After the foreground AP acquires the access request, the foreground AP utilizes the sending end address in the analysis result of the access request to inquire the access state data so as to determine whether the access request is a new access request. If the access request is a new access request, the foreground AP needs to establish an access state data structure of the STA in a memory and then sends a response frame to the STA; if the admission request is in the access process, the foreground AP needs to acquire the access state data of the STA according to the MAC address of the STA.
S232, matching the completed access step with the access process template, and determining the next access step of the last completed access step.
As described above, the access procedure template indicates the steps of the access procedure and the access status data indicates the completed access steps. Based on this, the foreground AP matches the optimal one completed access step in the access status data with the access process template, and determines the next access step of the last completed access step.
And S233, matching the current access step with the determined next access step, and determining a matching result.
Wherein, the next accessing step of the last completed accessing step obtained in the above step S232 is determined from the accessing procedure template. And the foreground AP matches the current access step with the determined next access step, determines whether the current access step and the determined next access step can be matched or not, and obtains a corresponding matching result.
And when the current access step is matched with the determined next access step, sending an access response to the sending end and updating the access state data. And when the current access step is not matched with the determined next access step, adding the address of the sending end into a blacklist and ignoring the access request.
Specifically, according to the access process template, whether the current access step is the next step of the last step of the completed access steps is judged, if the current access step is in accordance with the template, a response is given, and if the current access step is not in accordance with the template, the response is discarded. For the STA which does not conform to the access process template, the foreground AP records the MAC address of the STA and establishes a blacklist mechanism, and when the foreground AP processes a high concurrent access request, the STA in the blacklist is ignored.
And sending an access response to the sending end when the matching is detected so as to remind the sending end of carrying out subsequent access steps. When mismatching is detected, the address of the sending terminal is accessed into the blacklist, and when the wireless access point of the current station processes the high concurrent access request, the sending terminal in the blacklist is ignored, so that the detection efficiency under the high concurrent access request is improved.
In some embodiments, the parsing result further includes a receiving end address, and based on this, the foregoing S232 further includes:
(1) The receiver address is compared with the receiver address in the access status data.
(2) And when the address of the receiving end is consistent with the address of the receiving end in the access state data, matching the completed access step with the access process template, and determining the next access step of the last completed access step.
For a request in the access process, the foreground AP needs to acquire access state data of the STA according to the MAC address of the STA. Firstly, judging whether the address of a receiving end in the access request is equal to a first value in a list in the access state data, if not, directly discarding, and if so, executing the step of matching the finished access step with the access process template and determining the next access step of the last finished access step.
Before the matching of the access step, the receiving end address is used for matching, and the matching of the access process template can be carried out only under the condition that the receiving end addresses are consistent, so that the matched data volume is reduced, and the detection efficiency is improved.
And S24, when the matching result is that the access is finished, the received data of the sending end is forwarded to the target wireless access point for processing.
Please refer to S14 in fig. 2 for details, which are not described herein again.
The method for detecting wireless access provided by this embodiment stores the access steps of each sending end address by using the access status data, so that the last completed access step can be quickly determined during subsequent matching, and the detection efficiency is improved.
In some embodiments, the determining of the access procedure template includes:
(1) And acquiring the authentication mode of the foreground wireless access point.
(2) And establishing an access process template in a key value pair mode based on the flow of the authentication mode.
Before wireless access detection, a foreground AP needs to be established for a target AP to receive an access request and hide the target AP. For an existing target AP, a foreground AP needs to have the same name, authentication mode and password as the target AP, so that the original STA connected to the AP can implement the non-inductive handover. For the newly-built target AP, the foreground AP can select a brand-new name, an authentication mode and a password, and after the STA passes the verification of the foreground AP, the foreground AP completely forwards the request to the target AP.
And establishing an access process template according to the authentication mode of the foreground AP, wherein the access process template comprises but is not limited to authentication, association, four-way handshake and other processes. The format of the template is typical, and the specific method is as follows:
{ completed step: next step }
When the STA accesses, the foreground AP may quickly determine whether the current step is the next step of the previous step when the STA accesses, and whether the current STA has completed the access procedure when receiving a request to cancel association or authentication.
And an access process template is established by adopting a key value pair mode, so that the searching speed is high, and the detection efficiency is improved. Meanwhile, an access process template is established by using an authentication mode, so that the access process template is consistent with the authentication mode, and the unification of detection modes under different authentication modes can be realized; the access detection is realized by multiplexing the data in the access request, and the load of a communication link is not additionally increased.
As a specific application example of this embodiment, the method for detecting radio access includes:
step 1: a foreground AP is established for the target AP to receive the access request and hide the target AP, and the establishment mode is as shown in fig. 1. In fig. 1, specific roles include a target AP, a foreground AP, a legitimate STA, and a malicious STA. The target AP only interacts with the foreground AP, and the target AP is invisible in the public network. The external STA can detect the foreground AP, and the connection template and data structure processing of the wireless local area network are all performed in the foreground AP.
Step 2: and establishing an access process template according to the authentication mode of the foreground AP, wherein the access process template comprises but is not limited to authentication, association, four-way handshake and other processes. In this embodiment, the target AP adopts a WEP authentication method, and it is obtained that the access process template of the foreground AP in this embodiment is:
{ empty: unauthenticated unassociated }
{ unauthenticated unassociated: authentication unassociated }
{ authentication unassociated: authenticated associated }
{ authenticated associated: data exchange }
And step 3: according to the established access process template, designing a data structure of STA access state data stored in a foreground AP as follows:
{ MAC Address of STA: [ MAC Address of AP, completed step ] }
The structure is a dictionary data type, the key of the dictionary is the MAC address of the STA, the value is a list, the first element of the list is the MAC address of the AP, the second element of the list is a linked list, and the steps which are finished in the access process of the STA are recorded. The MAC Address of the STA is derived from Address2 in the 802.11 frame, and the MAC Address of the AP is derived from Address1 in the 802.11 frame.
And 4, step 4: and processing the received STA access request frame by the foreground AP. In this embodiment, assume that the MAC address of the AP is: 00-01-6C-06-A6-29, wherein the MAC address of the STA is as follows: 00-01-6C-06-A6-28. When the STA is a new access request, according to the fact that the MAC address of the STA cannot find a corresponding data structure in the memory any more, the previous state is defined as "empty" and a corresponding data structure is established in the foreground AP memory:
{00-01-6C-06-A6-28: [00-01-6C-06-A6-29, empty ] }
At this time, matching is performed according to the template, because the AP receives the authentication request frame, the current state is "unauthenticated unassociated", the MAC address of the STA can be found, the previous state is "null", and the next state is "unauthenticated unassociated", according to the template matching, the STA is in a legal state, if the authentication is passed, an authentication response is sent to the STA, and the data structure is modified as follows:
{00-01-6C-06-A6-28: [00-01-6C-06-A6-29, NULL- > unauthenticated disassociation ] }
If the verification fails, a corresponding authentication failure response is sent, but the access status data is not modified.
And for the malicious requests, the malicious requests can be well matched according to the template rules, for the STA which does not conform to the access process template, the foreground AP records the MAC address and establishes a blacklist mechanism, and when the foreground AP processes the high concurrent access request, the STA in the blacklist is ignored.
For the STA completing the access request, the foreground forwards its data to the target AP to implement data interaction.
And 5: when the STA and the AP perform data interaction, the foreground AP checks the corresponding state according to the MAC of the STA, and only when the STA is in the access completion state, the data packet of the STA is forwarded to the target AP by the foreground AP. In this embodiment, only the structure of the access status data is in the form of:
{00-01-6C-06-A6-28: [00-01-6C-06-A6-29, null- > unauthenticated unassociated- > authenticated associated- > data exchange ] } data interaction between the STA and the target AP is allowed. If the access state of the STA does not belong to the connection completion, or there is no access state data corresponding to the STA, the data will be ignored.
The method eliminates the difference between different authentication modes by cutting the access process of the wireless local area network and establishing a connection process template, and improves the compatibility of the detection method. The foreground AP is added to the target AP, so that the safety of the wireless local area network is further improved, and a certain protection effect on a real network is achieved. Meanwhile, data in the 802.11 frame is multiplexed, so that the network load is reduced, the usability of the method is better, and the communication delay is prevented from being increased under the condition of higher network load. The method is suitable for detecting the malicious access in the wireless local area network, and the detection method not only realizes the unification of detection modes under different authentication modes, but also can not additionally increase the load of a communication link.
In this embodiment, a wireless access detection apparatus is further provided, and the apparatus is used to implement the foregoing embodiments and preferred embodiments, and the description already made is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
This embodiment provides a detection device of wireless access, is applied to the wireless access point of proscenium, wireless access point of proscenium corresponds the setting with the wireless access point of target, as shown in fig. 4, the device includes:
a receiving module 31, configured to receive an access request sent by a sending end;
the analysis module 32 is configured to analyze the access request to determine an analysis result, where the analysis result includes a current access step;
a matching module 33, configured to match the current access step with an access process template, and determine a matching result, where the access process template is determined based on an authentication manner of the foreground wireless access point, and the access process template includes an access step;
a forwarding module 34, configured to forward the received data of the sending end to the target wireless access point for processing when the matching result is that access is completed.
In some embodiments, the parsing result includes a sender address, and the matching module 33 includes:
an obtaining unit, configured to obtain access status data corresponding to the address of the sending end, where the access status data includes an access step that has been completed by the sending end;
a first matching unit, configured to match the completed access step with the access procedure template, and determine a next access step of a last completed access step;
and the second matching unit is used for matching the current access step with the determined next access step and determining the matching result.
In some embodiments, the first matching unit comprises:
and the first matching subunit is used for sending an access response to the sending end and updating the access state data when the current access step is matched with the determined next access step.
In some embodiments, the first matching unit comprises:
and the second matching subunit is used for adding the sending end address into a blacklist and ignoring the access request when the current access step is not matched with the determined next access step.
In some embodiments, the parsing result further includes a receiving end address, and the matching module 33 includes:
a comparing unit, configured to compare the receiving end address with a receiving end address in the access status data;
and the execution unit is used for matching the completed access step with the access process template and determining the next access step of the last completed access step when the address of the receiving end is consistent with the address of the receiving end in the access state data.
In some embodiments, the obtaining unit includes:
the inquiring subunit is used for inquiring whether corresponding access state data exist or not by utilizing the sending end address;
a establishing subunit, configured to establish, when there is no corresponding access status data, access status data corresponding to the address of the sending end, and send a response frame to the sending end, so as to obtain a next access step;
and the extracting subunit is used for extracting the access state data corresponding to the sending end address when the corresponding access state data exists.
In some embodiments, the determining of the access procedure template includes:
acquiring an authentication mode of the foreground wireless access point;
and establishing the access process template in a key value pair mode based on the flow of the authentication mode.
The detection means for wireless access in this embodiment is presented in the form of functional units, where a unit refers to an ASIC circuit, a processor and memory executing one or more software or fixed programs, and/or other devices that may provide the above-described functionality.
Further functional descriptions of the modules are the same as those of the corresponding embodiments, and are not repeated herein.
An embodiment of the present invention further provides an electronic device, which has the detection apparatus for wireless access shown in fig. 4.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an alternative embodiment of the present invention, and as shown in fig. 5, the electronic device may include: at least one processor 41, such as a CPU (Central Processing Unit), at least one communication interface 43, memory 44, and at least one communication bus 42. Wherein a communication bus 42 is used to enable the connection communication between these components. The communication interface 43 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 43 may also include a standard wired interface and a standard wireless interface. The Memory 44 may be a high-speed RAM Memory (volatile Random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 44 may alternatively be at least one memory device located remotely from the aforementioned processor 41. Wherein the processor 41 may be in connection with the apparatus described in fig. 4, an application program is stored in the memory 44, and the processor 41 calls the program code stored in the memory 44 for performing any of the above-mentioned method steps.
The communication bus 42 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus 42 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 5, but that does not indicate only one bus or one type of bus.
The memory 44 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: flash memory), such as a Hard Disk Drive (HDD) or a solid-state drive (SSD); the memory 44 may also comprise a combination of the above-mentioned kinds of memories.
The processor 41 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP.
The processor 41 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 44 is also used to store program instructions. Processor 41 may invoke program instructions to implement a method of detecting wireless access as shown in any of the embodiments of the present application.
Embodiments of the present invention further provide a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions may execute the method for detecting wireless access in any of the method embodiments described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.

Claims (10)

1. A wireless access detection method is applied to a foreground wireless access point, and the foreground wireless access point is correspondingly arranged with a target wireless access point, and the method comprises the following steps:
receiving an access request sent by a sending end;
analyzing the access request to determine an analysis result, wherein the analysis result comprises the current access step;
matching the current access step with an access process template to determine a matching result, wherein the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template comprises an access step;
and when the matching result is that the access is finished, forwarding the received data of the sending end to the target wireless access point for processing.
2. The method of claim 1, wherein the parsing result comprises a sender address, and wherein the matching the current access procedure with an access procedure template to determine a matching result comprises:
acquiring access state data corresponding to the address of the sending terminal, wherein the access state data comprises the access steps completed by the sending terminal;
matching the completed access step with the access process template to determine the next access step to the last completed access step;
and matching the current access step with the determined next access step, and determining the matching result.
3. The method of claim 2, wherein said matching the current access step with the determined next access step and determining the matching result comprises:
and when the current access step is matched with the determined next access step, sending an access response to the sending end and updating the access state data.
4. The method of claim 2, wherein said matching the current access step with the determined next access step and determining the matching result comprises:
and when the current access step is not matched with the determined next access step, adding the sending end address into a blacklist and ignoring the access request.
5. The method of claim 2, wherein the parsing further includes a receiver address, and wherein the step of matching the completed access step with the access procedure template to determine the next access step to the last completed access step is preceded by the step of:
comparing the receiving end address with a receiving end address in the access state data;
and when the address of the receiving end is consistent with the address of the receiving end in the access state data, executing the step of matching the completed access step with the access process template and determining the next access step of the last completed access step.
6. The method of claim 2, wherein the obtaining the access status data corresponding to the sender address comprises:
inquiring whether corresponding access state data exist or not by using the sending end address;
when the corresponding access state data does not exist, establishing the access state data corresponding to the address of the sending end, and sending a response frame to the sending end to obtain the next access step;
and when corresponding access state data exist, extracting the access state data corresponding to the sending end address.
7. The method of claim 1, wherein the access procedure template is determined in a manner comprising:
acquiring an authentication mode of the foreground wireless access point;
and establishing the access process template in a key value pair mode based on the flow of the authentication mode.
8. A wireless access detection device is applied to a foreground wireless access point, wherein the foreground wireless access point is arranged corresponding to a target wireless access point, and the device comprises:
the receiving module is used for receiving an access request sent by a sending end;
the analysis module is used for analyzing the access request to determine an analysis result, and the analysis result comprises the current access step;
the matching module is used for matching the current access step with an access process template to determine a matching result, the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template comprises an access step;
and the forwarding module is used for forwarding the received data of the sending end to the target wireless access point for processing when the matching result is that the access is completed.
9. An electronic device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method for detecting a radio access according to any one of claims 1 to 7.
10. A computer-readable storage medium storing computer instructions for causing a computer to perform the method for detecting a radio access according to any one of claims 1 to 7.
CN202210901623.0A 2022-07-28 2022-07-28 Wireless access detection method and device, electronic equipment and storage medium Pending CN115484600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210901623.0A CN115484600A (en) 2022-07-28 2022-07-28 Wireless access detection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210901623.0A CN115484600A (en) 2022-07-28 2022-07-28 Wireless access detection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115484600A true CN115484600A (en) 2022-12-16

Family

ID=84421853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210901623.0A Pending CN115484600A (en) 2022-07-28 2022-07-28 Wireless access detection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115484600A (en)

Similar Documents

Publication Publication Date Title
US11683340B2 (en) Methods and systems for preventing a false report of a compromised network connection
EP3678348A1 (en) Methods and systems for data traffic based adpative security
CN112219381B (en) Method and apparatus for message filtering based on data analysis
US9843575B2 (en) Wireless network authentication method and wireless network authentication apparatus
RU2546610C1 (en) Method of determining unsafe wireless access point
US8589675B2 (en) WLAN authentication method by a subscriber identifier sent by a WLAN terminal
CN110199509B (en) Unauthorized access point detection using multi-path authentication
EP3021549B1 (en) Terminal authentication apparatus and method
CN107438074A (en) The means of defence and device of a kind of ddos attack
CN112954683B (en) Domain name resolution method, domain name resolution device, electronic equipment and storage medium
US11336621B2 (en) WiFiwall
CN113904826B (en) Data transmission method, device, equipment and storage medium
US20090138971A1 (en) Detecting Intrusion by Rerouting of Data Packets in a Telecommunications Network
CN111901116B (en) Identity authentication method and system based on EAP-MD5 improved protocol
Schepers et al. Framing Frames: Bypassing {Wi-Fi} Encryption by Manipulating Transmit Queues
CN115484600A (en) Wireless access detection method and device, electronic equipment and storage medium
Chatzisofroniou et al. Exploiting WiFi usability features for association attacks in IEEE 802.11: Attack analysis and mitigation controls
CN111163466A (en) Method for 5G user terminal to access block chain, user terminal equipment and medium
CN105915565B (en) Authentication method, device and system
KR102571147B1 (en) Security apparatus and method for smartwork environment
WO2023109450A1 (en) Access control method and related device thereof
CN114339756B (en) Access and access policy control method, device and system for wireless equipment
Cámara et al. A TELCO ODYSSEY 5G SUCI-CRACKER AND SCTP-HIJACKER
Dhaka et al. AirPTWFrag: a new wireless attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination