WO2009097777A1 - Flow control method, access equipment and network system - Google Patents

Flow control method, access equipment and network system Download PDF

Info

Publication number
WO2009097777A1
WO2009097777A1 PCT/CN2009/070167 CN2009070167W WO2009097777A1 WO 2009097777 A1 WO2009097777 A1 WO 2009097777A1 CN 2009070167 W CN2009070167 W CN 2009070167W WO 2009097777 A1 WO2009097777 A1 WO 2009097777A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
garbage
flow
flow control
data
Prior art date
Application number
PCT/CN2009/070167
Other languages
French (fr)
Chinese (zh)
Inventor
Guannan Zhang
Gang He
Yuxiang Wu
Haixiang Wu
Guanglei Yang
Jing Li
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009097777A1 publication Critical patent/WO2009097777A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/11Identifying congestion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/19Flow control; Congestion control at layers above the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/26Flow control; Congestion control using explicit feedback to the source, e.g. choke packets
    • H04L47/263Rate modification at the source after receiving feedback

Definitions

  • LTE Long Time Evolution
  • SAE System Architecture Evolution
  • B3G Beyond 3G
  • E3G Evolved 3G
  • the Deep Packet Inspect (DPI) function is added to the PDN-GW (DPI) network element, and the DPI is utilized. Upstream traffic on the air interface can be detected and filtered.
  • DPI Deep Packet Inspect
  • the embodiment of the invention provides a flow control method, an access device and a network system, which solves the defect that the garbage traffic in the uplink traffic of the user equipment occupies a large amount of air interface resources, and implements the flow control based on the LTE/SAE network.
  • a receiving unit configured to receive a data stream from the user equipment
  • the determining unit is configured to determine whether the data flow from the user equipment is garbage traffic; and the air interface resource management unit is configured to perform a flow control operation on the user equipment if the data flow is garbage traffic.
  • a user equipment configured to send a data stream of the user equipment to the access device
  • An access device configured to receive a data flow from the user equipment; when the data flow is garbage traffic At the time, the user equipment is subjected to a flow control operation.
  • FIG. 1 is a flowchart of a first embodiment of a flow control method according to the present invention
  • FIG. 3 is a schematic structural diagram of a first embodiment of an access device according to the present invention.
  • the embodiment of the present invention is applied to the field of mobile communications, and may be an LTE network, or may be: Global System for Mobile Communications (GSM), Wideband-Code Division Multiple Access (WCDMA), and time division. Time Division - Synchronized Code Division Multiple Access (TD-SCDMA), Code-Division Multiple Access (CDMA), Worldwide Interoperability for Microwave Access (WIMAX) Waiting for the network.
  • GSM Global System for Mobile Communications
  • WCDMA Wideband-Code Division Multiple Access
  • TD-SCDMA Time Division - Synchronized Code Division Multiple Access
  • CDMA Code-Division Multiple Access
  • WIMAX Worldwide Interoperability for Microwave Access
  • FIG. 1 is a flow chart of a first embodiment of a flow control method according to the present invention. As shown in FIG. 1, the flow control method of the embodiment of the present invention may specifically include:
  • Step 102 Determine whether the data flow from the user equipment is garbage traffic.
  • FIG. 2 is a flow chart of a second embodiment of a flow control method according to the present invention. As shown in FIG. 2, the second embodiment is specifically described by taking an LTE/S AE network as an example.
  • the method may include the following:
  • Step 206 The second determining module in the eNodeB determines whether the ratio of the accumulated amount of the garbage amount to the accumulated value of the sending amount exceeds a threshold threshold. In an actual application process, the accuracy of the first determining module in the eNodeB is considered. Factors such as the characteristics of the data stream sent by the user equipment, and the threshold value are set according to specific needs.
  • Step 207 If the ratio of the accumulated amount of the accumulated amount of the accumulated amount exceeds the threshold value, the second determining module in the eNodeB notifies the air interface resource management module in the eNodeB to perform a flow control operation on the user equipment, such as The user equipment performs an air interface data traffic limiting operation, or performs an air interface bandwidth limiting operation on the user equipment, or disconnects the user equipment, or prohibits the network operation of the user equipment.
  • the user equipment in the embodiment of the present invention may be a mobile phone, a notebook computer, or the like.
  • the method of the embodiment of the present invention can adjust the sequence of each step according to actual needs.
  • Step 208 When the plaintext data is not garbage traffic, the eNodeB performs the sending process on the plaintext data.
  • the plaintext data may be processed according to the communication protocol of the GTP-U (GPRS Tunneling Protocol - Packet Data User Plane), and the GTP-U data packet is generated and sent to the SGW. This will send the cleaned plaintext data to the SGW.
  • GTP-U GPRS Tunneling Protocol - Packet Data User Plane
  • the method may further include:
  • Step 209 The security management control background generates a log according to the intercepted plaintext data, or generates an alarm, or generates garbage traffic characteristic information. Further, the security management control background may also send the generated log, alarm or garbage traffic characteristic information to the UE by SMS or email, for example, performing anti-virus; and may also generate generated logs, alarms or garbage flows.
  • the feature information and the like are directly output to other devices, and further analysis processing is performed.
  • FIG. 3 is a schematic structural diagram of a first embodiment of an access device according to the present invention.
  • the device may be an access device in a mobile network, including:

Abstract

A flow control method, an access equipment and a network system are provided. The flow control method includes: receiving data flow from a user equipment; judging whether the data flow from the user equipment is junk flow or not; performing flow control operation on the user equipment if the data flow is junk flow. The limitation that the junk flow in uplink flow of the user equipment occupies great network resources can be overcome. The work efficiency of the network is improved.

Description

流量控制方法、 接入设备及网络系统 本申请要求于 2008 年 1 月 25 日提交中国专利局、 申请号为 200810056880.9,发明名称为"流量控制方法、装置及系统"的中国专利申请的 优先权, 其全部内容通过引用结合在本申请中。 技术领域  Flow control method, access device and network system The present application claims priority to Chinese patent application filed on January 25, 2008, the Chinese Patent Office, Application No. 200810056880.9, entitled "Flow Control Method, Apparatus and System", The entire contents of this application are incorporated herein by reference. Technical field
本发明涉及移动通信技术领域, 尤其涉及一种流量控制方法、 接入设备 及网络系统。 背景技术  The present invention relates to the field of mobile communications technologies, and in particular, to a flow control method, an access device, and a network system. Background technique
长期演进(Long Time Evolution, 以下简称为 LTE ) 和系统架构演进 ( System Architecture Evolution, 以下简称为 SAE )是一种 3G通信技术向 4G 通信技术平滑演进的过渡性通信技术, 因此常被称为 B3G ( Beyond 3G )或 E3G ( Evolved 3G ) 。  Long Time Evolution (LTE) and System Architecture Evolution (hereinafter referred to as SAE) are transitional communication technologies that smoothly evolve 3G communication technologies to 4G communication technologies. Therefore, they are often called B3G. (Beyond 3G) or E3G (Evolved 3G).
目前在 GPRS/3G网络中, 垃圾流量( Spam Flows ) 占用了大量的空中接 口资源,并且这些垃圾流量主要为由病毒、蠕虫或拒绝服务( Denial of Service, 以下简称为 DoS )攻击引起的上行流量。 因此, 在 LTE/SAE网络中, 是否能 对上行流量进行有效的监控直接影响了 LTE/SAE网络的性能。  Currently, in GPRS/3G networks, Spam Flows consumes a large amount of air interface resources, and these garbage traffic is mainly caused by viruses, worms or Denial of Service (DoS) attacks. . Therefore, in an LTE/SAE network, whether the uplink traffic can be effectively monitored directly affects the performance of the LTE/SAE network.
由于 LTE/SAE网络的网元, 如 eNodeB、 SGW、公用数据网网关( Public Data Network-Gateway, 以下简称为 PDN-GW )等, 不能解析应用层的数据 包, 因此应用层中包含的病毒、 蠕虫和 DOS攻击报文对 LTE/SAE网络的网 元是没有影响的。 但这些流量属于用户上行流量中的无用部分, 因此, 称这 些流量为 LTE/SAE网络中的 "垃圾流量" 。  The network elements of the LTE/SAE network, such as the eNodeB, the SGW, and the Public Data Network-Gateway (hereinafter referred to as PDN-GW), cannot parse the data packets of the application layer, so the virus included in the application layer. The worm and DOS attack packets have no effect on the network elements of the LTE/SAE network. However, these traffic is a useless part of the user's upstream traffic. Therefore, these traffic are called "junk traffic" in the LTE/SAE network.
为了控制垃圾流量, 在 LTE/SAE网络架构中, PDN-GW ( DPI ) 网元上 增加了深度包检测(Deep Packet Inspect, 以下简称为 DPI )的功能, 利用 DPI 可以对空中接口的上行流量进行检测并过滤。 In order to control the garbage traffic, in the LTE/SAE network architecture, the Deep Packet Inspect (DPI) function is added to the PDN-GW (DPI) network element, and the DPI is utilized. Upstream traffic on the air interface can be detected and filtered.
在实现本发明的过程中, 发明人发现现有技术至少存在以下问题: 由于缺少有关限制空中接口上行流量的机制, 因此即使在 PDN-GW上进 行垃圾流量的检测, 也不能控制垃圾流量占用空中接口资源;  In the process of implementing the present invention, the inventors have found that the prior art has at least the following problems: Due to the lack of a mechanism for limiting the upstream traffic of the air interface, even if the garbage flow is detected on the PDN-GW, the garbage traffic cannot be controlled to occupy the air. Interface resource
由于 LTE能够支持很高的空中接口数据流量, 并且 SAE核心网的流量 也会大幅增加,预计 SAE核心网流量就可达千兆,甚至更多 ,这样在 PDN-GW 做 DPI时, 对 PDN-GW的检测设备、 芯片、 算法的速度和性能要求非常高, 并且如果 PDN-GW做 DPI的速率与 SAE核心网的流量速率不匹配, 还会造 成公用数据网和 SAE核心网之间的流量瓶颈。 发明内容  Since LTE can support very high air interface data traffic, and the traffic of the SAE core network will also increase significantly, it is expected that the SAE core network traffic can reach Gigabit or even more, so when the PDN-GW is doing DPI, the PDN- The speed and performance requirements of the GW's detection equipment, chips, and algorithms are very high, and if the rate of DPI done by the PDN-GW does not match the traffic rate of the SAE core network, it will also cause traffic bottlenecks between the public data network and the SAE core network. . Summary of the invention
本发明实施例提供一种流量控制方法、 接入设备及网络系统, 以解决用 户设备的上行流量中的垃圾流量占用大量的空中接口资源的缺陷, 实现了基 于 LTE/SAE网络的流量控制。  The embodiment of the invention provides a flow control method, an access device and a network system, which solves the defect that the garbage traffic in the uplink traffic of the user equipment occupies a large amount of air interface resources, and implements the flow control based on the LTE/SAE network.
本发明实施例提供了一种流量控制方法, 应用于移动通信网络, 包括: 接收来自用户设备的数据流;  The embodiment of the invention provides a flow control method, which is applied to a mobile communication network, and includes: receiving a data flow from a user equipment;
判断对所述来自用户设备的数据流是否为垃圾流量; 若所述数据流为垃 圾流量, 则对所述用户设备进行流量控制操作。  Determining whether the data flow from the user equipment is garbage traffic; if the data flow is garbage traffic, performing flow control operations on the user equipment.
本发明实施例还提供了一种接入设备, 包括:  An embodiment of the present invention further provides an access device, including:
接收单元, 用于接收来自用户设备的数据流;  a receiving unit, configured to receive a data stream from the user equipment;
判断单元, 用于判断对所述来自用户设备的数据流是否为垃圾流量; 空中接口资源管理单元, 用于若所述数据流为垃圾流量, 则对所述用户 设备进行流量控制操作。  The determining unit is configured to determine whether the data flow from the user equipment is garbage traffic; and the air interface resource management unit is configured to perform a flow control operation on the user equipment if the data flow is garbage traffic.
本发明实施例提供了一种网络系统, 包括:  The embodiment of the invention provides a network system, including:
用户设备, 用于向接入设备发送用户设备的数据流;  a user equipment, configured to send a data stream of the user equipment to the access device;
接入设备, 用于接收来自用户设备的数据流; 当所述数据流为垃圾流量 时, 对所述用户设备进行流量控制操作。 An access device, configured to receive a data flow from the user equipment; when the data flow is garbage traffic At the time, the user equipment is subjected to a flow control operation.
本发明实施例提供了一种流量控制方法,可以减少进入网络的垃圾流量, 降低大量的流量检测和控制对核心网带来的负荷。  The embodiment of the invention provides a flow control method, which can reduce the garbage flow entering the network and reduce the load on the core network caused by a large amount of traffic detection and control.
本发明实施例还提供了一种接入设备, 通过在接入网侧的接入设备上实 现对用户设备的流量检测和控制, 可以减少进入网络的垃圾流量, 同时由于 流量控制操作终结于接入设备, 也可以降低大量的流量检测和控制对核心网 带来的负荷。  The embodiment of the present invention further provides an access device, which can reduce the traffic flow entering the network by implementing traffic detection and control on the access device on the access network side, and the traffic control operation is terminated. Into the device, it can also reduce the load on the core network caused by a large amount of traffic detection and control.
本发明实施例提供了一种网络系统, 通过在接入网侧的接入设备上实现 对用户设备的流量检测和控制, 可以减少进入网络的垃圾流量, 同时由于流 量控制操作终结于接入设备, 也可以降低大量的流量检测和控制对核心网带 来的负荷。 附图说明  The embodiment of the invention provides a network system, which can reduce the traffic flow entering the network by implementing traffic detection and control on the access device on the access network side, and the traffic control operation ends in the access device. It can also reduce the load on the core network caused by a large amount of traffic detection and control. DRAWINGS
为了更清楚地说明本发明实施例的技术方案, 下面将对实施例描述中所 需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发 明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的前 提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.
图 1为本发明流量控制方法第一实施例的流程图;  1 is a flowchart of a first embodiment of a flow control method according to the present invention;
图 2为本发明流量控制方法第二实施例的流程图;  2 is a flowchart of a second embodiment of a flow control method according to the present invention;
图 3为本发明接入设备第一实施例的结构示意图;  3 is a schematic structural diagram of a first embodiment of an access device according to the present invention;
图 4为本发明接入设备第二实施例的结构示意图;  4 is a schematic structural diagram of a second embodiment of an access device according to the present invention;
图 5为本发明网络系统实施例的结构示意图。 具体实施方式  FIG. 5 is a schematic structural diagram of an embodiment of a network system according to the present invention. detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是 全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作出创 造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。 The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, instead of All embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例应用在移动通信领域, 可以是 LTE网络, 也可以是: 全球 移动通信系统(Global System for Mobile Communications, GSM ) 、 宽带码 分多址(Wideband-Code Division Multiple Access, WCDMA ) 、 时分同步码 分多址接入 (Time Division - Synchronized Code Division Multiple Access, TD-SCDMA), 码分多址(Code-Division Multiple Access , CDMA ) 、 全球 微波互联接入 ( Worldwide Interoperability for Microwave Access , WIMAX ) 等网络。  The embodiment of the present invention is applied to the field of mobile communications, and may be an LTE network, or may be: Global System for Mobile Communications (GSM), Wideband-Code Division Multiple Access (WCDMA), and time division. Time Division - Synchronized Code Division Multiple Access (TD-SCDMA), Code-Division Multiple Access (CDMA), Worldwide Interoperability for Microwave Access (WIMAX) Waiting for the network.
下面通过附图和实施例, 对本发明实施例的技术方案做进一步的详细描 述。  The technical solutions of the embodiments of the present invention are further described in detail below with reference to the accompanying drawings and embodiments.
图 1为本发明流量控制方法第一实施例的流程图。 如图 1所示, 本发明 实施例的流量控制方法具体可以包括:  1 is a flow chart of a first embodiment of a flow control method according to the present invention. As shown in FIG. 1, the flow control method of the embodiment of the present invention may specifically include:
步骤 101 , 接收来自用户设备的数据流。  Step 101: Receive a data stream from a user equipment.
步骤 102, 判断对所述来自用户设备的数据流是否为垃圾流量。  Step 102: Determine whether the data flow from the user equipment is garbage traffic.
步骤 103 , 若所述数据流为垃圾流量, 则对所述用户设备进行流量控制 操作。  Step 103: Perform flow control operations on the user equipment if the data flow is garbage traffic.
在本发明流量控制方法第一实施例中, 所述统计结果包括所述垃圾流量 累加值、 垃圾量累加值与发送量累加值的比值、 或者是该比值的简单变换等。 在这里统计结果是流量控制操作的触发条件, 所以基于垃圾量累加值, 根据 不同情况,即运营商维护网络的需求或者用户设备使用者对业务的具体需求, 对触发条件进行升级变换也明显落入本发明要保护的范围之内。 在具体实现 的时候, 如果将统计结果设置成垃圾流量累加值的话可以根据用户设备的发 送的垃圾总量进行流量控制操作; 如果将统计结果设置成垃圾量累加值与发 送量累加值的比值的话可以根据用户设备的垃圾量比值进行流量控制操作。  In the first embodiment of the flow control method of the present invention, the statistical result includes the accumulated value of the garbage flow, the ratio of the accumulated value of the garbage amount to the accumulated value of the transmitted amount, or a simple conversion of the ratio. The statistical result here is the trigger condition of the flow control operation. Therefore, based on the accumulated value of the garbage, according to different situations, that is, the operator maintains the network demand or the user equipment user's specific demand for the service, the upgrade condition of the trigger condition is also obviously dropped. It is within the scope of the invention to be protected. In the specific implementation, if the statistical result is set to the garbage flow accumulation value, the flow control operation may be performed according to the total amount of garbage sent by the user equipment; if the statistical result is set to the ratio of the accumulated amount of the garbage amount to the accumulated value of the sent amount, The flow control operation can be performed according to the garbage amount ratio of the user equipment.
本发明实施例方法可以根据实际需要对各个步骤顺序进行调整。 在本发明流量控制方法第一实施例中, 接收来自用户设备发送的数据流 之后, 所述数据流是加密数据, 则需要对数据流进行解密操作, 使得加密的 数据流变成明文数据。 相应地, 对来自用户设备的数据流行判断的步骤也要 变为对数据流解密之后的明文数据进行判断。 另外根据具体的网络结构, 本 发明流量控制方法第一实施例中提供的方法可以在不同的网元上执行。 本发 明实施例的执行主体可以是接入网侧的接入设备,比如基站或基站控制器等, 在 LTE网络中可以是 eNodeB, 在 GSM网络中可以 站 (Base Station, BS )或基站控制器( Base Station Controller, BSC )。 本发明实施例的用户设 备可以是手机、 笔记本电脑等。 The method of the embodiment of the present invention can adjust the sequence of each step according to actual needs. In the first embodiment of the flow control method of the present invention, after receiving the data stream sent by the user equipment, the data stream is encrypted data, and then the data stream needs to be decrypted, so that the encrypted data stream becomes plaintext data. Accordingly, the step of judging the data popularity from the user equipment also becomes to judge the plaintext data after the data stream is decrypted. In addition, according to the specific network structure, the method provided in the first embodiment of the flow control method of the present invention can be performed on different network elements. The executor of the embodiment of the present invention may be an access device on the access network side, such as a base station or a base station controller, and may be an eNodeB in the LTE network, or a base station (BS) or a base station controller in the GSM network. (Base Station Controller, BSC). The user equipment in the embodiment of the present invention may be a mobile phone, a notebook computer, or the like.
本发明实施例通过在接入网侧的接入设备上实现对用户设备的流量检测 和控制, 可以减少进入网络的垃圾流量, 同时由于流量控制操作终结于接入 设备, 也可以降低大量的流量检测和控制对核心网带来的负荷。  In the embodiment of the present invention, the traffic detection and control of the user equipment can be implemented on the access device on the access network side, so that the garbage traffic entering the network can be reduced, and at the same time, the traffic control operation is terminated on the access device, and the traffic can be reduced. Detect and control the load on the core network.
图 2为本发明流量控制方法第二实施例的流程图。 如图 2所示, 具体地 以 LTE/S AE网络为例对第二实施例进行说明, 该方法可以包括如下:  2 is a flow chart of a second embodiment of a flow control method according to the present invention. As shown in FIG. 2, the second embodiment is specifically described by taking an LTE/S AE network as an example. The method may include the following:
步骤 201 ,在 LTE接入网中, eNodeB中的空中接口解密模块接收来自用 户设备 ( User Equipment, 以下简称为 UE )发送的数据流。  Step 201: In the LTE access network, the air interface decryption module in the eNodeB receives the data stream sent from the user equipment (User Equipment, hereinafter referred to as UE).
步骤 202, eNodeB中的解码模块对所述数据流进行解密,生成明文数据。 步骤 203 , eNodeB中的累加模块, 根据解码模块生成的明文数据, 对与 所述用户设备对应的发送量积分进行统计处理, 生成发送量累加值, 其中发 送量积分仅用于表示用户设备的发送的数据流总量, 因此根据不同的总量统 计方法可以釆用不同的累加方式。  Step 202: The decoding module in the eNodeB decrypts the data stream to generate plaintext data. Step 203: The accumulating module in the eNodeB performs statistical processing on the sending amount integral corresponding to the user equipment according to the plaintext data generated by the decoding module, and generates a sending amount accumulated value, where the sending amount integral is only used to indicate the sending of the user equipment. The total amount of data flow, so different accumulation methods can be used according to different total statistics methods.
步骤 204, eNodeB中的第一判断模块, 判断所述明文数据是否为垃圾流 量, 其中判断方法具体可以为: 对所述明文数据进行 DPI, 如釆用基于 "特 征字" 的识别技术、 或者釆用应用层网关识别技术、 或者釆用行为模式识别 还可以为基于 ACL的端口过滤的方法, 此方法在防火墙技术中比较成熟, 因 此在这里不再赘述。 Step 204: The first determining module in the eNodeB determines whether the plaintext data is garbage traffic, where the determining method may specifically be: performing DPI on the plaintext data, such as using a "characteristic word" based identification technology, or Application layer gateway identification technology, or behavior pattern recognition can also be an ACL-based port filtering method, which is more mature in firewall technology. This will not be repeated here.
步骤 205, 当所述明文数据是垃圾流量时, eNodeB中的拦截模块, 对所 述明文数据进行拦截处理, 即把垃圾流量从相应的设备中删除, 同时对与所 述用户设备对应的垃圾量积分进行统计处理, 生成垃圾量累加值, 其中垃圾 量积分仅用于表示用户设备发送的垃圾流量总数, 因此根据不同的总量统计 方法可以釆用不同的累加方式, 但是垃圾量积分的统计方法必须和发送量积 分统计方法保持一致。  Step 205: When the plaintext data is garbage traffic, the intercepting module in the eNodeB intercepts the plaintext data, that is, deletes the garbage traffic from the corresponding device, and simultaneously collects the garbage amount corresponding to the user equipment. The score is statistically processed to generate an accumulated amount of garbage, wherein the garbage amount is only used to represent the total amount of garbage flow sent by the user equipment, so different accumulation methods can be used according to different total amount statistics methods, but the statistical method of the garbage amount integral Must be consistent with the method of sending amount integration statistics.
步骤 206, eNodeB中的第二判断模块, 判断所述垃圾量累加值比所述发 送量累加值的比值是否超出门限阀值, 在实际应用过程中, 考虑到 eNodeB 中的第一判断模块的准确性和用户设备发送的数据流的特性等因素, 所述门 限阀值根据具体需要进行设置。  Step 206: The second determining module in the eNodeB determines whether the ratio of the accumulated amount of the garbage amount to the accumulated value of the sending amount exceeds a threshold threshold. In an actual application process, the accuracy of the first determining module in the eNodeB is considered. Factors such as the characteristics of the data stream sent by the user equipment, and the threshold value are set according to specific needs.
步骤 207,若垃圾量累加值比发送量累加值的比值超出门限阀值, eNodeB 中的第二判断模块通知 eNodeB 中的空中接口资源管理模块, 对所述用户设 备进行流量控制操作, 如对所述用户设备进行空中接口数据流量限制操作、 或者对所述用户设备进行空中接口带宽限制操作、 或者对所述用户设备进行 断开连接操作、 或者对所述用户设备进行禁止使用网络操作等。  Step 207: If the ratio of the accumulated amount of the accumulated amount of the accumulated amount exceeds the threshold value, the second determining module in the eNodeB notifies the air interface resource management module in the eNodeB to perform a flow control operation on the user equipment, such as The user equipment performs an air interface data traffic limiting operation, or performs an air interface bandwidth limiting operation on the user equipment, or disconnects the user equipment, or prohibits the network operation of the user equipment.
本发明实施例的用户设备可以是手机、 笔记本电脑等。  The user equipment in the embodiment of the present invention may be a mobile phone, a notebook computer, or the like.
本发明实施例方法可以根据实际需要对各个步骤顺序进行调整。  The method of the embodiment of the present invention can adjust the sequence of each step according to actual needs.
本发明的实施例中所说的 LTE/SAE网络垃圾流量( Spam Flows )可以包 括: 占用空中接口资源的病毒、 蠕虫和 DoS攻击等流量。 本发明流量控制方 法第二实施例 , 通过在 LTE接入网中的 eNodeB上实现垃圾流量检测 , 并且 根据检测到的垃圾流量, 可以对 UE的上行流量进行限制操作, 对网络中的 垃圾流量进行拦截,从而防止了在 PDN-GW上,只能实现检测上行垃圾流量, 不能实现控制上行垃圾流量的缺陷, 使得本发明流量控制方法实施例可以提 高网络的运行效率; 另外本发明流量控制方法实施例, 让空中接口资源管理 终结于 eNodeB上,不需要额外增加 PDN-GW和 LTE接入网中各个网元之间 的通信机制, 降低对相应硬件设备的要求, 也可以降低大量的流量检测和控 制对核心网带来的负荷。 The LTE/SAE network spam flow (Spam Flows) mentioned in the embodiments of the present invention may include: traffic such as viruses, worms, and DoS attacks that occupy air interface resources. In the second embodiment of the flow control method of the present invention, the garbage flow detection is implemented on the eNodeB in the LTE access network, and according to the detected garbage traffic, the uplink traffic of the UE may be restricted, and the garbage traffic in the network is performed. Intercepting, thereby preventing the detection of the upstream garbage traffic on the PDN-GW, and failing to control the upstream garbage traffic, so that the flow control method embodiment of the present invention can improve the operating efficiency of the network; For example, the air interface resource management is terminated on the eNodeB, and there is no need to additionally increase the PDN-GW and the network elements in the LTE access network. The communication mechanism reduces the requirements on the corresponding hardware devices, and can also reduce the load on the core network caused by a large amount of traffic detection and control.
在本发明流量控制方法第二实施例中, 还可以包括如下步骤, 具体为: 步骤 208, 当所述明文数据不是垃圾流量时, eNodeB中的对所述明文数据进 行发送处理。 具体发送的时候, 可以根据 GTP-U ( GPRS Tunneling Protocol - Packet Data User Plane )的通信协议,对所述明文数据进行处理,并生成 GTP-U 数据包之后, 发送到 SGW。 这样可以将净化后的明文数据发送到 SGW。  In the second embodiment of the flow control method of the present invention, the following steps may be further included: Step 208: When the plaintext data is not garbage traffic, the eNodeB performs the sending process on the plaintext data. When the data is specifically transmitted, the plaintext data may be processed according to the communication protocol of the GTP-U (GPRS Tunneling Protocol - Packet Data User Plane), and the GTP-U data packet is generated and sent to the SGW. This will send the cleaned plaintext data to the SGW.
在本发明流量控制方法第二实施例中, 对明文数据进行拦截处理之后还 可以包括:  In the second embodiment of the flow control method of the present invention, after the intercepting the plaintext data, the method may further include:
步骤 209, 安全管理控制后台根据被拦截的明文数据, 生成日志、 或生 成告警、 或生成垃圾流量特征信息。 进一步地, 安全管理控后台还可以将生 成的日志、 告警或垃圾流量特征信息等, 以短信或电子邮件方式通知 UE进 行相应处理, 如进行杀毒等; 还可以将生成的日志、 告警或垃圾流量特征信 息等直接输出到其他设备中, 并进行进一步的分析处理。  Step 209: The security management control background generates a log according to the intercepted plaintext data, or generates an alarm, or generates garbage traffic characteristic information. Further, the security management control background may also send the generated log, alarm or garbage traffic characteristic information to the UE by SMS or email, for example, performing anti-virus; and may also generate generated logs, alarms or garbage flows. The feature information and the like are directly output to other devices, and further analysis processing is performed.
图 3为本发明接入设备第一实施例的结构示意图。 如图 3所示, 该设备 可以为移动网络中的接入设备, 包括:  FIG. 3 is a schematic structural diagram of a first embodiment of an access device according to the present invention. As shown in FIG. 3, the device may be an access device in a mobile network, including:
接收单元 11 , 用于接收来自用户设备的数据流;  a receiving unit 11 , configured to receive a data stream from the user equipment;
判断单元 12, 用于判断对所述来自用户设备的数据流是否为垃圾流量; 空中接口资源管理单元 13 , 用于若所述数据流为垃圾流量, 则对所述用 户设备进行流量控制操作。  The determining unit 12 is configured to determine whether the data flow from the user equipment is garbage traffic; and the air interface resource management unit 13 is configured to perform a flow control operation on the user equipment if the data flow is garbage traffic.
在本发明接入设备第一实施例中,接收来自用户设备发送的数据流之后, 所述数据流是加密数据, 则需要对数据流进行解密操作, 使得加密的数据流 变成明文数据。 相应地, 对来自用户设备的数据流行判断的步骤也要变为对 数据流解密之后的明文数据进行判断。 另外根据具体的网络结构, 本发明接 入设备第一实施例中提供的设备可以设置在不同的网元上。 本发明实施例的 接入设备可以是接入网侧的基站或基站控制器等, 或者是 LTE 网络的 eNodeB, 或者是 GSM网络的基站( Base Station, BS )或基站控制器( Base Station Controller, BSC ) 。 本发明实施例的用户设备可以是手机、 笔记本电 脑等。 In the first embodiment of the access device of the present invention, after receiving the data stream sent by the user equipment, the data stream is encrypted data, and then the data stream needs to be decrypted, so that the encrypted data stream becomes plaintext data. Accordingly, the step of judging the data popularity from the user equipment also becomes to judge the plaintext data after the data stream is decrypted. In addition, according to the specific network structure, the device provided in the first embodiment of the access device of the present invention may be set on different network elements. The access device in the embodiment of the present invention may be a base station or a base station controller on the access network side, or an LTE network. The eNodeB is either a base station (BS) of the GSM network or a Base Station Controller (BSC). The user equipment in the embodiment of the present invention may be a mobile phone, a notebook computer, or the like.
本发明实施例的各个单元可以集成于一体, 也可以分离部署。 上述单 元可以合并为一个单元, 也可以进一步拆分成多个子单元。  The various units of the embodiments of the present invention may be integrated or may be deployed separately. The above units may be combined into one unit, or may be further split into a plurality of subunits.
本发明实施例通过在接入设备上实现对用户设备的流量检测和控制, 可 以减少进入网络的垃圾流量, 同时由于流量控制操作终结于接入设备, 也可 以降低大量的流量检测和控制对核心网带来的负荷。  In the embodiment of the present invention, traffic detection and control of the user equipment can be implemented on the access device, so that the garbage traffic entering the network can be reduced, and at the same time, because the traffic control operation ends in the access device, a large amount of traffic detection and control can be reduced to the core. The load brought by the net.
在本发明实施例中, 所述接收单元具体包括: 接收模块, 用于接收来自 用户设备的数据流; 解码模块, 用于对所述数据流进行解密, 生成明文数据; 累加模块, 用于根据所述明文数据, 与所述用户设备对应的发送量积分进行 统计处理, 生成发送量累加值。  In the embodiment of the present invention, the receiving unit specifically includes: a receiving module, configured to receive a data stream from the user equipment; a decoding module, configured to decrypt the data stream to generate plaintext data; and an accumulation module, configured to The plaintext data is statistically processed by the transmission amount integral corresponding to the user equipment, and a transmission amount accumulated value is generated.
在本发明实施例中, 所述判断单元具体包括: 第一判断模块, 用于判断 所述明文数据是否为垃圾流量; 拦截模块, 用于当第一判断模块判断出所述 明文数据是垃圾流量时, 对所述明文数据进行拦截处理, 与所述用户设备对 应的垃圾量积分进行统计处理, 生成垃圾量累加值; 第二判断模块, 用于判 断基于垃圾量累加值和发送量累加值的统计结果是否超出预先设置的门限阀 值。 此时, 在本发明实施例中, 所述空中接口资源管理单元具体为: 空中接 口资源管理模块, 用于当第二判断模块判断出超出门限阀值时, 对所述用户 设备进行流量控制操作。  In the embodiment of the present invention, the determining unit specifically includes: a first determining module, configured to determine whether the plaintext data is garbage flow; and an intercepting module, configured to: when the first determining module determines that the plaintext data is garbage traffic And performing interception processing on the plaintext data, performing statistical processing on the garbage amount corresponding to the user equipment, and generating an accumulated amount of garbage amount; and second determining module, configured to determine the cumulative value based on the garbage amount and the accumulated value of the sending amount Whether the statistical result exceeds the preset threshold value. In this embodiment, the air interface resource management unit is specifically configured to: an air interface resource management module, configured to perform a flow control operation on the user equipment when the second determining module determines that the threshold threshold is exceeded .
图 4为本发明接入设备第二实施例的结构示意图。 如图 4所示, 该设备 可以为移动网络中的接入设备, 包括:  FIG. 4 is a schematic structural diagram of a second embodiment of an access device according to the present invention. As shown in FIG. 4, the device may be an access device in a mobile network, including:
接收模块 21 , 用于接收来自用户设备(UE ) 的数据流。  The receiving module 21 is configured to receive a data stream from a user equipment (UE).
解码模块 22, 用于对接收模块 21接收的数据流进行解密, 生成与数据 流对应的明文数据。  The decoding module 22 is configured to decrypt the data stream received by the receiving module 21 to generate plaintext data corresponding to the data stream.
累加模块 26, 用于根据所述明文数据, 与所述用户设备对应的发送量积 分进行统计处理, 生成发送量累加值, 其中发送量积分仅用于表示用户设备 的发送的数据流总量, 因此根据不同的总量统计方法可以釆用不同的累加方 式。 The accumulating module 26 is configured to send a quantity product corresponding to the user equipment according to the plaintext data. The statistical processing is performed to generate a transmission amount accumulated value, wherein the transmission amount integration is only used to indicate the total amount of data streams transmitted by the user equipment, and therefore different accumulation methods may be used according to different total amount statistics methods.
第一判断模块 23 , 用于判断所述明文数据是否为垃圾流量, 其中判断方 法具体可以为: 对所述明文数据进行 DPI, 如釆用基于 "特征字" 的识别技 术、 或者釆用应用层网关识别技术、 或者釆用行为模式识别技术, 并判断所 述明文数据的应用层上是否存在垃圾流量, 其中实现判断的方法还可以为基 于 ACL的端口过滤的方法, 此方法在防火墙技术中比较成熟, 因此在这里不 再赘述。  The first judging module 23 is configured to determine whether the plaintext data is garbage flow, wherein the determining method may be: performing DPI on the plaintext data, such as using a "characteristic word" based identification technology, or using an application layer The gateway identification technology or the behavior pattern recognition technology is used to determine whether there is garbage flow on the application layer of the plaintext data, and the method for implementing the judgment may also be an ACL-based port filtering method, which is compared in the firewall technology. Mature, so I won't go into details here.
拦截模块 24, 用于当第一判断模块判断出所述明文数据是垃圾流量时, 对所述明文数据进行拦截处理, 即把所述明文数据回送给用户设备、 或者把 所述明文数据从相应的设备中删除, 同时对与所述用户设备对应的垃圾量积 分进行统计处理, 生成垃圾量累加值, 其中垃圾量积分仅用于表示用户设备 发送的垃圾流量总数, 因此根据不同的总量统计方法可以釆用不同的累加方 式, 但是垃圾量积分的统计方法必须和发送量积分统计方法保持一致。  The intercepting module 24 is configured to: when the first determining module determines that the plaintext data is garbage traffic, intercept the plaintext data, that is, send the plaintext data back to the user equipment, or send the plaintext data from the corresponding The device is deleted, and the garbage amount corresponding to the user equipment is statistically processed to generate a garbage accumulation value, wherein the garbage amount is only used to represent the total amount of garbage traffic sent by the user equipment, and therefore, according to different total statistics. The method can use different accumulation methods, but the statistical method of the garbage amount integration must be consistent with the transmission amount integration statistics method.
第二判断模块 25, 用于判断基于垃圾量累加值和发送量累加值的统计结 果超出预先设置的门限阀值, 在实际应用过程中, 考虑到接入设备中的第一 判断模块的准确性和用户设备发送的数据流的特性等因素, 可以根据具体需 要设置门限阀值, 并且所述统计结果包括所述垃圾流量累加值、 垃圾量累加 值与发送量累加值的比值、 或者是该比值的简单变换等。  The second judging module 25 is configured to determine that the statistical result based on the accumulative value of the garbage quantity and the accumulated value of the sending quantity exceeds a preset threshold value. In the actual application process, the accuracy of the first judging module in the access device is considered. The threshold value may be set according to a specific requirement of the data stream sent by the user equipment, and the statistical result includes the garbage flow accumulation value, the ratio of the garbage accumulation value to the transmission amount accumulated value, or the ratio Simple transformations, etc.
空中接口资源管理模块 27, 当第二判断模块判断出超出门限阀值时, 用 于对所述用户设备进行流量控制操作, 如对所述用户设备进行空中接口数据 流量限制操作、 或者对所述用户设备进行空中接口带宽限制操作、 或者对所 述用户设备进行断开连接操作、 或者对所述用户设备进行禁止使用网络操作 等。  The air interface resource management module 27 is configured to perform a flow control operation on the user equipment, such as performing an air interface data traffic limiting operation on the user equipment, or in the performing, when the second determining module determines that the threshold threshold is exceeded. The user equipment performs an air interface bandwidth limiting operation, or disconnects the user equipment, or prohibits the network operation of the user equipment.
其中, 接收模块 21、 解码模块 22、 累加模块 26、 第一判断模块 23、 拦 截模块 24、 第二判断模块 25和空中接口资源管理模块 27组成了接入设备。 在本发明流量控制装置实施例中,在接入设备中还可以包括发送模块 28, 用于当第一判断模块判断出所述明文数据不是垃圾流量时, 对所述明文数据 进行发送处理。 具体可以为: 发送模块 28将明文数据封装成 GTP-U数据包, 并发送给服务网关 20 ( Serving Gateway ) 。 进一步地, 在本发明流量控制装 置实施例中, 在接入设备外还可以有安全管理控制后台 29, 当第一判断模块 判断出所述明文数据是垃圾流量时, 根据所述明文数据, 用于生成日志、 或 生成告警、 或生成垃圾流量特征信息。 更进一步的, 在本发明流量控制装置 实施例中, 还可以增加通知模块, 根据所述日志、 或者告警、 或者垃圾流量 特征信息, 用于通知用户设备进行杀毒。 The receiving module 21, the decoding module 22, the accumulating module 26, the first judging module 23, and the blocking The intercepting module 24, the second judging module 25 and the air interface resource management module 27 constitute an access device. In the embodiment of the flow control device of the present invention, the access device may further include a sending module 28, configured to: when the first determining module determines that the plaintext data is not garbage traffic, send the plaintext data. Specifically, the sending module 28 encapsulates the plaintext data into a GTP-U data packet, and sends the data to the serving gateway 20 (Serving Gateway). Further, in the embodiment of the flow control device of the present invention, the security management control background 29 may be further disposed outside the access device. When the first determining module determines that the plaintext data is garbage traffic, according to the plaintext data, Generate logs, or generate alerts, or generate garbage traffic characteristics. Further, in the embodiment of the flow control device of the present invention, the notification module may be further configured to notify the user equipment to perform antivirus according to the log, or the alarm, or the garbage flow characteristic information.
本发明实施例的接入设备, 可以是基站或基站控制器等, 在 LTE网络中 可以是 eNodeB, 在 GSM网络中可以 站( Base Station, BS )或基站控制 器( Base Station Controller, BSC ) 。 本发明实施例的用户设备可以是手机、 笔记本电脑等。  The access device in the embodiment of the present invention may be a base station or a base station controller, and may be an eNodeB in the LTE network, and may be a base station (BS) or a base station controller (BSC) in the GSM network. The user equipment in the embodiment of the present invention may be a mobile phone, a notebook computer, or the like.
本发明实施例的各个单元可以集成于一体, 也可以分离部署。 上述单 元可以合并为一个单元, 也可以进一步拆分成多个子单元。  The various units of the embodiments of the present invention may be integrated or may be deployed separately. The above units may be combined into one unit, or may be further split into a plurality of subunits.
本发明实施例通过在接入网侧的接入设备上实现对用户设备的流量检测 和控制, 可以对 UE的上行流量进行限制操作, 减少进入网络的垃圾流量, 同时由于流量控制操作终结于接入设备, 也可以降低大量的流量检测和控制 对核心网带来的负荷。  In the embodiment of the present invention, the traffic detection and control of the user equipment is implemented on the access device on the access network side, and the uplink traffic of the UE can be restricted, the garbage traffic entering the network is reduced, and the traffic control operation is terminated. Into the device, it can also reduce the load on the core network caused by a large amount of traffic detection and control.
图 5为本发明网络系统实施例的结构示意图。 如图 5所示, 应用于移动 网络中, 该系统可以包括:  FIG. 5 is a schematic structural diagram of an embodiment of a network system according to the present invention. As shown in FIG. 5, applied to a mobile network, the system may include:
用户设备 31 , 用于发送用户设备的数据流;  a user equipment 31, configured to send a data stream of the user equipment;
接入设备 32, 用于接收来自用户设备的数据流; 当所述数据流为垃圾流 量时, 对所述用户设备进行流量控制操作。  The access device 32 is configured to receive a data flow from the user equipment, and perform a flow control operation on the user equipment when the data flow is a garbage flow.
本发明实施例的用户设备 31可以是手机、 笔记本电脑等。 本发明实施例的接入设备 32可以是基站或基站控制器等, 在 LTE网络 中可以是 eNodeB, 在 GSM网络中可以是基站( Base Station, BS )或基站控 制器( Base Station Controller, BSC ) 。 The user equipment 31 of the embodiment of the present invention may be a mobile phone, a notebook computer or the like. The access device 32 of the embodiment of the present invention may be a base station or a base station controller, etc., and may be an eNodeB in an LTE network, or a base station (Base Station, BS) or a base station controller (BSC) in a GSM network. .
在 LTE网络中, 接入设备 32可以是 eNodeB, eNodeB包括流量控制模 块, 用于当所述数据流为垃圾流量时, 对所述数据流进行拦截处理, 用户设 备发送的数据流的垃圾量累加值与发送量累加值的比值大于门限阀值时, 对 所述用户设备进行流量控制操作。  In the LTE network, the access device 32 may be an eNodeB, and the eNodeB includes a flow control module, configured to intercept the data flow when the data flow is garbage traffic, and accumulate the garbage flow of the data flow sent by the user equipment. When the ratio of the value to the accumulated value of the transmission amount is greater than the threshold threshold, the flow control operation is performed on the user equipment.
本发明流量控制系统实施例, 通过对用户设备发送的数据流进行检测之 后, 通过位于 eNodeB上的流量控制模块对用户设备的上行流量进行流量控 制的系统, 克服了现有技术不能有效地控制用户设备上行流量的缺陷, 并且 由于流量控制操作终结于 eNodeB,可以降低大量的流量检测和控制对核心网 带来的负荷。  In the embodiment of the flow control system of the present invention, after the data stream sent by the user equipment is detected, the flow control module located on the eNodeB performs flow control on the uplink traffic of the user equipment, and the prior art cannot effectively control the user. The defect of the upstream traffic of the device, and because the flow control operation ends in the eNodeB, can reduce the load on the core network caused by a large amount of traffic detection and control.
在本发明流量控制系统实施例中, 流量控制模块可以集成于本发明流量控 制装置实施例中 eNodeB部分, 该流量控制模块可以是一个集成电路模块, 也 可以是一段程序代码, 也可以是集成电路和程序代码的有机结合。 本发明实 施例系统的各个单元可以集成于一个装置, 也可以分布于多个装置。 上述 单元可以合并为一个单元, 也可以进一步拆分成多个子单元。  In the embodiment of the flow control system of the present invention, the flow control module may be integrated into the eNodeB part of the flow control device embodiment of the present invention. The flow control module may be an integrated circuit module, a program code, or an integrated circuit. An organic combination with the program code. The various units of the system of the present invention may be integrated into one device or distributed across multiple devices. The above units may be combined into one unit, or may be further split into a plurality of subunits.
在本发明流量控制系统实施例中, 流量控制系统还可以包括: 安全管理 控制模块 33 , 用于对所述用户设备进行流量控制操作之后, 根据所述流量控 制操作生成日志、 或生成告警、 或生成垃圾流量特征信息。 这样的话, 当流 量控制模块对用户设备进行上行流量控制之后, 在通过安全管理控制模块通 知该用户设备自己进行杀毒操作或者是检测操作, 从而可以在根本上解决进 入网络的垃圾流量。  In the embodiment of the flow control system of the present invention, the flow control system may further include: a security management control module 33, configured to generate a log or generate an alarm according to the flow control operation after performing a flow control operation on the user equipment, or Generate garbage flow characteristics information. In this case, after the traffic control module performs uplink traffic control on the user equipment, the user equipment is notified by the security management control module to perform an anti-virus operation or a detection operation, thereby fundamentally solving the garbage traffic entering the network.
本发明实施例通过在接入网侧的接入设备上实现对用户设备的流量检测 和控制, 可以减少进入网络的垃圾流量, 同时由于流量控制操作终结于接入 设备, 也可以降低大量的流量检测和控制对核心网带来的负荷。 本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步骤 可以通过程序指令相关的硬件来完成, 前述的程序可以存储于一计算机可读 取存储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述 的存储介质包括: ROM, RAM, 磁碟或者光盘等各种可以存储程序代码的介 质。 In the embodiment of the present invention, the traffic detection and control of the user equipment can be implemented on the access device on the access network side, so that the garbage traffic entering the network can be reduced, and at the same time, the traffic control operation is terminated on the access device, and the traffic can be reduced. Detect and control the load on the core network. A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The method includes the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
本领域技术人员可以理解, 可以使用许多不同的工艺和技术中的任意一 种来表示信息、 消息和信号。 例如, 上述说明中提到过的消息、 信息都可以 表示为电压、 电流、 电磁波、 磁场或磁性粒子、 光场或以上任意组合。  Those skilled in the art will appreciate that information, messages, and signals can be represented using any of a number of different processes and techniques. For example, the messages and information mentioned in the above description can be expressed as voltage, current, electromagnetic wave, magnetic field or magnetic particle, light field or any combination of the above.
最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对其 限制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通技术 人员应当理解: 其依然可以对前述各实施例所记载的技术方案进行修改, 或 者对其中部分技术特征进行等同替换; 而这些修改或者替换, 并不使相应技 术方案的本质脱离本发明各实施例技术方案的精神和范围。  It should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: The technical solutions described in the foregoing embodiments are modified, or some of the technical features are equivalently replaced. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

权 利 要 求 Rights request
1、 一种流量控制方法, 其特征在于, 应用于移动通信网络, 包括: 接收来自用户设备的数据流;  A flow control method, comprising: applying to a mobile communication network, comprising: receiving a data stream from a user equipment;
判断对所述来自用户设备的数据流是否为垃圾流量;  Determining whether the data flow from the user equipment is garbage traffic;
若所述数据流为垃圾流量, 则对所述用户设备进行流量控制操作。  If the data stream is garbage traffic, perform flow control operations on the user equipment.
2、 根据权利要求 1所述的流量控制方法, 其特征在于, 若所述数据流为 垃圾流量, 则对所述用户设备进行流量控制操作包括:  The flow control method according to claim 1, wherein if the data flow is garbage flow, performing flow control operations on the user equipment includes:
若所述数据流为垃圾流量, 则统计所述垃圾流量, 得到统计结果, 当统 计结果超过预先设置的门限值时, 对所述用户设备进行流量控制操作。  If the data flow is garbage flow, the garbage flow is counted, and a statistical result is obtained. When the statistical result exceeds a preset threshold, the user equipment is subjected to a flow control operation.
3、根据权利要求 2所述的流量控制方法, 其特征在于所述统计结果包括 垃圾流量累加值、 或垃圾量累加值、 或发送量累加值的比值、 或所述比值的 变换。  The flow control method according to claim 2, wherein the statistical result comprises a garbage flow accumulated value, or a garbage accumulated value, or a ratio of the transmitted amount accumulated value, or a transformation of the ratio.
4、 根据权利要求 2所述的流量控制方法, 其特征在于, 若所述数据流为 垃圾流量, 则统计所述垃圾流量, 得到统计结果, 当所述统计结果超过预先 设置的门限阀值时, 对所述用户设备进行流量控制操作包括:  The flow control method according to claim 2, wherein if the data flow is garbage flow, the garbage flow is counted, and a statistical result is obtained, when the statistical result exceeds a preset threshold value. And performing flow control operations on the user equipment, including:
根据所述数据流, 与所述用户设备对应的发送量积分进行统计处理, 生 成发送量累加值;  And performing statistical processing on the transmission amount integral corresponding to the user equipment according to the data stream, and generating a transmission amount accumulated value;
若所述数据流是垃圾流量, 对所述数据流进行拦截处理, 与所述用户设 备对应的垃圾量积分进行统计处理, 生成垃圾量累加值;  If the data stream is a garbage flow, the data flow is intercepted, and the garbage amount corresponding to the user equipment is statistically processed to generate an accumulated amount of garbage;
判断所述垃圾量累加值比所述发送量累加值的比值是否超出门限阀值, 若超出门限阀值, 对所述用户设备进行流量控制操作。  And determining whether the ratio of the accumulated amount of the garbage amount to the accumulated value of the sending amount exceeds a threshold threshold, and if the threshold value is exceeded, performing flow control operations on the user equipment.
5、 根据权利要求 4所述的流量控制方法, 其特征在于, 对所述用户设备 进行流量控制操作包括:  The flow control method according to claim 4, wherein the performing flow control operations on the user equipment comprises:
对所述用户设备进行空中接口数据流量限制操作、 或者对所述用户设备 进行空中接口带宽限制操作、 或者对所述用户设备进行断开连接操作、 或者 对所述用户设备进行禁止使用网络操作。 Performing an air interface data traffic limiting operation on the user equipment, or performing an air interface bandwidth limiting operation on the user equipment, or performing a disconnection operation on the user equipment, or performing a network operation prohibiting the user equipment.
6、 根据权利要求 4或 5所述的流量控制方法, 其特征在于, 对所述用户 设备进行流量控制操作之后还包括: The flow control method according to claim 4 or 5, further comprising: after performing the flow control operation on the user equipment,
根据所述明文数据, 生成日志、 或生成告警、 或生成垃圾流量特征信息。 Generate a log, or generate an alarm, or generate garbage flow characteristic information according to the plaintext data.
7、 根据权利要求 6所述的流量控制方法, 其特征在于还包括: 7. The flow control method according to claim 6, further comprising:
根据所述日志、 或告警、 或垃圾流量特征信息, 通知用户设备进行相应 处理。  The user equipment is notified to perform corresponding processing according to the log, alarm, or garbage flow characteristic information.
8、 一种接入设备, 其特征在于, 包括:  8. An access device, comprising:
接收单元, 用于接收来自用户设备的数据流;  a receiving unit, configured to receive a data stream from the user equipment;
判断单元, 用于判断对所述来自用户设备的数据流是否为垃圾流量; 空中接口资源管理单元, 用于当所述数据流为垃圾流量时, 则对所述用 户设备进行流量控制操作。  The determining unit is configured to determine whether the data flow from the user equipment is garbage traffic; and the air interface resource management unit is configured to perform a flow control operation on the user equipment when the data flow is garbage traffic.
9、 根据权利要求 8所述的接入设备, 其特征在于, 所述接收单元具体包 括:  The access device according to claim 8, wherein the receiving unit specifically includes:
接收模块, 用于接收来自用户设备的数据流;  a receiving module, configured to receive a data stream from the user equipment;
解码模块, 用于对所述数据流进行解密, 生成明文数据;  a decoding module, configured to decrypt the data stream to generate plaintext data;
累加模块, 用于根据所述明文数据, 与所述用户设备对应的发送量积分 进行统计处理, 生成发送量累加值。  And an accumulating module, configured to perform statistical processing on the transmission amount integral corresponding to the user equipment according to the plaintext data, to generate a transmission amount accumulated value.
10、 根据权利要求 8所述的接入设备, 其特征在于, 所述判断单元具体 包括:  The access device according to claim 8, wherein the determining unit specifically includes:
第一判断模块, 用于判断所述明文数据是否为垃圾流量;  a first determining module, configured to determine whether the plaintext data is garbage traffic;
拦截模块, 用于当第一判断模块判断出所述明文数据是垃圾流量时, 对 所述明文数据进行拦截处理, 与所述用户设备对应的垃圾量积分进行统计处 理, 生成垃圾量累加值;  The intercepting module is configured to: when the first determining module determines that the plaintext data is garbage traffic, intercept the plaintext data, perform statistical processing on the garbage amount corresponding to the user equipment, and generate an accumulated amount of garbage;
第二判断模块, 用于判断基于垃圾量累加值和发送量累加值的统计结果 是否超出预先设置的门限阀值。  The second judging module is configured to determine whether the statistical result based on the accumulative value of the garbage amount and the accumulated value of the sending amount exceeds a preset threshold value.
1 1、 根据权利要求 10所述的接入设备, 其特征在于, 所述空中接口资源 管理单元具体为: 1 1. The access device according to claim 10, wherein the air interface resource The management unit is specifically:
空中接口资源管理模块, 用于当第二判断模块判断出超出门限阀值时, 对所述用户设备进行流量控制操作。  The air interface resource management module is configured to perform a flow control operation on the user equipment when the second determining module determines that the threshold threshold is exceeded.
12、 根据权利要求 10所述的接入设备, 其特征在于还包括:  12. The access device of claim 10, further comprising:
发送模块, 用于当第一判断模块判断出所述明文数据不是垃圾流量时, 对所述明文数据进行发送处理。  And a sending module, configured to: when the first determining module determines that the plaintext data is not garbage traffic, send the plaintext data.
13、 根据权利要求 10所述的接入设备, 其特征在于还包括:  13. The access device of claim 10, further comprising:
安全管理控制后台, 用于当第一判断模块判断出所述明文数据是垃圾流 量时, 根据所述明文数据生成日志、 或生成告警、 或生成垃圾流量特征信息。  The security management control background is configured to generate a log according to the plaintext data, generate an alarm, or generate garbage flow characteristic information when the first determining module determines that the plaintext data is garbage flow.
14、 根据权利要求 13所述的接入设备, 其特征在于还包括:  14. The access device of claim 13, further comprising:
通知模块, 用于根据所述日志、 或者告警、 或者垃圾流量特征信息通知 用户设备进行相应处理。  The notification module is configured to notify the user equipment to perform corresponding processing according to the log, the alarm, or the garbage flow characteristic information.
15、 一种网络系统, 其特征在于, 包括:  15. A network system, comprising:
用户设备, 用于向接入设备发送用户设备的数据流;  a user equipment, configured to send a data stream of the user equipment to the access device;
接入设备, 用于接收来自用户设备的数据流; 当所述数据流为垃圾流量 时, 对所述用户设备进行流量控制操作。  And an access device, configured to receive a data flow from the user equipment, and perform flow control operations on the user equipment when the data flow is garbage traffic.
16、 根据权利要求 15所述的网络系统, 其特征在于, 还包括:  The network system according to claim 15, further comprising:
安全管理控制模块, 用于在流量控制模块对所述用户设备进行流量控制 操作之后, 根据所述流量控制操作生成日志、 或生成告警、 或生成垃圾流量 特征信息。  The security management control module is configured to generate a log, generate an alarm, or generate garbage traffic characteristic information according to the flow control operation after the flow control module performs a flow control operation on the user equipment.
PCT/CN2009/070167 2008-01-25 2009-01-15 Flow control method, access equipment and network system WO2009097777A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810056880.9 2008-01-25
CN200810056880.9A CN101494598B (en) 2008-01-25 2008-01-25 Flow control method, device and system

Publications (1)

Publication Number Publication Date
WO2009097777A1 true WO2009097777A1 (en) 2009-08-13

Family

ID=40925013

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070167 WO2009097777A1 (en) 2008-01-25 2009-01-15 Flow control method, access equipment and network system

Country Status (2)

Country Link
CN (1) CN101494598B (en)
WO (1) WO2009097777A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065483B (en) * 2009-11-18 2013-12-04 华为技术有限公司 Flow controlling method and device
CN106470421A (en) * 2015-08-20 2017-03-01 中国移动通信集团公司 A kind of method and apparatus preventing malicious peer from illegally occupying resources of core network
CN105517047B (en) * 2015-11-26 2018-11-27 京信通信系统(中国)有限公司 Base station flow shaping method and system
CN109474447B (en) * 2017-09-07 2022-04-12 北京京东尚科信息技术有限公司 Alarm method and device for real-time monitoring system
CN109462586A (en) * 2018-11-08 2019-03-12 北京知道创宇信息技术有限公司 Flow monitoring method, device and execute server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700658A (en) * 2005-06-21 2005-11-23 广东省电信有限公司研究院 Detecting and positioning method of spam server
CN1719812A (en) * 2005-08-08 2006-01-11 北京中星微电子有限公司 Method and system for filtering refuse E-mail
JP2006166042A (en) * 2004-12-08 2006-06-22 Nec Corp E-mail filtering system, mail transfer device and e-mail filtering method used for them
CN1905408A (en) * 2006-08-04 2007-01-31 华为技术有限公司 Method and apparatus for monitoring message

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006166042A (en) * 2004-12-08 2006-06-22 Nec Corp E-mail filtering system, mail transfer device and e-mail filtering method used for them
CN1700658A (en) * 2005-06-21 2005-11-23 广东省电信有限公司研究院 Detecting and positioning method of spam server
CN1719812A (en) * 2005-08-08 2006-01-11 北京中星微电子有限公司 Method and system for filtering refuse E-mail
CN1905408A (en) * 2006-08-04 2007-01-31 华为技术有限公司 Method and apparatus for monitoring message

Also Published As

Publication number Publication date
CN101494598B (en) 2013-06-05
CN101494598A (en) 2009-07-29

Similar Documents

Publication Publication Date Title
CN108886515B (en) Method and protection device for preventing malicious information communication in an IP network by utilizing a benign networking protocol
US8341739B2 (en) Managing network security
US8495739B2 (en) System and method for ensuring scanning of files without caching the files to network device
Abdelrahman et al. Signalling storms in 3G mobile networks
EP3257284B1 (en) Mitigating the impact from internet attacks in a ran using internet transport
US20130263261A1 (en) Centralized security management system
US20060272025A1 (en) Processing of packet data in a communication system
US11153334B2 (en) Automatic detection of malicious packets in DDoS attacks using an encoding scheme
US7917953B2 (en) Methods and systems for reducing the spread of files on a network
JP6599819B2 (en) Packet relay device
US10313238B2 (en) Communication system, communication method, and non-transitiory computer readable medium storing program
WO2009097777A1 (en) Flow control method, access equipment and network system
Henrydoss et al. Critical security review and study of DDoS attacks on LTE mobile network
JP6495175B2 (en) Systems that protect mobile networks
EP3257286B1 (en) Mitigating the impact from internet attacks in a ran using internet transport
Gelenbe et al. Countering mobile signaling storms with counters
US20150341361A1 (en) Controlling a Mobile Device in a Telecommunications Network
US20230139435A1 (en) System and method for progressive traffic inspection and treatment ina network
Shi et al. Feedback based Sampling for Intrusion Detection in Software Defined Network
JP6581053B2 (en) Flow analysis apparatus, traffic analysis system, and flow analysis method
EP3257285B1 (en) Mitigating the impact from internet attacks in a ran using internet transport
Li et al. In-Network Collaborative Link Flooding Attack Defense with Adaptive Anomaly Analysis
Ayyaz et al. A novel security system for preventing DoS attacks on 4G LTE networks
Sekwon et al. A System for Detecting a Port Scanner in 3G WCDMA Mobile Networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09709194

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09709194

Country of ref document: EP

Kind code of ref document: A1