WO2010102570A1 - Procédé et appareil pour réaliser un accès internet « vert » - Google Patents

Procédé et appareil pour réaliser un accès internet « vert » Download PDF

Info

Publication number
WO2010102570A1
WO2010102570A1 PCT/CN2010/070980 CN2010070980W WO2010102570A1 WO 2010102570 A1 WO2010102570 A1 WO 2010102570A1 CN 2010070980 W CN2010070980 W CN 2010070980W WO 2010102570 A1 WO2010102570 A1 WO 2010102570A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
data stream
access
service type
control
Prior art date
Application number
PCT/CN2010/070980
Other languages
English (en)
Chinese (zh)
Inventor
杨建平
于锋
刘国清
Original Assignee
成都市华为赛门铁克科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都市华为赛门铁克科技有限公司 filed Critical 成都市华为赛门铁克科技有限公司
Publication of WO2010102570A1 publication Critical patent/WO2010102570A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering

Definitions

  • the present invention relates to the field of network technologies, and in particular, to a method and apparatus for implementing green Internet access. Background technique
  • Green Internet access is a value-added service based on Internet users. It can provide users with Internet content filtering services to block bad information on the Internet. Through the control of Internet access, the green network can control the content, time, and port of the user to access the Internet, prohibiting or restricting specific users from accessing yellow, violent, harmful, and reactionary Internet content. In practical applications, the green Internet access can implement the parent-child account function, and the parent-child account can have two different access rights. When the parent account is online, it can be the same as the ordinary broadband user without any access restriction, and can also set the access permission limit, and the Internet content accessed by the sub-account is controlled to achieve the filtering of the access content of the Internet, thereby realizing green Internet access.
  • a branching system can be installed at the exit of the Layer 2 Tunneling Protocol Network Server (LNS), and the traffic of the green Internet users is diverted to the green Internet monitoring system by the traffic distribution system.
  • the green Internet monitoring system detects the traffic of green Internet users and performs green Internet shielding services according to user types.
  • the user who uses the parent account can log in to the self-service system in the green Internet monitoring system through the parent account, configure the online time, Internet time, and Internet content of the sub-accounting user; the green Internet monitoring system according to the policy formulated by the parent account user to the sub-account user Online behavior is controlled.
  • the existing green Internet access technology has at least the following defects: the existing green Internet monitoring system can recognize the HTTP (Hypertext Transfer Protocol) protocol through the standard port, but cannot identify the HTTP protocol of the non-standard port, and can not identify the HTTP.
  • the video, FLASH and other content in the agreement are classified.
  • the existing green Internet monitoring system can identify very few through the port number.
  • Application types such as QQ, MSN, a small number of games, etc.; its ability to recognize certain online games, chat tools, videos, PPP (Point to Point Protocol) downloads, VOIP (Voice over Internet Protocol), etc. Limited, can not achieve effective control of Internet access services. Summary of the invention
  • the purpose of the embodiments of the present invention is to provide a method and apparatus for implementing green Internet access to implement effective control of Internet access services.
  • a method for implementing green Internet access includes the following steps: When a service needs to access a network, acquiring a data flow of the service access network;
  • the service is controlled on the Internet by using a control policy corresponding to the service type of the data stream.
  • an apparatus for implementing a green Internet access including: a data stream obtaining module, configured to acquire a data stream of the service access network when a service needs to access a network;
  • An identification module configured to identify a service type of the data flow by using a deep packet inspection technology, to obtain a service type of the data flow;
  • the Internet access control module is configured to perform online control on the service by using a control policy corresponding to a service type of the data stream.
  • the embodiment of the present invention has the following advantages: When a service needs to access a network, the data flow of the service access network is acquired, and the service type of the data flow is identified by using a deep packet inspection technology. And controlling the service by using a control policy corresponding to the service type of the data stream.
  • the foregoing technical solution can implement effective network access control for the HTTP protocol Internet service of the standard port, the HTTP protocol Internet service of the non-standard port, and the non-HTTP protocol Internet service, thereby realizing a secure green Internet access.
  • FIG. 1 is a schematic diagram of a method for implementing green Internet access according to Embodiment 1 of the present invention
  • FIG. 2 is a schematic flowchart showing a detailed implementation process of a method for green Internet access according to Embodiment 2 of the present invention
  • FIG. 2 is a schematic flowchart of a method for green Internet access according to another embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of an apparatus for implementing green Internet access according to Embodiment 3 of the present invention
  • FIG. 5 is a schematic structural diagram of an Internet access control module according to Embodiment 3 of the present invention.
  • FIG. 6 is another schematic structural diagram of an Internet access control module according to Embodiment 3 of the present invention. detailed description
  • FIG. 1 is a schematic diagram of a method for implementing green Internet access according to Embodiment 1 of the present invention, where the method includes the following steps:
  • S12 Identify a service type of the data stream by using a deep packet inspection technology to obtain a service type of the data flow.
  • S13 Perform online control on the service by using a control policy corresponding to a service type of the data stream.
  • the service in the embodiment of the present invention may be an HTTP protocol based on a standard port, an HTTP protocol based on a non-standard port, or an application service capable of accessing the Internet, such as QQ, MSN, online games, and chat tools. Video, PPP download, VOIP, etc. Obtain the data flow of the above various service access networks to process the corresponding data flow and control the service access network.
  • the step S12 in the foregoing embodiment may specifically include: preprocessing the data stream to determine whether the data stream has been identified by a service type; and when the data stream has been identified by a service type, acquiring the data stream. Corresponding service type; when the data stream is not identified by the service type, the service type of the data stream is identified by using a deep packet inspection technology, and the service type corresponding to the data flow is obtained.
  • the deep packet inspection techniques may include: port detection, feature analysis, association recognition, behavior recognition, and depth resolution techniques.
  • the data packet is subjected to deep packet inspection using one or more of the above technologies to implement identification of the data stream service type.
  • the performing depth detection on the data stream includes: performing application layer detection on the data stream, and analyzing various applications of the data stream in the application layer.
  • depth detection takes a data stream as an object.
  • deep detection technology needs to perform application layer analysis.
  • PPP traffic IM (Instant Messaging) traffic
  • VOIP traffic video traffic in HTTP
  • PPP traffic forwarded through HTTP port etc.
  • Control of related business can be deeply detected and analyzed.
  • Step S13 in the above embodiment may specifically include:
  • the control policy corresponding to the service type of the data flow is searched according to the uniform resource locator category of the service, and the service is used to access the service by using the control policy. control.
  • the service type of the data stream is a non-hypertext transfer protocol type
  • the service type is associated with a control policy, and the control policy is used to control the service on the Internet.
  • the control policy can be stored in a database to facilitate searching or modifying the policy.
  • the online control of the service may include: controlling one or more of network access rights, access content, access ports, Internet time, and online time of the service.
  • the network access rights may include allowing access to the network and not allowing access to the network. For example, when you need to control the access time of a service, you can record the time when the service data stream accesses the network. According to the control system, the length of time allowed to access the network is controlled. When the length of the Internet access of the service exceeds the length of time allowed for accessing the Internet, the data flow of the service is prohibited from entering the network.
  • the present embodiment may also have other various control policies, and the policies may be formulated for content such as network access rights, access content, access ports, Internet time, and Internet time.
  • content such as network access rights, access content, access ports, Internet time, and Internet time.
  • the method described in this embodiment searches for a corresponding control policy according to the data flow service type of the software access network, and when the control policy is found to limit the network access rights, The program is restricted from accessing the network, thereby achieving effective control of the QQ software access network.
  • the service type of the data stream is identified by using a deep packet inspection technology, and the service is controlled on the Internet according to the corresponding control policy of the service type, so that a secure green Internet access can be implemented.
  • FIG. 2 is a schematic diagram showing a detailed implementation process of a method for green Internet access according to Embodiment 2 of the present invention, where the specific implementation process includes:
  • S21 When a service needs to access the network, obtain the data flow of the service access network.
  • S22 Perform packet preprocessing on the data stream, parse the data packet below 4 layers, and establish and search the tongue table.
  • step S23 determining whether the data stream has been identified by the service type, and if so, executing step S25; If no, step S24 is performed.
  • S24 Identify a service type of the data flow by using a deep packet inspection technology, and obtain a service type corresponding to the data flow.
  • S26 Determine whether the service type of the data stream is a hypertext transfer protocol.
  • S27 If the service type of the data stream is a hypertext transfer protocol, that is, the service is a browser accessing a website, and then searching for a service type corresponding to the data stream according to the uniform resource locator category of the service. Controlling the policy, and using the control policy to perform online control on the service.
  • a hypertext transfer protocol that is, the service is a browser accessing a website
  • S28 If the service type of the data stream is not a hypertext transfer protocol but other services, such as video, online chat, etc., obtain a control policy associated with the service type of the data flow, and adopt the control policy pair.
  • the service is controlled by the Internet.
  • the process of this embodiment performs the parsing of the service data flow below the 4 layers, and then performs the deep packet inspection, which can effectively detect the application types of various services, facilitate the control of the services according to the relevant control policies, and effectively implement the green Internet access. .
  • the embodiment of the present invention can be implemented by implementing a green Internet access device.
  • the device that implements the green Internet access can be set by bypass or the direct path is set at the exit of the LNS, and the LNS is the access point of the green Internet user on the Internet.
  • Network As shown in Figure 2-A, Figure 2-A provides a schematic flowchart of another embodiment of a method for green Internet access. As shown in Figure 2-A, the method includes:
  • the access packet through the LNS can be copied to the device that implements the green Internet access by means of splitting or mirroring;
  • the network packet passing through the LNS can be directly received.
  • the second layer, the third layer, and the fourth layer protocol may be parsed for the data packet.
  • the source IP address of the data packet may be obtained by using the second, third, and fourth layer protocol headers of the data packet.
  • destination IP, source port and destination port and corresponding transport layer protocol information may be parsed for the data packet.
  • step S210 determining whether a session table corresponding to the data packet is established, if there is a session table corresponding to the data packet, proceeding to step S220, otherwise, proceeding to step S215;
  • the session table includes The quintuple information (source IP address, destination IP address, source port, destination port, and protocol type information) corresponding to the data packet. If the data packet is a new session, the corresponding data packet may not be established.
  • the session table proceeds to step S215.
  • step S215 establishing a session table corresponding to the data packet, proceeding to step S220;
  • the session table corresponding to the data packet may be established according to the quintuple information such as the source IP address, the destination IP address, the source port, the destination port, and the transport layer protocol type in the data packet, thereby establishing and The data stream corresponding to the session table.
  • step S220 determining, according to the tongue table corresponding to the data packet, whether the data stream has been identified by the application protocol type, if the protocol type identification has been passed, proceeding to step S225, otherwise, proceeding to step S230;
  • the application protocol type identifier corresponding to the data flow may be marked on the session table corresponding to the data flow. Therefore, it can be determined according to the session table whether the data flow to which the data packet belongs is identified by the application protocol type. If the application protocol type identification has been passed, the process proceeds to step S225; otherwise, the process proceeds to step S230.
  • step S225 obtaining an application protocol type of the data flow, and proceeding to step S235;
  • the application protocol type of the data flow to which the data packet belongs may be obtained according to the protocol type identifier in the session table.
  • the application protocol types may include Hypertext Transfer Protocol HTTP, File Transfer Protocol FTP, Mail Transfer Protocol SMTP, and 'Telnet' (Telnet).
  • step S230 Perform an application layer protocol identification on the data flow by using a deep packet inspection technology, to obtain the The application protocol type to which the data flow belongs, proceeds to step S235;
  • the deep packet detection technology may include an analytic technique based on a "feature word” identification technology, an application layer gateway identification technology, and a behavior pattern recognition technology.
  • one or more deep packet inspection technologies may be used.
  • the data packet performs deep packet inspection to implement identification of the protocol type of the data flow application. For example, when a data stream is parsed using a "character word” based recognition technology (also known as feature recognition technology), the data stream can be determined by detecting "fingerprint" information in a specific data message in the data stream.
  • the GET field in the HTTP protocol is used as a feature in the preset feature database
  • the keyword feature including the "GET" in the data stream is identified
  • the data stream may be identified as being based on the HTTP protocol. The data stream.
  • step S235 determining whether the application protocol type to which the data flow belongs is a hypertext transmission HTTP protocol, if yes, proceeding to step S240, otherwise, proceeding to step S245;
  • a uniform resource locator URL may be set according to the characteristics of the HTTP protocol in the device that implements the green Internet access.
  • the application protocol can be further determined to be an HTTP protocol, so that the control strategy for the data flow can be quickly obtained according to the preset relationship between the URL and the control policy.
  • the correspondence between the URL and the control policy is taken as an example for description.
  • step S230 may not proceed to step S235 and step S240, and directly proceeds to step S245. .
  • control policy corresponding to the URL type of the data flow may be searched according to a preset correspondence between the preset resource locator URL category and the control policy, and the obtained control policy is obtained.
  • the data flow is controlled slightly to achieve the purpose of quickly controlling the access service. among them,
  • the URL type may include, for example, a malicious website, a violent website, and the like.
  • the corresponding relationship between the URL type and the control policy of the Uniform Resource Locator may be preset in the device that implements the green Internet access, and may update the corresponding relationship according to the update of the URL classification.
  • a correspondence between an application protocol type and a control policy may be preset, for example, a time-sharing control policy of each application protocol type may be set.
  • the control policy can be preset by the operator or preset by the user.
  • the control policy can be used to set the type of website to visit and the time of access.
  • the user can set a control policy such as not being able to access the website of the entertainment category from 8: 00 to 18: 00. It can be understood that, when the control policy is set by the user, the user can obtain the user according to the IP address corresponding to the packet in the data stream, the mapping relationship between the IP and the user, and the correspondence between the application protocol type and the control policy. Control policies that allow for more granular control and management of the data streams that access the website.
  • the data may be obtained by performing deep packet inspection DPI on the data stream in the network access.
  • the application protocol type to which the flow belongs so that the data flow can be correspondingly controlled according to the preset relationship between the application protocol type and the control policy, thereby improving the accuracy and effectiveness of the green Internet access control.
  • the correspondence between the URL type that can be updated and the control policy may be pre-configured, so that the data flow of the HTTP protocol type can be quickly controlled.
  • the control strategy in the embodiment of the present invention can also be set by the user. Therefore, the technical solution described in the embodiment of the present invention can implement finer control and management of the data flow of the visited website.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
  • FIG. 3 is a schematic structural diagram of an apparatus for implementing green Internet access according to Embodiment 3 of the present invention, where the apparatus includes:
  • the data stream obtaining module 31 is configured to acquire a data stream of the service access network when a service needs to access the network;
  • the identifying module 32 is configured to identify, by using a deep packet inspection technology, a service type of the data stream;
  • the Internet access control module 33 is configured to perform online control on the service by using a control policy corresponding to a service type of the data stream.
  • the device can be located in a network access point or it can be a standalone device. Whether the device is integrated in an access point such as a home gateway or router, or as an independent control device, it is required to monitor the data flow of the user accessing the network. Data streams such as PCs, PCs, or servers that access the network need to go through the device and then enter the network.
  • the device identifies the service type by performing deep packet inspection on the data stream, and can effectively implement control of various service access networks. For example, the device that implements the green Internet access acquires the data flow of a service access network. When it is detected that the service is not allowed to access the network, the data flow of the service is not forwarded to the network, and the purpose of prohibiting access to the network is achieved. .
  • the device can control network access rights, access content, access ports, Internet time, and Internet time of various services. For example, when it is necessary to control an access port of a service, information about not allowing access to the port can be set in the device. If the traffic of a service indicates that the service is attempting to access a port that is not allowed to access, then the service data flow is prohibited from being sent to the corresponding port.
  • FIG. 4 is a schematic structural diagram of an identification module 32 according to Embodiment 3 of the present invention, and the identification module 32 may include:
  • the pre-processing unit 321 is configured to perform packet pre-processing on the data stream, and determine that the data stream is Whether it has been identified by business type;
  • the service type obtaining unit 322 is configured to acquire, when the data flow has been identified by the service type, a service type corresponding to the data flow;
  • the identifying unit 323 is configured to: when the data stream is not identified by the service type, use a deep packet inspection technology to identify a service type of the data stream, and obtain a service type corresponding to the data stream.
  • FIG. 5 is a schematic structural diagram of the Internet access control module 33 according to Embodiment 3 of the present invention.
  • the Internet access control module 33 may include:
  • the policy search unit is configured to: when the service type of the data stream is a hypertext transfer protocol type, search for a control policy corresponding to the service type of the data flow according to the uniform resource locator category of the service;
  • the first policy execution unit 332 is configured to use the control policy to perform online control on the service.
  • the Internet access control module can effectively control network access of the browser service.
  • FIG. 6 is a schematic diagram of another structure of the Internet access control module 33 according to Embodiment 3 of the present invention.
  • the Internet access control module 33 may include:
  • the policy obtaining unit 333 is configured to acquire, when the service type of the data stream is a non-hypertext transfer protocol type, a control policy associated with a service type of the data flow;
  • the second policy execution unit 334 is configured to use the control policy to perform online control on the service.
  • the Internet access control module can effectively control network access of non-browser services.
  • the modules or units in the above device embodiments may be either hardware or software; they may be independent modules, or may be split or combined with each other to implement the same functions as the independent modules.
  • the Internet access control module 33 can include a policy search unit 331 and a first policy execution unit 332, and can include a policy acquisition unit 333 and a second policy execution unit 334.
  • the Internet access control module 33 can simultaneously implement the browser.
  • the embodiment of the invention can effectively and flexibly control the Internet access of the standard port, the HTTP protocol for the non-standard port, and the non-HTTP protocol for the Internet access, thereby implementing a secure green Internet access.
  • the above is only a few embodiments of the present invention, and various modifications and changes may be made thereto without departing from the spirit and scope of the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention se rapporte au domaine de la technologie réseau, et ses modes de réalisation concernent un procédé et un appareil destinés à réaliser un accès Internet « vert », le procédé comportant les étapes suivantes : lorsqu'un service requiert un accès au réseau, acquérir le flux de données du réseau d'accès au service ; employer une technologie de contrôle en profondeur des paquets pour identifier le type de service du flux de données et obtenir le type de service du flux de données ; adopter la stratégie de contrôle correspondant au type de service du flux de données pour effectuer le contrôle d'accès Internet du service. La solution technique susmentionnée est capable d'effectuer un contrôle efficace d'accès au réseau pour des services d'accès Internet sous protocole HTTP utilisant des ports standard, des services d'accès Internet sous protocole HTTP utilisant des ports non standard et des services d'accès Internet sous d'autres protocoles qu'HTTP, et de réaliser ainsi un accès Internet « vert » sécurisé.
PCT/CN2010/070980 2009-03-12 2010-03-11 Procédé et appareil pour réaliser un accès internet « vert » WO2010102570A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2009101059976A CN101505236A (zh) 2009-03-12 2009-03-12 一种实现绿色上网的方法和装置
CN200910105997.6 2009-03-12

Publications (1)

Publication Number Publication Date
WO2010102570A1 true WO2010102570A1 (fr) 2010-09-16

Family

ID=40977316

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/070980 WO2010102570A1 (fr) 2009-03-12 2010-03-11 Procédé et appareil pour réaliser un accès internet « vert »

Country Status (2)

Country Link
CN (1) CN101505236A (fr)
WO (1) WO2010102570A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701837A (zh) * 2012-09-27 2014-04-02 中兴通讯股份有限公司 一种点对点协议按需拨号方法及家庭网关
US9179391B2 (en) 2010-12-24 2015-11-03 Huawei Technologies Co., Ltd. Method for offloading processing service, communication apparatus and network system
CN105515790A (zh) * 2015-11-25 2016-04-20 上海市共进通信技术有限公司 基于pon家庭终端实现上网时间控制的方法
CN110995453A (zh) * 2019-12-13 2020-04-10 中电福富信息科技有限公司 基于流量控制的中小学生绿色上网控制管理系统及方法
CN112995065A (zh) * 2019-12-16 2021-06-18 中国移动通信集团湖南有限公司 一种互联网流量控制方法、装置及电子设备
CN114079971A (zh) * 2021-11-17 2022-02-22 中国电信股份有限公司 业务流量管控方法、系统、dpi节点及存储介质

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101505236A (zh) * 2009-03-12 2009-08-12 成都市华为赛门铁克科技有限公司 一种实现绿色上网的方法和装置
CN101951433A (zh) * 2010-09-02 2011-01-19 宇龙计算机通信科技(深圳)有限公司 一种应用程序图标的处理方法、系统及移动终端
CN103516681B (zh) * 2012-06-26 2017-08-18 华为技术有限公司 网络访问控制方法以及装置
CN102833227A (zh) * 2012-07-11 2012-12-19 武汉虹信通信技术有限责任公司 一种无线访问控制器中访问控制列表实现方法和系统
CN104104526A (zh) * 2013-04-01 2014-10-15 深圳维盟科技有限公司 上网行为监控方法、装置和系统
CN104468253B (zh) * 2013-09-23 2019-07-12 中兴通讯股份有限公司 一种深度包检测控制方法及装置
CN104468294A (zh) * 2014-12-01 2015-03-25 上海斐讯数据通信技术有限公司 一种公交车的上网系统
CN106330473A (zh) * 2015-06-15 2017-01-11 中兴通讯股份有限公司 网关管理方法及装置
CN108206788B (zh) * 2016-12-16 2021-07-06 中国移动通信有限公司研究院 一种流量的业务识别方法及相关设备
CN108512720B (zh) * 2018-03-02 2021-01-26 杭州迪普科技股份有限公司 一种网站流量的统计方法及装置
CN109067762B (zh) * 2018-08-29 2020-10-27 深信服科技股份有限公司 一种物联网设备的识别方法、装置及设备
CN111600904B (zh) * 2020-05-29 2022-08-05 福建光通互联通信有限公司 一种绿色上网的方法和存储设备
CN114285819A (zh) * 2021-12-29 2022-04-05 深圳市共进电子股份有限公司 访客网络访问内网方法、装置、计算机设备及介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060123481A1 (en) * 2004-12-07 2006-06-08 Nortel Networks Limited Method and apparatus for network immunization
CN1815971A (zh) * 2005-02-03 2006-08-09 杭州华为三康技术有限公司 基于集中管理分布控制的绿色上网系统及方法
CN101056222A (zh) * 2007-05-17 2007-10-17 华为技术有限公司 一种深度报文检测方法、网络设备及系统
WO2008046326A1 (fr) * 2006-10-18 2008-04-24 Huawei Technologies Co., Ltd. Procédé et système de contrôle de service de réseau
CN101505236A (zh) * 2009-03-12 2009-08-12 成都市华为赛门铁克科技有限公司 一种实现绿色上网的方法和装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060123481A1 (en) * 2004-12-07 2006-06-08 Nortel Networks Limited Method and apparatus for network immunization
CN1815971A (zh) * 2005-02-03 2006-08-09 杭州华为三康技术有限公司 基于集中管理分布控制的绿色上网系统及方法
WO2008046326A1 (fr) * 2006-10-18 2008-04-24 Huawei Technologies Co., Ltd. Procédé et système de contrôle de service de réseau
CN101056222A (zh) * 2007-05-17 2007-10-17 华为技术有限公司 一种深度报文检测方法、网络设备及系统
CN101505236A (zh) * 2009-03-12 2009-08-12 成都市华为赛门铁克科技有限公司 一种实现绿色上网的方法和装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YDN 138-2006:TECHNICAL REQUIREMENTS OF INTERNET PARENTAL CONTROL SOFTWARE BASED ON PC, 16 August 2006 (2006-08-16) *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9179391B2 (en) 2010-12-24 2015-11-03 Huawei Technologies Co., Ltd. Method for offloading processing service, communication apparatus and network system
CN103701837A (zh) * 2012-09-27 2014-04-02 中兴通讯股份有限公司 一种点对点协议按需拨号方法及家庭网关
CN105515790A (zh) * 2015-11-25 2016-04-20 上海市共进通信技术有限公司 基于pon家庭终端实现上网时间控制的方法
CN110995453A (zh) * 2019-12-13 2020-04-10 中电福富信息科技有限公司 基于流量控制的中小学生绿色上网控制管理系统及方法
CN112995065A (zh) * 2019-12-16 2021-06-18 中国移动通信集团湖南有限公司 一种互联网流量控制方法、装置及电子设备
CN112995065B (zh) * 2019-12-16 2022-06-17 中国移动通信集团湖南有限公司 一种互联网流量控制方法、装置及电子设备
CN114079971A (zh) * 2021-11-17 2022-02-22 中国电信股份有限公司 业务流量管控方法、系统、dpi节点及存储介质

Also Published As

Publication number Publication date
CN101505236A (zh) 2009-08-12

Similar Documents

Publication Publication Date Title
WO2010102570A1 (fr) Procédé et appareil pour réaliser un accès internet « vert »
US11916933B2 (en) Malware detector
US10505985B1 (en) Hostname validation and policy evasion prevention
JP6006788B2 (ja) ドメイン名をフィルタリングするためのdns通信の使用
US20190075049A1 (en) Determining Direction of Network Sessions
US7650634B2 (en) Intelligent integrated network security device
EP1873992B1 (fr) Classification de paquets dans un dispositif de sécurité de réseau
US20060064469A1 (en) System and method for URL filtering in a firewall
US20080184357A1 (en) Firewall based on domain names
US20070234414A1 (en) Firewall control system based on a next generation network service and method thereof
US20170032147A1 (en) Obscuring user web usage patterns
WO2014187238A1 (fr) Procédé d'identification de type d'application et dispositif de réseau
US20120030351A1 (en) Management server, communication cutoff device and information processing system
US20080104688A1 (en) System and method for blocking anonymous proxy traffic
JP4550145B2 (ja) アクセス制御のための方法、装置、およびコンピュータ・プログラム
RU2601147C2 (ru) Система и способ выявления целевых атак
KR20070079781A (ko) 하이퍼 텍스터 전송규약 요청 정보 추출을 이용한침입방지시스템 및 그를 이용한 유알엘 차단방법
WO2016201780A1 (fr) Procédé et appareil de gestion de passerelle
US10462106B2 (en) Software defined network routing for secured communications and information security
JP6623702B2 (ja) ネットワーク監視装置及びネットワーク監視装置におけるウイルス検知方法。
Cisco Controlling Network Access and Use
Cisco Controlling Network Access and Use
JP6114204B2 (ja) 通信システム、フィルタリング装置、フィルタリング方法およびプログラム
RU2599949C1 (ru) Способ фильтрации потока нттр-пакетов на основе пост-анализа запросов к интернет-ресурсу и устройство фильтрации для его реализации
CN111669376B (zh) 一种内网安全风险识别的方法和装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10750366

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10750366

Country of ref document: EP

Kind code of ref document: A1