WO2014025225A1 - Appareil pour détecter un modèle de données par paquets d'une application - Google Patents

Appareil pour détecter un modèle de données par paquets d'une application Download PDF

Info

Publication number
WO2014025225A1
WO2014025225A1 PCT/KR2013/007192 KR2013007192W WO2014025225A1 WO 2014025225 A1 WO2014025225 A1 WO 2014025225A1 KR 2013007192 W KR2013007192 W KR 2013007192W WO 2014025225 A1 WO2014025225 A1 WO 2014025225A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
event
information
packet data
packet
Prior art date
Application number
PCT/KR2013/007192
Other languages
English (en)
Korean (ko)
Inventor
차양명
Original Assignee
주식회사 아이디어웨어
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 아이디어웨어 filed Critical 주식회사 아이디어웨어
Publication of WO2014025225A1 publication Critical patent/WO2014025225A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/20Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel

Definitions

  • the present invention is to detect the packet pattern information according to the network use of the application provided in the wireless terminal device for reducing the wireless network load.
  • mobile traffic is expected to increase by about 26 times over the next 10 to 15 years, and the amount of mobile data used by individuals in 2010 was 15MB, but in 2020 It can reach 1GB.
  • periodic data polling of various applications installed in a wireless terminal device is a major factor in mobile network congestion.
  • An object of the present invention for solving the above problems is, after outputting one or more application list and the application file list provided in the wireless terminal device, and receives the analysis target application from the user, the application of the application file for the selected application After extracting the character string, the analysis result information is extracted by extracting analysis result information including one or more IP information, domain name information, and monitoring object API usage status information to which the application accesses through pattern analysis of the extracted character string.
  • the present invention provides a device that can provide basic data that can block unnecessary network access to applications provided in a wireless terminal device.
  • Still another object of the present invention is to output one or more event types to be generated in a wireless terminal device, and then select one or more events to be generated in the wireless terminal device from a user, and remotely select the selected event to occur in the wireless terminal device.
  • the external transmission / reception packet data is generated in response to the event occurrence in one or more applications provided in the wireless terminal device, the packet data or packet data information is received from the wireless terminal device, and the received packet is controlled.
  • Still another object of the present invention is to generate the packet blocking rule for each application, and further control the blocking of external transmission of packet data through one or more applications provided in the wireless terminal device in response to the packet blocking rule for each application.
  • the packet data or packet data information is received from the wireless terminal device, and the received packet data or packet data information is received. Is stored on the storage medium by connecting the application information generating the packet data and external transmission blocking information of the packet data through the application, and then analyzes the packet data or packet data information stored on the storage medium to determine the application-specific packet.
  • the present invention provides an apparatus and method for providing basic data that can solve unnecessary network resource waste, and a recording medium therefor.
  • the apparatus for detecting an application packet data pattern outputs one or more application lists and application file lists included in a wireless terminal device, and then selects an analysis target application from a user, and outputs a string of an application file for the selected application. After extracting, extract analysis result information including one or more IP information, domain name information, and monitoring target API usage status information through the pattern analysis of the extracted character string, and stores the extracted analysis result information.
  • An application detection module for storing on a medium, and controlling one or more events to be generated in the wireless terminal device to be generated in the wireless terminal device, and in response to the occurrence of the event in one or more applications provided in the wireless terminal device.
  • An event generation module that receives the packet data or packet data information from the wireless terminal device, and analyzes the received packet data or packet data information to derive packet pattern information for each application per event when kit data is generated; Generate a packet data blocking rule for one or more applications provided in the wireless terminal device, control the remotely applied packet data blocking rule to the wireless terminal device, and transmit the packet data externally to the one or more applications. Receiving packet data or packet data information generated by the wireless terminal device in response to the blocking, packet blocking for deriving packet pattern information for each application corresponding to a packet blocking rule by analyzing the received packet data or packet data information. With module do.
  • the application detection module, the binary format files of the wireless terminal device to compile the intermediate language or high-level language, and then scan the source of the compiled intermediate or high-level language is fixed to the source IP information, port information and domain name information of the server used by the application can be extracted.
  • the application detection module after compiling the binary format file of the wireless terminal device to compile the intermediate language or high-level language, and scan the source of the compiled intermediate or high-level language fixed to the source Extract IP information, port information, and domain name information of a server used by the application, but in the case of domain name information, an additional IP may be extracted by querying the ISP's domain servers.
  • the event may include an application install / uninstall operation occurrence event, a specific application execution event, a restart package event, a touch event occurrence event, an H / W key event occurrence event, an LCD on / off Function event, Lock screen unlock function event, WiFi On / Off function event, 3G network On / Off function event, Bluetooth On / Off function event, GPS operation On / Off (can include location search start / end) Event, Camera On / Off event, External Storage Read / Write event, Garbage collection occurrence event, SMS notify message occurrence event, Alarm occurrence event, Vibration occurrence event, System time change event, Wireless terminal device It may include a status update command occurrence event and one or more System Setting Read / Write event, the packet pattern information, the event-specific or packet blocking rule application Access information to a specific IP or port or URL, and information on the number of times to connect to a specific IP or port or URL to an application by event or packet blocking rule And information on polling count requesting data by IP or port or URL by
  • To request and receive information may include one or more.
  • Another effect according to an aspect of the present invention it is possible to minimize the network capacity of the mobile communication provider through the optimization of the network use.
  • Another effect according to an aspect of the present invention by minimizing the dissatisfaction of the user of the wireless terminal device due to data communication delay, etc. through the optimization of the network use can significantly reduce the battery consumption of the wireless terminal device.
  • FIG. 1 is a diagram illustrating a mobile (wireless) data traffic indicator.
  • FIG. 2 is a diagram illustrating one of the main factors of the conventional mobile network congestion.
  • FIG. 3 is a diagram illustrating the main components of an apparatus for detecting an application packet data pattern according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating main components of an application detection module according to an embodiment of the present invention.
  • FIG. 5 is a diagram illustrating main components of an event generation module according to an embodiment of the present invention.
  • FIG. 6 is a view showing the main components of a packet blocking module according to an embodiment of the present invention.
  • FIG. 7 is a diagram illustrating an example of outputting an application list screen according to an embodiment of the present invention.
  • FIG. 8 is a diagram showing an example of an analysis result information output screen according to an embodiment of the present invention.
  • FIG. 9 is a diagram illustrating an example of an analysis result information storage and transmission screen according to an embodiment of the present invention.
  • FIG. 10 is a diagram illustrating an example of outputting an event setting screen according to an embodiment of the present invention.
  • FIG. 11 is a diagram illustrating an example of recording a user event according to an embodiment of the present invention.
  • FIG. 12 is a diagram illustrating an example of a packet flow output screen of an application according to an embodiment of the present invention.
  • FIG. 13 is a diagram illustrating an example of a packet blocking rule setting screen of an application according to an embodiment of the present invention.
  • FIG. 14 is a diagram illustrating a process for detecting an application according to an embodiment of the present invention.
  • 15 is a diagram illustrating a process for detecting an application packet pattern corresponding to an event according to an embodiment of the present invention.
  • 16 is a diagram illustrating a process for detecting an application packet pattern corresponding to a packet blocking rule according to an embodiment of the present invention.
  • FIG. 3 is a diagram illustrating a main component of the apparatus 100 for detecting an application packet data pattern according to an embodiment of the present invention.
  • an application packet data pattern detection apparatus 100 is connected to an analysis wireless terminal device 200 through a communication network or a network, and according to the network use of an application provided in the wireless terminal device 200.
  • a configuration for detecting pattern information is shown.
  • FIG. 3 is merely a configuration for describing an embodiment of the present invention, and the present invention is not limited to the technical features only by the implementation method shown in FIG. 3.
  • an application packet data pattern detection apparatus 100 includes an application detection module 10, an event generation module 20, and a packet blocking module 30. do.
  • the application packet data pattern detection apparatus 100 is illustrated as a single device in the drawings for the purpose of describing the embodiments, but each of the components may be separately configured into one or more devices.
  • the application detection module 10 outputs one or more application lists and application file lists included in the wireless terminal device 200, selects an analysis target application from a user, and then selects an application to be analyzed. Extract the character string of the application file, and extracts analysis result information including one or more IP information, domain name information, and monitoring target API usage status information through the pattern analysis of the extracted character string; It stores the extracted analysis result information on the storage medium 16.
  • the application detection module 10 after compiling the binary format file of the wireless terminal device 200 to compile the intermediate language or high-level language, and then the source of the compiled intermediate language or high-level language By scanning, the server extracts IP information, port information, and domain name information used by the application fixed to the source.
  • the application detection module 10 decompiles the binary format file of the wireless terminal device 200 to compile the intermediate language or the high-level language, and then scans the source of the compiled intermediate or high-level language. Extract IP information, port information, and domain name information of a server used by an application fixed to. However, in the case of domain name information, additional IPs can be extracted by querying ISP's domain servers.
  • the event generation module 20 controls the one or more events to be generated in the wireless terminal device 200 to be generated in the wireless terminal device 200, and is provided in the wireless terminal device 200.
  • the packet data or packet data information is received from the wireless terminal device 200 and the received packet data or packet data information is analyzed. It derives the packet pattern information for each application by event.
  • the event may include an application install / uninstall operation occurrence event, a specific application execution event, a restart package event, a touch event occurrence event, an H / W key event occurrence event, an LCD on / off function event, and a lock. screen release function event, WiFi On / Off function event, 3G network On / Off function event, Bluetooth On / Off function event, GPS operation On / Off (including location search start / end) event, Camera On / Off event, External Storage Read / Write event, Garbage collection occurrence event, SMS notify message occurrence event, Alarm occurrence event, Vibration occurrence event, System time change event, Wireless terminal device 200 status update It may include one or more command generation events and one or more System Setting Read / Write events.
  • Packet blocking module 30 generates a packet data blocking rule for one or more applications provided in the wireless terminal device 200, the remotely generated packet data blocking rule is the wireless After receiving the packet data or packet data information generated in the wireless terminal device 200 in response to the control to be applied to the terminal device 200, the external transmission of packet data for the one or more applications, the received packet It analyzes the data or packet data information to derive packet pattern information for each application corresponding to the packet blocking rule.
  • the packet pattern information derived by the event generation module 20 and the packet blocking module 30 is connected to a specific IP (IP) or port (URL) or URL (URL) for each application per event or packet blocking rule.
  • IP IP
  • URL IP
  • URL URL
  • FIG. 4 is a diagram illustrating the main components of the application detection module 10 according to the embodiment of the present invention.
  • FIG. 4 illustrates that the application detection module 10 is connected to the analysis wireless terminal device 200 through a communication network or a network, and access IP information and domain name information for each application provided in the wireless terminal device 200. And, it shows a configuration for detecting the analysis result information including one or more monitoring status information API usage information.
  • FIG. 4 is merely a configuration for describing an embodiment of the present invention, and the present invention is not limited to the technical features only by the implementation method shown in FIG. 4.
  • an application detecting apparatus 100 includes a management unit 11, an interface unit 13, an analysis unit 14, a storage unit 15, and a storage medium. 16, the communication part 17, and the control part 11 for controlling each said structure part is comprised.
  • the management unit 11 manages an application list, an application file list, an application version, and an upgrade provided in the wireless terminal device 200.
  • the management unit 11 manages a list of one or more analysis target applications provided in the wireless terminal device 200 for analysis and whether the version upgrade is changed for each application.
  • the communication unit 17 receives one or more application lists and application file lists included in the wireless terminal device 200 managed by the management unit 11 from the wireless terminal device 200. It plays a role.
  • the communication unit 17 may further perform a role of transmitting the analysis result information extracted by the analysis unit 14 to the server on the communication network, the application detection module 10 and the wireless terminal device 200 outside the role. Role of transmitting / receiving data or information between the terminals), transmitting / receiving data or information between the application detection module 10 and a server on a communication network, and between a computer that remotely controls the application detection module 10 and the application detecting apparatus 100 remotely. It also performs the role of transmitting and receiving data or information.
  • the interface unit 13 outputs one or more application lists and application file lists included in the wireless terminal device 200 managed by the management unit 11, and then analyzes the analysis targets from the user. It plays the role of selecting an application.
  • FIG. 7 is a diagram illustrating an example of outputting an application list screen according to an exemplary embodiment of the present invention, wherein a list and a file list of applications included in the wireless terminal device 200 are displayed on the screen through the interface unit 13. After output, it shows that the user can select one or more applications or application files to be analyzed.
  • the analysis unit 14 extracts a string of an application file for the selected application through the interface unit 13, and then analyzes the IP information to which the application accesses through pattern analysis of the extracted string. It extracts the analysis result information including one or more domain name information and monitoring object API usage status information.
  • the monitoring target API usage status can be expanded and changed as specified as the monitoring target among the APIs used in Android (language format used for communication between the operating system and the App). Can be
  • the API is a method such as getSystemService () getDeviced () getSubscribed () to grasp the usage and frequency of APIs that cause signal congestion and traffic congestion in the wireless network, such as frequently calling networks. It can be used for future suspension recommendations or management.
  • the analysis unit 14 after compiling a binary format file of the wireless terminal device 200 to compile the intermediate language or high-level language, and scans the source of the compiled intermediate language or high-level language IP information, port information and domain name information of the server used by the application fixed to the source can be extracted.In the case of domain name information, additional IPs can be extracted by querying the ISP's domain servers. .
  • FIG. 8 is a view showing an example of an analysis result information output screen according to an embodiment of the present invention, IP information and domain name information of the 'KakaoTalk' application among the applications provided in the wireless terminal device 200; And output the analysis result of the analysis unit 14 including the monitoring target API information on the screen.
  • the storage unit 15 stores the analysis result information extracted by the analysis unit 14 on the storage medium 16.
  • the storage unit 15 stores the analysis result information in connection with the analysis target application information, and accumulates or changes the updated information whenever an analysis result of the analysis target application occurs. Can be.
  • the analysis result information the number of times per hour that the application is connected to a specific IP (IP) or port (Port) or URL (URL), and the application is a specific IP (IP) or port (Port) or UAL ( Polling count information requesting data through URL), Push count information sending data to the specific IP or port or URL or ID.
  • IP IP
  • Port Port
  • UAL Polling count information requesting data through URL
  • Push count information sending data to the specific IP or port or URL or ID.
  • receiving information and one or more data communication connection information when the application exceeds a data communication limit allocated to the wireless terminal device 200.
  • the storage medium 16 is a medium for storing one or more analysis target application information and analysis result information corresponding thereto, which are stored through the storage unit 15, and the application detection module 10. ) Or on a server or computer connected to the application detection module 10 by a communication network or a network.
  • FIG. 5 is a diagram illustrating the main components of the event generation module 20 according to the embodiment of the present invention.
  • FIG. 5 illustrates that the event generation module 20 is connected to the analysis wireless terminal device 200 through a communication network or a network, corresponding to one or more events generated by the wireless terminal device 200.
  • the configuration of detecting the packet pattern information according to the network use of the application provided in (200) is shown.
  • FIG. 5 is only a configuration for describing an embodiment of the present invention, and the present invention is not limited to the technical features only by the implementation method shown in FIG. 5.
  • the event generating module 20 includes an interface unit 22, an event control unit 23, a communication unit 24, a storage unit 25, and a storage medium. (26), the analysis part 27, and the control part 21 for controlling each said structure part is comprised.
  • the interface unit 22 outputs one or more types of events to be generated in the wireless terminal device 200, and then selects one or more events to be generated in the wireless terminal device 200 from the user. Do this.
  • the interface unit 22 outputs one or more application lists and application file lists included in the wireless terminal device 200, and then selects an analysis target application from a user and the application for each event. It may further perform the role of outputting the packet pattern information for each screen.
  • the event may include an application install / uninstall operation occurrence event, a specific application execution event, a restart package event, a touch event occurrence event, an H / W key event occurrence event, an LCD on / off function event, and a lock. screen release function event, WiFi On / Off function event, 3G network On / Off function event, Bluetooth On / Off function event, GPS operation On / Off (including location search start / end) event, Camera On / Off event, External Storage Read / Write event, Garbage collection occurrence event, SMS notify message occurrence event, Alarm occurrence event, Vibration occurrence event, System time change event, Wireless terminal device 200 status update
  • One or more command generation events, a System Setting Read / Write event, and an external packet transmission / reception event may be included.
  • FIG. 10 is a diagram illustrating an example of outputting an event setting screen according to an embodiment of the present invention, and may sequentially or randomly set various events to be generated in the wireless terminal device 200 through the interface unit 22. Make sure
  • FIG. 11 is a diagram illustrating an example of recording a user event according to an exemplary embodiment of the present invention.
  • FIG. 11 illustrates an event record of touching a coordinate of 100,200 while dragging from a 100,500 coordinate to a 400.500 coordinate while performing a 'Touch event' among user events. And storing the event record on storage medium 26.
  • the event controller 23 performs a role of controlling the event selected through the interface unit 22 to be generated in the wireless terminal device 200.
  • the event controller 23 the selected event using the API (Application Programming Interface) of the operating system (OS) provided in the wireless terminal device 200 in the wireless terminal device 200 It can be remotely controlled to generate.
  • API Application Programming Interface
  • the event controller 23 may further play a role of controlling the external transmission blocking of packet data through one or more applications provided in the wireless terminal device 200.
  • Communication unit 24 when the external transmission and reception packet data in response to the occurrence of the event in one or more applications provided in the wireless terminal device 200, from the wireless terminal device 200 It serves to receive the packet data or packet data information.
  • the communication unit 24 may further receive event data corresponding to the packet data or the packet data information received from the wireless terminal device 200, and the event control unit 23, the wireless terminal device ( In the case of controlling external transmission blocking of packet data through at least one application provided in 200, when external transmission / reception packet data through the application occurs after blocking external transmission of packet data for the application, the wireless terminal device ( 200 may further perform the role of receiving the packet data or packet data information.
  • the communication unit 24 transmits the external application blocking information of the application-specific packet data corresponding to the application-specific packet pattern information detected by the analysis unit 27 and the external transmission blocking of the packet data through the application. It may further perform the role of transmitting the target packet pattern information to the server on the communication network, the role of transmitting and receiving data or information between the event generating module 20 and the wireless terminal device 200 and the event generating module 20 It further performs the role of transmitting and receiving data or information between the server on the communication network, and the data or information transmission and reception between the event generating module 20 and the computer that controls the event generating module 20 from a remote location.
  • the storage unit 25 connects the packet data or the packet data information received by the communication unit 24 with the application information generating the packet data and the information on the event to store the storage medium 26. ) To save on.
  • the storage unit 25 may configure the order of occurrence of the selected events through the interface and store them in the storage medium 26, through one or more applications provided in the wireless terminal device 200.
  • the packet data or packet data information received by the communication unit 24 is connected with application information generating the packet data and external transmission blocking information of packet data through the application.
  • the storage medium 26 may be stored.
  • the storage unit 25 is external to the external transmission blocking information of the application-specific packet data corresponding to the application-specific packet pattern information for each event detected by the analysis unit 27 and blocking the external transmission of packet data through the application.
  • the transmission target packet pattern information may be further stored on the storage medium 26.
  • the storage medium 26 may include one or more analysis target application information stored through the storage unit 25, one or more event information applied to the application, and an event-specific application corresponding to the event, respectively.
  • a medium for storing the packet pattern information for each star it may be provided in the event generating module 20 or on a server or a computer connected to the event generating module 20 by a communication network or a network.
  • the analysis unit 27 analyzes packet data or packet data information stored on the storage medium 26 to derive packet pattern information for each application by event.
  • the external transmission target packet pattern information for each application by event is information on the packet transmission / reception pattern for each application provided in the wireless terminal device 200 in response to each event occurrence.
  • ID IP
  • the analyzer 27 is stored in the storage medium 26 when the event is an external transmission blocking event of packet data through at least one application provided in the wireless terminal device 200.
  • the application information generating the packet data and the external transmission blocking information of the packet data through the application may be analyzed to detect external transmission target packet pattern information for each external transmission blocking information of the application-specific packet data.
  • all or part of the functions of the respective components provided in the event generating module 20 may be implemented in the form of a program or a program set.
  • packet data blocking and packet pattern information derivation functions according to packet data blocking may be replaced by a function of a component of the following packet blocking module 30.
  • functions related to deriving packet pattern information according to packet data blocking and packet data blocking may be excluded.
  • FIG. 6 is a diagram showing the main components of the packet blocking module 30 according to the embodiment of the present invention.
  • the packet blocking module 30 is connected to the analysis wireless terminal device 200 through a communication network or a network, and corresponds to one or more packet blocking generated by the wireless terminal device 200.
  • the configuration of detecting packet pattern information according to a network use of an application provided in 200 is illustrated.
  • FIG. 6 is merely a configuration for describing an embodiment of the present invention, and the present invention is not limited to the technical features only by the implementation method shown in FIG. 6.
  • the application packet pattern detecting apparatus 100 corresponding to packet blocking according to an embodiment of the present invention includes an interface unit 32, a packet blocking control unit 34, a communication unit 35, and a storage unit.
  • the unit 36 includes a storage medium 37, an analyzer 38, a generator 33, and a controller 31 for controlling each of the components.
  • the interface unit 32 performs a role of selecting a packet data blocking target application and a packet data blocking item among one or more applications included in the wireless terminal device 200.
  • the interface unit 32 outputs one or more application lists and application file lists included in the wireless terminal device 200, and then selects an analysis target application from a user and the packet blocking.
  • the packet pattern information for each application may be output on the screen.
  • the generation unit 33 is based on the packet data blocking target application and the packet data blocking item selected through the interface unit 32, and at least one application provided in the wireless terminal device 200. It creates a packet data blocking rule for.
  • the packet data blocking rule may include one or more specific IP / Port or domain access blocking rules of a specific application and one or more specific packet transmission / reception blocking rules.
  • FIG. 12 and 13 illustrate examples of setting a packet blocking rule through the generation unit 33.
  • a user confirms a packet flow of a specific application by outputting a packet data flow screen for a specific application.
  • a user interface may be provided to a user to block specific packet data of the application, and the packet data flow blocking state may be illustrated and output to the user.
  • the packet blocking control unit 34 performs a role of controlling the packet data blocking rule generated by the generation unit 33 to be applied to the wireless terminal device 200 remotely.
  • the packet blocking control unit 34, the selected packet blocking rule using the API (Application Programming Interface) of the operating system (OS) provided in the wireless terminal device 200 is the wireless terminal device ( Can be remotely generated to occur at 200).
  • the communication unit 35 performs a role of receiving packet data or packet data information generated in the wireless terminal device 200 in response to blocking transmission of packet data to the one or more applications. .
  • the communication unit 35 may further receive packet blocking rule information corresponding to the packet data or the packet data information received from the wireless terminal device 200, and wirelessly with the non-role packet blocking module 30.
  • the role of transmitting and receiving data or information between the terminal device 200, the role of transmitting and receiving data or information between the packet blocking module 30 and the server on the communication network, the packet blocking module 30 and the packet blocking module 30 from a remote location It also plays a role of transmitting and receiving data or information between computers.
  • the storage unit 36 connects the packet data or the packet data information received by the communication unit 35 with the application information generating the packet data and the packet blocking rule information. ) To save on.
  • the storage medium 37 may correspond to one or more analysis target application information stored through the storage unit 36, one or more packet blocking rule information applied to the application, and the packet blocking, respectively.
  • the packet blocking module 30 may be provided in the packet blocking module 30 or on a server or a computer connected to the packet blocking module 30 through a communication network or a network.
  • the analysis unit 38 analyzes packet data or packet data information stored on the storage medium 37 to derive packet pattern information for each application corresponding to a packet blocking rule. .
  • the external transmission target packet pattern information for each packet blocking application is information on packet transmission / reception patterns for each application provided in the wireless terminal device 200 corresponding to each packet blocking rule.
  • the data communication connection information may include one or more data communication connection information.
  • all or part of the functions of the respective components provided in the packet blocking module 30 may be implemented in the form of a program or a program set.
  • FIG. 14 is a diagram illustrating a process for detecting an application according to an embodiment of the present invention.
  • the application detection module 10 receives at least one list of applications and a list of application files included in the analysis wireless terminal device 200 through the communication unit 17 from the wireless terminal device 200 (S1410). .
  • the application detection module 10 outputs one or more application lists and application file lists received by the communication unit 17 through the interface unit 13, and receives an analysis target application from the user (S1420).
  • the application detection module 10 extracts a string of an application file for the application selected by the interface unit 13 through the analysis unit 14 (S1430), and then accesses the application through pattern analysis of the extracted string.
  • the analysis result information including one or more IP information, domain name information, and monitoring target API usage status information is extracted (S1440).
  • the application detection module 10 stores the information.
  • the analysis result information is stored on the storage medium 16 through the unit 15 and the communication unit 17, and the analysis result information is transmitted to a server on a communication network (S1460).
  • step S1440 the application detection module 10 ) Repeats the process (S1440), repeats the process (S1410) to (S1440), or terminates the application detection process.
  • 15 is a diagram illustrating a process for detecting an application packet pattern corresponding to an event according to an embodiment of the present invention.
  • the event generation module 20 outputs one or more types of events to be generated in the wireless terminal device 200 through the interface unit 22 (S1510), and then generates one or more events to be generated in the wireless terminal device 200 from the user.
  • the event is selected (S1520).
  • the event generation module 20 controls the event selected by the interface unit 22 through the event controller 23 to be generated in the wireless terminal device 200 (S1530).
  • the event generation module 20 monitors whether external transmission / reception packet data is generated in response to the event occurrence in one or more applications provided in the wireless terminal device 200 (S1540).
  • the event generation module 20 performs the step S1540. Repeat.
  • step S1540 when external transmission / reception packet data is generated in response to the occurrence of an event in one or more applications provided in the wireless terminal device 200 (S1560), the event generation module 20 communicates through the communication unit 24.
  • the packet data or packet data information is received from the wireless terminal device 200 (S1570).
  • the event generation module 20 connects the packet data or the packet data information received by the communication unit 24 through the storage unit 25 with the application information generating the packet data and the information on the event to store the storage medium.
  • the process is performed on the storage device 26.
  • the event generation module 20 analyzes packet data or packet data information stored on the storage medium 26 through the analyzer 27 to derive packet pattern information for each application per event (S1590).
  • 16 is a diagram illustrating a process for detecting an application packet pattern corresponding to a packet blocking rule according to an embodiment of the present invention.
  • the packet blocking module 30 receives a packet data blocking target application and a packet data blocking item among one or more applications provided in the wireless terminal 200 through the interface unit 32 (S1610).
  • the packet blocking module 30 is one provided in the wireless terminal device 200 based on the packet data blocking target application and the packet data blocking item selected through the interface unit 32 through the generation unit 33.
  • a packet data blocking rule for the above application is generated (S1620).
  • the packet blocking module 30 corresponds to a packet blocking rule for each application generated by the generation unit 33 through a packet blocking control unit 34, and thus, the packet through one or more applications provided in the wireless terminal device 200. External transmission and reception of data is blocked (S1630).
  • the packet blocking module 30 corresponds to blocking external transmission / reception of packet data through one or more applications provided in the wireless terminal device 200, and externally through one or more applications provided in the wireless terminal device 200. It is monitored whether transmission / reception packet data occurs (S1640).
  • step S1640 when external transmission / reception packet data does not occur in response to blocking external transmission / reception of the packet data in one or more applications provided in the wireless terminal device 200 (S1650), the packet blocking module 30 The process (S1640) is repeated.
  • the packet blocking module 30 may include a communication unit.
  • the packet data or packet data information is received from the wireless terminal device 200 through 35 (S1670).
  • the packet blocking module 30 connects the packet data or the packet data information received by the communication unit 35 through the storage unit 36 with the application information generating the packet data and the packet blocking rule information.
  • the process is stored on (37).
  • the packet blocking module 30 analyzes packet data or packet data information stored on the storage medium 37 through the analyzing unit 38 to derive packet pattern information for each application according to the packet blocking rule (S1690).
  • the present invention described above may be stored in a computer-readable recording medium produced as a program for execution in a computer, and examples of the computer-readable recording medium include ROM, RAM, CD-ROM, magnetic tape, Floppy disks, optical data storage, and the like, and also include those implemented in the form of carrier waves (eg, transmission over the Internet).
  • the computer readable recording medium can be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
  • functional programs, codes, and code segments for implementing the control method can be easily inferred by programmers in the art to which the present invention belongs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un appareil permettant la détection d'un modèle de données par paquets d'une application, comprenant : un module de détection d'application conçu pour délivrer en sortie une liste d'applications et/ou une liste de fichiers d'application fournie à un dispositif terminal sans fil, pour permettre à un utilisateur de sélectionner une application à analyser, pour extraire la chaîne de caractères du fichier de l'application sélectionnée, pour extraire, par une analyse du modèle de la chaîne de caractères extraite, des informations de résultat d'analyse comportant des informations sur le protocole IP avec lequel l'application se connecte, des informations de nom de domaine et/ou des informations d'utilisation d'API surveillée, et pour stocker les informations de résultat d'analyse extraites dans un support de stockage ; un module de génération d'événement conçu pour commander le dispositif terminal sans fil afin de générer un ou plusieurs événements qui doivent être générés par le dispositif terminal sans fil, pour recevoir, si une ou plusieurs applications fournies au dispositif terminal sans fil génèrent des données par paquets à transmettre à l'extérieur en correspondance avec la génération de l'événement, les données par paquets ou les informations des données par paquets du dispositif terminal sans fil, et pour analyser les données par paquets reçues ou les informations de données par paquets reçues afin d'acquérir des informations de modèle de paquet pour chaque événement et pour chaque application ; et un module d'interception de paquet conçu pour générer une règle d'interception de données par paquets pour une ou plusieurs applications fournies au dispositif terminal sans fil, pour commander, depuis un emplacement distant, la règle d'interception de données par paquets générée à appliquer au dispositif terminal sans fil, pour recevoir les données par paquets ou les informations de données par paquets générées par le dispositif terminal sans fil en correspondance avec l'interception de la transmission externe des données par paquets de ladite une ou desdites plusieurs applications, et pour analyser les données par paquets reçues ou les informations de données par paquets reçues afin d'acquérir des informations de modèle de paquet pour chaque application correspondant à la règle d'interception de paquet.
PCT/KR2013/007192 2012-08-10 2013-08-09 Appareil pour détecter un modèle de données par paquets d'une application WO2014025225A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2012-0087786 2012-08-10
KR1020120087786A KR20140021774A (ko) 2012-08-10 2012-08-10 애플리케이션 패킷 데이터 패턴 검출 장치

Publications (1)

Publication Number Publication Date
WO2014025225A1 true WO2014025225A1 (fr) 2014-02-13

Family

ID=50068384

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/007192 WO2014025225A1 (fr) 2012-08-10 2013-08-09 Appareil pour détecter un modèle de données par paquets d'une application

Country Status (2)

Country Link
KR (1) KR20140021774A (fr)
WO (1) WO2014025225A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107787003A (zh) * 2016-08-24 2018-03-09 中兴通讯股份有限公司 一种流量检测的方法和装置

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101869377B1 (ko) * 2016-06-17 2018-06-20 한국과학기술원 네트워크 시그너처들 사이 또는 시그너처 페어들 사이의 의존도를 분석하는 기계어 분석 장치 및 기계어 분석 방법

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100614775B1 (ko) * 2004-08-20 2006-08-22 (주)한드림넷 네트워크 보호 장치 및 방법
US20080259852A1 (en) * 2005-03-07 2008-10-23 France Telecom Mobility Manager
KR101111099B1 (ko) * 2004-09-09 2012-02-17 아바야 테크놀러지 코퍼레이션 네트워크 트래픽 보안 방법들 및 시스템들
US20120131095A1 (en) * 2010-11-22 2012-05-24 Michael Luna Optimization of resource polling intervals to satisfy mobile device requests
KR20120056296A (ko) * 2009-09-18 2012-06-01 알까뗄 루슨트 적응성 트래픽 및 간섭 인지 무선 리소스 관리

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100614775B1 (ko) * 2004-08-20 2006-08-22 (주)한드림넷 네트워크 보호 장치 및 방법
KR101111099B1 (ko) * 2004-09-09 2012-02-17 아바야 테크놀러지 코퍼레이션 네트워크 트래픽 보안 방법들 및 시스템들
US20080259852A1 (en) * 2005-03-07 2008-10-23 France Telecom Mobility Manager
KR20120056296A (ko) * 2009-09-18 2012-06-01 알까뗄 루슨트 적응성 트래픽 및 간섭 인지 무선 리소스 관리
US20120131095A1 (en) * 2010-11-22 2012-05-24 Michael Luna Optimization of resource polling intervals to satisfy mobile device requests

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107787003A (zh) * 2016-08-24 2018-03-09 中兴通讯股份有限公司 一种流量检测的方法和装置

Also Published As

Publication number Publication date
KR20140021774A (ko) 2014-02-20

Similar Documents

Publication Publication Date Title
WO2012060669A1 (fr) Procédé de commande d'un dispositif distant par l'intermédiaire de sms et dispositif associé
WO2016114601A1 (fr) Procédé pour service de notification de catastrophe ne nécessitant pas de collecte d'informations de localisation, et serveur de notification de catastrophe et système d'application associés
WO2014168375A1 (fr) Procede et appareil pour mettre a jour une application dans un dispositif electronique
WO2014035043A1 (fr) Appareil et procédé permettant de diagnostiquer des applications malveillantes
WO2015056885A1 (fr) Dispositif de détection et procédé de détection pour une application android malveillante
WO2017026630A1 (fr) Procédé de gestion d'informations confidentielles d'utilisateur de terminal de communication et dispositif pour cela
WO2020186773A1 (fr) Procédé, dispositif et appareil de surveillance de demandes d'appel, et support d'informations
WO2016013810A1 (fr) Procédé et dispositif d'exploitation pour informations de catastrophes
WO2014003505A1 (fr) Système et procédé de configuration d'aspect social d'un dispositif
WO2012023657A1 (fr) Procédé de détection de programmes malveillants basé sur un réseau utilisant une machine virtuelle et système le comprenant
WO2014035194A1 (fr) Système et procédé de service de messages push
WO2013129804A1 (fr) Procédé, système, et support d'enregistrement pour analyser l'ensemble de règles de réduction de charge d'un réseau radio
WO2017104902A1 (fr) Dispositif de terminal d'utilisateur, serveur et procédé d'exécution d'application correspondant
WO2014204084A1 (fr) Procédé de service de partage d'application et appareil appliqué à ce dernier
WO2013122360A1 (fr) Procédé, système et support d'enregistrement pour analyser une configuration de réseau dynamique d'application mobile
WO2013122362A1 (fr) Procédé, système et support d'enregistrement permettant d'appliquer une politique de réduction de charge dans un réseau sans fil
WO2012070900A2 (fr) Système de partage d'événement et données entre dispositifs personnels
WO2014025225A1 (fr) Appareil pour détecter un modèle de données par paquets d'une application
KR101244037B1 (ko) 휴대용 단말의 관리 방법 및 시스템
WO2023059157A1 (fr) Procédé et appareil pour surveiller une utilisation de données dans un système de communication sans fil
WO2015030512A1 (fr) Équipement terminal, procédé de protection pour celui-ci et serveur de gestion du terminal
WO2016200058A1 (fr) Dispositif, procédé et programme informatique de fusion binaire
WO2016159496A1 (fr) Procédé de distribution d'application dotée d'une fonction de sécurité ajoutée à celui-ci et son procédé de fonctionnement
WO2016002996A1 (fr) Procédé et dispositif de blocage d'application de pupille, ainsi que terminal de tuteur, terminal de pupille, programme informatique côté tuteur et programme informatique côté pupille de blocage d'application de pupille
WO2013032144A2 (fr) Dispositif et système de gestion de serveur de jeu

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13828662

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13828662

Country of ref document: EP

Kind code of ref document: A1