WO2014038737A1 - 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법 - Google Patents

모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법 Download PDF

Info

Publication number
WO2014038737A1
WO2014038737A1 PCT/KR2012/007231 KR2012007231W WO2014038737A1 WO 2014038737 A1 WO2014038737 A1 WO 2014038737A1 KR 2012007231 W KR2012007231 W KR 2012007231W WO 2014038737 A1 WO2014038737 A1 WO 2014038737A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
monitoring
policy
filtering
application
Prior art date
Application number
PCT/KR2012/007231
Other languages
English (en)
French (fr)
Korean (ko)
Inventor
김남건
정인장
배성수
한창문
이원준
Original Assignee
에스케이텔레콤 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 에스케이텔레콤 주식회사 filed Critical 에스케이텔레콤 주식회사
Priority to PCT/KR2012/007231 priority Critical patent/WO2014038737A1/ko
Priority to CN201280034354.7A priority patent/CN103959711B/zh
Priority to US14/099,360 priority patent/US9467360B2/en
Publication of WO2014038737A1 publication Critical patent/WO2014038737A1/ko

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks

Definitions

  • the present invention relates to a network traffic management system and method using a monitoring and filtering policy, and more particularly, to detect a packet of an application at a user terminal according to a monitoring policy, and transmit traffic statistics information on the detected packet.
  • a monitoring and filtering policy By filtering the packets according to the received filtering policy, it is possible to quickly and easily detect the traffic for ancillary data communication (e.g., session maintenance data) or the traffic of a malicious user, which can put a load on the communication network and at the user terminal side.
  • ancillary data communication e.g., session maintenance data
  • the present invention relates to a network traffic management system using a monitoring and filtering policy that can be filtered, and a method thereof.
  • An application in the form of a messenger should always transmit the location of the user terminal equipped with the application to the server for the packet receiving function. That is, the server must know the location of the user terminal for packet transmission. To this end, the session information between the user terminal and the server must be maintained so that the location information of the user terminal can be transmitted to the server periodically or temporarily. In order to maintain such a session, session maintenance data (eg, Keep Alive message, Heart Beat message, etc.) that is not related to actual message transmission must be periodically exchanged between the user terminal and the corresponding server. . Since the operation of transmitting and receiving session data is independently performed for each application, when a large number of messenger applications are installed or driven in one terminal, a load is placed on the network system of the communication service provider.
  • session maintenance data eg, Keep Alive message, Heart Beat message, etc.
  • the present invention was devised to solve the above problems, and detects a packet of an application at a user terminal according to a monitoring policy, transmits traffic statistics information on the detected packet, and filters the packet according to the received filtering policy.
  • a monitoring and filtering policy that can quickly and easily detect and filter on ancillary data communication traffic (e.g., session maintenance data) or malicious user traffic that can add to the load on the network.
  • An object of the present invention is to provide a network traffic management system and method using the same.
  • a network traffic management device for generating a monitoring policy and filtering policy, and transmits the generated monitoring policy and filtering policy to the user terminal to manage network traffic; And classifying and detecting packets generated by an application of the user terminal according to an application or a destination address according to a monitoring policy received from the network traffic management apparatus, and generating traffic statistics information on the detected packets to manage the network traffic. And a traffic control device for transmitting the packet to the device and filtering the packet in the kernel region of the user terminal according to the filtering policy received from the network traffic management device.
  • the device for collecting the packet generated by the application of the user terminal by the port number in the user terminal;
  • a packet monitoring unit for classifying packets corresponding to a monitoring policy among the collected packets by application or destination address and detecting them in the kernel region of the user terminal;
  • a traffic manager configured to generate traffic statistics information through analysis of the detected packets, transmit them to the network traffic management apparatus, and receive a filtering policy from the network traffic management apparatus;
  • a packet filtering unit for filtering a packet of an application corresponding to the received filtering policy or a packet having a blocking destination address included in the filtering policy in a kernel region of the user terminal.
  • the traffic manager may include: a traffic information generator configured to generate traffic statistics information through analysis of the detected packet and transmit the generated traffic statistics information to the network traffic management apparatus; A policy setting unit which sets the monitoring policy and the filtering policy to the packet monitoring unit and the packet filtering unit, respectively; A policy DB for storing the monitoring policy and filtering policy; A traffic information DB for storing the generated traffic statistics information; And a filtering DB for storing packet information about the filtered packet.
  • the packet monitoring unit may classify and monitor packets of an application using a predetermined registered port or an unregistered port among the collected packets by port number.
  • the packet monitoring unit may monitor a packet of an application using the predetermined unregistered port and extract protocol information, a destination address, and a port number.
  • the packet monitoring unit may monitor a packet of an application using the predetermined unregistered port, and extract a destination MAC address, a destination IP address, and a destination port number for the destination address.
  • the packet monitoring unit may extract the protocol information, the destination address, and the port number when the socket is generated by an application using the preset unregistered port.
  • the packet monitoring unit may monitor a packet of an application using the predetermined unregistered port and calculate a packet generation period in which the packet is generated in the application.
  • the packet filtering unit may filter a packet of an application corresponding to the filtering policy or a packet having a blocking destination address of the filtering policy by using a netfilter operating in the kernel region of the user terminal.
  • the packet filtering unit may generate a handler for controlling a filtering policy operating in the kernel region of the user terminal in the user region, and control a net filter for performing filtering using the generated handler.
  • the monitoring policy receiving step of receiving a monitoring policy from the network traffic management apparatus;
  • a packet of an application using a preset registered port or an unregistered port among the collected packets may be classified and monitored for each port number.
  • the packet monitoring step may include extracting protocol information, a destination address, and a port number by monitoring a packet of an application using the predetermined unregistered port.
  • the packet monitoring step may include extracting a destination MAC address, a destination IP address, and a destination port number for the destination address by monitoring a packet of an application using the preset unregistered port.
  • the packet monitoring may include extracting the protocol information, the destination address, and the port number when the socket is generated by an application using the predetermined unregistered port.
  • the packet monitoring step may include calculating a packet generation period in which a packet is generated in the application by monitoring a packet of an application using the predetermined unregistered port.
  • the packet filtering may include filtering a packet of an application corresponding to the filtering policy or a packet having a blocking destination address of the filtering policy by using a netfilter operating in a kernel region of the user terminal. .
  • the packet filtering step may include generating a handler for controlling a filtering policy operating in the kernel region of the user terminal in the user region and controlling a net filter for performing filtering using the generated handler.
  • the present invention can increase the load on a communication network by detecting a packet of an application at a user terminal according to a monitoring policy, transmitting traffic statistics information on the detected packet, and filtering the packet according to a received filtering policy.
  • Ancillary data communication traffic eg, session maintenance data
  • malicious user traffic can be detected quickly and easily and filtered at the user terminal side.
  • the present invention minimizes the traffic required for the process of registering an application for providing a push service, authentication, and keep-alive message transmission, and loads a message that can increase the load on the network in advance. There is a filterable effect.
  • the present invention has the effect of quickly recognizing and filtering packets of an application contrary to a monitoring policy and a filtering policy, an application having a malicious purpose, or an application causing abnormal traffic.
  • the present invention also divides an application of a user terminal into an application using a preset registration port or an unregistered port, monitors and filters packets of an application using an unregistered port, and monitors and filters by passing a packet of an application using a registration port. Since the required packet can be reduced, the amount of computation of the user terminal can be reduced.
  • FIG. 1 is a configuration diagram of an embodiment of a network traffic management system using a monitoring and filtering policy according to the present invention
  • FIG. 2 is a block diagram of an embodiment of a traffic control apparatus using a monitoring and filtering policy according to the present invention
  • FIG. 3 is a detailed configuration diagram of an embodiment of the traffic management unit of FIG. 2 according to the present invention.
  • FIG. 4 is a flowchart illustrating a network traffic management method using a monitoring and filtering policy according to the present invention
  • FIG. 5 is a flowchart illustrating a traffic control method in the traffic control apparatus according to the present invention.
  • FIG. 1 is a configuration diagram of an embodiment of a network traffic management system using a monitoring and filtering policy according to the present invention.
  • the network traffic management system 10 using the monitoring and filtering policy according to the present invention includes a traffic control device 110, a network traffic management device 200, and a service included in the user terminal 100.
  • Providing apparatus 300 is included.
  • the network traffic management apparatus 200 manages network traffic between the user terminal 100 and the service providing apparatus 300. To this end, the network traffic management apparatus 200 generates a monitoring policy and filtering policy and transmits the generated monitoring policy and filtering policy to the traffic control apparatus 110 included in the user terminal 100 to manage traffic.
  • the network traffic management apparatus 200 may receive traffic statistics information from the traffic control apparatus 110 and check the traffic statistics information of each user terminal 100.
  • the network traffic management apparatus 200 generates a filtering policy through analysis of the traffic statistics information of each user terminal 100 and transmits the filtering policy to the traffic control apparatus 110.
  • the network traffic management apparatus 200 may collect traffic information on the traffic to be managed in advance, generate a filtering policy, and transmit the generated filtering policy to the traffic control apparatus 110.
  • the communication network refers to a network that provides a communication service so that the user terminal 100, the network traffic management apparatus 200, and the service providing apparatus 300 communicate with each other by wire or wireless. That is, the communication network may be a wired Internet network, a wireless data network (Internet network, IMS, etc.) connected through a mobile communication network (CDMA, W-CDMA, etc.), or an Internet network connected through short-range communication such as Wi-Fi. It may include.
  • the traffic control apparatus 110 controls the traffic generated through the application 101 installed in the user terminal 100.
  • the user terminal 100 may be applied to any type of terminal capable of performing the traffic control function such as a notebook, a smart phone, a PDA, a navigation, a PMP, an electronic dictionary, and an MP3.
  • the traffic control apparatus 110 may perform a traffic control function through a traffic control program provided through a network-based external system or an external storage medium.
  • the traffic control device 110 for each application in the kernel region of the user terminal 100 according to the monitoring policy received from the network traffic management device 200, the packet generated in the application of the user terminal 100 Or classify and detect by destination address.
  • the traffic control apparatus 110 transmits traffic statistics information on the detected packet to the network traffic management apparatus 200. Thereafter, the traffic control apparatus 110 transmits a packet of an application corresponding to the filtering policy received from the network traffic management apparatus 200 or a packet having a blocking destination included in the filtering policy of the user terminal 100. Filter in the kernel area.
  • FIG. 2 is a block diagram of an embodiment of a traffic control apparatus using a monitoring and filtering policy according to the present invention.
  • the traffic control apparatus 110 includes a packet collector 210, a packet monitor 220, a traffic manager 230, and a packet filter 240.
  • the traffic control device 110 receives a packet generated by the application 101 installed in the user terminal 100.
  • the packet collection unit 210 collects packets generated by the application 101 installed in the user terminal 100 by dividing the packets by the port number in the user terminal 100.
  • the packet monitoring unit 220 classifies packets corresponding to the monitoring policy among the packets collected by the packet collection unit 210 by application or destination address and detects the packets in the kernel region of the user terminal.
  • the packet monitoring unit 220 monitors the packets of the application 101 using a predetermined registration port or unregistered port among the packets collected by the packet collection unit 210 for each transmission and reception port.
  • the application 101 may be divided into an application using a predetermined well-known port or an unknown port.
  • an application using a preset registration port includes an application such as a web browser. Packet transmission and reception of an application using a preset registration port can be basically passed without policy comparison.
  • the packet monitoring unit 220 detects the packet according to the monitoring policy on the assumption that the packet of the application using the unregistered port operates according to its own standard.
  • the port number used by the application 101 of the user terminal 100 is registered in the network traffic management apparatus 200
  • the port number used by the application 101 is referred to as a registration port.
  • the unregistered port refers to a port number that is not registered in the network traffic management apparatus 200.
  • the packet monitoring unit 220 may monitor the packet of the application 101 using the preset unregistered port to extract the protocol information, the destination address and the port number. When the application using the registration port conforms to the filtering policy, the packet monitoring unit 220 may reduce the packet for monitoring and monitoring only packets of the application 101 using the unregistered port.
  • the packet monitoring unit 220 may extract the protocol information, the destination address and the port number only when the packet is generated in the packet of the application 101 using the preset unregistered port. Since the application 101 has the same protocol information, the same destination address and the same port number after the socket creation with the service providing apparatus 300, the packet monitoring load is extracted by extracting the protocol information, the destination address and the port number only when the socket is created. Can be reduced.
  • the packet monitoring unit 220 extracts a destination MAC address, a destination IP address, and a destination port number as a destination address.
  • the packet monitoring unit 220 may calculate a packet generation period by monitoring a packet of the application 101 using a predetermined unregistered port. For example, when a packet generation period is set in the monitoring policy, the packet monitoring unit 220 may detect a packet of the application 101 that exceeds the packet generation period.
  • the packet monitoring unit 220 does not check the payload (Payload) of the application 101, only confirms the presence or absence of incoming / outgoing packets. Through this, the packet monitoring unit 220 may reduce the load on packet monitoring. If necessary, the packet monitoring unit 220 may capture the entire packet data, that is, the header and the packet payload of the packet, and separately analyze or transmit the packet header to the network traffic management apparatus 200.
  • the payload Payload
  • the packet filtering unit 240 filters the packet of the application corresponding to the filtering policy or the packet having the blocking destination address included in the filtering policy in the kernel region of the user terminal 100.
  • the filtering policy is received from the network traffic management apparatus 200.
  • the packet filtering unit 240 filters the packet of the application 101 corresponding to the filtering policy or the packet having the blocking destination address of the filtering policy by using a netfilter operating in the kernel region of the user terminal 101. .
  • the packet filtering unit 240 generates a handler (eg, iptalbes handler, libipq *) for controlling a filtering policy operating in the kernel region of the user terminal 100 in the user region and performs filtering using the generated handler. You can control the net filter.
  • a handler eg, iptalbes handler, libipq *
  • the traffic manager 230 analyzes the packet detected by the packet monitor 220 and generates traffic statistics information.
  • the traffic manager 230 transmits the generated traffic statistics information to the network traffic management apparatus 200.
  • FIG. 3 is a detailed configuration diagram of an embodiment of the traffic management unit of FIG. 2 according to the present invention.
  • the traffic manager 230 includes a traffic information generator 310, a policy setting unit 320, and a data storage unit 330.
  • the data storage unit 330 includes a policy DB 331, a traffic DB 332, and a filtering DB 333.
  • the traffic information generator 310 analyzes the packet detected by the packet monitor 220 for each application or destination address and generates traffic statistics information.
  • the traffic statistics information includes the number or size of packets for each application for a predetermined time, the number or size of packets for each destination address during a predetermined time, and the like.
  • the policy setting unit 320 sets the received monitoring policy and the filtering policy to the packet monitoring unit 220 and the packet filtering unit 240, respectively.
  • Monitoring policies include a list of applications to monitor, protocol information to monitor, port numbers to monitor, packet generation intervals to monitor, and destination addresses to monitor.
  • the filtering policy includes a blocking application list and a blocking destination list.
  • the data storage unit 330 stores the traffic statistics information generated by the traffic information generator 310, the traffic information, and the packet information about the filtered packet.
  • the data storage unit 330 stores the received monitoring policy and filtering policy in the policy 331.
  • the data storage unit 330 stores the traffic statistics information for each application or destination address generated by the traffic information generator 310 in the traffic DB 332.
  • the data storage unit 330 stores the packet information filtered by the packet filtering unit 240 in the filtering DB 333.
  • FIG. 4 is a flowchart illustrating a network traffic management method using a monitoring and filtering policy according to the present invention.
  • the application 101 installed in the user terminal 101 transmits a session maintenance packet or a malicious packet to the service providing apparatus 300 (S402).
  • the traffic control apparatus 110 collects a packet from the application 101 installed in the user terminal 101 (S404).
  • the traffic control apparatus 110 monitors the collected packets according to the monitoring policy (S406).
  • the traffic control apparatus 110 generates traffic statistics information using the monitoring result in the monitoring process "S406" and transmits the traffic statistics information to the network traffic management apparatus 200 (S408).
  • the network traffic management apparatus 200 analyzes the traffic statistics information received from the traffic control apparatus 110 and generates a filtering policy using the analyzed result.
  • the network traffic management apparatus 200 transmits the generated filtering policy to the traffic control apparatus 110.
  • the traffic control device 110 filters the packet of the application 101 according to the filtering policy received from the network traffic management device 200.
  • the traffic control device 110 blocks the packet of the application 101 according to the received filtering policy (S416).
  • step “S416” the process of blocking the packet is described.
  • the traffic control apparatus 110 may block or allow the packet according to the filtering policy.
  • FIG. 5 is a flowchart illustrating a traffic control method in the traffic control apparatus according to the present invention.
  • the network traffic management apparatus 200 transmits a monitoring policy to the traffic control apparatus 110 (S502). Then, the traffic manager 230 receives the monitoring policy (S502).
  • the traffic manager 230 sets the received monitoring policy to the packet monitor 220 (S504).
  • the packet collecting unit 210 classifies and collects packets generated by the application 101 installed in the user terminal 110 by port number, and the packet monitoring unit 220 collects from the application 101 according to a monitoring policy.
  • the packet is monitored (S506).
  • the packet monitoring unit 220 checks in the kernel region of the user terminal 110 whether there is a packet corresponding to the monitoring policy through packet monitoring (S508).
  • the packet monitoring unit 220 may classify and detect a packet by an application or a destination address.
  • the traffic management unit 230 analyzes the packet detected by the packet monitoring unit 220 to generate traffic statistics information (S510).
  • the traffic manager 230 transmits the generated traffic statistics information to the network traffic management apparatus 200 (S512).
  • the network traffic management apparatus 200 analyzes the received traffic statistics information and generates a filtering policy using the analyzed result (S514).
  • the network traffic management apparatus 200 transmits the generated filtering policy to the traffic control apparatus 110 (S516).
  • the packet filtering unit 240 filters the packet of the application 101 according to the filtering policy received from the traffic control device 110 (S518). That is, the packet filtering unit 240 filters the packet of the application corresponding to the filtering policy or the packet having the blocking destination address included in the filtering policy in the kernel region of the user terminal.
  • the present invention can be applied to various reproduction apparatuses by implementing the data traffic control method described above as a software program and recording it on a computer-readable predetermined recording medium.
  • Various playback devices may be PCs, laptops, portable terminals, smart phones, and the like.
  • the recording medium may be a hard disk, a flash memory, a RAM, a ROM, or the like as an internal type of each playback device, or an optical disc such as a CD-R or a CD-RW, a compact flash card, a smart media, a memory stick, or a multimedia card as an external type. have.
  • the program recorded on the computer-readable recording medium includes: a monitoring policy receiving step of receiving a monitoring policy from a network traffic management apparatus; A packet collection process of dividing packets generated by an application of the user terminal by port numbers; A packet monitoring process of classifying packets corresponding to the received monitoring policy by application or by destination address through monitoring of the collected packets and detecting them in a kernel region of the user terminal; A traffic information generation process of analyzing the detected packets to generate traffic statistics information; A filtering policy receiving step of transmitting the generated traffic statistics information to a network traffic management apparatus and receiving a filtering policy from the network traffic management apparatus; And a filtering process for filtering a packet of an application corresponding to the received filtering policy or a packet having a block destination address included in the filtering policy in a kernel region of the user terminal.
  • a packet of an application is detected at a user terminal according to a monitoring policy, and traffic statistics information about the detected packet is filtered to filter the packet according to the received filtering policy, thereby increasing the load on the communication network.
  • In-data communication traffic eg, session maintenance data
  • malicious user traffic can be detected quickly and easily and filtered at the user terminal side.
  • the invention is a commercially available invention because the possibility of marketing or operating the applied device is not only sufficient for the use of the related technology, but also practically evident as it exceeds the limitation of the existing technology.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
PCT/KR2012/007231 2011-06-27 2012-09-07 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법 WO2014038737A1 (ko)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/KR2012/007231 WO2014038737A1 (ko) 2012-09-07 2012-09-07 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법
CN201280034354.7A CN103959711B (zh) 2012-09-07 2012-09-07 利用监控策略和过滤策略管理网络流量的系统和方法
US14/099,360 US9467360B2 (en) 2011-06-27 2013-12-06 System, device and method for managing network traffic by using monitoring and filtering policies

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2012/007231 WO2014038737A1 (ko) 2012-09-07 2012-09-07 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/099,360 Continuation US9467360B2 (en) 2011-06-27 2013-12-06 System, device and method for managing network traffic by using monitoring and filtering policies

Publications (1)

Publication Number Publication Date
WO2014038737A1 true WO2014038737A1 (ko) 2014-03-13

Family

ID=50237330

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/007231 WO2014038737A1 (ko) 2011-06-27 2012-09-07 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법

Country Status (2)

Country Link
CN (1) CN103959711B (zh)
WO (1) WO2014038737A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124470A (zh) * 2021-11-01 2022-03-01 山东顺国电子科技有限公司 网络流量元数据采集技术算法
CN115658701A (zh) * 2022-12-27 2023-01-31 北京仁科互动网络技术有限公司 数据库流量控制方法、装置、设备及存储介质

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10432531B2 (en) * 2016-06-28 2019-10-01 Paypal, Inc. Tapping network data to perform load balancing
CN110213198A (zh) * 2018-02-28 2019-09-06 中标软件有限公司 网络流量的监控方法及系统
CN109194700B (zh) * 2018-11-28 2021-09-17 深信服科技股份有限公司 一种流量管控方法及相关装置
CN109587028B (zh) * 2018-11-29 2021-11-26 麒麟合盛网络技术股份有限公司 一种控制客户端流量的方法和装置
CN109413675A (zh) * 2018-12-05 2019-03-01 斑马网络技术有限公司 车联网流量控制方法、装置及车载终端
CN111355603A (zh) * 2018-12-20 2020-06-30 福建雷盾信息安全有限公司 一种计算机流量分析方法
CN111356166A (zh) * 2018-12-20 2020-06-30 福建雷盾信息安全有限公司 一种流量监控方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040057257A (ko) * 2002-12-26 2004-07-02 한국과학기술정보연구원 분산서비스거부 공격 대응 시스템 및 방법과 그프로그램을 기록한 기록매체
KR20050031215A (ko) * 2003-09-29 2005-04-06 한국전자통신연구원 네트워크 노드의 보안 엔진 관리 장치 및 방법
KR20060044050A (ko) * 2004-11-11 2006-05-16 한국전자통신연구원 보안 라우터 시스템에서의 보안 정책 관리 방법 및 장치
KR100615620B1 (ko) * 2005-03-17 2006-08-25 (주)팜미디어 정책 관리를 통한 휴대 단말의 디지털 컨텐츠 다운로드제어 방법 및 당해 시스템
KR20110027386A (ko) * 2009-09-10 2011-03-16 모젠소프트 (주) 사용자 단말로부터 외부로 나가는 유해 패킷을 차단하는 장치, 시스템 및 방법

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPWO2003015356A1 (ja) * 2001-08-08 2004-12-02 富士通株式会社 サーバ、移動通信端末、無線装置および通信システムにおける通信方法並びに通信システム
US7174566B2 (en) * 2002-02-01 2007-02-06 Intel Corporation Integrated network intrusion detection
CN102045197B (zh) * 2010-12-14 2014-12-10 中兴通讯股份有限公司 一种告警数据的同步方法及网管系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040057257A (ko) * 2002-12-26 2004-07-02 한국과학기술정보연구원 분산서비스거부 공격 대응 시스템 및 방법과 그프로그램을 기록한 기록매체
KR20050031215A (ko) * 2003-09-29 2005-04-06 한국전자통신연구원 네트워크 노드의 보안 엔진 관리 장치 및 방법
KR20060044050A (ko) * 2004-11-11 2006-05-16 한국전자통신연구원 보안 라우터 시스템에서의 보안 정책 관리 방법 및 장치
KR100615620B1 (ko) * 2005-03-17 2006-08-25 (주)팜미디어 정책 관리를 통한 휴대 단말의 디지털 컨텐츠 다운로드제어 방법 및 당해 시스템
KR20110027386A (ko) * 2009-09-10 2011-03-16 모젠소프트 (주) 사용자 단말로부터 외부로 나가는 유해 패킷을 차단하는 장치, 시스템 및 방법

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124470A (zh) * 2021-11-01 2022-03-01 山东顺国电子科技有限公司 网络流量元数据采集技术算法
CN115658701A (zh) * 2022-12-27 2023-01-31 北京仁科互动网络技术有限公司 数据库流量控制方法、装置、设备及存储介质
CN115658701B (zh) * 2022-12-27 2023-03-14 北京仁科互动网络技术有限公司 数据库流量控制方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN103959711A (zh) 2014-07-30
CN103959711B (zh) 2018-02-23

Similar Documents

Publication Publication Date Title
WO2014038737A1 (ko) 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법
CN103607399B (zh) 基于暗网的专用ip网络安全监测系统及方法
CN108429637B (zh) 一种智能变电站过程层网络拓扑动态探测系统及方法
WO2012077944A9 (ko) 네트워크 패킷을 이용한 공유 단말 구분 시스템 및 처리 방법
WO2014081205A1 (ko) 불법 ap 검출 시스템 및 그의 검출 방법
US9467360B2 (en) System, device and method for managing network traffic by using monitoring and filtering policies
WO2013122360A1 (ko) 모바일 애플리케이션 동적 네트워크 패턴 분석 방법 및 시스템과 기록매체
WO2013002538A2 (en) Method and apparatus for preventing distributed denial of service attack
WO2015129934A1 (ko) 명령제어채널 탐지장치 및 방법
WO2012115385A2 (en) Apparatus and method for providing universal plug and play service based on wi-fi direct connection in portable terminal
WO2016013718A1 (ko) 와이파이 망을 이용한 웹기반 광고 제공 시스템 및 방법
WO2013012278A2 (ko) 통신 시스템에서 ip 어드레스를 이용한 디바이스 컨텍스트 관리 방법 및 장치
WO2016108509A1 (en) Method and apparatus for allocating server in wireless communication system
WO2017026840A1 (ko) 인터넷 연결 장치, 중앙 관리 서버 및 인터넷 연결 방법
WO2016076574A1 (ko) 단말 정보 식별 장치 및 방법
WO2016035954A1 (ko) 인터넷 회선 품질측정 전용단말 및 그 운영 방법
KR20130006912A (ko) 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법
KR101469285B1 (ko) 정책기반 라우팅을 이용한 선택적인 인터넷 트래픽 분석 시스템 및 그 방법
WO2016108415A1 (ko) 네트워크 보안 장비 및 그것의 디도스 공격 탐지 방법
WO2016098997A1 (en) Apparatus, system and method for detecting abnormal volte registration message in 4g mobile network
WO2015083927A1 (en) Apparatus and method for detecting abnormal sdp message in 4g mobile networks
WO2019078539A1 (ko) 패킷 처리 기능 선택방법 및 그를 위한 장치
WO2013164660A1 (en) Taxi, taxicab, or vehicle-for-hire, automatic vacancy status and availability detection technique and apparatus
KR20130007246A (ko) 시그널링 트래픽 관리 시스템 및 그 방법
WO2012018190A2 (ko) 트래픽 기반 통신 시스템 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12884111

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12884111

Country of ref document: EP

Kind code of ref document: A1