Check patentability & draft patents in minutes with Patsnap Eureka AI!

Abnormal network access connection identifying and blocking method, system, medium and device

A network access and network connection technology, applied in the field of network connection identification and blocking, abnormal network access connection identification and blocking, can solve problems such as difficult to configure blocking strategy, long time period, inability to detect well, and achieve fine-grained The effect of applying access control

Active Publication Date: 2019-04-05
GUANGZHOU TRUSTMO INFORMATION SYST CO LTD
View PDF8 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Existing network access control technology, for the detection and control of high-frequency and wide-ranging scanning behaviors, cannot detect well due to the long time period, and it is difficult to configure a suitable blocking strategy
In the way of blocking, it is mainly based on the way of series connection or linkage with the switch, which has a certain impact on the stability of the network.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal network access connection identifying and blocking method, system, medium and device
  • Abnormal network access connection identifying and blocking method, system, medium and device
  • Abnormal network access connection identifying and blocking method, system, medium and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] Such as figure 1 As shown, the method for identifying and blocking abnormal network access connections in this embodiment includes the following steps:

[0060] S101. Identification of abnormal network access connections.

[0061] (1) Identification of abnormal network access connections based on behavior;

[0062] Based on the source IP and destination IP real-time statistical analysis of access sessions per unit time, the source IP addresses with a high frequency range and a wide range are determined. If the number of these IP-related sessions is greater than a certain threshold, they are considered to be abnormal network access connections.

[0063] (2) Abnormal network access connection definition based on multi-dimensional policy rule matching;

[0064] Supports policy rules based on the following dimensions: source address, source port, destination address, destination port, transport layer protocol (TCP / UDP), application layer protocol (HTTP, etc.), source / destination devi...

Embodiment 2

[0085] Such as image 3 As shown, this embodiment provides an abnormal network access connection identification and blocking system. The system includes an abnormal network identification module 1 and an access connection blocking module 2. The specific functions of each module are as follows:

[0086] Abnormal network identification module 1, used to access the accessed network and identify whether it is an abnormal network access connection;

[0087] Access connection blocking module 2 is used to block network access connections by bypassing, that is, collecting real-time communication traffic of network connection communication, obtaining communication control information of both parties in communication, and constructing specific data packets to simultaneously block both parties in communication Send out the control packet of connection interruption, thereby blocking the communication connection;

[0088] The access connection blocking module 2 includes: a strategy construction ...

Embodiment 3

[0095] This embodiment provides a storage medium that stores one or more programs, and when the programs are executed by a processor, the method for identifying and blocking abnormal network access connections in the above embodiment 1 is implemented, as follows:

[0096] For the accessed network access, identify whether it is an abnormal network access connection;

[0097] The bypass method is used to block the network access connection, that is, to collect the real-time communication traffic of the network connection communication, obtain the communication control information of the communication parties, and construct a specific data packet, and at the same time send a connection interruption control packet to the communication parties, thereby blocking Disconnect the communication connection; specifically:

[0098] Establish a matching rule strategy and generate a matching rule tree;

[0099] Capture data packets and store the data packets in user space;

[0100] Extract data packe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an abnormal network access connection identifying and blocking method, system, a medium and device. The method comprises steps: as for a connected network access, whether to belong to an abnormal network access connection is identified; a bypass mode is adopted to block the network access connection, that is, the real-time communication flow of network connection communication is acquired, the communication control information of both sides is acquired, and through constructing a specific data packet and transmitting a control packet of connection interruption to both communication sides, communication connection is thus blocked. The bypass mode is adopted for deployment, the existing network structure is not changed, the network is not influenced when the device isabnormal, network paralysis does not happen, and finer application access control can be provided.

Description

Technical field [0001] The invention relates to a method for identifying and blocking network connections, in particular to a method, system, medium and equipment for identifying and blocking abnormal network access connections, belonging to the field of network security. Background technique [0002] In the network environment, there are various artificial or automatic abnormal network access connections, such as high-frequency and wide-range scanning behaviors and unauthorized access behaviors. These abnormal connections pose a great threat to network security. [0003] Existing network access systems, firewalls, and Internet behavior management systems can monitor and control some abnormal or unauthorized network access, and basically use serial connection or linkage with switches to block control. The network access system generally no longer conducts monitoring based on network access behavior after admission is allowed, and the blocking operation is mainly linked to the switc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1441H04L63/20H04L67/143
Inventor 邹凯陈凯枫
Owner GUANGZHOU TRUSTMO INFORMATION SYST CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com