Unlock instant, AI-driven research and patent intelligence for your innovation.

Abnormal network access connection identification and blocking method, system, medium and equipment

A network access and network connection technology, applied in the field of network connection identification and blocking, abnormal network access connection identification and blocking, can solve the problems of difficult configuration blocking strategy, network stability impact, long time period, etc. The effect of applying access control

Active Publication Date: 2021-07-09
GUANGZHOU TRUSTMO INFORMATION SYST CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Existing network access control technology, for the detection and control of high-frequency and wide-ranging scanning behaviors, cannot detect well due to the long time period, and it is difficult to configure a suitable blocking strategy
In the way of blocking, it is mainly based on the way of series connection or linkage with the switch, which has a certain impact on the stability of the network.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal network access connection identification and blocking method, system, medium and equipment
  • Abnormal network access connection identification and blocking method, system, medium and equipment
  • Abnormal network access connection identification and blocking method, system, medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] Such as figure 1As shown, the abnormal network access connection identification and blocking method of this embodiment includes the following steps:

[0060] S101. Identification of abnormal network access connections.

[0061] (1) Identification of abnormal network access connections based on behavior;

[0062] Based on the real-time statistics and analysis of access sessions per unit time based on source IP and destination IP, source IP addresses with high frequency and wide range are determined. If the number of sessions related to these IPs is greater than a certain threshold, it is considered to be an abnormal network access connection.

[0063] (2) Abnormal network access connection definition based on multi-dimensional policy rule matching;

[0064] Support policy rules based on the following dimensions: source address, source port, destination address, destination port, transport layer protocol (TCP / UDP), application layer protocol (HTTP, etc.), source / destina...

Embodiment 2

[0085] Such as image 3 As shown, the present embodiment provides a system for identifying and blocking abnormal network access connections. The system includes an abnormal network identification module 1 and an access connection blocking module 2. The specific functions of each module are as follows:

[0086] The abnormal network identification module 1 is used for accessing the connected network and identifying whether it belongs to an abnormal network access connection;

[0087] The access connection blocking module 2 is used to block the network access connection in a bypass mode, that is, to collect the real-time communication traffic of the network connection communication, obtain the communication control information of the two parties in communication, and construct a specific data packet, and at the same time, both parties in the communication Send a control packet for connection interruption, thereby blocking the communication connection;

[0088] The access connect...

Embodiment 3

[0095] This embodiment provides a storage medium, the storage medium stores one or more programs, and when the programs are executed by the processor, the abnormal network access connection identification and blocking method of the above-mentioned embodiment 1 is implemented, as follows:

[0096] For the accessed network access, identify whether it is an abnormal network access connection;

[0097] The bypass method is used to block the network access connection, that is, to collect the real-time communication traffic of the network connection communication, obtain the communication control information of the two parties in communication, and construct a specific data packet, and at the same time send a control packet of connection interruption to the two parties in communication, thereby blocking Disconnect the communication connection; specifically:

[0098] Establish a matching rule strategy and generate a matching rule tree;

[0099] Capture the data packet and store the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, system, medium and equipment for identifying and blocking an abnormal network access connection. The method includes: identifying whether the accessed network access belongs to an abnormal network access connection; To block, that is to collect the real-time communication traffic of the network connection communication, obtain the communication control information of the communication parties, construct a specific data packet, and send a connection interruption control packet to the communication parties at the same time, thereby blocking the communication connection. The present invention is deployed in a bypass manner, does not change the existing network structure, does not affect the network and cause network paralysis when the equipment is abnormal, and can provide more refined application access control.

Description

technical field [0001] The invention relates to a method for identifying and blocking network connections, in particular to a method, system, medium and equipment for identifying and blocking abnormal network access connections, belonging to the field of network security. Background technique [0002] In the network environment, there are various man-made or automatic abnormal network access connections, such as high-frequency and wide-ranging scanning behaviors and unauthorized access behaviors. These abnormal connections pose a great threat to network security. [0003] Existing network access systems, firewalls, and online behavior management systems can monitor and control some abnormal or unauthorized network access, and basically use serial connection or linkage with switches for blocking control. The network access system generally does not perform monitoring based on network access behavior after allowing access, and the blocking operation is mainly controlled in con...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1441H04L63/20H04L67/143
Inventor 邹凯陈凯枫
Owner GUANGZHOU TRUSTMO INFORMATION SYST CO LTD