Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Illegal external connection monitoring method based on wireless and wired data flow similarity analysis

A similarity analysis and data flow technology, applied in character and pattern recognition, instruments, electrical components, etc., can solve the problems of short detection time, response speed, function failure, and inability to judge, so as to reduce deployment costs and reduce engineering construction difficulty , to solve the effect of omission

Active Publication Date: 2019-08-13
四川英得赛克科技有限公司
View PDF9 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Supervise the use of the wireless network by installing a client agent on the terminal desktop system, mainly for the supervision of the terminal's own wireless network card, privately connected wireless WIFI, and the use of free wireless WIFI; its advantages are short detection time and fast response, but its existence The following disadvantages: cannot manage and control the terminal desktop system without client agent installed; cannot supervise the private connection of wireless routing devices, because such devices cannot install client agent; cannot use technical means to prohibit installed terminals from uninstalling the software system , thereby disabling its function
[0006] Mainly through ICMP, TCP and UDP scanning technology, learn from the operating system fingerprint identification technology to form a local protocol feature library, so as to judge whether the target machine is a NAT access device, smart phone device, portable WIFI access device and free WIFI access equipment, etc.; its advantage is that it can more accurately discover some smart phones and portable WIFI access, and can more accurately identify routing devices and wireless AP access through NAT, but it has the following disadvantages: it needs to deploy a Scanning the host brings a new risk point to the intranet; if the external host is only used as a network springboard, without routing forwarding and NAT functions, it will not be possible to determine whether it is external; this solution needs to send data packets to the internal network, and the It will cause communication interference to the original internal network
[0008] The existing outreach monitoring solution based on data monitoring is detected by bypass monitoring and analyzing data packets inside the network, which is suitable for networks with public network egress (such as the Internet). Special fields are used to judge and distinguish portable WIFI access, smart phone access and NAT device access; its advantage is that it can more accurately discover some smart phones and portable WIFI access, and can more accurately identify NAT access devices, but its existence The following disadvantages: the coverage of monitoring data determines its detection range, there are false negatives, it is suitable for networks with public egress links, and it is not suitable for use as an inspection tool; due to limited detection technology, there is a possibility of false negatives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0037] An illegal outreach monitoring method based on similarity analysis of wireless and wired data streams, using an illegal outreach monitoring device installed with a wireless communication module to monitor, comprising the following steps:

[0038] Step 1. Set a mirror port on the intranet switch to be monitored, and mirror all intranet data to the illegal outreach monitoring device;

[0039] Step 2. The illegal outreach monitoring device receives all internal network traffic data;

[0040] Step 3. When it is preliminarily determined to be a suspicious external host, record all its network communication data;

[0041] Step 4. Analyze the characteristics of the network communication of the suspicious external host, and use the following method to construct its network communication model:

[0042] Step (1), data preprocessing: filter all recorded network communication data, and convert the data stream into a feature vector including a time feature vector and a space featu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an illegal external connection monitoring method based on wireless and wired data flow similarity analysis, which utilizes illegal external connection monitoring equipment provided with a wireless communication module to realize monitoring, and comprises the following steps of: mirroring all internal network data to the illegal external connection monitoring equipment; enabling the illegal external connection monitoring device to receive all internal network flow data; recording all network communication data; performing feature analysis on the network communication, and constructing a network communication model of the network communication; enabling the illegal external connection monitoring device to receive all wireless network flow data; recording all encryptedwireless network communication data between the two; performing feature analysis on the encrypted wireless network communication, and constructing a network communication model of the encrypted wireless network communication; comparing the two network communication models, and judging whether the network communication model is illegally externally connected or not according to the similarity. According to the invention, the wired network communication model and the wireless network communication model are compared, so that illegal external connection behaviors can be accurately monitored in real time.

Description

technical field [0001] The invention relates to an illegal outreach monitoring method, in particular to an illegal outreach monitoring method based on similarity analysis of wireless and wired data streams. Background technique [0002] For the isolated intranet of the industrial control system, illegal outreach has always been the top priority of the integrity protection of the network boundary because of its huge harm. With the popularization of smart phones and 4G / 5G technology, the main manifestation of illegal outreach is the outreach through smart phones (4G / 5G), which is more convenient, faster and cheaper than the early telephone dialing. Low, the most common way is to connect the terminal computer connected to the intranet to the personal hotspot opened by the smartphone through wireless WIFI, which will bring unpredictable security risks to the original internal network. At present, there are mainly the following technical solutions for monitoring illegal outreach...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1408G06F18/23G06F18/22
Inventor 欧晓聪龚海澎王庭宇
Owner 四川英得赛克科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com