Method and system for judging network access legality of local area network terminal equipment

A technology of terminal equipment and local area network, applied in the field of power information security, can solve the problems of neglecting the forgery of MAC addresses and lack of universality of terminal types, so as to improve the universality and matching accuracy, improve the vulnerability, and strengthen the The effect of reliability

Pending Publication Date: 2020-08-25
GLOBAL ENERGY INTERCONNECTION RES INST CO LTD +2
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method uses the global uniqueness of the MAC address to determine the legitimacy of the terminal identity, it ignores the forgery of the MAC address; some scholars have also studied the terminal access technology of the Android sy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for judging network access legality of local area network terminal equipment
  • Method and system for judging network access legality of local area network terminal equipment
  • Method and system for judging network access legality of local area network terminal equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] The flow chart of a method for judging the legitimacy of a network access feature fingerprint of a local area network terminal device provided by the present invention is as follows: figure 1 shown, including:

[0048] Step 1: Obtain the behavior characteristics of the terminal device based on the fixed characteristics of the terminal device connected to the working LAN at a fixed time interval;

[0049] Step 2: Generate characteristic fingerprints for terminal devices based on behavioral characteristics;

[0050] Step 3: Determine the legitimacy of the behavior of the terminal device based on the comparison between the characteristic fingerprint of the terminal and the behavioral fingerprint samples stored in the terminal in advance.

[0051]First of all, in terms of the selection of equipment features, this application lists the fixed features and dynamic behaviors included in the marketing site terminal equipment, and selects active, passive, or a combination of act...

Embodiment 2

[0072] Attached below figure 2 , giving an embodiment of a method for judging the legality of network access feature fingerprints of a local area network terminal device.

[0073] After the legality determination method process of LAN terminal equipment network feature fingerprints starts, it includes:

[0074] Step 201: Classify terminal types.

[0075] Step 202: Strategy selection of terminal fixed features and dynamic behavior features.

[0076] That is, for various types of terminals in the terminal type list, appropriate terminal fixed features are selected for them.

[0077] Step 203: Waiting for the device to access the network.

[0078] The device in this embodiment is also a terminal.

[0079] Step 204: Determine whether there is any device that is connecting to the network: if yes, go to step 205; otherwise, go to step 203.

[0080] Step 205: Query the MAC address of the terminal.

[0081] Step 206: Determine whether the MAC address has been registered in the ...

Embodiment 3

[0096] A specific embodiment of a method for judging the legality of network access feature fingerprints of a local area network terminal device is given below.

[0097] Step 301: Conduct a research on terminal types for a power marketing outlet, and find that the terminal types are divided into work computers, marketing payment terminals, printers, cameras, POS machines, and card punching devices.

[0098] Step 302: Bypass deploying the terminal admission system using this method at the core switch, and mirroring all data traffic passing through the core switch through the mirror port.

[0099] Step 303: Configure corresponding terminal fixed features and terminal dynamic behavior features for each type of terminal, for example: configure all terminal features as shown in Table 1 and Table 2 for computer terminals.

[0100] Step 304: Prepare two computers with identical models and identical operating systems as test machines. Computer A is connected to the local area network...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and system for judging the network access legality of local area network terminal equipment, and the method comprises the steps: obtaining the behavior characteristicsof terminal equipment at a fixed time interval based on the fixed characteristics of terminal equipment accessing a working local area network; generating a feature fingerprint for the terminal devicebased on the behavior feature; and determining the legality of the behavior of the terminal device based on the comparison condition of the characteristic fingerprint of the terminal and a behavior fingerprint sample pre-stored by the terminal. Compared with a traditional admission system, the method has the advantages that the fixed characteristics and the dynamic behavior characteristics of theterminal are combined to serve as the basis for judging the legality of the terminal, and illegal behaviors of legal terminals or accurately counterfeited illegal behaviors of illegal terminals can be found.

Description

technical field [0001] The invention belongs to the technical field of electric power information security, and in particular relates to a method and a system for judging the legality of network access of a local area network terminal device. Background technique [0002] As a key information infrastructure, the power system has always been one of the key targets of "cyber warfare". In order to prevent various network security attacks and ensure the safe and stable operation of the power grid, power grid operating companies have carried out long-term and effective work in network security protection. However, with the construction and operation of the data communication backbone network and terminal access network, all kinds of intelligent terminal equipment, especially marketing field business terminals, are connected to the network of the power grid operating company on a large scale or even directly connected to the backbone network. Due to the weak protection of the on-...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/0876H04L63/10G06F18/22
Inventor 卢子昂马媛媛石聪聪李佳玮邵志鹏周诚陈牧陈璐陈伟
Owner GLOBAL ENERGY INTERCONNECTION RES INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap