[go: up one dir, main page]

CN104702424A - Network behavior monitoring method and device - Google Patents

Network behavior monitoring method and device Download PDF

Info

Publication number
CN104702424A
CN104702424A CN201310654797.2A CN201310654797A CN104702424A CN 104702424 A CN104702424 A CN 104702424A CN 201310654797 A CN201310654797 A CN 201310654797A CN 104702424 A CN104702424 A CN 104702424A
Authority
CN
China
Prior art keywords
data
network
access device
information
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310654797.2A
Other languages
Chinese (zh)
Inventor
马铮
王健全
夏俊杰
白晓媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201310654797.2A priority Critical patent/CN104702424A/en
Publication of CN104702424A publication Critical patent/CN104702424A/en
Pending legal-status Critical Current

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

本发明公开一种网络行为监控的方法及装置,涉及通信技术领域,可以对家庭网络中所有的用户设备进行有效的网络监控。本发明实施例通过网络接入设备读取用户设备向网络侧发送的数据访问请求中携带的数据信息,然后网络接入设备将数据信息与预定义的违法数据进行比对,若预定义的违法数据包含数据信息,网络接入设备对数据访问请求进行拦截。本发明实施例提供的方案适于对网络行为进行监控时采用。

The invention discloses a network behavior monitoring method and device, relates to the field of communication technology, and can effectively monitor all user equipment in a home network. In the embodiment of the present invention, the network access device reads the data information carried in the data access request sent by the user equipment to the network side, and then the network access device compares the data information with the predefined illegal data. The data contains data information, and the network access device intercepts the data access request. The solutions provided by the embodiments of the present invention are suitable for monitoring network behaviors.

Description

一种网络行为监控的方法及装置Method and device for network behavior monitoring

技术领域technical field

本发明涉及通信技术领域,尤其涉及一种网络行为监控的方法及装置。The invention relates to the field of communication technology, in particular to a method and device for network behavior monitoring.

背景技术Background technique

随着手机、平板电脑等用户设备的普遍应用,用户可以随时随地使用这些用户设备进行网络访问,尤其是一些沉迷于网络世界的青少年用户,在应该上课或者休息的时间内上网打游戏、看视频、浏览不良网站等,对青少年的身心健康造成了不良影响。With the widespread application of user equipment such as mobile phones and tablet computers, users can use these user equipment to access the network anytime and anywhere, especially some young users who are addicted to the online world, play games and watch videos online during the time when they should be in class or rest. , Browsing bad websites, etc., have caused adverse effects on the physical and mental health of young people.

目前,对于用户网络行为的监控主要是在用户设备中安装防控软件,通过防控软件对用户网络行为产生的数据进行监控。如果监控到用户正在进行非法访问,则将对用户的网络行为进行阻止。At present, the monitoring of user network behavior is mainly to install prevention and control software in user equipment, and monitor the data generated by user network behavior through the prevention and control software. If it is monitored that the user is illegally accessing, the user's network behavior will be blocked.

在现有的网络行为监控的过程中,发明人发现现有技术中至少存在下述问题:首先,防控软件是安装在用户设备上的,在当前的家庭网络中,存在多种用户设备,需要在所有的用户设备侧安装防控软件,才能实现家庭网络整体的监控部署;另外,防控软件安装在用户设备上,容易被作为监控对象的用户关闭或删除,无法真正起到网络行为监控的作用。In the process of existing network behavior monitoring, the inventor found at least the following problems in the prior art: First, the prevention and control software is installed on the user equipment. In the current home network, there are many kinds of user equipment, It is necessary to install prevention and control software on all user devices to realize the overall monitoring and deployment of the home network; in addition, the prevention and control software is installed on user devices, which is easy to be closed or deleted by users who are monitoring objects, and cannot really monitor network behavior. role.

发明内容Contents of the invention

本发明的实施例提供一种网络行为监控的方法及装置,可以对家庭网络中所有的用户设备进行有效的网络监控。Embodiments of the present invention provide a method and device for network behavior monitoring, which can effectively monitor all user equipment in a home network.

第一方面,本发明实施例提供一种网络行为监控的方法,包括In a first aspect, an embodiment of the present invention provides a method for network behavior monitoring, including

网络接入设备获取用户设备向网络侧发送的数据访问请求;The network access device obtains the data access request sent by the user equipment to the network side;

网络接入设备读取所述数据访问请求中携带的数据信息;The network access device reads the data information carried in the data access request;

网络接入设备将所述数据信息与预定义的违法数据进行比对;The network access device compares the data information with the predefined illegal data;

若所述预定义的违法数据包含所述数据信息,网络接入设备对所述数据访问请求进行拦截。If the predefined illegal data includes the data information, the network access device intercepts the data access request.

第二方面,本发明实施例提供一种网络行为监控的装置,所述装置位于网络接入设备侧,所述装置包括:In the second aspect, an embodiment of the present invention provides an apparatus for monitoring network behavior, the apparatus is located on the network access device side, and the apparatus includes:

获取单元,用于获取用户设备向网络侧发送的数据访问请求;an obtaining unit, configured to obtain a data access request sent by the user equipment to the network side;

读取单元,用于读取所述获取单元获取的所述数据访问请求中携带的数据信息;a reading unit, configured to read the data information carried in the data access request obtained by the obtaining unit;

比对单元,用于将所述读取单元读取的所述数据信息与预定义的违法数据进行比对;A comparing unit, configured to compare the data information read by the reading unit with predefined illegal data;

拦截单元,用于当所述比对单元的比对结果为所述预定义的违法数据包含所述数据信息时,对所述数据访问请求进行拦截。An intercepting unit, configured to intercept the data access request when the comparison result of the comparison unit is that the predefined illegal data contains the data information.

本发明实施例提供的网络行为监控的方法及装置,能够读取用户设备向网络侧发送的数据访问请求中携带的数据信息,然后将数据信息与预定义的违法数据进行比对,若预定义的违法数据包含数据信息,则对数据访问请求进行拦截。与现有技术中需要在每一个用户设备上安装防控软件相比,能够通过上层网络接入设备对家庭网络中所有的用户设备统一进行网络行为监控,无需在每个用户设备上分别安装防控软件,同时可以避免用户在用户设备上对防控软件进行关闭或删除,由此可以实现对家庭网络下所有用户设备的有效监控。The network behavior monitoring method and device provided by the embodiments of the present invention can read the data information carried in the data access request sent by the user equipment to the network side, and then compare the data information with the predefined illegal data. If the illegal data contains data information, the data access request will be intercepted. Compared with the need to install prevention and control software on each user equipment in the prior art, it is possible to monitor the network behavior of all user equipment in the home network through the upper network access device, without installing anti-virus software on each user equipment. At the same time, it can prevent the user from closing or deleting the prevention and control software on the user equipment, so that effective monitoring of all user equipment under the home network can be realized.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained according to these drawings without any creative effort.

图1为本发明一个实施例提供的一种网络行为监控的方法的流程图;Fig. 1 is a flow chart of a method for network behavior monitoring provided by an embodiment of the present invention;

图2为本发明另一个实施例提供的另一种网络行为监控的方法的流程图;FIG. 2 is a flow chart of another method for network behavior monitoring provided by another embodiment of the present invention;

图3为本发明一个实施例提供的一种网络行为监控的装置的框图;FIG. 3 is a block diagram of a network behavior monitoring device provided by an embodiment of the present invention;

图4为本发明另一个实施例提供的另一种网络行为监控的装置的框图。Fig. 4 is a block diagram of another device for network behavior monitoring provided by another embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

本发明实施例提供一种网络行为监控的方法,该方法的执行主体为网络接入设备,具体的可以为家庭网关、调制解调器,如图1所示,该方法包括:An embodiment of the present invention provides a method for network behavior monitoring. The execution subject of the method is a network access device, specifically a home gateway or a modem. As shown in FIG. 1 , the method includes:

步骤101,网络接入设备获取用户设备向网络侧发送的数据访问请求。Step 101, the network access device obtains the data access request sent by the user equipment to the network side.

目前,随着手机、平板电脑等用户设备的普遍应用,在家庭网络中存在多种用户设备,并且可能存在多种用户设备同时进行网络访问,即存在多种用户设备同时向网络侧发送数据访问请求的现象。现有的方案是通过在用户设备上安装的防控软件对该数据访问请求进行处理。而本发明实施例提供的方案可以在多种用户设备同时向网络侧发送数据访问请求时,家庭网络中的网络接入设备同时获取多种用户设备向网络侧发送的多种数据访问请求,并对获取的数据访问请求进行处理。At present, with the widespread use of user equipment such as mobile phones and tablet computers, there are many kinds of user equipment in the home network, and there may be many kinds of user equipment that access the network at the same time, that is, there are many kinds of user equipment that send data access to the network side at the same time. request phenomenon. The existing solution is to process the data access request through the prevention and control software installed on the user equipment. However, in the solution provided by the embodiment of the present invention, when multiple user equipments send data access requests to the network side at the same time, the network access device in the home network simultaneously acquires multiple data access requests sent by multiple user equipments to the network side, and Process the obtained data access request.

步骤102,网络接入设备读取数据访问请求中携带的数据信息。Step 102, the network access device reads the data information carried in the data access request.

在本步骤中,数据信息可以为用户设备上传网络侧的数据内容信息,也可以为用户设备向网络侧发送的统一资源定位符(Uniform Resource Locator,URL)。数据内容信息可以为用户向用户设备输入的文字类信息;URL被称为网页地址,是因特网上标准的资源的地址。In this step, the data information may be data content information uploaded by the user equipment to the network side, or may be a Uniform Resource Locator (Uniform Resource Locator, URL) sent by the user equipment to the network side. The data content information may be text information input by the user to the user equipment; the URL is called a web page address, which is a standard resource address on the Internet.

步骤103,网络接入设备将数据信息与预定义的违法数据进行比对。Step 103, the network access device compares the data information with predefined illegal data.

在步骤101之前网管人员可以预先在网络接入设备中对违法数据进行设置例如,设置敏感词汇、非法URL等。在设置完毕后,网络接入设备对网管人员的设置内容进行保存,以便本步骤比对之用。Before step 101, network administrators may pre-set illegal data in the network access device, for example, set sensitive words, illegal URLs, and the like. After the setting is completed, the network access device saves the setting content of the network administrator for comparison in this step.

当网络接入设备读取到数据访问请求中携带的数据信息时,将该数据信息和预定义的违法数据进行比对,判断违法数据中是否包含该数据信息。当判断的结果为违法数据中包含该数据信息时,执行步骤104,当判断的结果为违法数据中不包含该数据信息时,则继续传送数据访问请求到网络侧。When the network access device reads the data information carried in the data access request, it compares the data information with predefined illegal data to determine whether the illegal data contains the data information. When the judging result is that the illegal data contains the data information, execute step 104, and when the judging result is that the illegal data does not contain the data information, continue to send the data access request to the network side.

步骤104,若预定义的违法数据包含数据信息,网络接入设备对数据访问请求进行拦截。Step 104, if the predefined illegal data contains data information, the network access device intercepts the data access request.

目前,对于用户网络行为的监控主要是在用户设备中安装防控软件,通过防控软件对用户网络行为产生的数据进行监控。如果监控到用户正在进行非法访问时,该防控软件将对用户的网络行为进行阻止。然而,防控软件是安装在用户设备上的,在当前的家庭网络中,存在多种用户设备,需要在所有的用户设备上安装防控软件,才能实现家庭网络整体的监控部署。另外,防控软件安装在用户设备上,容易被作为监控对象的用户关闭或删除,无法真正起到网络行为监控的作用。At present, the monitoring of user network behavior is mainly to install prevention and control software in user equipment, and monitor the data generated by user network behavior through the prevention and control software. If it is monitored that the user is conducting illegal access, the prevention and control software will block the user's network behavior. However, the prevention and control software is installed on the user equipment. In the current home network, there are many kinds of user equipment. It is necessary to install the prevention and control software on all the user equipment to realize the overall monitoring deployment of the home network. In addition, the prevention and control software is installed on the user's device, and it is easy to be closed or deleted by the user who is the monitoring target, and cannot really play the role of network behavior monitoring.

与现有技术中需要在每一个用户设备上安装防控软件,且不能避免被用户关闭或删除该防控软件相比,本发明实施例提供的方案,通过网络接入设备可以对所有的用户设备进行网络监控,同时该网络监控不受用户的影响,可以对家庭网络中所有的用户设备进行有效的网络监控。Compared with the existing technology that needs to install prevention and control software on each user equipment, and cannot avoid being closed or deleted by the user, the solution provided by the embodiment of the present invention can control all user equipment through network access. The device performs network monitoring, and at the same time, the network monitoring is not affected by the user, and can effectively monitor all user devices in the home network.

本发明实施例提供的网络行为监控的方法,能够读取用户设备向网络侧发送的数据访问请求中携带的数据信息,然后将数据信息与预定义的违法数据进行比对,若预定义的违法数据包含数据信息,则对数据访问请求进行拦截。使得本发明实施例可以通过网络接入设备对家庭网络中所有的用户设备进行有效的网络监控。The network behavior monitoring method provided by the embodiment of the present invention can read the data information carried in the data access request sent by the user equipment to the network side, and then compare the data information with the predefined illegal data. If the data contains data information, the data access request is intercepted. This enables the embodiment of the present invention to perform effective network monitoring on all user equipment in the home network through the network access device.

本发明实施例提供一种网络行为监控的方法,该方法的执行主体为网络接入设备,具体的可以为家庭网关、调制解调器,如图2所示,该方法包括:An embodiment of the present invention provides a method for network behavior monitoring. The execution subject of the method is a network access device, specifically a home gateway or a modem. As shown in FIG. 2 , the method includes:

步骤201,网络接入设备获取用户设备向网络侧发送的数据访问请求。Step 201, the network access device obtains the data access request sent by the user equipment to the network side.

在用户设备向网络侧发送数据访问请求时,网络接入设备拦截该数据访问请求,并获取该数据访问请求中携带的数据信息以及时间戳。When the user equipment sends a data access request to the network side, the network access device intercepts the data access request, and obtains the data information and the time stamp carried in the data access request.

步骤202,网络接入设备读取数据访问请求中携带的数据信息以及时间戳。Step 202, the network access device reads the data information and the time stamp carried in the data access request.

可选的,在本步骤中,数据信息可以为用户设备上传网络侧的数据内容信息,也可以为用户设备向网络侧发送的URL。数据内容信息可以为用户向用户设备输入的文字类信息;URL被称为网页地址,是因特网上标准的资源的地址;时间戳是用于记录用户的访问时刻。Optionally, in this step, the data information may be data content information uploaded by the user equipment to the network side, or may be a URL sent by the user equipment to the network side. The data content information can be text information input by the user to the user device; the URL is called a webpage address, which is the address of a standard resource on the Internet; the time stamp is used to record the user's access time.

例如,网络接入设备在读取数据访问请求中携带的用户设备上传网络侧的数据内容信息时,同时也会读取该数据访问请求中携带的记录用户的访问时刻的时间戳。例如,网络接入设备在读取数据访问请求中携带的用户设备向网络侧发送的URL时,也会读取该数据访问请求中携带的记录用户的访问时刻的时间戳。For example, when the network access device reads the data content information uploaded by the user equipment to the network side carried in the data access request, it also reads the time stamp recording the user's access time carried in the data access request. For example, when the network access device reads the URL sent by the user equipment to the network side carried in the data access request, it also reads the time stamp recording the user's access time carried in the data access request.

需要注意的是,如果网络接入设备获取的为网络侧发向用户设备的数据访问响应时,也可以读取该数据访问响应。It should be noted that if the data access response obtained by the network access device is a data access response sent from the network side to the user equipment, the data access response may also be read.

步骤203,网络接入设备将数据访问请求中携带的数据信息和时间戳与预定义的违法数据进行比对。Step 203, the network access device compares the data information and time stamp carried in the data access request with predefined illegal data.

在步骤201之前网管人员可以预先在网络接入设备中对违法数据进行设置例如,设置敏感词汇、非法URL以及非法访问时段等。在设置完毕后,网络接入设备对网管人员的设置内容进行保存,以便本步骤比对之用。Before step 201, network administrators may pre-set illegal data in the network access device, for example, set sensitive words, illegal URLs, and illegal access time periods. After the setting is completed, the network access device saves the setting content of the network administrator for comparison in this step.

敏感词汇是指淫秽、暴力等性质恶劣的词汇。非法URL是指一切不利于工作、学习的网页网址。例如,在工作的环境中,公司的员工在上班时间不应该浏览视频网页,因此可以将所有的视频网页设置为非法URL。又例如,一些沉迷于网络世界的青少年用户,在应该上课或者休息的时间内上网打游戏、看视频、浏览不良网站,这些给青少年的身心健康造成了不良影响。为了杜绝这种现象的发生,可以将一切不利于青少年身心健康发展的网页设置为非法URL。在本发明实施例提供的方案中,对非法访问时段没有做具体限定,不同的环境中设置的非法访问时段不同。例如,家庭和学校的生活环境中,可以根据青少年的学习和休息时间,规定非法访问时段。Sensitive words refer to words of a bad nature such as obscenity and violence. Illegal URLs refer to all web addresses that are not conducive to work and study. For example, in a work environment, employees of the company should not browse video webpages during working hours, so all video webpages can be set as illegal URLs. For another example, some young users who are addicted to the Internet world play games, watch videos, and browse bad websites online during the time when they should be in class or rest, which have caused adverse effects on the physical and mental health of young people. In order to prevent the occurrence of this phenomenon, all web pages that are not conducive to the healthy development of young people's physical and mental health can be set as illegal URLs. In the solution provided by the embodiment of the present invention, there is no specific limitation on the illegal access period, and the illegal access period is set differently in different environments. For example, in the living environment of families and schools, illegal visit periods can be stipulated according to the study and rest time of young people.

当网络接入设备读取到数据访问请求中携带的数据信息和时间戳时,将该数据信息和时间戳信息分别和预定义的违法数据进行比对,判断预定义的违法数据中是否包含该数据信息和时间戳信息。When the network access device reads the data information and time stamp carried in the data access request, it compares the data information and time stamp information with the predefined illegal data to determine whether the predefined illegal data contains the Data information and timestamp information.

在本步骤中,当预定义的违法数据不包括数据访问请求中携带的数据信息和时间戳时,执行步骤204,当预定义的违法数据包括数据访问请求中携带的数据信息或时间戳时,执行步骤205。In this step, when the predefined illegal data does not include the data information and time stamp carried in the data access request, execute step 204; when the predefined illegal data includes the data information or time stamp carried in the data access request, Execute step 205.

步骤204,网络接入设备传送数据访问请求到网络侧。Step 204, the network access device transmits a data access request to the network side.

可选的,当预定义的违法数据不包括数据访问请求中携带的数据信息和时间戳时,说明用户是在合法的时段内进行网络访问,并且访问的数据内容信息中不包括敏感词汇,或者访问的URL不属于非法的URL。此时网络接入设备不会对该数据访问请求信息进行拦截,传送该数据访问请求到网络侧进行正常访问。Optionally, when the predefined illegal data does not include the data information and time stamp carried in the data access request, it means that the user is accessing the network within a legal time period, and the accessed data content information does not include sensitive words, or The accessed URL is not an illegal URL. At this time, the network access device will not intercept the data access request information, and transmit the data access request to the network side for normal access.

步骤205,网络接入设备对数据访问请求进行拦截。Step 205, the network access device intercepts the data access request.

在本步骤中,对数据访问请求进行拦截包括三种情况:首先,当预定义的违法数据包括数据访问请求中携带的数据信息和时间戳时,对数据访问请求进行拦截;其次,当预定义的违法数据包括数据访问请求中携带的数据信息,但不包括数据访问请求中携带的时间戳时,对数据访问请求进行拦截;再次,当预定义的违法数据包括数据访问请求中携带的时间戳,但不包括数据访问请求中携带的数据信息时,对数据访问请求进行拦截。In this step, the interception of the data access request includes three situations: first, when the predefined illegal data includes the data information and time stamp carried in the data access request, the data access request is intercepted; secondly, when the predefined When the illegal data includes the data information carried in the data access request, but does not include the time stamp carried in the data access request, the data access request is intercepted; again, when the predefined illegal data includes the time stamp carried in the data access request , but does not include the data information carried in the data access request, intercept the data access request.

需要注意的,在本步骤中,数据信息可以为数据内容信息,也可以为URL。It should be noted that in this step, the data information may be data content information or URL.

目前,对于用户网络行为的监控主要是在用户设备中安装防控软件,通过防控软件对用户网络行为产生的数据进行监控。如果监控到用户正在进行非法访问时,该防控软件将对用户的网络行为进行阻止。然而,防控软件是安装在用户设备上的,在当前的家庭网络中,存在多种用户设备,需要在所有的用户设备上安装防控软件,才能实现家庭网络整体的监控部署。另外,防控软件安装在用户设备上,容易被作为监控对象的用户关闭或删除,无法真正起到网络行为监控的作用。At present, the monitoring of user network behavior is mainly to install prevention and control software in user equipment, and monitor the data generated by user network behavior through the prevention and control software. If it is monitored that the user is conducting illegal access, the prevention and control software will block the user's network behavior. However, the prevention and control software is installed on the user equipment. In the current home network, there are many kinds of user equipment. It is necessary to install the prevention and control software on all the user equipment to realize the overall monitoring deployment of the home network. In addition, the prevention and control software is installed on the user's device, and it is easy to be closed or deleted by the user who is the monitoring target, and cannot really play the role of network behavior monitoring.

与现有技术中需要在每一个用户设备上安装防控软件,且不能避免被用户关闭或删除该防控软件相比,本发明实施例提供的方案,通过网络接入设备可以对所有的用户设备进行网络监控,同时该网络监控不受用户的影响,可以对家庭网络中所有的用户设备进行有效的网络监控。Compared with the existing technology that needs to install prevention and control software on each user equipment, and cannot avoid being closed or deleted by the user, the solution provided by the embodiment of the present invention can control all user equipment through network access. The device performs network monitoring, and at the same time, the network monitoring is not affected by the user, and can effectively monitor all user devices in the home network.

步骤206,网络接入设备查询在网络接入设备中是否预先设置了告警通知。In step 206, the network access device inquires whether an alarm notification is preset in the network access device.

在本步骤中,当在网络接入设备中未预先设置告警通知时,执行步骤207,当在网络接入设备中预先设置告警通知时,执行步骤208。In this step, when the alarm notification is not preset in the network access device, step 207 is performed, and when the alarm notification is preset in the network access device, step 208 is performed.

步骤207,网络接入设备将拦截信息写入备份日志。Step 207, the network access device writes the interception information into the backup log.

可选的,当网络接入设备中未预先设置告警通知时,网络接入设备直接将拦截信息写入备份日记,以便网络管理人员需要查询具体哪台用户设备进行非法访问时,可以通过该备份日记进行查询。本步骤中的拦截信息可以为用户设备向网络侧发送的数据访问请求信息。Optionally, when the alarm notification is not pre-set in the network access device, the network access device directly writes the interception information into the backup log, so that when the network management personnel need to query which user device has illegally accessed, they can use the backup log. Diary query. The interception information in this step may be the data access request information sent by the user equipment to the network side.

步骤208,网络接入设备向网管设备发送告警通知,并将拦截信息及告警通知写入备份日志。Step 208, the network access device sends an alarm notification to the network management device, and writes the interception information and the alarm notification into the backup log.

在网络接入设备中预先设置告警通知的情况下,网络接入设备可以根据预先配置的发送告警信息的邮箱地址或者手机号码,将该告警信息以短信的形式发送到该手机号码,或者,将该告警通知以邮件的形式发送到该邮箱地址。同时将拦截信息以及告警通知写入备份日志。In the case where the alarm notification is pre-set in the network access device, the network access device can send the alarm information to the mobile phone number in the form of a text message according to the pre-configured email address or mobile phone number for sending the alarm information, or send The alarm notification is sent to the email address in the form of email. At the same time, the interception information and alarm notification are written into the backup log.

本发明实施例提供的网络行为监控的方法,可以通过网络接入设备对家庭网络中所有的用户设备进行有效的网络监控。同时本发明实施例也可以根据在网络接入设备中预先设置的告警通知,向网管设备发送告警信息,以便网络管理人员根据该告警通知,及时获知具体哪台用户设备正在进行非法访问。The network behavior monitoring method provided by the embodiment of the present invention can effectively monitor all user equipment in a home network through a network access device. At the same time, the embodiment of the present invention can also send alarm information to the network management equipment according to the alarm notification preset in the network access device, so that the network management personnel can know in time which specific user equipment is illegally accessing according to the alarm notification.

本发明实施例提供一种网络行为监控的装置,该装置可以位于网络接入设备中,如图3所示,该装置,包括:获取单元301,读取单元302,比对单元303,拦截单元304。An embodiment of the present invention provides a network behavior monitoring device, which can be located in a network access device, as shown in Figure 3, the device includes: an acquisition unit 301, a reading unit 302, a comparison unit 303, and an interception unit 304.

获取单元301,用于获取用户设备向网络侧发送的数据访问请求。The obtaining unit 301 is configured to obtain a data access request sent by the user equipment to the network side.

读取单元302,用于读取所述获取单元301获取的所述数据访问请求中携带的数据信息。The reading unit 302 is configured to read the data information carried in the data access request obtained by the obtaining unit 301 .

比对单元303,用于将所述读取单元302读取的所述数据信息与预定义的违法数据进行比对。The comparing unit 303 is configured to compare the data information read by the reading unit 302 with predefined illegal data.

拦截单元304,用于当所述比对单元303的比对结果为所述预定义的违法数据包含所述数据信息时,对所述数据访问请求进行拦截。The interception unit 304 is configured to intercept the data access request when the comparison result of the comparison unit 303 is that the predefined illegal data contains the data information.

进一步可选的,所述读取单元302读取的所述数据信息为所述用户设备上传网络侧的数据内容信息时,所述比对单元303,还用于对所述数据内容信息进行语义分析处理,判断所述数据内容信息中是否包含预定义的敏感词汇。Further optionally, when the data information read by the reading unit 302 is data content information uploaded by the user equipment to the network side, the comparison unit 303 is further configured to perform semantic analysis on the data content information. Analyzing and processing to determine whether the data content information contains predefined sensitive words.

所述读取单元302读取的所述数据信息为所述用户设备向网络侧发送的统一资源定位符URL时,所述比对单元303,还用于判断所述统一资源定位符是否属于预定义的非法统一资源定位符。When the data information read by the reading unit 302 is the Uniform Resource Locator URL sent by the user equipment to the network side, the comparison unit 303 is further configured to determine whether the Uniform Resource Locator belongs to a predetermined URL. Illegal Uniform Resource Locator defined.

进一步可选的,所述读取单元302,还用于读取所述数据访问请求中携带的时间戳,所述时间戳用于记录用户的访问时刻。Further optionally, the reading unit 302 is further configured to read the time stamp carried in the data access request, and the time stamp is used to record the user's access time.

所述比对单元303,还用于判断所述读取单元302读取的所述数据访问请求中携带的时间戳是否属于预定义的非法访问时段内。The comparison unit 303 is further configured to determine whether the time stamp carried in the data access request read by the reading unit 302 falls within a predefined illegal access period.

进一步可选的,如图4所示,该装置,还包括:发送单元305,写入单元306。Further optionally, as shown in FIG. 4 , the device further includes: a sending unit 305 and a writing unit 306 .

发送单元305,用于在所述拦截单元304对所述数据访问请求进行拦截之后,向网管设备发送告警通知。The sending unit 305 is configured to send an alarm notification to the network management device after the intercepting unit 304 intercepts the data access request.

写入单元306,用于将拦截信息及所述发送单元305发送的所述告警通知写入备份日志。The writing unit 306 is configured to write the interception information and the alarm notification sent by the sending unit 305 into a backup log.

需要说明的是,附图3与附图4所示装置中,其各个模块的具体实施过程以及各个模块之间的信息交互等内容,由于与本发明方法实施例基于同一发明构思,可以参见方法实施例,在此不一一赘述。It should be noted that, in the devices shown in Figure 3 and Figure 4, the specific implementation process of each module and the information interaction between each module, etc., are based on the same inventive concept as the method embodiment of the present invention, please refer to the method Embodiments are not described here one by one.

本发明实施例提供的网络行为监控的装置,能够读取用户设备向网络侧发送的数据访问请求中携带的数据信息,然后将数据信息与预定义的违法数据进行比对,若预定义的违法数据包含数据信息,则对数据访问请求进行拦截。使得本发明实施例可以通过网络接入设备对家庭网络中所有的用户设备进行有效的网络监控。同时本发明实施例也可以根据在网络接入设备中预先设置的告警通知,向网管设备发送告警信息,以便网络管理人员根据该告警通知,及时获知具体哪台用户设备正在进行非法访问。The network behavior monitoring device provided by the embodiment of the present invention can read the data information carried in the data access request sent by the user equipment to the network side, and then compare the data information with the predefined illegal data. If the data contains data information, the data access request is intercepted. This enables the embodiment of the present invention to perform effective network monitoring on all user equipment in the home network through the network access device. At the same time, the embodiment of the present invention can also send alarm information to the network management equipment according to the alarm notification preset in the network access device, so that the network management personnel can know in time which specific user equipment is illegally accessing according to the alarm notification.

需说明的是,以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。It should be noted that the device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physically separated. A unit can be located in one place, or it can be distributed to multiple network units. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without creative effort.

通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件的方式来实现,当然也可以通过专用硬件包括专用集成电路、专用CPU、专用存储器、专用元器件等来实现,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在可读取的存储介质中,如计算机的软盘,U盘、移动硬盘、只读存储器、随机存取存储器、磁碟或者光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be realized by means of software plus necessary general-purpose hardware. However, in many cases, the former is a better implementation. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product is stored in a readable storage medium, such as a floppy disk of a computer , U disk, mobile hard disk, read-only memory, random access memory, magnetic disk or optical disk, etc., including several instructions to make a computer device (which can be a personal computer, server, or network device, etc.) execute various implementations of the present invention The method described in the example.

本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于装置和系统实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, the same and similar parts of each embodiment can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the device and system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for relevant parts, refer to part of the description of the method embodiments.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应所述以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (10)

1.一种网络行为监控的方法,其特征在于,包括:1. A method for network behavior monitoring, characterized in that, comprising: 网络接入设备获取用户设备向网络侧发送的数据访问请求;The network access device obtains the data access request sent by the user equipment to the network side; 网络接入设备读取所述数据访问请求中携带的数据信息;The network access device reads the data information carried in the data access request; 网络接入设备将所述数据信息与预定义的违法数据进行比对;The network access device compares the data information with the predefined illegal data; 若所述预定义的违法数据包含所述数据信息,网络接入设备对所述数据访问请求进行拦截。If the predefined illegal data includes the data information, the network access device intercepts the data access request. 2.根据权利要求1所述的方法,其特征在于,所述数据信息为所述用户设备上传网络侧的数据内容信息;2. The method according to claim 1, wherein the data information is data content information uploaded by the user equipment to the network side; 所述网络接入设备将所述数据信息与预定义的违法数据进行比对,包括:The network access device compares the data information with predefined illegal data, including: 网络接入设备对所述数据内容信息进行语义分析处理,判断所述数据内容信息中是否包含预定义的敏感词汇。The network access device performs semantic analysis and processing on the data content information to determine whether the data content information contains predefined sensitive words. 3.根据权利要求1所述的方法,其特征在于,所述数据信息为所述用户设备向网络侧发送的统一资源定位符URL;3. The method according to claim 1, wherein the data information is a Uniform Resource Locator (URL) sent by the user equipment to the network side; 所述网络接入设备将所述数据信息与预定义的违法数据进行比对,包括:The network access device compares the data information with predefined illegal data, including: 网络接入设备判断所述统一资源定位符是否属于预定义的非法统一资源定位符。The network access device judges whether the uniform resource locator belongs to a predefined illegal uniform resource locator. 4.根据权利要求1所述的方法,其特征在于,所述方法还包括:4. The method according to claim 1, wherein the method further comprises: 网络接入设备读取所述数据访问请求中携带的时间戳,所述时间戳用于记录用户的访问时刻;The network access device reads the timestamp carried in the data access request, and the timestamp is used to record the user's access time; 所述网络接入设备将所述数据信息与预定义的违法数据进行比对,包括:The network access device compares the data information with predefined illegal data, including: 网络接入设备判断所述时间戳是否属于预定义的非法访问时段内。The network access device judges whether the time stamp belongs to a predefined illegal access period. 5.根据权利要求1所述的方法,其特征在于,在所述网络接入设备对所述数据访问请求进行拦截之后,所述方法还包括:5. The method according to claim 1, characterized in that, after the network access device intercepts the data access request, the method further comprises: 网络接入设备向网管设备发送告警通知;The network access device sends an alarm notification to the network management device; 网络接入设备将拦截信息及所述告警通知写入备份日志。The network access device writes the interception information and the alarm notification into the backup log. 6.一种网络行为监控的装置,其特征在于,所述装置位于网络接入设备侧,所述装置包括:6. A device for network behavior monitoring, characterized in that the device is located on the side of the network access device, and the device includes: 获取单元,用于获取用户设备向网络侧发送的数据访问请求;an obtaining unit, configured to obtain a data access request sent by the user equipment to the network side; 读取单元,用于读取所述获取单元获取的所述数据访问请求中携带的数据信息;a reading unit, configured to read the data information carried in the data access request obtained by the obtaining unit; 比对单元,用于将所述读取单元读取的所述数据信息与预定义的违法数据进行比对;A comparing unit, configured to compare the data information read by the reading unit with predefined illegal data; 拦截单元,用于当所述比对单元的比对结果为所述预定义的违法数据包含所述数据信息时,对所述数据访问请求进行拦截。An intercepting unit, configured to intercept the data access request when the comparison result of the comparison unit is that the predefined illegal data contains the data information. 7.根据权利要求6所述的装置,其特征在于,所述读取单元读取的所述数据信息为所述用户设备上传网络侧的数据内容信息;7. The device according to claim 6, wherein the data information read by the reading unit is data content information uploaded by the user equipment to the network side; 所述比对单元,还用于对所述数据内容信息进行语义分析处理,判断所述数据内容信息中是否包含预定义的敏感词汇。The comparison unit is further configured to perform semantic analysis on the data content information to determine whether the data content information contains predefined sensitive words. 8.根据权利要求6所述的装置,其特征在于,所述读取单元读取的所述数据信息为所述用户设备向网络侧发送的统一资源定位符URL;8. The device according to claim 6, wherein the data information read by the reading unit is a Uniform Resource Locator (URL) sent by the user equipment to the network side; 所述比对单元,还用于判断所述统一资源定位符是否属于预定义的非法统一资源定位符。The comparing unit is further configured to judge whether the uniform resource locator belongs to a predefined illegal uniform resource locator. 9.根据权利要求6所述的装置,其特征在于,9. The apparatus of claim 6, wherein: 所述读取单元,还用于读取所述数据访问请求中携带的时间戳,所述时间戳用于记录用户的访问时刻;The reading unit is further configured to read the time stamp carried in the data access request, and the time stamp is used to record the user's access time; 所述比对单元,还用于判断所述读取单元读取的所述数据访问请求中携带的时间戳是否属于预定义的非法访问时段内。The comparing unit is further configured to determine whether the time stamp carried in the data access request read by the reading unit falls within a predefined illegal access period. 10.根据权利要求6所述的装置,其特征在于,所述装置,还包括:10. The device according to claim 6, further comprising: 发送单元,用于在所述拦截单元对所述数据访问请求进行拦截之后,向网管设备发送告警通知;a sending unit, configured to send an alarm notification to the network management device after the intercepting unit intercepts the data access request; 写入单元,用于将拦截信息及所述发送单元发送的所述告警通知写入备份日志。A writing unit, configured to write the interception information and the alarm notification sent by the sending unit into a backup log.
CN201310654797.2A 2013-12-05 2013-12-05 Network behavior monitoring method and device Pending CN104702424A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310654797.2A CN104702424A (en) 2013-12-05 2013-12-05 Network behavior monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310654797.2A CN104702424A (en) 2013-12-05 2013-12-05 Network behavior monitoring method and device

Publications (1)

Publication Number Publication Date
CN104702424A true CN104702424A (en) 2015-06-10

Family

ID=53349217

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310654797.2A Pending CN104702424A (en) 2013-12-05 2013-12-05 Network behavior monitoring method and device

Country Status (1)

Country Link
CN (1) CN104702424A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105787029A (en) * 2016-02-25 2016-07-20 浪潮软件集团有限公司 A Keyword Recognition Method Based on SOLR
CN106599709A (en) * 2015-10-15 2017-04-26 中兴通讯股份有限公司 Privacy information leakage prevention method and device as well as terminal
CN107645524A (en) * 2016-07-21 2018-01-30 腾讯科技(深圳)有限公司 A kind of message push processing method and device
CN112994925A (en) * 2020-11-19 2021-06-18 上海亿狮摩信息技术有限公司 Internet access control device and system applied to home network

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1608363A (en) * 2002-02-26 2005-04-20 网派网络公司 System for intercepting network access and method thereof
CN101019403A (en) * 2004-08-07 2007-08-15 浪控有限公司 Device internet resource access filtering system and method
CN101741636A (en) * 2009-12-22 2010-06-16 中国科学院长春光学精密机械与物理研究所 A Computer Network Monitoring System Using Chip TMS320F2812
CN102377585A (en) * 2010-08-10 2012-03-14 深圳市傲天通信有限公司 System and method for preventing teenagers from addicting to network
CN102685215A (en) * 2012-04-18 2012-09-19 华为技术有限公司 Method, device and system for online monitoring of mobile terminal
CN102857486A (en) * 2012-04-01 2013-01-02 深信服网络科技(深圳)有限公司 Next-generation application firewall system and defense method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1608363A (en) * 2002-02-26 2005-04-20 网派网络公司 System for intercepting network access and method thereof
CN101019403A (en) * 2004-08-07 2007-08-15 浪控有限公司 Device internet resource access filtering system and method
CN101741636A (en) * 2009-12-22 2010-06-16 中国科学院长春光学精密机械与物理研究所 A Computer Network Monitoring System Using Chip TMS320F2812
CN102377585A (en) * 2010-08-10 2012-03-14 深圳市傲天通信有限公司 System and method for preventing teenagers from addicting to network
CN102857486A (en) * 2012-04-01 2013-01-02 深信服网络科技(深圳)有限公司 Next-generation application firewall system and defense method
CN102685215A (en) * 2012-04-18 2012-09-19 华为技术有限公司 Method, device and system for online monitoring of mobile terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599709A (en) * 2015-10-15 2017-04-26 中兴通讯股份有限公司 Privacy information leakage prevention method and device as well as terminal
CN105787029A (en) * 2016-02-25 2016-07-20 浪潮软件集团有限公司 A Keyword Recognition Method Based on SOLR
CN107645524A (en) * 2016-07-21 2018-01-30 腾讯科技(深圳)有限公司 A kind of message push processing method and device
CN107645524B (en) * 2016-07-21 2020-09-01 腾讯科技(深圳)有限公司 Message pushing processing method and device
CN112994925A (en) * 2020-11-19 2021-06-18 上海亿狮摩信息技术有限公司 Internet access control device and system applied to home network

Similar Documents

Publication Publication Date Title
Wei et al. Profiledroid: Multi-layer profiling of android applications
US10148675B1 (en) Block-level forensics for distributed computing systems
Satvat et al. On the privacy of private browsing–a forensic approach
US10114960B1 (en) Identifying sensitive data writes to data stores
US9817969B2 (en) Device for detecting cyber attack based on event analysis and method thereof
US10509905B2 (en) Ransomware mitigation system
US8869286B1 (en) Systems and methods for analyzing client-side storage security for internet applications
CN103095530B (en) The monitoring of a kind of sensitive information based on preposition gateway and leakage prevention method and system
US11449637B1 (en) Systems and methods for providing web tracking transparency to protect user data privacy
CN105323210A (en) Method, apparatus and cloud server for detecting website security
US11356478B2 (en) Phishing protection using cloning detection
CN111885007B (en) Information tracing method, device, system and storage medium
CN103973635A (en) Page access control method, and related device and system
US10686834B1 (en) Inert parameters for detection of malicious activity
CN104702424A (en) Network behavior monitoring method and device
Jeong et al. Investigation methodology of a virtual desktop infrastructure for IoT
US8694659B1 (en) Systems and methods for enhancing domain-name-server responses
US10467423B1 (en) Static analysis-based tracking of data in access-controlled systems
CN115051867B (en) Illegal external connection behavior detection method and device, electronic equipment and medium
US9003535B1 (en) Systems and methods for certifying client-side security for internet sites
US10430140B2 (en) Method, apparatus and system for opening a web page
CN111368231B (en) Method and device for testing heterogeneous redundancy architecture website
CN108124014B (en) Method for intelligently preventing third-party Cookie tracking of browser
Pultier et al. Privacy in mobile apps
KR101933347B1 (en) System for deleting personal digital information by tracking trace

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20150610

RJ01 Rejection of invention patent application after publication