[go: up one dir, main page]

WO2022268226A1 - Client identification method and apparatus, and storage medium and network device - Google Patents

Client identification method and apparatus, and storage medium and network device Download PDF

Info

Publication number
WO2022268226A1
WO2022268226A1 PCT/CN2022/101550 CN2022101550W WO2022268226A1 WO 2022268226 A1 WO2022268226 A1 WO 2022268226A1 CN 2022101550 W CN2022101550 W CN 2022101550W WO 2022268226 A1 WO2022268226 A1 WO 2022268226A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
type
matching
information
characteristic information
Prior art date
Application number
PCT/CN2022/101550
Other languages
French (fr)
Chinese (zh)
Inventor
林夏娜
Original Assignee
联洲集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 联洲集团有限公司 filed Critical 联洲集团有限公司
Publication of WO2022268226A1 publication Critical patent/WO2022268226A1/en
Priority to US18/412,492 priority Critical patent/US12170665B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Definitions

  • the embodiments of the present disclosure relate to the technical field of communications, and in particular to a client identification method, device, computer-readable storage medium, and network equipment.
  • a MAC address is an identifier of a network device on the network and is often used to track network devices.
  • Android, IOS, and Windows systems have begun to provide the function of generating random MAC addresses, which has caused a serious impact on the related functions of network devices that are managed by MAC addresses, such as parental control of routers and QoS priority. Level, IoT and other functions, therefore, in order to avoid the failure of such functions, network devices need to have client identification capabilities.
  • the commonly used solution is to realize client identification through user behavior characteristics.
  • This solution often requires long-term network behavior tracking of users, such as monitoring the domain name and its frequency in the DNS request information of the user within a day, and the domain name and frequency in the HTTP request information. Information such as URL, User Agent, and frequency. This is because the user's online behavior within a certain period of time has certain randomness. Only after long-term tracking and statistics can a more reliable behavior analysis be obtained.
  • the technical problem to be solved by the embodiments of the present disclosure is to provide a client identification method, device, computer-readable storage medium, and network equipment, which can quickly identify the client without substantially affecting the performance of the network equipment, and improve Accuracy of recognition.
  • an embodiment of the present disclosure provides a client identification method, including:
  • the user information table includes MAC addresses of all clients associated with the network device and feature information corresponding to each MAC address;
  • the client When the MAC address of the client fails to match, the client is marked to be detected, and when the data packet sent by the client is received, the characteristic information of the client is obtained according to the data packet;
  • the user information table searches and matches the characteristic information of the client, and identifies the client according to the matching result.
  • the data packet is a first-type data packet
  • the characteristic information of the client is the first-type characteristic information of the client
  • searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result specifically includes:
  • the client when receiving the second type of data packet sent by the client, correspondingly obtain the second type of feature information of the client; match the first type of feature information with the client in the user information table
  • the method also includes:
  • adding a new user mark to the client includes:
  • the second type of feature information of the client is performed Search for a match, and identify the client according to the match result, specifically including:
  • adding a new user mark to the client includes:
  • the first type of data packet is a data packet identifying device information, and the first type of feature information corresponds to device information;
  • the second type of data packet is a data packet identifying user behavior, and the second type of Feature information corresponds to user behavior information;
  • the first type of data packet is a data packet that identifies user behavior, and the first type of characteristic information corresponds to user behavior information;
  • the second type of data packet is a data packet that identifies device information, and the second type of characteristic information Corresponding to device information.
  • the data packets identifying device information at least include DHCP data packets, DHCPv6 data packets and Probe Request data packets; the data packets identifying user behavior include at least HTTP data packets and DNS data packets.
  • the method further includes:
  • an embodiment of the present disclosure also provides a client identification device, including:
  • a MAC address obtaining module configured to obtain the MAC address of the client when any client is associated with the network device
  • the MAC address matching module is used to search and match the MAC address of the client according to the preset user information table; wherein, the user information table includes the MAC addresses of all clients associated with the network device and each MAC address Corresponding feature information;
  • a MAC address matching success processing module configured to mark the client as a successful identification when the MAC address of the client is successfully matched
  • a MAC address matching failure processing module configured to mark the client to be detected when the MAC address of the client fails to match, and when receiving the data packet sent by the client, obtain The characteristic information of the client; searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result.
  • An embodiment of the present disclosure also provides a computer-readable storage medium, the computer-readable storage medium includes a stored computer program; wherein, when the computer program is running, the computer-readable storage medium is controlled by the device where the computer-readable storage medium is located to execute The client identification method described in any one of the above.
  • An embodiment of the present disclosure also provides a network device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, when the processor executes the computer program Realize the client identification method described in any one of the above.
  • the embodiments of the present disclosure provide a client identification method and device, a computer-readable storage medium, and a network device.
  • the MAC address of the client is obtained.
  • the preset user information table includes the MAC addresses of all clients associated with the network device and the characteristic information corresponding to each MAC address;
  • the MAC address of the client matches successfully, it indicates that the identification of the client is successful, and then the identification success mark is carried out on the client;
  • Detect the mark, and when receiving the data packet sent by the client obtain the characteristic information of the client according to the data packet, so as to search and match the characteristic information of the client according to the preset user information table, and match the client according to the matching result
  • the client continues to identify; the client is identified through the client's MAC address and related feature information, without occupying
  • FIG. 1 is a flow chart of a preferred embodiment of a client identification method provided by the present disclosure
  • Fig. 2 is a structural block diagram of a preferred embodiment of a client identification device provided by the present disclosure
  • Fig. 3 is a structural block diagram of a preferred embodiment of a network device provided by the present disclosure.
  • FIG. 1 is a flowchart of a preferred embodiment of a client identification method provided by the present disclosure.
  • the method includes steps S11 to S14:
  • Step S11 when any client is associated with the network device, obtain the MAC address of the client;
  • Step S12 search and match the MAC address of the client according to the preset user information table; wherein, the user information table includes the MAC addresses of all clients associated with the network device and the feature information corresponding to each MAC address ;
  • Step S13 when the MAC address of the client matches successfully, marking the client as an identification success
  • Step S14 when the MAC address of the client fails to match, mark the client to be detected, and when receiving the data packet sent by the client, obtain the characteristic information of the client according to the data packet ; searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result.
  • the embodiments of the present disclosure can be executed by any network device associated with a client (such as a router, etc.), and the network device has established a user information table in advance, and the user information table includes at least all The MAC address corresponding to the client and the characteristic information corresponding to each MAC address, that is, there is a corresponding relationship between the client, MAC address and characteristic information.
  • the network device When any client associates with the network device for the first time, the network device The MAC address and feature information corresponding to the client will be added to the user information table, thereby realizing real-time update and maintenance of the user information table.
  • the identification process of the client by the network device is as follows: when any client is associated with the network device, the network device obtains the MAC address of the client, and performs a check on the MAC address of the client according to the preset user information table. Search for a match, and judge whether there is a MAC address matching the MAC address of the client in the user information table; when the MAC address of the client matches successfully, it indicates that there is a MAC address matching the MAC address of the client in the user information table, If the client is identified successfully, then the client will be identified successfully, that is, the client will be marked as "identified successfully"; when the client's MAC address fails to match, it indicates that there is no MAC address with the client in the user information table.
  • the client will be marked as "to be detected", that is, the "to be detected” mark will be added to the client, indicating that the client has not been successfully identified, and more relevant feature information needs to be obtained for further identification. Therefore, when the network device receives the data packet sent by the client, it analyzes and obtains the characteristic information of the client according to the received data packet, and searches and matches the obtained characteristic information of the client according to the preset user information table. , judging whether there is characteristic information matching the characteristic information of the client in the user information table, so as to continue to identify the client according to the matching result of the characteristic information of the client.
  • marking the client is to indicate the current recognition result of the client. For example, “1” can be used to represent the “recognition success” mark, and “0” can be used to represent the "to be detected” mark. Any other symbols are used for marking, and the specific marking method is not specifically limited in this embodiment of the present disclosure.
  • the characteristic information of the client may be the original characteristic information carried by the data packet, or the characteristic fingerprint information generated after processing the original characteristic information carried by the data packet.
  • the original feature information is processed, and a new value or vector value is correspondingly generated, which is not specifically limited in this embodiment of the present disclosure.
  • the client identification is performed sequentially according to the MAC address and characteristic information of the client. Feature information for continuous identification.
  • the client’s MAC address fails to match, further identification needs to be carried out based on the client’s feature information; client identification is carried out through the corresponding MAC address of the client and related feature information, and it does not need to take a long time to obtain the client.
  • the behavior characteristics corresponding to the client that is, there is no need to occupy system resources for a long time, so that the client can be quickly identified without affecting the performance of the network device, and different clients may have the same or similar behavior characteristics, according to the customer
  • the recognition results obtained when identifying the behavior characteristics corresponding to the client are greatly affected by the behavior characteristics, and there is a high possibility of misidentification.
  • the MAC addresses and characteristic information corresponding to different clients are different. According to the client The identification result obtained when the corresponding MAC address and feature information is identified is less likely to be misidentified, so that the accuracy of identification can be improved.
  • the data packet is a first-type data packet
  • the characteristic information of the client is the first-type characteristic information of the client
  • searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result specifically includes:
  • the client when receiving the second type of data packet sent by the client, correspondingly obtain the second type of feature information of the client; match the first type of feature information with the client in the user information table
  • the data packets sent by the client to the network device can be divided into different types of data packets according to the information they carry, for example, divided into the first type of data packets and the second type of data packets, correspondingly, this
  • the characteristic information of the client obtained by the network device according to the first type of data packet is the first type of characteristic information
  • the characteristic information of the client obtained according to the second type of data packet is the second type of characteristic information
  • the user information table includes at least the associated
  • the network device after the network device marks the client to be detected, when receiving the first type of data packet sent by the client, it correspondingly acquires the The first type of characteristic information of the terminal, and according to the above user information table, search and match the obtained first type of characteristic information of the client, and judge whether there is a first type matching the first type of characteristic information of the client in the above user information table.
  • class feature information when the client’s first-class feature information matches successfully, it means that there is first-class feature information matching the client’s first-class feature information in the above-mentioned user information table, because the above-mentioned user information table exists There may be more than one first-type characteristic information that matches the first-type characteristic information of the client, so it is necessary to further determine whether there is only one first-type characteristic information that successfully matches the first-type characteristic information of the client in the above user information table ; When there is one and only one first-type feature information in the above-mentioned user information table that matches the first-type feature information of the client, it indicates that the client has been identified successfully, and the client is identified successfully, which is the client.
  • the client adds a "recognition success" mark; when more than one first-type characteristic information in the above user information table matches the first-type characteristic information of the client, the "to be detected” mark of the client is retained, indicating that the client is still If the identification is not successful, it is necessary to obtain more relevant characteristic information for further identification. Therefore, when the network device receives the second type of data packet sent by the client, it will analyze and obtain the client’s information according to the received second type of data packet.
  • the second type of characteristic information of the client and according to the second type of characteristic information corresponding to the first type of characteristic information that successfully matches the first type of characteristic information of the client in the above user information table, the obtained second type of the client Search and match the type feature information, and determine whether there is a second type feature information corresponding to the client's first type feature information in the user information table that matches the client's first type feature information.
  • the second type of characteristic information matched with the characteristic information, so as to continue to identify the client according to the matching result of the second type of characteristic information of the client.
  • client identification is performed sequentially according to the MAC address of the client, the first type of feature information, and the second type of feature information.
  • the first type of characteristic information and the second type of characteristic information are used for continuous identification; if the MAC address of the client fails to match, further identification needs to be carried out based on the first type of characteristic information of the client; if the first type of characteristic information of the client is successfully matched , and there is more than one first-type characteristic information successfully matched in the user information table, it is necessary to further continue to identify based on the second-type characteristic information of the client.
  • the method also includes:
  • the client is marked with a new user
  • the matching of the first type of characteristic information of the client fails, that is, there is no first type of characteristic information matching the first type of characteristic information of the client in the above user information table, indicating that the client If the terminal is a new user, then add a new user mark to the client, that is, add a "new user" mark to the client, and add the client's MAC address and first-class feature information to the user information table accordingly .
  • the MAC address of the client fails to match, further identification needs to be carried out based on the first type of feature information of the client;
  • the first type of characteristic information of the client The client has not been associated with the network device. Compared with the network device, the client is a new user.
  • the address and the first type of feature information are correspondingly added to the user information table maintained by the network device, thereby realizing real-time updating and maintenance of the user information table.
  • the client is marked with a new user, specifically including:
  • the matching process can be repeated multiple times for the first type of feature information of the client, and the network device presets the first matching duration threshold or the first matching times threshold, so as to limit the time or times of the matching processing flow of the first type of feature information.
  • the matching of the first type of characteristic information of the client fails, first judge whether the current total matching duration of the first type of characteristic information is less than the preset first matching duration threshold, and if so, it can be received next time
  • the first type of data packet sent by the client reacquire the first type of characteristic information of the client, and perform search and matching again according to the reacquired first type of characteristic information of the client, when the first type of characteristic information of the client
  • the matching fails, judge whether the current total matching duration of the first type of characteristic information is still less than the preset first matching duration threshold, and perform corresponding processing according to the judgment result, and so on, until the current total matching duration of the first type of characteristic information
  • the client is regarded as a new user, and the client is marked as a new user.
  • the client fails to match the first type of feature information, first determine whether the current total number of matching times of the first type of feature information is less than the preset first matching number threshold, and if so, then you can When the first type of data packet sent by the client is received once, the first type of characteristic information of the client is reacquired, and the search and matching is performed again according to the obtained first type of characteristic information of the client.
  • the matching of the feature information of the first category fails, it is judged whether the current total number of matching times of the feature information of the first category is still less than the preset threshold of the first matching times, and corresponding processing is carried out according to the judgment result, and so on, until the current total number of matching times of the feature information of the first category is Until the total number of matching times is not less than the preset first matching times threshold, at this time, if the first type of feature information of the client still fails to match, and the current total number of matching times of the first type of feature information is not less than the preset first match times threshold, the client is regarded as a new user, and the client is marked as a new user.
  • the first type of feature information of the client is The second type of characteristic information is searched and matched, and the client is identified according to the matching result, specifically including:
  • the network device when the network device receives the second-type data packet sent by the client, it analyzes and obtains the second-type characteristic information of the client according to the received second-type data packet, and according to the above-mentioned user
  • the second type of characteristic information corresponding to the first type of characteristic information that successfully matches the first type of characteristic information of the client exists in the information table, search and match the obtained second type of characteristic information of the client, and judge the user information table
  • the second type of feature information corresponding to the first type of feature information that matches the first type of feature information of the client whether there is second type of feature information that matches the second type of feature information of the client;
  • the client is marked as a new user, that is, the client is marked with "new user", and the The MAC address of the client, the first type of feature information and the second type of feature information are correspondingly added to the user information table.
  • the client's second-type feature information matches successfully, it indicates that the client is successfully identified; if the client's second-type feature information also fails to match, it means that the client's second-type Feature information, the client has not been associated with this network device, and this client is a new user compared to this network device, then add a new user mark to this client, and add the MAC address of the client, the first class
  • the feature information and the second type of feature information are correspondingly added to the user information table maintained by the network device, thereby realizing real-time updating and maintenance of the user information table.
  • the second type of characteristic information of the client is successfully matched, if the second type of characteristic information corresponding to the first type of characteristic information matching the first type of characteristic information of the client exists in the user information table Among the feature information, if there is more than one second-type feature information that matches the second-type feature information of the client, then the third-type feature information corresponding to the third-type data packet sent by the client can be combined with the client.
  • the client continues to identify.
  • the network device can identify the client in turn according to the client's MAC address, the first type of characteristic information, the second type of characteristic information and the third type of characteristic information.
  • the specific recognition principle of each type of characteristic information is the same as that of the above embodiment, and will not be repeated here.
  • the matching process can be repeated multiple times for the second type of feature information of the client, and the network device presets the second matching duration threshold or a second matching times threshold, so as to limit the time or times of the matching processing flow of the second type of characteristic information.
  • the matching of the second type of characteristic information of the client fails, first judge whether the current total matching duration of the second type of characteristic information is less than the preset second matching duration threshold, and if so, it can be received next time
  • the second type of data packet is sent by the client
  • reacquire the second type of characteristic information of the client and perform search and matching again according to the reacquired second type of characteristic information of the client
  • the matching fails, judge whether the current total matching duration of the second type of characteristic information is still less than the preset second matching duration threshold, and perform corresponding processing according to the judgment result, and so on, until the current total matching duration of the second type of characteristic information
  • the client is regarded as a new user, and the client is marked as a new user.
  • the client fails to match the second type of feature information, first determine whether the current total number of matching times of the second type of feature information is less than the preset second matching times threshold, and if so, you can use the following
  • the second type of data packet sent by the client is received once, the second type of characteristic information of the client is reacquired, and the second type of characteristic information of the client is searched and matched again.
  • the matching of the characteristic information of the second type fails, it is judged whether the current total matching times of the characteristic information of the second type is still less than the preset threshold of the second matching times, and corresponding processing is carried out according to the judgment result, and so on until the current total number of matching times of the characteristic information of the second type is Until the total number of matching times is not less than the preset second matching times threshold, at this time, if the second type of feature information of the client still fails to match, and the current total number of matching times of the second type of feature information is not less than the preset second match times threshold, the client is regarded as a new user, and the client is marked as a new user.
  • the first type of data packet is a data packet identifying device information, and the first type of feature information corresponds to device information;
  • the second type of data packet is a data packet identifying user behavior, The second type of feature information corresponds to user behavior information;
  • the first type of data packet is a data packet that identifies user behavior, and the first type of characteristic information corresponds to user behavior information;
  • the second type of data packet is a data packet that identifies device information, and the second type of characteristic information Corresponding to device information.
  • the data packet sent by the client to the network device includes at least a data packet identifying device information and a data packet identifying user behavior. Therefore, the first type of data packet can be a data packet identifying device information, or a data packet identifying user behavior.
  • the first type of characteristic information obtained by the network device according to the first type of data packet can be the corresponding The device information can also be the user behavior information corresponding to the client.
  • the second type of data packet can be the data packet identifying the device information, or the data packet identifying the user behavior.
  • the network device according to the first The second-type characteristic information obtained by the second-type data packet may be device information corresponding to the client, or user behavior information corresponding to the client.
  • the data packets identifying device information at least include DHCP data packets, DHCPv6 data packets and Probe Request data packets; the data packets identifying user behavior include at least HTTP data packets and DNS data packets.
  • the data packet identifying the device information at least includes a DHCP data packet, a DHCPv6 data packet, and a Probe Request data packet carrying the device information of the client.
  • Device information corresponds to DHCP feature information, DHCPv6 feature information, and Probe Request feature information;
  • data packets identifying user behavior include at least HTTP data packets and DNS data packets that reflect user behavior information of the client.
  • the user behavior information obtained from the data corresponds to HTTP feature information and DNS feature information.
  • the DHCP feature information includes IP frame length, Vendor Class Identifier, TTL, etc.
  • the DHCPv6 feature information includes Link-layer address, DUID, etc.
  • the Probe Request feature information includes SSID Parameter set, Supported Rates, VHT Capabilities, etc.
  • HTTP feature information includes User Agent, Cookie, URL, Host and other information
  • DNS feature information includes Queries and other information.
  • the method further includes:
  • the network device receives the data packet (such as the first type of data packet or the second type of data packet) sent by the client According to the received data packet, the corresponding characteristic information of the client (for example, the first type of characteristic information or the second type of characteristic information) is correspondingly obtained, and the characteristic information of the client is searched and matched according to the above user information table, and the user is judged Whether there is characteristic information matching the characteristic information of the client in the information table, when the matching of the characteristic information of the client fails, it indicates that there is no characteristic information matching the characteristic information of the client in the user information table, but, due to the The client has successfully matched the MAC address, and there is a MAC address that successfully matches the client's MAC address and feature information corresponding to the successful MAC address in the user information table, indicating that the successful match exists in the user information table.
  • the data packet such as the first type of data packet or the second type of data packet
  • the network device receives the data packet (such as the first type of data packet or the second type of data
  • the characteristic information corresponding to the MAC address does not match the characteristic information obtained according to the received data packet sent by the client. Therefore, it is necessary to perform corresponding matching on the characteristic information corresponding to the successfully matched MAC address existing in the user information table.
  • the updating process is to replace the characteristic information corresponding to the successfully matched MAC address in the user information table with the characteristic information obtained according to the received data packet sent by the client.
  • Embodiments of the present disclosure also provide a client identification device, as shown in FIG. 2 , which is a structural block diagram of a preferred embodiment of a client identification device provided by the present disclosure.
  • the device includes:
  • MAC address acquisition module 11 used for acquiring the MAC address of the client when any client is associated with the network device
  • the MAC address matching module 12 is configured to search and match the MAC address of the client according to a preset user information table; wherein, the user information table includes the MAC addresses of all clients associated with the network device and each MAC address The characteristic information corresponding to the address;
  • MAC address matching success processing module 13 used for when the MAC address of the client is successfully matched, mark the client as successful identification;
  • MAC address matching failure processing module 14 for when the MAC address of the client fails to match, mark the client to be detected, and when receiving the data packet sent by the client, according to the data packet Obtaining the characteristic information of the client; searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result.
  • the data packet is a first-type data packet
  • the characteristic information of the client is the first-type characteristic information of the client
  • the MAC address matching failure processing module 14 specifically includes:
  • a first feature matching unit configured to search and match the first type of feature information of the client according to the user information table
  • a first feature matching successful processing unit configured to determine whether the first type of feature information in the user information table successfully matches the first type of feature information of the client when the first type of feature information of the client is successfully matched. only one;
  • the client marking unit is configured to mark the client successfully if it is identified
  • the second feature matching unit is configured to, if not, correspondingly obtain the second type of feature information of the client when receiving the second type of data packet sent by the client; according to the user information table and the described
  • the first type of feature information of the client matches the second type of feature information corresponding to the first type of feature information successfully, searching and matching the second type of feature information of the client, and identifying the client according to the matching result;
  • the user information table includes the MAC addresses of all clients associated with the network device and the first-type feature information and the second-type feature information corresponding to each MAC address.
  • the MAC address matching failure processing module 14 also includes:
  • the first feature matching failure processing unit is configured to add a new user mark to the client when the first type of feature information of the client fails to match; add the client's MAC address and the first type of feature information to the In the user information table.
  • the first feature matching failure processing unit is specifically configured to:
  • the second feature matching unit specifically includes:
  • the second feature matching subunit is configured to, according to the second type of feature information corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client, to the second type of the client.
  • the second feature matching success processing subunit is configured to mark the client as an identification success when the second type of feature information of the client is successfully matched;
  • the second characteristic matching failure processing subunit is used to add a new user mark to the client when the matching of the second type of characteristic information of the client fails, and add the MAC address of the client, the first type of characteristic information And the second type of feature information is added to the user information table.
  • the second feature matching failure processing subunit is specifically used for:
  • the first type of data packet is a data packet identifying device information, and the first type of feature information corresponds to device information;
  • the second type of data packet is a data packet identifying user behavior, and the second type of feature information corresponds to device information;
  • Feature information corresponds to user behavior information;
  • the first type of data packet is a data packet that identifies user behavior, and the first type of characteristic information corresponds to user behavior information;
  • the second type of data packet is a data packet that identifies device information, and the second type of characteristic information Corresponding to device information.
  • the data packets identifying device information at least include DHCP data packets, DHCPv6 data packets and Probe Request data packets; the data packets identifying user behavior include at least HTTP data packets and DNS data packets.
  • the device also includes:
  • a characteristic information acquisition module configured to acquire characteristic information of the client according to the data packet when receiving the data packet sent by the client;
  • a characteristic information matching module configured to search and match the characteristic information of the client according to the user information table
  • a feature information update module configured to perform feature information corresponding to a MAC address in the user information table that matches successfully with the MAC address of the client according to the feature information of the client when the match of the feature information of the client fails. update processing.
  • the client identification device provided by the embodiments of the present disclosure can realize all the processes of the client identification method described in any of the above embodiments, the functions of each module, unit, and subunit in the device, and the achieved technical effects
  • the functions and technical effects achieved by the client identification method described in the above embodiments are correspondingly the same, and will not be repeated here.
  • An embodiment of the present disclosure also provides a computer-readable storage medium, the computer-readable storage medium includes a stored computer program; wherein, when the computer program is running, the computer-readable storage medium is controlled by the device where the computer-readable storage medium is located to execute The client identification method described in any one of the above embodiments.
  • Embodiments of the present disclosure also provide a network device, as shown in FIG. 3 , which is a structural block diagram of a preferred embodiment of a network device provided by the present disclosure.
  • the processor 10 implements the client identification method described in any of the above embodiments when executing the computer program.
  • the computer program can be divided into one or more modules/units (such as computer program 1, computer program 2, ...), and the one or more modules/units are stored in the stored in the memory 20 and executed by the processor 10 to complete the present invention.
  • the one or more modules/units may be a series of computer program instruction segments capable of accomplishing specific functions, and the instruction segments are used to describe the execution process of the computer program in the network device.
  • the processor 10 can be a central processing unit (Central Processing Unit, CPU), and can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor can be a microprocessor, or the processor 10 can also be It is any conventional processor, and the processor 10 is the control center of the network device, using various interfaces and lines to connect various parts of the network device.
  • the memory 20 mainly includes a program storage area and a data storage area, wherein the program storage area can store an operating system, an application program required by at least one function, etc., and the data storage area can store related data and the like.
  • the memory 20 can be a high-speed random access memory, or a non-volatile memory, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card and a flash memory Card (Flash Card), etc., or the memory 20 can also be other volatile solid-state storage devices.
  • the above-mentioned network equipment may include, but not limited to, a processor and a memory.
  • a processor may include, but not limited to, a central processing unit (CPU)
  • a memory may include, but not limited to, a central processing unit (CPU)
  • FIG. 3 is only an example of the above-mentioned network equipment and does not constitute a limitation on the network equipment. More or fewer components than shown, or combinations of certain components, or different components.
  • the client identification method, device, computer-readable storage medium, and network device provided by the embodiments of the present disclosure have the following beneficial effects:

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A client identification method and apparatus, and a storage medium and a network device. The method comprises: when any client is associated with the present network device, acquiring a MAC address of the client; performing searching and matching on the MAC address of the client according to a preset user information table, wherein the user information table comprises MAC addresses of all clients which have been associated with the present network device, and feature information corresponding to each MAC address; when the MAC address of the client is successfully matched, marking the client as successfully identified; and when the MAC address of the client fails to be matched, marking the client as to be tested, and when a data packet sent by the client is received, acquiring feature information of the client according to the data packet, and performing searching and matching on the feature information of the client according to the user information table, and identifying the client according to a matching result.

Description

客户端识别方法、装置、存储介质及网络设备Client identification method, device, storage medium and network equipment
本申请要求于2021年6月25日递交的第202110716012.4号中国专利申请的优先权,在此全文引用上述中国专利申请公开的内容以作为本申请的一部分。This application claims the priority of the Chinese patent application No. 202110716012.4 submitted on June 25, 2021, and the content disclosed in the above Chinese patent application is cited in its entirety as a part of this application.
技术领域technical field
本公开的实施例涉及通信技术领域,尤其涉及客户端识别方法、装置、计算机可读存储介质及网络设备。The embodiments of the present disclosure relate to the technical field of communications, and in particular to a client identification method, device, computer-readable storage medium, and network equipment.
背景技术Background technique
MAC地址是网络设备在网络上的标识符,常常被用来追踪网络设备。为了保护用户隐私,Android、IOS和Windows系统等都开始提供生成随机MAC地址的功能,这对通过MAC地址进行规则管理的网络设备的相关功能造成了严重的冲击,例如路由器的家长控制、QoS优先级、IoT等功能,因此,为了避免此类功能失效,网络设备需要具备客户端识别能力。A MAC address is an identifier of a network device on the network and is often used to track network devices. In order to protect user privacy, Android, IOS, and Windows systems have begun to provide the function of generating random MAC addresses, which has caused a serious impact on the related functions of network devices that are managed by MAC addresses, such as parental control of routers and QoS priority. Level, IoT and other functions, therefore, in order to avoid the failure of such functions, network devices need to have client identification capabilities.
目前常用的解决方案是通过用户行为特征实现客户端识别,该方案往往需要对用户进行长时间的联网行为跟踪,比如监视用户在一天内DNS请求信息中的域名及其频次、HTTP请求信息中的URL、User Agent及频次等信息,这是因为用户在某一时间内的联网行为具有一定的随机性,只有经过长时间的跟踪和统计才能得到较为可靠的行为分析。At present, the commonly used solution is to realize client identification through user behavior characteristics. This solution often requires long-term network behavior tracking of users, such as monitoring the domain name and its frequency in the DNS request information of the user within a day, and the domain name and frequency in the HTTP request information. Information such as URL, User Agent, and frequency. This is because the user's online behavior within a certain period of time has certain randomness. Only after long-term tracking and statistics can a more reliable behavior analysis be obtained.
但是,通过用户行为进行识别的方案需要在较长一段时间内对大量的通信数据包进行解析和统计,无法实现快速识别,并且具体的时间长短无法确定一个合适的阈值,在一定程度上影响了识别的准确性,同时,该方案将长时间占据实时系统的相关资源,尤其在实时系统设备中需要对用户进行长时间的抓包统计,可能会造成网络延迟、拥塞等后果,导致网络设备的性能下降。However, the scheme of identifying through user behavior needs to analyze and count a large number of communication data packets for a long period of time, which cannot achieve rapid identification, and the specific time length cannot determine an appropriate threshold, which affects the network to a certain extent. At the same time, this solution will occupy the relevant resources of the real-time system for a long time, especially in the real-time system equipment, it is necessary to carry out long-term packet capture statistics for users, which may cause network delays, congestion and other consequences, resulting in network equipment failure. Performance drops.
发明内容Contents of the invention
本公开的实施例所要解决的技术问题在于,提供一种客户端识别方法、装置、计算机可读存储介质及网络设备,能够在基本不影响网络设备性能的前提下快速进行客户端识别,并且提高识别的准确性。The technical problem to be solved by the embodiments of the present disclosure is to provide a client identification method, device, computer-readable storage medium, and network equipment, which can quickly identify the client without substantially affecting the performance of the network equipment, and improve Accuracy of recognition.
为了解决上述技术问题,本公开的实施例提供一种客户端识别方法,包括:In order to solve the above technical problems, an embodiment of the present disclosure provides a client identification method, including:
当任一客户端关联本网络设备时,获取所述客户端的MAC地址;When any client is associated with the network device, obtain the MAC address of the client;
根据预设的用户信息表对所述客户端的MAC地址进行搜索匹配;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的特征信息;Search and match the MAC address of the client according to a preset user information table; wherein, the user information table includes MAC addresses of all clients associated with the network device and feature information corresponding to each MAC address;
当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记;When the MAC address of the client is successfully matched, marking the client as an identification success;
当所述客户端的MAC地址匹配失败时,对所述客户端进行待检测标记,并在接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别。When the MAC address of the client fails to match, the client is marked to be detected, and when the data packet sent by the client is received, the characteristic information of the client is obtained according to the data packet; The user information table searches and matches the characteristic information of the client, and identifies the client according to the matching result.
进一步地,所述数据包为第一类数据包,所述客户端的特征信息为所述客户端的第一类特征信息;Further, the data packet is a first-type data packet, and the characteristic information of the client is the first-type characteristic information of the client;
则,所述根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别,具体包括:Then, searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result, specifically includes:
根据所述用户信息表对所述客户端的第一类特征信息进行搜索匹配;Searching and matching the first type of characteristic information of the client according to the user information table;
当所述客户端的第一类特征信息匹配成功时,判断所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息是否只有一个;When the first type of characteristic information of the client is successfully matched, judging whether there is only one first type of characteristic information in the user information table that successfully matches the first type of characteristic information of the client;
若是,则对所述客户端进行识别成功标记;If so, then carry out identification success mark to described client;
若否,则在接收到所述客户端发送的第二类数据包时,相应获取所述客户端的第二类特征信息;根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的第一类特征信息和第二类特征信息。If not, when receiving the second type of data packet sent by the client, correspondingly obtain the second type of feature information of the client; match the first type of feature information with the client in the user information table The second type of characteristic information corresponding to the successful first type of characteristic information, search and match the second type of characteristic information of the client, and identify the client according to the matching result; wherein, in the user information table It includes the MAC addresses of all clients associated with the network device and the first-type feature information and second-type feature information corresponding to each MAC address.
进一步地,所述方法还包括:Further, the method also includes:
当所述客户端的第一类特征信息匹配失败时,对所述客户端进行新增用户标记;When the matching of the first type of feature information of the client fails, add a new user mark to the client;
将所述客户端的MAC地址和第一类特征信息添加到所述用户信息表中。Add the MAC address of the client and the characteristic information of the first type to the user information table.
进一步地,所述当所述客户端的第一类特征信息匹配失败时,对所述客户端进行新增用户标记,具体包括:Further, when the matching of the first type of characteristic information of the client fails, adding a new user mark to the client includes:
当所述客户端的第一类特征信息匹配失败时,判断第一类特征信息的匹配时长是否小于预设的第一匹配时长阈值或匹配次数是否小于预设的第一匹配次数阈值;When the matching of the first type of feature information of the client fails, judging whether the matching duration of the first type of feature information is less than a preset first matching duration threshold or whether the number of matches is less than a preset first matching number threshold;
若是,则在接收到所述客户端发送的下一个第一类数据包时,重新获取所述客户端的第一类特征信息,并执行相应的第一类特征信息匹配处理方案,直至匹配时长不小于所述第一匹配时长阈值或匹配次数不小于所述第一匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next first-type data packet sent by the client, reacquire the first-type characteristic information of the client, and execute the corresponding first-type characteristic information matching processing scheme until the matching duration is longer than Adding a new user mark to the client until the first matching duration threshold or the number of matching times is not less than the first matching number threshold;
若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
进一步地,所述根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别,具体包括:Further, according to the second type of feature information corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client, the second type of feature information of the client is performed Search for a match, and identify the client according to the match result, specifically including:
根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配;Searching and matching the second type of feature information of the client according to the second type of feature information corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client;
当所述客户端的第二类特征信息匹配成功时,对所述客户端进行识别成功标记;When the second type of characteristic information of the client is successfully matched, marking the client as an identification success;
当所述客户端的第二类特征信息匹配失败时,对所述客户端进行新增用户标记,并将所述客户端的MAC地址、第一类特征信息和第二类特征信息添加到所述用户信息表中。When the matching of the second type of characteristic information of the client fails, add a new user mark to the client, and add the MAC address of the client, the first type of characteristic information and the second type of characteristic information to the user information sheet.
进一步地,所述当所述客户端的第二类特征信息匹配失败时,对所述客户端进行新增用户标记,具体包括:Further, when the matching of the second type of feature information of the client fails, adding a new user mark to the client includes:
当所述客户端的第二特征信息匹配失败时,判断第二类特征信息的匹配时长是否小于预设的第二匹配时长阈值或匹配次数是否小于预设的第二匹配 次数阈值;When the matching of the second feature information of the client fails, it is judged whether the matching duration of the second type of feature information is less than the preset second matching duration threshold or whether the number of matches is less than the preset second matching times threshold;
若是,则在接收到所述客户端发送的下一个第二类数据包时,重新获取所述客户端的第二类特征信息,并执行相应的第二类特征信息匹配处理方案,直至匹配时长不小于所述第二匹配时长阈值或匹配次数不小于所述第二匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next second-type data packet sent by the client, reacquire the second-type feature information of the client, and execute the corresponding second-type feature information matching processing plan until the matching duration is longer than Adding a new user mark to the client until the second matching duration threshold or the number of matching times is not less than the second matching number threshold;
若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
进一步地,所述第一类数据包为标识设备信息的数据包,所述第一类特征信息对应为设备信息;所述第二类数据包为标识用户行为的数据包,所述第二类特征信息对应为用户行为信息;Further, the first type of data packet is a data packet identifying device information, and the first type of feature information corresponds to device information; the second type of data packet is a data packet identifying user behavior, and the second type of Feature information corresponds to user behavior information;
或,or,
所述第一类数据包为标识用户行为的数据包,所述第一类特征信息对应为用户行为信息;所述第二类数据包为标识设备信息的数据包,所述第二类特征信息对应为设备信息。The first type of data packet is a data packet that identifies user behavior, and the first type of characteristic information corresponds to user behavior information; the second type of data packet is a data packet that identifies device information, and the second type of characteristic information Corresponding to device information.
进一步地,所述标识设备信息的数据包至少包括DHCP数据包、DHCPv6数据包和Probe Request数据包;所述标识用户行为的数据包至少包括HTTP数据包和DNS数据包。Further, the data packets identifying device information at least include DHCP data packets, DHCPv6 data packets and Probe Request data packets; the data packets identifying user behavior include at least HTTP data packets and DNS data packets.
进一步地,在所述当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记之后,所述方法还包括:Further, after the client's MAC address matches successfully, after the client is successfully identified, the method further includes:
当接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;When receiving the data packet sent by the client, acquiring the characteristic information of the client according to the data packet;
根据所述用户信息表对所述客户端的特征信息进行搜索匹配;Searching and matching the characteristic information of the client according to the user information table;
当所述客户端的特征信息匹配失败时,根据所述客户端的特征信息对所述用户信息表中与所述客户端的MAC地址匹配成功的MAC地址所对应的特征信息进行更新处理。When the matching of the characteristic information of the client fails, update the characteristic information corresponding to the MAC address that successfully matches the MAC address of the client in the user information table according to the characteristic information of the client.
为了解决上述技术问题,本公开的实施例还提供了一种客户端识别装置,包括:In order to solve the above technical problems, an embodiment of the present disclosure also provides a client identification device, including:
MAC地址获取模块,用于当任一客户端关联本网络设备时,获取所述客户端的MAC地址;A MAC address obtaining module, configured to obtain the MAC address of the client when any client is associated with the network device;
MAC地址匹配模块,用于根据预设的用户信息表对所述客户端的MAC地址进行搜索匹配;其中,所述用户信息表中包括关联过本网络设备的所有 客户端的MAC地址以及每一个MAC地址对应的特征信息;The MAC address matching module is used to search and match the MAC address of the client according to the preset user information table; wherein, the user information table includes the MAC addresses of all clients associated with the network device and each MAC address Corresponding feature information;
MAC地址匹配成功处理模块,用于当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记;A MAC address matching success processing module, configured to mark the client as a successful identification when the MAC address of the client is successfully matched;
MAC地址匹配失败处理模块,用于当所述客户端的MAC地址匹配失败时,对所述客户端进行待检测标记,并在接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别。A MAC address matching failure processing module, configured to mark the client to be detected when the MAC address of the client fails to match, and when receiving the data packet sent by the client, obtain The characteristic information of the client; searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result.
本公开的实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质包括存储的计算机程序;其中,所述计算机程序在运行时控制所述计算机可读存储介质所在的设备执行上述任一项所述的客户端识别方法。An embodiment of the present disclosure also provides a computer-readable storage medium, the computer-readable storage medium includes a stored computer program; wherein, when the computer program is running, the computer-readable storage medium is controlled by the device where the computer-readable storage medium is located to execute The client identification method described in any one of the above.
本公开的实施例还提供了一种网络设备,包括处理器、存储器以及存储在所述存储器中且被配置为由所述处理器执行的计算机程序,所述处理器在执行所述计算机程序时实现上述任一项所述的客户端识别方法。An embodiment of the present disclosure also provides a network device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, when the processor executes the computer program Realize the client identification method described in any one of the above.
与现有技术相比,本公开的实施例提供了一种客户端识别方法、装置、计算机可读存储介质及网络设备,当任一客户端关联本网络设备时,获取该客户端的MAC地址,并根据预设的用户信息表对该客户端的MAC地址进行搜索匹配;其中,预设的用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的特征信息;当该客户端的MAC地址匹配成功时,表明该客户端识别成功,则对该客户端进行识别成功标记;当该客户端的MAC地址匹配失败时,表明该客户端识别失败,则对该客户端进行待检测标记,并在接收到该客户端发送的数据包时,根据该数据包获取该客户端的特征信息,以根据预设的用户信息表对该客户端的特征信息进行搜索匹配,并根据匹配结果对该客户端进行继续识别;通过客户端的MAC地址以及相关特征信息进行客户端识别,无需长时间的占用系统资源,从而能够在基本不影响网络设备性能的前提下快速进行客户端识别,并且提高识别的准确性。Compared with the prior art, the embodiments of the present disclosure provide a client identification method and device, a computer-readable storage medium, and a network device. When any client is associated with the network device, the MAC address of the client is obtained. And search and match the MAC address of the client according to the preset user information table; wherein, the preset user information table includes the MAC addresses of all clients associated with the network device and the characteristic information corresponding to each MAC address; When the MAC address of the client matches successfully, it indicates that the identification of the client is successful, and then the identification success mark is carried out on the client; Detect the mark, and when receiving the data packet sent by the client, obtain the characteristic information of the client according to the data packet, so as to search and match the characteristic information of the client according to the preset user information table, and match the client according to the matching result The client continues to identify; the client is identified through the client's MAC address and related feature information, without occupying system resources for a long time, so that the client can be quickly identified without affecting the performance of the network device, and the identification can be improved. accuracy.
附图说明Description of drawings
为了更清楚地说明本公开的实施例的技术方案,下面将对实施例的附图作简单地介绍,显而易见地,下面描述的附图仅仅涉及本公开的一些实施例, 而非对本公开的限制。In order to illustrate the technical solutions of the embodiments of the present disclosure more clearly, the accompanying drawings of the embodiments will be briefly introduced below. Obviously, the drawings described below only relate to some embodiments of the present disclosure, rather than limiting the present disclosure .
图1是本公开提供的一种客户端识别方法的一个优选实施例的流程图;FIG. 1 is a flow chart of a preferred embodiment of a client identification method provided by the present disclosure;
图2是本公开提供的一种客户端识别装置的一个优选实施例的结构框图;Fig. 2 is a structural block diagram of a preferred embodiment of a client identification device provided by the present disclosure;
图3是本公开提供的一种网络设备的一个优选实施例的结构框图。Fig. 3 is a structural block diagram of a preferred embodiment of a network device provided by the present disclosure.
具体实施方式detailed description
下面将结合本公开的实施例中的附图,对本公开的实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本公开的一部分实施例,而不是全部的实施例。基于本公开中的实施例,本技术领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present disclosure will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments are only part of the embodiments of the present disclosure, not all of them. example. Based on the embodiments in the present disclosure, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.
本公开的实施例提供了一种客户端识别方法,参见图1所示,是本公开提供的一种客户端识别方法的一个优选实施例的流程图,所述方法包括步骤S11至步骤S14:An embodiment of the present disclosure provides a client identification method, as shown in FIG. 1 , which is a flowchart of a preferred embodiment of a client identification method provided by the present disclosure. The method includes steps S11 to S14:
步骤S11、当任一客户端关联本网络设备时,获取所述客户端的MAC地址;Step S11, when any client is associated with the network device, obtain the MAC address of the client;
步骤S12、根据预设的用户信息表对所述客户端的MAC地址进行搜索匹配;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的特征信息;Step S12, search and match the MAC address of the client according to the preset user information table; wherein, the user information table includes the MAC addresses of all clients associated with the network device and the feature information corresponding to each MAC address ;
步骤S13、当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记;Step S13, when the MAC address of the client matches successfully, marking the client as an identification success;
步骤S14、当所述客户端的MAC地址匹配失败时,对所述客户端进行待检测标记,并在接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别。Step S14, when the MAC address of the client fails to match, mark the client to be detected, and when receiving the data packet sent by the client, obtain the characteristic information of the client according to the data packet ; searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result.
需要说明的是,本公开的实施例可以由任意一个关联了客户端的网络设备(例如路由器等)执行,并且网络设备预先建立了用户信息表,用户信息表中至少包括关联过本网络设备的所有的客户端所对应的MAC地址以及每一个MAC地址所对应的特征信息,即客户端、MAC地址和特征信息之间具 有对应关系,当任意一个客户端首次关联至本网络设备时,本网络设备会将该客户端所对应的MAC地址以及特征信息添加到用户信息表中,从而实现对用户信息表的实时更新与维护。It should be noted that the embodiments of the present disclosure can be executed by any network device associated with a client (such as a router, etc.), and the network device has established a user information table in advance, and the user information table includes at least all The MAC address corresponding to the client and the characteristic information corresponding to each MAC address, that is, there is a corresponding relationship between the client, MAC address and characteristic information. When any client associates with the network device for the first time, the network device The MAC address and feature information corresponding to the client will be added to the user information table, thereby realizing real-time update and maintenance of the user information table.
具体的,本网络设备对客户端的识别过程如下:当任意一个客户端关联至本网络设备后,本网络设备获取该客户端的MAC地址,并根据预先设置的用户信息表对该客户端的MAC地址进行搜索匹配,判断用户信息表中是否存在与该客户端的MAC地址相匹配的MAC地址;当该客户端的MAC地址匹配成功时,表明用户信息表中存在与该客户端的MAC地址相匹配的MAC地址,该客户端识别成功,则对该客户端进行识别成功标记,即为该客户端添加“识别成功”标记;当该客户端的MAC地址匹配失败时,表明用户信息表中不存在与该客户端的MAC地址相匹配的MAC地址,则对该客户端进行待检测标记,即为该客户端添加“待检测”标记,表示该客户端还未识别成功,需要获取更多的相关特征信息进一步进行识别,因此,本网络设备在接收到该客户端发送的数据包时,根据接收到的数据包相应解析获取该客户端的特征信息,并根据预先设置的用户信息表对获得的客户端的特征信息进行搜索匹配,判断用户信息表中是否存在与该客户端的特征信息相匹配的特征信息,从而根据该客户端的特征信息的匹配结果对该客户端进行继续识别。Specifically, the identification process of the client by the network device is as follows: when any client is associated with the network device, the network device obtains the MAC address of the client, and performs a check on the MAC address of the client according to the preset user information table. Search for a match, and judge whether there is a MAC address matching the MAC address of the client in the user information table; when the MAC address of the client matches successfully, it indicates that there is a MAC address matching the MAC address of the client in the user information table, If the client is identified successfully, then the client will be identified successfully, that is, the client will be marked as "identified successfully"; when the client's MAC address fails to match, it indicates that there is no MAC address with the client in the user information table. If the address matches the MAC address, the client will be marked as "to be detected", that is, the "to be detected" mark will be added to the client, indicating that the client has not been successfully identified, and more relevant feature information needs to be obtained for further identification. Therefore, when the network device receives the data packet sent by the client, it analyzes and obtains the characteristic information of the client according to the received data packet, and searches and matches the obtained characteristic information of the client according to the preset user information table. , judging whether there is characteristic information matching the characteristic information of the client in the user information table, so as to continue to identify the client according to the matching result of the characteristic information of the client.
需要说明的是,对该客户端进行标记是为了表示该客户端当前的识别结果,例如,可以用“1”表示“识别成功”标记,用“0”表示“待检测”标记,也可以用其他任何符号进行标记,具体采用的标记方式本公开的实施例不作具体限定。It should be noted that marking the client is to indicate the current recognition result of the client. For example, "1" can be used to represent the "recognition success" mark, and "0" can be used to represent the "to be detected" mark. Any other symbols are used for marking, and the specific marking method is not specifically limited in this embodiment of the present disclosure.
另外,客户端的特征信息可以是数据包所携带的原始特征信息,也可以是对数据包所携带的原始特征信息进行处理后生成的特征指纹信息,例如,采用预设算法对数据包所携带的原始特征信息进行处理,相应生成新的数值或向量值,本公开的实施例不作具体限定。In addition, the characteristic information of the client may be the original characteristic information carried by the data packet, or the characteristic fingerprint information generated after processing the original characteristic information carried by the data packet. The original feature information is processed, and a new value or vector value is correspondingly generated, which is not specifically limited in this embodiment of the present disclosure.
本公开的实施例所提供的一种客户端识别方法,根据客户端的MAC地址和特征信息依次进行客户端识别,当客户端的MAC地址匹配成功时,表示客户端识别成功,不需要再根据客户端的特征信息进行继续识别,当客户端的MAC地址匹配失败时,需要进一步根据客户端的特征信息进行继续识 别;通过客户端所对应的MAC地址以及相关特征信息进行客户端识别,无需花费较长时间获取客户端所对应的行为特征,即无需长时间的占用系统资源,从而能够在基本不影响网络设备性能的前提下快速进行客户端识别,并且不同的客户端可能具有相同或类似的行为特征,根据客户端所对应的行为特征进行识别时获得的识别结果受行为特征的影响较大,存在误识别的可能性较大,而不同的客户端所对应的MAC地址和特征信息是不同的,根据客户端所对应的MAC地址和特征信息进行识别时获得的识别结果存在误识别的可能性较小,从而能够提高识别的准确性。In the client identification method provided by the embodiments of the present disclosure, the client identification is performed sequentially according to the MAC address and characteristic information of the client. Feature information for continuous identification. When the client’s MAC address fails to match, further identification needs to be carried out based on the client’s feature information; client identification is carried out through the corresponding MAC address of the client and related feature information, and it does not need to take a long time to obtain the client. The behavior characteristics corresponding to the client, that is, there is no need to occupy system resources for a long time, so that the client can be quickly identified without affecting the performance of the network device, and different clients may have the same or similar behavior characteristics, according to the customer The recognition results obtained when identifying the behavior characteristics corresponding to the client are greatly affected by the behavior characteristics, and there is a high possibility of misidentification. However, the MAC addresses and characteristic information corresponding to different clients are different. According to the client The identification result obtained when the corresponding MAC address and feature information is identified is less likely to be misidentified, so that the accuracy of identification can be improved.
在另一个优选实施例中,所述数据包为第一类数据包,所述客户端的特征信息为所述客户端的第一类特征信息;In another preferred embodiment, the data packet is a first-type data packet, and the characteristic information of the client is the first-type characteristic information of the client;
则,所述根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别,具体包括:Then, searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result, specifically includes:
根据所述用户信息表对所述客户端的第一类特征信息进行搜索匹配;Searching and matching the first type of characteristic information of the client according to the user information table;
当所述客户端的第一类特征信息匹配成功时,判断所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息是否只有一个;When the first type of characteristic information of the client is successfully matched, judging whether there is only one first type of characteristic information in the user information table that successfully matches the first type of characteristic information of the client;
若是,则对所述客户端进行识别成功标记;If so, then carry out identification success mark to described client;
若否,则在接收到所述客户端发送的第二类数据包时,相应获取所述客户端的第二类特征信息;根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的第一类特征信息和第二类特征信息。If not, when receiving the second type of data packet sent by the client, correspondingly obtain the second type of feature information of the client; match the first type of feature information with the client in the user information table The second type of characteristic information corresponding to the successful first type of characteristic information, search and match the second type of characteristic information of the client, and identify the client according to the matching result; wherein, in the user information table It includes the MAC addresses of all clients associated with the network device and the first-type feature information and second-type feature information corresponding to each MAC address.
需要说明的是,客户端发送至本网络设备的数据包可以根据其所携带的信息分为不同类型的数据包,例如,分为第一类数据包和第二类数据包,相应的,本网络设备根据第一类数据包获得的客户端的特征信息为第一类特征信息,根据第二类数据包获得的客户端的特征信息为第二类特征信息,用户信息表中则至少包括关联过本网络设备的所有的客户端所对应的MAC地址以及每一个MAC地址所对应的第一类特征信息和第二类特征信息,即客户端、MAC地址、第一类特征信息和第二类特征信息之间具有对应关系。It should be noted that the data packets sent by the client to the network device can be divided into different types of data packets according to the information they carry, for example, divided into the first type of data packets and the second type of data packets, correspondingly, this The characteristic information of the client obtained by the network device according to the first type of data packet is the first type of characteristic information, the characteristic information of the client obtained according to the second type of data packet is the second type of characteristic information, and the user information table includes at least the associated The MAC addresses corresponding to all the clients of the network device and the first-type characteristic information and the second-type characteristic information corresponding to each MAC address, that is, the client, the MAC address, the first-type characteristic information and the second-type characteristic information There is a corresponding relationship between them.
具体的,结合上述实施例,本网络设备在对该客户端进行待检测标记之 后,当接收到该客户端发送的第一类数据包时,根据接收到的第一类数据包相应获取该客户端的第一类特征信息,并根据上述用户信息表对获得的该客户端的第一类特征信息进行搜索匹配,判断上述用户信息表中是否存在与该客户端的第一类特征信息相匹配的第一类特征信息;当该客户端的第一类特征信息匹配成功时,表示上述用户信息表中存在与该客户端的第一类特征信息相匹配的第一类特征信息,由于上述用户信息表中存在的与该客户端的第一类特征信息相匹配的第一类特征信息可能不止一个,因此需要进一步判断上述用户信息表中与该客户端的第一类特征信息匹配成功的第一类特征信息是否只有一个;当上述用户信息表中有且仅有一个第一类特征信息与该客户端的第一类特征信息相匹配时,表明该客户端识别成功,则对该客户端进行识别成功标记,即为该客户端添加“识别成功”标记;当上述用户信息表中不止一个第一类特征信息与该客户端的第一类特征信息相匹配时,保留该客户端的“待检测”标记,表示该客户端还未识别成功,需要获取更多的相关特征信息进一步进行识别,因此,本网络设备在接收到该客户端发送的第二类数据包时,根据接收到的第二类数据包相应解析获取该客户端的第二类特征信息,并根据上述用户信息表中存在的与该客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对获得的该客户端的第二类特征信息进行搜索匹配,判断用户信息表中存在的与该客户端的第一类特征信息相匹配的第一类特征信息所对应的第二类特征信息中,是否存在与该客户端的第二类特征信息相匹配的第二类特征信息,以根据该客户端的第二类特征信息的匹配结果对该客户端进行继续识别。Specifically, in combination with the above-mentioned embodiments, after the network device marks the client to be detected, when receiving the first type of data packet sent by the client, it correspondingly acquires the The first type of characteristic information of the terminal, and according to the above user information table, search and match the obtained first type of characteristic information of the client, and judge whether there is a first type matching the first type of characteristic information of the client in the above user information table. class feature information; when the client’s first-class feature information matches successfully, it means that there is first-class feature information matching the client’s first-class feature information in the above-mentioned user information table, because the above-mentioned user information table exists There may be more than one first-type characteristic information that matches the first-type characteristic information of the client, so it is necessary to further determine whether there is only one first-type characteristic information that successfully matches the first-type characteristic information of the client in the above user information table ; When there is one and only one first-type feature information in the above-mentioned user information table that matches the first-type feature information of the client, it indicates that the client has been identified successfully, and the client is identified successfully, which is the client. The client adds a "recognition success" mark; when more than one first-type characteristic information in the above user information table matches the first-type characteristic information of the client, the "to be detected" mark of the client is retained, indicating that the client is still If the identification is not successful, it is necessary to obtain more relevant characteristic information for further identification. Therefore, when the network device receives the second type of data packet sent by the client, it will analyze and obtain the client’s information according to the received second type of data packet. The second type of characteristic information of the client, and according to the second type of characteristic information corresponding to the first type of characteristic information that successfully matches the first type of characteristic information of the client in the above user information table, the obtained second type of the client Search and match the type feature information, and determine whether there is a second type feature information corresponding to the client's first type feature information in the user information table that matches the client's first type feature information The second type of characteristic information matched with the characteristic information, so as to continue to identify the client according to the matching result of the second type of characteristic information of the client.
可以理解的,上述实施例是根据该客户端的MAC地址、第一类特征信息和第二类特征信息依次进行客户端识别,如果该客户端的MAC地址匹配成功,则不需要再根据该客户端的第一类特征信息和第二类特征信息进行继续识别;如果该客户端的MAC地址匹配失败,则需要进一步根据该客户端的第一类特征信息进行继续识别;如果该客户端的第一类特征信息匹配成功,且用户信息表中匹配成功的第一类特征信息不止一个,则需要进一步根据该客户端的第二类特征信息进行继续识别。It can be understood that, in the foregoing embodiment, client identification is performed sequentially according to the MAC address of the client, the first type of feature information, and the second type of feature information. The first type of characteristic information and the second type of characteristic information are used for continuous identification; if the MAC address of the client fails to match, further identification needs to be carried out based on the first type of characteristic information of the client; if the first type of characteristic information of the client is successfully matched , and there is more than one first-type characteristic information successfully matched in the user information table, it is necessary to further continue to identify based on the second-type characteristic information of the client.
在又一个优选实施例中,所述方法还包括:In yet another preferred embodiment, the method also includes:
当所述客户端的第一类特征信息匹配失败时,对所述客户端进行新增用 户标记;When the first type of characteristic information of the client fails to match, the client is marked with a new user;
将所述客户端的MAC地址和第一类特征信息添加到所述用户信息表中。Add the MAC address of the client and the characteristic information of the first type to the user information table.
具体的,结合上述实施例,当该客户端的第一类特征信息匹配失败时,即上述用户信息表中不存在与该客户端的第一类特征信息相匹配的第一类特征信息,表明该客户端为新增用户,则对该客户端进行新增用户标记,即为该客户端添加“新增用户”标记,并将该客户端的MAC地址和第一类特征信息相应添加到用户信息表中。Specifically, in combination with the above embodiments, when the matching of the first type of characteristic information of the client fails, that is, there is no first type of characteristic information matching the first type of characteristic information of the client in the above user information table, indicating that the client If the terminal is a new user, then add a new user mark to the client, that is, add a "new user" mark to the client, and add the client's MAC address and first-class feature information to the user information table accordingly .
可以理解的,如果该客户端的MAC地址匹配失败,则需要进一步根据该客户端的第一类特征信息进行继续识别;如果该客户端的第一类特征信息同样匹配失败,说明用户信息表中不存在该客户端的第一类特征信息,该客户端没有关联过本网络设备,相对于本网络设备来说,该客户端是新用户,则对该客户端进行新增用户标记,并将该客户端的MAC地址和第一类特征信息相应添加到本网络设备维护的用户信息表中,从而实现对用户信息表的实时更新与维护。Understandably, if the MAC address of the client fails to match, further identification needs to be carried out based on the first type of feature information of the client; The first type of characteristic information of the client. The client has not been associated with the network device. Compared with the network device, the client is a new user. The address and the first type of feature information are correspondingly added to the user information table maintained by the network device, thereby realizing real-time updating and maintenance of the user information table.
作为上述方案的改进,所述当所述客户端的第一类特征信息匹配失败时,对所述客户端进行新增用户标记,具体包括:As an improvement of the above solution, when the matching of the first type of feature information of the client fails, the client is marked with a new user, specifically including:
当所述客户端的第一类特征信息匹配失败时,判断第一类特征信息的匹配时长是否小于预设的第一匹配时长阈值或匹配次数是否小于预设的第一匹配次数阈值;When the matching of the first type of feature information of the client fails, judging whether the matching duration of the first type of feature information is less than a preset first matching duration threshold or whether the number of matches is less than a preset first matching number threshold;
若是,则在接收到所述客户端发送的下一个第一类数据包时,重新获取所述客户端的第一类特征信息,并执行相应的第一类特征信息匹配处理方案,直至匹配时长不小于所述第一匹配时长阈值或匹配次数不小于所述第一匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next first-type data packet sent by the client, reacquire the first-type characteristic information of the client, and execute the corresponding first-type characteristic information matching processing scheme until the matching duration is longer than Adding a new user mark to the client until the first matching duration threshold or the number of matching times is not less than the first matching number threshold;
若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
具体的,结合上述实施例,在该客户端的第一类特征信息匹配成功之前,针对该客户端的第一类特征信息可以重复进行多次匹配处理,并且本网络设备预先设置了第一匹配时长阈值或第一匹配次数阈值,以对第一类特征信息的匹配处理流程进行时间限制或者次数限制。Specifically, in combination with the above-mentioned embodiments, before the first type of feature information of the client is successfully matched, the matching process can be repeated multiple times for the first type of feature information of the client, and the network device presets the first matching duration threshold or the first matching times threshold, so as to limit the time or times of the matching processing flow of the first type of feature information.
以时间限制为例,当该客户端的第一类特征信息匹配失败时,先判断第 一类特征信息的当前总匹配时长是否小于预先设置的第一匹配时长阈值,若是,则可以在下一次接收到该客户端发送的第一类数据包时,重新获取该客户端的第一类特征信息,并根据重新获得的该客户端的第一类特征信息再次进行搜索匹配,当该客户端的第一类特征信息匹配失败时,判断第一类特征信息的当前总匹配时长是否仍然小于预先设置的第一匹配时长阈值,并根据判断结果进行相应处理,以此类推,直至第一类特征信息的当前总匹配时长不小于预先设置的第一匹配时长阈值时为止,此时,如果该客户端的第一类特征信息仍然匹配失败,且第一类特征信息的当前总匹配时长不小于预先设置的第一匹配时长阈值,则将该客户端视为新增用户,并对该客户端进行新增用户标记。Taking the time limit as an example, when the matching of the first type of characteristic information of the client fails, first judge whether the current total matching duration of the first type of characteristic information is less than the preset first matching duration threshold, and if so, it can be received next time When the first type of data packet sent by the client, reacquire the first type of characteristic information of the client, and perform search and matching again according to the reacquired first type of characteristic information of the client, when the first type of characteristic information of the client When the matching fails, judge whether the current total matching duration of the first type of characteristic information is still less than the preset first matching duration threshold, and perform corresponding processing according to the judgment result, and so on, until the current total matching duration of the first type of characteristic information At this time, if the first type of feature information of the client still fails to match, and the current total matching time of the first type of feature information is not less than the preset first matching time threshold , the client is regarded as a new user, and the client is marked as a new user.
同理,以次数限制为例,当该客户端的第一类特征信息匹配失败时,先判断第一类特征信息的当前总匹配次数是否小于预先设置的第一匹配次数阈值,若是,则可以在下一次接收到该客户端发送的第一类数据包时,重新获取该客户端的第一类特征信息,并根据重新获得的该客户端的第一类特征信息再次进行搜索匹配,当该客户端的第一类特征信息匹配失败时,判断第一类特征信息的当前总匹配次数是否仍然小于预先设置的第一匹配次数阈值,并根据判断结果进行相应处理,以此类推,直至第一类特征信息的当前总匹配次数不小于预先设置的第一匹配次数阈值时为止,此时,如果该客户端的第一类特征信息仍然匹配失败,且第一类特征信息的当前总匹配次数不小于预先设置的第一匹配次数阈值,则将该客户端视为新增用户,并对该客户端进行新增用户标记。Similarly, taking the limit of times as an example, when the client fails to match the first type of feature information, first determine whether the current total number of matching times of the first type of feature information is less than the preset first matching number threshold, and if so, then you can When the first type of data packet sent by the client is received once, the first type of characteristic information of the client is reacquired, and the search and matching is performed again according to the obtained first type of characteristic information of the client. When the matching of the feature information of the first category fails, it is judged whether the current total number of matching times of the feature information of the first category is still less than the preset threshold of the first matching times, and corresponding processing is carried out according to the judgment result, and so on, until the current total number of matching times of the feature information of the first category is Until the total number of matching times is not less than the preset first matching times threshold, at this time, if the first type of feature information of the client still fails to match, and the current total number of matching times of the first type of feature information is not less than the preset first match times threshold, the client is regarded as a new user, and the client is marked as a new user.
在又一个优选实施例中,所述根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别,具体包括:In yet another preferred embodiment, according to the second type of feature information corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client, the first type of feature information of the client is The second type of characteristic information is searched and matched, and the client is identified according to the matching result, specifically including:
根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配;Searching and matching the second type of feature information of the client according to the second type of feature information corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client;
当所述客户端的第二类特征信息匹配成功时,对所述客户端进行识别成功标记;When the second type of characteristic information of the client is successfully matched, marking the client as an identification success;
当所述客户端的第二类特征信息匹配失败时,对所述客户端进行新增用户标记,并将所述客户端的MAC地址、第一类特征信息和第二类特征信息添加到所述用户信息表中。When the matching of the second type of characteristic information of the client fails, add a new user mark to the client, and add the MAC address of the client, the first type of characteristic information and the second type of characteristic information to the user information sheet.
具体的,结合上述实施例,在该客户端的第一类特征信息匹配成功,且上述用户信息表中匹配成功的第一类特征信息不止一个的情况下,需要进一步根据该客户端的第二类特征信息进行继续识别,因此,当本网络设备接收到该客户端发送的第二类数据包时,根据接收到的第二类数据包相应解析获取该客户端的第二类特征信息,并根据上述用户信息表中存在的与该客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对获得的该客户端的第二类特征信息进行搜索匹配,判断用户信息表中存在的与该客户端的第一类特征信息相匹配的第一类特征信息所对应的第二类特征信息中,是否存在与该客户端的第二类特征信息相匹配的第二类特征信息;当该客户端的第二类特征信息匹配成功,并且用户信息表中存在的与该客户端的第一类特征信息相匹配的第一类特征信息所对应的第二类特征信息中,有且仅有一个第二类特性信息与该客户端的第二类特征信息匹配成功时,表明该客户端识别成功,则对该客户端进行识别成功标记,即为该客户端添加“识别成功”标记;当该客户端的第二类特征信息匹配失败时,即用户信息表中存在的与该客户端的第一类特征信息相匹配的第一类特征信息所对应的第二类特征信息中,不存在与该客户端的第二类特征信息相匹配的第二类特征信息,表明该客户端为新增用户,则对该客户端进行新增用户标记,即为该客户端添加“新增用户”标记,并将该客户端的MAC地址、第一类特征信息和第二类特征信息相应添加到用户信息表中。Specifically, in combination with the above-mentioned embodiment, when the first type of characteristic information of the client is successfully matched, and there is more than one first type of characteristic information in the above user information table, it is necessary to further base on the second type of characteristic information of the client. Therefore, when the network device receives the second-type data packet sent by the client, it analyzes and obtains the second-type characteristic information of the client according to the received second-type data packet, and according to the above-mentioned user The second type of characteristic information corresponding to the first type of characteristic information that successfully matches the first type of characteristic information of the client exists in the information table, search and match the obtained second type of characteristic information of the client, and judge the user information table In the second type of feature information corresponding to the first type of feature information that matches the first type of feature information of the client, whether there is second type of feature information that matches the second type of feature information of the client; When the second type of characteristic information of the client is successfully matched, and among the second type of characteristic information corresponding to the first type of characteristic information that matches the first type of characteristic information of the client in the user information table, there is and only When a second type of characteristic information matches successfully with the second type of characteristic information of the client, it indicates that the client is successfully identified, and then the client is identified as a successful mark, that is, the client is marked as "recognized successfully"; when the client When the matching of the second type of feature information of the client fails, that is, the second type of feature information corresponding to the first type of feature information in the user information table that matches the first type of feature information of the client does not exist. If the second type of feature information matches the second type of feature information of the terminal, indicating that the client is a new user, then the client is marked as a new user, that is, the client is marked with "new user", and the The MAC address of the client, the first type of feature information and the second type of feature information are correspondingly added to the user information table.
可以理解的,如果该客户端的第二类特征信息匹配成功,则表明该客户端识别成功;如果该客户端的第二类特征信息同样匹配失败,说明上述用户信息表中没有该客户端的第二类特征信息,该客户端没有关联过本网络设备,相对于本网络设备来说,该客户端是新用户,则对该客户端进行新增用户标记,并将该客户端的MAC地址、第一类特征信息和第二类特征信息相应添加到本网络设备维护的用户信息表中,从而实现对用户信息表的实时更新与维护。It can be understood that if the client's second-type feature information matches successfully, it indicates that the client is successfully identified; if the client's second-type feature information also fails to match, it means that the client's second-type Feature information, the client has not been associated with this network device, and this client is a new user compared to this network device, then add a new user mark to this client, and add the MAC address of the client, the first class The feature information and the second type of feature information are correspondingly added to the user information table maintained by the network device, thereby realizing real-time updating and maintenance of the user information table.
需要说明的是,在该客户端的第二类特征信息匹配成功的情况下,如果 用户信息表中存在的与该客户端的第一类特征信息相匹配的第一类特征信息所对应的第二类特征信息中,存在的与该客户端的第二类特征信息相匹配的第二类特征信息同样不止一个,则可以结合该客户端发送的第三类数据包所对应的第三类特征信息对该客户端进行继续识别,相应的,本网络设备可以根据该客户端的MAC地址、第一类特征信息、第二类特征信息和第三类特征信息依次进行客户端识别,在进行客户端识别时,所使用的特征信息的种类越多,识别效果越好,其中,每一类特征信息的具体识别原理与上述实施例相同,这里不再赘述。It should be noted that, in the case that the second type of characteristic information of the client is successfully matched, if the second type of characteristic information corresponding to the first type of characteristic information matching the first type of characteristic information of the client exists in the user information table Among the feature information, if there is more than one second-type feature information that matches the second-type feature information of the client, then the third-type feature information corresponding to the third-type data packet sent by the client can be combined with the client. The client continues to identify. Correspondingly, the network device can identify the client in turn according to the client's MAC address, the first type of characteristic information, the second type of characteristic information and the third type of characteristic information. When performing client identification, The more types of characteristic information used, the better the recognition effect. The specific recognition principle of each type of characteristic information is the same as that of the above embodiment, and will not be repeated here.
作为上述方案的改进,所述当所述客户端的第二类特征信息匹配失败时,对所述客户端进行新增用户标记,具体包括:As an improvement of the above solution, when the matching of the second type of feature information of the client fails, add a new user mark to the client, specifically including:
当所述客户端的第二特征信息匹配失败时,判断第二类特征信息的匹配时长是否小于预设的第二匹配时长阈值或匹配次数是否小于预设的第二匹配次数阈值;When the matching of the second feature information of the client fails, judging whether the matching duration of the second type of feature information is less than a preset second matching duration threshold or whether the number of matches is less than a preset second matching times threshold;
若是,则在接收到所述客户端发送的下一个第二类数据包时,重新获取所述客户端的第二类特征信息,并执行相应的第二类特征信息匹配处理方案,直至匹配时长不小于所述第二匹配时长阈值或匹配次数不小于所述第二匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next second-type data packet sent by the client, reacquire the second-type feature information of the client, and execute the corresponding second-type feature information matching processing plan until the matching duration is longer than Adding a new user mark to the client until the second matching duration threshold or the number of matching times is not less than the second matching number threshold;
若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
具体的,结合上述实施例,在该客户端的第二类特征信息匹配成功之前,针对该客户端的第二类特征信息可以重复进行多次匹配处理,并且本网络设备预先设置了第二匹配时长阈值或第二匹配次数阈值,以对第二类特征信息的匹配处理流程进行时间限制或者次数限制。Specifically, in combination with the above embodiment, before the second type of feature information of the client is successfully matched, the matching process can be repeated multiple times for the second type of feature information of the client, and the network device presets the second matching duration threshold or a second matching times threshold, so as to limit the time or times of the matching processing flow of the second type of characteristic information.
以时间限制为例,当该客户端的第二类特征信息匹配失败时,先判断第二类特征信息的当前总匹配时长是否小于预先设置的第二匹配时长阈值,若是,则可以在下一次接收到该客户端发送的第二类数据包时,重新获取该客户端的第二类特征信息,并根据重新获得的该客户端的第二类特征信息再次进行搜索匹配,当该客户端的第二类特征信息匹配失败时,判断第二类特征信息的当前总匹配时长是否仍然小于预先设置的第二匹配时长阈值,并根据判断结果进行相应处理,以此类推,直至第二类特征信息的当前总匹配时长不小于预先设置的第二匹配时长阈值时为止,此时,如果该客户端的第二类 特征信息仍然匹配失败,且第二类特征信息的当前总匹配时长不小于预先设置的第二匹配时长阈值,则将该客户端视为新增用户,并对该客户端进行新增用户标记。Taking the time limit as an example, when the matching of the second type of characteristic information of the client fails, first judge whether the current total matching duration of the second type of characteristic information is less than the preset second matching duration threshold, and if so, it can be received next time When the second type of data packet is sent by the client, reacquire the second type of characteristic information of the client, and perform search and matching again according to the reacquired second type of characteristic information of the client, when the second type of characteristic information of the client When the matching fails, judge whether the current total matching duration of the second type of characteristic information is still less than the preset second matching duration threshold, and perform corresponding processing according to the judgment result, and so on, until the current total matching duration of the second type of characteristic information At this time, if the second type of characteristic information of the client still fails to match, and the current total matching duration of the second type of characteristic information is not less than the preset second matching duration threshold , the client is regarded as a new user, and the client is marked as a new user.
同理,以次数限制为例,当该客户端的第二类特征信息匹配失败时,先判断第二类特征信息的当前总匹配次数是否小于预先设置的第二匹配次数阈值,若是,则可以在下一次接收到该客户端发送的第二类数据包时,重新获取该客户端的第二类特征信息,并根据重新获得的该客户端的第二类特征信息再次进行搜索匹配,当该客户端的第二类特征信息匹配失败时,判断第二类特征信息的当前总匹配次数是否仍然小于预先设置的第二匹配次数阈值,并根据判断结果进行相应处理,以此类推,直至第二类特征信息的当前总匹配次数不小于预先设置的第二匹配次数阈值时为止,此时,如果该客户端的第二类特征信息仍然匹配失败,且第二类特征信息的当前总匹配次数不小于预先设置的第二匹配次数阈值,则将该客户端视为新增用户,并对该客户端进行新增用户标记。Similarly, taking the limit of times as an example, when the client fails to match the second type of feature information, first determine whether the current total number of matching times of the second type of feature information is less than the preset second matching times threshold, and if so, you can use the following When the second type of data packet sent by the client is received once, the second type of characteristic information of the client is reacquired, and the second type of characteristic information of the client is searched and matched again. When the matching of the characteristic information of the second type fails, it is judged whether the current total matching times of the characteristic information of the second type is still less than the preset threshold of the second matching times, and corresponding processing is carried out according to the judgment result, and so on until the current total number of matching times of the characteristic information of the second type is Until the total number of matching times is not less than the preset second matching times threshold, at this time, if the second type of feature information of the client still fails to match, and the current total number of matching times of the second type of feature information is not less than the preset second match times threshold, the client is regarded as a new user, and the client is marked as a new user.
在又一个优选实施例中,所述第一类数据包为标识设备信息的数据包,所述第一类特征信息对应为设备信息;所述第二类数据包为标识用户行为的数据包,所述第二类特征信息对应为用户行为信息;In yet another preferred embodiment, the first type of data packet is a data packet identifying device information, and the first type of feature information corresponds to device information; the second type of data packet is a data packet identifying user behavior, The second type of feature information corresponds to user behavior information;
或,or,
所述第一类数据包为标识用户行为的数据包,所述第一类特征信息对应为用户行为信息;所述第二类数据包为标识设备信息的数据包,所述第二类特征信息对应为设备信息。The first type of data packet is a data packet that identifies user behavior, and the first type of characteristic information corresponds to user behavior information; the second type of data packet is a data packet that identifies device information, and the second type of characteristic information Corresponding to device information.
具体的,结合上述实施例,根据本网络设备与关联客户端之间的实际通信情况可知,客户端向本网络设备发送的数据包至少包括标识设备信息的数据包和标识用户行为的数据包,因此,第一类数据包可以为标识设备信息的数据包,也可以为标识用户行为的数据包,相应的,本网络设备根据第一类数据包获得的第一类特征信息可以为客户端对应的设备信息,也可以为客户端对应的用户行为信息,同理,第二类数据包可以为标识设备信息的数据包,也可以为标识用户行为的数据包,相应的,本网络设备根据第二类数据包获得的第二类特征信息可以为客户端对应的设备信息,也可以为客户端对应的用户行为信息。Specifically, in combination with the above embodiments, according to the actual communication between the network device and the associated client, the data packet sent by the client to the network device includes at least a data packet identifying device information and a data packet identifying user behavior. Therefore, the first type of data packet can be a data packet identifying device information, or a data packet identifying user behavior. Correspondingly, the first type of characteristic information obtained by the network device according to the first type of data packet can be the corresponding The device information can also be the user behavior information corresponding to the client. Similarly, the second type of data packet can be the data packet identifying the device information, or the data packet identifying the user behavior. Correspondingly, the network device according to the first The second-type characteristic information obtained by the second-type data packet may be device information corresponding to the client, or user behavior information corresponding to the client.
作为上述方案的改进,所述标识设备信息的数据包至少包括DHCP数据包、DHCPv6数据包和Probe Request数据包;所述标识用户行为的数据包至少包括HTTP数据包和DNS数据包。As an improvement of the above solution, the data packets identifying device information at least include DHCP data packets, DHCPv6 data packets and Probe Request data packets; the data packets identifying user behavior include at least HTTP data packets and DNS data packets.
具体的,结合上述实施例,标识设备信息的数据包至少包括DHCP数据包、DHCPv6数据包和Probe Request数据包等携带客户端的设备信息的数据包,本网络设备根据标识设备信息的数据包获得的设备信息对应为DHCP特征信息、DHCPv6特征信息和Probe Request特征信息;标识用户行为的数据包至少包括HTTP数据包和DNS数据包等反映客户端的用户行为信息的数据包,本网络设备根据标识用户行为的数据获得的用户行为信息对应为HTTP特征信息和DNS特征信息。Specifically, in combination with the above-mentioned embodiment, the data packet identifying the device information at least includes a DHCP data packet, a DHCPv6 data packet, and a Probe Request data packet carrying the device information of the client. Device information corresponds to DHCP feature information, DHCPv6 feature information, and Probe Request feature information; data packets identifying user behavior include at least HTTP data packets and DNS data packets that reflect user behavior information of the client. The user behavior information obtained from the data corresponds to HTTP feature information and DNS feature information.
需要说明的是,DHCP特征信息包括IP帧长、Vendor Class Identifier、TTL等信息,DHCPv6特征信息包括Link-layer address、DUID等信息,Probe Request特征信息包括SSID Parameter set、Supported Rates、VHT Capabilities等信息,HTTP特征信息包括User Agent、Cookie、URL、Host等信息,DNS特征信息包括Queries等信息。It should be noted that the DHCP feature information includes IP frame length, Vendor Class Identifier, TTL, etc., the DHCPv6 feature information includes Link-layer address, DUID, etc., and the Probe Request feature information includes SSID Parameter set, Supported Rates, VHT Capabilities, etc. , HTTP feature information includes User Agent, Cookie, URL, Host and other information, DNS feature information includes Queries and other information.
在又一个优选实施例中,在所述当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记之后,所述方法还包括:In yet another preferred embodiment, after the client's MAC address matches successfully, after marking the client as a successful identification, the method further includes:
当接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;When receiving the data packet sent by the client, acquiring the characteristic information of the client according to the data packet;
根据所述用户信息表对所述客户端的特征信息进行搜索匹配;Searching and matching the characteristic information of the client according to the user information table;
当所述客户端的特征信息匹配失败时,根据所述客户端的特征信息对所述用户信息表中与所述客户端的MAC地址匹配成功的MAC地址所对应的特征信息进行更新处理。When the matching of the characteristic information of the client fails, update the characteristic information corresponding to the MAC address that successfully matches the MAC address of the client in the user information table according to the characteristic information of the client.
具体的,结合上述实施例,在根据该客户端的MAC地址识别出该客户端之后,当本网络设备接收到该客户端发送的数据包(例如第一类数据包或第二类数据包)时,根据接收到的数据包相应获取该客户端的所对应的特征信息(例如第一类特征信息或第二类特征信息),并根据上述用户信息表对该客户端的特征信息进行搜索匹配,判断用户信息表中是否存在与该客户端的特征信息相匹配的特征信息,当该客户端的特征信息匹配失败时,表明用户信息表中不存在与该客户端的特征信息相匹配的特征信息,但是,由于该 客户端已经通过MAC地址匹配成功,用户信息表中存在与该客户端的MAC地址匹配成功的MAC地址以及与该匹配成功的MAC地址相对应的特征信息,说明用户信息表中存在的该匹配成功的MAC地址所对应的特征信息与根据接收到的该客户端发送的数据包获得的特征信息并不匹配,因此,需要对用户信息表中存在的该匹配成功的MAC地址所对应的特征信息进行相应的更新处理,即将用户信息表中与该匹配成功的MAC地址相对应的特征信息更新替换为根据接收到的该客户端发送的数据包获得的特征信息。Specifically, in combination with the above-mentioned embodiments, after the client is identified according to the MAC address of the client, when the network device receives the data packet (such as the first type of data packet or the second type of data packet) sent by the client According to the received data packet, the corresponding characteristic information of the client (for example, the first type of characteristic information or the second type of characteristic information) is correspondingly obtained, and the characteristic information of the client is searched and matched according to the above user information table, and the user is judged Whether there is characteristic information matching the characteristic information of the client in the information table, when the matching of the characteristic information of the client fails, it indicates that there is no characteristic information matching the characteristic information of the client in the user information table, but, due to the The client has successfully matched the MAC address, and there is a MAC address that successfully matches the client's MAC address and feature information corresponding to the successful MAC address in the user information table, indicating that the successful match exists in the user information table. The characteristic information corresponding to the MAC address does not match the characteristic information obtained according to the received data packet sent by the client. Therefore, it is necessary to perform corresponding matching on the characteristic information corresponding to the successfully matched MAC address existing in the user information table. The updating process is to replace the characteristic information corresponding to the successfully matched MAC address in the user information table with the characteristic information obtained according to the received data packet sent by the client.
本公开的实施例还提供了一种客户端识别装置,参见图2所示,是本公开提供的一种客户端识别装置的一个优选实施例的结构框图,所述装置包括:Embodiments of the present disclosure also provide a client identification device, as shown in FIG. 2 , which is a structural block diagram of a preferred embodiment of a client identification device provided by the present disclosure. The device includes:
MAC地址获取模块11,用于当任一客户端关联本网络设备时,获取所述客户端的MAC地址;MAC address acquisition module 11, used for acquiring the MAC address of the client when any client is associated with the network device;
MAC地址匹配模块12,用于根据预设的用户信息表对所述客户端的MAC地址进行搜索匹配;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的特征信息;The MAC address matching module 12 is configured to search and match the MAC address of the client according to a preset user information table; wherein, the user information table includes the MAC addresses of all clients associated with the network device and each MAC address The characteristic information corresponding to the address;
MAC地址匹配成功处理模块13,用于当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记;MAC address matching success processing module 13, used for when the MAC address of the client is successfully matched, mark the client as successful identification;
MAC地址匹配失败处理模块14,用于当所述客户端的MAC地址匹配失败时,对所述客户端进行待检测标记,并在接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别。MAC address matching failure processing module 14, for when the MAC address of the client fails to match, mark the client to be detected, and when receiving the data packet sent by the client, according to the data packet Obtaining the characteristic information of the client; searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result.
优选地,所述数据包为第一类数据包,所述客户端的特征信息为所述客户端的第一类特征信息;Preferably, the data packet is a first-type data packet, and the characteristic information of the client is the first-type characteristic information of the client;
则,所述MAC地址匹配失败处理模块14具体包括:Then, the MAC address matching failure processing module 14 specifically includes:
第一特征匹配单元,用于根据所述用户信息表对所述客户端的第一类特征信息进行搜索匹配;a first feature matching unit, configured to search and match the first type of feature information of the client according to the user information table;
第一特征匹配成功处理单元,用于当所述客户端的第一类特征信息匹配成功时,判断所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息是否只有一个;A first feature matching successful processing unit, configured to determine whether the first type of feature information in the user information table successfully matches the first type of feature information of the client when the first type of feature information of the client is successfully matched. only one;
客户端标记单元,用于若是,则对所述客户端进行识别成功标记;The client marking unit is configured to mark the client successfully if it is identified;
第二特征匹配单元,用于若否,则在接收到所述客户端发送的第二类数据包时,相应获取所述客户端的第二类特征信息;根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的第一类特征信息和第二类特征信息。The second feature matching unit is configured to, if not, correspondingly obtain the second type of feature information of the client when receiving the second type of data packet sent by the client; according to the user information table and the described The first type of feature information of the client matches the second type of feature information corresponding to the first type of feature information successfully, searching and matching the second type of feature information of the client, and identifying the client according to the matching result; Wherein, the user information table includes the MAC addresses of all clients associated with the network device and the first-type feature information and the second-type feature information corresponding to each MAC address.
优选地,所述MAC地址匹配失败处理模块14还包括:Preferably, the MAC address matching failure processing module 14 also includes:
第一特征匹配失败处理单元,用于当所述客户端的第一类特征信息匹配失败时,对所述客户端进行新增用户标记;将所述客户端的MAC地址和第一类特征信息添加到所述用户信息表中。The first feature matching failure processing unit is configured to add a new user mark to the client when the first type of feature information of the client fails to match; add the client's MAC address and the first type of feature information to the In the user information table.
优选地,所述第一特征匹配失败处理单元具体用于:Preferably, the first feature matching failure processing unit is specifically configured to:
当所述客户端的第一类特征信息匹配失败时,判断第一类特征信息的匹配时长是否小于预设的第一匹配时长阈值或匹配次数是否小于预设的第一匹配次数阈值;When the matching of the first type of feature information of the client fails, judging whether the matching duration of the first type of feature information is less than a preset first matching duration threshold or whether the number of matches is less than a preset first matching number threshold;
若是,则在接收到所述客户端发送的下一个第一类数据包时,重新获取所述客户端的第一类特征信息,并执行相应的第一类特征信息匹配处理方案,直至匹配时长不小于所述第一匹配时长阈值或匹配次数不小于所述第一匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next first-type data packet sent by the client, reacquire the first-type characteristic information of the client, and execute the corresponding first-type characteristic information matching processing scheme until the matching duration is longer than Adding a new user mark to the client until the first matching duration threshold or the number of matching times is not less than the first matching number threshold;
若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
优选地,所述第二特征匹配单元具体包括:Preferably, the second feature matching unit specifically includes:
第二特征匹配子单元,用于根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配;The second feature matching subunit is configured to, according to the second type of feature information corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client, to the second type of the client. Class feature information for search and matching;
第二特征匹配成功处理子单元,用于当所述客户端的第二类特征信息匹配成功时,对所述客户端进行识别成功标记;The second feature matching success processing subunit is configured to mark the client as an identification success when the second type of feature information of the client is successfully matched;
第二特征匹配失败处理子单元,用于当所述客户端的第二类特征信息匹配失败时,对所述客户端进行新增用户标记,并将所述客户端的MAC地址、第一类特征信息和第二类特征信息添加到所述用户信息表中。The second characteristic matching failure processing subunit is used to add a new user mark to the client when the matching of the second type of characteristic information of the client fails, and add the MAC address of the client, the first type of characteristic information And the second type of feature information is added to the user information table.
优选地,所述第二特征匹配失败处理子单元具体用于:Preferably, the second feature matching failure processing subunit is specifically used for:
当所述客户端的第二特征信息匹配失败时,判断第二类特征信息的匹配时长是否小于预设的第二匹配时长阈值或匹配次数是否小于预设的第二匹配次数阈值;When the matching of the second feature information of the client fails, judging whether the matching duration of the second type of feature information is less than a preset second matching duration threshold or whether the number of matches is less than a preset second matching times threshold;
若是,则在接收到所述客户端发送的下一个第二类数据包时,重新获取所述客户端的第二类特征信息,并执行相应的第二类特征信息匹配处理方案,直至匹配时长不小于所述第二匹配时长阈值或匹配次数不小于所述第二匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next second-type data packet sent by the client, reacquire the second-type feature information of the client, and execute the corresponding second-type feature information matching processing plan until the matching duration is longer than Adding a new user mark to the client until the second matching duration threshold or the number of matching times is not less than the second matching number threshold;
若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
优选地,所述第一类数据包为标识设备信息的数据包,所述第一类特征信息对应为设备信息;所述第二类数据包为标识用户行为的数据包,所述第二类特征信息对应为用户行为信息;Preferably, the first type of data packet is a data packet identifying device information, and the first type of feature information corresponds to device information; the second type of data packet is a data packet identifying user behavior, and the second type of feature information corresponds to device information; Feature information corresponds to user behavior information;
或,or,
所述第一类数据包为标识用户行为的数据包,所述第一类特征信息对应为用户行为信息;所述第二类数据包为标识设备信息的数据包,所述第二类特征信息对应为设备信息。The first type of data packet is a data packet that identifies user behavior, and the first type of characteristic information corresponds to user behavior information; the second type of data packet is a data packet that identifies device information, and the second type of characteristic information Corresponding to device information.
优选地,所述标识设备信息的数据包至少包括DHCP数据包、DHCPv6数据包和Probe Request数据包;所述标识用户行为的数据包至少包括HTTP数据包和DNS数据包。Preferably, the data packets identifying device information at least include DHCP data packets, DHCPv6 data packets and Probe Request data packets; the data packets identifying user behavior include at least HTTP data packets and DNS data packets.
优选地,所述装置还包括:Preferably, the device also includes:
特征信息获取模块,用于当接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;A characteristic information acquisition module, configured to acquire characteristic information of the client according to the data packet when receiving the data packet sent by the client;
特征信息匹配模块,用于根据所述用户信息表对所述客户端的特征信息进行搜索匹配;A characteristic information matching module, configured to search and match the characteristic information of the client according to the user information table;
特征信息更新模块,用于当所述客户端的特征信息匹配失败时,根据所述客户端的特征信息对所述用户信息表中与所述客户端的MAC地址匹配成功的MAC地址所对应的特征信息进行更新处理。A feature information update module, configured to perform feature information corresponding to a MAC address in the user information table that matches successfully with the MAC address of the client according to the feature information of the client when the match of the feature information of the client fails. update processing.
本公开的实施例所提供的一种客户端识别装置,能够实现上述任一实施例所述的客户端识别方法的所有流程,装置中的各个模块、单元、子单元的作用以及实现的技术效果分别与上述实施例所述的客户端识别方法的作用以及实现的技术效果对应相同,这里不再赘述。The client identification device provided by the embodiments of the present disclosure can realize all the processes of the client identification method described in any of the above embodiments, the functions of each module, unit, and subunit in the device, and the achieved technical effects The functions and technical effects achieved by the client identification method described in the above embodiments are correspondingly the same, and will not be repeated here.
本公开的实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质包括存储的计算机程序;其中,所述计算机程序在运行时控制所述计算机可读存储介质所在的设备执行上述任一实施例所述的客户端识别方法。An embodiment of the present disclosure also provides a computer-readable storage medium, the computer-readable storage medium includes a stored computer program; wherein, when the computer program is running, the computer-readable storage medium is controlled by the device where the computer-readable storage medium is located to execute The client identification method described in any one of the above embodiments.
本公开的实施例还提供了一种网络设备,参见图3所示,是本公开提供的一种网络设备的一个优选实施例的结构框图,所述网络设备包括处理器10、存储器20以及存储在所述存储器20中且被配置为由所述处理器10执行的计算机程序,所述处理器10在执行所述计算机程序时实现上述任一实施例所述的客户端识别方法。Embodiments of the present disclosure also provide a network device, as shown in FIG. 3 , which is a structural block diagram of a preferred embodiment of a network device provided by the present disclosure. In the memory 20 and configured as a computer program executed by the processor 10, the processor 10 implements the client identification method described in any of the above embodiments when executing the computer program.
优选地,所述计算机程序可以被分割成一个或多个模块/单元(如计算机程序1、计算机程序2、······),所述一个或者多个模块/单元被存储在所述存储器20中,并由所述处理器10执行,以完成本发明。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述所述计算机程序在所述网络设备中的执行过程。Preferably, the computer program can be divided into one or more modules/units (such as computer program 1, computer program 2, ...), and the one or more modules/units are stored in the stored in the memory 20 and executed by the processor 10 to complete the present invention. The one or more modules/units may be a series of computer program instruction segments capable of accomplishing specific functions, and the instruction segments are used to describe the execution process of the computer program in the network device.
所述处理器10可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等,通用处理器可以是微处理器,或者所述处理器10也可以是任何常规的处理器,所述处理器10是所述网络设备的控制中心,利用各种接口和线路连接所述网络设备的各个部分。The processor 10 can be a central processing unit (Central Processing Unit, CPU), and can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., the general-purpose processor can be a microprocessor, or the processor 10 can also be It is any conventional processor, and the processor 10 is the control center of the network device, using various interfaces and lines to connect various parts of the network device.
所述存储器20主要包括程序存储区和数据存储区,其中,程序存储区可存储操作系统、至少一个功能所需的应用程序等,数据存储区可存储相关数据等。此外,所述存储器20可以是高速随机存取存储器,还可以是非易失性存储器,例如插接式硬盘,智能存储卡(Smart Media Card,SMC)、安全数字(Secure Digital,SD)卡和闪存卡(Flash Card)等,或所述存储器20也可以是其他易失性固态存储器件。The memory 20 mainly includes a program storage area and a data storage area, wherein the program storage area can store an operating system, an application program required by at least one function, etc., and the data storage area can store related data and the like. In addition, the memory 20 can be a high-speed random access memory, or a non-volatile memory, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card and a flash memory Card (Flash Card), etc., or the memory 20 can also be other volatile solid-state storage devices.
需要说明的是,上述网络设备可包括,但不仅限于,处理器、存储器,本领域技术人员可以理解,图3结构框图仅仅是上述网络设备的示例,并不构成对网络设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件。It should be noted that the above-mentioned network equipment may include, but not limited to, a processor and a memory. Those skilled in the art may understand that the structural block diagram in FIG. 3 is only an example of the above-mentioned network equipment and does not constitute a limitation on the network equipment. More or fewer components than shown, or combinations of certain components, or different components.
综上,本公开的实施例所提供的一种客户端识别方法、装置、计算机可读存储介质及网络设备,具有以下有益效果:To sum up, the client identification method, device, computer-readable storage medium, and network device provided by the embodiments of the present disclosure have the following beneficial effects:
(1)无需长时间的占用系统资源,能够在基本不影响网络设备性能的前提下快速进行客户端识别;(1) It does not need to occupy system resources for a long time, and can quickly identify clients without affecting the performance of network equipment;
(2)结合了客户端的多种类型的特征信息进行客户端识别,比根据单一特征信息识别具有更好的识别效果;(2) Combining multiple types of feature information of the client for client identification has a better recognition effect than identification based on a single feature information;
(3)具有较高的识别准确性,可用于辅助网络设备通过MAC地址进行规则管理的相关功能的正常生效,例如路由器产品中的家长控制、QoS优先级、IoT等功能。(3) It has high identification accuracy and can be used to assist network devices to perform normal functions related to rule management through MAC addresses, such as parental control, QoS priority, IoT and other functions in router products.
以上所述仅是本公开的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明技术原理的前提下,还可以做出若干改进和变形,这些改进和变形也应视为本发明的保护范围。The above descriptions are only preferred implementations of the present disclosure. It should be pointed out that for those of ordinary skill in the art, some improvements and modifications can be made without departing from the technical principles of the present invention. These improvements and modifications It should also be regarded as the protection scope of the present invention.

Claims (12)

  1. 一种客户端识别方法,其特征在于,包括:A client identification method, characterized in that, comprising:
    当任一客户端关联本网络设备时,获取所述客户端的MAC地址;When any client is associated with the network device, obtain the MAC address of the client;
    根据预设的用户信息表对所述客户端的MAC地址进行搜索匹配;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的特征信息;Search and match the MAC address of the client according to a preset user information table; wherein, the user information table includes MAC addresses of all clients associated with the network device and feature information corresponding to each MAC address;
    当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记;When the MAC address of the client is successfully matched, marking the client as an identification success;
    当所述客户端的MAC地址匹配失败时,对所述客户端进行待检测标记,并在接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别。When the MAC address of the client fails to match, the client is marked to be detected, and when the data packet sent by the client is received, the characteristic information of the client is obtained according to the data packet; The user information table searches and matches the characteristic information of the client, and identifies the client according to the matching result.
  2. 如权利要求1所述的客户端识别方法,其特征在于,所述数据包为第一类数据包,所述客户端的特征信息为所述客户端的第一类特征信息;The client identification method according to claim 1, wherein the data packet is a first-type data packet, and the characteristic information of the client is the first-type characteristic information of the client;
    则,所述根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别,具体包括:Then, searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result, specifically includes:
    根据所述用户信息表对所述客户端的第一类特征信息进行搜索匹配;Searching and matching the first type of characteristic information of the client according to the user information table;
    当所述客户端的第一类特征信息匹配成功时,判断所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息是否只有一个;When the first type of characteristic information of the client is successfully matched, judging whether there is only one first type of characteristic information in the user information table that successfully matches the first type of characteristic information of the client;
    若是,则对所述客户端进行识别成功标记;If so, then carry out identification success mark to described client;
    若否,则在接收到所述客户端发送的第二类数据包时,相应获取所述客户端的第二类特征信息;根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的第一类特征信息和第二类特征信息。If not, when receiving the second type of data packet sent by the client, correspondingly obtain the second type of feature information of the client; match the first type of feature information with the client in the user information table The second type of characteristic information corresponding to the successful first type of characteristic information, search and match the second type of characteristic information of the client, and identify the client according to the matching result; wherein, in the user information table It includes the MAC addresses of all clients associated with the network device and the first-type feature information and second-type feature information corresponding to each MAC address.
  3. 如权利要求2所述的客户端识别方法,其特征在于,所述方法还包括:The client identification method according to claim 2, wherein the method further comprises:
    当所述客户端的第一类特征信息匹配失败时,对所述客户端进行新增用户标记;When the matching of the first type of feature information of the client fails, add a new user mark to the client;
    将所述客户端的MAC地址和第一类特征信息添加到所述用户信息表中。Add the MAC address of the client and the characteristic information of the first type to the user information table.
  4. 如权利要求3所述的客户端识别方法,其特征在于,所述当所述客户端的第一类特征信息匹配失败时,对所述客户端进行新增用户标记,具体包括:The client identification method according to claim 3, wherein when the matching of the first type of characteristic information of the client fails, adding a new user mark to the client, specifically comprising:
    当所述客户端的第一类特征信息匹配失败时,判断第一类特征信息的匹配时长是否小于预设的第一匹配时长阈值或匹配次数是否小于预设的第一匹配次数阈值;When the matching of the first type of feature information of the client fails, judging whether the matching duration of the first type of feature information is less than a preset first matching duration threshold or whether the number of matches is less than a preset first matching number threshold;
    若是,则在接收到所述客户端发送的下一个第一类数据包时,重新获取所述客户端的第一类特征信息,并执行相应的第一类特征信息匹配处理方案,直至匹配时长不小于所述第一匹配时长阈值或匹配次数不小于所述第一匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next first-type data packet sent by the client, reacquire the first-type characteristic information of the client, and execute the corresponding first-type characteristic information matching processing scheme until the matching duration is longer than Adding a new user mark to the client until the first matching duration threshold or the number of matching times is not less than the first matching number threshold;
    若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
  5. 如权利要求2所述的客户端识别方法,其特征在于,所述根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别,具体包括:The client identification method according to claim 2, wherein, according to the second type of feature corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client, Information, search and match the second type of characteristic information of the client, and identify the client according to the matching result, specifically including:
    根据所述用户信息表中与所述客户端的第一类特征信息匹配成功的第一类特征信息所对应的第二类特征信息,对所述客户端的第二类特征信息进行搜索匹配;Searching and matching the second type of feature information of the client according to the second type of feature information corresponding to the first type of feature information in the user information table that successfully matches the first type of feature information of the client;
    当所述客户端的第二类特征信息匹配成功时,对所述客户端进行识别成功标记;When the second type of characteristic information of the client is successfully matched, marking the client as an identification success;
    当所述客户端的第二类特征信息匹配失败时,对所述客户端进行新增用户标记,并将所述客户端的MAC地址、第一类特征信息和第二类特征信息添加到所述用户信息表中。When the matching of the second type of characteristic information of the client fails, add a new user mark to the client, and add the MAC address of the client, the first type of characteristic information and the second type of characteristic information to the user information sheet.
  6. 如权利要求5所述的客户端识别方法,其特征在于,所述当所述客户端的第二类特征信息匹配失败时,对所述客户端进行新增用户标记,具体包括:The client identification method according to claim 5, wherein when the matching of the second type of characteristic information of the client fails, adding a new user mark to the client, specifically comprising:
    当所述客户端的第二特征信息匹配失败时,判断第二类特征信息的匹配时长是否小于预设的第二匹配时长阈值或匹配次数是否小于预设的第二匹配 次数阈值;When the matching of the second feature information of the client fails, it is judged whether the matching duration of the second type of feature information is less than the preset second matching duration threshold or whether the number of matches is less than the preset second matching times threshold;
    若是,则在接收到所述客户端发送的下一个第二类数据包时,重新获取所述客户端的第二类特征信息,并执行相应的第二类特征信息匹配处理方案,直至匹配时长不小于所述第二匹配时长阈值或匹配次数不小于所述第二匹配次数阈值时为止,对所述客户端进行新增用户标记;If so, when receiving the next second-type data packet sent by the client, reacquire the second-type feature information of the client, and execute the corresponding second-type feature information matching processing plan until the matching duration is longer than Adding a new user mark to the client until the second matching duration threshold or the number of matching times is not less than the second matching number threshold;
    若否,则对所述客户端进行新增用户标记。If not, mark the client as adding a new user.
  7. 如权利要求2所述的客户端识别方法,其特征在于,所述第一类数据包为标识设备信息的数据包,所述第一类特征信息对应为设备信息;所述第二类数据包为标识用户行为的数据包,所述第二类特征信息对应为用户行为信息;The client identification method according to claim 2, wherein the first type of data packet is a data packet identifying device information, and the first type of characteristic information corresponds to device information; the second type of data packet It is a data packet identifying user behavior, and the second type of feature information corresponds to user behavior information;
    或,or,
    所述第一类数据包为标识用户行为的数据包,所述第一类特征信息对应为用户行为信息;所述第二类数据包为标识设备信息的数据包,所述第二类特征信息对应为设备信息。The first type of data packet is a data packet that identifies user behavior, and the first type of characteristic information corresponds to user behavior information; the second type of data packet is a data packet that identifies device information, and the second type of characteristic information Corresponding to device information.
  8. 如权利要求7所述的客户端识别方法,其特征在于,所述标识设备信息的数据包至少包括DHCP数据包、DHCPv6数据包和Probe Request数据包;所述标识用户行为的数据包至少包括HTTP数据包和DNS数据包。The client identification method according to claim 7, wherein the data packet identifying device information at least includes a DHCP data packet, a DHCPv6 data packet and a Probe Request data packet; the data packet identifying user behavior includes at least an HTTP packets and DNS packets.
  9. 如权利要求1~8任一项所述的客户端识别方法,其特征在于,在所述当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记之后,所述方法还包括:The client identification method according to any one of claims 1 to 8, characterized in that, after the client's MAC address is successfully matched, after the client is identified successfully, the method further include:
    当接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;When receiving the data packet sent by the client, acquiring the characteristic information of the client according to the data packet;
    根据所述用户信息表对所述客户端的特征信息进行搜索匹配;Searching and matching the characteristic information of the client according to the user information table;
    当所述客户端的特征信息匹配失败时,根据所述客户端的特征信息对所述用户信息表中与所述客户端的MAC地址匹配成功的MAC地址所对应的特征信息进行更新处理。When the matching of the characteristic information of the client fails, update the characteristic information corresponding to the MAC address that successfully matches the MAC address of the client in the user information table according to the characteristic information of the client.
  10. 一种客户端识别装置,其特征在于,包括:A client identification device, characterized in that it comprises:
    MAC地址获取模块,用于当任一客户端关联本网络设备时,获取所述客户端的MAC地址;A MAC address obtaining module, configured to obtain the MAC address of the client when any client is associated with the network device;
    MAC地址匹配模块,用于根据预设的用户信息表对所述客户端的MAC 地址进行搜索匹配;其中,所述用户信息表中包括关联过本网络设备的所有客户端的MAC地址以及每一个MAC地址对应的特征信息;The MAC address matching module is used to search and match the MAC address of the client according to the preset user information table; wherein, the user information table includes the MAC addresses of all clients associated with the network device and each MAC address Corresponding feature information;
    MAC地址匹配成功处理模块,用于当所述客户端的MAC地址匹配成功时,对所述客户端进行识别成功标记;A MAC address matching success processing module, configured to mark the client as an identification success when the MAC address of the client is successfully matched;
    MAC地址匹配失败处理模块,用于当所述客户端的MAC地址匹配失败时,对所述客户端进行待检测标记,并在接收到所述客户端发送的数据包时,根据所述数据包获取所述客户端的特征信息;根据所述用户信息表对所述客户端的特征信息进行搜索匹配,并根据匹配结果对所述客户端进行识别。A MAC address matching failure processing module, configured to mark the client to be detected when the MAC address of the client fails to match, and when receiving the data packet sent by the client, obtain The characteristic information of the client; searching and matching the characteristic information of the client according to the user information table, and identifying the client according to the matching result.
  11. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质包括存储的计算机程序;其中,所述计算机程序在运行时控制所述计算机可读存储介质所在的设备执行如权利要求1~9任一项所述的客户端识别方法。A computer-readable storage medium, characterized in that the computer-readable storage medium includes a stored computer program; wherein, when the computer program is running, the computer-readable storage medium is controlled by the device where the computer-readable storage medium is located to perform the process described in claim 1. The client identification method described in any one of ~9.
  12. 一种网络设备,其特征在于,包括处理器、存储器以及存储在所述存储器中且被配置为由所述处理器执行的计算机程序,所述处理器在执行所述计算机程序时实现如权利要求1~9任一项所述的客户端识别方法A network device, characterized by comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, when the processor executes the computer program, it realizes the The client identification method described in any one of 1 to 9
PCT/CN2022/101550 2021-06-25 2022-06-27 Client identification method and apparatus, and storage medium and network device WO2022268226A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US18/412,492 US12170665B2 (en) 2021-06-25 2024-01-13 Client identification method and apparatus, and storage medium and network device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110716012.4A CN113595812B (en) 2021-06-25 2021-06-25 Client identification method and device, storage medium and network equipment
CN202110716012.4 2021-06-25

Publications (1)

Publication Number Publication Date
WO2022268226A1 true WO2022268226A1 (en) 2022-12-29

Family

ID=78244685

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/101550 WO2022268226A1 (en) 2021-06-25 2022-06-27 Client identification method and apparatus, and storage medium and network device

Country Status (2)

Country Link
CN (1) CN113595812B (en)
WO (1) WO2022268226A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12170665B2 (en) 2021-06-25 2024-12-17 Tp-Link Corporation Limited Client identification method and apparatus, and storage medium and network device
CN113595812B (en) * 2021-06-25 2023-05-16 深圳市联洲国际技术有限公司 Client identification method and device, storage medium and network equipment
CN114338602B (en) * 2021-12-06 2024-09-13 深圳市联洲国际技术有限公司 Network equipment identification method and device and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102724188A (en) * 2012-06-08 2012-10-10 成都欣点科技有限公司 System and method for identifying identity of client in service field
US20130191901A1 (en) * 2012-01-24 2013-07-25 Chuck A. Black Security actions based on client identity databases
CN107071085A (en) * 2017-04-19 2017-08-18 新华三技术有限公司 Network equipment MAC Address collocation method and device
CN112737825A (en) * 2020-12-23 2021-04-30 携程旅游信息技术(上海)有限公司 Log-based network device association method, system, device and storage medium
CN113595812A (en) * 2021-06-25 2021-11-02 深圳市联洲国际技术有限公司 Client identification method, device, storage medium and network equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8861401B2 (en) * 2012-04-03 2014-10-14 International Business Machines Corporation Layer 2 packet switching without look-up table for ethernet switches
CN112507087B (en) * 2020-12-21 2022-11-04 苏州三六零智能安全科技有限公司 Terminal equipment identification method, equipment, storage medium and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130191901A1 (en) * 2012-01-24 2013-07-25 Chuck A. Black Security actions based on client identity databases
CN102724188A (en) * 2012-06-08 2012-10-10 成都欣点科技有限公司 System and method for identifying identity of client in service field
CN107071085A (en) * 2017-04-19 2017-08-18 新华三技术有限公司 Network equipment MAC Address collocation method and device
CN112737825A (en) * 2020-12-23 2021-04-30 携程旅游信息技术(上海)有限公司 Log-based network device association method, system, device and storage medium
CN113595812A (en) * 2021-06-25 2021-11-02 深圳市联洲国际技术有限公司 Client identification method, device, storage medium and network equipment

Also Published As

Publication number Publication date
CN113595812A (en) 2021-11-02
CN113595812B (en) 2023-05-16

Similar Documents

Publication Publication Date Title
WO2022268226A1 (en) Client identification method and apparatus, and storage medium and network device
US10084713B2 (en) Protocol type identification method and apparatus
US9838278B2 (en) Self-learning device classifier
US8904524B1 (en) Detection of fast flux networks
US20160255110A1 (en) System and method for malware detection learning
US12003609B2 (en) Data flow classification method and packet forwarding device
WO2017107780A1 (en) Method, device and system for recognizing illegitimate proxy for charging fraud
WO2017206576A1 (en) Gateway service processing method and apparatus
CN107770132A (en) A kind of method and device detected to algorithm generation domain name
CN107690004B (en) Method and device for processing address resolution protocol message
CN106657434B (en) method and device for checking IP address
CN110213124A (en) Passive operation system identification method and device based on the more sessions of TCP
US20170041242A1 (en) Network system, communication analysis method and analysis apparatus
US20150200860A1 (en) Method and apparatus for packet classification
CN104113548A (en) Authentication message processing method and device
US20170134413A1 (en) System and method for connection fingerprint generation and stepping-stone traceback based on netflow
US10764307B2 (en) Extracted data classification to determine if a DNS packet is malicious
Chang et al. Study on os fingerprinting and nat/tethering based on dns log analysis
CN105939304B (en) Tunnel message parsing method and device
US12170665B2 (en) Client identification method and apparatus, and storage medium and network device
JP2023165633A (en) System and method for machine learning based malware detection
CN107786496B (en) Early warning method and device for ARP (Address resolution protocol) table entry spoofing attack of local area network
CN116471101A (en) Network security management method, device, equipment and machine-readable storage medium
CN109905325B (en) Traffic guiding method and traffic identification equipment
CN107086965B (en) ARP (Address resolution protocol) table entry generation method and device and switch

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22827718

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22827718

Country of ref document: EP

Kind code of ref document: A1