CN108173834A - Terminal fingerprints technology identifies " all-purpose card " network terminal - Google Patents

Terminal fingerprints technology identifies " all-purpose card " network terminal Download PDF

Info

Publication number
CN108173834A
CN108173834A CN201711421507.4A CN201711421507A CN108173834A CN 108173834 A CN108173834 A CN 108173834A CN 201711421507 A CN201711421507 A CN 201711421507A CN 108173834 A CN108173834 A CN 108173834A
Authority
CN
China
Prior art keywords
terminal
network
port
equipment
purpose card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711421507.4A
Other languages
Chinese (zh)
Inventor
杨子仪
王靛
刘晓冬
刘鹤
任强
***
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201711421507.4A priority Critical patent/CN108173834A/en
Publication of CN108173834A publication Critical patent/CN108173834A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention discloses a kind of Terminal fingerprints technology identification " all-purpose card " network terminal.The network terminal does not influence existing network environment and data flow, "bottleneck" is not present, and will not increase network delay using bypass deployment networking;Active scanning techniques compensate for traditional firewall passive type safety equipment, can not dynamic adjustable strategies the defects of, crisis generation before, make an initiative sally adjustable strategies in advance;Counterfeit detection, it solves legacy network devices and is concerned only with data packet, whether the defects of being not concerned with terminal network behavior can online with active probe to device port, active probe host equipment, detection application program version, more accurate analysis and identification headend equipment type.The basis such as traditional firewall identification equipment IP, MAC Address is solved easily by counterfeit facility information.

Description

Terminal fingerprints technology identifies " all-purpose card " network terminal
Technical field
The present invention relates to the network terminal communications fields, and in particular to a kind of Terminal fingerprints technology identification " all-purpose card " network is whole End.
Background technology
As " all-purpose card " technology is increasingly mature, " all-purpose card " online management is realized substantially.During construction, though The technologies such as (VLAN) carry out the division of security domain by the way of logic isolation in right private network, but are still physically same throw the net Network, and since the headend equipments such as access-control card reader and server, office PC are in same network of throwing the net, often add ACL and get through two The network of a logic isolation more since headend equipment distribution is wide, runs without interruption, and unattended characteristic, these give network-side The management of point access brings challenges and risk.Front end access control equipment, card-issuing equipment, card-reading apparatus connect network exchange by cable Machine connect with entire management system, once hacker occur illegally pulls up headend equipment cable, connects computer accessing network, The behaviors such as network attack, data theft are carried out, the serious consequences such as sensitive information leakage, network paralysis, ID card duplication will be generated. Prevent the illegal access device of endpoint, private from connecing equipment, the access of counterfeit equipment etc., foundation finds, monitors, stops and integrated three-dimensional prevents Imperial system, is blocking a little for " all-purpose card " private network terminal access.Therefore, in order to ensure the safety of system, it has to be possible to identify Headend equipment, and the effectively legitimacy of the data of management and control transmission.
The passive types safety such as the current main safety protection equipment of " all-purpose card " network is traditional firewall, IDS, IPS Equipment is mainly threatened to identify by judging that data packet obtains IP, port and protocol, can not accurately go out headend equipment type.It is existing Network safety prevention equipment be mainly fire wall, fire wall be by differentiating the IP of data packet, port and protocol is protected. Existing network safety prevention equipment is mainly fire wall, and fire wall is by differentiating the IP of data packet, port and protocol progress Protection.IP, the port and protocol of counterfeit data packet are easy to by computer, cheats fire wall, realizes that headend equipment is counterfeit.
In order to solve problem above, the present invention proposes a kind of Terminal fingerprints technology identification " all-purpose card " network terminal, leads to Reduction communication bandwidth occupancy is crossed, further improves Data transmitting and receiving efficiency.
Invention content
The object of the present invention is to provide a kind of Terminal fingerprints technologies to identify " all-purpose card " network terminal, in order to maximumlly carry The response and disposition speed, " all-purpose card " terminal access equipment for rising systemic defence use active and passive two kinds of Detection Techniques, Terminal security access equipment is disposed in front end, real by identifying the information such as headend equipment transmitting network data condition code, log-in protocol Now there was only credit equipment access network, real-time blocking is carried out to non-credit equipment, and pass through platform and link Real-time Alarm;Secondly, The network access behavior of the headend equipment of certification is identified by, it is only allowed to transmit predetermined application and data.So i.e. Make to have attacker to pass through forged identity access network of assuming another's name to be attacked, it also can be by real-time blocking, you can realize that headend equipment connects Enter " credible ", equipment behavior " controllable " sets up credible, controllable efficient access between headend equipment and backend services system Channel.
The present invention provides following schemes:
A kind of Terminal fingerprints technology identifies " all-purpose card " network terminal, and the network terminal is not influenced using bypass deployment networking Existing network environment and data flow, "bottleneck" are not present, and will not increase network delay;Active scanning techniques compensate for tradition Fire wall passive type safety equipment, can not dynamic adjustable strategies the defects of, crisis generation before, make an initiative sally and adjust plan in advance Slightly;The defects of counterfeit detection solves legacy network devices and is concerned only with data packet, is not concerned with terminal network behavior.
Optionally, the network terminal uses data traffic Baseline, by analyzing the flow of particular device, carries out flow base Line model is established, and the equipment of specified type is determined whether by machine learning, so that it is determined that device-fingerprint, whether judgement equipment It is legal to close rule;Terminal fingerprints technology by study, the analysis to terminal system, port information, establishes terminal baseline, passes through machine The mode of device study judges Terminal fingerprints, and fingerprint classification is carried out to terminal, and blocking processing is carried out to illegal terminal;Interrupter technique, All flows are mainly intercepted using network layer, transport layer intercepts TCP connection.
Optionally, Terminal fingerprints technology includes detecting host, port scan, version detection, OS Detection Techniques, parsing terminal Network external feature when external feature changes, is determined as illegal.
Optionally, detecting host refers to whether four kinds of different types of data packets of transmission are online to detect destination host, A1), ICMP echo request, b1), a TCP SYN packet to port 443, c1), a TCPACK packetto Port 80, d1), an ICMP timestamp request.
Optionally, port scan refers to:A2), TCP SYN detect port shutdown;B2), TCP SYN detect port and open It puts.
Optionally, version detection refers to:A3 open and open) are first checked for | whether arranging the port of filtered states Except in port list;If in Exclude Lists, which is rejected;B3), if TCP port, TCP connection is established in trial;It tastes Examination waits for 6 seconds or more;Within the stand-by period, target machine can be received and send " WelcomeBanner " information;Terminal will connect Signature in the Banner and services-probes that receive in NULLprobe is compared;Search the name of corresponding application program Word and version information;C3) if, application version can not be determined by " Welcome Banner ", then terminal reattempts Other detection packets are sent, i.e., suitable probe is selected from services-probes, probe is obtained to reply packet and data Signature in library is compared;If concrete application can not all be obtained by detecting repeatedly, then printed using returned packet, allowed use Family voluntarily further judges;D3), if udp port, then directly visited using detection packet in services-probes Survey matching;UDP application service types are analyzed according to Comparative result;E3) if, to detect application program be SSL, then call OpenSSL further investigates the specific application type operated on SSL;F3) if, detect application program and be SunRPC, then brute-force RPC grinder is called further to detect specific service.
According to specific embodiment provided by the invention, the invention discloses following technique effects:
A kind of Terminal fingerprints technology identification " all-purpose card " network terminal of the present invention, bypass deployment do not influence existing network Environment and data flow, "bottleneck" are not present, and will not increase network delay.Active scan, compensate for traditional firewall, IDS, The passive types safety equipment such as IPS, can not dynamic adjustable strategies the defects of, can again crisis generation before, make an initiative sally and adjust in advance Whole strategy.The defects of counterfeit detection solves legacy network devices and is concerned only with data packet, is not concerned with terminal network behavior.
Description of the drawings
It in order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to institute in embodiment Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the present invention Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these attached drawings Obtain other attached drawings.
Fig. 1 identifies " all-purpose card " network terminal network deployment diagram for a kind of Terminal fingerprints technology of the present invention;
Fig. 2 identifies " all-purpose card " network terminal fingerprint technique flow chart for a kind of Terminal fingerprints technology of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without making creative work Embodiment shall fall within the protection scope of the present invention.
The object of the present invention is to provide a kind of Terminal fingerprints technologies to identify " all-purpose card " network terminal realization device and method, By reducing communication bandwidth occupancy, Data transmitting and receiving efficiency is further improved.
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, it is below in conjunction with the accompanying drawings and specific real Applying mode, the present invention is described in further detail.
A kind of Terminal fingerprints technology identifies " all-purpose card " network terminal, and the network terminal is not influenced using bypass deployment networking Existing network environment and data flow, "bottleneck" are not present, and will not increase network delay;Active scanning techniques compensate for tradition Fire wall passive type safety equipment, can not dynamic adjustable strategies the defects of, crisis generation before, make an initiative sally and adjust plan in advance Slightly;The defects of counterfeit detection solves legacy network devices and is concerned only with data packet, is not concerned with terminal network behavior.
The network terminal uses data traffic Baseline, by analyzing the flow of particular device, carries out flow baseline model It establishes, the equipment of specified type is determined whether by machine learning, so that it is determined that device-fingerprint, judges the whether legal conjunction of equipment Rule;Terminal fingerprints technology by study, the analysis to terminal system, port information, establishes terminal baseline, passes through machine learning Mode judge Terminal fingerprints, to terminal carry out fingerprint classification, to illegal terminal carry out blocking processing;Interrupter technique is mainly adopted All flows are intercepted with network layer, transport layer intercepts TCP connection.
Terminal fingerprints technology includes detecting host, port scan, and version detects, and OS Detection Techniques are parsed outside terminal network In feature, when external feature changes, it is determined as illegal.
Detecting host refers to send four kinds of different types of data packets come whether online, the a1 that detects destination host), ICMP Echo request, b1), a TCP SYN packet to port 443, c1), a TCP ACKpacket to port 80, d1)、an ICMP timestamp request。
Port scan refers to:A2), TCP SYN detect port shutdown;B2), TCP SYN detect open-ended.
Version detection refers to:A3 open and open) are first checked for | whether the port of filtered states is excluding port row In table;If in Exclude Lists, which is rejected;B3), if TCP port, TCP connection is established in trial;It attempts to wait for 6 Second or more;Within the stand-by period, target machine can be received and send " WelcomeBanner " information;Terminal will receive Banner is compared with the signature in NULL probe in services-probes;Search the name of corresponding application program with Version information;C3) if, application version can not be determined by " Welcome Banner ", then terminal reattempts transmission Other detection packets, i.e., select suitable probe from services-probes, and probe is obtained replying in packet and database Signature compared;If concrete application can not all be obtained by detecting repeatedly, then printed using returned packet, allowed user certainly Row further judgement;D3), if udp port, then directly carry out detection using detection packet in services-probes Match;UDP application service types are analyzed according to Comparative result;E3) if, to detect application program be SSL, then call OpenSSL further investigates the specific application type operated on SSL;F3) if, detect application program and be SunRPC, then brute-force RPC grinder is called further to detect specific service.
The response of maximized lifting system defence of the invention and disposition speed, " all-purpose card " terminal access equipment use master Dynamic and passive two kinds of Detection Techniques dispose terminal security access equipment, by identifying headend equipment transmitting network data in front end The information such as condition code, log-in protocol are realized and there was only credit equipment access network, real-time blocking is carried out, and lead to non-credit equipment Cross platform linkage Real-time Alarm;Secondly, the network access behavior of the headend equipment of certification is identified by, only allows its transmission advance Determining application and data.Accordingly even when have attacker by forged identity assume another's name access network attacked, also can be real-time It blocks, you can realize headend equipment access " credible ", equipment behavior " controllable " is built between headend equipment and backend services system Erect credible, controllable efficient access channel.
Specific case used herein is expounded the principle of the present invention and embodiment, and above example is said The bright method and its core concept for being merely used to help understand the present invention;Meanwhile for those of ordinary skill in the art, foundation The thought of the present invention, in specific embodiments and applications there will be changes.In conclusion the content of the present specification is not It is interpreted as limitation of the present invention.

Claims (6)

1. a kind of Terminal fingerprints technology identifies " all-purpose card " network terminal, which is characterized in that the network terminal uses bypass section Networking is affixed one's name to, does not influence existing network environment and data flow, "bottleneck" is not present, and will not increase network delay;Active scan skill Art compensates for traditional firewall passive type safety equipment, can not dynamic adjustable strategies the defects of, crisis generation before, actively go out Hit adjustable strategies in advance;Counterfeit detection solves legacy network devices and is concerned only with data packet, is not concerned with lacking for terminal network behavior It falls into.
2. a kind of Terminal fingerprints technology identification " all-purpose card " network terminal according to claim 1, which is characterized in that described The network terminal uses data traffic Baseline, by analyzing the flow of particular device, carries out flow baseline model foundation, passes through The equipment that machine learning determines whether specified type, so that it is determined that device-fingerprint, whether judgement equipment is legal to be closed rule;Terminal refers to Line technology by study, the analysis to terminal system, port information, is established terminal baseline, is judged by way of machine learning Terminal fingerprints, fingerprint classification is carried out to terminal, and blocking processing is carried out to illegal terminal;Interrupter technique is mainly blocked using network layer Cut all flows, transport layer intercepts TCP connection.
3. Terminal fingerprints technology according to claim 2 identifies " all-purpose card " network terminal realization device, which is characterized in that The Terminal fingerprints technology includes detecting host, port scan, version detection, OS Detection Techniques, the parsing external spy of terminal network Sign, when external feature changes, is determined as illegal.
4. Terminal fingerprints technology according to claim 3 identifies " all-purpose card " network terminal realization device, which is characterized in that The detecting host refers to send four kinds of different types of data packets come whether online, the a1 that detects destination host), ICMP echo Request, b1), a TCP SYN packet to port 443, c1), a TCPACKpacket to port 80, d1), an ICMP timestamp request。
5. Terminal fingerprints technology according to claim 3 identifies " all-purpose card " network terminal realization device, which is characterized in that The port scan refers to:A2), TCP SYN detect port shutdown;B2), TCP SYN detect open-ended.
6. Terminal fingerprints technology according to claim 3 identifies " all-purpose card " network terminal realization device, which is characterized in that The version detection refers to:A3 open and open) are first checked for | whether the port of filtered states is excluding port list It is interior;If in Exclude Lists, which is rejected;B3), if TCP port, TCP connection is established in trial;It attempts to wait for 6 seconds Or more;Within the stand-by period, target machine can be received and send " WelcomeBanner " information;Terminal will receive Banner is compared with the signature in NULL probe in services-probes;Search the name of corresponding application program with Version information;C3) if, application version can not be determined by " Welcome Banner ", then terminal reattempts transmission Other detection packets, i.e., select suitable probe from services-probes, and probe is obtained replying in packet and database Signature compared;If concrete application can not all be obtained by detecting repeatedly, then printed using returned packet, allowed user certainly Row further judgement;D3), if udp port, then directly carry out detection using detection packet in services-probes Match;UDP application service types are analyzed according to Comparative result;E3) if, to detect application program be SSL, then call OpenSSL further investigates the specific application type operated on SSL;F3) if, detect application program and be SunRPC, then brute-force RPC grinder is called further to detect specific service.
CN201711421507.4A 2017-12-25 2017-12-25 Terminal fingerprints technology identifies " all-purpose card " network terminal Pending CN108173834A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711421507.4A CN108173834A (en) 2017-12-25 2017-12-25 Terminal fingerprints technology identifies " all-purpose card " network terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711421507.4A CN108173834A (en) 2017-12-25 2017-12-25 Terminal fingerprints technology identifies " all-purpose card " network terminal

Publications (1)

Publication Number Publication Date
CN108173834A true CN108173834A (en) 2018-06-15

Family

ID=62520347

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711421507.4A Pending CN108173834A (en) 2017-12-25 2017-12-25 Terminal fingerprints technology identifies " all-purpose card " network terminal

Country Status (1)

Country Link
CN (1) CN108173834A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935212A (en) * 2020-06-29 2020-11-13 杭州创谐信息技术股份有限公司 Security router and Internet of things security networking method based on security router

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101699787A (en) * 2009-11-09 2010-04-28 南京邮电大学 Worm detection method used for peer-to-peer network
US20150046984A1 (en) * 2012-06-07 2015-02-12 Wells Fargo Bank, N.A. Dynamic authentication in alternate operating environment
CN104796261A (en) * 2015-04-16 2015-07-22 长安大学 Secure access control system and method for network terminal nodes
CN105429996A (en) * 2015-12-15 2016-03-23 浙江远望信息股份有限公司 Method for intelligently finding and locating address translation equipment
CN106936667A (en) * 2017-04-17 2017-07-07 东南大学 A kind of main frame real-time identification method based on application rs traffic distributed analysis

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101699787A (en) * 2009-11-09 2010-04-28 南京邮电大学 Worm detection method used for peer-to-peer network
US20150046984A1 (en) * 2012-06-07 2015-02-12 Wells Fargo Bank, N.A. Dynamic authentication in alternate operating environment
CN104796261A (en) * 2015-04-16 2015-07-22 长安大学 Secure access control system and method for network terminal nodes
CN105429996A (en) * 2015-12-15 2016-03-23 浙江远望信息股份有限公司 Method for intelligently finding and locating address translation equipment
CN106936667A (en) * 2017-04-17 2017-07-07 东南大学 A kind of main frame real-time identification method based on application rs traffic distributed analysis

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
请叫我美女SKY: ""Nmap使用指南"", 《HTTPS://WWW.CNBLOGS.COM/SKY/P/5769988.HTML》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935212A (en) * 2020-06-29 2020-11-13 杭州创谐信息技术股份有限公司 Security router and Internet of things security networking method based on security router
CN111935212B (en) * 2020-06-29 2023-05-09 杭州创谐信息技术股份有限公司 Security router and Internet of things security networking method based on security router

Similar Documents

Publication Publication Date Title
CN105227383B (en) A kind of device of network topology investigation
CN105450442B (en) A kind of network topology investigation method and its system
US7409714B2 (en) Virtual intrusion detection system and method of using same
US7100201B2 (en) Undetectable firewall
US7370354B2 (en) Method of remotely managing a firewall
US11509501B2 (en) Automatic port verification and policy application for rogue devices
EP2448211B1 (en) Method, system and equipment for detecting botnets
US20080134300A1 (en) Method for Improving Security of Computer Networks
US20060140127A1 (en) Apparatus for displaying network status
Osanaiye et al. TCP/IP header classification for detecting spoofed DDoS attack in Cloud environment
CN109587156A (en) Abnormal network access connection identification and blocking-up method, system, medium and equipment
Sung et al. Protecting end-device from replay attack on LoRaWAN
CN102438028A (en) Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server
KR20150090925A (en) Method for detecting bypass access through anonymous network using round trip time variation
KR101045330B1 (en) Method for detecting http botnet based on network
CN101888296B (en) Method, device, equipment and system for detecting shadow user
CN102045310B (en) Industrial Internet intrusion detection as well as defense method and device
CN105007271B (en) A kind of recognition methods and system of ddos attack Botnet
CN101399709B (en) Method, device and system for network monitoring
CN108173834A (en) Terminal fingerprints technology identifies " all-purpose card " network terminal
US8724506B2 (en) Detecting double attachment between a wired network and at least one wireless network
KR20060057916A (en) Method and apparatus for generating network packet which includes the attack packet generation functionality for information security system testing
CN111064731B (en) Identification method and identification device for access authority of browser request and terminal
Jadhav et al. Detection and mitigation of ARP spoofing attack
Bharti et al. A Review on Detection of Session Hijacking and Ip Spoofing.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180615

RJ01 Rejection of invention patent application after publication