CN112087756A - Communication method and device for preventing malicious user from accessing - Google Patents

Communication method and device for preventing malicious user from accessing Download PDF

Info

Publication number
CN112087756A
CN112087756A CN202010777310.XA CN202010777310A CN112087756A CN 112087756 A CN112087756 A CN 112087756A CN 202010777310 A CN202010777310 A CN 202010777310A CN 112087756 A CN112087756 A CN 112087756A
Authority
CN
China
Prior art keywords
signal
user
malicious
terminal
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010777310.XA
Other languages
Chinese (zh)
Inventor
彭木根
乔亚娟
刘杨
陈文韵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202010777310.XA priority Critical patent/CN112087756A/en
Publication of CN112087756A publication Critical patent/CN112087756A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a communication method and a device for preventing malicious users from accessing, wherein the method comprises the following steps: acquiring wireless signals in a detection range, and determining target signals in a preset frequency band from the wireless signals according to a signal frequency table; extracting the signal characteristics of the target signal, and processing the signal characteristics according to the malicious signal identification model to obtain the category of the target signal; if the type of the target signal is a legal signal, detecting the terminal information according to a preset detection strategy; and if the category of the target signal is a malicious signal, rejecting the access of the target signal. According to the method and the device, malicious users can be prevented from accessing, and the communication safety is improved.

Description

Communication method and device for preventing malicious user from accessing
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication method and apparatus for preventing access of a malicious user.
Background
The wireless communication system carries network communication tasks and provides a plurality of services such as voice, web browsing, multimedia services and the like for users. With the development of the fifth generation (5G) wireless communication and the increase of the wireless service demand, the wireless communication network has been extensively researched to meet the requirements of enhanced mobile broadband, ultra-reliable low-delay communication and large-scale machine type communication.
The 5G network is based on a software defined slicing platform and edge calculation, the fusion of artificial intelligence and big data mining is utilized, the deep fusion of a vertical industry and a mobile network is promoted, so that diversified application scenes are supported, the network security boundary is fuzzy due to network marginalization and software virtualization, and the security problem caused by a network security architecture is increasingly highlighted. Meanwhile, the wireless communication network is easy to become the target of an attacker, and the attacker can influence the normal use of other legal users by executing illegal operations, and even cause various safety problems. For example, an attacker may launch active attacks such as impersonation, forgery, tampering, replay, etc., against users and networks, or launch passive attacks by eavesdropping, tracing, etc.
At present, a safe and efficient communication scheme is needed for meeting the safety protection requirements in the fusion fields of 5G, industrial Internet and the like and solving the problems of abnormal access, paralysis of a communication system and the like caused by the fact that a user attacks the communication system.
Disclosure of Invention
The present application is directed to solving, at least to some extent, one of the technical problems in the related art.
Therefore, the application provides a communication method, a device, equipment and a storage medium for preventing malicious users from accessing.
An embodiment of a first aspect of the present application provides a communication method for preventing a malicious user from accessing, including:
acquiring wireless signals in a detection range, and determining target signals in a preset frequency band from the wireless signals according to a signal frequency table;
extracting the signal characteristics of the target signal, and processing the signal characteristics according to a malicious signal identification model to acquire the category of the target signal;
if the type of the target signal is a legal signal, detecting the terminal information according to a preset detection strategy so as to carry out communication according to the detection result of the terminal information;
and if the category of the target signal is a malicious signal, rejecting the access of the target signal.
In addition, the communication method for preventing the malicious user from accessing according to the above embodiment of the present application may further have the following additional technical features:
optionally, the detecting the terminal information according to a preset detection policy includes: acquiring power information of a terminal, and determining a target terminal in a preset power range according to the power information; acquiring a lead code corresponding to the target terminal, if a terminal response message of the target terminal has a lead identifier which is the same as the lead code, determining that the target terminal is a legal terminal, and executing a user service identification process; if the terminal response message does not identify the preamble identifier which is the same as the preamble code, retransmitting the preamble code, and counting the retransmission times of the preamble code; and when the retransmission times are greater than the preset times, determining that the target terminal is a malicious terminal, and rejecting the service request of the target terminal.
Optionally, the executing the user service identification process includes: acquiring statistical characteristics of user service data, wherein the statistical characteristics comprise data arrival intervals and stream duration; inputting the statistical characteristics into a random forest model for processing to obtain a user category; if the user category is a legal user, executing a core network authentication process; and if the user category is a malicious user, informing the core network to add the user into a malicious user blacklist.
Optionally, the executing the core network authentication procedure includes: identifying each user to be accessed, and comparing the malicious user blacklist with the identification result of the user to be accessed; if the user to be accessed is a malicious user, refusing the authorization and authentication of the user to be accessed; if the user to be accessed is not a malicious user, authentication is carried out through an authentication protocol based on a symmetric password system, and if the authentication is successful, a communication link between the user to be accessed and a service system is allowed to be established.
Optionally, the signal features include bandwidth, center frequency, power peak, statistical features of instantaneous phase, wavelet domain features, cyclostationary features, and higher order statistics.
Optionally, the malicious signal identification model is obtained by training through the following steps: mapping the signal characteristics of the sample signals to a low-dimensional space through unsupervised learning, clustering the sample signals in a subspace, and allocating a first class label to a clustering result; carrying out supervised learning according to the sample signals marked with the second class labels; and performing category matching by comparing the first category label with the second category label, and training the malicious signal identification model according to a matching result.
Optionally, the random forest model is obtained by training through the following steps: extracting samples from an original sample set in a random and repeatable extraction mode to obtain K training sets; constructing a decision tree according to the extracted samples, wherein the K training sets correspond to K decision tree models; and obtaining the prediction result of each decision tree model in the K decision tree models, and training the K decision tree models according to the prediction result of each decision tree model.
An embodiment of a second aspect of the present application provides a communication apparatus for preventing a malicious user from accessing, including:
the acquisition module is used for acquiring wireless signals in a detection range and determining target signals in a preset frequency band from the wireless signals according to a signal frequency table;
the signal identification module is used for extracting the signal characteristics of the target signal, processing the signal characteristics according to a malicious signal identification model and acquiring the category of the target signal;
the first signal processing module is used for detecting the terminal information according to a preset detection strategy if the type of the target signal is a legal signal so as to carry out communication according to the detection result of the terminal information;
and the second signal processing module refuses the access of the target signal if the type of the target signal is a malicious signal.
An embodiment of a third aspect of the present application provides a computer device, including a processor and a memory; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to implement the communication method for preventing the access of the malicious user according to the embodiment of the first aspect.
A fourth aspect of the present application is directed to a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the communication method for preventing access by a malicious user according to the first aspect.
One embodiment in the above application has the following advantages or benefits: due to the adoption of the method, the target signal in the preset frequency band is determined from the wireless signals according to the signal frequency table, wherein the wireless signals in the detection range are obtained; extracting the signal characteristics of the target signal, and processing the signal characteristics according to the malicious signal identification model to obtain the category of the target signal; if the type of the target signal is a legal signal, detecting the terminal information according to a preset detection strategy; and if the category of the target signal is a malicious signal, rejecting the access of the target signal. According to the method and the device, the malicious signals can be identified based on the malicious signal identification model, the access of the malicious signals is refused, and the communication safety is improved.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
Fig. 1 is a schematic flowchart of a communication method for preventing access of a malicious user according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of signal identification according to an embodiment of the present disclosure;
fig. 3 is a flowchart illustrating another communication method for preventing access by a malicious user according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of terminal information detection according to an embodiment of the present disclosure;
fig. 5 is a flowchart illustrating another communication method for preventing access by a malicious user according to an embodiment of the present disclosure;
fig. 6 is a schematic flowchart of a user service identification according to an embodiment of the present application;
fig. 7 is a schematic flowchart of core network authentication according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a communication apparatus for preventing a malicious user from accessing according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
The following describes a communication method, device and equipment for preventing access of a malicious user according to an embodiment of the present application with reference to the drawings.
Fig. 1 is a schematic flowchart of a communication method for preventing access by a malicious user according to an embodiment of the present application, where as shown in fig. 1, the method includes:
step 101, acquiring a wireless signal in a detection range, and determining a target signal in a preset frequency band from the wireless signal according to a signal frequency table.
The communication method for preventing the malicious user from accessing can be applied to a base station or an access point.
In this embodiment, the base station/access point identifies the wireless signal in the natural noise, and then dynamically detects the wireless signal within its own detection range. Detection of the unauthorized signal is accomplished by checking whether the signal is in the correct frequency band to determine the unauthorized signal against a list of authorized signal frequencies approved by the radio regulatory agency. For a target signal in a preset frequency band, further extracting the signal characteristics of the target signal; and for the signals which are not in the preset frequency band, determining the signals as the unauthorized signals, and rejecting the access of the unauthorized signals by the base station/access point.
And 102, extracting the signal characteristics of the target signal, processing the signal characteristics according to the malicious signal identification model, and acquiring the category of the target signal.
In this embodiment, for the case that the target signal is abnormal due to illegal transmission, frequency shift transmission, super-level transmission, super-bandwidth transmission, and the like, the signal feature of the target signal is extracted, and the extracted signal feature is subjected to dimension reduction processing, that is, redundant features are removed.
The signal characteristics of the target signal include, but are not limited to, bandwidth, center frequency, power peak, statistical characteristics of instantaneous phase, wavelet domain characteristics of the signal, cyclostationary characteristics, higher order statistics of the signal.
In this embodiment, the signal characteristics are processed according to the malicious signal identification model, and the category of the target signal is obtained, where the category of the target signal includes a legal signal and a malicious signal.
As a possible implementation manner, the malicious signal identification model is implemented by the following manner: mapping the signal characteristics of the sample signals to a low-dimensional space through unsupervised learning, clustering the sample signals in a random subspace, and allocating a first class label to a clustering result; carrying out supervised learning according to the sample signals marked with the second class labels; and performing category matching by comparing the first category label with the second category label, and training a malicious signal identification model according to a matching result.
Specifically, S1 randomly selects k points from all sample points as initial cluster centers, and divides each sample point into clusters corresponding to the closest initial cluster center points based on euclidean metric criteria. And then, the central points of all samples in each cluster are used as new cluster centers to replace the original central points. When the central point is unchanged or reaches a preset iteration number, the error square sum in the cluster is minimum through iteration, and the algorithm is terminated.
And S2, determining a classification hyperplane in the feature space by using a support vector machine, wherein the classification hyperplane is used for separating the samples, and under the condition of accurately dividing all the training set samples, the classification interval is maximized. And then, obtaining a global optimal solution through the local convergence extremum.
And S3, carrying out supervised learning by using a small number of parts of labeled data, and carrying out class matching by comparing the supervised and unsupervised class labels, wherein the classes comprise malicious signals and legal signals.
And 103, if the type of the target signal is a legal signal, detecting the terminal information according to a preset detection strategy so as to communicate according to the detection result of the terminal information.
And 104, if the category of the target signal is a malicious signal, rejecting the access of the target signal.
In this embodiment, if the type of the target signal is a legal signal, the terminal information is detected according to a preset detection strategy; and if the category of the target signal is a malicious signal, rejecting the access of the target signal. Specifically, denying signal access is implemented as follows: the base station/access point sends down control information to make the uplink transmitting power of the signal lowest and initiate uplink random access within the longest delay time.
For example, as shown in fig. 2, the base station/access point identifies wireless signals in natural noise, determines authorized and unauthorized signals against a table of authorized signal frequencies, and denies access to the signals for the unauthorized signals. And extracting signal characteristics and reducing dimensions of the authorization signal, determining whether the authorization signal is a malicious signal or not through a malicious signal identification model, if so, rejecting the access of the signal, and if not, executing terminal information detection.
According to the communication method for preventing the malicious user from accessing, the malicious signals in the wireless signals are identified through the malicious signal identification model, the terminal detection is executed on the legal signals, the malicious signals are refused to access, and for network security mechanisms such as 'hanging type' and 'patch type', the boundary security protection technology based on the wireless communication is only established, the signal identification based on the endogenous security is realized, the high-efficiency and high-availability security protection requirements of the fusion fields such as 5G and industrial Internet are effectively met, the malicious signal access can be prevented, and the communication security is improved.
Based on the foregoing embodiment, fig. 3 is a schematic flowchart of another communication method for preventing access by a malicious user according to an embodiment of the present application, and as shown in fig. 3, after determining that a category of a target signal is a legal signal, the method further includes:
step 201, obtaining power information of a terminal, and determining a target terminal in a preset power range according to the power information.
In this embodiment, after determining that the type of the target signal is a legal signal, the terminal information is detected according to a preset detection strategy. Specifically, when the terminal applies for uplink resources from the base station, the terminal information is detected through MSG1, that is, power level of UE implicitly notified to the base station/access point in preamble transmission.
As an example, the UE power classes include: 23dBm, 20dBm and 14dBm, if the power information of the terminal is greater than 23dBm or less than 14dBm, determining that the terminal is an abnormal terminal; and if the power information of the terminal is between 14dBm and 23dBm, the terminal is taken as a target terminal.
It should be noted that, according to the power information of the terminal, when the power of the terminal itself is 14dBm-23dBm and the Msg2 contains the preamble that has been sent by the terminal device, the base station/access point determines that the random access response is successful, otherwise, determines that the random access response is not received successfully and needs to be accessed again.
Step 202, obtaining a preamble corresponding to the target terminal, if a terminal response message of the target terminal has a preamble identifier identical to the preamble, determining that the target terminal is a legal terminal, and executing a user service identification process.
In this embodiment, the Msg3 may include different content for different scenarios such as initial access, connection access, and handover. And if a random access preamble identifier in the terminal response message is the same as the preamble sent by the base station/access point, determining that the terminal is a legal terminal, and successfully receiving the response.
Step 203, if the terminal response message does not identify the preamble identifier identical to the preamble, resending the preamble, and counting the retransmission times of the preamble.
In this embodiment, if the terminal response message does not identify the preamble identifier that is the same as the preamble, the base station/access point retransmits the preamble, adds 1 to the transmission frequency of the transmitted preamble, and counts the retransmission frequency of the preamble.
Optionally, if the terminal receives the response message but fails to correctly parse the response message to identify the preamble of the terminal, the base station/access point considers that the reception of the response message fails, and retransmits the preamble, and the transmission number of the transmitted preamble is increased by 1.
And step 204, when the retransmission times are greater than the preset times, determining that the target terminal is a malicious terminal, and rejecting the service request of the target terminal.
In this embodiment, if the retransmission times of the preamble are greater than the preset times, it is determined that the target terminal is a malicious terminal, and the service request of the target terminal is rejected. Specifically, the downlink sends a random access response, where the random access response includes that the uplink transmission power of the malicious terminal is the lowest, and the uplink access message is initiated within the longest delay time.
For example, as shown in fig. 4, the bs/ap detects terminal information during a random access process, determines whether the terminal is an abnormal terminal according to the power of the terminal, and rejects a service request of the terminal if the terminal is an abnormal terminal. If the terminal is not abnormal, acquiring the retransmission times of the lead code sent by the base station/access point, determining whether the terminal is a malicious terminal or not according to the retransmission times, if so, rejecting the service request of the terminal, and if not, executing user service identification.
According to the communication method for preventing the malicious user from accessing, terminal identification based on endogenous safety is achieved, the malicious terminal can be identified, the service request of the malicious terminal is rejected, and the communication safety is further improved.
Based on the foregoing embodiment, fig. 5 is a schematic flowchart of another communication method for preventing access by a malicious user according to an embodiment of the present application, and as shown in fig. 5, after determining that a target terminal is a valid terminal, the method further includes:
step 301, obtaining statistical characteristics of user service data.
Wherein the statistical characteristics include data arrival interval, flow duration.
In this embodiment, after the target terminal is determined to be a valid terminal, the user service identification process is executed. Specifically, the base station/access point uses the storage capability and data processing capability of the network edge device to count the statistical characteristics of packet data arrival interval, flow duration, etc.
And step 302, inputting the statistical characteristics into a random forest model for processing, and acquiring the user category.
In the embodiment, classification and identification are realized by using a random forest algorithm in ensemble learning, and the user categories comprise legal users and malicious users.
As an example, if the same wireless random access signal is received more than N times in a unit time and the average duration of the accessed service is less than a preset duration, determining that the user category is a malicious user; otherwise, determining the user category as a legal user.
In one embodiment of the present application, the random forest model is obtained by: extracting samples from an original sample set in a random and repeatable extraction mode to obtain K training sets; constructing a decision tree according to the extracted samples, wherein K training sets correspond to K decision tree models; and obtaining the prediction result of each decision tree model in the K decision tree models, and training the K decision tree models according to the prediction result of each decision tree model.
Specifically, N training samples can be randomly and repeatedly extracted from an original sample set based on a Bootstrap sampling method, and K training sets are obtained by performing K rounds of extraction. Constructing a decision tree by the samples selected in the steps, wherein the decision tree node division rule is as follows: the d features are randomly selected without repeated selection, and the selected features are used to partition the nodes according to the objective function requirements, such as maximizing information gain. Repeating the above process for 1-2000 times. And summarizing the category of each decision tree, performing majority voting to generate a prediction result of the decision tree, and generating a user category by the average value of the prediction results of the K models, wherein the user category comprises malicious users and legal users.
Step 303, if the user category is a malicious user, the core network is notified to add the user to a malicious user blacklist.
For example, as shown in fig. 6, the base station/access point counts packet data arrival intervals, stream durations, and other characteristics, and identifies the user class by a random forest algorithm. If the user is a malicious user, the core network is informed to add the user into a blacklist, and if the user is not the malicious user, the core network authentication is executed.
Step 304, if the user category is a legal user, the core network authentication process is executed.
In this embodiment, the performing the core network authentication procedure includes: identifying each user to be accessed, and comparing the identification result of the user to be accessed with the identification result of the malicious user blacklist; if the user to be accessed is a malicious user, refusing the authorization and authentication of the user to be accessed; if the user to be accessed is not a malicious user, authentication is carried out through an authentication protocol based on a symmetric password system, if the authentication is successful, a communication link between the user to be accessed and a service system is allowed to be established, and if the authentication is failed, service is refused to be provided.
As an example, when initiating a packet data service, a user sends a ciphertext sui (user hidden Identifier) obtained by encrypting a public key to a base station, and the base station uploads the ciphertext sui to a core network, so as to identify a corresponding terminal of each user to be accessed on a side of the core network.
Specifically, S1, the user initiates a request for accessing the network to the base station, and sends a SUCI, i.e., an encrypted SUPI (Subscription Permanent Identifier) or GUTI (global uniform temporal UE Identity);
s2, after receiving the SUCI, the base station forwards the sucf (SEcurity Anchor Function) to the core network;
s3, the SEAF receives and analyzes the signaling, if the signaling is analyzed to GUTI, the corresponding SUPI is matched, if the signaling is analyzed to SUCI, decryption is not carried out, and an Authentication algorithm is called to AUSF (Authentication Server Function AU);
and S4, calling a decryption algorithm in the UDM to decrypt the SUCI into the SUPI, thereby identifying the corresponding terminal of each user to be accessed on the core network side. Wherein, the decryption algorithm of SUCI is executed once and is set in UDM of core network.
And S5, comparing the identification result with the identification result of the terminal corresponding to the user by importing the malicious user blacklist. If the access request is a malicious user, the authorization and authentication of the malicious user are refused so as to prohibit the malicious user from initiating the access base station request again. If the user is not a malicious user, authentication is carried out through an authentication protocol based on a symmetric cryptosystem, if the authentication is successful, a communication link between the user to be accessed and the service system is allowed to be established, and if the authentication is failed, the communication link between the user to be accessed and the service system is refused to be established.
Optionally, the secondary authentication protocol based on the symmetric cryptosystem is implemented as follows:
s441, generating a random number RANDDNAccording to RANDDNAnd IDDNCalculating M1And further according to M1And RANDDNGeneration of h1
Will (M)1,h1) Sending the data to a user;
s442, for the received M1Decrypting to obtain RANDDNAnd IDDNAnd further according to RANDDNAnd IDDNCalculate h1And the calculated h is compared with the received h1A comparison is made. If the values are not equal, the session is terminated. Otherwise, a random number RAND is generatedUEAccording to RANDUEAnd IDUECalculating M2And further according to M2And RANDUEGenerating a message authentication code h2
Will (M)2,h2) Sending to DN-AAA;
s443, for received M2Decrypting to obtain RANDUEAnd IDUEAnd further according to RANDUEAnd IDUECalculate h2And is associated with the received h2A comparison is made. If the values are not equal, the authentication fails. Otherwise, authentication is successful, by the RANDUECalculating M3According to M3Generation of h3
Will (M)3,h3) Sending the data to a user;
s444, for received M3Decrypting to obtain RANDUEAccording to RANDUECalculate h3And is associated with the received h3A comparison is made. If the numerical values are not equal, the authentication fails; otherwise, the authentication is successful, and the authentication success message is sent to DN-AAA.
Therefore, in the embodiment, the 5G network is used for providing services for the vertical industry, special safety requirements of users in different industries are met, secondary authentication is introduced before a data channel is provided for a specific service, namely authentication performed by establishing the data channel for the specific service after authentication performed when the user accesses the network. For example, when the 5G network is used to provide communication for a high-security service system, after the user passes the access authentication, the user further authenticates with the user terminal by using the credentials related to the service, and the 5G network is allowed to establish a communication link with the high-security service system for the user when the authentication passes, thereby improving the protection of the service system.
Optionally, the core network imports a malicious user blacklist, identifies and determines a malicious user, refuses the malicious user to pass authorization authentication, and prohibits the malicious user from initiating a request for re-accessing the base station/access point. And the core network stores the malicious user blacklist reported by the base station/access point in a local user blacklist database. The core network and the base station/access point exchange a newly added blacklist through a feedback link, and update a locally stored blacklist database according to the exchanged information.
For example, as shown in fig. 7, each user to be accessed is identified on the core network side, and a malicious user blacklist is imported for matching. If the user is a malicious user, the authorization and authentication of the malicious user are refused, and if the user is not the malicious user, the secondary authentication is executed.
According to the communication method for preventing the malicious user from accessing, the user identification based on the endogenous safety is realized, the malicious user can be identified and prevented from accessing, and the communication safety is further improved. In summary, the present application provides a communication method flow capable of preventing malicious users from accessing based on a unified authentication framework, making full use of storage capacity and data processing capacity of network edge devices, and taking comprehensive consideration of a user access mechanism for increasing endogenous security. Based on a unified authentication framework, the network security management of 'cohesion management' is realized by aggregating different security protocols and security mechanisms, and the network security management system has autonomous driving force for self discovery and self repair of general network attacks, ensures the security of a communication network, and provides a solution for promoting the network to evolve to the 'endogenous security' era. In addition, the method has convenient operation steps and better popularization prospect.
In order to implement the above embodiment, the present application further provides a communication device for preventing a malicious user from accessing.
Fig. 8 is a schematic structural diagram of a communication apparatus for preventing a malicious user from accessing according to an embodiment of the present application, and as shown in fig. 8, the apparatus includes: the device comprises an acquisition module 10, a signal identification module 20, a first signal processing module 30 and a second signal processing module 40.
The acquiring module 10 is configured to acquire a wireless signal within a detection range, and determine a target signal in a preset frequency band from the wireless signal according to a signal frequency table.
And the signal identification module 20 is configured to extract a signal feature of the target signal, process the signal feature according to a malicious signal identification model, and acquire a category of the target signal.
The first signal processing module 30 is configured to, if the type of the target signal is a legal signal, detect the terminal information according to a preset detection policy, so as to perform communication according to a detection result of the terminal information.
The second signal processing module 40, if the category of the target signal is a malicious signal, rejects the access of the target signal.
In one embodiment of the present application, the apparatus further comprises: the terminal access module is used for acquiring power information of a terminal and determining a target terminal in a preset power range according to the power information; acquiring a lead code corresponding to the target terminal, if a terminal response message of the target terminal has a lead identifier which is the same as the lead code, determining that the target terminal is a legal terminal, and executing a user service identification process; if the terminal response message does not identify the preamble identifier which is the same as the preamble code, retransmitting the preamble code, and counting the retransmission times of the preamble code; and when the retransmission times are greater than the preset times, determining that the target terminal is a malicious terminal, and rejecting the service request of the target terminal.
In one embodiment of the present application, the apparatus further comprises: the service access module is used for acquiring statistical characteristics of user service data, wherein the statistical characteristics comprise data arrival intervals and flow duration; inputting the statistical characteristics into a random forest model for processing to obtain a user category; if the user category is a legal user, executing a core network authentication process; and if the user category is a malicious user, informing the core network to add the user into a malicious user blacklist.
In one embodiment of the present application, the apparatus further comprises: the authentication module is used for identifying each user to be accessed and comparing the malicious user blacklist with the identification result of the user to be accessed; if the user to be accessed is a malicious user, refusing the authorization and authentication of the user to be accessed; if the user to be accessed is not a malicious user, authentication is carried out through an authentication protocol based on a symmetric password system, and if the authentication is successful, a communication link between the user to be accessed and a service system is allowed to be established.
In one embodiment of the present application, the signal features include bandwidth, center frequency, power peaks, statistical features of instantaneous phase, wavelet domain features, cyclostationary features, and higher order statistics.
In one embodiment of the present application, the malicious signal identification model is obtained by training through the following steps: mapping the signal characteristics of the sample signals to a low-dimensional space through unsupervised learning, clustering the sample signals in a subspace, and allocating a first class label to a clustering result; carrying out supervised learning according to the sample signals marked with the second class labels; and performing category matching by comparing the first category label with the second category label, and training the malicious signal identification model according to a matching result.
In one embodiment of the present application, the random forest model is trained by the following steps: extracting samples from an original sample set in a random and repeatable extraction mode to obtain K training sets; constructing a decision tree according to the extracted samples, wherein the K training sets correspond to K decision tree models; and obtaining the prediction result of each decision tree model in the K decision tree models, and training the K decision tree models according to the prediction result of each decision tree model.
The explanation of the communication method for preventing the malicious user from accessing in the foregoing embodiment is also applicable to the communication device for preventing the malicious user from accessing in this embodiment, and details are not repeated here.
The communication device for preventing the malicious user from accessing realizes malicious signal identification, malicious terminal identification and malicious user identification based on endogenous safety, effectively meets the high-efficiency and high-availability safety protection requirements of fusion fields such as 5G and industrial Internet, prevents the malicious user from accessing, and improves the communication safety. And based on a unified authentication framework, the storage capacity and the data processing capacity of the network edge equipment are fully utilized, a user access mechanism for increasing endogenous safety is comprehensively considered, and a communication method flow capable of preventing malicious users from accessing is provided.
In order to implement the above embodiments, the present application also provides a computer device, including a processor and a memory; wherein, the processor executes the program corresponding to the executable program code by reading the executable program code stored in the memory, so as to implement the communication method for preventing the access of the malicious user according to any of the foregoing embodiments.
In order to implement the foregoing embodiments, the present application further proposes a computer program product, wherein when the instructions in the computer program product are executed by a processor, the communication method for preventing the malicious user from accessing is implemented according to any one of the foregoing embodiments.
In order to implement the above embodiments, the present application also proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the communication method for preventing access by a malicious user according to any of the foregoing embodiments.
In the description of the present application, it is to be understood that the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims (10)

1. A communication method for preventing access by a malicious user, comprising:
acquiring wireless signals in a detection range, and determining target signals in a preset frequency band from the wireless signals according to a signal frequency table;
extracting the signal characteristics of the target signal, and processing the signal characteristics according to a malicious signal identification model to acquire the category of the target signal;
if the type of the target signal is a legal signal, detecting the terminal information according to a preset detection strategy so as to carry out communication according to the detection result of the terminal information;
and if the category of the target signal is a malicious signal, rejecting the access of the target signal.
2. The method of claim 1, wherein the detecting the terminal information according to the preset detection policy comprises:
acquiring power information of a terminal, and determining a target terminal in a preset power range according to the power information;
acquiring a lead code corresponding to the target terminal, if a terminal response message of the target terminal has a lead identifier which is the same as the lead code, determining that the target terminal is a legal terminal, and executing a user service identification process;
if the terminal response message does not identify the preamble identifier which is the same as the preamble code, retransmitting the preamble code, and counting the retransmission times of the preamble code;
and when the retransmission times are greater than the preset times, determining that the target terminal is a malicious terminal, and rejecting the service request of the target terminal.
3. The method of claim 2, wherein said performing a subscriber service identification procedure comprises:
acquiring statistical characteristics of user service data, wherein the statistical characteristics comprise data arrival intervals and stream duration;
inputting the statistical characteristics into a random forest model for processing to obtain a user category;
if the user category is a legal user, executing a core network authentication process;
and if the user category is a malicious user, informing the core network to add the user into a malicious user blacklist.
4. The method of claim 3, wherein the performing a core network authentication procedure comprises:
identifying each user to be accessed, and comparing the malicious user blacklist with the identification result of the user to be accessed;
if the user to be accessed is a malicious user, refusing the authorization and authentication of the user to be accessed;
if the user to be accessed is not a malicious user, authentication is carried out through an authentication protocol based on a symmetric password system, and if the authentication is successful, a communication link between the user to be accessed and a service system is allowed to be established.
5. The method of claim 1, wherein the signal features include bandwidth, center frequency, power peaks, statistical features of instantaneous phase, wavelet domain features, cyclostationary features, and higher order statistics.
6. The method of claim 1, wherein the malicious signal recognition model is trained by:
mapping the signal characteristics of the sample signals to a low-dimensional space through unsupervised learning, clustering the sample signals in a subspace, and allocating a first class label to a clustering result;
carrying out supervised learning according to the sample signals marked with the second class labels;
and performing category matching by comparing the first category label with the second category label, and training the malicious signal identification model according to a matching result.
7. A method as claimed in claim 3, wherein the random forest model is trained by:
extracting samples from an original sample set in a random and repeatable extraction mode to obtain K training sets;
constructing a decision tree according to the extracted samples, wherein the K training sets correspond to K decision tree models;
and obtaining the prediction result of each decision tree model in the K decision tree models, and training the K decision tree models according to the prediction result of each decision tree model.
8. A communications apparatus that blocks access by malicious users, comprising:
the acquisition module is used for acquiring wireless signals in a detection range and determining target signals in a preset frequency band from the wireless signals according to a signal frequency table;
the signal identification module is used for extracting the signal characteristics of the target signal, processing the signal characteristics according to a malicious signal identification model and acquiring the category of the target signal;
the first signal processing module is used for detecting the terminal information according to a preset detection strategy if the type of the target signal is a legal signal so as to carry out communication according to the detection result of the terminal information;
and the second signal processing module refuses the access of the target signal if the type of the target signal is a malicious signal.
9. A computer device comprising a processor and a memory;
wherein the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for implementing the communication method for preventing access by a malicious user according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out a communication method of blocking access by a malicious user according to any one of claims 1 to 7.
CN202010777310.XA 2020-08-05 2020-08-05 Communication method and device for preventing malicious user from accessing Pending CN112087756A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010777310.XA CN112087756A (en) 2020-08-05 2020-08-05 Communication method and device for preventing malicious user from accessing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010777310.XA CN112087756A (en) 2020-08-05 2020-08-05 Communication method and device for preventing malicious user from accessing

Publications (1)

Publication Number Publication Date
CN112087756A true CN112087756A (en) 2020-12-15

Family

ID=73736064

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010777310.XA Pending CN112087756A (en) 2020-08-05 2020-08-05 Communication method and device for preventing malicious user from accessing

Country Status (1)

Country Link
CN (1) CN112087756A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112713959A (en) * 2020-12-23 2021-04-27 几维通信技术(深圳)有限公司 5G terminal shielding system and method
CN113950054A (en) * 2021-07-23 2022-01-18 恒安嘉新(北京)科技股份公司 Number identification method and device, electronic equipment and storage medium
CN117062192A (en) * 2023-10-11 2023-11-14 深圳市微琪思网络有限公司 Method and system for establishing wireless connection of electric iron based on artificial intelligence algorithm

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112713959A (en) * 2020-12-23 2021-04-27 几维通信技术(深圳)有限公司 5G terminal shielding system and method
CN113950054A (en) * 2021-07-23 2022-01-18 恒安嘉新(北京)科技股份公司 Number identification method and device, electronic equipment and storage medium
CN113950054B (en) * 2021-07-23 2024-04-12 恒安嘉新(北京)科技股份公司 Number identification method, device, electronic equipment and storage medium
CN117062192A (en) * 2023-10-11 2023-11-14 深圳市微琪思网络有限公司 Method and system for establishing wireless connection of electric iron based on artificial intelligence algorithm
CN117062192B (en) * 2023-10-11 2023-12-12 深圳市微琪思网络有限公司 Method and system for establishing wireless connection of electric iron based on artificial intelligence algorithm

Similar Documents

Publication Publication Date Title
Bai et al. Physical layer authentication in wireless communication networks: A survey
EP2742711B1 (en) Detection of suspect wireless access points
CN112087756A (en) Communication method and device for preventing malicious user from accessing
US11778458B2 (en) Network access authentication method and device
US10681546B2 (en) Processing method for sim card equipped terminal access to 3GPP network and apparatus
Song et al. Enhancing Packet‐Level Wi‐Fi Device Authentication Protocol Leveraging Channel State Information
CN107094127B (en) Processing method and device, and obtaining method and device of security information
CN113206814B (en) Network event processing method and device and readable storage medium
US10285060B2 (en) Preventing attacks from false base stations
US20210092610A1 (en) Method for detecting access point characteristics using machine learning
Pratas et al. Massive machine-type communication (mMTC) access with integrated authentication
WO2020147856A1 (en) Authentication processing method and device, storage medium, and electronic device
EP3884635B1 (en) A method and apparatuses for authenticating a group of wireless communication devices
Kim et al. Covert jamming using fake ACK frame injection on IEEE 802.11 wireless LANs
Ma et al. A cross-layer collaborative handover authentication approach for 5G heterogeneous network
CN107396352B (en) Base station control system and method
CN114390522A (en) Network equipment validity identification method and device, storage medium, terminal equipment and base station
CN112954674B (en) Remote data security encryption method and system
CN111464482B (en) Authentication processing method, authentication processing device, storage medium, and electronic device
CN113840285B (en) Physical layer collaborative authentication method and system based on 5G and electronic equipment
US20240195797A1 (en) Systems and Methods to Ensure Proximity of a Multi-Factor Authentication Device
US20230074107A1 (en) System and methodology for secure coexistence between wireless fidelity and cellular networks
WO2022067628A1 (en) A method for preventing encrypted user identity from replay attacks
TW202420851A (en) Telecommunication network and method for verifying service request in telecommunication network
Fang Efficient and Flexible Solutions for 5G Wireless Network Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination