Nothing Special   »   [go: up one dir, main page]

CN102088754B - Network access behavior-based access control method and system for wireless local area network - Google Patents

Network access behavior-based access control method and system for wireless local area network Download PDF

Info

Publication number
CN102088754B
CN102088754B CN2010105800359A CN201010580035A CN102088754B CN 102088754 B CN102088754 B CN 102088754B CN 2010105800359 A CN2010105800359 A CN 2010105800359A CN 201010580035 A CN201010580035 A CN 201010580035A CN 102088754 B CN102088754 B CN 102088754B
Authority
CN
China
Prior art keywords
network
bss
information
website
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2010105800359A
Other languages
Chinese (zh)
Other versions
CN102088754A (en
Inventor
李鸥
杨白薇
王瑞芝
黄丹丹
李娜
刘洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN2010105800359A priority Critical patent/CN102088754B/en
Publication of CN102088754A publication Critical patent/CN102088754A/en
Application granted granted Critical
Publication of CN102088754B publication Critical patent/CN102088754B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network access behavior-based access control method and system for a wireless local area network. The method comprises the following steps: a network side acquires information of data packets of different network service types in a BSS (Base Station Subsystem) according to a network service type; the network side establishes information of a network flow statistical table of the BSS according to the acquired information of the data packets of different network service types, wherein the information of the network flow statistical table comprises source sites, destination sites, service types, network access behavior durations and network access behavior occurring time of the data packets; and the network side generates information of the relation among the network service type, corresponding time and corresponding network data flow of each site in the BSS according to the established information of the network statistical table of the BSS, and performs access control according to the generated information of the relation among the sites in the BSS. By applying the method and the system, the problem of effective distribution of network resources in the wireless local area network is solved.

Description

A kind of wireless local network access control method and system of access behavior Network Based
Technical field
The present invention relates to Network access control technology in the WLAN (wireless local area network) field, relate to especially a kind of wireless local network access control method and system of access behavior Network Based.
Background technology
, along with the numerous and complicated increasingly of continuous growth and the network application of network traffics, simply, unrestrictedly increase the network bandwidth and be the root problem that can not solve network traffics.In WLAN (wireless local area network), by the statistics to the access to netwoks behavior, realize, in the work that is controlled at of website access behavior and life, general realistic meaning is arranged.Can give different websites, different business with different access priorities according to customer demand by the WLAN (wireless local area network) access control, thereby fully effectively utilize bandwidth resources, can effectively guarantee the bandwidth of the high-priority service of the website that priority is higher, suppress to limit the bandwidth of the specific transactions of website.
Existing Access Control Technique is mainly the control mode of fixed constraint condition, is not based on the dynamic access control mode of access to netwoks behavior, more is directed to the monitoring of illegal Internet resources rather than is used for the distribution of local area network resource.
This shows, the technical scheme of the access control of a kind of access behavior Network Based of current needs solves the problem of Resource Allocation in Networks.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of wireless local network access control method and system of access behavior Network Based, has solved the problem of how effectively Internet resources to be distributed in the WLAN (wireless local area network).
In order to address the above problem, the invention provides a kind of wireless local network access control method of access behavior Network Based, comprising:
Network side, according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS;
Described network side is according to the information of the packet of the different network service type of obtaining, and sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet;
Described network side is according to the information of the network statistics table of the described BSS that sets up, generate the relation information between the Network type of each website in this BSS, corresponding time and corresponding network data traffic, according to the relation information of each website in this BSS that generates, carry out access control.
Further, said method also can comprise, when if in described network side judgement one BSS, a website moves to other BSS, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between different B SS.
Further, said method also can comprise, described network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of described network side judgement judgement, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
Further, said method also can comprise, described network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of described network side judgement, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
Further, said method also can comprise, the information that described network side obtains the packet of different network service type in a BSS comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
The present invention also provides a kind of access control of access behavior Network Based: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit, be used for according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS, and send to described network statistics table to set up unit;
Described network statistics table is set up unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, information for the network statistics table that receives described BSS,, according to the relation information between Network type, corresponding time and the corresponding network data traffic of each website in this BSS of this Information generation that receives, according to the relation information of each website in this BSS that generates, carry out access control.
Further, said system also can comprise, described access control unit, judge when BSS one website moves to other BSS if also be used for, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between different B SS.
Further, said system also can comprise, described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information.
Further, said system also can comprise, described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
Further, said system also can comprise, in the BSS that described acquiring unit obtains, the information of the packet of different network service type comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
Compared with prior art, application the present invention, method by traffic statistics, set up the detailed valid wireless local area network (LAN) statistical model of different observation cycles, set up restriction relation from type of service, website demand, realize based on the dynamic access control of history access behavior and the combination of artificial access control; Realize the transmission of constraints between Basic Service Set, made validity and the continuity that can keep statistics when WLAN (wireless local area network) Basic Service Set website number changes.The present invention takes full advantage of network operations information, and General layout Plan is easy to realize, cost is relatively low can effectively popularize.
Description of drawings
Fig. 1 is the flow chart of the wireless local network access control method of access behavior Network Based in the present invention;
Fig. 2 is the structural representation of the access control system of access Network Based in the present invention;
Fig. 3 is the schematic diagram that in example of the present invention, a Basic Service Set passes through the AP accessing Internet;
Fig. 4 is the transmission schematic diagram of the relation information of website between different Basic Service Sets in the present invention.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments.
The present invention is a kind of dynamic control technology of WLAN (wireless local area network) access of access behavior Network Based, by access control is more effective, according to user's request, Internet resources is configured.The present invention passes through at access point (AP, access point) each website of local area network that runs application on is added up via the corresponding service that AP accesses wide area network, local area network (LAN) or wireless network, set up statistical model, according to client's web-based history access behavior, the bandwidth of the miscellaneous service of each website is carried out dynamic access control.
In WLAN (wireless local area network), AP carries out buffer memory to its data that forward, the information such as time that the time that the source IP address of statistical data packet, purpose IP address, MAC Address, type of service, access to netwoks behavior continue, access to netwoks behavior occur, according to client's demand to the different constraints of different main frames, different traffic set to carry out dynamic access control, and when the user can transmit this constraints from a BSS (Basic Service Set, basic service set) while moving to another BSS.
In Network access control of the present invention, realize the distribution of WLAN (wireless local area network) resource by network traffics seizure and classification, network traffics supervision (statistics and analysis) and control strategy.
1. network traffics catch and identification: this is the first step of carrying out Network access control.Only have by the seizure point is set, network traffics are caught and identify, just can carry out follow-up analysis and control work.Here it is emphasized that especially very macroscopicalization of net flow assorted, also can refinement.Such as the classification such as TCP, UDP, ICMP are just more macroscopical, and the classification of HTTP, FTP or even the flow such as the P2P such as Kazza, Skype and identification have just been compared refinement.Can adopt the well-known message seizure such as Wireshark, TCPDump and analysis software to carry out flow catches and classification work.
2. network traffics monitor (analysis): monitor the operation conditions that is used for showing flow, help find the problem and carry out corresponding management strategy.Application program and network management can be collected classification, displaying and collection information, comprise bandwidth availability ratio, active main frame and network efficiency and active application program.This target can realize by adopting the common on the market visual analyzing management tools such as NTOP in real work.
3. control strategy: next step of network traffic analysis is to distribute bandwidth resources according to priority level.The foundation of distributing can be main frame, application etc., and what need especially consideration is to note considerations that lags behind such as the P2P program of consumption of natural resource or audio frequency and video downloads.Can apply popular flow control tool during concrete operations and carry out and realize, as the monitoring and controlling network traffics of classifying, like this, we just can effectively manage network traffics get up, and original unordered network traffics are become in order.
The present invention is by catching analysis to network data on AP, set up the statistical form of the network operation state informations such as website, type of service, according to user's demand, different websites, business etc. are arranged different constraints, thereby realize the access control of whole WLAN (wireless local area network) with outer net, and this constraints can be transmitted mutually between Basic Service Set.Performing step is as follows:
As shown in Figure 1, the connection control method of access behavior Network Based of the present invention specifically comprises the following steps:
Step 110: network side, according to the Network type, obtains the information such as source IP address, purpose IP address, MAC (medium access control) address, access to netwoks behavioral duration length and access to netwoks behavior time of origin of the packet of different network service type in a BSS;
Step 120: network side is according to the information of the packet of the different network service type obtained, sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet;
Step 130: network side is according to the information of the network flow statistic table of the described BSS that sets up, generate the relation information between the Network type of each website in this BSS, corresponding time and corresponding network data traffic, according to the relation information of each website in this BSS that generates, carry out access control.
In BSS, the relation information of each website can refer to each website based on historical statistics, the time distribution function of different business.
Also comprise: if when in network side judgement one BSS, a website moves to other BSS, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between different B SS.
Network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of judgement, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network as far as possible can be respectively greater than the minimum value of the bandwidth of each default Network, and distribute bandwidth to meet the restriction of described relation information;
Described network side carries out access control according to the relation information of each website in the BSS that generates, comprise: if in this BSS of described network side judgement, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first to meet the bandwidth of user's specific demand, and distribute bandwidth to meet the restriction of described relation information.
, if the total bandwidth of network side judgement network is restricted, can distribute the minimum value of the bandwidth of each Network that the bandwidth of each Network equals to preset.
As shown in Figure 2, the access control system of access behavior Network Based of the present invention comprises: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit, be used for according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS, and send to described network statistics table to set up unit;
Described network statistics table is set up unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, information for the network statistics table that receives described BSS,, according to the relation information between Network type, corresponding time and the corresponding network data traffic of each website in this BSS of this Information generation that receives, according to the relation information of each website in this BSS that generates, carry out access control.
Described access control unit, judge when BSS one website moves to other BSS if also be used for, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between different B SS.
Described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are not subject to user's particular restriction, the bandwidth of distributing each Network as far as possible can be respectively greater than the minimum value of the default required primary bandwidth of each Network, and distribute bandwidth to meet the restriction of relation information in certain domain of walker.
Described access control unit carries out access control according to the relation information of each website in the BSS that generates, refer to: if in this BSS of this access control unit judges, Network, corresponding time and the corresponding network data traffic of each website are subject to user's particular restriction, distribute the bandwidth of each Network at first should meet the bandwidth of user's specific demand, distribute on this basis bandwidth should meet the restriction of relation information in certain domain of walker.
Relation information can comprise three aspects: 1. the required primary bandwidth of miscellaneous service; 2. based on the time distribution function of historical statistics business; 3. user's specific demand.
In the BSS that described acquiring unit obtains, the information of the packet of different network service type comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration and access to netwoks behavior time of origin.
The present invention mainly is to set up comprehensively, effective network statistics model, set up on this basis the network insertion constraints based on the access behavioral statistics, network insertion is controlled, can effectively transmit the related constraint condition when website moves across Basic Service Set, major significance of the present invention just is this.
The invention will be further described below in conjunction with instantiation.
As shown in Figure 3, five terminals (can be PC) form a Basic Service Set by the AP accessing Internet to the case scene, and all data all will forward and arrive each terminal by AP.Therefore just can realize the statistical analysis of whole network data and effective distribution of Internet resources by the software of operational network access control on AP.The specific implementation step of software comprises: to network traffics add up and set up statistical model, the constraints of setting up network insertion according to model dynamically controls, realizes the transfer of constraints between Basic Service Set to network insertion.
1. network flow statistic model
Catch the ASSOCIATE STATISTICS that obtains network service outside the access of local area network (LAN) domestic site by local area network packet on AP, set up statistical form and according to customer demand, set up restriction relation.
At different time, the proportion that different business is shared, comprise http, email, ftp, p2p and VOIP etc. according to different websites of statistics such as website id, purpose IP address, target MAC (Media Access Control) address.The client is the input constraint condition according to demand, increases or dwindle certain business of particular station.
On timing statistics we to adopt the method for refinement step by step to set timing statistics interval, comprise for year, moon, week, sky, hour statistics,, for applied situation difference, can manually set timing statistics, comprise work, rest, meeting etc.Set up detailed model by the statistics of system, for the dynamic access control of the access of local area network (LAN) provides reliable basis., according to different timing statisticses, set up statistical form as shown in table 1, thereby set up a detailed data system.Suppose that table 1 is the data statistic take year as unit, w in the table 11The flow that represents the http business of a certain year website 1, x 11Represent that the http business of a certain year website 1 accounts for the ratio of website 1 all business, y 11Represent that the http business of a certain year website 1 accounts for the ratio of the whole network http business, z 11Represent that the http business of a certain year website 1 accounts for the ratio of the total business of the whole network.W 1The http traffic carrying capacity that represents the whole network in a certain year, Z 1Represent a certain year in the whole network http business account for the ratio of the whole network total traffic, W 1The total business volume that represents a certain year website 1, Z 1Represent that the total business volume of a certain year website 1 accounts for the ratio of the whole network total traffic, W represents the total traffic of a certain year the whole network, and the value of Z is 1.
Table 1: network flow statistic table
Figure BSA00000379808400091
According to the network flow statistic table, can obtain website m n kind business flow with year, the moon, week, sky, hour distribution
Figure BSA00000379808400092
The n kind business of website m account for the total business proportion of this website with year, the moon, week, sky, hour distribution
Figure BSA00000379808400093
Figure BSA00000379808400094
The ratio that the n kind business of website m accounts for the whole network n kind business with year, the moon, week, sky, hour distribution
Figure BSA00000379808400095
The ratio that the n kind business of website m accounts for the total business of the whole network with year, the moon, week, sky, hour distribution
Figure BSA00000379808400096
The flow of n kind business with year, the moon, week, sky, hour distribution The ratio that n kind business accounts for the total business of the whole network with year, the moon, week, sky, hour distribution
Figure BSA00000379808400098
Figure BSA00000379808400099
The flow of m website with year, the moon, week, sky, hour distribution
Figure BSA000003798084000910
Figure BSA000003798084000911
The ratio that the flow of m website accounts for the total business of the whole network with year, the moon, week, sky, hour distribution
Figure BSA000003798084000912
The whole network total flow with year, the moon, week, sky, hour distribution f Year W(i), f Moon W(i), f Week W(i), f It W(i), f The time W(i).
All data timings upgrade, and the update cycle is respectively half of corresponding observation cycle, and it is all up-to-date, effective making all data.
2. the foundation of constraints
, by the network flow statistic of certain hour, can obtain the distributed intelligence of business.Consider from the time, can obtain a certain local area network (LAN) and distribute 1 year, the service traffics in January, a week, a day, a hour; Consider the business demand rule that can seek different main frames from each terminal., by effective combination of above information, can set up an effective dynamic constrained condition, intelligent, as in real time, effectively to control the whole network resource distribution.The minimum bandwidth of supposing the service needed such as http, ftp, VOIP, P2P is respectively B Http, B ftp, B VOIP, B P2PDeng, consider in the following several ways:
, if website, business, time do not have specific (special) requirements, make the miscellaneous service bandwidth can be respectively greater than B as far as possible Http, B ftp, B VOIP, B P2P, if total bandwidth is limited, make miscellaneous service bandwidth energy geometric ratio in B Http, B ftp, B VOIP, B P2P.
Carry out access control by the time statistical information, the priority of statistical information according to year, the moon, week, sky, hour order choose, make the validity of access control be protected, but can fully take into account randomness, the variability of business in short-term.According to the flow distribution function of statistics, the business of the whole network is retrained, make the flow of n kind business meet
Figure BSA00000379808400101
Requirement, more further each business is given each website of corresponding the whole network, the method for salary distribution meets
Figure BSA00000379808400102
Requirement.Here for hour constraints to allow domain of walker be 50%, allowing domain of walker for the constraints in sky is 40%, it is 30% that the constraints in week allows domain of walker.If find that the bandwidth that website distributes can not be fully utilized this resource can be given other business and use.
Carry out self-defined constraints according to the specific demand of special period of user, mainly need the factor of considering to have work, rest, meeting etc. special website particular service to be had the period of specific demand.Operating time we can reduce the screen business, the restriction website total traffic, the time of having a rest can be decontroled these restrictions relatively, the time of meeting needs according to actual conditions, particular service, special website to be ensured.These constraintss need to manually be configured, and its priority is higher than the dynamic access control based on historical behavior.
The transmission of constraints between 3 Basic Service Sets
As shown in Figure 4, when terminal A moves to another Basic Service Set 2 from a Basic Service Set 1, AP2 learns that new website A ' can send claim frame when adding, require the AP1 of the Basic Service Set at original A place to reply network flow statistic table and the corresponding relation information that AP1 has, thereby realize statistical form and the corresponding transmission of relation information between Basic Service Set, make the movement of website can not cause the availability of statistics to reduce.AP2 adjusts relation information after the related constraint condition of website A obtaining, and according to the distributed needs of the different business of website A, does following adjustment:
AP2 place Basic Service Set website traffic carrying capacity and the corresponding statistical function that accounts for the whole network total traffic ratio thereof multiply by
Figure BSA00000379808400111
Upgrade, for example: the distribution that the n kind business of website m changed with the time
Figure BSA00000379808400112
The ratio that certain traffic carrying capacity of Basic Service Set website at AP2 place accounts for the whole network corresponding service total amount multiply by
Figure BSA00000379808400113
Upgrade, for example: the n kind business of website m accounts for the distribution that the whole network n kind total business volume ratio changed with the time
Figure BSA00000379808400114
AP1 place Basic Service Set after definite website A leaves, also can upgrade relevant entries, and particular content is as follows:
AP1 place Basic Service Set website traffic carrying capacity and the corresponding statistical function that accounts for the whole network total traffic ratio thereof multiply by
Figure BSA00000379808400115
Upgrade.For example: the distribution that the n kind business of website m changed with the time
Figure BSA00000379808400116
The ratio that certain traffic carrying capacity of Basic Service Set website at AP2 place accounts for the whole network corresponding service total amount multiply by
Figure BSA00000379808400117
Upgrade, for example: the n kind business of website m accounts for the distribution that the whole network n kind total business volume ratio changed with the time
The above; only for the better embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (6)

1. the wireless local network access control method of an access behavior Network Based, is characterized in that, comprising:
Network side, according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS;
Described network side is according to the information of the packet of the different network service type of obtaining, and sets up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet;
Described network side is according to the information of the network statistics table of the described BSS that sets up, generate the relation information between the Network type of each website in this BSS, corresponding time and corresponding network data traffic, if judge that the Network of each website in this BSS, corresponding time and corresponding network data traffic are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information; Otherwise at first the bandwidth of distributing each Network meets the bandwidth of user's specific demand, and distributes bandwidth to meet the restriction of described relation information.
2. the method for claim 1, is characterized in that,
Also comprise: if when in described network side judgement one BSS, a website moves to other BSS, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, network side carries out access control according to newly-generated relation information, realizes the transfer of the relation information of website between different B SS.
3. the method for claim 1, is characterized in that,
The information that described network side obtains the packet of different network service type in a BSS comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
4. the access control system of an access behavior Network Based, is characterized in that,
Comprise: acquiring unit, network statistics table are set up unit and access control unit, wherein,
Described acquiring unit, be used for according to the Network type, obtains the information of the packet of different network service type in a Basic Service Set BSS, and send to described network statistics table to set up unit;
Described network statistics table is set up unit, be used for receiving the information of the packet of the described BSS different network service type that described acquiring unit sends, set up the information of network flow statistic table of the described BSS of the Source Site, purpose website, type of service, access to netwoks behavioral duration length and the access to netwoks behavior time of origin that comprise packet according to this information that receives, and send to described access control unit;
Described access control unit, information for the network statistics table that receives described BSS, according to the relation information between Network type, corresponding time and the corresponding network data traffic of each website in this BSS of this Information generation that receives, if judge that the Network of each website in this BSS, corresponding time and corresponding network data traffic are not subject to user's particular restriction, the bandwidth of distributing each Network is respectively greater than the minimum value of the bandwidth of each default Network, and distributes bandwidth to meet the restriction of described relation information; Otherwise at first the bandwidth of distributing each Network meets the bandwidth of user's specific demand, and distributes bandwidth to meet the restriction of described relation information.
5. access control system as claimed in claim 4, is characterized in that,
Described access control unit, judge when BSS one website moves to other BSS if also be used for, the information of the relation information that this website is generated in former BSS and the network flow statistic table of this BSS sends the purpose BSS after this website moves to, again the relation information between Network type, corresponding time and the corresponding network data traffic of each website in each self-generating two BSS, carry out access control according to newly-generated relation information, realize the transfer of the relation information of website between different B SS.
6. access control system as claimed in claim 4, is characterized in that,
In the BSS that described acquiring unit obtains, the information of the packet of different network service type comprises: the information of the source IP address of the packet of this Network type, purpose IP address, MAC Address, access to netwoks behavioral duration length and access to netwoks behavior time of origin.
CN2010105800359A 2010-12-06 2010-12-06 Network access behavior-based access control method and system for wireless local area network Expired - Fee Related CN102088754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010105800359A CN102088754B (en) 2010-12-06 2010-12-06 Network access behavior-based access control method and system for wireless local area network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010105800359A CN102088754B (en) 2010-12-06 2010-12-06 Network access behavior-based access control method and system for wireless local area network

Publications (2)

Publication Number Publication Date
CN102088754A CN102088754A (en) 2011-06-08
CN102088754B true CN102088754B (en) 2013-11-13

Family

ID=44100307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010105800359A Expired - Fee Related CN102088754B (en) 2010-12-06 2010-12-06 Network access behavior-based access control method and system for wireless local area network

Country Status (1)

Country Link
CN (1) CN102088754B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103249047B (en) * 2012-02-10 2018-11-23 南京中兴新软件有限责任公司 The access authentication method and device of WLAN hot spot
US8818293B2 (en) * 2012-03-05 2014-08-26 Broadcom Corporation System and method for wireless local area network airtime fairness
CN102781016B (en) * 2012-06-21 2015-06-03 华中科技大学 Method for analyzing user behaviors in wireless local area network
CN104813702A (en) * 2013-06-09 2015-07-29 华为技术有限公司 Method for controlling wireless local area network flow and wireless local area network gateway
CN103414634B (en) * 2013-08-08 2016-08-31 杭州华三通信技术有限公司 A kind of method and apparatus that flooding of service traffics
CN103916463B (en) * 2014-03-18 2020-03-31 北京京东尚科信息技术有限公司 Network access statistical analysis method and system
CN103997791B (en) * 2014-06-13 2017-10-27 重庆大学 The wireless network resource distribution method and system of preference are used based on user terminals resources
CN104468411A (en) * 2014-11-28 2015-03-25 东莞宇龙通信科技有限公司 Bandwidth allocation method and device and router
CN106469346B (en) * 2015-08-20 2018-10-02 阿里巴巴集团控股有限公司 A kind of risk control method and equipment based on region
CN106330778B (en) * 2016-08-22 2020-01-24 深圳广联赛讯有限公司 Network flow control method and device
CN106357559B (en) * 2016-09-21 2020-02-21 东软集团股份有限公司 Bandwidth allocation method and device
TWI665899B (en) * 2017-01-19 2019-07-11 香港商阿里巴巴集團服務有限公司 Area-based risk control method and equipment
CN107248959B (en) * 2017-06-30 2020-07-24 联想(北京)有限公司 Flow optimization method and device
CN107819791A (en) * 2017-12-11 2018-03-20 迈普通信技术股份有限公司 Visitor accesses authentication method, certificate server and the system of network

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064733A (en) * 2006-04-26 2007-10-31 上海贝尔阿尔卡特股份有限公司 Method and apparatus for controlling user equipment access based on data packet package types

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8634422B2 (en) * 2005-08-17 2014-01-21 Qualcomm Incorporated Prioritization techniques for quality of service packet transmission over a network lacking quality of service support at the media access control layer

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064733A (en) * 2006-04-26 2007-10-31 上海贝尔阿尔卡特股份有限公司 Method and apparatus for controlling user equipment access based on data packet package types

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
祝建建.异构无线网络融合相关技术研究.《中国优秀硕士学位论文全文数据库(信息科技辑)》.2010, *

Also Published As

Publication number Publication date
CN102088754A (en) 2011-06-08

Similar Documents

Publication Publication Date Title
CN102088754B (en) Network access behavior-based access control method and system for wireless local area network
Xu et al. A survey of opportunistic offloading
Li et al. Control plane optimization in software-defined vehicular ad hoc networks
US9693237B2 (en) Optimization of cellular network architecture based on device type-specific traffic dynamics
Zhou et al. QoE-driven power scheduling in smart grid: Architecture, strategy, and methodology
CN105850199B (en) For managing the method and system of wireless network
CN108028780A (en) method and apparatus for data analysis management
Huang et al. Software-defined QoS provisioning for fog computing advanced wireless sensor networks
CN105634992A (en) CDN platform self-adaptive bandwidth control method and system
CN104158755A (en) Method, device and system used for transmitting messages
Salam et al. M2M communication in Smart Grids: Implementation scenarios and performance analysis
CN103997791A (en) Wireless network resource distribution method and system based on use preference of user terminal resources
CN101945370B (en) Method and system for implementing dynamic strategy control
Pacifici et al. Cache bandwidth allocation for P2P file-sharing systems to minimize inter-ISP traffic
CN104519106B (en) A kind of task immigration method and network controller
CN104125081B (en) A kind of multiple terminals cooperative system and method based on strategy
WO2016197458A1 (en) Traffic control method and apparatus
Tsai et al. Reducing energy consumption by data aggregation in M2M networks
Chunlin et al. Distributed QoS-aware scheduling optimization for resource-intensive mobile application in hybrid cloud
US9591562B2 (en) Provisioning access point bandwidth based on predetermined events
US10735891B1 (en) Cognitively controlling data delivery
Zheleva et al. Internet bandwidth upgrade: implications on performance and usage in rural zambia
WO2022242012A1 (en) Indoor intelligent management system
Miao et al. A multi-dimension measurement study of a large scale campus wifi network
Bege et al. Campus realities: forecasting user bandwidth utilization using Monte Carlo simulation.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20131113

Termination date: 20141206

EXPY Termination of patent right or utility model