[go: up one dir, main page]

CN119421185A - Terminal communication security management and control method and system in multi-network scenarios - Google Patents

Terminal communication security management and control method and system in multi-network scenarios Download PDF

Info

Publication number
CN119421185A
CN119421185A CN202411442895.4A CN202411442895A CN119421185A CN 119421185 A CN119421185 A CN 119421185A CN 202411442895 A CN202411442895 A CN 202411442895A CN 119421185 A CN119421185 A CN 119421185A
Authority
CN
China
Prior art keywords
network
message
communication
terminal
attribute information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202411442895.4A
Other languages
Chinese (zh)
Other versions
CN119421185B (en
Inventor
刘萧
吴斗
刘家宇
李静
谭堯木
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information & Telecommunication Company Sichuan Electric Power Corp
Original Assignee
Information & Telecommunication Company Sichuan Electric Power Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information & Telecommunication Company Sichuan Electric Power Corp filed Critical Information & Telecommunication Company Sichuan Electric Power Corp
Priority to CN202411442895.4A priority Critical patent/CN119421185B/en
Priority claimed from CN202411442895.4A external-priority patent/CN119421185B/en
Publication of CN119421185A publication Critical patent/CN119421185A/en
Application granted granted Critical
Publication of CN119421185B publication Critical patent/CN119421185B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/22Arrangements for detecting or preventing errors in the information received using redundant apparatus to increase reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及网络安全的技术领域,提供多网络场景下的终端通信安全管控方法和系统,监听终端下属所有应用程序各自的运行属性信息,以此确定每个应用程序的对外通信进程,生成相应的若干对外通信消息;将所有对外通信消息划分为若干消息集群并分配至相应通信通道;搜索识别终端能连接的所有可用网络,对每个可用网络追溯识别,得到每个可用网络的链路网关特征信息,以此确定每个可用网络的消息传输安全属性信息,为当前需要对外连接网络的通信通道选择匹配的网络,以及对当前需要对外连接网络的通信通道进行网络连接状态自动变更,确保每个通信通道均能获得平等的网络连接权限,充分利用不同网络的数据传输优势,改善终端的对外通信安全性和可靠性。

The present invention relates to the technical field of network security, and provides a terminal communication security management and control method and system in a multi-network scenario, which monitors the respective running attribute information of all application programs under the terminal, thereby determining the external communication process of each application program, and generating a corresponding number of external communication messages; dividing all external communication messages into a number of message clusters and distributing them to corresponding communication channels; searching and identifying all available networks that the terminal can connect to, tracing back and identifying each available network, obtaining link gateway feature information of each available network, thereby determining the message transmission security attribute information of each available network, selecting a matching network for a communication channel that currently needs to connect to the network, and automatically changing the network connection state of the communication channel that currently needs to connect to the network, thereby ensuring that each communication channel can obtain equal network connection authority, making full use of the data transmission advantages of different networks, and improving the external communication security and reliability of the terminal.

Description

Terminal communication security control method and system under multi-network scene
Technical Field
The invention relates to the technical field of network security, in particular to a terminal communication security control method and system under a multi-network scene.
Background
In order to avoid data transmission crosstalk, existing terminals such as smart phones and the like only allow connection with a single network at the same time, so that all messages of the terminals can only be sent and transmitted through a single link in the single network in the working process. When a large number of application programs need to interact with the outside of the message, all the messages can be arranged according to the corresponding rule to generate the corresponding message queue, and then all the messages in the message queue are sequentially transmitted one by one, so that the time consumption for transmitting the message can be increased, and once the network link which is accessed by the terminal currently fails, the message transmission of the message queue can be interrupted, so that the message communication time cost of the terminal is increased, the task processing progress of the application program in the terminal can be delayed, and the requirement of the terminal for efficiently and accurately processing the task can not be met. At present, the conversion of stable and efficient transmission of messages is required to be carried out on a terminal in a multi-network scene, so that the terminal can fully utilize the data transmission advantages of different networks, and the external communication safety and reliability of the terminal are improved to the greatest extent.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention provides a terminal communication safety management and control method and a system under a multi-network scene, which monitor the respective operation attribute information of all application programs of a terminal, so as to determine the external communication process of each application program, generate a plurality of corresponding external communication messages, timely and directionally process the external communication requirements of different application programs, divide all the external communication messages into a plurality of message clusters and distribute the message clusters to the corresponding communication channels, realize the differentiated transmission of the different message clusters, ensure that each message cluster can acquire the optimal transmission processing, search all available networks which can be connected with an identification terminal, trace and identify each available network to acquire the link gateway characteristic information of each available network, determine the information of the information transmission safety attribute of each available network, accurately determine the operation safety of the available network under different message transmission scenes, select a matched network for the communication channels of the external network which are required to be connected currently, automatically change the network connection state of the communication channels of the external network which is required to be connected currently, ensure that each communication channel can acquire the connection advantages of the network, and the reliability of the external network is improved, and the safety of the communication terminal is fully utilized.
The invention provides a terminal communication security control method under a multi-network scene, which comprises the following steps:
Step S1, monitoring all application programs subordinate to a terminal to obtain respective operation attribute information of all application programs, determining respective opposite-to-external communication processes of all application programs based on the operation attribute information, and generating a plurality of opposite-to-external communication messages corresponding to all application programs;
Step 2, dividing all external communication messages into a plurality of message clusters based on message attribute information of all external communication messages, and respectively distributing all message clusters to corresponding communication channels based on working states of all communication channels subordinate to the terminal;
Step S3, searching multi-network signals of the environment where the terminal is located, identifying all available networks to which the terminal can be connected, respectively carrying out retrospective identification on all available networks to obtain respective link gateway characteristic information of all available networks;
step S4, carrying out message receiving state identification on all communication channels, determining the network connection sequence of all communication channels, selecting a matched network for the communication channel needing to be externally connected to the network at present based on the message transmission safety attribute information, and carrying out network connection state automatic change on the communication channel needing to be externally connected to the network at present based on the message transmission attribute information of the communication channel needing to be externally connected to the network at present.
In one embodiment of the disclosure, in the step S1, all application programs subordinate to the terminal are monitored to obtain respective operation attribute information of all application programs, and respective outbound communication processes of all application programs are determined based on the operation attribute information, so as to generate a plurality of outbound communication messages corresponding to the application programs, including:
Based on port addresses of all application programs in a foreground starting state, monitoring all application programs to obtain respective task processing process attribute information of all application programs, wherein the task processing process attribute information comprises all process attribute information which needs to be executed by the application programs in a task processing process;
Determining an execution data packet and execution time of an external communication process of the application program based on the task processing process attribute information; and generating a plurality of pairs of external communication messages corresponding to the application program based on the execution data packet and the execution time.
In one embodiment of the disclosure, in the step S2, all external communication messages are divided into a plurality of message clusters based on message attribute information of all external communication messages, and all message clusters are respectively allocated to corresponding communication channels based on working states of all communication channels subordinate to the terminal, including:
The method comprises the steps of carrying out sending target terminal identification on all external communication messages to obtain the identity attribute information of each sending target terminal of all the external communication messages;
And comparing the communication bandwidths respectively allocated to all the communication channels with the maximum message data quantity of all the message clusters, and respectively allocating all the message clusters to the corresponding communication channels.
In one embodiment of the disclosure, in the step S3, a multi-network signal search is performed on an environment where the terminal is located, all available networks to which the terminal can be connected are identified, each of the available networks is respectively identified in a trace-back manner, so as to obtain respective link gateway characteristic information of each of the available networks, and based on the link gateway characteristic information, message transmission security attribute information of the available networks is determined, including:
the method comprises the steps of carrying out multi-network signal search on an environment where the terminal is located to obtain signal strength change information of all network signals existing in the environment within a preset time interval, determining respective signal stability of all networks existing in the environment based on the signal strength change information, and identifying all available networks which the terminal can be connected to based on the signal stability;
The method comprises the steps of respectively carrying out link gateway tracing identification on each available network to obtain position information of all gateways contained in all links of each available network, calling and analyzing respective historical message transmission records of all gateways based on the position information of all the gateways to obtain respective message transmission packet loss occurrence attribute information of all the gateways in a historical message transmission process, and determining message transmission integrity of each available network based on the message transmission packet loss occurrence attribute information to serve as the message transmission safety attribute information, wherein the message transmission integrity comprises message transmission integrity corresponding to the message transmitted to each target terminal through the available network.
In one embodiment of the present disclosure, in the step S4, a message receiving status recognition is performed on all communication channels, and a network connection order of all communication channels is determined, a matched network is selected for a communication channel currently requiring an external connection network based on the message transmission security attribute information, and a network connection status automatic change is performed on a communication channel currently requiring an external connection network based on a message sending attribute information of a communication channel currently requiring an external connection network, including:
The method comprises the steps of carrying out message data quantity receiving state identification on each communication channel, predicting the occurrence time when the allocated message data quantity of each communication channel reaches the upper limit of self allowable received data quantity, and determining the network connection sequence of all communication channels based on the sequence from early to late of the occurrence time corresponding to all communication channels;
And selecting a matched network for the communication channel of the external connection network which is required to be transmitted currently based on the message transmission integrity of the message transmitted to the message transmission corresponding to each target terminal by the available network contained in the message transmission safety attribute information and the target terminal to which the message is required to be transmitted by the communication channel of the external connection network, and automatically changing the association of the network connection state time length of the communication channel of the external connection network which is required to be connected currently based on the predicted time consumption length of the message transmission of the communication channel of the external connection network which is required to be connected currently.
The invention also provides a terminal communication safety management and control system under the multi-network scene, which comprises:
the terminal monitoring module is used for monitoring all application programs subordinate to the terminal to obtain the respective running attribute information of all the application programs;
The external communication message generating module is used for determining respective external communication processes of all application programs based on the operation attribute information so as to generate a plurality of external communication messages corresponding to all application programs;
the message cluster dividing module is used for dividing all external communication messages into a plurality of message clusters based on the message attribute information of all external communication messages;
the message cluster distribution module is used for respectively distributing all message clusters to corresponding communication channels based on the working states of all communication channels subordinate to the terminal;
The available network identification module is used for searching the multi-network signal of the environment where the terminal is located and identifying all available networks to which the terminal can be connected;
The message transmission security attribute determining module is used for respectively carrying out traceability identification on all available networks to obtain respective link gateway characteristic information of all the available networks;
The network connection sequence determining module is used for identifying the message receiving state of all the communication channels and determining the network connection sequence of all the communication channels;
the network connection execution and change module is used for selecting a matched network for the communication channel of the current external connection network based on the information transmission safety attribute information, and automatically changing the network connection state of the communication channel of the current external connection network based on the information transmission attribute information of the communication channel of the current external connection network.
In an embodiment of the disclosure, the terminal monitoring module is configured to monitor all application programs subordinate to the terminal to obtain respective running attribute information of all application programs, where the running attribute information includes:
Based on port addresses of all application programs in a foreground starting state, monitoring all application programs to obtain respective task processing process attribute information of all application programs, wherein the task processing process attribute information comprises all process attribute information which needs to be executed by the application programs in a task processing process;
The external communication message generating module is configured to determine respective external communication processes of all application programs based on the operation attribute information, so as to generate a plurality of external communication messages corresponding to all application programs, where the generating module includes:
Determining an execution data packet and execution time of an external communication process of the application program based on the task processing process attribute information; and generating a plurality of pairs of external communication messages corresponding to the application program based on the execution data packet and the execution time.
In one embodiment of the disclosure, the message cluster dividing module is configured to divide all external communication messages into a plurality of message clusters based on message attribute information of all external communication messages, and includes:
The method comprises the steps of carrying out sending target terminal identification on all external communication messages to obtain the identity attribute information of each sending target terminal of all the external communication messages;
the message cluster distribution module is configured to distribute all message clusters to corresponding communication channels based on working states of all communication channels subordinate to the terminal, where the message cluster distribution module includes:
And comparing the communication bandwidths respectively allocated to all the communication channels with the maximum message data quantity of all the message clusters, and respectively allocating all the message clusters to the corresponding communication channels.
In an embodiment of the disclosure, the available network identifying module is configured to perform multi-network signal searching for an environment where the terminal is located, identify all available networks to which the terminal can connect, and include:
the method comprises the steps of carrying out multi-network signal search on an environment where the terminal is located to obtain signal strength change information of all network signals existing in the environment within a preset time interval, determining respective signal stability of all networks existing in the environment based on the signal strength change information, and identifying all available networks which the terminal can be connected to based on the signal stability;
the message transmission security attribute determining module is used for respectively tracing and identifying all available networks to obtain respective link gateway characteristic information of all the available networks, and determining the message transmission security attribute information of the available networks based on the link gateway characteristic information, and comprises the following steps:
The method comprises the steps of respectively carrying out link gateway tracing identification on each available network to obtain position information of all gateways contained in all links of each available network, calling and analyzing respective historical message transmission records of all gateways based on the position information of all the gateways to obtain respective message transmission packet loss occurrence attribute information of all the gateways in a historical message transmission process, and determining message transmission integrity of each available network based on the message transmission packet loss occurrence attribute information to serve as the message transmission safety attribute information, wherein the message transmission integrity comprises message transmission integrity corresponding to the message transmitted to each target terminal through the available network.
In one embodiment of the disclosure, the network connection sequence determining module is configured to identify a message receiving state of all communication channels, determine a network connection sequence of all communication channels, and includes:
The method comprises the steps of carrying out message data quantity receiving state identification on each communication channel, predicting the occurrence time when the allocated message data quantity of each communication channel reaches the upper limit of self allowable received data quantity, and determining the network connection sequence of all communication channels based on the sequence from early to late of the occurrence time corresponding to all communication channels;
the network connection execution and change module is used for selecting a matched network for the communication channel of the current external connection network based on the information transmission safety attribute information, and automatically changing the network connection state of the communication channel of the current external connection network based on the information transmission attribute information of the communication channel of the current external connection network, and comprises the following steps:
And selecting a matched network for the communication channel of the external connection network which is required to be transmitted currently based on the message transmission integrity of the message transmitted to the message transmission corresponding to each target terminal by the available network contained in the message transmission safety attribute information and the target terminal to which the message is required to be transmitted by the communication channel of the external connection network, and automatically changing the association of the network connection state time length of the communication channel of the external connection network which is required to be connected currently based on the predicted time consumption length of the message transmission of the communication channel of the external connection network which is required to be connected currently.
Compared with the prior art, the terminal communication security management and control method and system under the multi-network scene monitor the respective operation attribute information of all application programs of the terminal, so as to determine the opposite external communication process of each application program, generate a plurality of corresponding opposite external communication messages, timely and directionally process the external communication demands of different application programs, divide all the opposite external communication messages into a plurality of message clusters and distribute the message clusters to corresponding communication channels, realize differentiated transmission of different message clusters, ensure that each message cluster can obtain optimal transmission processing, search all available networks which can be connected with an identification terminal, retrospectively identify each available network to obtain link gateway characteristic information of each available network, determine the message transmission security attribute information of each available network, accurately determine the operation security of the available network under different message transmission scenes, select a matched network for the communication channels of the current external connection network, automatically change the network connection state of the current communication channels of the external connection network, ensure that each communication channel can obtain equal network connection, fully utilize the advantages of different communication channels and improve the security of the external communication network.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a terminal communication security control method in a multi-network scenario provided by the invention;
Fig. 2 is a schematic diagram of a framework of a terminal communication security management and control system in a multi-network scenario provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a flow chart of a terminal communication security management and control method in a multi-network scenario according to an embodiment of the present invention is shown. The terminal communication security control method under the multi-network scene comprises the following steps:
step S1, monitoring all application programs subordinate to a terminal to obtain respective operation attribute information of all application programs, determining respective opposite-to-external communication processes of all application programs based on the operation attribute information, and generating a plurality of opposite-to-external communication messages corresponding to all application programs;
Step 2, dividing all external communication messages into a plurality of message clusters based on message attribute information of all external communication messages, and respectively distributing all message clusters to corresponding communication channels based on working states of all communication channels subordinate to the terminal;
step S3, searching multi-network signals in the environment of the terminal, identifying all available networks to which the terminal can be connected, respectively carrying out retrospective identification on all available networks to obtain respective link gateway characteristic information of all available networks;
Step S4, carrying out message receiving state identification on all communication channels, determining the network connection sequence of all communication channels, selecting a matched network for the communication channel needing to be externally connected to the network at present based on the message transmission safety attribute information, and carrying out network connection state automatic change on the communication channel needing to be externally connected to the network at present based on the message transmission attribute information of the communication channel needing to be externally connected to the network at present.
The terminal communication security management and control method under the multi-network scene monitors the respective operation attribute information of all application programs of the terminal, so as to determine the opposite external communication process of each application program, generate a plurality of corresponding opposite external communication messages, timely orient and process the external communication demands of different application programs, divide all the opposite external communication messages into a plurality of message clusters and distribute the message clusters to the corresponding communication channels, realize differentiated transmission of different message clusters, ensure that each message cluster can acquire optimal transmission processing, search all available networks which can be connected with the identification terminal, retroactively identify each available network to acquire link gateway characteristic information of each available network, so as to determine the information transmission security attribute information of each available network, accurately determine the operation security of the available network under different message transmission scenes, so as to select a matched network for the communication channels of the current external connection network, automatically change the network connection state of the current communication channels of the current external connection network, ensure that each communication channel can acquire equal network connection rights, fully utilize the transmission advantages of different networks, and improve the security and reliability of the terminal.
Preferably, in the step S1, all application programs subordinate to the terminal are monitored to obtain respective operation attribute information of all application programs, and respective outbound communication processes of all application programs are determined based on the operation attribute information, so as to generate a plurality of outbound communication messages corresponding to all application programs, including:
Based on port addresses of all application programs in the foreground starting state, monitoring all application programs to obtain respective task processing process attribute information of all application programs, wherein the task processing process attribute information comprises all process attribute information which needs to be executed by the application programs in a task processing process;
And generating a plurality of external communication messages corresponding to the application program based on the execution data packet and the execution time.
In the above technical solution, applications with different types and functions are installed in terminals such as a smart phone or a tablet computer, and each application may need to interact with other external terminals in the running process, and at this time, external communication messages from the applications need to be sent and transmitted. In order to ensure that all application programs in the terminal can acquire timely transmission and transmission of external communication messages, the task processing process of each application program in the running process needs to be identified, specifically, the program running log of the terminal is analyzed to obtain all application programs in a foreground starting state, the application programs in the corresponding task processing state are identified in a calibrating mode, then the application programs are monitored by taking the port addresses of the application programs in the foreground starting state as references to obtain the task processing process attribute information of the application programs, and therefore all process state attributes of the application programs, which need to be executed in the task processing process, of the application programs are characterized, and the external communication requirements in the operation process of all subordinate processes of the application programs can be identified accurately. And then, based on the execution data packet and the execution time of the external communication process of the application program, generating a plurality of pairs of external communication messages corresponding to the application program in the running process, thus being capable of timely and accurately generating the external communication messages required by the application program and improving the running efficiency and the reliability of the application program.
Preferably, in the step S2, all the external communication messages are divided into a plurality of message clusters based on the message attribute information of all the external communication messages, and all the message clusters are respectively distributed to corresponding communication channels based on the working states of all the communication channels subordinate to the terminal, including:
The method comprises the steps of carrying out transmission target terminal identification on all external communication messages to obtain the identity attribute information of each transmission target terminal of all the external communication messages;
The method comprises the steps of identifying the working state of all communication channels subordinate to the terminal to obtain the communication bandwidths respectively allocated to all communication channels, comparing the communication bandwidths respectively allocated to all communication channels with the maximum message data volume respectively allocated to all message clusters, and respectively allocating all message clusters to the corresponding communication channels.
In the above technical solution, different outbound communication messages generated by an application program in a task processing process may need to be sent and transmitted to different external target terminals, so that network links through which different outbound communication messages pass in a sending and transmitting process are different, in order to facilitate centralized and unified sending and transmitting of the outbound communication messages to be sent and transmitted to the same target terminal, sending target terminal identification is performed on all outbound communication messages, identity attribute information of respective sending target terminals of all outbound communication messages is obtained, and all outbound communication messages to be sent to the same target terminal are divided into the same message cluster, so that all outbound communication messages subordinate to the same message cluster need to be sent and transmitted to the same external target terminal, and all outbound communication messages subordinate to the same message cluster can be sent and transmitted through the same network link. And identifying the working state of all communication channels subordinate to the terminal to obtain the communication bandwidth allocated to each communication channel, namely determining the communication bandwidth value allowed to be used by each communication channel, comparing the communication bandwidth allocated to each communication channel with the maximum message data quantity of each message cluster, and respectively allocating the message clusters to the corresponding communication channels, so that the message clusters with larger message data quantity can be allocated to the communication channels with larger communication bandwidth, ensuring that all the message clusters can obtain the communication channels matched with the data quantity of the message clusters, improving the transmission efficiency of the message clusters, and avoiding the situation of transmission blockage of the message clusters.
Preferably, in the step S3, a multi-network signal search is performed on an environment where the terminal is located, all available networks to which the terminal can be connected are identified, each of all available networks is respectively identified in a trace-back manner, so as to obtain respective link gateway characteristic information of each of all available networks, and based on the link gateway characteristic information, message transmission security attribute information of the available networks is determined, including:
The method comprises the steps of carrying out multi-network signal search on an environment where the terminal is located to obtain signal strength change information of all network signals in the environment within a preset time interval, determining respective signal stability of all networks in the environment based on the signal strength change information, and identifying all available networks to which the terminal can be connected based on the signal stability;
The method comprises the steps of respectively carrying out link gateway tracing identification on each available network to obtain position information of all gateways contained in all links of each available network, retrieving and analyzing respective historical message transmission records of all gateways based on the position information of all the gateways to obtain respective message transmission packet loss occurrence attribute information of all the gateways in a historical message transmission process, and determining message transmission integrity of each available network based on the message transmission packet loss occurrence attribute information to serve as message transmission safety attribute information, wherein the message transmission integrity comprises message transmission integrity corresponding to a message transmitted to each target terminal through the available network.
In the above technical solution, the environment space where the terminal is located may have a plurality of different types of network signals, where the different network signals are correspondingly connected to different types of networks, so that in order to enable the terminal to obtain connection rights for different networks, the environment where the terminal is located is searched for multiple network signals, signal strength variation information of all network signals existing in the environment within a preset time interval is obtained, and based on the signal strength variation information, the signal average strength and the signal strength drift rate of all networks existing in the environment are determined, so that the signal stability of all networks is determined, generally, the signal average strength is larger and/or the signal strength drift rate is smaller, and the corresponding signal stability is higher. And comparing the signal stability of all the networks with a preset stability threshold, and determining the corresponding network as an available network to which the terminal can be connected when the signal stability exceeds the preset stability threshold. And respectively carrying out link gateway tracing identification on each available network to obtain the position information of all gateways contained in all links subordinate to each available network, so as to call and analyze the respective historical message transmission records of all the gateways to obtain the respective message transmission packet loss occurrence attribute information of all the gateways in the historical message transmission process, wherein the message transmission packet loss occurrence attribute information can comprise, but is not limited to, the message transmission packet loss rate and/or the message transmission packet loss occurrence frequency of each gateway in the historical message transmission process. And determining the message transmission integrity of each available network based on the message transmission packet loss occurrence attribute information, which belongs to a conventional technical means in the field, and is not described in detail herein, so that a reliable basis can be provided for the subsequent realization of the matching connection of the communication channel and the network.
Preferably, in the step S4, the message receiving status recognition is performed on all the communication channels, the network connection sequence of all the communication channels is determined, a matched network is selected for the communication channel requiring the external connection network at present based on the message transmission security attribute information, and the network connection status is automatically changed for the communication channel requiring the external connection network at present based on the message sending attribute information of the communication channel requiring the external connection network at present, including:
The method comprises the steps of carrying out message data quantity receiving state identification on each communication channel, predicting the occurrence time when the allocated message data quantity of each communication channel reaches the upper limit of self allowable received data quantity, and determining the network connection sequence of all communication channels based on the sequence from early to late of the occurrence time corresponding to all communication channels;
And based on the message transmission safety attribute information, selecting a matched network for the communication channel of the current external connection network, and based on the predicted time consumption length for message transmission completion of the communication channel of the current external connection network, automatically changing the network connection state time length association of the communication channel of the current external connection network.
In the above technical solution, the message data volume receiving state identification is performed on each communication channel, the occurrence time when the message data volume allocated to each communication channel reaches the upper limit of the self allowable receiving data volume is predicted, when the message data volume allocated to the communication channel reaches the upper limit of the self allowable receiving data volume, it indicates that the communication channel has reached the message receiving saturation state, and at this time, the message received by the communication channel needs to be sent and transmitted to the outside. And determining the network connection sequence of all the communication channels based on the sequence from early to late of the corresponding occurrence time of all the communication channels, so as to ensure that all the communication channels can send and transmit the received messages to the outside in time equally. And the available network which is contained based on the information transmission safety attribute information transmits the information to the corresponding information transmission integrity of each target terminal and the target terminal to which the information needs to be transmitted by the communication channel of the external connection network, so that the matched network is selected for the communication channel of the external connection network which is needed at present, and therefore, each communication channel can obtain equal network connection authority, and the data transmission advantages of different networks are fully utilized. And the predicted time-consuming length is finished based on the message sending of the communication channel needing to be externally connected with the network, and the network connection state time duration association of the communication channel needing to be externally connected with the network is automatically changed, namely if the actual time duration of the network connection of the communication channel needing to be externally connected with the network exceeds the corresponding predicted time-consuming length, the connection between the communication channel and the corresponding network is automatically interrupted, so that the corresponding network can be connected with other communication channels, and the problem that the other communication channels cannot equally acquire the connection authority with the corresponding network due to the fact that one communication channel occupies the same network for a long time is avoided.
Referring to fig. 2, a schematic diagram of a framework of a terminal communication security management and control system in a multi-network scenario according to an embodiment of the present invention is provided. The terminal communication safety management and control system under the multi-network scene comprises:
the terminal monitoring module is used for monitoring all application programs subordinate to the terminal to obtain the respective running attribute information of all the application programs;
The external communication message generation module is used for determining respective external communication processes of all application programs based on the operation attribute information so as to generate a plurality of external communication messages corresponding to all application programs;
the message cluster dividing module is used for dividing all external communication messages into a plurality of message clusters based on the message attribute information of all external communication messages;
The message cluster distribution module is used for respectively distributing all message clusters to corresponding communication channels based on the working states of all communication channels subordinate to the terminal;
the available network identification module is used for searching the multi-network signal of the environment where the terminal is located and identifying all available networks to which the terminal can be connected;
The message transmission security attribute determining module is used for respectively carrying out traceability identification on all available networks to obtain respective link gateway characteristic information of all the available networks;
The network connection sequence determining module is used for identifying the message receiving state of all the communication channels and determining the network connection sequence of all the communication channels;
the network connection execution and change module is used for selecting a matched network for the communication channel of the current external connection network based on the information transmission safety attribute information, and automatically changing the network connection state of the communication channel of the current external connection network based on the information transmission attribute information of the communication channel of the current external connection network.
The terminal communication safety management and control system under the multi-network scene monitors the respective operation attribute information of all application programs of the terminal, so as to determine the opposite external communication process of each application program, generate a plurality of corresponding opposite external communication messages, timely orient and process the external communication demands of different application programs, divide all the opposite external communication messages into a plurality of message clusters and distribute the message clusters to the corresponding communication channels, realize differentiated transmission of different message clusters, ensure that each message cluster can acquire optimal transmission processing, search all available networks which can be connected with the identification terminal, retroactively identify each available network to acquire link gateway characteristic information of each available network, so as to determine the information transmission safety attribute information of each available network, accurately determine the operation safety of the available network under different message transmission scenes, so as to select a matched network for the communication channels of the current external connection network, automatically change the network connection state of the current communication channels of the current external connection network, ensure that each communication channel can acquire equal network connection rights, fully utilize the transmission advantages of different networks, and improve the safety and reliability of the terminal communication.
Preferably, the terminal monitoring module is configured to monitor all application programs subordinate to the terminal to obtain respective running attribute information of all application programs, where the running attribute information includes:
Based on port addresses of all application programs in the foreground starting state, monitoring all application programs to obtain respective task processing process attribute information of all application programs, wherein the task processing process attribute information comprises all process attribute information which needs to be executed by the application programs in a task processing process;
The pair of external communication message generating module is configured to determine respective pair of external communication processes of all application programs based on the operation attribute information, so as to generate a plurality of pairs of external communication messages corresponding to all application programs, where the pair of external communication messages includes:
And generating a plurality of external communication messages corresponding to the application program based on the execution data packet and the execution time.
In the above technical solution, applications with different types and functions are installed in terminals such as a smart phone or a tablet computer, and each application may need to interact with other external terminals in the running process, and at this time, external communication messages from the applications need to be sent and transmitted. In order to ensure that all application programs in the terminal can acquire timely transmission and transmission of external communication messages, the task processing process of each application program in the running process needs to be identified, specifically, the program running log of the terminal is analyzed to obtain all application programs in a foreground starting state, the application programs in the corresponding task processing state are identified in a calibrating mode, then the application programs are monitored by taking the port addresses of the application programs in the foreground starting state as references to obtain the task processing process attribute information of the application programs, and therefore all process state attributes of the application programs, which need to be executed in the task processing process, of the application programs are characterized, and the external communication requirements in the operation process of all subordinate processes of the application programs can be identified accurately. And then, based on the execution data packet and the execution time of the external communication process of the application program, generating a plurality of pairs of external communication messages corresponding to the application program in the running process, thus being capable of timely and accurately generating the external communication messages required by the application program and improving the running efficiency and the reliability of the application program.
Preferably, the message cluster dividing module is configured to divide all external communication messages into a plurality of message clusters based on message attribute information of all external communication messages, including:
The method comprises the steps of carrying out transmission target terminal identification on all external communication messages to obtain the identity attribute information of each transmission target terminal of all the external communication messages;
the message cluster distribution module is configured to distribute all message clusters to corresponding communication channels based on working states of all communication channels subordinate to the terminal, where the message cluster distribution module includes:
The method comprises the steps of identifying the working state of all communication channels subordinate to the terminal to obtain the communication bandwidths respectively allocated to all communication channels, comparing the communication bandwidths respectively allocated to all communication channels with the maximum message data volume respectively allocated to all message clusters, and respectively allocating all message clusters to the corresponding communication channels.
In the above technical solution, different outbound communication messages generated by an application program in a task processing process may need to be sent and transmitted to different external target terminals, so that network links through which different outbound communication messages pass in a sending and transmitting process are different, in order to facilitate centralized and unified sending and transmitting of the outbound communication messages to be sent and transmitted to the same target terminal, sending target terminal identification is performed on all outbound communication messages, identity attribute information of respective sending target terminals of all outbound communication messages is obtained, and all outbound communication messages to be sent to the same target terminal are divided into the same message cluster, so that all outbound communication messages subordinate to the same message cluster need to be sent and transmitted to the same external target terminal, and all outbound communication messages subordinate to the same message cluster can be sent and transmitted through the same network link. And identifying the working state of all communication channels subordinate to the terminal to obtain the communication bandwidth allocated to each communication channel, namely determining the communication bandwidth value allowed to be used by each communication channel, comparing the communication bandwidth allocated to each communication channel with the maximum message data quantity of each message cluster, and respectively allocating the message clusters to the corresponding communication channels, so that the message clusters with larger message data quantity can be allocated to the communication channels with larger communication bandwidth, ensuring that all the message clusters can obtain the communication channels matched with the data quantity of the message clusters, improving the transmission efficiency of the message clusters, and avoiding the situation of transmission blockage of the message clusters.
Preferably, the available network identifying module is configured to perform multi-network signal searching for an environment where the terminal is located, identify all available networks to which the terminal can connect, and include:
The method comprises the steps of carrying out multi-network signal search on an environment where the terminal is located to obtain signal strength change information of all network signals in the environment within a preset time interval, determining respective signal stability of all networks in the environment based on the signal strength change information, and identifying all available networks to which the terminal can be connected based on the signal stability;
The message transmission security attribute determining module is used for respectively carrying out traceability and identification on all available networks to obtain respective link gateway characteristic information of all the available networks, and determining the message transmission security attribute information of the available networks based on the link gateway characteristic information, and comprises the following steps:
The method comprises the steps of respectively carrying out link gateway tracing identification on each available network to obtain position information of all gateways contained in all links of each available network, retrieving and analyzing respective historical message transmission records of all gateways based on the position information of all the gateways to obtain respective message transmission packet loss occurrence attribute information of all the gateways in a historical message transmission process, and determining message transmission integrity of each available network based on the message transmission packet loss occurrence attribute information to serve as message transmission safety attribute information, wherein the message transmission integrity comprises message transmission integrity corresponding to a message transmitted to each target terminal through the available network.
In the above technical solution, the environment space where the terminal is located may have a plurality of different types of network signals, where the different network signals are correspondingly connected to different types of networks, so that in order to enable the terminal to obtain connection rights for different networks, the environment where the terminal is located is searched for multiple network signals, signal strength variation information of all network signals existing in the environment within a preset time interval is obtained, and based on the signal strength variation information, the signal average strength and the signal strength drift rate of all networks existing in the environment are determined, so that the signal stability of all networks is determined, generally, the signal average strength is larger and/or the signal strength drift rate is smaller, and the corresponding signal stability is higher. And comparing the signal stability of all the networks with a preset stability threshold, and determining the corresponding network as an available network to which the terminal can be connected when the signal stability exceeds the preset stability threshold. And respectively carrying out link gateway tracing identification on each available network to obtain the position information of all gateways contained in all links subordinate to each available network, so as to call and analyze the respective historical message transmission records of all the gateways to obtain the respective message transmission packet loss occurrence attribute information of all the gateways in the historical message transmission process, wherein the message transmission packet loss occurrence attribute information can comprise, but is not limited to, the message transmission packet loss rate and/or the message transmission packet loss occurrence frequency of each gateway in the historical message transmission process. And determining the message transmission integrity of each available network based on the message transmission packet loss occurrence attribute information, which belongs to a conventional technical means in the field, and is not described in detail herein, so that a reliable basis can be provided for the subsequent realization of the matching connection of the communication channel and the network.
Preferably, the network connection sequence determining module is configured to identify a message receiving state of all communication channels, determine a network connection sequence of all communication channels, and include:
The method comprises the steps of carrying out message data quantity receiving state identification on each communication channel, predicting the occurrence time when the allocated message data quantity of each communication channel reaches the upper limit of self allowable received data quantity, and determining the network connection sequence of all communication channels based on the sequence from early to late of the occurrence time corresponding to all communication channels;
The network connection execution and change module is used for selecting a matched network for a communication channel needing to be externally connected with a network at present based on the information transmission safety attribute information, and automatically changing the network connection state of the communication channel needing to be externally connected with the network at present based on the information transmission attribute information of the communication channel needing to be externally connected with the network at present, and comprises the following steps:
And based on the message transmission safety attribute information, selecting a matched network for the communication channel of the current external connection network, and based on the predicted time consumption length for message transmission completion of the communication channel of the current external connection network, automatically changing the network connection state time length association of the communication channel of the current external connection network.
In the above technical solution, the message data volume receiving state identification is performed on each communication channel, the occurrence time when the message data volume allocated to each communication channel reaches the upper limit of the self allowable receiving data volume is predicted, when the message data volume allocated to the communication channel reaches the upper limit of the self allowable receiving data volume, it indicates that the communication channel has reached the message receiving saturation state, and at this time, the message received by the communication channel needs to be sent and transmitted to the outside. And determining the network connection sequence of all the communication channels based on the sequence from early to late of the corresponding occurrence time of all the communication channels, so as to ensure that all the communication channels can send and transmit the received messages to the outside in time equally. And the available network which is contained based on the information transmission safety attribute information transmits the information to the corresponding information transmission integrity of each target terminal and the target terminal to which the information needs to be transmitted by the communication channel of the external connection network, so that the matched network is selected for the communication channel of the external connection network which is needed at present, and therefore, each communication channel can obtain equal network connection authority, and the data transmission advantages of different networks are fully utilized. And the predicted time-consuming length is finished based on the message sending of the communication channel needing to be externally connected with the network, and the network connection state time duration association of the communication channel needing to be externally connected with the network is automatically changed, namely if the actual time duration of the network connection of the communication channel needing to be externally connected with the network exceeds the corresponding predicted time-consuming length, the connection between the communication channel and the corresponding network is automatically interrupted, so that the corresponding network can be connected with other communication channels, and the problem that the other communication channels cannot equally acquire the connection authority with the corresponding network due to the fact that one communication channel occupies the same network for a long time is avoided.
According to the method and the system for managing and controlling the terminal communication safety under the multi-network scene, the running attribute information of all application programs subordinate to the terminal is monitored, the opposite external communication process of each application program is determined, a plurality of corresponding opposite external communication messages are generated, the opposite external communication requirements of different application programs are processed in a timely and directional mode, all the opposite external communication messages are divided into a plurality of message clusters and distributed to corresponding communication channels, differentiated transmission of different message clusters is achieved, optimal transmission processing of each message cluster is guaranteed, all available networks which can be connected with an identification terminal are searched, link gateway characteristic information of each available network is obtained through tracing identification of each available network, information transmission safety attribute information of each available network is determined, operation safety of the available network under different message transmission scenes is accurately determined, the communication channels which are required to be connected with the network at present are selected to be matched, network connection states of the communication channels which are required to be connected with the opposite external network are automatically changed, the communication channels which are required to be connected with the external network can be guaranteed, the advantage of network connection of each communication channel which can be obtained, the reliability of the communication channels is improved, and the reliability of the communication terminal is improved.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (10)

1.多网络场景下的终端通信安全管控方法,其特征在于,其包括如下步骤:1. A terminal communication security management and control method in a multi-network scenario, characterized in that it comprises the following steps: 步骤S1,对终端下属所有应用程序进行监听,得到所有应用程序各自的运行属性信息;基于所述运行属性信息,确定所有应用程序各自的对外通信进程,以此生成与所有应用程序各自对应的若干对外通信消息;Step S1, monitoring all applications under the terminal to obtain the operation attribute information of all applications; based on the operation attribute information, determining the external communication processes of all applications, thereby generating a number of external communication messages corresponding to all applications; 步骤S2,基于所有对外通信消息的消息属性信息,将所有对外通信消息划分为若干消息集群;基于所述终端下属所有通信通道的工作状态,将所有消息集群分别分配至相应的通信通道;Step S2, based on the message attribute information of all external communication messages, all external communication messages are divided into a number of message clusters; based on the working status of all communication channels under the terminal, all message clusters are respectively allocated to corresponding communication channels; 步骤S3,对所述终端所在环境进行多网络信号搜索,识别所述终端能够连接的所有可用网络;对所有可用网络分别进行追溯识别,得到所有可用网络各自的链路网关特征信息;基于所述链路网关特征信息,确定所述可用网络的消息传输安全属性信息;Step S3, performing a multi-network signal search on the environment where the terminal is located to identify all available networks to which the terminal can connect; performing retrospective identification on all available networks to obtain link gateway feature information of each of the available networks; and determining message transmission security attribute information of the available networks based on the link gateway feature information; 步骤S4,对所有通信通道进行消息接收状态识别,确定所有通信通道的网络连接顺序;基于所述消息传输安全属性信息,为当前需要对外连接网络的通信通道选择匹配的网络;并基于当前需要对外连接网络的通信通道的消息发送属性信息,对当前需要对外连接网络的通信通道进行网络连接状态自动变更。Step S4, identifying the message receiving status of all communication channels and determining the network connection order of all communication channels; based on the message transmission security attribute information, selecting a matching network for the communication channel that currently needs to connect to the external network; and based on the message sending attribute information of the communication channel that currently needs to connect to the external network, automatically changing the network connection status of the communication channel that currently needs to connect to the external network. 2.如权利要求1所述的多网络场景下的终端通信安全管控方法,其特征在于:2. The terminal communication security management and control method in a multi-network scenario according to claim 1, characterized in that: 在所述步骤S1中,对终端下属所有应用程序进行监听,得到所有应用程序各自的运行属性信息;基于所述运行属性信息,确定所有应用程序各自的对外通信进程,以此生成与所有应用程序各自对应的若干对外通信消息,包括:In the step S1, all applications under the terminal are monitored to obtain the operation attribute information of all applications; based on the operation attribute information, the external communication processes of all applications are determined, thereby generating a number of external communication messages corresponding to all applications, including: 基于终端的程序运行日志,确定处于前台启动状态的所有应用程序;基于处于前台启动状态的所有应用程序的端口地址,对所有应用程序进行监听,得到所有应用程序各自的任务处理进程属性信息;其中,所述任务处理进程属性信息包括所述应用程序在任务处理过程中需要执行的所有进程属性信息;Based on the program running log of the terminal, all applications in the foreground startup state are determined; based on the port addresses of all applications in the foreground startup state, all applications are monitored to obtain the task processing process attribute information of all applications; wherein the task processing process attribute information includes all process attribute information that the application needs to execute during the task processing process; 基于所述任务处理进程属性信息,确定所述应用程序的对外通信进程的执行数据包和执行时间;基于所述执行数据包和所述执行时间,生成与所述应用程序对应的若干对外通信消息。Based on the task processing process attribute information, the execution data packet and execution time of the external communication process of the application are determined; based on the execution data packet and the execution time, a plurality of external communication messages corresponding to the application are generated. 3.如权利要求1所述的多网络场景下的终端通信安全管控方法,其特征在于:3. The terminal communication security management and control method in a multi-network scenario according to claim 1, characterized in that: 在所述步骤S2中,基于所有对外通信消息的消息属性信息,将所有对外通信消息划分为若干消息集群;基于所述终端下属所有通信通道的工作状态,将所有消息集群分别分配至相应的通信通道,包括:In the step S2, based on the message attribute information of all external communication messages, all external communication messages are divided into a plurality of message clusters; based on the working status of all communication channels under the terminal, all message clusters are respectively assigned to corresponding communication channels, including: 对所有对外通信消息进行发送目标终端识别,得到所有对外通信消息各自的发送目标终端的身份属性信息;基于所述身份属性信息,将需要发送至同一目标终端的所有对外通信消息划分到同一消息集群;Identify the sending target terminals of all external communication messages to obtain the identity attribute information of the sending target terminals of all external communication messages; and classify all external communication messages that need to be sent to the same target terminal into the same message cluster based on the identity attribute information; 对所述终端下属所有通信通道进行工作状态识别,得到所有通信通道各自被分配的通信带宽;将所有通信通道各自被分配的通信带宽与所有消息集群各自的最大消息数据量进行对比,将所有消息集群分别分配至相应的通信通道。The working status of all communication channels under the terminal is identified to obtain the communication bandwidths allocated to all communication channels respectively; the communication bandwidths allocated to all communication channels respectively are compared with the maximum message data volume of all message clusters respectively, and all message clusters are allocated to corresponding communication channels respectively. 4.如权利要求1所述的多网络场景下的终端通信安全管控方法,其特征在于:4. The terminal communication security management and control method in a multi-network scenario according to claim 1, characterized in that: 在所述步骤S3中,对所述终端所在环境进行多网络信号搜索,识别所述终端能够连接的所有可用网络;对所有可用网络分别进行追溯识别,得到所有可用网络各自的链路网关特征信息;基于所述链路网关特征信息,确定所述可用网络的消息传输安全属性信息,包括:In the step S3, a multi-network signal search is performed on the environment where the terminal is located to identify all available networks to which the terminal can connect; all available networks are retroactively identified to obtain link gateway feature information of all available networks; based on the link gateway feature information, message transmission security attribute information of the available networks is determined, including: 对所述终端所在环境进行多网络信号搜索,得到所述环境存在的所有网络信号在预设时间区间范围内的信号强度变化信息;基于所述信号强度变化信息,确定所述环境存在的所有网络各自的信号稳定度;基于所述信号稳定度,识别所述终端能够连接的所有可用网络;Performing a multi-network signal search in the environment where the terminal is located to obtain signal strength change information of all network signals in the environment within a preset time interval; determining the signal stability of all networks in the environment based on the signal strength change information; and identifying all available networks to which the terminal can connect based on the signal stability; 对每个可用网络分别进行链路网关追溯识别,得到每个可用网络下属所有链路包含的所有网关的位置信息;基于所有网关的位置信息,调取与分析所有网关各自的历史消息传输记录,得到所有网关在历史消息传输过程中各自的消息传输丢包发生属性信息;再基于所述消息传输丢包发生属性信息,确定每个可用网络的消息传输完整度,以此作为所述消息传输安全属性信息;其中,所述消息传输完整度包括通过所述可用网络将消息传输至每个目标终端对应的消息传输完整度。Perform link gateway tracing and identification on each available network respectively, and obtain the location information of all gateways included in all links under each available network; based on the location information of all gateways, retrieve and analyze the historical message transmission records of all gateways respectively, and obtain the message transmission packet loss occurrence attribute information of all gateways during the historical message transmission process; then, based on the message transmission packet loss occurrence attribute information, determine the message transmission integrity of each available network, and use this as the message transmission security attribute information; wherein, the message transmission integrity includes the message transmission integrity corresponding to the message transmission to each target terminal through the available network. 5.如权利要求1所述的多网络场景下的终端通信安全管控方法,其特征在于:5. The terminal communication security management and control method in a multi-network scenario according to claim 1, characterized in that: 在所述步骤S4中,对所有通信通道进行消息接收状态识别,确定所有通信通道的网络连接顺序;基于所述消息传输安全属性信息,为当前需要对外连接网络的通信通道选择匹配的网络;并基于当前需要对外连接网络的通信通道的消息发送属性信息,对当前需要对外连接网络的通信通道进行网络连接状态自动变更,包括:In the step S4, the message receiving state of all communication channels is identified to determine the network connection order of all communication channels; based on the message transmission security attribute information, a matching network is selected for the communication channel that currently needs to be connected to the network; and based on the message sending attribute information of the communication channel that currently needs to be connected to the network, the network connection state of the communication channel that currently needs to be connected to the network is automatically changed, including: 对每个通信通道进行消息数据量接收状态识别,预测每个通信通道被分配的消息数据量达到自身允许接收数据量上限的发生时间;基于所有通信通道对应的发生时间由早到晚的顺序,确定所有通信通道的网络连接顺序;Identify the message data volume receiving status of each communication channel, and predict the time when the message data volume allocated to each communication channel reaches the upper limit of the data volume allowed to be received by itself; determine the network connection order of all communication channels based on the order of the corresponding occurrence times of all communication channels from early to late; 基于所述消息传输安全属性信息包含的所述可用网络将消息传输至每个目标终端对应的消息传输完整度以及当前需要对外连接网络的通信通道需要将消息传输到的目标终端,为当前需要对外连接网络的通信通道选择匹配的网络;并基于当前需要对外连接网络的通信通道的消息发送完成预计耗时长度,对当前需要对外连接网络的通信通道进行网络连接状态时长关联自动变更。Based on the message transmission completeness corresponding to the available network transmitted to each target terminal contained in the message transmission security attribute information and the target terminal to which the communication channel that currently needs to connect to the external network needs to transmit the message, a matching network is selected for the communication channel that currently needs to connect to the external network; and based on the estimated time required to complete the message sending of the communication channel that currently needs to connect to the external network, the network connection status duration of the communication channel that currently needs to connect to the external network is automatically changed in association with it. 6.多网络场景下的终端通信安全管控系统,其特征在于,包括:6. The terminal communication security management and control system in a multi-network scenario is characterized by including: 终端监听模块,用于对终端下属所有应用程序进行监听,得到所有应用程序各自的运行属性信息;The terminal monitoring module is used to monitor all applications under the terminal and obtain the running attribute information of all applications; 对外通信消息生成模块,用于基于所述运行属性信息,确定所有应用程序各自的对外通信进程,以此生成与所有应用程序各自对应的若干对外通信消息;An external communication message generation module, used to determine the external communication processes of all the applications based on the operation attribute information, thereby generating a number of external communication messages corresponding to all the applications; 消息集群划分模块,用于基于所有对外通信消息的消息属性信息,将所有对外通信消息划分为若干消息集群;A message cluster division module, used to divide all external communication messages into several message clusters based on message attribute information of all external communication messages; 消息集群分配模块,用于基于所述终端下属所有通信通道的工作状态,将所有消息集群分别分配至相应的通信通道;A message cluster allocation module, used to allocate all message clusters to corresponding communication channels based on the working status of all communication channels under the terminal; 可用网络识别模块,用于对所述终端所在环境进行多网络信号搜索,识别所述终端能够连接的所有可用网络;An available network identification module, used to search for multiple network signals in the environment where the terminal is located, and identify all available networks to which the terminal can connect; 消息传输安全属性确定模块,用于对所有可用网络分别进行追溯识别,得到所有可用网络各自的链路网关特征信息;基于所述链路网关特征信息,确定所述可用网络的消息传输安全属性信息;A message transmission security attribute determination module is used to retroactively identify all available networks respectively, obtain link gateway characteristic information of all available networks respectively; based on the link gateway characteristic information, determine the message transmission security attribute information of the available networks; 网络连接顺序确定模块,用于对所有通信通道进行消息接收状态识别,确定所有通信通道的网络连接顺序;A network connection sequence determination module is used to identify the message receiving status of all communication channels and determine the network connection sequence of all communication channels; 网络连接执行与变更模块,用于基于所述消息传输安全属性信息,为当前需要对外连接网络的通信通道选择匹配的网络;并基于当前需要对外连接网络的通信通道的消息发送属性信息,对当前需要对外连接网络的通信通道进行网络连接状态自动变更。The network connection execution and change module is used to select a matching network for the communication channel that currently needs to connect to the external network based on the message transmission security attribute information; and automatically change the network connection status of the communication channel that currently needs to connect to the external network based on the message sending attribute information of the communication channel that currently needs to connect to the external network. 7.如权利要求6所述的多网络场景下的终端通信安全管控系统,其特征在于:7. The terminal communication security management and control system in a multi-network scenario according to claim 6, characterized in that: 所述终端监听模块,用于对终端下属所有应用程序进行监听,得到所有应用程序各自的运行属性信息,包括:The terminal monitoring module is used to monitor all applications under the terminal and obtain the running attribute information of all applications, including: 基于终端的程序运行日志,确定处于前台启动状态的所有应用程序;基于处于前台启动状态的所有应用程序的端口地址,对所有应用程序进行监听,得到所有应用程序各自的任务处理进程属性信息;其中,所述任务处理进程属性信息包括所述应用程序在任务处理过程中需要执行的所有进程属性信息;Based on the program running log of the terminal, all applications in the foreground startup state are determined; based on the port addresses of all applications in the foreground startup state, all applications are monitored to obtain the task processing process attribute information of all applications; wherein the task processing process attribute information includes all process attribute information that the application needs to execute during the task processing process; 所述对外通信消息生成模块,用于基于所述运行属性信息,确定所有应用程序各自的对外通信进程,以此生成与所有应用程序各自对应的若干对外通信消息,包括:The external communication message generation module is used to determine the external communication processes of all the applications based on the operation attribute information, so as to generate a number of external communication messages corresponding to all the applications, including: 基于所述任务处理进程属性信息,确定所述应用程序的对外通信进程的执行数据包和执行时间;基于所述执行数据包和所述执行时间,生成与所述应用程序对应的若干对外通信消息。Based on the task processing process attribute information, the execution data packet and execution time of the external communication process of the application are determined; based on the execution data packet and the execution time, a plurality of external communication messages corresponding to the application are generated. 8.如权利要求6所述的多网络场景下的终端通信安全管控系统,其特征在于:8. The terminal communication security management and control system in a multi-network scenario according to claim 6, characterized in that: 所述消息集群划分模块,用于基于所有对外通信消息的消息属性信息,将所有对外通信消息划分为若干消息集群,包括:The message cluster division module is used to divide all external communication messages into a number of message clusters based on the message attribute information of all external communication messages, including: 对所有对外通信消息进行发送目标终端识别,得到所有对外通信消息各自的发送目标终端的身份属性信息;基于所述身份属性信息,将需要发送至同一目标终端的所有对外通信消息划分到同一消息集群;Identify the sending target terminals of all external communication messages to obtain the identity attribute information of the sending target terminals of all external communication messages; and classify all external communication messages that need to be sent to the same target terminal into the same message cluster based on the identity attribute information; 所述消息集群分配模块,用于基于所述终端下属所有通信通道的工作状态,将所有消息集群分别分配至相应的通信通道,包括:The message cluster allocation module is used to allocate all message clusters to corresponding communication channels based on the working status of all communication channels under the terminal, including: 对所述终端下属所有通信通道进行工作状态识别,得到所有通信通道各自被分配的通信带宽;将所有通信通道各自被分配的通信带宽与所有消息集群各自的最大消息数据量进行对比,将所有消息集群分别分配至相应的通信通道。The working status of all communication channels under the terminal is identified to obtain the communication bandwidths allocated to all communication channels respectively; the communication bandwidths allocated to all communication channels respectively are compared with the maximum message data volume of all message clusters respectively, and all message clusters are allocated to corresponding communication channels respectively. 9.如权利要求6所述的多网络场景下的终端通信安全管控系统,其特征在于:9. The terminal communication security management and control system in a multi-network scenario according to claim 6, characterized in that: 所述可用网络识别模块,用于对所述终端所在环境进行多网络信号搜索,识别所述终端能够连接的所有可用网络,包括:The available network identification module is used to search for multiple network signals in the environment where the terminal is located, and identify all available networks to which the terminal can connect, including: 对所述终端所在环境进行多网络信号搜索,得到所述环境存在的所有网络信号在预设时间区间范围内的信号强度变化信息;基于所述信号强度变化信息,确定所述环境存在的所有网络各自的信号稳定度;基于所述信号稳定度,识别所述终端能够连接的所有可用网络;Performing a multi-network signal search in the environment where the terminal is located to obtain signal strength change information of all network signals in the environment within a preset time interval; determining the signal stability of all networks in the environment based on the signal strength change information; and identifying all available networks to which the terminal can connect based on the signal stability; 所述消息传输安全属性确定模块,用于对所有可用网络分别进行追溯识别,得到所有可用网络各自的链路网关特征信息;基于所述链路网关特征信息,确定所述可用网络的消息传输安全属性信息,包括:The message transmission security attribute determination module is used to retroactively identify all available networks respectively to obtain link gateway feature information of all available networks; based on the link gateway feature information, determine the message transmission security attribute information of the available networks, including: 对每个可用网络分别进行链路网关追溯识别,得到每个可用网络下属所有链路包含的所有网关的位置信息;基于所有网关的位置信息,调取与分析所有网关各自的历史消息传输记录,得到所有网关在历史消息传输过程中各自的消息传输丢包发生属性信息;再基于所述消息传输丢包发生属性信息,确定每个可用网络的消息传输完整度,以此作为所述消息传输安全属性信息;其中,所述消息传输完整度包括通过所述可用网络将消息传输至每个目标终端对应的消息传输完整度。Perform link gateway tracing and identification on each available network respectively, and obtain the location information of all gateways included in all links under each available network; based on the location information of all gateways, retrieve and analyze the historical message transmission records of all gateways respectively, and obtain the message transmission packet loss occurrence attribute information of all gateways during the historical message transmission process; then, based on the message transmission packet loss occurrence attribute information, determine the message transmission integrity of each available network, and use this as the message transmission security attribute information; wherein, the message transmission integrity includes the message transmission integrity corresponding to the message transmission to each target terminal through the available network. 10.如权利要求6所述的多网络场景下的终端通信安全管控系统,其特征在于:10. The terminal communication security management and control system in a multi-network scenario according to claim 6, characterized in that: 所述网络连接顺序确定模块,用于对所有通信通道进行消息接收状态识别,确定所有通信通道的网络连接顺序,包括:The network connection sequence determination module is used to identify the message receiving status of all communication channels and determine the network connection sequence of all communication channels, including: 对每个通信通道进行消息数据量接收状态识别,预测每个通信通道被分配的消息数据量达到自身允许接收数据量上限的发生时间;基于所有通信通道对应的发生时间由早到晚的顺序,确定所有通信通道的网络连接顺序;Identify the message data volume receiving status of each communication channel, and predict the time when the message data volume allocated to each communication channel reaches the upper limit of the data volume allowed to be received by itself; determine the network connection order of all communication channels based on the order of the corresponding occurrence times of all communication channels from early to late; 所述网络连接执行与变更模块,用于基于所述消息传输安全属性信息,为当前需要对外连接网络的通信通道选择匹配的网络;并基于当前需要对外连接网络的通信通道的消息发送属性信息,对当前需要对外连接网络的通信通道进行网络连接状态自动变更,包括:The network connection execution and change module is used to select a matching network for the communication channel that currently needs to be connected to the network based on the message transmission security attribute information; and automatically change the network connection state of the communication channel that currently needs to be connected to the network based on the message sending attribute information of the communication channel that currently needs to be connected to the network, including: 基于所述消息传输安全属性信息包含的所述可用网络将消息传输至每个目标终端对应的消息传输完整度以及当前需要对外连接网络的通信通道需要将消息传输到的目标终端,为当前需要对外连接网络的通信通道选择匹配的网络;并基于当前需要对外连接网络的通信通道的消息发送完成预计耗时长度,对当前需要对外连接网络的通信通道进行网络连接状态时长关联自动变更。Based on the message transmission completeness corresponding to the available network transmitted to each target terminal contained in the message transmission security attribute information and the target terminal to which the communication channel that currently needs to connect to the external network needs to transmit the message, a matching network is selected for the communication channel that currently needs to connect to the external network; and based on the estimated time required to complete the message sending of the communication channel that currently needs to connect to the external network, the network connection status duration of the communication channel that currently needs to connect to the external network is automatically changed in association with it.
CN202411442895.4A 2024-10-16 Terminal communication security management and control method and system in multi-network scenarios Active CN119421185B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411442895.4A CN119421185B (en) 2024-10-16 Terminal communication security management and control method and system in multi-network scenarios

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411442895.4A CN119421185B (en) 2024-10-16 Terminal communication security management and control method and system in multi-network scenarios

Publications (2)

Publication Number Publication Date
CN119421185A true CN119421185A (en) 2025-02-11
CN119421185B CN119421185B (en) 2025-10-14

Family

ID=

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130111038A1 (en) * 2010-07-09 2013-05-02 Attila Technologies, Llc Transparent Proxy Architecture for Multi-Path Data Connections
CN105338569A (en) * 2015-09-30 2016-02-17 宇龙计算机通信科技(深圳)有限公司 Multi-bearer data transmission method and device
CN105630584A (en) * 2015-06-16 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Operation control method and system of application program and terminal
CN107484172A (en) * 2017-08-15 2017-12-15 上海展扬通信技术有限公司 The method for connecting network and network connection device of a kind of intelligent terminal
CN110505675A (en) * 2019-08-12 2019-11-26 RealMe重庆移动通信有限公司 Method for connecting network and device, storage medium, communication terminal
WO2024045576A1 (en) * 2022-08-30 2024-03-07 中兴通讯股份有限公司 Network link generation method, server and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130111038A1 (en) * 2010-07-09 2013-05-02 Attila Technologies, Llc Transparent Proxy Architecture for Multi-Path Data Connections
CN105630584A (en) * 2015-06-16 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Operation control method and system of application program and terminal
CN105338569A (en) * 2015-09-30 2016-02-17 宇龙计算机通信科技(深圳)有限公司 Multi-bearer data transmission method and device
CN107484172A (en) * 2017-08-15 2017-12-15 上海展扬通信技术有限公司 The method for connecting network and network connection device of a kind of intelligent terminal
CN110505675A (en) * 2019-08-12 2019-11-26 RealMe重庆移动通信有限公司 Method for connecting network and device, storage medium, communication terminal
WO2024045576A1 (en) * 2022-08-30 2024-03-07 中兴通讯股份有限公司 Network link generation method, server and storage medium

Similar Documents

Publication Publication Date Title
US20240430695A1 (en) Performance assurance and optimization for gaa and pal devices in a cbrs network for private enterprise environment
EP3072260B1 (en) Methods, systems, and computer readable media for a network function virtualization information concentrator
CN113678415B (en) Systems for optimizing data communications
CN111835562A (en) Log uploading method, log query method and log query system
US9621438B2 (en) Network traffic management
CN104869155A (en) Data auditing method and device
CN113709715B (en) Slice resource allocation method, device, computer equipment and storage medium
CN113518125A (en) Offline data uploading method and system, storage medium and electronic device
CN117076117A (en) Intelligent media meeting place scheduling method and system based on new communication architecture
CN119065864B (en) Cloud management method and system for autonomous and controllable devices
CN111245938B (en) Robot cluster management method, robot cluster, robot and related equipment
CN119421185B (en) Terminal communication security management and control method and system in multi-network scenarios
CN119421185A (en) Terminal communication security management and control method and system in multi-network scenarios
CN115460659B (en) Wireless communication data analysis system for bandwidth adjustment
CN117793103A (en) Hardware resource sharing method and system based on D2D network
WO2023153898A1 (en) Electronic device for managing hardware resource, and operating method thereof
CN112564943A (en) Data transmission method, system and medium based on multiple network nodes
CN118695334B (en) An Internet of Things system based on dual-band Wi-Fi Mesh technology
CN119341995B (en) Data communication method and system for data communication network
CN118555280B (en) Block chain network dynamic scheduling method and system based on machine learning
US20250071573A1 (en) Dynamic network slicing for wireless networks using clustering and packet inspection
CN119967454B (en) Method, device, communication equipment and storage medium for optimizing wireless access network
CN113225204B (en) Gateway control method and system
CN111065080A (en) Data transmission method based on Bluetooth router and Bluetooth router
KR20240093019A (en) Apparatus and method for monitoring abnormality of IoT routers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant