CN114845303A - Industrial control network external connection equipment detection method and system based on API - Google Patents

Abstract

The invention discloses an industrial control network external connection equipment detection method based on an application program interface, which comprises the steps of obtaining Bluetooth communication equipment information in a client by calling a bluetoothothapi interface, obtaining relevant parameters of a client network by calling an iphlpapi interface, and judging whether the client is in connection communication with an illegal external connection; a new program protection mechanism is designed, namely after the scanning program is detected to be closed from the process manager, the process termination authority of the program is modified, the program is prevented from being closed from the outside, and continuous scanning of the client side is guaranteed. Its aim at, through the continuous scanning to client network card and bluetooth, solve the information security problem that exists among the industrial control safety. The invention also discloses an industrial control network external equipment detection system based on the application program interface.

Description

Industrial control network external connection equipment detection method and system based on API

Technical Field

The invention belongs to the technical field of industrial control networks, and particularly relates to an industrial control network external device detection method and system based on an API.

Background

According to the industrial control safety report newly released by the market research institution RAM, the global industrial network safety market scale will increase with a composite growth rate of 6.6% in the last five years. The rapid expansion of the global industrial network security market is due to the increasingly severe security issues of industrial control. In which, the data leakage problem is frequently seen, thereby causing the industrial control safety problem to be gradually serious. To solve this problem, intrusion detection mechanisms must be employed in industrial control networks to reduce the risk of data leakage.

Currently, the commonly used intrusion detection schemes for industrial control networks mainly include the following:

1. constructing a mode of establishing a survival Time value (TTL for short) To detect the violation external connection: firstly, recording the external network address accessed by the computer each time in a list of the external network addresses; then constructing an Internet control message protocol ICMP echo request message of an appointed TTL value of the survival time, and acquiring routing path information reaching an appointed destination address; and finally, judging whether the routing path information contains a legal exit address of the network to which the computer belongs, so as to determine whether the computer has illegal external connection.

2. Client/Server (Client/Server, abbreviated as C/S) mode: the main principle is to monitor the data packets at the bottom layer of the computer based on the routing table of Windows. The realization method is that a monitoring alarm center is arranged in an intranet, a monitoring agent is installed on each detection client to monitor the detection client in real time, if the monitoring agent finds that the client to be detected has any illegal behaviors, illegal information is sent to the monitoring alarm center, and the next operation is carried out.

3. The dual-machine mode: packet-based detection principles. An independent monitoring center is installed in the intranet, an alarm center for receiving response is installed outside the intranet, the detection center continuously sends a detection packet to a client in the intranet, meanwhile, a source IP of the detection packet is changed into a source IP of the alarm center in the extranet, if the client equipment at the moment is connected into the extranet, the response packet is directly sent to the alarm center of the extranet, and the alarm center can know which client in the illegal extranet is in the intranet, so that the operation of blocking the client is performed.

However, the above-mentioned industrial control network intrusion detection method still has some non-negligible technical problems: firstly, the TTL is still constructed and established in such a way that an external network still needs to be accessed, so that information leakage risks still exist; secondly, the C/S mode has the problems of complex development, inconvenient deployment and the like; thirdly, if the client strengthens the protection measures of the client, such as installation of a firewall and the like, the C/S mode has the possibility of blocking or missing report of data packet transmission between a monitoring agent on the client and a monitoring alarm center, so that accurate intrusion detection and blocking cannot be realized; fourthly, the dual-machine mode can shield the detection packet from the beginning for the client with the protective measures such as the firewall and the like, so that the detection result is prevented from being influenced by the detection of illegal external connection; fifth, when the dual-machine method is applied to some complex internal networks, it is complicated to deploy a monitoring center in the internal network.

Disclosure of Invention

Aiming at the defects or the improvement requirements in the prior art, the invention provides an industrial control network external equipment detection method based on an API (application program interface), aiming at solving the technical problem that the existing method for establishing the survival time value based on the structure still has the risk of information leakage because the external network still needs to be accessed; the existing C/S mode has the technical problems of complicated development and inconvenient deployment, and the technical problem that if the client strengthens the protection measure of the client, the possibility of blocking or missing the transmission of data packets between a monitoring agent on the client and a monitoring alarm center exists, so that accurate intrusion detection and blocking cannot be realized; the existing dual-computer mode can shield the detection packet from the beginning for the client with the protection measures such as firewall and the like, which leads to the technical problem of influencing the detection result, and the technical problem of more complicated deployment of the monitoring center in the intranet when the existing dual-computer mode is applied to some complicated internal networks.

In order to achieve the above object, according to an aspect of the present invention, there is provided an industrial control network external device detection method based on an API, which is applied to a client communicatively connected to a server, and the industrial control network external device detection method includes the following steps:

(1) setting the detection counter check _ cnt to 1;

(2) judging whether the check _ cnt is larger than the preset total detection number N or not, if so, ending the process, otherwise, turning to the step (3);

(3) judging whether the check _ cnt is an odd number or an even number, if so, turning to the step (4), otherwise, turning to the step (9);

(4) setting a counter i to be 1;

(5) judging whether the counter i is larger than the total number of the Bluetooth receivers on the client side, if so, setting a detection counter check _ cnt to check _ cnt +1, returning to the step (2), and otherwise, entering the step (6);

(6) judging whether a handle corresponding to the first Bluetooth device connected with the ith Bluetooth receiver can be acquired by calling a bluetooth api interface, if so, entering the step (7), otherwise, setting a counter i to be i +1, and returning to the step (5);

(7) calling a bluetooth interface to scan a plurality of remote bluetooth devices which can be scanned by an ith bluetooth receiver on a client, judging whether at least one remote bluetooth device is in a connection state with the bluetooth device connected with the ith bluetooth receiver, if so, indicating that the handle is in illegal connection, popping alarm information, and ending the process; otherwise, entering the step (8);

(8) calling a bluetooth interface to judge whether a handle corresponding to the next bluetooth device connected with the ith bluetooth receiver can be acquired, if so, returning to the step (7), otherwise, setting i to i +1, and returning to the step (5);

(9) setting a counter j equal to 1;

(10) judging whether the counter j is larger than the total number of adapters on the client side, if so, setting a detection counter check _ cnt to check _ cnt +1, returning to the step (2), and otherwise, entering the step (11);

(11) acquiring adapter information of a jth adapter on a client by calling an iphlpapi interface;

(12) judging whether the jth adapter is a wireless local area network card or not according to the adapter information of the jth adapter acquired in the step (11), if so, acquiring the index of the adapter, entering the step (13), otherwise, setting j to j +1, and returning to the step (10);

(13) acquiring port information depended by the jth adapter according to the index of the jth adapter acquired in the step (12), judging whether the port depended by the jth adapter is in a connection state, if so, popping up alarm information (specifically, closing a wireless network card on the client, prohibiting the client from performing information transmission through WiFi, and sending the alarm information to a user), and ending the process; otherwise, setting j to j +1, and returning to the step (10);

preferably, the method further comprises the following steps before step (1):

(A) detecting whether a process is closed from a device manager of the client, if so, turning to the step (B), otherwise, continuing the detection process of the step;

(B) acquiring a process identifier PID of a closed process;

(C) judging whether the PID of the closed process is the same as the PID of the preset protected program, if so, turning to the step (D), otherwise, returning to the step (A);

(D) and (B) acquiring a handle of the closed process, modifying the authority list corresponding to the process according to the handle, closing the process termination authority corresponding to the process, and then returning to the step (A).

Preferably, in step (11), the adapter information of the adapter includes name, detailed description, hardware address, adapter type, adapter index, and the like of the adapter; the adapter identifying interface is obtained by obtaining an adapter index.

Preferably, in step (12), if the detailed description in the adapter information of the adapter does not include the word "Virtual" and the adapter type is IEEE 802.11, it indicates that the adapter is a wireless lan card, otherwise, it indicates that the adapter is not a wireless lan card.

Preferably, in step (13), if the operation state of the port on which the jth adapter depends shows that the remote device is normally connected, it indicates that the adapter is in the connected state, otherwise, it indicates that the adapter is not in the connected state.

According to another aspect of the present invention, an industrial control network external device detection system based on API is provided, which is applied in a client communicatively connected to a server, and includes:

a first module, configured to set a detection counter check _ cnt to 1;

the second module is used for judging whether the check _ cnt is larger than the preset total detection number N or not, if so, the process is ended, and otherwise, the process is switched to the third module;

the third module is used for judging whether the check _ cnt is an odd number or an even number, if the check _ cnt is the odd number, the fourth module is switched to, and if the check _ cnt is the odd number, the ninth module is switched to;

a fourth module for setting a counter i equal to 1;

a fifth module, configured to determine whether the counter i is greater than the total number of bluetooth receivers on the client, if so, set a detection counter check _ cnt +1, and return to the second module, otherwise, enter the sixth module;

a sixth module, configured to determine whether a handle corresponding to a first bluetooth device connected to the ith bluetooth receiver can be obtained by calling a bluetooth api interface, if so, enter the seventh module, otherwise, set a counter i ═ i +1, and go to the fifth module;

a seventh module, configured to invoke a bluetooth interface to scan multiple remote bluetooth devices that can be scanned by an ith bluetooth receiver on a client, and determine whether there is at least one remote bluetooth device in a connection state with a bluetooth device connected to the ith bluetooth receiver, if so, the handle is in an illegal connection, and pop up alarm information, where the process is ended; otherwise, entering an eighth module;

an eighth module, configured to invoke a bluetooth interface to determine whether a handle corresponding to a next bluetooth device connected to the ith bluetooth receiver can be acquired, and if so, return to the seventh module, otherwise set i ═ i +1, and return to the fifth module;

a ninth module for setting a counter j equal to 1;

a tenth module, configured to determine whether the counter j is greater than the total number of adapters on the client, if yes, set a detection counter check _ cnt ═ check _ cnt +1, and return to the second module, otherwise, enter the eleventh module;

an eleventh module, configured to obtain adapter information of a jth adapter on a client by calling an iphlpapi interface;

a twelfth module, configured to determine, according to the adapter information of the jth adapter acquired by the eleventh module, whether the jth adapter is a wireless local area network card, if yes, acquire the index of the adapter, and enter the thirteenth module, otherwise, set j equal to j +1, and return to the tenth module;

a thirteenth module, configured to obtain, according to the index of the jth adapter obtained by the twelfth module, port information that the jth adapter depends on, and determine whether the port that the jth adapter depends on is in a connection state, if yes, pop up alarm information (specifically, close a wireless network card on the client, prohibit the client from performing information transfer through WiFi, and send the alarm information to the user), and the process is ended; otherwise, j is set to j +1, and the tenth module is returned.

In general, compared with the prior art, the above technical solutions conceived by the present invention can achieve the following beneficial effects:

1. the invention calls the self-contained application program interface of Windows to carry out external connection detection without connecting an external network, thereby solving the technical problem that the first method in the background technology still has information leakage risk because the external network still needs to be accessed;

2. the invention provides a software Agent installed on a client, which is used for carrying out external connection detection on the client, confirming whether the client is accessed to a WiFi network or connected with other Bluetooth equipment for communication, sending an alarm and disconnecting the illegal connection after finding that the client is in the illegal connection, and avoiding installing a monitoring alarm center in an intranet, thereby solving the technical problems of complicated development and inconvenient deployment of a C/S mode in the background technology;

3. according to the invention, since the external connection detection is directly carried out in the application layer of the client, and meanwhile, the detection is prohibited from being forcibly closed from the outside in the detection process, the technical problems that the C/S mode in the background technology cannot realize accurate intrusion detection and blocking and the double-machine mode cannot detect if the client with the firewall is met can be solved;

4. the invention realizes the function of external connection detection by calling the self-contained application program interface of Windows, does not need to consider the source code of the bottom layer or understand the details of the internal working mechanism, realizes all operations in the application layer, and does not need to consider the network environment, thereby solving the technical problem that the deployment of a monitoring center is more complicated when a dual-machine mode in the background technology is applied to some complicated internal networks.

Drawings

FIG. 1 is a flowchart of the API-based industrial control network external device detection method.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.

It should be noted that in the description of the embodiments of the present invention, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element. The terms "upper", "lower", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. The specific meanings of the above terms in the present invention can be understood according to specific situations by those of ordinary skill in the art.

In addition, the technical solutions in the embodiments of the present invention may be combined with each other, but it must be based on the realization of those skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination of technical solutions should not be considered to exist, and is not within the protection scope of the present invention.

The basic idea of the present invention is to provide a method for detecting an industrial control network external device based on an Application Programming interface (API for short). The method comprises the steps of obtaining Bluetooth communication equipment information in a client by calling a bluetooth interface, obtaining relevant parameters of a client network by calling an iphlpapi interface, and judging whether the client is in connection communication with an illegal external connection; a new program protection mechanism is designed, namely after the scanning program is detected to be closed from the process manager, the process termination authority of the program is modified, the program is prevented from being closed from the outside, and continuous scanning of the client side is guaranteed. Its aim at, through the continuous scanning to client network card and bluetooth, solve the information security problem that exists among the industrial control safety.

The invention is arranged on a client which needs to detect illegal external connection (WiFi and Bluetooth), continuously scans the client to obtain the external connection information of the client, and provides an alarm if the illegal external connection occurs, and simultaneously has the functions of starting up immediately and preventing killing.

As shown in fig. 1, the present invention provides a method for detecting an industrial control network external device based on an Application Programming Interface (API), which is applied to a client communicatively connected to a server, and specifically includes the following steps:

(1) setting a detection counter check _ cnt to 1;

preferably, the method of the present invention may further comprise the following step before step (1):

(A) detecting whether a process is closed from a device manager of the client, if so, turning to the step (B), otherwise, continuing the detection process of the step until the program is exited, and ending the process;

(B) acquiring a Process Identifier (PID for short) of a closed Process;

(C) judging whether the PID of the closed process is the same as the PID of the preset protected program, if so, turning to the step (D), otherwise, returning to the step (A);

(D) and (B) acquiring a handle of the closed PROCESS, modifying the authority list corresponding to the PROCESS according to the handle, closing the PROCESS termination authority (PROCESS _ TERMINATE) corresponding to the PROCESS, and stopping the PROCESS at the moment, so that the PROCESS is protected, and then returning to the step (A).

(2) Judging whether the check _ cnt is larger than the preset total detection number N or not, if so, ending the process, otherwise, turning to the step (3);

specifically, the total number N of detections in this step is between 4000 and 6500, preferably 5760;

(3) judging whether the check _ cnt is an odd number or an even number, if so, turning to the step (4), otherwise, turning to the step (9);

(4) setting a counter i to 1;

(5) judging whether the counter i is larger than the total number of the Bluetooth receivers on the client side, if so, setting a detection counter check _ cnt to check _ cnt +1, returning to the step (2), and otherwise, entering the step (6);

(6) judging whether a handle corresponding to the first Bluetooth device connected with the ith Bluetooth receiver can be acquired by calling a bluetooth api interface, if so, entering the step (7), otherwise, setting a counter i to be i +1, and returning to the step (5);

(7) calling a bluetooth interface to scan a plurality of remote bluetooth devices which can be scanned by an ith bluetooth receiver on a client, judging whether at least one remote bluetooth device is in a connection state with the bluetooth device connected with the ith bluetooth receiver, if so, indicating that the handle is in illegal connection, popping alarm information (specifically, cutting off all bluetooth devices connected with the ith bluetooth receiver on the client, and sending the illegal bluetooth connection alarm information to a user), and ending the process; otherwise, entering the step (8);

(8) calling a bluetooth interface to judge whether a handle corresponding to the next bluetooth device connected with the ith bluetooth receiver can be acquired, if so, returning to the step (7), otherwise, setting i to i +1, and returning to the step (5);

the steps (4) to (8) have the advantages that the Bluetooth devices on the client are checked in sequence to determine whether the Bluetooth devices are in an illegal connection state, and the condition that the client information is leaked due to missed checking cannot occur.

(9) Setting a counter j equal to 1;

(10) judging whether the counter j is larger than the total number of adapters on the client side, if so, setting a detection counter check _ cnt to check _ cnt +1, returning to the step (2), and otherwise, entering the step (11);

(11) acquiring adapter information of a jth adapter on a client by calling an iphlpapi interface, and entering the step (12);

specifically, the adapter information of the adapter includes a name, a detailed description, a hardware address, an adapter type, an adapter index, and the like of the adapter; the adapter identifying interface is obtained by obtaining an adapter index.

(12) Judging whether the jth adapter is a wireless local area network card or not according to the adapter information of the jth adapter acquired in the step (11), if so, acquiring the index of the adapter, entering the step (13), otherwise, setting j to j +1, and returning to the step (10);

specifically, if the detailed description in the adapter information of the adapter does not include the word "Virtual" and the adapter type is IEEE 802.11, it indicates that the adapter is a wireless lan card, otherwise, it indicates that the adapter is not a wireless lan card.

(13) Acquiring port information depended by the jth adapter according to the index of the jth adapter acquired in the step (12), judging whether the port depended by the jth adapter is in a connection state, if so, popping up alarm information (specifically, closing a wireless network card on the client, prohibiting the client from performing information transmission through WiFi, and sending the alarm information to a user), and ending the process; otherwise, setting j to j +1, and returning to the step (10);

specifically, if the operation state of the port on which the jth adapter depends shows that the remote device is normally connected, it indicates that the adapter is in the connected state, otherwise, it indicates that the adapter is not in the connected state.

The advantage of steps (9) to (13) is that the information obtained from the client adapter can be screened, and by checking the port state on which the screened adapter depends, it can be determined whether the adapter is in an illegal connection state, and only the obtained information needs to be processed and screened, and a complex detection packet transmission process is not needed.

It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (6)

1. The industrial control network external equipment detection method based on the API is applied to a client side in communication connection with a server side, and is characterized by comprising the following steps of:

(1) setting a detection counter check _ cnt to 1;

(2) judging whether the check _ cnt is larger than the preset total detection number N or not, if so, ending the process, otherwise, turning to the step (3);

(3) judging whether the check _ cnt is an odd number or an even number, if so, turning to the step (4), otherwise, turning to the step (9);

(4) setting a counter i to be 1;

(5) judging whether the counter i is larger than the total number of the Bluetooth receivers on the client side, if so, setting a detection counter check _ cnt to check _ cnt +1, returning to the step (2), and otherwise, entering the step (6);

(6) judging whether a handle corresponding to the first Bluetooth device connected with the ith Bluetooth receiver can be acquired by calling a bluetooth api interface, if so, entering the step (7), otherwise, setting a counter i to be i +1, and returning to the step (5);

(7) calling a bluetooth interface to scan a plurality of remote bluetooth devices which can be scanned by an ith bluetooth receiver on a client, judging whether at least one remote bluetooth device is in a connection state with the bluetooth device connected with the ith bluetooth receiver, if so, indicating that the handle is in illegal connection, popping alarm information, and ending the process; otherwise, entering the step (8);

(8) calling a bluetooth interface to judge whether a handle corresponding to the next bluetooth device connected with the ith bluetooth receiver can be acquired, if so, returning to the step (7), otherwise, setting i to i +1, and returning to the step (5);

(9) setting a counter j equal to 1;

(10) judging whether the counter j is larger than the total number of adapters on the client side, if so, setting a detection counter check _ cnt to check _ cnt +1, returning to the step (2), and otherwise, entering the step (11);

(11) acquiring adapter information of a jth adapter on a client by calling an iphlpapi interface;

(12) judging whether the jth adapter is a wireless local area network card or not according to the adapter information of the jth adapter acquired in the step (11), if so, acquiring the index of the adapter, entering the step (13), otherwise, setting j to j +1, and returning to the step (10);

(13) acquiring port information depended by the jth adapter according to the index of the jth adapter acquired in the step (12), judging whether the port depended by the jth adapter is in a connection state, if so, popping up alarm information (specifically, closing a wireless network card on the client, prohibiting the client from performing information transmission through WiFi, and sending the alarm information to a user), and ending the process; otherwise, j is set to j +1, and the step (10) is returned.

2. The API-based industrial control network external device detection method according to claim 1, further comprising the following steps before the step (1):

(A) detecting whether a process is closed from a device manager of the client, if so, turning to the step (B), otherwise, continuing the detection process of the step;

(B) acquiring a process identifier PID of a closed process;

(C) judging whether the PID of the closed process is the same as the PID of the preset protected program, if so, turning to the step (D), otherwise, returning to the step (A);

(D) and (B) acquiring a handle of the closed process, modifying the authority list corresponding to the process according to the handle, closing the process termination authority corresponding to the process, and then returning to the step (A).

3. The API-based industrial control network external device detection method according to claim 1 or 2, wherein in the step (11), the adapter information of the adapter includes name, detailed description, hardware address, adapter type, adapter index and the like of the adapter; the adapter identifying interface is obtained by obtaining an adapter index.

4. The API-based industrial control network external device detection method according to any one of claims 1 to 3, wherein in the step (12), if the detailed description in the adapter information of the adapter does not include a "Virtual" word and the adapter type is IEEE 802.11, it indicates that the adapter is a wireless local area network card, otherwise, it indicates that the adapter is not a wireless local area network card.

5. The API-based industrial control network external device detection method according to claim 1, wherein in step (13), if the operation state of the port on which the jth adapter depends shows that the j-th adapter is normally connected to the remote device, it indicates that the j-th adapter is in the connected state, otherwise, it indicates that the j-th adapter is not in the connected state.

6. The utility model provides an industrial control network external equipment detecting system based on API, it is used in the customer end with server communication connection, its characterized in that, industrial control network external equipment detecting system includes:

a first module, configured to set a detection counter check _ cnt to 1;

the second module is used for judging whether the check _ cnt is larger than the preset total detection number N or not, if so, the process is ended, and otherwise, the process is switched to the third module;

the third module is used for judging whether the check _ cnt is an odd number or an even number, if the check _ cnt is the odd number, the fourth module is switched to, and if the check _ cnt is the odd number, the ninth module is switched to;

a fourth module for setting a counter i equal to 1;

a fifth module, configured to determine whether the counter i is greater than the total number of bluetooth receivers on the client, if so, set a detection counter check _ cnt +1, and return to the second module, otherwise, enter the sixth module;

a sixth module, configured to determine whether a handle corresponding to a first bluetooth device connected to the ith bluetooth receiver can be obtained by calling a bluetooth api interface, if so, enter the seventh module, otherwise, set a counter i ═ i +1, and go to the fifth module;

a seventh module, configured to invoke a bluetooth interface to scan multiple remote bluetooth devices that can be scanned by an ith bluetooth receiver on a client, and determine whether there is at least one remote bluetooth device in a connection state with a bluetooth device connected to the ith bluetooth receiver, if so, the handle is in an illegal connection, and pop up alarm information, where the process is ended; otherwise, entering an eighth module;

an eighth module, configured to invoke a bluetooth interface to determine whether a handle corresponding to a next bluetooth device connected to the ith bluetooth receiver can be acquired, and if so, return to the seventh module, otherwise set i ═ i +1, and return to the fifth module;

a ninth module for setting a counter j equal to 1;

a tenth module, configured to determine whether the counter j is greater than the total number of adapters on the client, if so, set the detection counter check _ cnt to check _ cnt +1, and return to the second module, otherwise, enter the eleventh module;

an eleventh module, configured to obtain adapter information of a jth adapter on a client by calling an iphlpapi interface;

a twelfth module, configured to determine, according to the adapter information of the jth adapter acquired by the eleventh module, whether the jth adapter is a wireless local area network card, if so, acquire the index of the adapter, enter the thirteenth module, otherwise, set j equal to j +1, and return to the tenth module;

a thirteenth module, configured to obtain, according to the index of the jth adapter obtained by the twelfth module, port information that the jth adapter depends on, and determine whether the port that the jth adapter depends on is in a connection state, if yes, pop up alarm information (specifically, close a wireless network card on the client, prohibit the client from performing information transfer through WiFi, and send the alarm information to the user), and the process is ended; otherwise, j is set to j +1, and the tenth module is returned.

Images