CN115484600A - Wireless access detection method, device, electronic equipment and storage medium - Google Patents

Abstract

The invention relates to the technical field of network security, in particular to a detection method, a device, electronic equipment and a storage medium for wireless access, wherein the method is applied to a foreground wireless access point which is correspondingly arranged with a target wireless access point, and comprises the following steps: receiving an access request sent by a sending end; analyzing the access request to determine an analysis result, wherein the analysis result comprises the current access step; matching the current access step with an access process template to determine a matching result, wherein the access process template is determined based on an authentication mode of a foreground wireless access point, and the access process template comprises an access step; and when the matching result is that the access is finished, forwarding the received data of the transmitting end to the target wireless access point for processing. The access process template is used for matching the current access step so as to segment the access process, and the connection process template is established, so that the difference between different authentication modes is eliminated, and the detection efficiency is improved.

Description

Wireless access detection method, device, electronic equipment and storage medium

technical field

The invention relates to the technical field of network security, in particular to a wireless access detection method, device, electronic equipment and storage medium.

Background technique

In recent years, the application of WLAN has become more and more extensive. It has the characteristics of high access rate and flexible networking, and has great advantages in transmitting mobile data. But in the process of this rapid development, the security problem of wireless local area network also appears more and more important. In theory, any computer within radio range could listen in and connect to the wireless network. Therefore, for enterprise users, if the security measures of their wireless local area network are not strict enough, it is entirely possible to be eavesdropped, hijacked or even obtained internal information. In order to prevent the WLAN from being maliciously accessed, its security is particularly important.

In the existing wireless access detection method, additional information is generally added to the data frame sent by the terminal connected to the wireless network, and the access detection is performed through the additional information. However, this method needs to modify the original data frame, and also needs to add additional information, which increases the transmission load of the network, which makes it difficult to detect wireless access in time when the network is congested.

Contents of the invention

In view of this, embodiments of the present invention provide a wireless access detection method, device, electronic equipment, and storage medium, so as to solve the problem of low efficiency of wireless access detection.

According to the first aspect, an embodiment of the present invention provides a wireless access detection method, which is applied to a foreground wireless access point, where the foreground wireless access point is set correspondingly to a target wireless access point, and the method includes:

Receive the access request sent by the sender;

Analyzing the access request to determine a parsing result, the parsing result including the current access step;

Matching the current access procedure with an access procedure template to determine a matching result, the access procedure template is determined based on the authentication mode of the foreground wireless access point, and the access procedure template includes an access procedure ;

When the matching result is that the access is completed, the received data of the sending end is forwarded to the target wireless access point for processing.

The wireless access detection method provided by the embodiment of the present invention performs malicious access detection by setting the foreground wireless access point corresponding to the target wireless access point. Only after the foreground wireless access point passes the detection will the data Forwarding to the target wireless access point for processing ensures the security of the target wireless access point. At the same time, in the foreground wireless access point detection process, the access process template is used to match the current access steps to divide the access process. The establishment of the connection process template eliminates the differences between different authentication methods and improves the detection process. The compatibility of the method, and the information used in the access detection is obtained from the access request, without adding additional information, without changing the original access request, reducing the amount of data processing, and improving the detection efficiency.

In some implementations, the parsing result includes the address of the sender, and matching the current access step with the access process template to determine the matching result includes:

Obtain access status data corresponding to the address of the sender, where the access status data includes access steps completed by the sender;

Matching the completed access steps with the access process template to determine the next access step of the last completed access step;

Matching the current access step with the determined next access step to determine the matching result.

The wireless access detection method provided by the implementation of the present invention uses the access state data to store the access steps of each sending end address, so that the last completed access step can be quickly determined during subsequent matching, and the detection efficiency is improved. .

In some implementation manners, the matching the current access step with the determined next access step, and determining the matching result includes:

When the current access step matches the determined next access step, send an access response to the sending end and update the access state data.

The wireless access detection method provided by the embodiment of the present invention sends an access response to the sender when a match is detected, so as to remind the sender to perform subsequent access steps.

In some implementation manners, the matching the current access step with the determined next access step, and determining the matching result includes:

When the current access step does not match the determined next access step, adding the sender address to a blacklist and ignoring the access request.

In the wireless access detection method provided by the embodiment of the present invention, when a mismatch is detected, the address of the sending end is added to the blacklist, and when the current wireless access point is processing high concurrent access requests, the address of the sending end in the blacklist will be The terminal is ignored, which improves the detection efficiency under high concurrent access requests.

In some embodiments, the parsing result further includes the address of the receiving end, and the matching of the completed access step with the access process template determines the next step of the last completed access step Before entering the steps of the procedure, include:

comparing the receiving end address with the receiving end address in the access state data;

When the address of the receiving end is consistent with the address of the receiving end in the access status data, matching the completed access steps with the access process template to determine the last completed access step Step of the next access step.

In the wireless access detection method provided by the embodiment of the present invention, before the matching of the access step, the address of the receiving end is used for matching, and only when the address of the receiving end is consistent can the matching of the access process template be performed, which reduces the The amount of matching data improves the detection efficiency.

In some implementation manners, the acquiring the access state data corresponding to the sender address includes:

Querying whether there is corresponding access state data by using the sender address;

When there is no corresponding access state data, establish the access state data corresponding to the sender address, and send a response frame to the sender to obtain the next access step;

When there is corresponding access state data, the access state data corresponding to the sender address is extracted.

In some implementation manners, the manner of determining the access process template includes:

Obtain the authentication mode of the foreground wireless access point;

Based on the flow of the authentication mode, the access process template is established in the form of a key-value pair.

The wireless access detection method provided by the embodiment of the present invention uses a key-value pair to establish an access process template, which has a fast search speed and improves detection efficiency. At the same time, the access process template is established by using the authentication method, so that the access process template is consistent with the authentication method, and the unification of the detection methods under different authentication methods can be realized; the access detection can be realized by multiplexing the data in the access request, and no additional Increase the load on the communication link.

According to the second aspect, an embodiment of the present invention provides a wireless access detection device, which is applied to a foreground wireless access point, where the foreground wireless access point is set corresponding to a target wireless access point, and the device includes:

The receiving module is used to receive the access request sent by the sending end;

An analysis module, configured to analyze the access request to determine an analysis result, the analysis result including the current access step;

A matching module, configured to match the current access step with an access process template to determine a matching result, the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process The template includes access steps;

A forwarding module, configured to forward the received data of the sending end to the target wireless access point for processing when the matching result is that the access is completed.

According to a third aspect, an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor are connected to each other in communication, the memory stores computer instructions, and the processor By executing the computer instructions, the wireless access detection method described in the first aspect or any implementation manner of the first aspect is executed.

According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores computer instructions, and the computer instructions are used to enable the computer to execute any of the first aspect or the first aspect. A method for detecting wireless access described in an implementation manner.

It should be noted that for the corresponding beneficial effects of the wireless access detection device, electronic equipment, and computer-readable storage medium provided by the embodiments of the present invention, please refer to the description of the corresponding beneficial effects of the wireless access detection method above, and here No longer.

Description of drawings

In order to more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the following will briefly introduce the accompanying drawings that need to be used in the description of the specific embodiments or prior art. Obviously, the accompanying drawings in the following description The drawings show some implementations of the present invention, and those skilled in the art can also obtain other drawings based on these drawings without creative work.

FIG. 1 is a scene diagram of wireless access detection according to an embodiment of the present invention;

FIG. 2 is a flowchart of a method for detecting wireless access according to an embodiment of the present invention;

FIG. 3 is a flow chart of a method for detecting wireless access according to an embodiment of the present invention;

FIG. 4 is a structural block diagram of a device for detecting wireless access according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a hardware structure of an electronic device provided by an embodiment of the present invention.

detailed description

In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without making creative efforts belong to the protection scope of the present invention.

The current threats to wireless LANs mainly include passive eavesdropping and network traffic analysis, active eavesdropping and message injection, message deletion and interception, fake and malicious APs, session hijacking, man-in-the-middle attacks, and Denial of Service (DoS) attacks. kind. Implementing the AES CCMP encryption mechanism specified in 802.11 in the network can solve passive eavesdropping and network traffic analysis, active eavesdropping and message injection, message deletion and interception; the RSN solution proposed in 802.11 can eliminate fake and malicious APs and session hijacking and man-in-the-middle attacks. For DoS attacks, the current security protocols cannot provide a good solution, and due to some characteristics of wireless local area networks, it will not only suffer DoS attacks in conventional wired networks, but also suffer from some specific DoS attacks in wireless local area networks. .

The most common type of DOS attack is the correlation flood attack. The most prominent feature of this type of attack is that it performs high concurrent operations during the access phase of the wireless LAN, which makes the wireless LAN access point (AP) overload and eventually leads to denial of service. Correlation flood attack, the full name is correlation flood (flooding) attack, usually referred to as Asso attack, is a form of wireless network denial of service attack. It attempts to flood the AP's client association table with a large number of impersonated and fake wireless client associations. At the 802.11 layer, shared decryption authentication is flawed and difficult to reuse. The only other alternative is open authentication (null authentication), which relies on higher-level authentication such as 802.1x or VPN. Open authentication allows any client to authenticate and then associate. An attacker exploiting this vulnerability could impersonate many clients by creating multiple reaching connected or associated clients, thereby flooding the target AP's client association table. Once the client association table is overflowed, legitimate clients can no longer associate, and the denial of service attack is complete.

At present, there are some methods for security detection in the access phase of the wireless local area network. For example, when the terminal (STA) connected to the wireless access point sends a request for authentication to the AP, it will obtain the parameters for constructing the puzzle. In this stage, the STA needs to carry the puzzle answer, and the AP verifies the puzzle answer carried in the request and decides whether to access the STA, thereby realizing the check of the legitimacy of the STA access and avoiding the malicious access of the STA. Or, by adding a label and key management center (KDC) in the connection model to realize bidirectional verification of information between STA and AP, to constrain the behavior of STA in the access process and avoid malicious attacks on AP.

However, the above methods all need to add additional information in the data frame of the STA, and require the STA to perform calculations, which increases the calculation load of the STA and the transmission load of the network, which has certain disadvantages in the case of network congestion.

Based on this, the embodiment of the present invention provides a wireless access detection method. The detection method is to analyze the access request through the foreground wireless access point. , the data of the sender will be forwarded to the target wireless access point. Wherein, the foreground wireless access point is set correspondingly to the target wireless access point.

For example, Fig. 1 shows an optional application scenario of wireless access detection. The target AP is a real wireless access point, and the foreground AP is set correspondingly to the target AP. In a wireless network, all access requests of STAs are analyzed and processed by the foreground AP. After the foreground AP passes the detection of the STA, the foreground AP will forward the data of the STA to the target AP. Among them, the foreground AP analyzes the access request by using the access process template corresponding to the access and authentication mode, and only when the access request matches the access process template, will it determine that the sender that issued the access request accesses Test passed. The access process template is used to represent several steps of access authentication. For example, the authentication steps corresponding to authentication method A are a-b-c-d in sequence. Then, after receiving the access request, the current access in the access request In the step of entering, match the access process template to determine whether the match can be made, so as to determine whether the STA sending the access request is a legal STA or a malicious STA.

The specific processing procedure of the wireless access detection method will be described in detail below.

According to an embodiment of the present invention, an embodiment of a wireless access detection method is provided. It should be noted that the steps shown in the flowcharts of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and , although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

In this embodiment, a method for detecting wireless access is provided, which is used in the above-mentioned foreground AP. FIG. 2 is a flowchart of a method for detecting wireless access according to an embodiment of the present invention. As shown in FIG. 2 , the The process includes the following steps:

S11. Receive the access request sent by the sender.

When the sender (STA) accesses the wireless access point (target AP), it needs to send an access request to the foreground AP first. Since the foreground AP corresponds to the target AP, the foreground AP can receive the access request sent by the sender. input request. For different access authentication methods, if you need to complete a complete wireless access, you need to go through multiple interactions. In each interaction, the sender sends a corresponding data frame to the foreground AP to indicate which access is currently in progress. step.

S12, analyzing the access request to determine the analysis result.

Wherein, the parsing result includes the current access step.

The foreground AP parses the received access request, for example, the foreground AP parses the corresponding field of the access request to determine the current access procedure.

S13. Match the current access step with the access process template to determine a matching result.

Wherein, the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template includes an access step.

As mentioned above, the access process template corresponds to the authentication mode of the foreground AP, and represents several steps required for wireless access. That is, the access process is divided to obtain corresponding access steps, which are stored according to the logic between the access steps to obtain an access process template.

When the foreground AP obtains the current access step, it matches the current access step with the access process template to determine whether there is a current access step in the access process template, or, according to the order of the access steps, whether the current Should execute up to the current access step, and so on. If the current access step cannot match the access process template, it can be confirmed that the sending end is a malicious STA; if the current access step can match the access process template, it can be confirmed whether the current access step is the last one in the access process Step, if it is the last step, it means that the access process is completed; if it is not the last step, send an access response to the sender to obtain the next access step.

This step will be described in detail below.

S14. When the matching result is that the access is completed, forward the received data of the sending end to the target wireless access point for processing.

As mentioned above, if the current access step is a subsequent step of the access process and can match the access process template, it means that the access is completed. The foreground AP forwards the received data from the sender to the target AP for processing. Specifically, when the STA and the AP perform data interaction, the foreground AP will check the corresponding access status according to the MAC address of the STA. Only when the STA is in the access completion state, the data packet of the STA will be forwarded by the foreground AP to the target AP. If the STA's access status does not belong to connection complete, or the data structure does not exist, then the data will be ignored.

The wireless access detection method provided in this embodiment is to perform malicious access detection by setting the foreground wireless access point corresponding to the target wireless access point, and the data will be forwarded only after the foreground wireless access point passes the detection. The target wireless access point is processed to ensure the security of the target wireless access point. At the same time, in the foreground wireless access point detection process, the access process template is used to match the current access steps to divide the access process. The establishment of the connection process template eliminates the differences between different authentication methods and improves the detection process. The compatibility of the method, and the information used in the access detection is obtained from the access request, without adding additional information, without changing the original access request, reducing the amount of data processing, and improving the detection efficiency.

In this embodiment, a method for detecting wireless access is provided, which is used in the above-mentioned foreground AP. FIG. 3 is a flowchart of a method for detecting wireless access according to an embodiment of the present invention. As shown in FIG. 3 , the The process includes the following steps:

S21. Receive the access request sent by the sender.

For details, refer to S11 in the embodiment shown in FIG. 2 , and details are not repeated here.

S22. Analyze the access request to determine the analysis result.

Wherein, the parsing result includes the current access procedure and the sender address.

For details, refer to S12 in the embodiment shown in FIG. 2 , and details are not repeated here.

S23. Match the current access step with the access process template to determine the matching result.

Wherein, the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process template includes an access step.

Specifically, the above S23 includes:

S231. Obtain access state data corresponding to the sender address.

Wherein, the access state data includes the access steps completed by the sending end.

A plurality of access state data are stored in the foreground AP, and the access state data corresponds to the sender address. Therefore, the foreground AP can query the corresponding access state data from multiple access state data by using the sender address.

The access status data is used to indicate the access steps that the sender has completed. For example, the data structure of the STA access status data stored in the foreground AP is:

{STA's MAC address: [AP's MAC address, completed steps]}

The data structure is a dictionary data type. The key of the dictionary is the MAC address of the STA, and the value is a list. The first element of the list is the MAC address of the AP, and the second element of the list is a linked list, which records the STA. Steps that have been completed during the onboarding process. Among them, the MAC address of the STA comes from the access request. If the access request is in the form of an 802.11 frame, then Address2 in the 802.11 frame represents the MAC address of the STA, and Address1 in the 802.11 frame represents the MAC address of the AP. address.

In some implementations, the above S231 includes:

(1) Use the sender address to query whether there is corresponding access state data.

(2) When there is no corresponding access state data, establish the access state data corresponding to the sender's address, and send a response frame to the sender to obtain the next access step.

(3) When there is corresponding access state data, extract the access state data corresponding to the sender address.

After the foreground AP obtains the access request, it uses the address of the sender in the analysis result of the access request to query the access status data to determine whether the access request is a new access request. If the access request is a new access request, the foreground AP needs to establish the access status data structure of the STA in the memory, and then send a response frame to the STA; The MAC address of the STA is used to obtain the access state data of the STA.

S232. Match the completed access steps with the access process template, and determine the next access step of the last completed access step.

As mentioned above, the access process template represents the steps of the access process, and the access state data represents the completed access steps. Based on this, the foreground AP matches the best completed access step in the access state data with the access process template, and determines the next access step of the last completed access step.

S233. Match the current access step with the determined next access step, and determine the matching result.

Wherein, the next access step of the last completed access step obtained in S232 is determined from the access process template. The foreground AP matches the current access step with the determined next access step, determines whether the two can match, and obtains a corresponding matching result.

When the current access step matches the determined next access step, an access response is sent to the sender and the access state data is updated. When the current access step does not match the determined next access step, add the sending end address to the blacklist and ignore the access request.

Specifically, according to the access process template, it is judged whether the current access step is the next step after the last step of the access step, and if it matches the template, a response is given, and if it does not match, it is discarded. For STAs that do not conform to the access process template, the foreground AP will record the MAC address of the STA and establish a blacklist mechanism. When the foreground AP processes high concurrent access requests, it will ignore the STAs in the blacklist.

When a match is detected, an access response is sent to the sender to remind the sender to perform subsequent access steps. When a mismatch is detected, the address of the sender will be added to the blacklist. When the current wireless access point is processing high concurrent access requests, it will ignore the sender in the blacklist, which improves the efficiency under high concurrent access requests. detection efficiency.

In some implementations, the analysis result also includes the address of the receiving end. Based on this, the above S232 also includes:

(1) Compare the receiving end address with the receiving end address in the access state data.

(2) When the receiving end address is consistent with the receiving end address in the access state data, perform matching of the completed access steps with the access process template to determine the next step of the last completed access step Steps to access steps.

For the request in the access process, the foreground AP needs to obtain the access status data of the STA according to the MAC address of the STA. First judge whether the address of the receiving end in the access request is equal to the first value in the list in the access state data, if not, discard it directly, and only execute the completed access steps and the access process if they are equal Templates are matched to determine the step of the next access step to the last completed access step.

Before the matching of the access step, the address of the receiving end is used for matching. Only when the address of the receiving end is consistent can the matching of the access process template be performed, which reduces the amount of matching data and improves the detection efficiency.

S24. When the matching result is that the access is completed, forward the received data of the sending end to the target wireless access point for processing.

For details, refer to S14 in the embodiment shown in FIG. 2 , and details are not repeated here.

The wireless access detection method provided in this embodiment uses the access state data to store the access steps of each sender address, so that the last completed access step can be quickly determined during subsequent matching, and the detection efficiency is improved. .

In some implementation manners, the manner of determining the access process template includes:

(1) Obtain the authentication mode of the foreground wireless access point.

(2) Based on the flow of the authentication method, the access process template is established by means of key-value pairs.

Before wireless access detection, it is necessary to build a foreground AP for the target AP to receive access requests and hide the target AP. For the existing target AP, the foreground AP needs to have the same name, authentication method and password as the target AP, so that the STA connected to this AP can realize a senseless handover. For the newly created target AP, the foreground AP can choose a new name, authentication method and password. After the STA passes the authentication of the foreground AP, the foreground AP can completely forward the request to the target AP.

Establish an access process template according to the authentication mode of the front-end AP, including but not limited to authentication, association, four-way handshake and other processes. The format of the template is a dictionary type, as follows:

{Completed step: next step}

Among them, the key of the dictionary is the completed step. When the STA accesses, the foreground AP can quickly determine whether the current step of the STA is the next step of the previous step when the STA accesses, and when receiving a disassociation or deauthentication request , whether the current STA has completed the access procedure.

The access process template is established in the form of key-value pairs, which has a fast search speed and improves detection efficiency. At the same time, the access process template is established by using the authentication method, so that the access process template is consistent with the authentication method, and the unification of the detection methods under different authentication methods can be realized; the access detection can be realized by multiplexing the data in the access request, and no additional Increase the load on the communication link.

As a specific application example of this embodiment, the wireless access detection method includes:

Step 1: Build a foreground AP for the target AP to receive access requests and hide the target AP. The establishment mode is shown in Figure 1. In Figure 1, the specific roles include target AP, foreground AP, legal STA and malicious STA. The target AP only interacts with the foreground AP, and the target AP is invisible in the public network. The external STA can detect the foreground AP, and the WLAN connection template and data structure processing are performed on the foreground AP.

Step 2: Establish an access process template according to the authentication method of the foreground AP, including but not limited to authentication, association, four-way handshake and other processes. In this embodiment, the target AP adopts the WEP authentication mode, and the access process template of the foreground AP in this embodiment is obtained as follows:

{empty: not authenticated not associated}

{not authenticated not associated: authenticated not associated}

{Authentication Not Associated: Authentication Associated}

{Authenticated Associated: Data Exchange}

Step 3: According to the established access process template, design the data structure of the STA access status data stored in the foreground AP as follows:

{STA's MAC address: [AP's MAC address, completed steps]}

The structure is a dictionary data type. The key of the dictionary is the MAC address of the STA, and the value is a list. The first element of the list is the MAC address of the AP, and the second element of the list is a linked list, which records the STA's Steps already completed in the onboarding process. The STA's MAC address comes from Address2 in the 802.11 frame, and the AP's MAC address comes from Address1 in the 802.11 frame.

Step 4: Process the STA access request frame received by the foreground AP. In this embodiment, it is assumed that the MAC address of the AP is: 00-01-6C-06-A6-29, and the MAC address of the STA is: 00-01-6C-06-A6-28. When the STA requests a new access, the corresponding data structure cannot be found in the memory according to the MAC address of the STA. At this time, the previous state is defined as "empty", and the corresponding data structure is established in the memory of the foreground AP:

{00-01-6C-06-A6-28:[00-01-6C-06-A6-29, empty]}

At this time, the matching is performed according to the template. Since the AP received the authentication request frame, the current status is "unauthenticated and unassociated", which can be found according to the MAC address of the STA. The previous status is "empty", and the template is matched. The next state is "unauthenticated and unassociated", so it is a legal state. If the authentication is passed, an authentication response will be sent to the STA, and the data structure will be modified as follows:

{00-01-6C-06-A6-28:[00-01-6C-06-A6-29, empty -> unauthenticated and unassociated]}

If the authentication fails, the corresponding authentication failure response is sent, but the access state data is not modified.

Malicious requests can also be well matched according to the template rules. For STAs that do not conform to the access process template, the foreground AP will record the MAC address and establish a blacklist mechanism. When the foreground AP is processing high concurrent access requests , STAs in the blacklist will be ignored.

For the STA that completes the access request, the foreground will forward its data to the target AP for data interaction.

Step 5: When the STA and the AP perform data interaction, the foreground AP will check the corresponding status according to the STA's MAC. Only when the STA is in the access completion state, the STA's data packets will be forwarded by the foreground AP to the target AP. In this embodiment, only the structure of the access state data is in the form:

{00-01-6C-06-A6-28:[00-01-6C-06-A6-29, empty -> unauthenticated and unassociated -> authenticated and unassociated -> authenticated and associated -> data exchange]} , the STA is allowed to exchange data with the target AP. If the access status of the STA does not belong to connection completion, or there is no access status data corresponding to the STA, then the data will be ignored.

The method cuts the access process of the wireless local area network, establishes a connection process template, eliminates the difference between different authentication methods, and improves the compatibility of the detection method. Adding the foreground AP to the target AP further improves the security of the WLAN and protects the real network to a certain extent. At the same time, the data in the 802.11 frame is multiplexed, which reduces the network load, makes the usability of the method better, and avoids increasing the communication delay when the network load is high. The method is applicable to the detection of malicious access in the wireless local area network, and the detection method not only realizes the unification of the detection methods under different authentication methods, but also does not increase the load of the communication link additionally.

In this embodiment, a device for detecting wireless access is also provided, and the device is used to implement the above embodiments and preferred implementation modes, and what has been explained will not be repeated. As used below, the term "module" may be a combination of software and/or hardware that realizes a predetermined function. Although the devices described in the following embodiments are preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.

This embodiment provides a wireless access detection device, which is applied to a foreground wireless access point, and the foreground wireless access point is set correspondingly to the target wireless access point, as shown in FIG. 4 , the device includes:

The receiving module 31 is configured to receive the access request sent by the sending end;

An analysis module 32, configured to analyze the access request to determine an analysis result, the analysis result including the current access step;

A matching module 33, configured to match the current access step with an access process template to determine a matching result, the access process template is determined based on the authentication mode of the foreground wireless access point, the access Process templates include access steps;

The forwarding module 34 is configured to forward the received data of the sending end to the target wireless access point for processing when the matching result is that the access is completed.

In some implementations, the parsing result includes the address of the sender, and the matching module 33 includes:

An acquisition unit, configured to acquire access status data corresponding to the address of the sender, where the access status data includes access steps completed by the sender;

a first matching unit, configured to match the completed access steps with the access process template, and determine the next access step of the last completed access step;

The second matching unit is configured to match the current access step with the determined next access step, and determine the matching result.

In some embodiments, the first matching unit includes:

The first matching subunit is configured to send an access response to the sending end and update the access state data when the current access step matches the determined next access step.

In some embodiments, the first matching unit includes:

The second matching subunit is configured to add the sender address to a blacklist and ignore the access request when the current access step does not match the determined next access step.

In some implementations, the parsing result also includes the receiver address, and the matching module 33 includes:

a comparison unit, configured to compare the address of the receiving end with the address of the receiving end in the access status data;

An executing unit, configured to match the completed access steps with the access process template when the address of the receiving end is consistent with the address of the receiving end in the access state data, and determine the last completed access procedure template The step of the next access step for the completed access step.

In some embodiments, the acquisition unit includes:

a query subunit, configured to use the sender address to query whether there is corresponding access state data;

The establishment subunit is used to establish the access state data corresponding to the address of the sending end when there is no corresponding access state data, and send a response frame to the sending end to obtain the next access step;

The extracting subunit is configured to extract the access state data corresponding to the sender address when there is corresponding access state data.

In some implementation manners, the manner of determining the access process template includes:

Obtain the authentication mode of the foreground wireless access point;

Based on the flow of the authentication mode, the access process template is established in the form of a key-value pair.

The device for detecting wireless access in this embodiment is presented in the form of a functional unit, where a unit refers to an ASIC circuit, a processor and a memory that execute one or more software or fixed programs, and/or other devices that can provide the above-mentioned functional devices.

Further functional descriptions of the above-mentioned modules are the same as those in the above-mentioned corresponding embodiments, and will not be repeated here.

An embodiment of the present invention also provides an electronic device, which has the apparatus for detecting wireless access shown in FIG. 4 above.

Please refer to FIG. 5. FIG. 5 is a schematic structural diagram of an electronic device provided in an optional embodiment of the present invention. As shown in FIG. 5, the electronic device may include: at least one processor 41, such as a CPU (Central Processing Unit, central processor), at least one communication interface 43, memory 44, and at least one communication bus 42. Among them, the communication bus 42 is used to realize connection and communication between these components. Wherein, the communication interface 43 may include a display screen (Display) and a keyboard (Keyboard), and the optional communication interface 43 may also include a standard wired interface and a wireless interface. The memory 44 may be a high-speed RAM memory (Random Access Memory, volatile random access memory), or a non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 44 may also be at least one storage device located away from the aforementioned processor 41 . Wherein the processor 41 can be combined with the device described in FIG. 4 , the memory 44 stores an application program, and the processor 41 invokes the program code stored in the memory 44 to execute any of the above method steps.

Wherein, the communication bus 42 may be a peripheral component interconnect standard (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The communication bus 42 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is used in FIG. 5 , but it does not mean that there is only one bus or one type of bus.

Wherein, the memory 44 may include a volatile memory (English: volatile memory), such as a random-access memory (English: random-access memory, abbreviated as RAM); the memory may also include a non-volatile memory (English: non-volatile memory), such as flash memory (English: flash memory), hard disk (English: hard diskdrive, abbreviated: HDD) or solid-state hard disk (English: solid-state drive, abbreviated: SSD); memory 44 can also include the above-mentioned types of memory The combination.

Wherein, the processor 41 may be a central processing unit (English: central processing unit, abbreviated: CPU), a network processor (English: network processor, abbreviated: NP) or a combination of CPU and NP.

Wherein, the processor 41 may further include a hardware chip. The aforementioned hardware chip may be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof. The above-mentioned PLD can be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), field-programmable logic gate array (English: field-programmable gate array, abbreviation: FPGA), general array logic (English: generic array logic , Abbreviation: GAL) or any combination thereof.

Optionally, memory 44 is also used to store program instructions. The processor 41 may invoke program instructions to implement the wireless access detection method shown in any embodiment of the present application.

An embodiment of the present invention also provides a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions can execute the wireless access detection method in any of the foregoing method embodiments. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard Disk) DiskDrive, abbreviation: HDD) or solid-state disk (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memory.

Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art can make various modifications and variations without departing from the spirit and scope of the present invention. within the bounds of the requirements.

Claims (10)

1. A detection method for wireless access, characterized in that it is applied to a wireless access point in the foreground, and the wireless access point in the foreground is correspondingly set with the target wireless access point, and the method includes: Receive the access request sent by the sender; Analyzing the access request to determine a parsing result, the parsing result including the current access step; Matching the current access procedure with an access procedure template to determine a matching result, the access procedure template is determined based on the authentication mode of the foreground wireless access point, and the access procedure template includes an access procedure ; When the matching result is that the access is completed, the received data of the sending end is forwarded to the target wireless access point for processing. 2. The method according to claim 1, wherein the parsing result includes the address of the sender, and matching the current access step with the access process template to determine the matching result comprises: Obtain access status data corresponding to the address of the sender, where the access status data includes access steps completed by the sender; Matching the completed access steps with the access process template to determine the next access step of the last completed access step; Matching the current access step with the determined next access step to determine the matching result. 3. The method according to claim 2, wherein the matching the current access step with the determined next access step and determining the matching result comprises: When the current access step matches the determined next access step, send an access response to the sending end and update the access state data. 4. The method according to claim 2, wherein the matching the current access step with the determined next access step to determine the matching result comprises: When the current access step does not match the determined next access step, adding the sender address to a blacklist and ignoring the access request. 5. The method according to claim 2, wherein the parsing result further includes the address of the receiving end, and the matching of the completed access steps with the access process template determines the last completed access procedure template. Complete the access step prior to the next access step step, including: comparing the receiving end address with the receiving end address in the access state data; When the address of the receiving end is consistent with the address of the receiving end in the access status data, matching the completed access steps with the access process template to determine the last completed access step Step of the next access step. 6. The method according to claim 2, wherein said obtaining the access status data corresponding to the sender address comprises: Querying whether there is corresponding access state data by using the sender address; When there is no corresponding access state data, establish the access state data corresponding to the sender address, and send a response frame to the sender to obtain the next access step; When there is corresponding access state data, the access state data corresponding to the sender address is extracted. 7. The method according to claim 1, wherein the method for determining the access process template comprises: Obtain the authentication mode of the foreground wireless access point; Based on the flow of the authentication mode, the access process template is established in the form of a key-value pair. 8. A detection device for wireless access, characterized in that it is applied to a wireless access point in the foreground, the wireless access point in the foreground is set correspondingly to the target wireless access point, and the device includes: The receiving module is used to receive the access request sent by the sending end; An analysis module, configured to analyze the access request to determine an analysis result, the analysis result including the current access step; A matching module, configured to match the current access step with an access process template to determine a matching result, the access process template is determined based on the authentication mode of the foreground wireless access point, and the access process The template includes access steps; A forwarding module, configured to forward the received data of the sending end to the target wireless access point for processing when the matching result is that the access is completed. 9. An electronic device, characterized in that it comprises: A memory and a processor, the memory and the processor are connected in communication with each other, computer instructions are stored in the memory, and the processor performs any one of claims 1-7 by executing the computer instructions The wireless access detection method. 10. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, and the computer instructions are used to make a computer perform the wireless access according to any one of claims 1-7 detection method.

Images