CN107579876A - A kind of automatic detection analysis method and device of assets increment - Google Patents
A kind of automatic detection analysis method and device of assets increment Download PDFInfo
- Publication number
- CN107579876A CN107579876A CN201710833654.6A CN201710833654A CN107579876A CN 107579876 A CN107579876 A CN 107579876A CN 201710833654 A CN201710833654 A CN 201710833654A CN 107579876 A CN107579876 A CN 107579876A
- Authority
- CN
- China
- Prior art keywords
- assets
- network
- detected
- data
- net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of automatic detection analysis method and device of assets increment, specifically, by using the relevant configuration information table stored in the interchanger for gathering the network to be detected, the data on flows of the analysis network to be detected and the mode that remote I P scans three kinds of exploration policies and be combined is carried out to the network to be detected, obtain automatically in network to be detected in net assets.Finally, being contrasted acquisition in net assets with the assets of management synchronously obtained, obtains the assets of each assets in network to be detected in net state.Automation detection mode provided by the invention, with it is existing based on the artificial mode for carrying out asset data maintenance compared with, Asset State that can quickly in tracking network increases substantially asset management efficiency;In addition, above-mentioned three kinds of detection modes can be complementary to one another, so can be more fully in detection network assets, improve assets and find accuracy.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of automatic detection analysis method of assets increment and dress
Put.
Background technology
With the rapid development of internet, enterprise persistently increases the input to Information System configuration, makes enterprise's IT networks
Explosive growth is presented in scale.While IT amount of assets increases sharply, field network environment also complicates all the more.In face of increasingly
Complicated enterprise assets security management and control situation, for enterprise, the Assets Management of equipment is also more and more important.
Currently for IT asset managements, corporate boss will rely on manual type or real by asset management system's two ways
Existing asset concentration management.Wherein, manual type is to comb enterprise assets list by manual type, manages enterprise assets
Newly-increased, change, offline situation, and the Back ground Information of all kinds of assets.The asset management system refers to establish in information technology base
On plinth, with the management thought of systematization, the management platform that decision-making runs means is provided for business decision layer and employee.Utilizing money
When producing management system to EAM, asset manager logs in the asset management system according to the assets information of acquisition, manually
Asset data maintenance, each life cycle state of management assets and assets various information are carried out, realizes and manages asset management from artificial
Reason is transitioned into electronic management.
But the above-mentioned asset management system still carries out asset data maintenance based on artificial, it is too late to there is assets information renewal
When, can not accurately grasp assets actual conditions, whether the core situation such as idle.Therefore, the existing asset management system is still difficult to
The problems such as being timely and effectively tracked with verification of assets present situation, perception abnormal assets, cause the true feelings of assets access network
Condition is difficult to management and control, under EAM effect is also relatively low, great IT assets securities management and control risk be present.
The content of the invention
The invention provides a kind of automatic detection analysis method and device of assets increment, timely and effectively to track and check
Asset State in objective network.
First aspect according to embodiments of the present invention, there is provided a kind of automatic detection analysis method of assets increment, the side
Method includes:
Obtain the management assets in network to be detected;
Utilize relevant configuration information table, the analysis survey grid to be checked stored in the interchanger for gathering the network to be detected
The data on flows of network and the detection mode that remote I P scannings are carried out to the network to be detected, obtain the network to be detected
In in net assets;
By being analyzed in net assets with having managed assets for the network to be detected, the network to be detected is formed
Comprising unknown assets and managed the Asset Lists of assets.
Alternatively, using stored in the interchanger for gathering the network to be detected relevant configuration information table, analysis described in
The data on flows of network to be detected and the detection mode that remote I P scannings are carried out to the network to be detected, treat described in acquisition
Detect network in net assets, including:
Respectively according to managed in the network to be detected the initial wealth data of assets, the network to be detected flow
Monitoring system interface data, judge whether to log in the interchanger in the network to be detected and whether can obtain institute
State the data on flows of network to be detected;
If the interchanger in the network to be detected can be logged in and the flow of the network to be detected can be obtained
Data, then it is simultaneously described to be checked using the relevant configuration information table, analysis that are stored in the interchanger for gathering the network to be detected
The data on flows of survey grid network and three kinds of detection modes that remote I P scannings are carried out to the network to be detected, treat described in acquisition
Detect network in net assets;
If the interchanger in the network to be detected can be logged in, but the flow of the network to be detected cannot be obtained
Data, then using the relevant configuration information table stored in the interchanger for gathering the network to be detected and to the survey grid to be checked
Network carries out two kinds of detection modes of remote I P scannings, obtain in the network to be detected in net assets;
If the data on flows of the network to be detected can be obtained but the friendship in the network to be detected cannot be logged in
Change planes, then carry out the two of remote I P scannings using the data on flows for analyzing the network to be detected and to the network to be detected
Kind of detection mode, obtain in the network to be detected in net assets.
Alternatively, methods described also includes:
Gather the asset data of each assets in the Asset List;
The asset data of each Asset List is carried out to score with the corresponding initial wealth data for having managed assets
Analysis, obtains the asset data result of detection of each assets of the network to be detected.
Alternatively, the newest asset data of each assets in the Asset List is gathered, including:
The assets log-on message of each assets in the Asset List, log in each assets and deposited with gathering inside it
The asset data of storage.
And/or
By web scan modes, the finger print information of each assets in the Asset List is obtained.
Alternatively, the mode of the relevant configuration information table stored using the interchanger gathered in the network to be detected,
Obtain in the network to be detected in net assets, including:
The initial wealth data for having managed assets in the network to be detected, judge whether that described treat can be logged in
Detect the interchanger in network;
If the interchanger in the network to be detected can be logged in, the phase stored in the interchanger is logged in and gathered
Configuration information table is closed, wherein, the relevant configuration information table includes one in APR tables, MAC table, routing table and interface message table
Kind is a variety of;
Extracted from the relevant configuration information table in the network to be detected and be initially at net assets;
The assets of network connection cannot be established by being initially at described in rejecting in net assets, be obtained in the network to be detected
In net assets.
Alternatively, using the mode for the data on flows for analyzing the network to be detected, obtain in the network to be detected
In net assets, including:
Based on flow analysis mode or event analysis mode, the flow and event log number of the collection network to be detected
According to;
From the flow and event log data, extract in the network to be detected in net assets.
Alternatively, after the flow and event log data that gather the network to be detected, methods described also includes:
From the flow and event log data, the assets port information of net assets is extracted in.
Alternatively, using the mode that remote I P scannings are carried out to the network to be detected, obtain in the network to be detected
In net assets, including:
By presetting the IP in IP sections in network to be detected described in remote scanning, detect in the default IP sections corresponding to IP
The survival condition of assets;
If assets corresponding to the IP are survival assets, it is the network to be detected to judge assets corresponding to the IP
In in net assets.
Alternatively, detect in the default IP sections after the survival condition of assets corresponding to IP, methods described also includes:
If assets corresponding to the IP are survival assets, detect the IP corresponding to the port that is opened of assets, with
And the finger print information of assets corresponding to the IP is obtained using finger scan mode and WEB scan modes.
Second aspect according to embodiments of the present invention, there is provided a kind of automatic detection analysis device of assets increment, the dress
Put including:
Assets information synchronization module:For obtaining the management assets in network to be detected;
In net assets detecting module:For utilizing the relevant configuration letter stored in the interchanger for gathering the network to be detected
Cease table, the data on flows of the analysis network to be detected and the detection side that remote I P scannings are carried out to the network to be detected
Formula, obtain in the network to be detected in net assets;
Assets Analyst module:For being analyzed the network to be detected in net assets with having managed assets,
Form the Asset List for including unknown assets and having managed assets of the network to be detected.
Alternatively, described device also includes:
Asset data acquisition module:For gathering the asset data of each assets in the Asset List;
Asset data analysis module:For the asset data of each Asset List have been managed into the first of assets with corresponding
Beginning asset data is analyzed, and obtains the asset data result of detection of each assets of the network to be detected.
From above technical scheme, the automatic detection analysis method and device of assets increment provided in an embodiment of the present invention,
By using the relevant configuration information table stored in the interchanger for gathering the network to be detected, analyze the network to be detected
Data on flows and the mode being combined to three kinds of exploration policies of the network progress remote I P scannings to be detected, it is automatic to obtain
In network to be detected in net assets.Finally acquisition is contrasted in net assets with having managed assets, obtains survey grid to be checked
The Asset State of each assets in network.Automation detection mode provided by the invention, asset data dimension is carried out based on artificial with existing
The mode of shield is compared, Asset State that can quickly in tracking network, increases substantially asset management efficiency;In addition, above-mentioned three
Kind of detection mode can be complementary to one another, so can be more fully in detection network assets, improve assets and find accuracy.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory, not
Can the limitation present invention.
Brief description of the drawings
In order to illustrate more clearly of technical scheme, letter will be made to the required accompanying drawing used in embodiment below
Singly introduce, it should be apparent that, for those of ordinary skills, without having to pay creative labor,
Other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of hardware of the terminal of the automatic detection analysis method of assets increment provided in an embodiment of the present invention
Structured flowchart;
Fig. 2 is a kind of schematic flow sheet of the automatic detection analysis method of assets increment provided in an embodiment of the present invention;
Fig. 3 is the flow provided in an embodiment of the present invention detected by way of synchrodata logs in interchanger in net assets
Schematic diagram;
Fig. 4 is the schematic flow sheet provided in an embodiment of the present invention detected by network traffic analysis mode in net assets;
Fig. 5 is the schematic flow sheet provided in an embodiment of the present invention detected by remote I P scan modes in net assets;
Fig. 6 is remote I P scanning process schematic diagrames provided in an embodiment of the present invention;
Fig. 7 is the schematic flow sheet of another automatic detection analysis method of assets increment provided in an embodiment of the present invention;
Fig. 8 is a kind of structural representation of the automatic detection analysis device of assets increment provided in an embodiment of the present invention.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects being described in detail in claims, of the invention.
It should be noted that the embodiment of the method that the embodiment of the present invention is provided can be in mobile terminal, terminal
Or performed in similar arithmetic unit.Exemplified by running on computer terminals, Fig. 1 is one kind provided in an embodiment of the present invention
The hardware block diagram of the terminal of the automatic detection analysis method of assets increment.As shown in figure 1, terminal 10 can be with
Including one or more (one is only shown in figure) processors 101, (processor 101 can include but is not limited to Micro-processor MCV
Or PLD FPGA etc. processing unit), the memory 102 for data storage and for communication function
Transmitting device 103.It will appreciated by the skilled person that the structure shown in Fig. 1 is only to illustrate, it is not to above-mentioned electronics
The structure of device causes to limit.For example, terminal 10 may also include the component more or less than shown in Fig. 1, or
Person has the configuration different from shown in Fig. 1.
Memory 102 can be used for the software program and module of storage application software, such as the assets in the embodiment of the present application
Programmed instruction/module corresponding to the automatic detection analysis method of increment, processor 101 are stored in memory 102 by operation
Software program and module, so as to perform various function application and data processing, that is, realize the multi-source of above-mentioned application program
Isomery leak information De-weight method.Memory 102 may include high speed random access memory, may also include nonvolatile memory, such as
One or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory
102 can further comprise that relative to the remotely located memory of processor 101, these remote memories network connection can be passed through
To terminal 10.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile radio communication
And combinations thereof.
Transmitting device 103 is used to data are received or sent via a network.Above-mentioned network instantiation may include
The wireless network that the communication providerses of terminal 10 provide.In an example, transmitting device 103 is fitted including a network
Orchestration (Network Interface Controller, NIC), its can be connected by base station with other network equipments so as to
Internet is communicated.In an example, transmitting device 103 can be radio frequency (Radio Frequency, RF) module, its
For wirelessly being communicated with internet.
Under above-mentioned running environment, the invention provides the automatic detection analysis method of assets increment and device.This method
Based on a variety of tactful assets remote automation detection means, coordinated by a variety of exploration policies, find unknown assets comprehensively, precisely
Position Assets Problems.Based on above-mentioned principle, method and device provided in an embodiment of the present invention will be described in detail below.
Fig. 2 is a kind of schematic flow sheet of the automatic detection analysis method of assets increment provided in an embodiment of the present invention.Such as Fig. 2
Shown, this method specifically comprises the following steps:
Step S110:Obtain the management assets in network to be detected.
Specifically, can be from existing safety control platform, such as 4A safety control platforms, such as asset management system, ERP
(Enterprise Resource Planning, Enterprise Resources Plan) management system, and the assets such as labor management data source
Data management platform synchronously obtains the assets of management and corresponding asset data in network to be detected, is visited as follow-up assets
Survey analysis foundation data.
Wherein, acquired asset data can include assets title, Asset IP, Asset Type, affiliated group of assets, assets
The information such as person liable.
Step S120:Using the relevant configuration information table stored in the interchanger for gathering the network to be detected, analyze institute
State the data on flows of network to be detected and the detection mode of remote I P scannings is carried out to the network to be detected, described in acquisition
In network to be detected in net assets.
First, it is determined that detection mode to the assets in network to be checked, specifically:
(1) judge whether network to be checked has obtained logging in network interchanger ability by synchronizing information.Specifically can be with
Whether whether the asset data synchronously obtained by step S110, inquiry have managed interchanger concerned account numbers data and have had
Authority logs in the interchanger, if above-mentioned two condition is satisfied by, is judged to having obtained logging in network interchanger ability.If
Logging in network interchanger ability is obtained, then using the detection mode for logging in interchanger, collection identification is in net assets.
(2) if the data traffic of network to be checked can be obtained, other bypass flow monitoring systems can specifically be passed through
Interface obtains its data on flows, then using data on flows analysis mode, collection identification is in net assets.
(3) if not obtaining logging in network interchanger ability, when can not also obtain network traffics, then using IP scanning probes
Mode, collection identification is in net assets.
In the embodiment of the present invention, above-mentioned three kinds of detection modes are present with complementary type, i.e., when carrying out assets detection, such as
The use condition of the above-mentioned detection mode of fruit disclosure satisfy that, then carries out assets detection using the detection mode.If for example, obtain
It is more comprehensive to manage the management data of assets, core switch can be obtained, log in the authority such as assets, then mainly to gather in interchanger
The mode of the relevant configuration information table of storage carries out assets detection, and two kinds of detection modes are supplemented behind use;If can not
Interchanger logon rights are obtained, then by remote probe IP scanning probe modes, and combine the side of data data on flows analysis
Formula, carry out assets detection.
Specifically, the selection that the present invention implements to additionally provide above-mentioned three major types assets remote probe strategy determines step, have
Body is as follows:
Step S1101:Respectively according to the initial wealth data, described to be detected that assets have been managed in the network to be detected
The flux monitoring system interface data of network, judge whether to log in interchanger in the network to be detected and whether
The data on flows of the network to be detected can be obtained.
Step S1102:If the interchanger in the network to be detected can be logged in and can be obtained described to be detected
The data on flows of network, then the relevant configuration information table stored in the interchanger for gathering the network to be detected is utilized simultaneously, is divided
Analyse the data on flows of the network to be detected and three kinds of detection modes of remote I P scannings carried out to the network to be detected,
Obtain in the network to be detected in net assets;
Step S1103:If the interchanger in the network to be detected can be logged in, but cannot obtain described to be detected
The data on flows of network, then using the relevant configuration information table stored in the interchanger for gathering the network to be detected and to institute
State two kinds of detection modes that network to be detected carries out remote I P scannings, obtain in the network to be detected in net assets;
Step S1104:If the data on flows of the network to be detected can be obtained but cannot be logged in described to be detected
Interchanger in network, then carried out using the data on flows for analyzing the network to be detected and to the network to be detected long-range
Two kinds of detection modes of IP scannings, obtain in the network to be detected in net assets.
In addition, in extreme circumstances if above-mentioned two condition is all unsatisfactory for, then enter only with to the network to be detected
Two kinds of detection modes of row remote I P scannings, obtain in the network to be detected in net assets.
Secondly, the three major types assets remote probe strategy determined based on above-mentioned steps, remote collection are detected in objective network
In net assets truth, specifically:
Fig. 3 is the flow provided in an embodiment of the present invention detected by way of synchrodata logs in interchanger in net assets
Schematic diagram.As shown in figure 3, which specifically comprises the following steps:
Step S121:The initial wealth data for having managed assets in the network to be detected, judging whether can be with
Log in the interchanger in the network to be detected.
The asset data synchronously obtained using step S110, inquiry whether managed interchanger concerned account numbers data, with
And whether have permission and log in the interchanger, if above-mentioned two condition is satisfied by, judgement can obtain logging in network interchanger.
Step S122:If the interchanger in the network to be detected can be logged in, log in and gather the interchanger
The relevant configuration information table of middle storage, wherein, the relevant configuration information table includes APR tables, MAC table, routing table and interface letter
Cease the one or more in table.
First, the network connection established between acquisition server and collected interchanger, more collections can specifically be used
Server distribution formula is disposed, and the network connection established and be collected between interchanger by concurrent fashion, is logged in after successful connection
Collected interchanger, wherein, the agreement supported at present includes Telnet/SSH and RDP etc..It is then possible to by collected friendship
Change planes and issue the mode of corresponding data collection script, obtain the ARP (Address of collected interchanger storage inside
Resolution Protocol, address resolution protocol) table, MAC (Medium Access Control, physical address) table, road
By relevant configuration information tables such as table, interface message tables.
Step S123:Extracted from the relevant configuration information table in the network to be detected and be initially at net assets.
Step S124:The assets of network connection cannot be established by being initially at described in rejecting in net assets, be obtained described to be checked
In survey grid network in net assets.
According to the IP information for being initially at net assets of acquisition, this is initially at net assets for testing, if non-testing success, recognizes
For the network connection between the initial wealth cannot be established, and judge that assets corresponding to the IP are non-viable assets, and will
It is deleted from initial wealth list.
Fig. 4 is the schematic flow sheet provided in an embodiment of the present invention detected by network traffic analysis mode in net assets.
As shown in figure 4, which specifically comprises the following steps:
Step S125:Based on flow analysis mode or event analysis mode, the flow and thing of the collection network to be detected
Part daily record data.
Network traffic data is combed, and is based on flow analysis mode or event analysis mode, gathers correlative flow and event
The data such as daily record.
Step S126:From the flow and event log data, extract in the network to be detected in net assets.
The information such as underlying assets IP and MAC in flow and event log data is collected, method is found as complementary assets.
Fig. 5 is the schematic flow sheet provided in an embodiment of the present invention detected by remote I P scan modes in net assets.Such as
Shown in Fig. 4, which specifically comprises the following steps:
Step S127:By presetting the IP in IP sections in network to be detected described in remote scanning, the default IP sections are detected
The survival condition of assets corresponding to interior IP.
When carrying out the detection of assets viability, the IP in the Asset IP section to be detected can be deposited in the form of task
Activity determination, judge whether assets survive corresponding to this IP.Fig. 6 illustrates for remote I P scanning processes provided in an embodiment of the present invention
Figure.As the step in Fig. 6 1. in, detecting server can send a variety of different communication protocol packets to Target IP assets, pass through
Analyse whether that receiving response bag and the content of the response bag of return judges whether main frame survives.
Wherein, the mode for sending a variety of different communication protocol packets includes following three kinds of modes:
First way, Transmission Control Protocol can be used, by sending Transmission Control Protocol bag, SYN bags or ACK to specified port
Bag, judge to detect whether Target IP assets survive by analysing whether to receive the content of response bag and response bag.Second
Mode, using udp protocol, by sending udp protocol bag to specified port, by analysing whether to receive response bag and response
The data content of bag come judge detect Target IP assets whether survive.The third mode, using ICMP agreements, by being sent out to main frame
ICMP echo request bags or ICMP timestamp request bags are sent, by analysing whether to receive response bag and response bag
Data content come judge detect Target IP assets whether survive.
Further, in this step, it is to detect mesh by analyzing the response package informatin of the designated port of different agreement
Whether mark IP assets survive, and the agreement of detection and the port used are made to unified template form, for being selected during mission dispatching
Specify, detecting server carries out the detection of assets viability using the template specified.Viability detection is carried out in the form of template
The means of viability detection are enriched, user is dynamically changed detecting module according to the result of detection and then improves detection
The accuracy rate of assets viability.
Step S128:If assets corresponding to the IP are survival assets, it is described to judge assets corresponding to the IP
In network to be detected in net assets.
Step S130:By being analyzed in net assets with having managed assets for the network to be detected, described in formation
The Asset List for including unknown assets and having managed assets of network to be detected.
Specifically, the Asset List detected in network that can be detected by step S120, wherein, the present embodiment with
The form of IP address represents detected assets, the management assets for then synchronously obtaining the Asset List and step S110
List comparative analysis, and then can obtain not existing in the unknown assets managed in Asset List, and the assets can be received
Enter management area;And it is present in having managed in Asset List but does not exist in the Asset List that step S120 is detected
In the situation that has managed assets and can not connect.Finally, the complete Asset List of detected network can be aggregated to form.
As seen from the above-described embodiment, the detection analysis method that the present embodiment provides, numerous IT in network to be detected
Assets, are cooperated by a variety of tactful assets remote automation detection means, find the unknown assets in network comprehensively, precisely
Position Assets Problems.Be combined by a variety of exploration policies, so can to enterprise assets realize more comprehensively, accurate remote auto
Change detection, increase substantially asset management efficiency, perfect EAM system, carried for the work of enterprise assets security management and control
Supply assets Detection Techniques to support, promote the extensive IT assets securities development of enterprise.
Further, existing assets management method can only manage the main frame of assets, equipment aspect, such as Asset IP, name
The underlying assets data such as title, person liable, and sorts of systems platform, business service for application system level etc., and each section
The business software run on point, component of increasing income, software process and network port situation etc. have no idea effectively to be managed, and this is not
Bottom asset data support can not be only provided downstream industry's asset management, and assets information is not comprehensive, the direct shadow of inaccuracy meeting
Ring the work such as other safety managements, analysis.
In view of the above-mentioned problems, the present embodiment additionally provides the automatic detection analysis method of another assets increment, it is each to obtain
Class Asset Attributes, fingerprint class data, there is provided more accurate, comprehensive, the flexible automatic detectivity of enterprise assets.Fig. 7 is the present invention
The schematic flow sheet for the automatic detection analysis method of another assets increment that embodiment provides.As shown in fig. 7, this method is specifically wrapped
Include following steps:
Step S210:Obtain the management assets in network to be detected.
Step S220:Using the relevant configuration information table stored in the interchanger for gathering the network to be detected, analyze institute
State the data on flows of network to be detected and the detection mode of remote I P scannings is carried out to the network to be detected, described in acquisition
In network to be detected in net assets.
In remote I P scanning process schematic diagrames as shown in Figure 6, all IP in IP sections are being specified by remote scanning, are being visited
Survey the survival condition of assets in the network segment and then further the survival port of detection survival assets, desired asset return to survival
Port list, determine port survival condition;Meanwhile further using host computer system finger scan mode and WEB scan modes
Obtain its host computer system finger print information (including operating system, open service type, service name, version etc.), and WEB fingerprints
Etc. information (including:Struts2, PHP, jQuery etc.) two kinds of assets finger print informations.
For example, detecting server can be to Target IP assets into the order of detection, and the result of detection is parsed, obtain main frame
Positional information, the port opened of main frame and protocol information, the information on services of port open, the product that uses of service opened and
Version information, operation system information, equipment brand and type information, device type information and host name information, will be parsed
The finger print information storage arrived.Further, if whether the port that main frame opens is the port for opening http, https service
When, then its main frame web finger print informations are obtained using WEB scan modes, such as web front-end framework, web components, web server product
And the information such as version.
Further, by combing network traffic data, in gather data after the information such as underlying assets IP and MAC, may be used also
In a manner of based on flow, underlying assets port information in data on flows is collected, to obtain the assets such as the section ports of assets opening
Information.
Step S230:By being analyzed in net assets with having managed assets for the network to be detected, described in formation
The Asset List for including unknown assets and having managed assets of network to be detected.
Step S240:Gather the asset data of each assets in the Asset List.
Wherein, it can use to sign in when carrying out asset data collection and data acquisition and web are carried out in desired asset
Scan mode gathers.
, first, can for the unknown assets in Asset List when using progress data acquisition in desired asset is signed in
By management means such as the related assignment flows of assets responsible person concerned flow, assets, by way of assigning work order, to obtain
The log-on message and logon rights of the unknown assets;For the management assets in Asset List, existing safety can be passed through
Control platform, such as 4A safety control platforms, the asset management system, such as ERP (Enterprise Resource Planning, enterprise
Industry resource planning) management system, and synchronously acquisition has managed assets to the asset data such as labor management data source management platform
Getter log-on message and logon rights in asset data.
Then, the log-on message and logon rights of each assets of acquisition, the basic number that desired asset gathers its assets is logged in
According to (such as title, type, person liable etc.), port survival condition and host computer system finger print information (such as operating system, operation
Business service etc.), to carry out assets increment information supplement, the newest relevant information of complementary assets present situation, assets are included in management model
In enclosing.
And when carrying out information gathering using web scan modes, then by web recursive fashions, scan task is customized repeatedly, i.e.,
When obtain Asset List in each assets web finger print informations.
Step S250:The asset data of each Asset List is entered with the corresponding initial wealth data for having managed assets
Row comparative analysis, obtain the asset data result of detection of each assets of the network to be detected.
(such as asset base data, assets open the asset data of each assets in the Asset List obtained for step S240
Port information and assets finger print information) and step S220 in extracted from the flow and event log data
The port and the finger print information of assets that the assets that assets port information, remote I P scanning probes arrive open, then can be according to canonical
Expression formula and corresponding rule are standardized to above-mentioned asset data, and the corresponding initial wealth number for having managed assets
According to being analyzed, the full dose situation in net assets is generated, it is found that assets have problem, including:Unknown assets, known assets
It can not connect, known Asset Attributes missing or change etc., while Asset Attributes details can also be analyzed, obtain deep assets peace
Not the problems such as full early warning, security alarm, leak, configuration do not conform to rule.
Further, the assets standard information that can be obtained with above-mentioned processing passes to analysis engine, to the mark received
Standardization information carries out the analyses such as unknown device discovery, topological diagram reduction and security domain networking, and contrast finds known, unknown assets,
Export assets result of detection.
As seen from the above-described embodiment, the detection analysis method that the present embodiment provides, based on a variety of tactful assets remote autos
Change detection means, each hierarchical data of assets is gathered using a variety of detection modes, and to all kinds of asset bases, fingerprint class data point
Analysis, obtain more fully, accurate asset data, perfect EAM system, worked for enterprise assets security management and control
Provide more fully, accurate assets Detection Techniques support.
Based on the automatic detection analysis method of above-mentioned assets increment, it is automatic that the embodiment of the present invention additionally provides a kind of assets increment
Detection analysis device.Fig. 8 is a kind of basic structure schematic diagram of the automatic detection analysis of assets increment provided in an embodiment of the present invention.
Include as shown in figure 8, the device has:
Assets information synchronization module 810:For obtaining the management assets in network to be detected.
In net assets detecting module 820:For being matched somebody with somebody using the correlation stored in the interchanger for gathering the network to be detected
Put information table, the data on flows of the analysis network to be detected and the spy that remote I P scannings are carried out to the network to be detected
Survey mode, obtain in the network to be detected in net assets.
Assets Analyst module 830:For the network to be detected to be carried out to score in net assets with having managed assets
Analysis, form the Asset List for including unknown assets and having managed assets of the network to be detected.
The detection analysis device that the present embodiment provides, by using what is stored in the interchanger for gathering the network to be detected
Relevant configuration information table, the analysis network to be detected data on flows and remote I P carried out to the network to be detected swept
Retouch the mode that three kinds of exploration policies are combined, obtain automatically in network to be detected in net assets, carried out with existing based on artificial
The mode that asset data is safeguarded is compared, Asset State that can quickly in tracking network, increases substantially asset management efficiency;Separately
Outside, above-mentioned three kinds of detection modes can be complementary to one another, so can be more fully in detection network assets, improve assets and find
Accuracy.
Further, to obtain each assets more comprehensively asset data, detection analysis provided in an embodiment of the present invention fills
Put, in addition to:
Asset data acquisition module 840:For gathering the asset data of each assets in the Asset List.
Data acquisition and the collection of web scan modes are carried out in desired asset specifically, can use and sign in, acquisition
Asset data (port information and assets the fingerprint letter that such as asset base data, assets open of each assets in Asset List
Breath);The assets port information extracted from the flow and event log data;And in remote I P scanning probe assets
When, port and the finger print information of assets that remote scanning assets open.
Asset data analysis module 850:For the asset data of each Asset List have been managed into assets with corresponding
Initial wealth data be analyzed, obtain the asset data result of detection of each assets of the network to be detected.
The detection analysis device that the present embodiment provides, each hierarchical data of assets is gathered using a variety of detection modes, and it is right
All kinds of asset bases, fingerprint class data analysis, obtain more fully, accurate asset data, perfect enterprise asset management system,
For enterprise assets security management and control work provide more fully, accurate assets Detection Techniques support.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment stressed is the difference with other embodiment.Especially for device or
For system embodiment, because it is substantially similar to embodiment of the method, so describing fairly simple, related part is referring to method
The part explanation of embodiment.Apparatus and system embodiment described above is only schematical, wherein as separation
The unit of part description can be or may not be it is physically separate, can be as the part that unit is shown or
It can not be physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality
Border needs to select some or all of module therein to realize the purpose of this embodiment scheme.Those of ordinary skill in the art
Without creative efforts, you can to understand and implement.
It the above is only the embodiment of the present invention, it is noted that come for those skilled in the art
Say, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should be regarded as
Protection scope of the present invention.
Claims (10)
- A kind of 1. automatic detection analysis method of assets increment, it is characterised in that methods described includes:Obtain the management assets in network to be detected;Using the relevant configuration information table stored in the interchanger for gathering the network to be detected, analyze the network to be detected Data on flows and the detection mode that remote I P scannings are carried out to the network to be detected, are obtained in the network to be detected In net assets;By being analyzed in net assets with having managed assets for the network to be detected, the bag of the formation network to be detected Containing unknown assets and the Asset Lists of assets is managed.
- 2. according to the method for claim 1, it is characterised in that using being stored in the interchanger for gathering the network to be detected Relevant configuration information table, the analysis network to be detected data on flows and remote I P is carried out to the network to be detected The detection mode of scanning, obtain in the network to be detected in net assets, including:Respectively according to the traffic monitoring for the initial wealth data, the network to be detected that assets have been managed in the network to be detected System interface data, judge whether to log in the interchanger in the network to be detected and whether can obtain described treat Detect the data on flows of network;If the interchanger in the network to be detected can be logged in and the flow number of the network to be detected can be obtained According to then simultaneously described to be detected using the relevant configuration information table, analysis that are stored in the interchanger for gathering the network to be detected The data on flows of network and three kinds of detection modes that remote I P scannings are carried out to the network to be detected, are obtained described to be checked In survey grid network in net assets;If the interchanger in the network to be detected can be logged in, but the flow number of the network to be detected cannot be obtained According to then using the relevant configuration information table stored in the interchanger for gathering the network to be detected and to the network to be detected Carry out two kinds of detection modes of remote I P scannings, obtain in the network to be detected in net assets;If the data on flows of the network to be detected can be obtained but the exchange in the network to be detected cannot be logged in Machine, then carry out two kinds of remote I P scannings using the data on flows for analyzing the network to be detected and to the network to be detected Detection mode, obtain in the network to be detected in net assets.
- 3. according to the method for claim 1, it is characterised in that methods described also includes:Gather the asset data of each assets in the Asset List;The asset data of each Asset List is analyzed with the corresponding initial wealth data for having managed assets, obtained To the asset data result of detection of each assets of the network to be detected.
- 4. according to the method for claim 3, it is characterised in that gather the newest assets number of each assets in the Asset List According to, including:The assets log-on message of each assets in the Asset List, each assets are logged in gather its storage inside Asset data;And/orBy web scan modes, the finger print information of each assets in the Asset List is obtained.
- 5. according to the method for claim 1, it is characterised in that deposited using the interchanger gathered in the network to be detected The mode of the relevant configuration information table of storage, obtain in the network to be detected in net assets, including:The initial wealth data for having managed assets in the network to be detected, judge whether to log in described to be detected Interchanger in network;If the interchanger in the network to be detected can be logged in, log in and gather the correlation stored in the interchanger and match somebody with somebody Put information table, wherein, the relevant configuration information table include APR tables, MAC table, routing table and one kind in interface message table or It is a variety of;Extracted from the relevant configuration information table in the network to be detected and be initially at net assets;The assets of network connection cannot be established by being initially at described in rejecting in net assets, obtain in the network to be detected in net Assets.
- 6. according to the method for claim 1, it is characterised in that utilize the side for the data on flows for analyzing the network to be detected Formula, obtain in the network to be detected in net assets, including:Based on flow analysis mode or event analysis mode, the flow and event log data of the collection network to be detected;From the flow and event log data, extract in the network to be detected in net assets.
- 7. according to the method for claim 6, it is characterised in that the flow and event log number of the collection network to be detected According to afterwards, methods described also includes:From the flow and event log data, the assets port information of net assets is extracted in.
- 8. according to the method for claim 1, it is characterised in that carry out remote I P scannings using to the network to be detected Mode, obtain in the network to be detected in net assets, including:By presetting the IP in IP sections in network to be detected described in remote scanning, assets corresponding to IP in the default IP sections are detected Survival condition;If assets corresponding to the IP are survival assets, it is in the network to be detected to judge assets corresponding to the IP In net assets.
- 9. according to the method for claim 8, it is characterised in that the survival of assets corresponding to IP in the detection default IP sections After situation, methods described also includes:If assets corresponding to the IP are survival assets, detect the IP corresponding to the port that is opened of assets, Yi Jili The finger print information of assets corresponding to the IP is obtained with finger scan mode and WEB scan modes.
- 10. a kind of automatic detection analysis device of assets increment, it is characterised in that described device includes:Assets information synchronization module:For obtaining the management assets in network to be detected;In net assets detecting module:For utilizing the relevant configuration information stored in the interchanger for gathering the network to be detected Table, the data on flows of the analysis network to be detected and the detection mode that remote I P scannings are carried out to the network to be detected, Obtain in the network to be detected in net assets;Assets Analyst module:For being analyzed the network to be detected in net assets with having managed assets, formed The Asset List for including unknown assets and having managed assets of the network to be detected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710833654.6A CN107579876A (en) | 2017-09-15 | 2017-09-15 | A kind of automatic detection analysis method and device of assets increment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710833654.6A CN107579876A (en) | 2017-09-15 | 2017-09-15 | A kind of automatic detection analysis method and device of assets increment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107579876A true CN107579876A (en) | 2018-01-12 |
Family
ID=61033762
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710833654.6A Pending CN107579876A (en) | 2017-09-15 | 2017-09-15 | A kind of automatic detection analysis method and device of assets increment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107579876A (en) |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
| CN109257378A (en) * | 2018-11-05 | 2019-01-22 | 杭州安恒信息技术股份有限公司 | A kind of quick identification environment of internet of things illegally accesses the method and system of assets |
| CN109347892A (en) * | 2018-08-03 | 2019-02-15 | 北京奇安信科技有限公司 | A kind of Internet Industry assets scanning processing method and device |
| CN109413054A (en) * | 2018-10-10 | 2019-03-01 | 四川长虹电器股份有限公司 | The formation gathering method at penetration testing auxiliary system and penetration testing initial stage |
| CN110311931A (en) * | 2019-08-02 | 2019-10-08 | 杭州安恒信息技术股份有限公司 | Assets automatic discovering method and device |
| CN110351251A (en) * | 2019-06-20 | 2019-10-18 | 哈尔滨工业大学(威海) | A kind of industrial control equipment assets detection method based on filtering technique |
| CN110943984A (en) * | 2019-11-25 | 2020-03-31 | 中国联合网络通信集团有限公司 | Asset safety protection method and device |
| CN111104645A (en) * | 2018-10-25 | 2020-05-05 | 广达电脑股份有限公司 | Software master file data management system and method |
| CN111245643A (en) * | 2019-12-31 | 2020-06-05 | 贵州电网有限责任公司 | IT asset monitoring method and system |
| CN111431753A (en) * | 2020-04-02 | 2020-07-17 | 深信服科技股份有限公司 | Asset information updating method, device, equipment and storage medium |
| CN111447089A (en) * | 2020-03-24 | 2020-07-24 | 深信服科技股份有限公司 | Terminal asset identification method and apparatus, and computer-readable storage medium |
| CN111726337A (en) * | 2020-05-14 | 2020-09-29 | 北京邮电大学 | Equipment asset detection method and device |
| CN111800286A (en) * | 2019-04-09 | 2020-10-20 | 中国移动通信集团山东有限公司 | Detection method and device of intranet assets and electronic equipment |
| CN111884858A (en) * | 2020-07-29 | 2020-11-03 | 中国工商银行股份有限公司 | Equipment asset information verification method, device, system and medium |
| CN111885220A (en) * | 2020-07-30 | 2020-11-03 | 哈尔滨工业大学(威海) | Active acquisition and verification method for target unit IP assets |
| CN112039853A (en) * | 2020-08-11 | 2020-12-04 | 深信服科技股份有限公司 | Asset identification method and device for local area network, equipment and readable storage medium |
| CN112202629A (en) * | 2020-09-11 | 2021-01-08 | 智网安云(武汉)信息技术有限公司 | Network asset monitoring method and network asset monitoring device |
| CN112398782A (en) * | 2019-08-15 | 2021-02-23 | 北京国双科技有限公司 | Network asset identification method, device, medium and equipment |
| CN112688810A (en) * | 2020-12-23 | 2021-04-20 | 苏州三六零智能安全科技有限公司 | Network asset information acquisition method, equipment and readable storage medium |
| CN112688806A (en) * | 2020-12-18 | 2021-04-20 | 国家工业信息安全发展研究中心 | Method and system for presenting network assets |
| CN113259197A (en) * | 2021-05-13 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Asset detection method and device and electronic equipment |
| CN113554056A (en) * | 2021-06-21 | 2021-10-26 | 杭州安恒信息技术股份有限公司 | Network asset aggregation method, device, electronic device and storage medium |
| CN113992451A (en) * | 2021-12-29 | 2022-01-28 | 北京微步在线科技有限公司 | Asset data processing method and device |
| CN115118487A (en) * | 2022-06-24 | 2022-09-27 | 山东旗帜信息有限公司 | SSH data acquisition method and system |
| CN116225829A (en) * | 2022-12-14 | 2023-06-06 | 智网安云(武汉)信息技术有限公司 | Network asset information monitoring method, device and storage device |
| CN116225829B (en) * | 2022-12-14 | 2024-05-24 | 智网安云(武汉)信息技术有限公司 | Network asset information monitoring method, device and storage device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227383A (en) * | 2015-11-06 | 2016-01-06 | 广东电网有限责任公司电力科学研究院 | A kind of device of network topology investigation |
| CN105450442A (en) * | 2015-11-06 | 2016-03-30 | 广东电网有限责任公司电力科学研究院 | Network topology checking method and system thereof |
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
| CN106888194A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | Intelligent grid IT assets security monitoring systems based on distributed scheduling |
| CN106888106A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | The extensive detecting system of IT assets in intelligent grid |
-
2017
- 2017-09-15 CN CN201710833654.6A patent/CN107579876A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227383A (en) * | 2015-11-06 | 2016-01-06 | 广东电网有限责任公司电力科学研究院 | A kind of device of network topology investigation |
| CN105450442A (en) * | 2015-11-06 | 2016-03-30 | 广东电网有限责任公司电力科学研究院 | Network topology checking method and system thereof |
| CN106888194A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | Intelligent grid IT assets security monitoring systems based on distributed scheduling |
| CN106888106A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | The extensive detecting system of IT assets in intelligent grid |
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
| CN109347892B (en) * | 2018-08-03 | 2021-09-03 | 奇安信科技集团股份有限公司 | Internet industrial asset scanning processing method and device |
| CN109347892A (en) * | 2018-08-03 | 2019-02-15 | 北京奇安信科技有限公司 | A kind of Internet Industry assets scanning processing method and device |
| CN109413054A (en) * | 2018-10-10 | 2019-03-01 | 四川长虹电器股份有限公司 | The formation gathering method at penetration testing auxiliary system and penetration testing initial stage |
| CN111104645A (en) * | 2018-10-25 | 2020-05-05 | 广达电脑股份有限公司 | Software master file data management system and method |
| CN109257378A (en) * | 2018-11-05 | 2019-01-22 | 杭州安恒信息技术股份有限公司 | A kind of quick identification environment of internet of things illegally accesses the method and system of assets |
| CN111800286A (en) * | 2019-04-09 | 2020-10-20 | 中国移动通信集团山东有限公司 | Detection method and device of intranet assets and electronic equipment |
| CN110351251A (en) * | 2019-06-20 | 2019-10-18 | 哈尔滨工业大学(威海) | A kind of industrial control equipment assets detection method based on filtering technique |
| CN110351251B (en) * | 2019-06-20 | 2020-09-01 | 哈尔滨工业大学(威海) | Industrial control equipment asset detection method based on filtering technology |
| CN110311931A (en) * | 2019-08-02 | 2019-10-08 | 杭州安恒信息技术股份有限公司 | Assets automatic discovering method and device |
| CN112398782A (en) * | 2019-08-15 | 2021-02-23 | 北京国双科技有限公司 | Network asset identification method, device, medium and equipment |
| CN110943984A (en) * | 2019-11-25 | 2020-03-31 | 中国联合网络通信集团有限公司 | Asset safety protection method and device |
| CN110943984B (en) * | 2019-11-25 | 2021-09-28 | 中国联合网络通信集团有限公司 | Asset safety protection method and device |
| CN111245643A (en) * | 2019-12-31 | 2020-06-05 | 贵州电网有限责任公司 | IT asset monitoring method and system |
| CN111447089B (en) * | 2020-03-24 | 2023-07-14 | 深信服科技股份有限公司 | Terminal asset identification method and device and computer readable storage medium |
| CN111447089A (en) * | 2020-03-24 | 2020-07-24 | 深信服科技股份有限公司 | Terminal asset identification method and apparatus, and computer-readable storage medium |
| CN111431753A (en) * | 2020-04-02 | 2020-07-17 | 深信服科技股份有限公司 | Asset information updating method, device, equipment and storage medium |
| CN111726337A (en) * | 2020-05-14 | 2020-09-29 | 北京邮电大学 | Equipment asset detection method and device |
| CN111884858A (en) * | 2020-07-29 | 2020-11-03 | 中国工商银行股份有限公司 | Equipment asset information verification method, device, system and medium |
| CN111884858B (en) * | 2020-07-29 | 2023-01-03 | 中国工商银行股份有限公司 | Equipment asset information verification method, device, system and medium |
| CN111885220A (en) * | 2020-07-30 | 2020-11-03 | 哈尔滨工业大学(威海) | Active acquisition and verification method for target unit IP assets |
| CN111885220B (en) * | 2020-07-30 | 2023-04-07 | 哈尔滨工业大学(威海) | Active acquisition and verification method for target unit IP assets |
| CN112039853B (en) * | 2020-08-11 | 2022-09-30 | 深信服科技股份有限公司 | Asset identification method and device for local area network, equipment and readable storage medium |
| CN112039853A (en) * | 2020-08-11 | 2020-12-04 | 深信服科技股份有限公司 | Asset identification method and device for local area network, equipment and readable storage medium |
| CN112202629A (en) * | 2020-09-11 | 2021-01-08 | 智网安云(武汉)信息技术有限公司 | Network asset monitoring method and network asset monitoring device |
| CN112202629B (en) * | 2020-09-11 | 2023-08-25 | 智网安云(武汉)信息技术有限公司 | Network asset monitoring method and network asset monitoring device |
| CN112688806A (en) * | 2020-12-18 | 2021-04-20 | 国家工业信息安全发展研究中心 | Method and system for presenting network assets |
| CN112688810A (en) * | 2020-12-23 | 2021-04-20 | 苏州三六零智能安全科技有限公司 | Network asset information acquisition method, equipment and readable storage medium |
| CN113259197A (en) * | 2021-05-13 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Asset detection method and device and electronic equipment |
| CN113554056A (en) * | 2021-06-21 | 2021-10-26 | 杭州安恒信息技术股份有限公司 | Network asset aggregation method, device, electronic device and storage medium |
| CN113992451B (en) * | 2021-12-29 | 2022-04-22 | 北京微步在线科技有限公司 | Asset data processing method and device |
| CN113992451A (en) * | 2021-12-29 | 2022-01-28 | 北京微步在线科技有限公司 | Asset data processing method and device |
| CN115118487A (en) * | 2022-06-24 | 2022-09-27 | 山东旗帜信息有限公司 | SSH data acquisition method and system |
| CN115118487B (en) * | 2022-06-24 | 2023-08-25 | 山东旗帜信息有限公司 | SSH data acquisition method and system |
| CN116225829A (en) * | 2022-12-14 | 2023-06-06 | 智网安云(武汉)信息技术有限公司 | Network asset information monitoring method, device and storage device |
| CN116225829B (en) * | 2022-12-14 | 2024-05-24 | 智网安云(武汉)信息技术有限公司 | Network asset information monitoring method, device and storage device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107579876A (en) | A kind of automatic detection analysis method and device of assets increment | |
| US7804787B2 (en) | Methods and apparatus for analyzing and management of application traffic on networks | |
| Debar et al. | Aggregation and correlation of intrusion-detection alerts | |
| CA2738295C (en) | A method for allowing and blocking a user pc which can use internet at the same time in a private network thereof a method for analyzing and detecting a judgement about whether nat(network address translation) can be used or not using a traffic data, and the number of terminals sharing nat | |
| CN111639363B (en) | Data analysis method based on block chain and edge computing server | |
| US8090820B2 (en) | Distributed traffic analysis | |
| CN101933003B (en) | Automated application dependency maps | |
| CN110311931A (en) | Assets automatic discovering method and device | |
| CN106953837A (en) | With the visual integrating security system of threat | |
| US9729563B2 (en) | Data transfer for network interaction fraudulence detection | |
| CN106341337A (en) | Flow detection and control mechanism capable of realizing application perception under SDN and method | |
| CN107295010A (en) | A kind of enterprise network security management cloud service platform system and its implementation | |
| CN107800565A (en) | Method for inspecting, device, system, computer equipment and storage medium | |
| CN108600260A (en) | A kind of industry Internet of Things security configuration check method | |
| Trammell et al. | mPlane: an intelligent measurement plane for the internet | |
| CN109995582A (en) | Asset equipment management system and method based on real-time status | |
| CN108769047A (en) | A kind of big data risk monitoring system | |
| CN110324327A (en) | User and server ip address caliberating device and method based on specific enterprise domain name data | |
| CN106650425A (en) | Method and device for controlling security sandbox | |
| CN100493065C (en) | Method for using immediate information software by data detection network address switching equipment | |
| CN111143852A (en) | Multi-module penetration testing system based on cooperative control | |
| CN115297007A (en) | Construction method and system of network space asset information map for cooperative network | |
| CN106603339B (en) | Simulate the test macro and test method of wan environment | |
| CN110233774A (en) | A kind of Distributed probing method and system of Socks proxy server | |
| CN115437874A (en) | Information security risk analysis and monitoring system based on network assets |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180112 |
|
| RJ01 | Rejection of invention patent application after publication |