CN114492376A - Application fingerprint detection method and device and electronic equipment - Google Patents
Application fingerprint detection method and device and electronic equipment Download PDFInfo
- Publication number
- CN114492376A CN114492376A CN202111619007.8A CN202111619007A CN114492376A CN 114492376 A CN114492376 A CN 114492376A CN 202111619007 A CN202111619007 A CN 202111619007A CN 114492376 A CN114492376 A CN 114492376A
- Authority
- CN
- China
- Prior art keywords
- field
- network protocol
- rule
- application
- boolean logic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 64
- 238000000034 method Methods 0.000 claims abstract description 25
- 230000004044 response Effects 0.000 claims description 74
- 238000004590 computer program Methods 0.000 claims description 16
- 238000004891 communication Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a detection method and a detection device for application fingerprints and electronic equipment, wherein the method comprises the following steps: acquiring network flow data; inputting network flow data into a decoder to obtain a plurality of network protocol fields; matching based on Boolean logic rules in a first rule file according to field names and field contents of a plurality of network protocol fields to obtain corresponding target application identifiers; and matching corresponding target application fingerprint information in the second rule file according to the target application identifier. Parallel application fingerprint detection based on a plurality of network protocol fields is realized in the first rule file through matching based on Boolean logic rules, and efficient application fingerprint detection is further realized.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for detecting application fingerprints and electronic equipment.
Background
The existing fingerprint identification application has limitations on fingerprint format design, and some regular formats are extremely complicated in design, so that the compatibility is poor, and the detection logic is simple and low in efficiency; some field analysis is rough, and for the field analysis of the traffic, it is difficult to subdivide a specific field, the rule accuracy is affected, and the efficiency is lower.
Therefore, it is an urgent problem to achieve efficient application fingerprint detection.
Disclosure of Invention
The invention provides a method and a device for detecting an application fingerprint and electronic equipment, which are used for solving the defect of low fingerprint detection efficiency in the prior art and realizing high-efficiency application fingerprint detection.
The invention provides a detection method of an application fingerprint, which comprises the following steps:
acquiring network flow data;
inputting the network flow data into a decoder to obtain a plurality of network protocol fields connected through Boolean logic, wherein the network protocol fields comprise field names and field contents;
performing boolean logic rule-based matching in a first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain corresponding target application identifiers, wherein the first rule file is a file stored locally, the first rule file pre-stores boolean logic rules and application identifiers corresponding to the boolean logic rules, the boolean logic rules have at least one logic node connected through boolean logic characters, and the logic node includes a first field name and a first field content;
and matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file.
According to the application fingerprint detection method provided by the invention, the network protocol field comprises a request head network protocol field, a request body network protocol field, a response head network protocol field and a response body network protocol field;
the step of inputting the network traffic data into a decoder to obtain a plurality of network protocol fields connected by boolean logic includes:
inputting the network flow data into a decoder, and decoding according to a preset decoding rule to obtain a request head, a request body, a response head and a response body;
decoding the request head, the request body, the response head and the response body according to a preset decoding rule to obtain a request head field set corresponding to the request head, a request body field set corresponding to the request body, a response head field set corresponding to the response head and a response body field set corresponding to the response body;
wherein the request header field set comprises a field name and field contents of at least one request header network protocol field, the request body field set comprises a field name and field contents of at least one request body network protocol field, the response header field set comprises a field name and field contents of at least one response header network protocol field, and the response body field set comprises a field name and field contents of at least one response body network protocol field.
According to the application fingerprint detection method provided by the invention, the step of matching based on the Boolean logic rule in the first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain the corresponding target application identifier comprises the following steps:
and according to the field sets of different types and the corresponding preset sequence, sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the Boolean logic rule to which the field content conforms in a first rule file.
According to the application fingerprint detection method provided by the present invention, the step of sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the boolean logic rule to which the field content conforms in a first rule file comprises:
for each field set, matching a target application identifier corresponding to a satisfied Boolean logic rule in a first rule file according to the field name and the field content of the network protocol field;
and the corresponding Boolean logic rule is a Boolean logic rule which has a logic node consistent with the field name and the field content and meets the corresponding condition of the Boolean logic character.
According to the application fingerprint detection method provided by the invention, the field set contains the field names and the field contents of a plurality of network protocol fields; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are AND logic characters;
the step of matching a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field includes:
matching the target application identification corresponding to the Boolean logic rule meeting a first condition in a first rule file according to the field names and the field contents of the plurality of network protocol fields;
wherein the first condition is that the field names of the plurality of network protocol fields simultaneously satisfy agreement with the first field names in the plurality of logical nodes, and the field contents of the plurality of network protocol fields corresponding to the field names simultaneously satisfy agreement with the first field contents in the plurality of logical nodes.
According to the application fingerprint detection method provided by the invention, the field set contains the field names and the field contents of a plurality of network protocol fields; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are OR logic characters;
the step of matching a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field includes:
matching the target application identification corresponding to the Boolean logic rule meeting a second condition in a first rule file according to the field names and the field contents of the plurality of network protocol fields;
the second condition is that the field names of the network protocol fields are consistent with the first field name of any one of the logical nodes, the field contents corresponding to the field names in the network protocol fields are consistent with the first field contents of a determined logical node, and the determined logical node is a logical node with the field name consistent with the first field name.
According to the application fingerprint detection method provided by the present invention, the step of matching the field name and the field content of the network protocol field in the first rule file with the target application identifier corresponding to the satisfied boolean logic rule further includes:
and stopping subsequent matching when the target application identifier corresponding to the matched Boolean logic rule is successfully matched in the first rule file according to the field name and the field content of the network protocol field.
According to the application fingerprint detection method provided by the invention, the target application fingerprint information comprises application attribute information and application source information, wherein the application attribute information comprises an application name, an application description and an application version, and the application source information comprises an IP address and port information;
the step of matching the target application fingerprint information in the second rule file according to the target application identifier includes:
matching the application description, the application version, the IP address and the port information in the second rule file according to the target application identifier, using the target application name, the application description and the application version as the application attribute information, and using the IP address and the port information as the application source information;
and generating the target application fingerprint information according to the application attribute information and the application source information.
The present invention also provides a detection apparatus using a fingerprint, comprising:
the acquisition unit is used for acquiring network flow data;
the analysis unit is used for inputting the network flow data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields comprise field names and field contents;
a first matching unit, configured to perform boolean logic rule-based matching in a first rule file according to the field names and the field contents of the multiple network protocol fields to obtain corresponding target application identifiers, where the first rule file is a file stored locally, the first rule file pre-stores a boolean logic rule and an application identifier corresponding to the boolean logic rule, the boolean logic rule has boolean logic characters and at least one logic node, and the logic node includes a first field name and a first field content;
and the second matching unit is used for matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the steps of the detection method of the application fingerprint.
The invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the detection method of application fingerprints as described in any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, carries out the steps of the method for detecting an application fingerprint as described in any of the above.
According to the application fingerprint detection method, the application fingerprint detection device and the electronic equipment, network flow data are obtained; inputting the network flow data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields comprise field names and field contents; performing boolean logic rule-based matching in a first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain corresponding target application identifiers, wherein the first rule file is a file stored locally, the first rule file pre-stores boolean logic rules and application identifiers corresponding to the boolean logic rules, the boolean logic rules have at least one logic node connected through boolean logic characters, and the logic node includes a first field name and a first field content; and matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file. According to the invention, parallel application fingerprint detection based on a plurality of network protocol fields is realized through matching based on Boolean logic rules in the first rule file, so that high-efficiency application fingerprint detection is realized.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a detection method using fingerprints according to the present invention;
FIG. 2 is a flow chart of detection of application fingerprints provided by the present invention;
FIG. 3 is a schematic structural diagram of a fingerprint detection apparatus provided in the present invention;
fig. 4 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The application fingerprint information refers to relevant characteristics of the application program, and includes attributes such as an application name, application relevant description, a server operating system where the application program is located, a server of the application program, a development framework, a development language, a database, application version information and the like.
The existing fingerprint identification application has limitations in fingerprint format design, and some regular formats are extremely complex in design, so that the compatibility is poor, and the detection logic is simple and low in efficiency; some field analysis is rough, and for the field analysis of the traffic, it is difficult to subdivide a specific field, the rule accuracy is affected, and the efficiency is lower.
Therefore, it is an urgent problem to achieve efficient application fingerprint detection.
In order to solve the above problem, the present invention provides a method for detecting a fingerprint, as shown in fig. 1, including the following steps:
and S11, acquiring the network traffic data.
Specifically, for convenience of understanding, the following explanation is made with the electronic device as an execution subject, and does not play a limiting role.
The electronic device may obtain network traffic data that includes data generated by the respective network application at runtime.
And S12, inputting the network flow data into a decoder to obtain a plurality of network protocol fields.
Specifically, the electronic device may input network traffic data into a decoder, obtain a plurality of network protocol fields within a network application in the network traffic data, wherein the network protocol fields include field names and field contents.
S13, matching based on Boolean logic rules in a first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain corresponding target application identifiers.
Specifically, the electronic device may perform boolean logic rule-based matching in a first rule file according to a field name and field content of a network protocol field to obtain a corresponding target application identifier, where the first rule file is a file stored locally, the first rule file pre-stores a boolean logic rule and an application identifier corresponding to the boolean logic rule, the boolean logic rule has at least one logic node connected by boolean logic characters, and the logic node includes the first field name and the first field content.
To facilitate cross-platform usage of rules, the first rule file may be an XML formatted file.
And S14, matching corresponding target application fingerprint information in the second rule file according to the target application identification.
Specifically, the electronic device may match corresponding target application fingerprint information in a second rule file according to a target application identifier matched in the first rule file, where the second rule file is a file stored locally, and the second rule file has the application identifier and the application fingerprint information corresponding to the application identifier prestored therein.
To facilitate cross-platform usage of rules, the first rule file may be an XML formatted file.
In one example, as shown in FIG. 2, FIG. 2 is a flow chart of detection of an application fingerprint. The method comprises the steps of firstly obtaining network flow data, then inputting the network flow data into a decoder, decoding the network flow data to obtain a plurality of network protocol fields, matching target application identifications corresponding to the plurality of network protocol fields in a first rule file, and then matching application fingerprint information corresponding to the target application identifications in a second rule file.
In the embodiment of the invention, network flow data is input into a decoder by acquiring the network flow data, a plurality of network protocol fields are acquired, wherein the network protocol fields comprise field names and field contents, Boolean logic rule-based matching is carried out in a first rule file according to the field names and the field contents of the plurality of network protocol fields to acquire corresponding target application identifiers, wherein the first rule file is a file stored locally, the first rule file is pre-stored with Boolean logic rules and application identifiers corresponding to the Boolean logic rules, the Boolean logic rules are provided with at least one logic node connected through Boolean logic characters, the logic node comprises the first field names and the first field contents, the corresponding target application fingerprint information is matched in a second rule file according to the target application identifiers, the second rule file is a file stored locally, the second rule file is pre-stored with application identification and application fingerprint information corresponding to the application identification. According to the invention, parallel application fingerprint detection based on a plurality of network protocol fields is realized through matching based on Boolean logic rules in the first rule file, so that high-efficiency application fingerprint detection is realized.
According to the detection method of the application fingerprint provided by the invention, the network protocol field comprises a request head network protocol field, a request body network protocol field, a response head network protocol field and a response body network protocol field; step S12 includes the following steps:
and S121, inputting the network flow data into a decoder, and decoding according to a preset decoding rule to obtain a request head, a request body, a response head and a response body.
Specifically, the electronic device may input the network traffic data into a decoder, where a preset decoding rule is pre-stored in the decoder, so that the decoder decodes the network traffic data according to the preset decoding rule to obtain a request header, a request body, a response header, and a response body.
And S122, decoding the request header, the request body, the response header and the response body according to a preset decoding rule to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header and a response body field set corresponding to the response body.
Specifically, the request header, the request body, the response header and the response body may be further decoded according to a preset decoding rule to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header and a response body field set corresponding to the response body.
The request header field set comprises a field name and field content of at least one request header network protocol field, the request body field set comprises a field name and field content of at least one request body network protocol field, the response header field set comprises a field name and field content of at least one response body network protocol field, and the response body field set comprises a field name and field content of at least one response body network protocol field.
In the embodiment of the invention, the network protocol field comprises a request head network protocol field, a request body network protocol field, a response head network protocol field and a response body network protocol field, and the step of inputting network flow data into a decoder to obtain a plurality of network protocol fields is described in detail. Through the steps, the plurality of network protocol fields can be simply, conveniently and quickly obtained, the corresponding target application identification can be conveniently obtained in the first rule file according to the field name and the field content of the network protocol field based on the matching of the Boolean logic rule, the corresponding target application fingerprint information is matched in the second rule file according to the target application identification, and then the parallel application fingerprint detection based on the plurality of network protocol fields is realized, and further the efficient application fingerprint detection is realized.
According to the detection method of the application fingerprint provided by the embodiment of the invention, the step S13 specifically includes:
and according to the field sets of different types and the corresponding preset sequence, sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the Boolean logic rule to which the field content conforms in a first rule file.
Specifically, the request header field set, the request body field set, the response header field set and the response body field set are ordered according to a preset order.
The electronic device may sequentially match, in the first rule file, the field names of the network protocol fields in each field set and the target application identifiers corresponding to the boolean logic rules to which the field contents conform from the different types of field sets according to the preset order of the different types of field sets.
In one example, the predetermined order is a set of request header fields, a set of request body fields, a set of response header fields, and a set of response body fields. The electronic equipment firstly matches a target application identifier corresponding to a Boolean logic rule according with the field name and the field content of a request head network protocol field in a request head field set in a first rule file, continues to match a target application identifier corresponding to a Boolean logic rule according with the field name and the field content of a request body network protocol field in a request body field set in the first rule file after matching the request head network protocol field in the request head field set, and then continues to match the Boolean logic rule according with the field name and the field content of a network protocol field in a response body field set and a Boolean logic rule according with the field content in a response body field set in the first rule file according to the same steps.
In the embodiment of the invention, the request header field set, the request body field set, the response header field set and the response body field set are sequenced according to a preset sequence, and the field names of the network protocol fields in each field set and the target application identifications corresponding to the Boolean logic rules with the field contents according with are matched in the first rule file in sequence according to different types of field sets and the corresponding preset sequence. The matching is carried out according to the preset sequence on the premise that the data attribute is kept, the matching randomness is reduced, meanwhile, the matching efficiency is improved, the target application fingerprint information can be matched in the second rule file conveniently and subsequently according to the target application identification, and efficient application fingerprint detection is further realized.
According to the method for detecting an application fingerprint provided by the embodiment of the present invention, the step of sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the boolean logic rule to which the field content conforms in the first rule file specifically includes:
and for each field set, matching a target application identifier corresponding to a satisfied Boolean logic rule in a first rule file according to the field name and the field content of the network protocol field.
Specifically, for each field set, the electronic device may match, in the first rule file, a target application identifier corresponding to a satisfied boolean logic rule according to the field name and the field content of the network protocol field.
The corresponding Boolean logic rule is a Boolean logic rule which has logic nodes consistent with the field name and the field content and meets the corresponding condition of Boolean logic characters.
In the embodiment of the invention, for each field set, the target application identifier corresponding to the satisfied Boolean logic rule is matched in the first rule file according to the field name and the field content of the network protocol field. And a plurality of network protocol fields are matched simultaneously in the field set, so that the matching efficiency is improved, the target application identification is conveniently and quickly obtained, and the efficient application fingerprint detection is realized.
According to the detection method of the application fingerprint provided by the embodiment of the invention, the field set contains the field names and the field contents of a plurality of network protocol fields; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are AND logic characters;
the step of matching a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field specifically includes:
and matching the target application identification corresponding to the Boolean logic rule meeting the first condition in a first rule file according to the field names and the field contents of the plurality of network protocol fields.
Specifically, the field set includes field names and field contents of a plurality of network protocol fields, the boolean logic rule includes a plurality of logic nodes, and the boolean logic character is an and logic character.
The electronic device may match, in the first rule file, the target application identifier corresponding to the boolean logic rule that meets the first condition according to the field names and the field contents of the plurality of network protocol fields.
The first condition is that the field names of the network protocol fields simultaneously meet the condition that the field names are consistent with the first field names in the logic nodes, and the field contents corresponding to the field names in the network protocol fields simultaneously meet the condition that the field contents are consistent with the first field contents in the logic nodes.
In one example, the request header field set includes a field name X1 and a field content X2 for the request header network protocol field X and a field name Y1 and a field content Y2 for the request header network protocol field Y. The first rule file comprises a Boolean logic rule A and an application identifier M corresponding to the Boolean logic rule A, the Boolean logic rule A comprises two logic nodes A1 and A2 and a Boolean logic character of logic, the logic node A1 is before the logic node A2, the logic node A1 comprises a first field name x1 and field content x2, and the logic node A2 comprises a first field name y1 and field content y 2. The electronic device performs matching based on the boolean logic rule in the first rule file according to the field name X1 and the field content X2 of the request header network protocol field X and the field name Y1 and the field content Y2 of the request header network protocol field Y. The field name X1 and the field content X2 of the request header network protocol field X are consistent with the field name X1 and the field content X2 of the logical node a1 in the boolean logic rule a, at this time, because the boolean logic character is a logical character, matching of two logical nodes needs to be simultaneously satisfied, the electronic device continues subsequent operations, the field name Y1 and the field content Y2 of the request header network protocol field Y are consistent with the field name Y1 and the field content Y2 of the logical node a2 in the boolean logic rule a, at this time, based on successful matching of the boolean logic rule, the electronic device matches the target application identifier M corresponding to the boolean logic rule a in the first rule file.
In another example, unlike the above example, the electronic device may start matching from a random one of the logical nodes in the boolean logical rule a without matching in the order of matching logical node a1 first and matching logical node a 2.
In the embodiment of the invention, the field set contains field names and field contents of a plurality of network protocol fields, the Boolean logic rule contains a plurality of logic nodes, and the Boolean logic character is an AND logic character. The detailed description is that according to the field names and the field contents of the plurality of network protocol fields, the target application identifications corresponding to the Boolean logic rules meeting the first condition are matched in the first rule file, wherein the first condition is that the field names of the plurality of network protocol fields are consistent with the first field names in the plurality of logic nodes at the same time, and the field contents corresponding to the field names in the plurality of network protocol fields are consistent with the first field contents in the plurality of logic nodes at the same time. Therefore, parallel application fingerprint detection based on a plurality of network protocol fields is realized through matching based on Boolean logic rules in the first rule file, and efficient application fingerprint detection is further realized.
According to the detection method of the application fingerprint provided by the embodiment of the invention, the field set contains the field names and the field contents of a plurality of network protocol fields; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are OR logic characters;
the step of matching a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field specifically includes:
and matching the target application identification corresponding to the Boolean logic rule meeting a second condition in a first rule file according to the field names and the field contents of the plurality of network protocol fields.
Specifically, the field set includes field names and field contents of a plurality of network protocol fields, the boolean logic rule includes a plurality of logic nodes, and the boolean logic character is an and logic character.
The electronic device may match, in the first rule file, the target application identifier corresponding to the boolean logic rule that meets the second condition according to the field names and the field contents of the plurality of network protocol fields.
The second condition is that the field names of the plurality of network protocol fields are consistent with the first field name of any one of the plurality of logic nodes, the field contents corresponding to the field names in the plurality of network protocol fields are consistent with the first field contents of the determined logic nodes, and the determined logic nodes are the logic nodes with the field names consistent with the first field names.
In one example, the request header field set includes a field name X1 and a field content X2 for the request header network protocol field X and a field name Y1 and a field content Y2 for the request header network protocol field Y. The first rule file comprises a Boolean logic rule B and an application identifier N corresponding to the Boolean logic rule B, the Boolean logic rule B comprises two logic nodes B1 and B2 and one or logic Boolean logic characters, the logic node B1 comprises a first field name z1 and field content z2, and the logic node B2 comprises a first field name y1 and field content y 2. The electronic device performs matching based on the boolean logic rule in the first rule file according to the field name X1 and the field content X2 of the request header network protocol field X and the field name Y1 and the field content Y2 of the request header network protocol field Y. The field name X1 and the field content X2 of the request header network protocol field X, and the field name Y1 and the field content Y2 of the request header network protocol field Y are not consistent with the field name z1 and the field content z2 of the logical node B1 in the boolean logic rule B, at this time, because the boolean logic character is an or logic character, only one of the two logical nodes needs to be satisfied, the electronic device continues subsequent operations, the field name Y1 and the field content Y2 of the request header network protocol field Y are consistent with the field name Y1 and the field content Y2 of the logical node B2 in the boolean logic rule B, and at this time, based on successful matching of the boolean logic rule, the electronic device matches the target application identifier N corresponding to the boolean logic rule B in the first rule file.
In the embodiment of the invention, the field set contains field names and field contents of a plurality of network protocol fields, the Boolean logic rule contains a plurality of logic nodes, and the Boolean logic character is an OR logic character. The detailed description is that according to the field names and the field contents of the multiple network protocol fields, the target application identifiers corresponding to the Boolean logic rules meeting the second condition are matched in the first rule file, wherein the second condition is that the field names of the multiple network protocol fields are consistent with the first field name of any one of the multiple logic nodes, the field contents corresponding to the field names in the multiple network protocol fields are consistent with the first field contents of the determined logic nodes, and the determined logic nodes are the logic nodes with the field names consistent with the first field names. Therefore, parallel application fingerprint detection based on a plurality of network protocol fields is realized through matching based on Boolean logic rules in the first rule file, and efficient application fingerprint detection is further realized.
According to the method for detecting an application fingerprint provided by the embodiment of the present invention, the step of matching, according to the field name and the field content of the network protocol field, a target application identifier corresponding to a satisfied boolean logic rule in a first rule file further includes:
and when the target application identification corresponding to the network protocol field is successfully matched in the first rule file, stopping subsequent matching.
Specifically, when the field name and the field content of the network protocol field are successfully matched with the target application identifier corresponding to the satisfied boolean logic rule in the first rule file, the electronic device may stop subsequent matching.
In one example, the first rule file has boolean logic rules a and B, and when the field name and the field content of the network protocol field are matched with the boolean logic rules a and B at the same time, the matching of the boolean logic rule B is stopped when the field name and the field content are successfully matched with the target application identifier corresponding to the boolean logic rule a.
In the embodiment of the invention, when the target application identifier corresponding to the matched Boolean logic rule is successfully matched in the first rule file according to the field name and the field content of the network protocol field, the subsequent matching is stopped. When the matching is successful, the follow-up matching is stopped, the resources are saved, and the efficient application fingerprint detection is realized by utilizing the saved resources.
According to the detection method of the application fingerprint provided by the embodiment of the invention, the target application fingerprint information comprises application attribute information and application source information, wherein the application attribute information comprises an application name, an application description and an application version, and the application source information comprises an IP address and port information; step S14 specifically includes the following steps:
s131, according to the target application identifier, the application description, the application version, the IP address and the port information are matched in the second rule file, the target application name, the application description and the application version are used as the application attribute information, and the IP address and the port information are used as the application source information.
Specifically, the electronic device may match the application description, the application version, the IP address, and the port information in the second rule file according to the target application identification. And taking the application name, the application description and the application version as application attribute information, and taking the IP address and the port information as application source information.
S132, generating the target application fingerprint information according to the application attribute information and the application source information.
Specifically, the electronic device may generate the target application fingerprint information according to the application attribute information and the application source information.
In the embodiment of the present invention, the application description, the application version, the IP address, and the port information are matched in the second rule file according to the target application identifier, the target application name, the application description, and the application version are used as the application attribute information, the IP address and the port information are used as the application source information, and the target application fingerprint information is generated according to the application attribute information and the application source information. The parallel application fingerprint detection based on a plurality of network protocol fields is realized, and further, the efficient application fingerprint detection is realized.
The following describes the detection apparatus using fingerprints provided by the present invention, and the detection apparatus using fingerprints described below and the detection method using fingerprints described above can be referred to correspondingly.
The present invention also provides a detection apparatus using a fingerprint, as shown in fig. 3, including:
the acquiring unit 31 is configured to acquire network traffic data.
The parsing unit 32 is configured to input the network traffic data into a decoder, and obtain a plurality of network protocol fields, where the network protocol fields include field names and field contents.
A first matching unit 33, configured to perform boolean logic rule-based matching in a first rule file according to the field names and the field contents of the multiple network protocol fields to obtain corresponding target application identifiers, where the first rule file is a file stored locally, and the first rule file pre-stores a boolean logic rule and an application identifier corresponding to the boolean logic rule, where the boolean logic rule has boolean logic characters and at least one logic node, and the logic node includes a first field name and a first field content.
A second matching unit 34, configured to match, according to the target application identifier, corresponding target application fingerprint information in a second rule file, where the second rule file is a file stored locally, and the second rule file pre-stores the application identifier and the application fingerprint information corresponding to the application identifier.
In the embodiment of the invention, network flow data is input into a decoder by acquiring the network flow data, a plurality of network protocol fields are acquired, wherein the network protocol fields comprise field names and field contents, Boolean logic rule-based matching is carried out in a first rule file according to the field names and the field contents of the plurality of network protocol fields to acquire corresponding target application identifiers, wherein the first rule file is a file stored locally, the first rule file is pre-stored with Boolean logic rules and application identifiers corresponding to the Boolean logic rules, the Boolean logic rules are provided with at least one logic node connected through Boolean logic characters, the logic node comprises the first field names and the first field contents, the corresponding target application fingerprint information is matched in a second rule file according to the target application identifiers, the second rule file is a file stored locally, the second rule file is pre-stored with application identification and application fingerprint information corresponding to the application identification. According to the invention, parallel application fingerprint detection based on a plurality of network protocol fields is realized through matching based on Boolean logic rules in the first rule file, so that high-efficiency application fingerprint detection is realized.
According to the detection device for the application fingerprint provided by the invention, the network protocol field comprises a request head network protocol field, a request body network protocol field, a response head network protocol field and a response body network protocol field;
the parsing unit 32 is specifically configured to input the network traffic data into a decoder, and decode the network traffic data according to a preset decoding rule to obtain a request header, a request body, a response header and a response body;
decoding the request header, the request body, the response header and the response body according to a preset decoding rule to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header and a response body field set corresponding to the response body;
wherein the request header field set comprises a field name and field contents of at least one request header network protocol field, the request body field set comprises a field name and field contents of at least one request body network protocol field, the response header field set comprises a field name and field contents of at least one response header network protocol field, and the response body field set comprises a field name and field contents of at least one response body network protocol field.
According to the detection apparatus for applying fingerprints provided by the present invention, the first matching unit 33 is specifically configured to sequentially match, in the first rule file, the field name of the network protocol field in each field set and the target application identifier corresponding to the boolean logic rule to which the field content conforms, according to the field sets of different types and the corresponding preset sequence.
According to the apparatus for detecting an application fingerprint provided by the present invention, the first matching unit 33 is specifically configured to match, for each field set, a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field;
and the corresponding Boolean logic rule is a Boolean logic rule which has a logic node consistent with the field name and the field content and meets the corresponding condition of the Boolean logic character.
According to the detection device for applying fingerprints provided by the invention, the field set contains the field names and the field contents of a plurality of network protocol fields; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are AND logic characters;
the first matching unit 33 is specifically configured to match, according to the field names and the field contents of the multiple network protocol fields, the target application identifier corresponding to the boolean logic rule meeting the first condition in the first rule file;
wherein the first condition is that the field names of the plurality of network protocol fields simultaneously satisfy agreement with the first field names in the plurality of logical nodes, and the field contents of the plurality of network protocol fields corresponding to the field names simultaneously satisfy agreement with the first field contents in the plurality of logical nodes.
According to the detection device for applying fingerprints provided by the invention, the field set contains the field names and the field contents of a plurality of network protocol fields; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are OR logic characters;
the step of matching a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field includes:
matching the target application identification corresponding to the Boolean logic rule meeting a second condition in a first rule file according to the field names and the field contents of the plurality of network protocol fields;
the second condition is that the field names of the network protocol fields are consistent with the first field name of any one of the logical nodes, the field contents corresponding to the field names in the network protocol fields are consistent with the first field contents of a determined logical node, and the determined logical node is a logical node with the field name consistent with the first field name.
According to the apparatus for detecting an application fingerprint provided by the present invention, the first matching unit 33 is specifically configured to stop subsequent matching when the field name and the field content of the network protocol field are successfully matched to the target application identifier corresponding to a satisfied boolean logic rule in the first rule file.
According to the detection device of the application fingerprint provided by the invention, the target application fingerprint information comprises application attribute information and application source information, wherein the application attribute information comprises an application name, an application description and an application version, and the application source information comprises an IP address and port information;
the second matching unit 34 is specifically configured to match the application description, the application version, the IP address, and the port information in the second rule file according to the target application identifier, use the target application name, the application description, and the application version as the application attribute information, and use the IP address and the port information as the application source information;
and generating the target application fingerprint information according to the application attribute information and the application source information.
Fig. 4 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 4: a processor (processor)410, a communication Interface 420, a memory (memory)430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. The processor 410 may invoke logic instructions in the memory 430 to perform a method of detecting an application fingerprint, the method comprising: acquiring network flow data; inputting the network flow data into a decoder to obtain a plurality of network protocol fields connected through Boolean logic; matching corresponding target application identifications in a first rule file according to the plurality of network protocol fields, wherein the first rule file is a file stored locally, and the fields and the application identifications corresponding to the fields are prestored in the first rule file; and matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product including a computer program, the computer program being stored on a non-transitory computer-readable storage medium, wherein when the computer program is executed by a processor, a computer is capable of executing the method for detecting an application fingerprint provided by the above methods, the method including: acquiring network flow data; inputting the network flow data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields comprise field names and field contents; performing boolean logic rule-based matching in a first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain corresponding target application identifiers, wherein the first rule file is a file stored locally, the first rule file pre-stores boolean logic rules and application identifiers corresponding to the boolean logic rules, the boolean logic rules have at least one logic node connected through boolean logic characters, and the logic node includes a first field name and a first field content; and matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, the computer program, when being executed by a processor, implementing a method for detecting an application fingerprint provided by the above methods, the method including: acquiring network flow data; inputting the network flow data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields comprise field names and field contents; performing boolean logic rule-based matching in a first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain corresponding target application identifiers, wherein the first rule file is a file stored locally, the first rule file pre-stores boolean logic rules and application identifiers corresponding to the boolean logic rules, the boolean logic rules have at least one logic node connected through boolean logic characters, and the logic node includes a first field name and a first field content; and matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (12)
1. A detection method using fingerprints, comprising:
acquiring network flow data;
inputting the network flow data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields comprise field names and field contents;
performing boolean logic rule-based matching in a first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain corresponding target application identifiers, wherein the first rule file is a file stored locally, the first rule file pre-stores boolean logic rules and application identifiers corresponding to the boolean logic rules, the boolean logic rules have at least one logic node connected through boolean logic characters, and the logic node includes a first field name and a first field content;
and matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file.
2. The method for detecting the application fingerprint according to claim 1, wherein the network protocol field comprises a request header network protocol field, a request body network protocol field, a response header network protocol field and a response body network protocol field;
the step of inputting the network traffic data into a decoder to obtain field names and field contents of a plurality of network protocol fields includes:
inputting the network flow data into a decoder, and decoding according to a preset decoding rule to obtain a request head, a request body, a response head and a response body;
decoding the request header, the request body, the response header and the response body according to a preset decoding rule to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header and a response body field set corresponding to the response body;
wherein the request header field set comprises a field name and field contents of at least one request header network protocol field, the request body field set comprises a field name and field contents of at least one request body network protocol field, the response header field set comprises a field name and field contents of at least one response header network protocol field, and the response body field set comprises a field name and field contents of at least one response body network protocol field.
3. The method according to claim 2, wherein the step of performing boolean rule-based matching in the first rule file according to the field names and the field contents of the plurality of network protocol fields to obtain the corresponding target application identifiers comprises:
and according to the field sets of different types and the corresponding preset sequence, sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the Boolean logic rule to which the field content conforms in a first rule file.
4. The method according to claim 3, wherein the step of sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the boolean logic rule to which the field content conforms in the first rule file comprises:
for each field set, matching a target application identifier corresponding to a satisfied Boolean logic rule in a first rule file according to the field name and the field content of the network protocol field;
and the corresponding Boolean logic rule is a Boolean logic rule which has a logic node consistent with the field name and the field content and meets the corresponding condition of the Boolean logic character.
5. The method for detecting application fingerprints according to claim 4, wherein the field names and the field contents of a plurality of network protocol fields are contained in the field set; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are AND logic characters;
the step of matching a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field includes:
matching the target application identification corresponding to the Boolean logic rule meeting a first condition in a first rule file according to the field names and the field contents of the plurality of network protocol fields;
wherein the first condition is that the field names of the plurality of network protocol fields simultaneously satisfy agreement with the first field names in the plurality of logical nodes, and the field contents of the plurality of network protocol fields corresponding to the field names simultaneously satisfy agreement with the first field contents in the plurality of logical nodes.
6. The method for detecting application fingerprints according to claim 4, wherein the field names and the field contents of a plurality of network protocol fields are contained in the field set; the Boolean logic rule comprises a plurality of logic nodes, and the Boolean logic characters are OR logic characters;
the step of matching a target application identifier corresponding to a satisfied boolean logic rule in a first rule file according to the field name and the field content of the network protocol field includes:
matching the target application identification corresponding to the Boolean logic rule meeting a second condition in a first rule file according to the field names and the field contents of the plurality of network protocol fields;
the second condition is that the field names of the network protocol fields are consistent with the first field name of any one of the logical nodes, the field contents corresponding to the field names in the network protocol fields are consistent with the first field contents of a determined logical node, and the determined logical node is a logical node with the field name consistent with the first field name.
7. The method for detecting application fingerprints according to claim 4, wherein the step of matching, according to the field name and the field content of the network protocol field, the target application identifier corresponding to the satisfied boolean logic rule in the first rule file further includes:
and stopping subsequent matching when the target application identifier corresponding to the matched Boolean logic rule is successfully matched in the first rule file according to the field name and the field content of the network protocol field.
8. The detection method of the application fingerprint according to claim 1, wherein the target application fingerprint information comprises application attribute information and application source information, wherein the application attribute information comprises an application name, an application description and an application version, and the application source information comprises an IP address and port information;
the step of matching the target application fingerprint information in the second rule file according to the target application identifier includes:
matching the application description, the application version, the IP address and the port information in the second rule file according to the target application identifier, taking the target application name, the application description and the application version as the application attribute information, and taking the IP address and the port information as the application source information;
and generating the target application fingerprint information according to the application attribute information and the application source information.
9. A sensing device using a fingerprint, comprising:
the acquisition unit is used for acquiring network flow data;
the analysis unit is used for inputting the network flow data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields comprise field names and field contents;
a first matching unit, configured to perform boolean logic rule-based matching in a first rule file according to the field names and the field contents of the multiple network protocol fields to obtain corresponding target application identifiers, where the first rule file is a file stored locally, the first rule file pre-stores a boolean logic rule and an application identifier corresponding to the boolean logic rule, the boolean logic rule has boolean logic characters and at least one logic node, and the logic node includes a first field name and a first field content;
and the second matching unit is used for matching corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are prestored in the second rule file.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method for detecting an application fingerprint according to any one of claims 1 to 8 are implemented when the processor executes the program.
11. A non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the detection method of application fingerprints according to any one of claims 1 to 8.
12. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the steps of the detection method of application fingerprints according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111619007.8A CN114492376A (en) | 2021-12-27 | 2021-12-27 | Application fingerprint detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111619007.8A CN114492376A (en) | 2021-12-27 | 2021-12-27 | Application fingerprint detection method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114492376A true CN114492376A (en) | 2022-05-13 |
Family
ID=81496029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111619007.8A Pending CN114492376A (en) | 2021-12-27 | 2021-12-27 | Application fingerprint detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114492376A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103886376A (en) * | 2007-11-09 | 2014-06-25 | 万特里克斯公司 | System and method for rule based content filtering |
| CN105678188A (en) * | 2016-01-07 | 2016-06-15 | 杨龙频 | Anti-leakage protocol identification method and device for database |
| US10079854B1 (en) * | 2015-12-18 | 2018-09-18 | Amazon Technologies, Inc. | Client-side protective script to mitigate server loading |
| US20190109849A1 (en) * | 2013-04-19 | 2019-04-11 | Pearson Education, Inc. | Authentication integrity protection |
| US20200042495A1 (en) * | 2018-08-03 | 2020-02-06 | Sap Se | Method and System for Data Transfer Between Databases |
| CN112261645A (en) * | 2020-10-16 | 2021-01-22 | 北京锐驰信安技术有限公司 | Mobile application fingerprint automatic extraction method and system based on grouping and domain division |
| CN112468360A (en) * | 2020-11-13 | 2021-03-09 | 北京安信天行科技有限公司 | Asset discovery identification and detection method and system based on fingerprint |
| CN113177021A (en) * | 2021-04-28 | 2021-07-27 | 中国工商银行股份有限公司 | Data export method and device for different data sources |
| CN113544681A (en) * | 2019-01-21 | 2021-10-22 | 比特梵德知识产权管理有限公司 | Anti-network spoofing system and method |
-
2021
- 2021-12-27 CN CN202111619007.8A patent/CN114492376A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103886376A (en) * | 2007-11-09 | 2014-06-25 | 万特里克斯公司 | System and method for rule based content filtering |
| US20190109849A1 (en) * | 2013-04-19 | 2019-04-11 | Pearson Education, Inc. | Authentication integrity protection |
| US10079854B1 (en) * | 2015-12-18 | 2018-09-18 | Amazon Technologies, Inc. | Client-side protective script to mitigate server loading |
| CN105678188A (en) * | 2016-01-07 | 2016-06-15 | 杨龙频 | Anti-leakage protocol identification method and device for database |
| US20200042495A1 (en) * | 2018-08-03 | 2020-02-06 | Sap Se | Method and System for Data Transfer Between Databases |
| CN113544681A (en) * | 2019-01-21 | 2021-10-22 | 比特梵德知识产权管理有限公司 | Anti-network spoofing system and method |
| CN112261645A (en) * | 2020-10-16 | 2021-01-22 | 北京锐驰信安技术有限公司 | Mobile application fingerprint automatic extraction method and system based on grouping and domain division |
| CN112468360A (en) * | 2020-11-13 | 2021-03-09 | 北京安信天行科技有限公司 | Asset discovery identification and detection method and system based on fingerprint |
| CN113177021A (en) * | 2021-04-28 | 2021-07-27 | 中国工商银行股份有限公司 | Data export method and device for different data sources |
Non-Patent Citations (2)
| Title |
|---|
| 南世慧;魏伟;吴华清;邹金蓉;赵志文;: "基于KNN和GBDT的Web服务器指纹识别技术", 计算机科学, no. 08, 15 August 2018 (2018-08-15) * |
| 闫淑筠;王文杰;张玉清;: "一种有效的Web指纹识别方法", 中国科学院大学学报, no. 05, 15 September 2016 (2016-09-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8745641B1 (en) | Automatic verification and anomaly detection in a representational state transfer (REST) application programming interface | |
| CN108427731B (en) | Page code processing method and device, terminal equipment and medium | |
| CN111273891A (en) | Business decision method and device based on rule engine and terminal equipment | |
| CN110727782A (en) | Question and answer corpus generation method and system | |
| CN112363923B (en) | Testing method and device based on questionnaire system, computer equipment and medium | |
| CN112329043A (en) | Information encryption processing method, device, computer equipment and medium | |
| CN113938408B (en) | Data traffic testing method and device, server and storage medium | |
| CN114418398A (en) | Scene task development method, device, equipment and storage medium | |
| CN116346961B (en) | Financial message processing method and device, electronic equipment and storage medium | |
| CN111680303B (en) | Vulnerability scanning method and device, storage medium and electronic equipment | |
| CN106557974B (en) | IMIX protocol data processing method and system | |
| CN109408104B (en) | Method and device for acquiring game integration information | |
| CN112883088B (en) | Data processing method, device, equipment and storage medium | |
| CN112363939A (en) | Method, system and equipment for quickly generating fuzzy test network protocol template | |
| CN112365192A (en) | Method for establishing flow model in manufacturing execution system, electronic device and method for analyzing flow model | |
| CN114492376A (en) | Application fingerprint detection method and device and electronic equipment | |
| CN115437703A (en) | Business process arranging method, device, equipment and storage medium | |
| CN111767544B (en) | Multi-frequency replay attack vulnerability determination method, device, equipment and readable storage medium | |
| CN113821692A (en) | Data processing method, device, server and storage medium | |
| CN112786041A (en) | Voice processing method and related equipment | |
| CN115168673B (en) | Data graphical processing method, device, equipment and storage medium | |
| CN111221843A (en) | Big data processing method and device | |
| CN111539185B (en) | Job processing method, job processing apparatus, electronic device, and storage medium | |
| WO2023029882A1 (en) | Method and apparatus for determining dependency relationship between services, electronic device, and computer readable storage medium | |
| CN116382640A (en) | Method, device, equipment and storage medium for managing micro-service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: Qianxin Technology Group Co.,Ltd. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: Qianxin Technology Group Co.,Ltd. Country or region before: China Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |