CN108833384B - Method and system for identifying counterfeit electronic devices - Google Patents
Method and system for identifying counterfeit electronic devices Download PDFInfo
- Publication number
- CN108833384B CN108833384B CN201810554686.7A CN201810554686A CN108833384B CN 108833384 B CN108833384 B CN 108833384B CN 201810554686 A CN201810554686 A CN 201810554686A CN 108833384 B CN108833384 B CN 108833384B
- Authority
- CN
- China
- Prior art keywords
- identifier
- feature information
- information set
- module
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000001914 filtration Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 26
- 238000004590 computer program Methods 0.000 description 14
- 230000003287 optical effect Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- YHVACWACSOJLSJ-UHFFFAOYSA-N n-methyl-n-(1-oxo-1-phenylpropan-2-yl)nitrous amide Chemical compound O=NN(C)C(C)C(=O)C1=CC=CC=C1 YHVACWACSOJLSJ-UHFFFAOYSA-N 0.000 description 6
- 108010001267 Protein Subunits Proteins 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 239000004065 semiconductor Substances 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000000758 substrate Substances 0.000 description 2
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Collating Specific Patterns (AREA)
Abstract
The utility model provides a method for discerning counterfeit electronic equipment, including obtaining message information, message information includes first characteristic information and first sign, does not include in the first characteristic information set that first sign corresponds under the condition of first characteristic information, obtains the first operating system fingerprint that first sign corresponds, and based on first operating system fingerprint, discern whether the electronic equipment that first sign corresponds is counterfeit electronic equipment. The present disclosure also provides a system for identifying counterfeit electronic devices.
Description
Technical Field
The present disclosure relates to a method of identifying a counterfeit electronic device and a system of identifying a counterfeit electronic device.
Background
Enterprises today typically manage a wide variety of devices, such as printers, webcams, IP phones, etc., over a local area network. Some lawbreakers counterfeit the IP and/or MAC of the electronic devices used by themselves into the IP and/or MAC of the devices in the enterprise, so that the electronic devices used by the lawbreakers easily enter the local area network of the enterprise, and a potential huge risk is brought to the enterprise.
In the prior art, a method of detecting whether an operating system fingerprint of a network access device is consistent with a stored operating system fingerprint at intervals is generally adopted to identify a counterfeit device. This method makes it difficult to find counterfeit devices quickly and in a timely manner.
Disclosure of Invention
One aspect of the present disclosure provides a method for identifying counterfeit electronic devices, including obtaining message information, where the message information includes first feature information and a first identifier, obtaining a first operating system fingerprint corresponding to the first identifier when a first feature information set corresponding to the first identifier does not include the first feature information, and identifying, based on the first operating system fingerprint, whether an electronic device corresponding to the first identifier is a counterfeit electronic device.
Optionally, the method further includes acquiring a second operating system fingerprint corresponding to the first identifier when the first identifier appears for the first time, where identifying whether the electronic device corresponding to the first identifier is a counterfeit electronic device based on the first operating system fingerprint includes determining that the electronic device corresponding to the first identifier is a counterfeit electronic device when the first operating system fingerprint is inconsistent with the second operating system fingerprint.
Optionally, the obtaining of the first operating system fingerprint corresponding to the first identifier when the first feature information set corresponding to the first identifier does not include the first feature information includes determining whether the first feature information set is in a learning state when the first feature information set corresponding to the first identifier does not include the first feature information; and under the condition that the first characteristic information set is not in a learning state, acquiring a first operating system fingerprint corresponding to the first identifier.
Optionally, the method further includes adding the first feature information to the first feature information set for updating the first feature information set in a case where the first feature information set is in a learning state.
Optionally, the determining whether the first feature information set is in the learning state includes recording a first occurrence time when the first identifier occurs for the first time, and determining that the first feature information set is in the learning state when a time period from the first occurrence time to a current time of obtaining the message information is within a preset time period.
Optionally, the method further includes, when a first feature information set corresponding to the first identifier includes the first feature information, determining that the electronic device corresponding to the first identifier is not a counterfeit electronic device, updating a time parameter of the first feature information shown in the first feature information set, and when the time parameter is not changed within a preset time range, deleting the first feature information from the first feature information set.
Optionally, the method further includes determining a destination address of the packet information according to the packet information, determining a second feature information set corresponding to the second identifier by using the destination address as a second identifier, and discarding the packet information when the second feature information set includes the second feature information, where the second feature information includes information using the first identifier as the destination address.
Another aspect of the present disclosure provides a system for identifying counterfeit electronic devices, including a first obtaining module, configured to obtain message information, where the message information includes first feature information and a first identifier, a second obtaining module, configured to obtain, under a condition that the first feature information is not included in a first feature information set corresponding to the first identifier, a first operating system fingerprint corresponding to the first identifier, and an identifying module, configured to identify, based on the first operating system fingerprint, whether an electronic device corresponding to the first identifier is a counterfeit electronic device.
Optionally, the system further includes a third obtaining module, configured to obtain, when the first identifier appears for the first time, a second operating system fingerprint corresponding to the first identifier, where the identifying module includes an identifying sub-module, and is configured to determine that the electronic device corresponding to the first identifier is a counterfeit electronic device when the first operating system fingerprint is inconsistent with the second operating system fingerprint.
Optionally, the second obtaining module includes a determining sub-module, configured to determine whether the first feature information set is in a learning state under the condition that the first feature information set corresponding to the first identifier does not include the first feature information, and the obtaining sub-module is configured to obtain the first operating system fingerprint corresponding to the first identifier under the condition that the first feature information set is not in the learning state.
Optionally, the system further includes an updating sub-module, configured to add the first feature information to the first feature information set in a case where the first feature information set is in a learning state, for updating the first feature information set.
Optionally, the determining sub-module includes a recording sub-unit, configured to record a first occurrence time when the first identifier occurs for the first time, and a determining sub-unit, configured to determine that the first feature information set is in a learning state when a time length from the first occurrence time to a current time of obtaining the message information is within a preset time length.
Optionally, the system further includes an updating module, configured to update a time parameter of the first feature information shown in the first feature information set when the first feature information is included in a first feature information set corresponding to the first identifier, and a deleting module, configured to delete the first feature information from the first feature information set when the time parameter is not changed within a preset time range.
Optionally, the system further includes a first determining module configured to determine a destination address of the packet information according to the packet information, a second determining module configured to determine a second feature information set corresponding to the second identifier by using the destination address as a second identifier, and a filtering module configured to discard the packet information when the second feature information set includes the second feature information, where the second feature information includes information using the first identifier as the destination address.
Another aspect of the disclosure provides a non-volatile storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario of a method of identifying a counterfeit electronic device according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a method of identifying a counterfeit electronic device according to an embodiment of the present disclosure;
fig. 3 schematically illustrates a relationship diagram of a first identifier and a first feature information set according to an embodiment of the present disclosure.
Fig. 4 schematically illustrates a flowchart of acquiring a first operating system fingerprint corresponding to a first identifier in a case that first feature information is not included in a first feature information set corresponding to the first identifier according to an embodiment of the present disclosure;
FIG. 5 schematically shows a flow chart of determining whether a first set of feature information is in a learning state, according to an embodiment of the disclosure;
FIG. 6 schematically illustrates a flow chart of a method of identifying a counterfeit electronic device, in accordance with another embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow chart of a method of identifying a counterfeit electronic device, according to another embodiment of the present disclosure;
FIG. 8 schematically illustrates a flow chart of a method of identifying a counterfeit electronic device, in accordance with another embodiment of the present disclosure;
FIG. 9 schematically illustrates a block diagram of a system for identifying counterfeit electronic devices, in accordance with an embodiment of the present disclosure;
FIG. 10 schematically illustrates a block diagram of a system for identifying counterfeit electronic devices, in accordance with another embodiment of the present disclosure;
FIG. 11 schematically shows a block diagram of a second acquisition module according to an embodiment of the disclosure;
FIG. 12 schematically illustrates a block diagram of a second acquisition module according to another embodiment of the present disclosure;
FIG. 13 schematically illustrates a block diagram of a determination submodule according to an embodiment of the disclosure;
FIG. 14 schematically illustrates a block diagram of a system for identifying counterfeit electronic devices, in accordance with another embodiment of the present disclosure;
FIG. 15 schematically illustrates a block diagram of a system for identifying counterfeit electronic devices, in accordance with another embodiment of the present disclosure; and
FIG. 16 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). It will be further understood by those within the art that virtually any disjunctive word and/or phrase presenting two or more alternative terms, whether in the description, claims, or drawings, should be understood to contemplate the possibilities of including one of the terms, either of the terms, or both terms. For example, the phrase "a or B" should be understood to include the possibility of "a" or "B", or "a and B".
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The embodiment of the disclosure provides a method for identifying counterfeit electronic equipment, which includes obtaining message information, where the message information includes first feature information and a first identifier, obtaining a first operating system fingerprint corresponding to the first identifier under the condition that a first feature information set corresponding to the first identifier does not include the first feature information, and identifying whether the electronic equipment corresponding to the first identifier is counterfeit electronic equipment based on the first operating system fingerprint. The method can quickly identify the counterfeit electronic equipment, and the method does not need to detect the network access equipment at intervals, thereby saving network resources.
Fig. 1 schematically illustrates an application scenario of a method of identifying a counterfeit electronic device according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the application scenario may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. The application scenario shown in fig. 1 is, for example, a company interacting a server 105 with terminal devices 101, 102, 103 via a network 104.
The terminal devices 101, 102, 103 include, for example, but are not limited to, printers, web cameras, IP phones, and the like.
The server 105 may generally enable terminal devices to interact with the server 105 via the network 104 by authorizing the terminal devices, e.g. the terminal devices 101, 102, 103 are authorized terminal devices. Typically, the server 105 determines whether the end device is authorized by identifying the IP address and/or MAC of the end device. Some lawbreakers spoof the IP address and/or MAC of an end device used by themselves into the IP address and/or MAC of an authorized end device, thereby intruding into the network. For example, the terminal device 106 in fig. 1 may spoof the IP address and MAC intrusion of any of the terminal devices 101, 102, 103 into the network 104, thereby posing a significant hazard to the company.
In this regard, the present disclosure provides a method of quickly identifying counterfeit electronic devices. Embodiments of the disclosed embodiments are described below with reference to fig. 2 to 8.
FIG. 2 schematically illustrates a flow chart of a method of identifying a counterfeit electronic device according to an embodiment of the disclosure.
As shown in fig. 2, the method includes operations S210 to S230.
In operation S210, message information is acquired, where the message information includes first feature information and a first identifier.
In operation S220, in a case that the first feature information is not included in the first feature information set corresponding to the first identifier, a first operating system fingerprint corresponding to the first identifier is obtained.
In operation S230, whether the electronic device corresponding to the first identifier is a counterfeit electronic device is identified based on the first operating system fingerprint.
The method can quickly identify the counterfeit electronic equipment, and the method does not need to detect the network access equipment at intervals, thereby saving network resources.
According to an embodiment of the present disclosure, in operation S210, for example, a triplet composed of a destination address, a destination port, and a protocol type is used as first feature information, and a source IP address is used as a first identifier, where the source IP address may be an IP address of a sender. The message information may be obtained by accessing a mirror port on the switch to obtain a message, and then analyzing the obtained message to obtain the message information in the message.
According to an embodiment of the present disclosure, in operation S220, the first feature information set includes a plurality of feature information, each of which may be, for example, a triplet composed of a destination address, a destination port, and a protocol type. And if the first characteristic information does not exist in the plurality of characteristic information, acquiring a first operating system fingerprint corresponding to the first identifier. According to an embodiment of the present disclosure, different first identifications may correspond to different first sets of feature information.
Fig. 3 schematically illustrates a relationship diagram of a first identifier and a first feature information set according to an embodiment of the present disclosure.
As shown in fig. 3, a plurality of first feature information sets, for example, a first feature information set a310 and a first feature information set B320, are included in the scenario.
The first identity may be a source IP address, the first identity 192.168.0.1 corresponds to a first set of feature information a310, the first set of feature information a310 comprising a triplet 311 and a triplet 312, wherein the triplet 311 comprises a destination address 10.1.1.2, a destination port 80 and a protocol type tcp, and the triplet 312 comprises a destination address 192.2.2.1, a destination port 1100 and a protocol type udp.
The second identity 192.168.1.1 corresponds to the first set of feature information B320, the first set of feature information B320 comprising a triplet 321 and a triplet 322, wherein the triplet 321 comprises the destination address 10.3.1.2, the destination port 20 and the protocol type tcp and the triplet 322 comprises the destination address 192.2.2.1, the destination port 1100 and the protocol type udp.
It should be understood that fig. 3 is merely a schematic representation to assist those skilled in the art in better understanding the embodiments of the present disclosure, and it is not intended that the embodiments of the present disclosure may be otherwise embodied.
Referring back to fig. 2, in operation S220, the first feature information is not included in the first feature information set corresponding to the first identifier, for example, if the obtained first identifier is 192.168.0.1, and the first feature information is the destination address 10.3.2.2, the destination port 10, and the protocol type tcp, in the scenario shown in fig. 3, the first feature information destination address 10.3.2.2, the destination port 10, and the protocol type tcp are not included in the first feature information set a310 corresponding to the first identifier 192.168.0.1. In operation S220, a first operating system fingerprint corresponding to the first identifier is obtained, for example, a Network sniff (NMAP) scan is performed on the electronic device corresponding to the first identifier to obtain the first operating system fingerprint. According to the embodiment of the disclosure, when the first feature information is not included in the first feature information set corresponding to the first identifier, scanning of a first operating system fingerprint of the electronic device corresponding to the first identifier is triggered.
Fig. 4 schematically shows a flowchart for acquiring a first operating system fingerprint corresponding to a first identifier in a case that first feature information is not included in a first feature information set corresponding to the first identifier according to an embodiment of the present disclosure.
As shown in fig. 4, the method includes operations S221 and S222.
In operation S221, in a case that the first feature information is not included in the first feature information set corresponding to the first identifier, it is determined whether the first feature information set is in a learning state.
In operation S222, in a case that the first feature information set is not in a learning state, a first operating system fingerprint corresponding to the first identifier is acquired.
According to the embodiment of the present disclosure, in operation S221, the first feature information set corresponding to the first identifier is in a learning state, for example, the first feature information set does not include all feature information yet, and feature information different from that in the first feature information set needs to be further added to the first feature information set to complete the first feature information set.
Fig. 5 schematically shows a flowchart of determining whether the first feature information set is in the learning state according to operation S221 of the embodiment of the present disclosure.
As shown in fig. 5, the method includes operations S510 and S520.
In operation S510, in the case where the first identifier occurs for the first time, a time of the first occurrence is recorded.
In operation S520, it is determined that the first feature information set is in a learning state when a time period from the first occurrence time to the current time of acquiring the message information is within a preset time period.
According to an embodiment of the present disclosure, in operation S510, for example, when the first identifier 192.168.0.1 first appears, a time t0 of the first occurrence is recorded.
According to the embodiment of the present disclosure, in operation S520, for example, the preset time is 30 minutes, the current time for acquiring the message information is t1, and if the time length from t0 to t1 is 20 minutes, it is determined that the first feature information is in the learning state. For another example, the current time for acquiring the message information is t2, and if the time length from t0 to t1 is 200 minutes, it is determined that the first feature information set is not in the learning state.
Referring back to fig. 4, in operation S222, in a case where the first feature information set is not in the learning state, a first operating system fingerprint corresponding to the first identifier is acquired. For example, in a case that the first feature information set is not in the learning state, the electronic device corresponding to the first identifier is scanned by the NMAP tool to obtain a first operating system fingerprint of the electronic device corresponding to the first identifier.
According to an embodiment of the present disclosure, in a case where a first feature information set is in a learning state, the first feature information is added to the first feature information set to update the first feature information set. According to the embodiment of the present disclosure, when the first feature information set is in the learning state, the first feature information that is not present in the first feature information set is added to the first feature information set, and the first feature information set is refined.
Referring back to fig. 2, in operation S230, it is identified whether the electronic device corresponding to the first identifier is a counterfeit electronic device based on the first operating system fingerprint. For example, if the first operating system fingerprint indicates that the operating system of the electronic device corresponding to the first identifier is a window system, and the preset operating system of the real electronic device is a linux system, it is determined that the electronic device corresponding to the first identifier is a counterfeit electronic device.
According to the embodiment of the disclosure, the method further includes, under the condition that the first identifier appears for the first time, acquiring a second operating system fingerprint corresponding to the first identifier. For example, when the first identifier 192.168.0.1 appears for the first time, the electronic device corresponding to the first identifier 192.168.0.1 is scanned by using the NMAP to obtain the second operating system fingerprint of the electronic device corresponding to the first identifier 192.168.0.1, and when the first identifier 192.168.0.1 appears for the first time, the scanned second operating system fingerprint may be used as the operating system fingerprint of the real electronic device. In operation S230, identifying whether the electronic device corresponding to the first identifier is a counterfeit electronic device based on the first operating system fingerprint includes determining that the electronic device corresponding to the first identifier is a counterfeit electronic device when the first operating system fingerprint is inconsistent with the second operating system fingerprint.
For example, when a first identifier in the currently obtained message information is 192.168.0.1 and first feature information, and a first feature information set corresponding to the first identifier does not include the first feature information, NMAP scanning is triggered to be performed on the electronic device corresponding to the first identifier 192.168.0.1, a first operating system fingerprint of the electronic device corresponding to the first identifier 192.168.0.1 is obtained, the first operating system fingerprint is compared with a second operating system fingerprint obtained when the first identifier appears for the first time, if the first operating system fingerprint is consistent with the second operating system fingerprint, it is determined that the electronic device with the current first identifier 192.168.0.1 is a real electronic device, and if the first operating system fingerprint is inconsistent with the second operating system fingerprint, it is determined that the electronic device with the current first identifier 192.168.0.1 is a counterfeit electronic device.
FIG. 6 schematically shows a flow chart of a method of identifying a counterfeit electronic device according to another embodiment of the present disclosure.
As shown in fig. 6, the method further includes operations S610 and S620 on the basis of the foregoing embodiment.
In operation S610, when the first feature information is included in the first feature information set corresponding to the first identifier, it is determined that the electronic device corresponding to the first identifier is not a counterfeit electronic device, and the time parameter of the first feature information shown in the first feature information set is updated.
In operation S620, in the case that the time parameter is not changed within a preset time range, the first feature information is deleted from the first feature information set.
The method can identify the abnormal first characteristic information and delete the abnormal first characteristic information to prevent the unidentified counterfeit electronic equipment from invading again.
According to an embodiment of the present disclosure, in operation S610, the first set of characteristic information may further include a time parameter, which may be used to characterize, for example, a current time of the current first identification access destination address and a current time of the destination port.
According to the embodiment of the present disclosure, in operation S620, for example, if the preset time is 24 hours, in the scenario shown in fig. 3, if the time parameter of the first feature information 311 in the first feature information set a310 is not changed within 24 hours, the first feature information 311 is deleted from the first feature information set.
FIG. 7 schematically illustrates a flow chart of a method of identifying a counterfeit electronic device, according to another embodiment of the present disclosure.
As shown in fig. 7, the method includes operations S710 to S730.
In operation S710, a destination address of the message information is determined according to the message information.
In operation S720, the destination address is used as a second identifier, and a second feature information set corresponding to the second identifier is determined.
In operation S730, in a case that the second feature information set includes second feature information, the message information is discarded, where the second feature information includes information using the first identifier as a destination address.
The method can improve the working efficiency of identifying the counterfeit electronic equipment and reduce the probability of misjudgment.
According to an embodiment of the present disclosure, in operation S710, for example, a message is acquired and parsed to acquire message information, which includes a destination address.
According to the embodiment of the present disclosure, in operation S720, for example, the destination address in the obtained message information is 192.168.1.1, the destination address 192.168.1.1 is used as a second identifier, and a second feature information set corresponding to the second identifier is determined, for example, the first feature information set B320 shown in fig. 3.
According to the embodiment of the present disclosure, in operation S730, for example, the first identifier in the obtained message information is 10.3.1.2, and the first feature information includes the destination address 192.168.1.1, the destination port 50, and the protocol type tcp. For example, in the scenario shown in fig. 3, the destination address 192.168.1.1 corresponds to the second identifier, the second feature information set B320 includes, in the second feature information set B320, the second feature information 322 that uses the first identifier 10.3.1.2 as the destination address, and then the currently acquired packet is discarded.
FIG. 8 schematically illustrates a flow chart of a method of identifying a counterfeit electronic device, according to another embodiment of the present disclosure.
As shown in fig. 8, the method includes operations S810 to S880, S821, S831, S841, and S851.
In operation S810, similar to operation S210 described above, message information is obtained, the message information including the first characteristic information and the first identifier.
In operation S820, the first identifier is, for example, a source IP address, and it is determined whether the source IP address is first present.
If the first time, operation S821 is executed, and the second os fingerprint of the electronic device corresponding to the source IP address is scanned and stored.
If the message does not appear for the first time, operation S830 is performed to determine whether the message needs to be discarded, for example, the method described in fig. 7 is performed. If the packet needs to be discarded, operation S831 is performed to discard the packet.
If the packet does not need to be discarded, operation S840 is performed to determine whether the first feature information of the packet is in the first feature information set. If it is in the first feature information set, operation S841 is performed, and the time parameter of the first feature information in the first feature information set is updated, similar to operation S610 described above.
If the first feature information set is not included in the first feature information set, operation S850 is performed to determine whether the first feature information set is in the learning state, and if the first feature information set is in the learning state, operation S851 is performed to add the first feature information to the first feature information set.
If not, operation S860 is executed, similar to operation S220 described above, to trigger scanning of the first operating system fingerprint of the electronic device corresponding to the source IP address.
Then, operation S870 is performed to determine whether the first operating system fingerprint and the second operating system fingerprint are consistent. If not, operation S880 is performed to confirm that the electronic device corresponding to the source IP is a counterfeit electronic device.
FIG. 9 schematically illustrates a block diagram of a system 900 for identifying counterfeit electronic devices, in accordance with an embodiment of the present disclosure.
As shown in FIG. 9, a system 900 for identifying counterfeit electronic devices includes a first acquisition module 910, a second acquisition module 920, and an identification module 930.
The first obtaining module 910 is configured to obtain message information, where the message information includes first feature information and a first identifier. According to the embodiment of the present disclosure, for example, a triplet composed of a destination address, a destination port, and a protocol type is used as the first feature information, and a source IP address is used as the first identifier, where the source IP address may be an IP address of a sender. The message information may be obtained by accessing a mirror port on the switch to obtain a message, and then analyzing the obtained message to obtain the message information in the message.
The second obtaining module 920 is configured to obtain a first operating system fingerprint corresponding to the first identifier when the first feature information set corresponding to the first identifier does not include the first feature information. According to an embodiment of the present disclosure, the first set of characteristic information includes at least one first characteristic information, for example, a triplet of a destination address, a destination port, and a protocol type. According to an embodiment of the present disclosure, different first identifications may correspond to different first sets of feature information.
The identifying module 930 is configured to identify whether the electronic device corresponding to the first identifier is a counterfeit electronic device based on the first operating system fingerprint. According to the embodiment of the disclosure, for example, if the first operating system fingerprint indicates that the operating system of the electronic device corresponding to the first identifier is a window system, and the preset operating system of the real electronic device is a linux system, it is determined that the electronic device corresponding to the first identifier is a counterfeit electronic device.
FIG. 10 schematically illustrates a block diagram of a system 1000 for identifying a counterfeit electronic device, in accordance with another embodiment of the present disclosure.
As shown in fig. 10, the system 900 for identifying counterfeit electronic devices further includes a third obtaining module 1010 on the basis of the foregoing embodiments, wherein the identifying module 930 includes an identifying sub-module 931.
The third obtaining module 1010 is configured to obtain a second operating system fingerprint corresponding to the first identifier when the first identifier occurs for the first time. According to the embodiment of the disclosure, for example, when the first identifier 192.168.0.1 appears for the first time, NMAP scanning is triggered to be performed on the electronic device corresponding to the first identifier 192.168.0.1 to obtain the second operating system fingerprint of the electronic device corresponding to the first identifier 192.168.0.1, and when the first identifier 192.168.0.1 appears for the first time, the scanned second operating system fingerprint may be used as the operating system fingerprint of the real electronic device.
The identification sub-module 931 is configured to determine, when the first operating system fingerprint is inconsistent with the second operating system fingerprint, that the electronic device corresponding to the first identifier is a counterfeit electronic device.
Fig. 11 schematically illustrates a block diagram of the second obtaining module 920 according to an embodiment of the present disclosure.
As shown in fig. 11, the second obtaining module 920 includes a determining sub-module 921 and a obtaining sub-module 922.
The determining sub-module 921 is configured to determine whether the first feature information set is in a learning state or not when the first feature information set corresponding to the first identifier does not include the first feature information.
The obtaining sub-module 922 is configured to obtain a first operating system fingerprint corresponding to the first identifier when the first feature information set is not in a learning state. According to the embodiment of the disclosure, for example, in the case that the first feature information set is not in the learning state, the electronic device corresponding to the first identifier is scanned by using the NMAP to obtain the first operating system fingerprint of the electronic device corresponding to the first identifier.
Fig. 12 schematically illustrates a block diagram of the second obtaining module 920 according to another embodiment of the present disclosure.
As shown in fig. 12, the second obtaining module 920 further includes an updating sub-module 923 on the basis of the foregoing embodiments.
The updating sub-module 923 is configured to, if the first set of feature information is in a learning state, add the first feature information to the first set of feature information for updating the first set of feature information.
Fig. 13 schematically illustrates a block diagram of the determination sub-module 921 according to an embodiment of the present disclosure.
As shown in fig. 13, the judgment sub-module 921 includes a recording sub-unit 1310 and a determination sub-unit 1320.
The recording subunit 1310 is configured to record a time of the first occurrence if the first identifier occurs for the first time. According to an embodiment of the present disclosure, the time t0 of the first occurrence is recorded, for example, when the first indication 192.168.0.1 first occurs.
The determining subunit 1320 is configured to determine that the first feature information is in a learning state when a time length from the first occurrence time to the current time of obtaining the message information is within a preset time length. According to the embodiment of the present disclosure, for example, the preset time is, for example, 30 minutes, the current time for acquiring the message information is t1, and if the time length from t0 to t1 is 20 minutes, it is determined that the first feature information is in the learning state. For another example, the current time for acquiring the message information is t2, and if the time length from t0 to t1 is 200 minutes, it is determined that the first feature information is not in the learning state.
FIG. 14 schematically illustrates a block diagram of a system 1400 for identifying a counterfeit electronic device, in accordance with another embodiment of the present disclosure.
As shown in fig. 14, the system 1400 for identifying counterfeit electronic devices further includes an update module 1410 and a delete module 1420 based on the foregoing embodiments.
The updating module 1410 is configured to update a time parameter of the first feature information shown in the first feature information set when the first feature information is included in the first feature information set corresponding to the first identifier. According to an embodiment of the present disclosure, the first set of characteristic information may further comprise, for example, a time parameter, which may be used, for example, to characterize a current time at which the current first identification accesses the destination address, the destination port.
The deleting module 1420 is configured to delete the first feature information from the first feature information set if the time parameter is not changed within a preset time range. According to the embodiment of the present disclosure, for example, the preset time is 24 hours, in the scenario shown in fig. 3, if the time parameter of the first feature information 311 in the first feature information set a310 is not changed within 24 hours, the first feature information 311 is deleted from the first feature information set.
FIG. 15 schematically illustrates a block diagram of a system 1500 for identifying counterfeit electronic devices, in accordance with another embodiment of the present disclosure.
As shown in fig. 15, the system 1500 for identifying counterfeit electronic devices further includes a first determining module 1510, a second determining module 1520, and a filtering module 1530 in addition to the foregoing embodiments.
The first determining module 1510 is configured to determine a destination address of the message information according to the message information. According to an embodiment of the present disclosure, a message is obtained and parsed, for example, to obtain message information, which includes a destination address.
The second determining module 1520 is configured to determine a second feature information set corresponding to the second identifier by using the destination address as the second identifier. According to the embodiment of the present disclosure, for example, a destination address in the obtained message information is 192.168.1.1, the destination address 192.168.1.1 is used as a second identifier, and a second feature information set corresponding to the second identifier is determined, for example, the first feature information set B320 shown in fig. 3.
The filtering module 1530 is configured to discard the message information when the second feature information set includes second feature information, where the second feature information includes information using the first identifier as a destination address. According to the embodiment of the present disclosure, for example, the first identifier in the obtained message information is 10.3.1.2, and the first feature information includes the destination address 192.168.1.1, the destination port 50, and the protocol type tcp. For example, in the scenario shown in fig. 3, the destination address 192.168.1.1 corresponds to the second identifier, the second feature information set B320 includes, in the second feature information set B320, the second feature information 322 that uses the first identifier 10.3.1.2 as the destination address, and then the currently acquired packet is discarded.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the first obtaining module 910, the second obtaining module 920, the identifying module 930, the third obtaining module 1010, the identifying sub-module 931, the judging sub-module 921, the obtaining sub-module 922, the updating sub-module 923, the recording sub-unit 1310, the determining sub-unit 1320, the updating module 1410, the deleting module 1420, the first determining module 1510, the second determining module 1520, and the filtering module 1530 may be combined and implemented in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the first obtaining module 910, the second obtaining module 920, the identifying module 930, the third obtaining module 1010, the identifying sub-module 931, the determining sub-module 921, the obtaining sub-module 922, the updating sub-module 923, the recording sub-unit 1310, the determining sub-unit 1320, the updating module 1410, the deleting module 1420, the first determining module 1510, the second determining module 1520, and the filtering module 1530 may be at least partially implemented as a hardware circuit, such as Field Programmable Gate Arrays (FPGAs), Programmable Logic Arrays (PLAs), systems on a chip, systems on a substrate, systems on a package, Application Specific Integrated Circuits (ASICs), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging circuits, or in any one of three implementations, software, hardware and firmware, or in any suitable combination of any of them. Alternatively, at least one of the first obtaining module 910, the second obtaining module 920, the identifying module 930, the third obtaining module 1010, the identifying sub-module 931, the judging sub-module 921, the obtaining sub-module 922, the updating sub-module 923, the recording sub-unit 1310, the determining sub-unit 1320, the updating module 1410, the deleting module 1420, the first determining module 1510, the second determining module 1520 and the filtering module 1530 may be at least partially implemented as a computer program module, which may perform corresponding functions when executed.
FIG. 16 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure. The computer system illustrated in FIG. 16 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 16, computer system 1600 includes a processor 1610 and a computer-readable storage medium 1620. The computer system 1600 may perform a method according to an embodiment of the disclosure.
In particular, processor 1610 may comprise, for example, a general-purpose microprocessor, an instruction set processor and/or related chip set and/or a special-purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1610 may also include on-board memory for caching purposes. Processor 1610 may be a single processing unit or multiple processing units for performing different actions of a method flow according to embodiments of the disclosure.
Computer-readable storage medium 1620 may be, for example, any medium that can contain, store, communicate, propagate, or transport instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 1620 may comprise a computer program 1621, which computer program 1621 may comprise code/computer-executable instructions that, when executed by the processor 1610, cause the processor 1610 to perform a method according to an embodiment of the disclosure, or any variant thereof.
The computer programs 1621 may be configured with computer program code, for example, including computer program modules. For example, in an example embodiment, code in computer program 1621 may include one or more program modules, including, for example, module 1621A, module 1621B, … …. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, which when executed by the processor 1610, enable the processor 1610 to perform the method according to the embodiment of the present disclosure or any variation thereof.
According to an embodiment of the present invention, at least one of the first obtaining module 910, the second obtaining module 920, the identifying module 930, the third obtaining module 1010, the identifying sub-module 931, the determining sub-module 921, the obtaining sub-module 922, the updating sub-module 923, the recording sub-unit 1310, the determining sub-unit 1320, the updating module 1410, the deleting module 1420, the first determining module 1510, the second determining module 1520, and the filtering module 1530 may be implemented as a computer program module described with reference to fig. 16, which, when executed by the processor 1610, may implement the corresponding operations described above.
The present disclosure also provides a computer-readable medium, which may be embodied in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable medium carries one or more programs which, when executed, perform the corresponding operations described above.
According to embodiments of the present disclosure, a computer readable medium may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, optical fiber cable, radio frequency signals, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.
Claims (12)
1. A method of identifying a counterfeit electronic device, comprising:
acquiring message information, wherein the message information comprises first characteristic information and a first identifier;
under the condition that a first feature information set corresponding to the first identifier does not include the first feature information, acquiring a first operating system fingerprint corresponding to the first identifier; and
identifying whether the electronic equipment corresponding to the first identification is counterfeit electronic equipment or not based on the first operating system fingerprint;
wherein, in the case that the first feature information is not included in the first feature information set corresponding to the first identifier, acquiring the first operating system fingerprint corresponding to the first identifier includes:
under the condition that a first feature information set corresponding to the first identifier does not include the first feature information, judging whether the first feature information set is in a learning state or not; and
and under the condition that the first characteristic information set is not in a learning state, acquiring a first operating system fingerprint corresponding to the first identifier.
2. The method of claim 1, further comprising:
under the condition that the first identification appears for the first time, acquiring a second operating system fingerprint corresponding to the first identification;
wherein, the identifying whether the electronic device corresponding to the first identifier is a counterfeit electronic device based on the first operating system fingerprint comprises:
and under the condition that the first operating system fingerprint is inconsistent with the second operating system fingerprint, determining that the electronic equipment corresponding to the first identifier is counterfeit electronic equipment.
3. The method of claim 1, further comprising:
adding the first feature information to the first feature information set for updating the first feature information set in a case where the first feature information set is in a learning state.
4. The method of claim 1, wherein the determining whether the first set of feature information is in a learning state comprises:
recording the first occurrence time under the condition that the first identification occurs for the first time; and
and under the condition that the time length from the first occurrence time to the current time of acquiring the message information is within a preset time length, determining that the first characteristic information set is in a learning state.
5. The method of claim 1, further comprising:
under the condition that a first characteristic information set corresponding to the first identifier comprises the first characteristic information, determining that the electronic equipment corresponding to the first identifier is not counterfeit electronic equipment, and updating a time parameter of the first characteristic information shown in the first characteristic information set; and
and deleting the first characteristic information from the first characteristic information set under the condition that the time parameter is not changed within a preset time range.
6. The method of claim 1, further comprising:
determining a destination address of the message information according to the message information;
taking the destination address as a second identifier, and determining a second characteristic information set corresponding to the second identifier; and
and under the condition that the second characteristic information set comprises second characteristic information, discarding the message information, wherein the second characteristic information comprises information using the first identifier as a destination address.
7. A system for identifying counterfeit electronic devices, comprising:
the first acquisition module is used for acquiring message information, and the message information comprises first characteristic information and a first identifier;
a second obtaining module, configured to obtain a first operating system fingerprint corresponding to the first identifier when a first feature information set corresponding to the first identifier does not include the first feature information; and
the identification module is used for identifying whether the electronic equipment corresponding to the first identifier is counterfeit electronic equipment or not based on the first operating system fingerprint;
wherein the second obtaining module comprises:
the judging submodule is used for judging whether the first characteristic information set is in a learning state or not under the condition that the first characteristic information set corresponding to the first identifier does not include the first characteristic information; and
and the obtaining sub-module is used for obtaining a first operating system fingerprint corresponding to the first identifier under the condition that the first characteristic information set is not in a learning state.
8. The system of claim 7, further comprising:
the third acquisition module is used for acquiring a second operating system fingerprint corresponding to the first identifier under the condition that the first identifier appears for the first time;
the identification module comprises an identification submodule and is used for determining that the electronic equipment corresponding to the first identification is counterfeit electronic equipment under the condition that the first operating system fingerprint is inconsistent with the second operating system fingerprint.
9. The system of claim 7, further comprising:
an updating sub-module, configured to add the first feature information to the first feature information set when the first feature information set is in a learning state, so as to update the first feature information set.
10. The system of claim 7, wherein the determining sub-module comprises:
the recording subunit is used for recording the first occurrence time under the condition that the first identifier occurs for the first time; and
and the determining subunit is configured to determine that the first feature information set is in a learning state when a time length from the first occurrence time to the current time of obtaining the message information is within a preset time length.
11. The system of claim 7, further comprising:
an updating module, configured to update a time parameter of first feature information shown in a first feature information set when the first feature information is included in the first feature information set corresponding to the first identifier; and
and the deleting module is used for deleting the first characteristic information from the first characteristic information set under the condition that the time parameter is not changed in a preset time range.
12. The system of claim 7, further comprising:
the first determining module is used for determining a destination address of the message information according to the message information;
a second determining module, configured to determine, using the destination address as a second identifier, a second feature information set corresponding to the second identifier; and
and a filtering module, configured to discard the packet information when the second feature information set includes second feature information, where the second feature information includes information using the first identifier as a destination address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810554686.7A CN108833384B (en) | 2018-05-31 | 2018-05-31 | Method and system for identifying counterfeit electronic devices |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810554686.7A CN108833384B (en) | 2018-05-31 | 2018-05-31 | Method and system for identifying counterfeit electronic devices |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108833384A CN108833384A (en) | 2018-11-16 |
| CN108833384B true CN108833384B (en) | 2021-03-12 |
Family
ID=64145756
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810554686.7A Active CN108833384B (en) | 2018-05-31 | 2018-05-31 | Method and system for identifying counterfeit electronic devices |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108833384B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008029828A1 (en) * | 2006-09-07 | 2008-03-13 | Panasonic Corporation | System for managing identification concerning authentication of electronic device |
| CN102684897A (en) * | 2011-03-14 | 2012-09-19 | 上海宝信软件股份有限公司 | Method for discovering transmission control protocol/Internet protocol (TCP/IP) network private access equipment |
| CN102710770A (en) * | 2012-06-01 | 2012-10-03 | 汪德嘉 | Identification method for network access equipment and implementation system for identification method |
| CN103209411A (en) * | 2012-01-17 | 2013-07-17 | 深圳市共进电子股份有限公司 | Method and device for preventing unauthorized wireless network access |
| CN104426847A (en) * | 2013-08-22 | 2015-03-18 | 腾讯科技(深圳)有限公司 | Method, system and server for securely accessing and verifying an Internet service |
| CN105049421A (en) * | 2015-06-24 | 2015-11-11 | 百度在线网络技术(北京)有限公司 | Authentication method based on use behavior characteristic of user, server, terminal, and system |
| CN105335637A (en) * | 2015-11-03 | 2016-02-17 | 中国联合网络通信集团有限公司 | Authentication method, authentication device and authentication system |
| CN107423613A (en) * | 2017-06-29 | 2017-12-01 | 江苏通付盾信息安全技术有限公司 | The method, apparatus and server of device-fingerprint are determined according to similarity |
-
2018
- 2018-05-31 CN CN201810554686.7A patent/CN108833384B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008029828A1 (en) * | 2006-09-07 | 2008-03-13 | Panasonic Corporation | System for managing identification concerning authentication of electronic device |
| CN102684897A (en) * | 2011-03-14 | 2012-09-19 | 上海宝信软件股份有限公司 | Method for discovering transmission control protocol/Internet protocol (TCP/IP) network private access equipment |
| CN103209411A (en) * | 2012-01-17 | 2013-07-17 | 深圳市共进电子股份有限公司 | Method and device for preventing unauthorized wireless network access |
| CN102710770A (en) * | 2012-06-01 | 2012-10-03 | 汪德嘉 | Identification method for network access equipment and implementation system for identification method |
| CN104426847A (en) * | 2013-08-22 | 2015-03-18 | 腾讯科技(深圳)有限公司 | Method, system and server for securely accessing and verifying an Internet service |
| CN105049421A (en) * | 2015-06-24 | 2015-11-11 | 百度在线网络技术(北京)有限公司 | Authentication method based on use behavior characteristic of user, server, terminal, and system |
| CN105335637A (en) * | 2015-11-03 | 2016-02-17 | 中国联合网络通信集团有限公司 | Authentication method, authentication device and authentication system |
| CN107423613A (en) * | 2017-06-29 | 2017-12-01 | 江苏通付盾信息安全技术有限公司 | The method, apparatus and server of device-fingerprint are determined according to similarity |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108833384A (en) | 2018-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20140351415A1 (en) | Selective packet capture | |
| CN104980343A (en) | Sharing method and system of road condition information, automobile data recorder, and cloud server | |
| US10999225B2 (en) | Ensuring that all users of a group message receive a response to the group message | |
| CN109729095B (en) | Data processing method, data processing device, computing equipment and media | |
| CN110545277B (en) | Risk processing method and device applied to security system, computing equipment and medium | |
| CN103179552A (en) | Method and device for inquiring information of opposite call party | |
| US9226099B2 (en) | Communicating with an owner of an object without the owner's contact information | |
| CN111182072A (en) | Application identification method and device of session request and computer equipment | |
| CN103957306A (en) | Method and device for sharing information between communication terminals | |
| US10686760B2 (en) | Method and system for generating dynamic rules for computer network firewall | |
| CN108833384B (en) | Method and system for identifying counterfeit electronic devices | |
| US10872523B2 (en) | Wireless communication apparatus and wireless communication method | |
| CN104320766A (en) | Spam short message identification method, device and equipment | |
| US10728700B2 (en) | Privacy assurance in location based services | |
| US10536405B2 (en) | Automatically determining and selecting a suitable communication channel to deliver messages to recipient | |
| CN115835162A (en) | Vehicle-end data acquisition device and method, computer program product and vehicle | |
| US20110270970A1 (en) | Network device testing system and method | |
| CN108540469B (en) | Voice processing method and electronic equipment | |
| US20170070859A1 (en) | Future location-based communication with mobile devices | |
| CN114070633A (en) | Address scanning behavior detection method and device | |
| CN115086688A (en) | Interactive video connection method and device, electronic equipment and storage medium | |
| CN113132331A (en) | Abnormal message detection method, device, electronic equipment and medium | |
| CN111800286A (en) | Detection method and device of intranet assets and electronic equipment | |
| CN109451152B (en) | Information transmission method and system based on mobile terminal | |
| US9420417B1 (en) | Facilitating location-based communication with mobile devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100088 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Applicant after: QAX Technology Group Inc. Address before: 100016 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |