CN109063745A - A kind of types of network equipment recognition methods and system based on decision tree - Google Patents
A kind of types of network equipment recognition methods and system based on decision tree Download PDFInfo
- Publication number
- CN109063745A CN109063745A CN201810756175.3A CN201810756175A CN109063745A CN 109063745 A CN109063745 A CN 109063745A CN 201810756175 A CN201810756175 A CN 201810756175A CN 109063745 A CN109063745 A CN 109063745A
- Authority
- CN
- China
- Prior art keywords
- data packet
- decision tree
- characteristic
- network
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The present invention relates to a kind of types of network equipment recognition methods and system based on decision tree, belong to technical field of network security.The method includes acquiring network equipment data traffic, network flow is pre-processed, the HTTP data packet in flow is extracted, by the characteristic vectorization of text type, decision tree-C45 is carried out using feature vector and classifies, finally identify the type of equipment;The present invention can identify types of network equipment using decision tree-C45 algorithm based on network flow.This method is that the type of detection unknown device is gone based on passive approach, will not be captured, can also identify simultaneously for the type of unknown device, and the type of unknown device can be added in system by intruding detection system, improves generalization ability.
Description
Technical field
The present invention relates to network security and machine learning techniques field, more specifically to a kind of based on decision tree
Types of network equipment recognition methods and system.
Background technique
With big data, Internet of Things, IoT(InternetofThings) hair of technology and each communication between devices agreement
It opens up, the terminal device in cyberspace is more and more.A large amount of wireless router, the network printer, voip network phones, network
Digital video camcorder and part industrial control equipment etc. are provided with public network IP address, these equipment and traditional host, server
Current network environment is together constituted with router.According to statistics, in addition to general Websites and host, the terminal of cyberspace is accessed
For number of devices more than 5,000,000, major class is more than 20 kinds.The scale of terminal device is very huge in current network space, type ten
Divide complexity, while bring security risk is also unprecedented.
The targeted identification object of existing many recognition methods is only traditional web server software, as Apache,
Terminal device quantity in IIS, Nginx etc. and now cyberspace is various, the complicated multiplicity of type, and wireless router, network are beaten
The terminal devices systems such as print machine, voip network phone, network digital video video camera realize different, traditional recognition methods
It can not be suitable for current network environment well.Therefore, it is necessary to be improved to traditional recognition method, known with extending to be applicable in
Other object range, reaches using traditional recognition method come the identification to new terminals.
In addition, the various terminal equipment in cyberspace plays key player, network fingerprinting in daily life, office
Need to guarantee the stable operation of terminal device while detection.However, traditional recognition methods in detection network fingerprint often
It needs to send many meaningless probe messages, or sounds out identification object using improper malformed request, such identification
Method is easy to cause buffer overflow to identification object, forms refusal service, as a result terminal device is caused to be unable to operate normally.Cause
This, when identification terminal equipment used probe messages, should be similar to normal request as far as possible, it is ensured that detection process safely may be used
It leans on, while the abnormal flow alarm of the equipment such as firewall will not be caused, or directly passively detection data flow is completed to setting
The identification of standby type.
Summary of the invention
It is easy for the recognition methods that emerging various equipment existing in the prior art are to be identified and deposited
Detected intrusion behavior, the types of network equipment recognition methods based on decision tree that the present invention provides a kind of.It is based on passively
The type for detecting unknown device, will not be captured by intruding detection system, can also identify simultaneously for the type of unknown device, and energy
The type of unknown device is added in system, generalization ability is improved.
The purpose of the present invention is achieved through the following technical solutions:
A kind of types of network equipment recognition methods based on decision tree, comprising:
S1 sample collection procedure: grabbing the network flow of unknown device, obtains the response message letter of the network protocol of unknown device
Breath;
S2 data prediction step: pre-processing response message information, extracts the HTTP data packet of unknown device;
S3 characteristic extraction step: the information for being able to reflect Terminal Equipments characteristics in HTTP data packet is extracted as sample characteristics, is incited somebody to action
The characteristic vectorization of text type;Extract the information that terminal device characteristic is able to reflect in the HTTP data packet being obtained by filtration
As sample characteristics, redundancy is removed to reduce computation complexity and mentions recognition efficiency;To the sample characteristics after extraction
It is pre-processed, by the method for statistical analysis by the characteristic vectorization of text type;For the vectorization procedure of feature
It is excavated inside protocol massages including using TF-IDF method to establish word vector space, and by latent semantic analysis LSA
Potential semantic feature.
The S3 characteristic extraction step further include:
S31 unknown device characteristic vectorization: the characteristic information in the HTTP data packet of unknown device is extracted, by text type
Characteristic vectorization;
S32 known device characteristic vectorization: obtaining the HTTP data packet of known device, by HTTP data packet characteristic information to
Quantization;HTTP-GET request is sent respectively to the network equipment of known device type, is obtained HTTP data packet, is repeated step 3,
The characteristic information in HTTP data packet is extracted, by the characteristic vectorization of text type.Equipment known to these types can be with
It goes to detect by oshada, oshada is the network equipment search system of a charge.
S4 model generation step: raw by decision Tree algorithms by the characteristic information after known device vectorization in S32 step
At decision tree;
S5 classifying step: by the characteristic information after unknown device vectorization obtained in S31 step, pass through S4 model generation step
The decision tree of middle generation is classified, and the classification includes the matching process of traversal of tree and tree node.First determine whether decision
Set whether certain node is leaf node, illustrates that present node is type information if leaf node, the type is determined as equipment
Corresponding type, if not leaf node, obtains the corresponding attribute item of equipment, then compare the attribute value of two attribute items, root
Which branch of trade-off decision tree node can be determined according to comparing result, and next node is then entered by respective branch and is continued
Above step, until matching terminates.
Preferably, data packet directly is grabbed from physical interface using WINPCAP in S1 sample collection procedure, data packet saves
For cap file format.Data packet directly is grabbed from physical interface with WINPCAP first, data packet saves as cap file format;
Then WINPCAP read data packet from off line heap is used, i.e., is opened with the function pcap_open_offline () of WINPCAP
The file of storage.
Preferably, described in S2 data prediction step pretreatment include using WINPCAP handle capture cap file and
Filtering rule is set.WINPCAP provides pcap_compile () and the two functions of pcap_setfilter () to filter number
According to packet, after setting accurate filter expression, then cooperate the use of the two functions that can efficiently realize filtering data packet
Function, the present invention in be only concerned HTTP data packet, as long as capture HTTP data packet, so filter rules are arranged
At the expression formula of " http ".
Preferably, it is generated in S4 model generation step by decision tree-c45 algorithm training HTTP data packet characteristic information
Decision tree.
A kind of types of network equipment identifying system based on decision tree, comprising:
Sample collection module obtains network protocol for grabbing network packet to known and unknown network physical port
Response message information;
Data preprocessing module, by the way that filtering rule is arranged, obtains HTTP data packet for analyzing the network packet of crawl;
Characteristic extracting module is able to reflect the information of Terminal Equipments characteristics as sample characteristics for extracting in HTTP data packet,
By the characteristic vectorization of text type;
The characteristic extracting module includes:
Unknown device characteristic vectorization unit, the characteristic information in HTTP data packet for extracting unknown device, will be literary
The characteristic vectorization of this type;
Known device characteristic vectorization unit, for obtaining the HTTP data packet of known device, by HTTP data packet feature
Information vector;
Model generation module, for generating decision tree;
Categorization module, for classifying to unknown device.
Preferably, the sample collection module includes:
Data grabber unit, for directly grabbing data packet from physical interface using WINPCAP, data packet saves as cap file
Format.
Preferably, the data preprocessing module includes:
Pretreatment unit, for directly grabbing data packet from physical interface using WINPCAP, data packet saves as cap tray
Formula.
Preferably, the model generation module includes:
Decision tree generation unit, for generating decision tree by decision tree-c45 algorithm training HTTP data packet characteristic information.
Compared with the prior art, the present invention has the advantages that
(1) method that existing network equipment identification technology depends on active mostly scans network, artificial extract equipment fingerprint simultaneously
Equipment identification process is carried out by the matched mode of canonical, such identification method is not only time-consuming and laborious, and recognition correct rate obtains not
It is also easy to be found simultaneously for finding and identifying that unknown device is also helpless to guarantee.
(2) present invention is the type based on the passively method identification network equipment, only simple to pass through network flow number
The type that the identification network equipment is removed according to packet, will not be captured by intruding detection system.
(3) method that the present invention is learnt by automaton, the characteristic information for learning known device generates decision tree, then uses
Decision tree goes to judge the type of unknown device, increases the type of recognizable equipment, and the type of unknown device can be added to
In system, generalization ability is improved.
Detailed description of the invention
Fig. 1 is overall process flow chart of the invention;
Fig. 2 is system architecture diagram of the invention.
Specific embodiment
With reference to the accompanying drawings of the specification and specific embodiment, the present invention is described in detail.
Embodiment 1
The overall process flow chart provided according to Fig. 1, the specific embodiment of the present embodiment are as follows:
1. known device data packet is handled
(1) sample collection: pass through the class of the network equipment search system oshada of a charge detection network equipment in a network
Type and IP address send HTTP-GET request to known device respectively, obtain HTTP data packet.
(2) data processing: the information conduct that terminal device characteristic is able to reflect in the HTTP data packet being obtained by filtration is extracted
Sample characteristics, i.e. head file sum in statistics http response packet, select highest 30 fields of the frequency of occurrences as feature 1 to spy
Sign 30, by TF-IDF algorithm by the characteristic vectorization of text type;
(3) data application: by the data after decision tree-c45 algorithm training HTTP data packet feature vector, decision is generated
Tree.Input is that the characteristic output of the HTTP data packet of known device is decision tree.The process for generating decision tree is a life
At the recursive procedure of tree function, recurrence stop condition is that only a kind of system type or current attribute be in current subnet
All consider to finish but not divide yet to the greatest extent, previous condition is determined by function AllTheSameLabel (), which successively judges to work as
Whether preceding sample belongs to a certain type, returns if then recording this type, and latter condition is by current attribute item size
No is zero judgement, if zero by type decision that function MostCommonLable () function selects current type most for
Current type simultaneously returns.It calculates every information gain-ratio to be completed by function ComputeGainRatio (), includes again in function
Two steps are to calculate comentropy and division information entropy to obtain information gain respectively, calculate to divide information then to pass through
Compared to obtain information gain-ratio, completed respectively by function ComputeEntropy (), ComputeSplit ().Work as calculating
After the information gain-ratio of complete each option, maximum attribute item is selected by comparison and remaining sample is divided by the value of the attribute item
This is each subset, needs to update remaining attribute item and attribute value at this time, continues to run generation respectively for each subset
Function, that is, recursive generation tree function is set, above step layer-by-layer return node after meeting recursive condition is repeated, ultimately generates
Set function return decision tree the address root node root, by the attribute of the available node of the data structure of decision tree nodes,
Attribute value and all children, so far decision-tree model has been formed.
2. unknown device data packet is handled
(1) sample collection: data packet directly is grabbed from physical interface with WINPCAP, data packet saves as cap file format;So
WINPCAP read data packet from off line heap is used afterwards, i.e., the function pcap_open_offline () of WINPCAP is opened
The file of storage;WINPCAP provides pcap_compile () and pcap_setfilter () the two functions carried out filter data
Packet after setting accurate filter expression, then cooperates the two functions to use the function that can efficiently realize filtering data packet
Can, it is only concerned HTTP data packet in the present invention, as long as HTTP data packet is captured, so filter rules are arranged to
The expression formula of " http ";
(2) data processing: the information that terminal device characteristic is able to reflect in the HTTP data packet being obtained by filtration is extracted as sample
Feature, i.e. head file sum in statistics http response packet, select highest 30 fields of the frequency of occurrences as feature 1 to feature
30, by TF-IDF algorithm by the characteristic vectorization of text type;
The classification of 3 classifiers
Passed through with the decision tree that the data after known device feature vector generate to the data after unknown device feature vector
Algorithmic match is carried out, to classify to unknown device.The process nature of classification is the matching of traversal of tree and tree node
Process;First determine whether decision tree node is leaf node, illustrates that present node is type information if leaf node, it will
The type is determined as the corresponding type of equipment, if not leaf node, obtains the corresponding attribute item of equipment, then compares two and belongs to
Property item attribute value, which branch of trade-off decision tree node can be determined according to comparing result, then by respective branch into
Enter to next node the step of continuing the above, until matching terminates.
Fig. 2 is the system architecture diagram in a specific embodiment of the invention, is specifically included that
Sample collection procedure
1. being mentioned using the type of network equipment search system oshada collection network equipment as more as possible and the number of each type
The accuracy rate of height identification and the type for increasing identification.
2. sending HTTP-GET request to known device respectively, HTTP data packet is obtained
3. directly grabbing data packet from physical interface using WINPCAP, filtering rule is set, HTTP data packet is obtained
Process of data preprocessing
1. extracting the information for being able to reflect terminal device characteristic in the HTTP data packet being obtained by filtration as sample characteristics, that is, unite
Head file sum in http response packet is counted, highest 30 fields of the frequency of occurrences (being free of " content-length " field) is selected
As feature 1 to feature 30;If head file of the existing characteristics 1 into feature 30 in http response packet header, corresponding position
Numerical value is 1, if it does not exist, numerical value 0
2. choosing HTTP returns to status code as feature 31, the HTTP status code of return according to the index in state code collection S,
31 numeric indicia of feature is certain value in 1-36.State code collection S are as follows:
S={ 200, 202, 203, 204, 205, 301, 302, 307, 400,
401, 402, 403, 404, 405, 406, 407, 408, 410,
412, 416, 451, 456, 461, 479, 500, 501, 502,
503, 504, 508, 510, 520, 534, 535, 550, 596}
3. choosing " content-length " field value as feature 32, if there are head files in http response packet header
" content-length ", then 32 numerical value of feature is " content-length " field specific value, if it does not exist, numerical value 0.
4. it is final, original sample HTTP response bag text feature is converted into 32 dimensional feature vectors
Assorting process
1. by decision tree-c45 algorithm training known device HTTP response bag text feature be converted to 32 dimensional features to
Data after amount generate decision tree.Input is that the characteristic output of the HTTP data packet of known device is decision tree.
2. the decision tree generated with the data after known device feature vector is by after to unknown device feature vector
Data carry out algorithmic match, to classify to unknown device.
Schematically the invention and embodiments thereof are described above, description is not limiting, attached drawing
Shown in also be the invention one of embodiment, actual structure is not limited to this.So if this field
Those of ordinary skill enlightened by it, in the case where not departing from this creation objective, not inventively design and the technology
The similar frame mode of scheme and embodiment, should belong to the protection scope of this patent.
Claims (8)
1. a kind of types of network equipment recognition methods based on decision tree, which is characterized in that its step includes:
S1 sample collection procedure: grabbing the network flow of unknown device, obtains the response message letter of the network protocol of unknown device
Breath;
S2 data prediction step: pre-processing response message information, extracts the HTTP data packet of unknown device;
S3 characteristic extraction step: the information for being able to reflect Terminal Equipments characteristics in HTTP data packet is extracted as sample characteristics, is incited somebody to action
The characteristic vectorization of text type;
The S3 characteristic extraction step further include:
S31 unknown device characteristic vectorization: the characteristic information in the HTTP data packet of unknown device is extracted, by text type
Characteristic vectorization;
S32 known device characteristic vectorization: obtaining the HTTP data packet of known device, by HTTP data packet characteristic information to
Quantization;
S4 model generation step: the characteristic information after known device vectorization in S32 step is determined by decision Tree algorithms generation
Plan tree;
S5 classifying step: by the characteristic information after unknown device vectorization obtained in S31 step, pass through S4 model generation step
The decision tree of middle generation is classified, and the classification includes the matching process of traversal of tree and tree node.
2. the types of network equipment recognition methods according to claim 1 based on decision tree, spy are: S1 sample collection
Data packet directly is grabbed from physical interface using WINPCAP in step, data packet saves as cap file format.
3. the types of network equipment recognition methods according to claim 1 based on decision tree, spy are: S2 data are located in advance
Pretreatment described in reason step includes the cap file and setting filtering rule that capture is handled using WINPCAP.
4. the types of network equipment recognition methods according to claim 1 based on decision tree, spy are, S4 model is generated
By decision tree-c45 algorithm training HTTP data packet characteristic information in step, decision tree is generated.
5. a kind of types of network equipment identifying system based on decision tree characterized by comprising
Sample collection module obtains network protocol for grabbing network packet to known and unknown network physical port
Response message information;
Data preprocessing module, by the way that filtering rule is arranged, obtains HTTP data packet for analyzing the network packet of crawl;
Characteristic extracting module is able to reflect the information of Terminal Equipments characteristics as sample characteristics for extracting in HTTP data packet,
By the characteristic vectorization of text type;
The characteristic extracting module includes:
Unknown device characteristic vectorization unit, the characteristic information in HTTP data packet for extracting unknown device, will be literary
The characteristic vectorization of this type;
Known device characteristic vectorization unit, for obtaining the HTTP data packet of known device, by HTTP data packet feature
Information vector;
Model generation module, for generating decision tree;
Categorization module, for classifying to unknown device.
6. the types of network equipment identifying system according to claim 5 based on decision tree, which is characterized in that the sample
Acquisition module includes:
Data grabber unit, for directly grabbing data packet from physical interface using WINPCAP, data packet saves as cap file
Format.
7. the types of network equipment identifying system according to claim 5 based on decision tree, which is characterized in that the data
Preprocessing module includes:
Pretreatment unit, for directly grabbing data packet from physical interface using WINPCAP, data packet saves as cap tray
Formula.
8. the types of network equipment identifying system according to claim 5 based on decision tree, which is characterized in that the model
Generation module includes:
Decision tree generation unit, for generating decision tree by decision tree-c45 algorithm training HTTP data packet characteristic information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810756175.3A CN109063745B (en) | 2018-07-11 | 2018-07-11 | Network equipment type identification method and system based on decision tree |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810756175.3A CN109063745B (en) | 2018-07-11 | 2018-07-11 | Network equipment type identification method and system based on decision tree |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109063745A true CN109063745A (en) | 2018-12-21 |
| CN109063745B CN109063745B (en) | 2023-06-09 |
Family
ID=64815825
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810756175.3A Active CN109063745B (en) | 2018-07-11 | 2018-07-11 | Network equipment type identification method and system based on decision tree |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109063745B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109948650A (en) * | 2019-02-13 | 2019-06-28 | 南京中一物联科技有限公司 | A kind of smart home device type decision method based on message characteristic |
| CN110022308A (en) * | 2019-03-11 | 2019-07-16 | 中国科学院信息工程研究所 | A kind of internet of things equipment recognition methods and system |
| CN110062013A (en) * | 2019-06-04 | 2019-07-26 | 电子科技大学 | A kind of detection system and its method for Malware HTTP flow |
| CN110096013A (en) * | 2019-05-24 | 2019-08-06 | 广东工业大学 | A kind of intrusion detection method and device of industrial control system |
| CN110348526A (en) * | 2019-07-15 | 2019-10-18 | 武汉绿色网络信息服务有限责任公司 | A kind of device type recognition methods and device based on semi-supervised clustering algorithm |
| CN110445689A (en) * | 2019-08-15 | 2019-11-12 | 平安科技(深圳)有限公司 | Identify the method, apparatus and computer equipment of internet of things equipment type |
| CN110602041A (en) * | 2019-08-05 | 2019-12-20 | 中国人民解放军战略支援部队信息工程大学 | White list-based Internet of things equipment identification method and device and network architecture |
| CN111367874A (en) * | 2020-02-28 | 2020-07-03 | 北京神州绿盟信息安全科技股份有限公司 | Log processing method, device, medium and equipment |
| CN111931797A (en) * | 2019-05-13 | 2020-11-13 | 中国移动通信集团湖南有限公司 | Method, device and equipment for identifying network to which service belongs |
| CN112118259A (en) * | 2020-09-17 | 2020-12-22 | 四川长虹电器股份有限公司 | Unauthorized vulnerability detection method based on classification model of lifting tree |
| CN112600793A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Internet of things equipment classification and identification method and system based on machine learning |
| CN112989256A (en) * | 2021-05-08 | 2021-06-18 | 北京华云安信息技术有限公司 | Method and device for identifying web fingerprint in response information |
| CN113098832A (en) * | 2019-12-23 | 2021-07-09 | 四川大学 | Remote buffer overflow attack detection method based on machine learning |
| CN113328985A (en) * | 2021-04-07 | 2021-08-31 | 西安交通大学 | Passive Internet of things equipment identification method, system, medium and equipment |
| CN113625073A (en) * | 2021-06-23 | 2021-11-09 | 国网浙江省电力有限公司营销服务中心 | Feature library replacing method and monitoring method of non-invasive load monitoring system |
| CN114338064A (en) * | 2020-09-30 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for identifying network traffic type |
| WO2022083641A1 (en) * | 2020-10-23 | 2022-04-28 | 华为技术有限公司 | Device identification method, apparatus and system |
| CN114615020A (en) * | 2022-02-15 | 2022-06-10 | 中国人民解放军战略支援部队信息工程大学 | Method and system for quickly identifying network equipment based on feature reduction and dynamic weighting |
| WO2022156492A1 (en) * | 2021-01-20 | 2022-07-28 | 华为技术有限公司 | Method for determining type of terminal device and related device |
| WO2023004707A1 (en) * | 2021-07-29 | 2023-02-02 | 西门子股份公司 | Method and apparatus for device type identification |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106572486A (en) * | 2016-10-17 | 2017-04-19 | 湖北大学 | Handheld terminal traffic identification method and system based on machine learning |
| CN106850333A (en) * | 2016-12-23 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of network equipment recognition methods and system based on feedback cluster |
| CN108259637A (en) * | 2017-11-30 | 2018-07-06 | 湖北大学 | A kind of NAT device recognition methods and device based on decision tree |
-
2018
- 2018-07-11 CN CN201810756175.3A patent/CN109063745B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106572486A (en) * | 2016-10-17 | 2017-04-19 | 湖北大学 | Handheld terminal traffic identification method and system based on machine learning |
| CN106850333A (en) * | 2016-12-23 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of network equipment recognition methods and system based on feedback cluster |
| CN108259637A (en) * | 2017-11-30 | 2018-07-06 | 湖北大学 | A kind of NAT device recognition methods and device based on decision tree |
Non-Patent Citations (1)
| Title |
|---|
| 石志凯等: "基于C5.0决策树的NAT设备检测方法", 《计算机科学》 * |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109948650A (en) * | 2019-02-13 | 2019-06-28 | 南京中一物联科技有限公司 | A kind of smart home device type decision method based on message characteristic |
| CN109948650B (en) * | 2019-02-13 | 2023-08-11 | 南京中一物联科技有限公司 | Intelligent household equipment type judging method based on message characteristics |
| CN110022308A (en) * | 2019-03-11 | 2019-07-16 | 中国科学院信息工程研究所 | A kind of internet of things equipment recognition methods and system |
| CN110022308B (en) * | 2019-03-11 | 2020-05-29 | 中国科学院信息工程研究所 | Internet of things equipment identification method and system, electronic equipment and storage medium |
| CN111931797B (en) * | 2019-05-13 | 2023-09-08 | 中国移动通信集团湖南有限公司 | Method, device and equipment for identifying network to which service belongs |
| CN111931797A (en) * | 2019-05-13 | 2020-11-13 | 中国移动通信集团湖南有限公司 | Method, device and equipment for identifying network to which service belongs |
| CN110096013A (en) * | 2019-05-24 | 2019-08-06 | 广东工业大学 | A kind of intrusion detection method and device of industrial control system |
| CN110062013A (en) * | 2019-06-04 | 2019-07-26 | 电子科技大学 | A kind of detection system and its method for Malware HTTP flow |
| CN110348526A (en) * | 2019-07-15 | 2019-10-18 | 武汉绿色网络信息服务有限责任公司 | A kind of device type recognition methods and device based on semi-supervised clustering algorithm |
| CN110602041A (en) * | 2019-08-05 | 2019-12-20 | 中国人民解放军战略支援部队信息工程大学 | White list-based Internet of things equipment identification method and device and network architecture |
| CN110445689A (en) * | 2019-08-15 | 2019-11-12 | 平安科技(深圳)有限公司 | Identify the method, apparatus and computer equipment of internet of things equipment type |
| CN110445689B (en) * | 2019-08-15 | 2022-03-18 | 平安科技(深圳)有限公司 | Method and device for identifying type of equipment of Internet of things and computer equipment |
| CN113098832A (en) * | 2019-12-23 | 2021-07-09 | 四川大学 | Remote buffer overflow attack detection method based on machine learning |
| CN113098832B (en) * | 2019-12-23 | 2022-09-27 | 四川大学 | Remote buffer overflow attack detection method based on machine learning |
| CN111367874B (en) * | 2020-02-28 | 2023-11-14 | 绿盟科技集团股份有限公司 | Log processing method, device, medium and equipment |
| CN111367874A (en) * | 2020-02-28 | 2020-07-03 | 北京神州绿盟信息安全科技股份有限公司 | Log processing method, device, medium and equipment |
| CN112118259A (en) * | 2020-09-17 | 2020-12-22 | 四川长虹电器股份有限公司 | Unauthorized vulnerability detection method based on classification model of lifting tree |
| CN112118259B (en) * | 2020-09-17 | 2022-04-15 | 四川长虹电器股份有限公司 | Unauthorized vulnerability detection method based on classification model of lifting tree |
| CN114338064A (en) * | 2020-09-30 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for identifying network traffic type |
| CN114338064B (en) * | 2020-09-30 | 2023-07-07 | 腾讯科技(深圳)有限公司 | Method, device, system, equipment and storage medium for identifying network traffic type |
| WO2022083641A1 (en) * | 2020-10-23 | 2022-04-28 | 华为技术有限公司 | Device identification method, apparatus and system |
| CN112600793A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Internet of things equipment classification and identification method and system based on machine learning |
| WO2022156492A1 (en) * | 2021-01-20 | 2022-07-28 | 华为技术有限公司 | Method for determining type of terminal device and related device |
| CN113328985A (en) * | 2021-04-07 | 2021-08-31 | 西安交通大学 | Passive Internet of things equipment identification method, system, medium and equipment |
| CN112989256B (en) * | 2021-05-08 | 2021-09-24 | 北京华云安信息技术有限公司 | Method and device for identifying web fingerprint in response information |
| CN112989256A (en) * | 2021-05-08 | 2021-06-18 | 北京华云安信息技术有限公司 | Method and device for identifying web fingerprint in response information |
| CN113625073A (en) * | 2021-06-23 | 2021-11-09 | 国网浙江省电力有限公司营销服务中心 | Feature library replacing method and monitoring method of non-invasive load monitoring system |
| WO2023004707A1 (en) * | 2021-07-29 | 2023-02-02 | 西门子股份公司 | Method and apparatus for device type identification |
| CN114615020B (en) * | 2022-02-15 | 2023-05-26 | 中国人民解放军战略支援部队信息工程大学 | Method and system for rapidly identifying network equipment based on feature reduction and dynamic weighting |
| CN114615020A (en) * | 2022-02-15 | 2022-06-10 | 中国人民解放军战略支援部队信息工程大学 | Method and system for quickly identifying network equipment based on feature reduction and dynamic weighting |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109063745B (en) | 2023-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109063745A (en) | A kind of types of network equipment recognition methods and system based on decision tree | |
| Constantinides et al. | A novel online incremental learning intrusion prevention system | |
| Fahad et al. | Toward an efficient and scalable feature selection approach for internet traffic classification | |
| Cheng et al. | Multi-scale LSTM model for BGP anomaly classification | |
| CN111385297B (en) | Wireless device fingerprint identification method, system, device and readable storage medium | |
| CN111107102A (en) | Real-time network flow abnormity detection method based on big data | |
| CN110445689A (en) | Identify the method, apparatus and computer equipment of internet of things equipment type | |
| CN110830607B (en) | Domain name analysis method and device and electronic equipment | |
| CN114172688B (en) | Method for automatically extracting key nodes of network threat of encrypted traffic based on GCN-DL (generalized traffic channel-DL) | |
| CN108319672A (en) | Mobile terminal malicious information filtering method and system based on cloud computing | |
| Kong et al. | Identification of abnormal network traffic using support vector machine | |
| Hoyos Ll et al. | Distributed denial of service (DDoS) attacks detection using machine learning prototype | |
| Thom et al. | Smart recon: Network traffic fingerprinting for IoT device identification | |
| CN113114618A (en) | Internet of things equipment intrusion detection method based on traffic classification recognition | |
| CN116318830A (en) | Log intrusion detection system based on generation of countermeasure network | |
| Zwane et al. | Ensemble learning approach for flow-based intrusion detection system | |
| CN115277189A (en) | Unsupervised intrusion flow detection and identification method based on generative countermeasure network | |
| CN116318928A (en) | Malicious traffic identification method and system based on data enhancement and feature fusion | |
| Singh et al. | Autoencoder-based unsupervised intrusion detection using multi-scale convolutional recurrent networks | |
| CN112383488B (en) | Content identification method suitable for encrypted and non-encrypted data streams | |
| CN111200576A (en) | Method for realizing malicious domain name recognition based on machine learning | |
| CN109376531B (en) | Web intrusion detection method based on semantic recoding and feature space separation | |
| Ma et al. | A Multi-perspective Feature Approach to Few-shot Classification of IoT Traffic | |
| CN115314268A (en) | Malicious encrypted traffic detection method and system based on traffic fingerprints and behaviors | |
| Wang et al. | A two-phase approach to fast and accurate classification of encrypted traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |