CN109525427A - Distributed assets information detection method and system - Google Patents

Distributed assets information detection method and system Download PDF

Info

Publication number
CN109525427A
CN109525427A CN201811341226.2A CN201811341226A CN109525427A CN 109525427 A CN109525427 A CN 109525427A CN 201811341226 A CN201811341226 A CN 201811341226A CN 109525427 A CN109525427 A CN 109525427A
Authority
CN
China
Prior art keywords
task
detection
data
information
fingerprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811341226.2A
Other languages
Chinese (zh)
Inventor
陈志华
吉威炎
李虹
何文婷
刘洋
麦浩镔
廖璐
林仲武
余肖辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Security Test And Appraisal Center Guangdong Province
Original Assignee
Information Security Test And Appraisal Center Guangdong Province
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Security Test And Appraisal Center Guangdong Province filed Critical Information Security Test And Appraisal Center Guangdong Province
Priority to CN201811341226.2A priority Critical patent/CN109525427A/en
Publication of CN109525427A publication Critical patent/CN109525427A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/042Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

A kind of distribution assets information detection method and system, including in multiple networked asset information collection subsystems of different zones distributed deployment and the distributed task dispatching and data process subsystem of the multiple networked asset information collection subsystem of connection, based on distributed structure/architecture, the distributed task dispatching and data process subsystem are by Task-decomposing, and the task of decomposition is assigned in suitable resource by task schedule, task distribution and processing are realized for multiple nodes, the distributed of realization task executes, assets information detection and perception are executed in a distributed manner, and data storage and management subordinate is together.The distribution assets information detection method and system can in time, reliably detect the mobile host computers for finding specific multiple network areas, collect assets information, the function that provides the foundation is perceived for the change of assets, is also beneficial to quick, accurate discovery so as to the security breaches of timely restoration information system.

Description

Distributed assets information detection method and system
Technical field
The present invention relates to networked asset information security, especially a kind of distributed assets information detection method and system.
Background technique
Information systems internetting space is made of countless nodes, each node be one access network IT assets (or Claim information assets), information assets include host operating system, the network equipment, safety equipment, database, middleware, using group Part.Information assets is most basic most important carrier in information security management.With going from strength to strength for intra-enterprise business, business Information-based high speed development, various businesses support platform and management system become increasingly complex, and information assets such as server, storage are set The standby, network equipment, safety equipment quantity are cumulative, and type is also more and more abundant, bring the Assets Management of administrator More difficult.Over time, a large amount of dereliction assets, corpse assets are produced, these assets long-time unmanned maintenances cause to deposit In more known bugs and configuration violation.More seriously these assets are difficult to be included within the scope of administrator's daily maintenance, Very big hidden danger is brought for enterprise security, becomes the weakness of enterprise information security.
By taking Guangdong Power Grid as an example, common power information equipment, as server, interchanger, router, power communication are whole End, intelligent transformer equipment etc. will affect the normal confession of the normal acquisition and electrical power services of power information once safety problem occurs It answers, not only brings inconvenience to the daily production and living of people, will also result in great economic loss.
Currently, country is higher and higher to the attention degree of network security, and effective management of IT assets is just more important.IT money Production is most basic most important carrier in information security management, differentiates IT assets, grasps to comprehensive no dead angle assets information meaning Justice is great.Meanwhile on the basis of finding out assets information, whether the protection of the dangerous risk in awareness network space is effective, such as Influence of the service that the network equipment is run with the presence or absence of known bugs and physical address, the loophole newly exposed to the network equipment How range carries out the information such as repairing for known bugs, this safe condition that will be helpful to accurately grasp enterprise is simultaneously effective It solves to threaten risk.
Summary of the invention
It is a primary object of the present invention in view of the deficiencies of the prior art, provide a kind of distributed assets information detection method With system.
To achieve the above object, the invention adopts the following technical scheme:
A kind of distribution assets information detection system, including multiple networked asset information in different zones distributed deployment The distributed task dispatching and data processing subsystem of collection subsystem and the multiple networked asset information collection subsystem of connection System is based on distributed structure/architecture, and Task-decomposing is passed through task schedule by the distributed task dispatching and data process subsystem The task of decomposition is assigned in suitable resource, task distribution and processing is realized for multiple nodes, realizes the distribution of task Formula executes, and executes assets information detection and perception in a distributed manner, and data storage and management subordinate is together.
Further:
The networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with Detect the OS Type of remote target host;
Application component fingerprint-collection module is configured to version, service that discovery includes web application or component One of port, protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, be configured to networked hosts and The fragility of application system carries out perception analysis, to find the tender spots of operating system, service, application component, finds networking master Machine, its system, service, loophole that may be present in application component.
The basic information collection module receives answer number by sending a series of TCP and UDP message packet to destination host According to packet, and each of reply data packet data item is detected, then compared with fingerprint database, detected far by analyzing comparison The OS Type of journey destination host.
The basic information collection module includes:
Detecting host submodule is configured to inquire IP address library according to setting strategy for objective area and be converted into IP Range sets multiple scan procedures and/or thread according to scanning, detects target machine corresponding port, each port receives one kind Legal response packet, then judge open-ended, only one open port of each host then judges that host is survived, will deposit The IP of host living, the port of opening and protocol information are stored in mobile host computers library;Preferably, the setting strategy includes scanning target Area, scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule is configured to pass the specific detection packet of transmission, find each node in network with And their interconnected relationships;Preferably, the node includes router and host;
System fingerprint information collects submodule, is configured to utilize the finger for establishing different operating system, different agreement stack Line database detects TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information;
It services finger print information and collects submodule, be configured to be sent to from the corresponding detection fingerprint of service fingerprint base selection Corresponding port is matched by the fingerprint in the packet of return, is judged whether containing corresponding component.
The system fingerprint information collect submodule identified using ICP/IP protocol stack fingerprint different operating system and Equipment, it is preferable that the system fingerprint information is collected submodule and is configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of known system is established, this fingerprint characteristic is stored in system fingerprint library, is made For the sample database of fingerprint comparison;
Systems scan task is set, selects the destination host of detecting, then activation system detection task;The task is chosen respectively An opening and a port closed are selected, is sent to it by pre-set TCP/UDP/ICMP data packet, detection is returned The data packet returned simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is from mobile host computers Selection;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
The application component fingerprint-collection module by carry out based on Web service, service end instruction, Web Development Framework, One of Web application, front end library and third party's component recognition a variety of collect finger print information.
Web Development Framework wherein is identified by using Component service Detection Techniques, wherein detecting by the application component page Which kind of language technology and Component service Detection Techniques detection Web site backstage use, wherein detecting skill by the serviced component page Art is applied to detect Web, and one or several pages of preferably crawl website match corresponding to differentiate to the fingerprint of fingerprint base Web application, wherein using page Detection Techniques detect the space Web, preferably page Detection Techniques include pass through the page CLASSID identified.
The fragility sensing module carries out system vulnerability scanning, database vulnerability scanning, in Web application vulnerability scanning It is one or more;Preferably, the vulnerability database that the fragility sensing module is established by backstage carries out certainly the loophole scanned Dynamic matching, and automatically confirm that the CVE number of loophole and whether have Land use systems.
Vulnerability scanning is based on Port Scanning Technology, on the port and port that destination host unlatching is learnt after port scan Network service, these relevant informations are matched with the vulnerability database being provided previously, wherein by simulation this system is attacked Hitter's method is checked whether with the presence of the loophole for meeting matching condition;Preferably, aggressive safety is carried out to target host systems Vulnerability scanning, it is preferred to use test weak tendency password, if simulation success attack, showing target host systems, there are security breaches.
Using rule-based matching technique, the network system vulnerability database of formation constitutes corresponding on basis herein With rule, the work of vulnerability scanning is carried out automatically by scanner program, if being matched the condition of satisfaction, be considered as there are loophole, Client is returned the result to after the completion of detection;Preferably, if the rule not being matched, forbid the network connection of system;It is excellent Selection of land, loophole data are separated from scan code, to be updated to scanning engine.
The networked asset information collection subsystem further includes with the one or more of lower module:
Task management module is configured to receive assignment instructions, dispatches multiple collection modules by strategy and completes corresponding appoint Business dynamically monitors the running state information of each collection module in real time and carries out the load balancing and allotment of task in real time, To guarantee that each collection module can reasonably work;
Data filtering module is configured to pass acquisition strategies and matches to initial data, to the data of redundancy into Row filtering;
Data transmission module, data will be acquired by being configured to is sent to and the networked asset information by hidden subnet The management subsystem of collection subsystem connection.
The distribution assets information detection system further include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and is data manipulation people Member provides human-computer interaction interface and carries out corresponding business operation;
Preferably, management end accesses distributed data source by polling mechanism, and the asynchronous returned data of server connects in data In receipts, management Platform Requirements carry out poll periodically with an informing mechanism and a monitoring establishment and come from data-interface service New data are added to response data by data receiver processing service and deposited by the response of module after having new data to return It stores up in file.
A kind of distribution assets information detection method, using the distributed assets information detection system, by not Assets information is collected with the operation detection of multiple networked asset information collection subsystems of region distributed deployment.
Preferably, following distributed task dispatching is carried out using the distributed task dispatching and data process subsystem, It includes the following steps:
1) when mission dispatching, system detection task size will consume biggish task automatically according to detection node information It is divided into internal small task, and is put into task queue;
2) internal small task is taken out from task queue, passes to detection module node according to mission dispatching standard interface;
3) business detection module of each operation layer is provided which the task schedule interface of standard, by interface that mission dispatching is sub Task parameters data are finally transmitted to each operation layer according to interface specification by module, and the correctness of validation task supplemental characteristic Detection node;
4) different when being handed down to the task of detection node and being unable to complete due to detection node server failure or network failure Normal processing module continues to execute the issuing the detection node automatically of the task to other nodes;
5) last detection node reports progress according to interface specification, these progresses are summarized storage by progress summarizing module.
Beneficial effects of the present invention:
The present invention provides a kind of distributed assets information detection method and system, passes through multiple nets of wherein distributed deployment Network assets information collection subsystem can in time, reliably detect the mobile host computers for finding specific multiple network areas, collect money Information is produced, including realizing the collection to its operating system and application component information, and data storage and management subordinate is together, side Just it is uniformly processed and shows data;Meanwhile task distribution formula is executed, Task-decomposing is passed through by using distributed structure/architecture The task of decomposition is assigned in suitable resource by task schedule, to multiple nodes realize intelligence task distribution, load balancing, Abnormality processing, progress summarize, result summarizes, and realize the distributed of task executes, and such as distribution executes assets perception and assets Information exception processes improve processing capacity.The present invention passes through the detection of distributed assets, identifies known and unknown assets, and receive Collect asset attribute information, perceives the function that provides the foundation for the change of assets.
It further, can also be by the fragility sensing module in networked asset information collection subsystem, based on detection The case where carry out targetedly vulnerability information and collect, perception analysis, hair are carried out to the fragility of networked hosts and application system The now tender spots of operating system, service, application component provides data supporting for penetration attack/test and using resource, finally seeks Find out networked hosts, its system, service, loophole that may be present in application component.Networked asset information in the present invention is collected Subsystem can accurately and reliably find the security breaches of networked information system, to realize that loophole is quickly administered, repair in time The security breaches of information system provide advantage and good guarantee.
Detailed description of the invention
Fig. 1 is the structural block diagram of the distributed assets information detection system of an embodiment of the present invention;
Fig. 2 is the structural block diagram of the networked asset information collection subsystem in an embodiment of the present invention;
Fig. 3 is the vulnerability scanning system assumption diagram based on network system vulnerability database in the preferred embodiment of the present invention;
Fig. 4 is the stream that distributed task dispatching is carried out in the distributed assets information detection method of the preferred embodiment of the present invention Cheng Tu;
Fig. 5 present invention realizes asset identification and changes the basic structure block diagram of the embodiment of sensory perceptual system;
Fig. 6 is the flow chart for the change perception that an embodiment of the present invention carries out Asset Attributes.
Specific embodiment
It elaborates below to embodiments of the present invention.It is emphasized that following the description is only exemplary, The range and its application being not intended to be limiting of the invention.
Refering to fig. 1, in one embodiment, a kind of distributed assets information detection system, is included in different zones distribution Multiple networked asset information collection subsystems of formula deployment and the distribution for connecting the multiple networked asset information collection subsystem Formula task schedule and data process subsystem are based on distributed structure/architecture, the distributed task dispatching and data process subsystem The task of decomposition is assigned in suitable resource by Task-decomposing, and by task schedule, realizes task for multiple nodes Distribution and processing realize that the distributed of task executes, and execute assets information detection and perception, and data storage and pipe in a distributed manner Manage subordinate together.
By using distributed structure/architecture, Task-decomposing is passed through task schedule by the distribution assets information detection system The task of decomposition is assigned in suitable resource, multiple nodes are realized with task distribution, the load balancing, exception of intelligence Reason, progress summarizes, result summarizes, and realizes that the distributed of task executes, such as distribution executes the perception of assets and assets information becomes It more handles, improves processing capacity.
The present invention passes through the detection of distributed assets, and identification is known and unknown assets, and collects asset attribute information, also for The change of assets perceives the function that provides the foundation.
Referring to Fig.2, in a preferred embodiment, the networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with Detect the OS Type of remote target host;
Application component fingerprint-collection module is configured to version, service that discovery includes web application or component One of port, protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, be configured to networked hosts and The fragility of application system carries out perception analysis, to find the tender spots of operating system, service, application component, finds networking master Machine, its system, service, loophole that may be present in application component.
Based on preferred embodiment, it can establish loophole and administer control platform, according to system type and application component, carry out needle The vulnerability information of property is collected.
In some embodiments, networked asset information collection subsystem collects (including master by using network foundation information Machine discovery, port scan, operating system are detected, using detecting and IP address library) and fragility cognition technology, it can be found that specific Mobile host computers in network area, and realize and its OS Type and version, application component type and version information are collected, Targetedly vulnerability information is carried out according to system type and application component to collect.
In some embodiments, IP address positioning, detecting host and port can be used in networked asset information collection subsystem Scanning, operating system and application type detecting, network application scanning, vulnerability scanning, advanced escape technology (AET), firewall/ IDS such as evades at the technologies, realizes networked asset information collection.
In an exemplary embodiment, networked asset information collection subsystem includes basic information collection module, application component Fingerprint-collection module and fragility sensing module.
(1) basic information collection module
This module is configured to discovery networked hosts, and carries out the fingerprint recognition of host operating system.By to target Host sends a series of TCP and UDP message packet, receives reply data packet, and detect each of reply data packet data item, It is compared again with fingerprint database, the OS Type of remote target host can be detected finally by analysis comparison.
In a preferred embodiment, basic information collection module specifically includes:
Detecting host submodule: detecting host module sets strategy, including scanning objective area, scanning association according to user View, port range, the scanning technique used and evade technology etc., inquires IP address library for objective area and be converted into IP range, root It is scanned into (line) journey according to scanning setting is multiple, detects target machine corresponding port, each port receives legal time a kind of It should wrap, then judge open-ended, only one open port of each host then judges that host is survived, by the IP for host of surviving, opens The port put and protocol information are stored in mobile host computers library.
Topology Discovery submodule: network topology is a kind of table of interconnecting relation between each entity interconnected in network Show.Topological structure is usually modeled as a figure, and equipment (router, host etc.) is represented with node, is represented and is connected with Bian Lai Relationship (physically or logically).Topology Discovery be by sending specific detection packet, find each node in network and it Interconnected relationship.
System fingerprint information collects submodule: utilizing the fingerprint database for establishing different operating system, different agreement stack, inspection Survey TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information.
It is preferable to use ICP/IP protocol stack fingerprints for this system to identify different operating system and equipment.In RFC specification, There is no mandatory provisions for some realizations of place to TCP/IP, thus may have the specific of oneself in different TCP/IP schemes Mode.This system is mainly that the type of operating system is judged according to the difference in these details.In preferred embodiment In, specific implementation is as follows:
Firstly, analysis sorts of systems feature, establishes the fingerprint characteristic of known system, this fingerprint characteristic is stored in system fingerprint Library, the sample database as fingerprint comparison;
Systems scan task is set, the destination host (preferably selecting from mobile host computers, avoid ineffective detection) of detecting is selected, Then activation system detection task;The task selects an opening (open) respectively and closes the port of (closed), Xiang Qifa The excessively pre-set TCP/UDP/ICMP data packet of the warp let-off generates a system fingerprint according to the data packet of return;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
If can not match, possible system is enumerated with Probability Forms.
Service finger print information collects submodule: choosing corresponding detection fingerprint since servicing fingerprint base and is sent to accordingly Fingerprint matching judges whether containing corresponding component in the packet that port passes through return.
(2) application component fingerprint-collection module
This module is configured to version, serve port, protocol interaction feature of discovery web application or component etc. and refers to Line information.
This module can be supported to service end instruction, Web Development Framework, Web application, front end library and third party based on Web service The identification such as component.
Web Development Framework is a kind of service routine, and server externally provides service by some port, is handled from client The request of sending, such as the Tomcat container in JAVA, IIS the or PWS frame of ASP, this module is detected by using Component service Technology can identify Web Development Framework, for example can detect Tomcat frame by sending finger print information " URI/status ".
Application component page Detection Techniques and service Component service Detection Techniques detection Web site backstage can be used in this module Using which kind of language, specific method includes passing through meta information, script label, header information, session, error The fingerprints such as page, certain contents including webpage judge.
Serviced component page Detection Techniques can be used to realize the detection of Web application in this module.By grab website one A or several pages match with the fingerprint of fingerprint base and can differentiate corresponding web application.
The page Detection Techniques detection space Web can be used.For example, being identified by the CLASSID of the page etc.
(3) fragility sensing module
This module is configured to perceive the fragility of networked hosts and application system, analyze, discovery operating system, It services, the tender spots of application component, integrated system vulnerability scanning, database vulnerability scanning, Web application vulnerability scanning etc. are a variety of Whether tool can carry out Auto-matching to loophole by the vulnerability database that backstage is established, and automatically confirm that the CVE number of loophole with There are Land use systems.
In a preferred embodiment, the vulnerability scanning architecture based on network system vulnerability database is as shown in Figure 3.
Vulnerability-scanning technology is built upon on the basis of Port Scanning Technology.From the analysis and collection to attack From the point of view of loophole, the overwhelming majority is both for some network service, that is, is directed to some specific port.Therefore, exist In preferred embodiment, the Vulnerability-scanning technology used is scanned with thinking same as Port Scanning Technology to carry out.Vulnerability scanning Technology preferably checks destination host with the presence or absence of loophole by the following method: learning what destination host was opened after port scan Network service on port and port, the vulnerability database progress that these relevant informations and Network Vulnerability Scanning System are provided Match.By simulating the attacking ways to this system, check whether with the presence of the loophole for meeting matching condition.Preferably, to target Host system carries out aggressive security scan, such as test weak tendency password.If simulating success attack, show target master There are security breaches for machine system.
This system uses rule-based matching technique, i.e., according to security expert to network system security loophole, Hei Kegong The practical experience that the analysis and system manager for hitting case configure network system security forms the leakage of standard set network system Cave depot constitutes corresponding matching rule on basis herein, the work of vulnerability scanning is initiatively carried out by scanner program.Preferably Forbid the network connection of system if the rule not being matched in ground.
In preferred embodiment, matched by the system vulnerability library that vulnerability scanning system provides, if meeting condition, depending on For there are loopholes.Client is returned the result to after the completion of the detection of server, and generates intuitive report.In server end Rule match library can be the set of many shared routings, store various scanning attack methods.Loophole data are from scan code Separation, enables users to voluntarily be updated scanning engine.
In a more preferred embodiment, present networks assets information collection subsystem can also include task management module.
(4) task management module
Task management module is configured to receive assignment instructions, and dispatches multiple collection modules and complete corresponding appoint by strategy Business, task management module need dynamically to monitor in real time the running state information of each collection module and carry out task in real time Load balancing and allotment, to guarantee that each collection module can reasonably work.
In a more preferred embodiment, present networks assets information collection subsystem can also include data filtering module.
(5) data filtering module
Data filtering module is configured to match initial data by acquisition strategies, carries out to the data of redundancy Filter.
In a more preferred embodiment, present networks assets information collection subsystem can also include data transmission module.
(6) data transmission module
Data transmission module, which is configured, is sent to management subsystem by hidden subnet for acquisition data.
Distributed assets information detection system of the invention uses the networked asset information collection subsystem of above-described embodiment, The mobile host computers of the detectable discovery particular network area of networked asset information collection subsystem, and realize to its operating system and answer It with the collection of module information, and carries out targetedly vulnerability information and collects, provide data branch for subsequent penetration attack/test It supports and utilizes resource, so that distributed assets information detection system of the invention can much sooner, effectively, reliably, accurately Networked asset information is acquired, so as to preferably find simultaneously the security breaches of restoration information system in time.
In a preferred embodiment, the distributed assets information detection system can also include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and is data manipulation people Member provides human-computer interaction interface and carries out corresponding business operation;
It is highly preferred that management end accesses distributed data source, the asynchronous returned data of server, in data by polling mechanism In reception, management Platform Requirements have an informing mechanism and monitorings set up come periodically poll from data-interface clothes The response for module of being engaged in handles service by data receiver and new data is added to response data after having new data to return In storage file.
In addition, the distribution assets information detection system can also include:
Bug excavation subsystem is configured and provides bug excavation tool, constructs the general operations environment of bug excavation, real Now to the bug excavation of destination OS and target application software;
Vulnerability exploit verifies subsystem, is configured and provides the verification environment of building loophole and vulnerability exploit method, to leakage Hole is verified using sample, and assesses the effect of vulnerability exploit;
Security tool subsystem, is configured offer security tool, including for destination OS and target application into Row penetration attack, and realize that long-term control is kept.
Preferably but not compulsorily, as shown in Fig. 2, distributed assets information detection system of the invention includes networked asset Information collection subsystem and management subsystem.Specifically, management subsystem can provide to information gathering subsystem, bug excavation The results such as system, vulnerability exploit verifying subsystem, security tool carry out the ability of data displaying, can also carry out to above system Operation management, while the work system of a query analysis is provided, this system includes the task of a regulation management mode A series of analysis tool of processing environment and man-machine interactives allows analysis personnel that can complete various data by it and analyzes Task.In addition, there is system individual operation desktop (workbench) and converging information for different rights user to show interface. It is shown eventually by the configuration management in the complete paired data area of the system and the analysis of Various types of data and report, and is data manipulation people Member provides human-computer interaction interface and carries out corresponding business operation.
Preferably but not compulsorily, distributed assets information detection system of the invention can further include including leakage Excavate subsystem in hole.Bug excavation subsystem is based on typical bug excavation technological means, by integrated bug excavation tool and The bug excavation tool for developing customization, constructs the general operations environment of bug excavation, and destination OS and target are answered in realization Vulnerability exploit sample is developed with the bug excavation of software, and for newfound loophole.
Preferably but not compulsorily, distributed assets information detection system of the invention can further include including leakage Hole utilizes verifying subsystem.The verification environment that loophole and vulnerability exploit method can be constructed verifies vulnerability exploit sample, And assess the effect of vulnerability exploit.
Preferably but not compulsorily, distributed assets information detection system of the invention can further include safe work Has subsystem.Penetration attack can be carried out for destination OS and target application, and realize with customized development security tool Long-term control is kept.
In further embodiments, a kind of distributed assets information detection method, uses the distributed assets information Detection system is collected by the operation detection of multiple networked asset information collection subsystems in different zones distributed deployment Assets information.
In a particular embodiment, distributed assets information detection system carries out the task schedule of assets security monitoring, calls Each information acquisition module carries out various dimensions scanning to cyberspace IT assets, obtains software and hardware information, the port information of IT assets Deng distributed data base finally is written in scanning result.The task that distributed scheduling completes whole system generates, task is distributed, The functions such as task reception, task execution, abnormality processing, data statistics, task load equilibrium.
Refering to Fig. 4, it is preferable that carried out using distributed task dispatching above-mentioned and data process subsystem following distributed Task schedule comprising following steps:
1) when mission dispatching, system detection task size will consume biggish task automatically according to detection node information It is divided into internal small task, and is put into task queue;
2) internal small task is taken out from task queue, passes to detection module node according to mission dispatching standard interface;
3) business detection module of each operation layer is provided which the task schedule interface of standard, by interface that mission dispatching is sub Task parameters data are finally transmitted to each operation layer according to interface specification by module, and the correctness of validation task supplemental characteristic Detection node;
4) different when being handed down to the task of detection node and being unable to complete due to detection node server failure or network failure Normal processing module continues to execute the issuing the detection node automatically of the task to other nodes;
5) last detection node reports progress according to interface specification, these progresses are summarized storage by progress summarizing module.
Refering to Fig. 5, in further embodiments, a kind of distribution assets information detection system realizes asset identification and change More perceive.The system further includes asset data processing subsystem and asset library, and the networked asset information collection subsystem is received The assets information of collection networking mobile host computers, the asset data processing subsystem are obtained from the networked asset information collection subsystem The assets information of networking activity host is obtained, and it is carried out with the asset attribute information for passing through confirmation in the asset library is stored in It compares, to realize automatically updating to the assets information of the networking survival host in the asset library.The asset identification and change Cognitive method and system can it is comprehensive accurately, dynamically grasp assets information and its variation, significantly improve the network of assets Risk, the accuracy of vulnerability assessment improve grasp situation and fast throughput to assets loophole, to significantly improve To the response disposition to attack.
Refering to Fig. 6, in further embodiments, a kind of distribution assets information detection method uses above-described embodiment System carries out asset identification and change perception, wherein the asset data processing subsystem collects son from the networked asset information System obtains the assets information of networking activity host, and it is believed with the Asset Attributes for passing through confirmation in the asset library are stored in Breath is compared, to realize automatically updating to the assets information of the networking survival host in the asset library.
In a preferred embodiment, networked asset information collection subsystem is by being recycled network foundation information collection mode Collect networking activity host and asset attribute information;Asset data processing subsystem is obtained from networked asset information collection subsystem Networking activity host and asset attribute information, and be compared with being stored in asset library by the Asset Attributes confirmed, with reality Now networking survival host library is automatically updated and OS Type and version, application component type and version information etc. Attribute automatically updates;
In a preferred embodiment, using the recursive call of asset identification technology, assets can be perceived with the attribute of change Including OS Type and version, application component type and version, type of database and version, port, service;For really The assets recognized, attribute are stored in asset library, and the information collection module of networked asset information collection subsystem is known using assets Other technology, periodic cyclic are scanned desired asset, collect its attribute information, after collecting attribute, and are stored in asset library Primitive attribute be compared, desired asset attribute such as changes, and data processing module will do it the update of asset library, it is ensured that money Attribute information in product storehouse is newest;
In a preferred embodiment, survival assets change perception is carried out, by the recursive call of asset identification technology come real It is existing;Wherein for the assets having confirmed that, state is stored in asset library, and using asset identification technology, periodic cyclic is to target Assets are scanned, and detect whether its state survives, if it find that host is reactionless, then record current time, and modify it Otherwise state keeps standing state, and increase time-to-live record.
The above content is combine it is specific/further detailed description of the invention for preferred embodiment, cannot recognize Fixed specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs, Without departing from the inventive concept of the premise, some replacements or modifications can also be made to the embodiment that these have been described, And these substitutions or variant all shall be regarded as belonging to protection scope of the present invention.

Claims (10)

1. a kind of distribution assets information detection system, which is characterized in that including multiple nets in different zones distributed deployment The distributed task dispatching and number of network assets information collection subsystem and the multiple networked asset information collection subsystem of connection According to processing subsystem, it is based on distributed structure/architecture, the distributed task dispatching and data process subsystem lead to Task-decomposing It crosses task schedule the task of decomposition is assigned in suitable resource, realizes task distribution and processing for multiple nodes, realize The distributed of task executes, and executes assets information detection and perception in a distributed manner, and data storage and management subordinate is together;
Preferably, the networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with detection The OS Type of remote target host out;
Application component fingerprint-collection module, be configured to version, serve port that discovery includes web application or component, One of protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, is configured to networked hosts and application The fragility of system carries out perception analysis, to find the tender spots of operating system, service, application component, find networked hosts, its System, service, loophole that may be present in application component.
2. distribution assets information detection system as described in claim 1, which is characterized in that the basic information collection module Include:
Detecting host submodule is configured to inquire IP address library according to setting strategy for objective area and be converted into IP range, Multiple scan procedures and/or thread are set according to scanning, detect target machine corresponding port, each port receives one kind and meets rule Response packet then, then judge open-ended, only one open port of each host then judges that host is survived, by host of surviving IP, opening port and protocol information be stored in mobile host computers library;Preferably, setting strategy include scanning objective area, Scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule is configured to pass the specific detection packet of transmission, find each node in network and it Interconnected relationship;Preferably, the node includes router and host;
System fingerprint information collects submodule, is configured to utilize the fingerprint number for establishing different operating system, different agreement stack According to library, TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information are detected;
It services finger print information and collects submodule, be configured to be sent to accordingly from the corresponding detection fingerprint of service fingerprint base selection Port, matched, judged whether containing corresponding component by the fingerprint in the packet of return.
3. distribution assets information detection system as claimed in claim 2, which is characterized in that the system fingerprint information is collected Submodule identifies different operating system and equipment using ICP/IP protocol stack fingerprint, it is preferable that the system fingerprint information Submodule is collected to be configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of known system is established, this fingerprint characteristic is stored in system fingerprint library, as finger The sample database of line comparison;
Systems scan task is set, selects the destination host of detecting, then activation system detection task;The task selects one respectively The port of a opening and a closing, is sent to it by pre-set TCP/UDP/ICMP data packet, detects return Data packet simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is selected from mobile host computers;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
4. distribution assets information detection system as described in any one of claims 1 to 3, which is characterized in that the application group Part fingerprint-collection module is by carrying out based on Web service, service end instruction, Web Development Framework, Web application, front end library and third One of square component recognition or it is a variety of collect finger print information, wherein being opened by using Component service Detection Techniques identification Web Frame is sent out, wherein detecting which kind of Web site backstage uses by application component page Detection Techniques and Component service Detection Techniques Language preferably grabs one or several pages of website wherein detecting Web application by serviced component page Detection Techniques Matched with the fingerprint of fingerprint base to differentiate corresponding web application, wherein the space Web is detected using page Detection Techniques, Preferably page Detection Techniques include being identified by the CLASSID of the page.
5. such as the described in any item distributed assets information detection systems of Claims 1-4, which is characterized in that the fragility Sensing module carries out one of system vulnerability scanning, database vulnerability scanning, Web application vulnerability scanning or a variety of;Preferably, The vulnerability database that the fragility sensing module is established by backstage carries out Auto-matching to the loophole scanned, and automatically confirms that leakage The CVE in hole is numbered and whether is had Land use systems.
6. distribution assets information detection system as claimed in claim 5, which is characterized in that vulnerability scanning is based on port scan Technology, learnt after port scan destination host open port and port on network service, by these relevant informations with The vulnerability database being provided previously is matched, wherein having checked whether to meet matching item by simulation to the attacking ways of this system The loophole of part exists;Preferably, aggressive security scan is carried out to target host systems, it is preferred to use test weak tendency mouth It enables, if simulation success attack, showing target host systems, there are security breaches.
7. such as distributed assets information detection system described in claim 5 or 6, which is characterized in that use rule-based With technology, the network system vulnerability database of formation constitutes corresponding matching rule on basis herein, is carried out automatically by scanner program The work of vulnerability scanning is considered as there are loophole, detection returns the result to client after the completion if being matched the condition of satisfaction End;Preferably, if the rule not being matched, forbid the network connection of system;Preferably, loophole data are divided from scan code From to be updated to scanning engine.
8. distribution assets information detection system as described in any one of claim 1 to 7, which is characterized in that the network money Producing information collection subsystem further includes with the one or more of lower module:
Task management module is configured to receive assignment instructions, dispatches multiple collection modules by strategy and completes corresponding task, moves It monitors to state the running state information of each collection module in real time and carries out the load balancing and allotment of task in real time, to guarantee Each collection module can reasonably work;
Data filtering module is configured to pass acquisition strategies and matches to initial data, carries out to the data of redundancy Filter;
Data transmission module, data will be acquired by being configured to is sent to and networked asset information collection by hidden subnet The management subsystem of subsystem connection.
9. distribution assets information detection system as claimed in any one of claims 1 to 8, which is characterized in that further include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and mentions for data manipulation personnel Corresponding business operation is carried out for human-computer interaction interface;
Preferably, management end accesses distributed data source, the asynchronous returned data of server, in data receiver by polling mechanism On, management Platform Requirements carry out poll periodically with an informing mechanism and a monitoring establishment and come from data-interface service mould The response of block handles service by data receiver and new data is added to response data storage after having new data to return In file.
10. a kind of distribution assets information detection method, which is characterized in that use as claimed in any one of claims 1 to 8 point Cloth assets information detection system passes through the fortune of multiple networked asset information collection subsystems in different zones distributed deployment Row detection is to collect assets information;Preferably, divided as follows using the distributed task dispatching and data process subsystem Cloth task schedule comprising following steps:
1) when mission dispatching, system detection task size will consume biggish task automatically according to detection node information and divide For internal small task, and it is put into task queue;
2) internal small task is taken out from task queue, passes to detection module node according to mission dispatching standard interface;
3) business detection module of each operation layer is provided which the task schedule interface of standard, by interface by mission dispatching submodule Task parameters data are finally transmitted to each operation layer according to interface specification by block, and the correctness of validation task supplemental characteristic Detection node;
4) when being handed down to the task of detection node and being unable to complete due to detection node server failure or network failure, exception Reason module continues to execute the issuing the detection node automatically of the task to other nodes;
5) last detection node reports progress according to interface specification, these progresses are summarized storage by progress summarizing module.
CN201811341226.2A 2018-11-12 2018-11-12 Distributed assets information detection method and system Pending CN109525427A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811341226.2A CN109525427A (en) 2018-11-12 2018-11-12 Distributed assets information detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811341226.2A CN109525427A (en) 2018-11-12 2018-11-12 Distributed assets information detection method and system

Publications (1)

Publication Number Publication Date
CN109525427A true CN109525427A (en) 2019-03-26

Family

ID=65773881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811341226.2A Pending CN109525427A (en) 2018-11-12 2018-11-12 Distributed assets information detection method and system

Country Status (1)

Country Link
CN (1) CN109525427A (en)

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905492A (en) * 2019-04-24 2019-06-18 苏州浪潮智能科技有限公司 Operation safety management system and method based on distributed modular data center
CN110162977A (en) * 2019-04-24 2019-08-23 北京邮电大学 A kind of Android vehicle-mounted terminal system leakage location and method
CN110380925A (en) * 2019-06-28 2019-10-25 中国科学院信息工程研究所 A kind of network equipment detection middle port selection method and system
CN110661808A (en) * 2019-09-29 2020-01-07 国家计算机网络与信息安全管理中心 Asset detection-based host vulnerability rapid scanning method and device
CN111010405A (en) * 2019-12-30 2020-04-14 上海电子信息职业技术学院 SaaS-based website security monitoring system
CN111130947A (en) * 2019-12-30 2020-05-08 成都科来软件有限公司 Network space mapping method based on service verification
CN111131429A (en) * 2019-12-19 2020-05-08 北京安华金和科技有限公司 Efficient and accurate database service discovery method
CN111178760A (en) * 2019-12-30 2020-05-19 成都烽创科技有限公司 Risk monitoring method and device, terminal equipment and computer readable storage medium
CN111245643A (en) * 2019-12-31 2020-06-05 贵州电网有限责任公司 IT asset monitoring method and system
CN111586033A (en) * 2020-03-07 2020-08-25 浙江齐治科技股份有限公司 Asset data middle platform of data center
CN111818024A (en) * 2020-06-23 2020-10-23 广州锦行网络科技有限公司 Network asset information collecting and monitoring system
CN111865724A (en) * 2020-07-28 2020-10-30 公安部第三研究所 Information acquisition control implementation method for video monitoring equipment
CN112003884A (en) * 2019-05-27 2020-11-27 北京白帽汇科技有限公司 Network asset acquisition and natural language retrieval method
CN112202629A (en) * 2020-09-11 2021-01-08 智网安云(武汉)信息技术有限公司 Network asset monitoring method and network asset monitoring device
CN112364355A (en) * 2020-11-12 2021-02-12 中国石油天然气集团有限公司 Method for actively discovering distributed self-built system and scanning security vulnerability
CN112398782A (en) * 2019-08-15 2021-02-23 北京国双科技有限公司 Network asset identification method, device, medium and equipment
CN112565287A (en) * 2020-12-18 2021-03-26 深信服科技股份有限公司 Asset exposure surface determining method and device, firewall and storage medium
CN112905288A (en) * 2021-03-08 2021-06-04 北京华顺信安信息技术有限公司 Method for hierarchically displaying asset attributes
CN113067818A (en) * 2021-03-18 2021-07-02 中电运行(北京)信息技术有限公司 Probe distribution method and device based on network asset checking
CN113810393A (en) * 2021-09-03 2021-12-17 杭州安恒信息技术股份有限公司 Industrial internet vulnerability scanning platform and scanning method
CN113839833A (en) * 2021-09-24 2021-12-24 北京天融信网络安全技术有限公司 Method and device for identifying silent equipment, computer equipment and storage medium
CN114025014A (en) * 2021-10-29 2022-02-08 北京恒安嘉新安全技术有限公司 Asset detection method and device, electronic equipment and storage medium
CN114500024A (en) * 2022-01-19 2022-05-13 恒安嘉新(北京)科技股份公司 Network asset management method, device, equipment and storage medium
CN114584477A (en) * 2022-02-10 2022-06-03 烽台科技(北京)有限公司 Industrial control asset detection method and device, terminal and storage medium
CN114584486A (en) * 2022-02-23 2022-06-03 滨州东方地毯有限公司 Distributed network asset scanning detection platform and scanning detection method
CN114826726A (en) * 2022-04-22 2022-07-29 南方电网数字电网研究院有限公司 Network asset vulnerability detection method and device, computer equipment and storage medium
CN115296891A (en) * 2022-08-02 2022-11-04 中国电子科技集团公司信息科学研究院 Data detection system and data detection method
CN115348197A (en) * 2022-06-10 2022-11-15 国网思极网安科技(北京)有限公司 Network asset detection method and device, electronic equipment and storage medium
CN115412471A (en) * 2022-07-12 2022-11-29 广州大学 Distributed stateless port scanning method
CN115549945A (en) * 2022-07-29 2022-12-30 浪潮卓数大数据产业发展有限公司 Information system security state scanning system and method based on distributed architecture
CN115567425A (en) * 2022-08-22 2023-01-03 清华大学 Internet distributed active detection method and system
CN115695044A (en) * 2022-11-29 2023-02-03 贵州电网有限责任公司 IT asset safety control platform and management method
CN116318824A (en) * 2023-01-09 2023-06-23 广州云峰信息科技有限公司 Web attack trapping system
CN117640258A (en) * 2024-01-25 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 Protection method, device, equipment and storage medium for network asset mapping

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180103054A1 (en) * 2016-10-10 2018-04-12 BugCrowd, Inc. Vulnerability Detection in IT Assets by utilizing Crowdsourcing techniques
CN108712396A (en) * 2018-04-27 2018-10-26 广东省信息安全测评中心 Networked asset management and loophole governing system
CN108769064A (en) * 2018-06-26 2018-11-06 广东电网有限责任公司信息中心 Realize the distributed asset identification and change cognitive method and system that loophole is administered

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180103054A1 (en) * 2016-10-10 2018-04-12 BugCrowd, Inc. Vulnerability Detection in IT Assets by utilizing Crowdsourcing techniques
CN108712396A (en) * 2018-04-27 2018-10-26 广东省信息安全测评中心 Networked asset management and loophole governing system
CN108769064A (en) * 2018-06-26 2018-11-06 广东电网有限责任公司信息中心 Realize the distributed asset identification and change cognitive method and system that loophole is administered

Cited By (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110162977A (en) * 2019-04-24 2019-08-23 北京邮电大学 A kind of Android vehicle-mounted terminal system leakage location and method
CN109905492A (en) * 2019-04-24 2019-06-18 苏州浪潮智能科技有限公司 Operation safety management system and method based on distributed modular data center
CN110162977B (en) * 2019-04-24 2020-12-04 北京邮电大学 Android vehicle-mounted terminal system vulnerability detection system and method
CN109905492B (en) * 2019-04-24 2020-10-02 苏州浪潮智能科技有限公司 Safety operation management system and method based on distributed modular data center
CN112003884A (en) * 2019-05-27 2020-11-27 北京白帽汇科技有限公司 Network asset acquisition and natural language retrieval method
CN112003884B (en) * 2019-05-27 2024-04-16 北京白帽汇科技有限公司 Method for collecting network assets and retrieving natural language
CN110380925A (en) * 2019-06-28 2019-10-25 中国科学院信息工程研究所 A kind of network equipment detection middle port selection method and system
CN112398782A (en) * 2019-08-15 2021-02-23 北京国双科技有限公司 Network asset identification method, device, medium and equipment
CN110661808A (en) * 2019-09-29 2020-01-07 国家计算机网络与信息安全管理中心 Asset detection-based host vulnerability rapid scanning method and device
CN111131429B (en) * 2019-12-19 2022-03-08 北京安华金和科技有限公司 Efficient and accurate database service discovery method
CN111131429A (en) * 2019-12-19 2020-05-08 北京安华金和科技有限公司 Efficient and accurate database service discovery method
CN111178760A (en) * 2019-12-30 2020-05-19 成都烽创科技有限公司 Risk monitoring method and device, terminal equipment and computer readable storage medium
CN111130947A (en) * 2019-12-30 2020-05-08 成都科来软件有限公司 Network space mapping method based on service verification
CN111010405A (en) * 2019-12-30 2020-04-14 上海电子信息职业技术学院 SaaS-based website security monitoring system
CN111130947B (en) * 2019-12-30 2021-11-30 成都科来网络技术有限公司 Network space mapping method based on service verification
CN111010405B (en) * 2019-12-30 2021-10-22 上海电子信息职业技术学院 SaaS-based website security monitoring system
CN111245643A (en) * 2019-12-31 2020-06-05 贵州电网有限责任公司 IT asset monitoring method and system
CN111586033A (en) * 2020-03-07 2020-08-25 浙江齐治科技股份有限公司 Asset data middle platform of data center
CN111818024A (en) * 2020-06-23 2020-10-23 广州锦行网络科技有限公司 Network asset information collecting and monitoring system
CN111865724A (en) * 2020-07-28 2020-10-30 公安部第三研究所 Information acquisition control implementation method for video monitoring equipment
CN112202629A (en) * 2020-09-11 2021-01-08 智网安云(武汉)信息技术有限公司 Network asset monitoring method and network asset monitoring device
CN112202629B (en) * 2020-09-11 2023-08-25 智网安云(武汉)信息技术有限公司 Network asset monitoring method and network asset monitoring device
CN112364355B (en) * 2020-11-12 2024-03-29 中国石油天然气集团有限公司 Method for actively discovering distributed self-built system and scanning security holes
CN112364355A (en) * 2020-11-12 2021-02-12 中国石油天然气集团有限公司 Method for actively discovering distributed self-built system and scanning security vulnerability
CN112565287A (en) * 2020-12-18 2021-03-26 深信服科技股份有限公司 Asset exposure surface determining method and device, firewall and storage medium
CN112905288A (en) * 2021-03-08 2021-06-04 北京华顺信安信息技术有限公司 Method for hierarchically displaying asset attributes
CN113067818A (en) * 2021-03-18 2021-07-02 中电运行(北京)信息技术有限公司 Probe distribution method and device based on network asset checking
CN113067818B (en) * 2021-03-18 2022-07-01 中电运行(北京)信息技术有限公司 Probe distribution method and device based on network asset checking
CN113810393A (en) * 2021-09-03 2021-12-17 杭州安恒信息技术股份有限公司 Industrial internet vulnerability scanning platform and scanning method
CN113839833A (en) * 2021-09-24 2021-12-24 北京天融信网络安全技术有限公司 Method and device for identifying silent equipment, computer equipment and storage medium
CN113839833B (en) * 2021-09-24 2023-12-05 北京天融信网络安全技术有限公司 Identification method and device of silent equipment, computer equipment and storage medium
CN114025014A (en) * 2021-10-29 2022-02-08 北京恒安嘉新安全技术有限公司 Asset detection method and device, electronic equipment and storage medium
CN114025014B (en) * 2021-10-29 2024-01-30 北京恒安嘉新安全技术有限公司 Asset detection method and device, electronic equipment and storage medium
CN114500024A (en) * 2022-01-19 2022-05-13 恒安嘉新(北京)科技股份公司 Network asset management method, device, equipment and storage medium
CN114500024B (en) * 2022-01-19 2024-03-22 恒安嘉新(北京)科技股份公司 Network asset management method, device, equipment and storage medium
CN114584477B (en) * 2022-02-10 2023-06-27 烽台科技(北京)有限公司 Industrial control asset detection method, device, terminal and storage medium
CN114584477A (en) * 2022-02-10 2022-06-03 烽台科技(北京)有限公司 Industrial control asset detection method and device, terminal and storage medium
CN114584486A (en) * 2022-02-23 2022-06-03 滨州东方地毯有限公司 Distributed network asset scanning detection platform and scanning detection method
CN114584486B (en) * 2022-02-23 2023-09-29 滨州东方地毯有限公司 Distributed network asset scanning detection platform and scanning detection method
CN114826726B (en) * 2022-04-22 2024-02-23 南方电网数字电网研究院有限公司 Network asset vulnerability detection method, device, computer equipment and storage medium
CN114826726A (en) * 2022-04-22 2022-07-29 南方电网数字电网研究院有限公司 Network asset vulnerability detection method and device, computer equipment and storage medium
CN115348197B (en) * 2022-06-10 2023-07-21 国网思极网安科技(北京)有限公司 Network asset detection method and device, electronic equipment and storage medium
CN115348197A (en) * 2022-06-10 2022-11-15 国网思极网安科技(北京)有限公司 Network asset detection method and device, electronic equipment and storage medium
CN115412471A (en) * 2022-07-12 2022-11-29 广州大学 Distributed stateless port scanning method
CN115549945A (en) * 2022-07-29 2022-12-30 浪潮卓数大数据产业发展有限公司 Information system security state scanning system and method based on distributed architecture
CN115549945B (en) * 2022-07-29 2023-10-31 浪潮卓数大数据产业发展有限公司 Information system security state scanning system and method based on distributed architecture
CN115296891B (en) * 2022-08-02 2023-12-22 中国电子科技集团公司信息科学研究院 Data detection system and data detection method
CN115296891A (en) * 2022-08-02 2022-11-04 中国电子科技集团公司信息科学研究院 Data detection system and data detection method
CN115567425A (en) * 2022-08-22 2023-01-03 清华大学 Internet distributed active detection method and system
CN115695044A (en) * 2022-11-29 2023-02-03 贵州电网有限责任公司 IT asset safety control platform and management method
CN116318824A (en) * 2023-01-09 2023-06-23 广州云峰信息科技有限公司 Web attack trapping system
CN117640258A (en) * 2024-01-25 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 Protection method, device, equipment and storage medium for network asset mapping
CN117640258B (en) * 2024-01-25 2024-04-26 远江盛邦(北京)网络安全科技股份有限公司 Protection method, device, equipment and storage medium for network asset mapping

Similar Documents

Publication Publication Date Title
CN109525427A (en) Distributed assets information detection method and system
CN109327461A (en) Distributed asset identification and change cognitive method and system
CN108769064A (en) Realize the distributed asset identification and change cognitive method and system that loophole is administered
CN108712396A (en) Networked asset management and loophole governing system
CN108183895B (en) Network asset information acquisition system
CN108011893A (en) A kind of asset management system based on networked asset information gathering
CN110324310A (en) Networked asset fingerprint identification method, system and equipment
Debar et al. Aggregation and correlation of intrusion-detection alerts
US6704874B1 (en) Network-based alert management
US8108930B2 (en) Secure self-organizing and self-provisioning anomalous event detection systems
US7171689B2 (en) System and method for tracking and filtering alerts in an enterprise and generating alert indications for analysis
CN104509034B (en) Pattern merges to identify malicious act
Haddadi et al. Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification
CN106888106A (en) The extensive detecting system of IT assets in intelligent grid
Burbeck et al. Adwice–anomaly detection with real-time incremental clustering
US20100162350A1 (en) Security system of managing irc and http botnets, and method therefor
CN113691566B (en) Mail server secret stealing detection method based on space mapping and network flow statistics
CN108900527A (en) A kind of security configuration check system
CN112887268B (en) Network security guarantee method and system based on comprehensive detection and identification
CN114679292B (en) Honeypot identification method, device, equipment and medium based on network space mapping
CN108600260A (en) A kind of industry Internet of Things security configuration check method
CN102906756A (en) Security threat detection associated with security events and actor category model
CN114611576A (en) Accurate identification technology for terminal equipment in power grid
CN114978614A (en) IP asset rapid scanning processing system
KR102314557B1 (en) System for managing security control and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190326