CN109525427A - Distributed assets information detection method and system - Google Patents
Distributed assets information detection method and system Download PDFInfo
- Publication number
- CN109525427A CN109525427A CN201811341226.2A CN201811341226A CN109525427A CN 109525427 A CN109525427 A CN 109525427A CN 201811341226 A CN201811341226 A CN 201811341226A CN 109525427 A CN109525427 A CN 109525427A
- Authority
- CN
- China
- Prior art keywords
- task
- detection
- data
- information
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/042—Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of distribution assets information detection method and system, including in multiple networked asset information collection subsystems of different zones distributed deployment and the distributed task dispatching and data process subsystem of the multiple networked asset information collection subsystem of connection, based on distributed structure/architecture, the distributed task dispatching and data process subsystem are by Task-decomposing, and the task of decomposition is assigned in suitable resource by task schedule, task distribution and processing are realized for multiple nodes, the distributed of realization task executes, assets information detection and perception are executed in a distributed manner, and data storage and management subordinate is together.The distribution assets information detection method and system can in time, reliably detect the mobile host computers for finding specific multiple network areas, collect assets information, the function that provides the foundation is perceived for the change of assets, is also beneficial to quick, accurate discovery so as to the security breaches of timely restoration information system.
Description
Technical field
The present invention relates to networked asset information security, especially a kind of distributed assets information detection method and system.
Background technique
Information systems internetting space is made of countless nodes, each node be one access network IT assets (or
Claim information assets), information assets include host operating system, the network equipment, safety equipment, database, middleware, using group
Part.Information assets is most basic most important carrier in information security management.With going from strength to strength for intra-enterprise business, business
Information-based high speed development, various businesses support platform and management system become increasingly complex, and information assets such as server, storage are set
The standby, network equipment, safety equipment quantity are cumulative, and type is also more and more abundant, bring the Assets Management of administrator
More difficult.Over time, a large amount of dereliction assets, corpse assets are produced, these assets long-time unmanned maintenances cause to deposit
In more known bugs and configuration violation.More seriously these assets are difficult to be included within the scope of administrator's daily maintenance,
Very big hidden danger is brought for enterprise security, becomes the weakness of enterprise information security.
By taking Guangdong Power Grid as an example, common power information equipment, as server, interchanger, router, power communication are whole
End, intelligent transformer equipment etc. will affect the normal confession of the normal acquisition and electrical power services of power information once safety problem occurs
It answers, not only brings inconvenience to the daily production and living of people, will also result in great economic loss.
Currently, country is higher and higher to the attention degree of network security, and effective management of IT assets is just more important.IT money
Production is most basic most important carrier in information security management, differentiates IT assets, grasps to comprehensive no dead angle assets information meaning
Justice is great.Meanwhile on the basis of finding out assets information, whether the protection of the dangerous risk in awareness network space is effective, such as
Influence of the service that the network equipment is run with the presence or absence of known bugs and physical address, the loophole newly exposed to the network equipment
How range carries out the information such as repairing for known bugs, this safe condition that will be helpful to accurately grasp enterprise is simultaneously effective
It solves to threaten risk.
Summary of the invention
It is a primary object of the present invention in view of the deficiencies of the prior art, provide a kind of distributed assets information detection method
With system.
To achieve the above object, the invention adopts the following technical scheme:
A kind of distribution assets information detection system, including multiple networked asset information in different zones distributed deployment
The distributed task dispatching and data processing subsystem of collection subsystem and the multiple networked asset information collection subsystem of connection
System is based on distributed structure/architecture, and Task-decomposing is passed through task schedule by the distributed task dispatching and data process subsystem
The task of decomposition is assigned in suitable resource, task distribution and processing is realized for multiple nodes, realizes the distribution of task
Formula executes, and executes assets information detection and perception in a distributed manner, and data storage and management subordinate is together.
Further:
The networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with
Detect the OS Type of remote target host;
Application component fingerprint-collection module is configured to version, service that discovery includes web application or component
One of port, protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, be configured to networked hosts and
The fragility of application system carries out perception analysis, to find the tender spots of operating system, service, application component, finds networking master
Machine, its system, service, loophole that may be present in application component.
The basic information collection module receives answer number by sending a series of TCP and UDP message packet to destination host
According to packet, and each of reply data packet data item is detected, then compared with fingerprint database, detected far by analyzing comparison
The OS Type of journey destination host.
The basic information collection module includes:
Detecting host submodule is configured to inquire IP address library according to setting strategy for objective area and be converted into IP
Range sets multiple scan procedures and/or thread according to scanning, detects target machine corresponding port, each port receives one kind
Legal response packet, then judge open-ended, only one open port of each host then judges that host is survived, will deposit
The IP of host living, the port of opening and protocol information are stored in mobile host computers library;Preferably, the setting strategy includes scanning target
Area, scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule is configured to pass the specific detection packet of transmission, find each node in network with
And their interconnected relationships;Preferably, the node includes router and host;
System fingerprint information collects submodule, is configured to utilize the finger for establishing different operating system, different agreement stack
Line database detects TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information;
It services finger print information and collects submodule, be configured to be sent to from the corresponding detection fingerprint of service fingerprint base selection
Corresponding port is matched by the fingerprint in the packet of return, is judged whether containing corresponding component.
The system fingerprint information collect submodule identified using ICP/IP protocol stack fingerprint different operating system and
Equipment, it is preferable that the system fingerprint information is collected submodule and is configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of known system is established, this fingerprint characteristic is stored in system fingerprint library, is made
For the sample database of fingerprint comparison;
Systems scan task is set, selects the destination host of detecting, then activation system detection task;The task is chosen respectively
An opening and a port closed are selected, is sent to it by pre-set TCP/UDP/ICMP data packet, detection is returned
The data packet returned simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is from mobile host computers
Selection;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
The application component fingerprint-collection module by carry out based on Web service, service end instruction, Web Development Framework,
One of Web application, front end library and third party's component recognition a variety of collect finger print information.
Web Development Framework wherein is identified by using Component service Detection Techniques, wherein detecting by the application component page
Which kind of language technology and Component service Detection Techniques detection Web site backstage use, wherein detecting skill by the serviced component page
Art is applied to detect Web, and one or several pages of preferably crawl website match corresponding to differentiate to the fingerprint of fingerprint base
Web application, wherein using page Detection Techniques detect the space Web, preferably page Detection Techniques include pass through the page
CLASSID identified.
The fragility sensing module carries out system vulnerability scanning, database vulnerability scanning, in Web application vulnerability scanning
It is one or more;Preferably, the vulnerability database that the fragility sensing module is established by backstage carries out certainly the loophole scanned
Dynamic matching, and automatically confirm that the CVE number of loophole and whether have Land use systems.
Vulnerability scanning is based on Port Scanning Technology, on the port and port that destination host unlatching is learnt after port scan
Network service, these relevant informations are matched with the vulnerability database being provided previously, wherein by simulation this system is attacked
Hitter's method is checked whether with the presence of the loophole for meeting matching condition;Preferably, aggressive safety is carried out to target host systems
Vulnerability scanning, it is preferred to use test weak tendency password, if simulation success attack, showing target host systems, there are security breaches.
Using rule-based matching technique, the network system vulnerability database of formation constitutes corresponding on basis herein
With rule, the work of vulnerability scanning is carried out automatically by scanner program, if being matched the condition of satisfaction, be considered as there are loophole,
Client is returned the result to after the completion of detection;Preferably, if the rule not being matched, forbid the network connection of system;It is excellent
Selection of land, loophole data are separated from scan code, to be updated to scanning engine.
The networked asset information collection subsystem further includes with the one or more of lower module:
Task management module is configured to receive assignment instructions, dispatches multiple collection modules by strategy and completes corresponding appoint
Business dynamically monitors the running state information of each collection module in real time and carries out the load balancing and allotment of task in real time,
To guarantee that each collection module can reasonably work;
Data filtering module is configured to pass acquisition strategies and matches to initial data, to the data of redundancy into
Row filtering;
Data transmission module, data will be acquired by being configured to is sent to and the networked asset information by hidden subnet
The management subsystem of collection subsystem connection.
The distribution assets information detection system further include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and is data manipulation people
Member provides human-computer interaction interface and carries out corresponding business operation;
Preferably, management end accesses distributed data source by polling mechanism, and the asynchronous returned data of server connects in data
In receipts, management Platform Requirements carry out poll periodically with an informing mechanism and a monitoring establishment and come from data-interface service
New data are added to response data by data receiver processing service and deposited by the response of module after having new data to return
It stores up in file.
A kind of distribution assets information detection method, using the distributed assets information detection system, by not
Assets information is collected with the operation detection of multiple networked asset information collection subsystems of region distributed deployment.
Preferably, following distributed task dispatching is carried out using the distributed task dispatching and data process subsystem,
It includes the following steps:
1) when mission dispatching, system detection task size will consume biggish task automatically according to detection node information
It is divided into internal small task, and is put into task queue;
2) internal small task is taken out from task queue, passes to detection module node according to mission dispatching standard interface;
3) business detection module of each operation layer is provided which the task schedule interface of standard, by interface that mission dispatching is sub
Task parameters data are finally transmitted to each operation layer according to interface specification by module, and the correctness of validation task supplemental characteristic
Detection node;
4) different when being handed down to the task of detection node and being unable to complete due to detection node server failure or network failure
Normal processing module continues to execute the issuing the detection node automatically of the task to other nodes;
5) last detection node reports progress according to interface specification, these progresses are summarized storage by progress summarizing module.
Beneficial effects of the present invention:
The present invention provides a kind of distributed assets information detection method and system, passes through multiple nets of wherein distributed deployment
Network assets information collection subsystem can in time, reliably detect the mobile host computers for finding specific multiple network areas, collect money
Information is produced, including realizing the collection to its operating system and application component information, and data storage and management subordinate is together, side
Just it is uniformly processed and shows data;Meanwhile task distribution formula is executed, Task-decomposing is passed through by using distributed structure/architecture
The task of decomposition is assigned in suitable resource by task schedule, to multiple nodes realize intelligence task distribution, load balancing,
Abnormality processing, progress summarize, result summarizes, and realize the distributed of task executes, and such as distribution executes assets perception and assets
Information exception processes improve processing capacity.The present invention passes through the detection of distributed assets, identifies known and unknown assets, and receive
Collect asset attribute information, perceives the function that provides the foundation for the change of assets.
It further, can also be by the fragility sensing module in networked asset information collection subsystem, based on detection
The case where carry out targetedly vulnerability information and collect, perception analysis, hair are carried out to the fragility of networked hosts and application system
The now tender spots of operating system, service, application component provides data supporting for penetration attack/test and using resource, finally seeks
Find out networked hosts, its system, service, loophole that may be present in application component.Networked asset information in the present invention is collected
Subsystem can accurately and reliably find the security breaches of networked information system, to realize that loophole is quickly administered, repair in time
The security breaches of information system provide advantage and good guarantee.
Detailed description of the invention
Fig. 1 is the structural block diagram of the distributed assets information detection system of an embodiment of the present invention;
Fig. 2 is the structural block diagram of the networked asset information collection subsystem in an embodiment of the present invention;
Fig. 3 is the vulnerability scanning system assumption diagram based on network system vulnerability database in the preferred embodiment of the present invention;
Fig. 4 is the stream that distributed task dispatching is carried out in the distributed assets information detection method of the preferred embodiment of the present invention
Cheng Tu;
Fig. 5 present invention realizes asset identification and changes the basic structure block diagram of the embodiment of sensory perceptual system;
Fig. 6 is the flow chart for the change perception that an embodiment of the present invention carries out Asset Attributes.
Specific embodiment
It elaborates below to embodiments of the present invention.It is emphasized that following the description is only exemplary,
The range and its application being not intended to be limiting of the invention.
Refering to fig. 1, in one embodiment, a kind of distributed assets information detection system, is included in different zones distribution
Multiple networked asset information collection subsystems of formula deployment and the distribution for connecting the multiple networked asset information collection subsystem
Formula task schedule and data process subsystem are based on distributed structure/architecture, the distributed task dispatching and data process subsystem
The task of decomposition is assigned in suitable resource by Task-decomposing, and by task schedule, realizes task for multiple nodes
Distribution and processing realize that the distributed of task executes, and execute assets information detection and perception, and data storage and pipe in a distributed manner
Manage subordinate together.
By using distributed structure/architecture, Task-decomposing is passed through task schedule by the distribution assets information detection system
The task of decomposition is assigned in suitable resource, multiple nodes are realized with task distribution, the load balancing, exception of intelligence
Reason, progress summarizes, result summarizes, and realizes that the distributed of task executes, such as distribution executes the perception of assets and assets information becomes
It more handles, improves processing capacity.
The present invention passes through the detection of distributed assets, and identification is known and unknown assets, and collects asset attribute information, also for
The change of assets perceives the function that provides the foundation.
Referring to Fig.2, in a preferred embodiment, the networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with
Detect the OS Type of remote target host;
Application component fingerprint-collection module is configured to version, service that discovery includes web application or component
One of port, protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, be configured to networked hosts and
The fragility of application system carries out perception analysis, to find the tender spots of operating system, service, application component, finds networking master
Machine, its system, service, loophole that may be present in application component.
Based on preferred embodiment, it can establish loophole and administer control platform, according to system type and application component, carry out needle
The vulnerability information of property is collected.
In some embodiments, networked asset information collection subsystem collects (including master by using network foundation information
Machine discovery, port scan, operating system are detected, using detecting and IP address library) and fragility cognition technology, it can be found that specific
Mobile host computers in network area, and realize and its OS Type and version, application component type and version information are collected,
Targetedly vulnerability information is carried out according to system type and application component to collect.
In some embodiments, IP address positioning, detecting host and port can be used in networked asset information collection subsystem
Scanning, operating system and application type detecting, network application scanning, vulnerability scanning, advanced escape technology (AET), firewall/
IDS such as evades at the technologies, realizes networked asset information collection.
In an exemplary embodiment, networked asset information collection subsystem includes basic information collection module, application component
Fingerprint-collection module and fragility sensing module.
(1) basic information collection module
This module is configured to discovery networked hosts, and carries out the fingerprint recognition of host operating system.By to target
Host sends a series of TCP and UDP message packet, receives reply data packet, and detect each of reply data packet data item,
It is compared again with fingerprint database, the OS Type of remote target host can be detected finally by analysis comparison.
In a preferred embodiment, basic information collection module specifically includes:
Detecting host submodule: detecting host module sets strategy, including scanning objective area, scanning association according to user
View, port range, the scanning technique used and evade technology etc., inquires IP address library for objective area and be converted into IP range, root
It is scanned into (line) journey according to scanning setting is multiple, detects target machine corresponding port, each port receives legal time a kind of
It should wrap, then judge open-ended, only one open port of each host then judges that host is survived, by the IP for host of surviving, opens
The port put and protocol information are stored in mobile host computers library.
Topology Discovery submodule: network topology is a kind of table of interconnecting relation between each entity interconnected in network
Show.Topological structure is usually modeled as a figure, and equipment (router, host etc.) is represented with node, is represented and is connected with Bian Lai
Relationship (physically or logically).Topology Discovery be by sending specific detection packet, find each node in network and it
Interconnected relationship.
System fingerprint information collects submodule: utilizing the fingerprint database for establishing different operating system, different agreement stack, inspection
Survey TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information.
It is preferable to use ICP/IP protocol stack fingerprints for this system to identify different operating system and equipment.In RFC specification,
There is no mandatory provisions for some realizations of place to TCP/IP, thus may have the specific of oneself in different TCP/IP schemes
Mode.This system is mainly that the type of operating system is judged according to the difference in these details.In preferred embodiment
In, specific implementation is as follows:
Firstly, analysis sorts of systems feature, establishes the fingerprint characteristic of known system, this fingerprint characteristic is stored in system fingerprint
Library, the sample database as fingerprint comparison;
Systems scan task is set, the destination host (preferably selecting from mobile host computers, avoid ineffective detection) of detecting is selected,
Then activation system detection task;The task selects an opening (open) respectively and closes the port of (closed), Xiang Qifa
The excessively pre-set TCP/UDP/ICMP data packet of the warp let-off generates a system fingerprint according to the data packet of return;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
If can not match, possible system is enumerated with Probability Forms.
Service finger print information collects submodule: choosing corresponding detection fingerprint since servicing fingerprint base and is sent to accordingly
Fingerprint matching judges whether containing corresponding component in the packet that port passes through return.
(2) application component fingerprint-collection module
This module is configured to version, serve port, protocol interaction feature of discovery web application or component etc. and refers to
Line information.
This module can be supported to service end instruction, Web Development Framework, Web application, front end library and third party based on Web service
The identification such as component.
Web Development Framework is a kind of service routine, and server externally provides service by some port, is handled from client
The request of sending, such as the Tomcat container in JAVA, IIS the or PWS frame of ASP, this module is detected by using Component service
Technology can identify Web Development Framework, for example can detect Tomcat frame by sending finger print information " URI/status ".
Application component page Detection Techniques and service Component service Detection Techniques detection Web site backstage can be used in this module
Using which kind of language, specific method includes passing through meta information, script label, header information, session, error
The fingerprints such as page, certain contents including webpage judge.
Serviced component page Detection Techniques can be used to realize the detection of Web application in this module.By grab website one
A or several pages match with the fingerprint of fingerprint base and can differentiate corresponding web application.
The page Detection Techniques detection space Web can be used.For example, being identified by the CLASSID of the page etc.
(3) fragility sensing module
This module is configured to perceive the fragility of networked hosts and application system, analyze, discovery operating system,
It services, the tender spots of application component, integrated system vulnerability scanning, database vulnerability scanning, Web application vulnerability scanning etc. are a variety of
Whether tool can carry out Auto-matching to loophole by the vulnerability database that backstage is established, and automatically confirm that the CVE number of loophole with
There are Land use systems.
In a preferred embodiment, the vulnerability scanning architecture based on network system vulnerability database is as shown in Figure 3.
Vulnerability-scanning technology is built upon on the basis of Port Scanning Technology.From the analysis and collection to attack
From the point of view of loophole, the overwhelming majority is both for some network service, that is, is directed to some specific port.Therefore, exist
In preferred embodiment, the Vulnerability-scanning technology used is scanned with thinking same as Port Scanning Technology to carry out.Vulnerability scanning
Technology preferably checks destination host with the presence or absence of loophole by the following method: learning what destination host was opened after port scan
Network service on port and port, the vulnerability database progress that these relevant informations and Network Vulnerability Scanning System are provided
Match.By simulating the attacking ways to this system, check whether with the presence of the loophole for meeting matching condition.Preferably, to target
Host system carries out aggressive security scan, such as test weak tendency password.If simulating success attack, show target master
There are security breaches for machine system.
This system uses rule-based matching technique, i.e., according to security expert to network system security loophole, Hei Kegong
The practical experience that the analysis and system manager for hitting case configure network system security forms the leakage of standard set network system
Cave depot constitutes corresponding matching rule on basis herein, the work of vulnerability scanning is initiatively carried out by scanner program.Preferably
Forbid the network connection of system if the rule not being matched in ground.
In preferred embodiment, matched by the system vulnerability library that vulnerability scanning system provides, if meeting condition, depending on
For there are loopholes.Client is returned the result to after the completion of the detection of server, and generates intuitive report.In server end
Rule match library can be the set of many shared routings, store various scanning attack methods.Loophole data are from scan code
Separation, enables users to voluntarily be updated scanning engine.
In a more preferred embodiment, present networks assets information collection subsystem can also include task management module.
(4) task management module
Task management module is configured to receive assignment instructions, and dispatches multiple collection modules and complete corresponding appoint by strategy
Business, task management module need dynamically to monitor in real time the running state information of each collection module and carry out task in real time
Load balancing and allotment, to guarantee that each collection module can reasonably work.
In a more preferred embodiment, present networks assets information collection subsystem can also include data filtering module.
(5) data filtering module
Data filtering module is configured to match initial data by acquisition strategies, carries out to the data of redundancy
Filter.
In a more preferred embodiment, present networks assets information collection subsystem can also include data transmission module.
(6) data transmission module
Data transmission module, which is configured, is sent to management subsystem by hidden subnet for acquisition data.
Distributed assets information detection system of the invention uses the networked asset information collection subsystem of above-described embodiment,
The mobile host computers of the detectable discovery particular network area of networked asset information collection subsystem, and realize to its operating system and answer
It with the collection of module information, and carries out targetedly vulnerability information and collects, provide data branch for subsequent penetration attack/test
It supports and utilizes resource, so that distributed assets information detection system of the invention can much sooner, effectively, reliably, accurately
Networked asset information is acquired, so as to preferably find simultaneously the security breaches of restoration information system in time.
In a preferred embodiment, the distributed assets information detection system can also include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and is data manipulation people
Member provides human-computer interaction interface and carries out corresponding business operation;
It is highly preferred that management end accesses distributed data source, the asynchronous returned data of server, in data by polling mechanism
In reception, management Platform Requirements have an informing mechanism and monitorings set up come periodically poll from data-interface clothes
The response for module of being engaged in handles service by data receiver and new data is added to response data after having new data to return
In storage file.
In addition, the distribution assets information detection system can also include:
Bug excavation subsystem is configured and provides bug excavation tool, constructs the general operations environment of bug excavation, real
Now to the bug excavation of destination OS and target application software;
Vulnerability exploit verifies subsystem, is configured and provides the verification environment of building loophole and vulnerability exploit method, to leakage
Hole is verified using sample, and assesses the effect of vulnerability exploit;
Security tool subsystem, is configured offer security tool, including for destination OS and target application into
Row penetration attack, and realize that long-term control is kept.
Preferably but not compulsorily, as shown in Fig. 2, distributed assets information detection system of the invention includes networked asset
Information collection subsystem and management subsystem.Specifically, management subsystem can provide to information gathering subsystem, bug excavation
The results such as system, vulnerability exploit verifying subsystem, security tool carry out the ability of data displaying, can also carry out to above system
Operation management, while the work system of a query analysis is provided, this system includes the task of a regulation management mode
A series of analysis tool of processing environment and man-machine interactives allows analysis personnel that can complete various data by it and analyzes
Task.In addition, there is system individual operation desktop (workbench) and converging information for different rights user to show interface.
It is shown eventually by the configuration management in the complete paired data area of the system and the analysis of Various types of data and report, and is data manipulation people
Member provides human-computer interaction interface and carries out corresponding business operation.
Preferably but not compulsorily, distributed assets information detection system of the invention can further include including leakage
Excavate subsystem in hole.Bug excavation subsystem is based on typical bug excavation technological means, by integrated bug excavation tool and
The bug excavation tool for developing customization, constructs the general operations environment of bug excavation, and destination OS and target are answered in realization
Vulnerability exploit sample is developed with the bug excavation of software, and for newfound loophole.
Preferably but not compulsorily, distributed assets information detection system of the invention can further include including leakage
Hole utilizes verifying subsystem.The verification environment that loophole and vulnerability exploit method can be constructed verifies vulnerability exploit sample,
And assess the effect of vulnerability exploit.
Preferably but not compulsorily, distributed assets information detection system of the invention can further include safe work
Has subsystem.Penetration attack can be carried out for destination OS and target application, and realize with customized development security tool
Long-term control is kept.
In further embodiments, a kind of distributed assets information detection method, uses the distributed assets information
Detection system is collected by the operation detection of multiple networked asset information collection subsystems in different zones distributed deployment
Assets information.
In a particular embodiment, distributed assets information detection system carries out the task schedule of assets security monitoring, calls
Each information acquisition module carries out various dimensions scanning to cyberspace IT assets, obtains software and hardware information, the port information of IT assets
Deng distributed data base finally is written in scanning result.The task that distributed scheduling completes whole system generates, task is distributed,
The functions such as task reception, task execution, abnormality processing, data statistics, task load equilibrium.
Refering to Fig. 4, it is preferable that carried out using distributed task dispatching above-mentioned and data process subsystem following distributed
Task schedule comprising following steps:
1) when mission dispatching, system detection task size will consume biggish task automatically according to detection node information
It is divided into internal small task, and is put into task queue;
2) internal small task is taken out from task queue, passes to detection module node according to mission dispatching standard interface;
3) business detection module of each operation layer is provided which the task schedule interface of standard, by interface that mission dispatching is sub
Task parameters data are finally transmitted to each operation layer according to interface specification by module, and the correctness of validation task supplemental characteristic
Detection node;
4) different when being handed down to the task of detection node and being unable to complete due to detection node server failure or network failure
Normal processing module continues to execute the issuing the detection node automatically of the task to other nodes;
5) last detection node reports progress according to interface specification, these progresses are summarized storage by progress summarizing module.
Refering to Fig. 5, in further embodiments, a kind of distribution assets information detection system realizes asset identification and change
More perceive.The system further includes asset data processing subsystem and asset library, and the networked asset information collection subsystem is received
The assets information of collection networking mobile host computers, the asset data processing subsystem are obtained from the networked asset information collection subsystem
The assets information of networking activity host is obtained, and it is carried out with the asset attribute information for passing through confirmation in the asset library is stored in
It compares, to realize automatically updating to the assets information of the networking survival host in the asset library.The asset identification and change
Cognitive method and system can it is comprehensive accurately, dynamically grasp assets information and its variation, significantly improve the network of assets
Risk, the accuracy of vulnerability assessment improve grasp situation and fast throughput to assets loophole, to significantly improve
To the response disposition to attack.
Refering to Fig. 6, in further embodiments, a kind of distribution assets information detection method uses above-described embodiment
System carries out asset identification and change perception, wherein the asset data processing subsystem collects son from the networked asset information
System obtains the assets information of networking activity host, and it is believed with the Asset Attributes for passing through confirmation in the asset library are stored in
Breath is compared, to realize automatically updating to the assets information of the networking survival host in the asset library.
In a preferred embodiment, networked asset information collection subsystem is by being recycled network foundation information collection mode
Collect networking activity host and asset attribute information;Asset data processing subsystem is obtained from networked asset information collection subsystem
Networking activity host and asset attribute information, and be compared with being stored in asset library by the Asset Attributes confirmed, with reality
Now networking survival host library is automatically updated and OS Type and version, application component type and version information etc.
Attribute automatically updates;
In a preferred embodiment, using the recursive call of asset identification technology, assets can be perceived with the attribute of change
Including OS Type and version, application component type and version, type of database and version, port, service;For really
The assets recognized, attribute are stored in asset library, and the information collection module of networked asset information collection subsystem is known using assets
Other technology, periodic cyclic are scanned desired asset, collect its attribute information, after collecting attribute, and are stored in asset library
Primitive attribute be compared, desired asset attribute such as changes, and data processing module will do it the update of asset library, it is ensured that money
Attribute information in product storehouse is newest;
In a preferred embodiment, survival assets change perception is carried out, by the recursive call of asset identification technology come real
It is existing;Wherein for the assets having confirmed that, state is stored in asset library, and using asset identification technology, periodic cyclic is to target
Assets are scanned, and detect whether its state survives, if it find that host is reactionless, then record current time, and modify it
Otherwise state keeps standing state, and increase time-to-live record.
The above content is combine it is specific/further detailed description of the invention for preferred embodiment, cannot recognize
Fixed specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs,
Without departing from the inventive concept of the premise, some replacements or modifications can also be made to the embodiment that these have been described,
And these substitutions or variant all shall be regarded as belonging to protection scope of the present invention.
Claims (10)
1. a kind of distribution assets information detection system, which is characterized in that including multiple nets in different zones distributed deployment
The distributed task dispatching and number of network assets information collection subsystem and the multiple networked asset information collection subsystem of connection
According to processing subsystem, it is based on distributed structure/architecture, the distributed task dispatching and data process subsystem lead to Task-decomposing
It crosses task schedule the task of decomposition is assigned in suitable resource, realizes task distribution and processing for multiple nodes, realize
The distributed of task executes, and executes assets information detection and perception in a distributed manner, and data storage and management subordinate is together;
Preferably, the networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with detection
The OS Type of remote target host out;
Application component fingerprint-collection module, be configured to version, serve port that discovery includes web application or component,
One of protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, is configured to networked hosts and application
The fragility of system carries out perception analysis, to find the tender spots of operating system, service, application component, find networked hosts, its
System, service, loophole that may be present in application component.
2. distribution assets information detection system as described in claim 1, which is characterized in that the basic information collection module
Include:
Detecting host submodule is configured to inquire IP address library according to setting strategy for objective area and be converted into IP range,
Multiple scan procedures and/or thread are set according to scanning, detect target machine corresponding port, each port receives one kind and meets rule
Response packet then, then judge open-ended, only one open port of each host then judges that host is survived, by host of surviving
IP, opening port and protocol information be stored in mobile host computers library;Preferably, setting strategy include scanning objective area,
Scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule is configured to pass the specific detection packet of transmission, find each node in network and it
Interconnected relationship;Preferably, the node includes router and host;
System fingerprint information collects submodule, is configured to utilize the fingerprint number for establishing different operating system, different agreement stack
According to library, TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information are detected;
It services finger print information and collects submodule, be configured to be sent to accordingly from the corresponding detection fingerprint of service fingerprint base selection
Port, matched, judged whether containing corresponding component by the fingerprint in the packet of return.
3. distribution assets information detection system as claimed in claim 2, which is characterized in that the system fingerprint information is collected
Submodule identifies different operating system and equipment using ICP/IP protocol stack fingerprint, it is preferable that the system fingerprint information
Submodule is collected to be configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of known system is established, this fingerprint characteristic is stored in system fingerprint library, as finger
The sample database of line comparison;
Systems scan task is set, selects the destination host of detecting, then activation system detection task;The task selects one respectively
The port of a opening and a closing, is sent to it by pre-set TCP/UDP/ICMP data packet, detects return
Data packet simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is selected from mobile host computers;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
4. distribution assets information detection system as described in any one of claims 1 to 3, which is characterized in that the application group
Part fingerprint-collection module is by carrying out based on Web service, service end instruction, Web Development Framework, Web application, front end library and third
One of square component recognition or it is a variety of collect finger print information, wherein being opened by using Component service Detection Techniques identification Web
Frame is sent out, wherein detecting which kind of Web site backstage uses by application component page Detection Techniques and Component service Detection Techniques
Language preferably grabs one or several pages of website wherein detecting Web application by serviced component page Detection Techniques
Matched with the fingerprint of fingerprint base to differentiate corresponding web application, wherein the space Web is detected using page Detection Techniques,
Preferably page Detection Techniques include being identified by the CLASSID of the page.
5. such as the described in any item distributed assets information detection systems of Claims 1-4, which is characterized in that the fragility
Sensing module carries out one of system vulnerability scanning, database vulnerability scanning, Web application vulnerability scanning or a variety of;Preferably,
The vulnerability database that the fragility sensing module is established by backstage carries out Auto-matching to the loophole scanned, and automatically confirms that leakage
The CVE in hole is numbered and whether is had Land use systems.
6. distribution assets information detection system as claimed in claim 5, which is characterized in that vulnerability scanning is based on port scan
Technology, learnt after port scan destination host open port and port on network service, by these relevant informations with
The vulnerability database being provided previously is matched, wherein having checked whether to meet matching item by simulation to the attacking ways of this system
The loophole of part exists;Preferably, aggressive security scan is carried out to target host systems, it is preferred to use test weak tendency mouth
It enables, if simulation success attack, showing target host systems, there are security breaches.
7. such as distributed assets information detection system described in claim 5 or 6, which is characterized in that use rule-based
With technology, the network system vulnerability database of formation constitutes corresponding matching rule on basis herein, is carried out automatically by scanner program
The work of vulnerability scanning is considered as there are loophole, detection returns the result to client after the completion if being matched the condition of satisfaction
End;Preferably, if the rule not being matched, forbid the network connection of system;Preferably, loophole data are divided from scan code
From to be updated to scanning engine.
8. distribution assets information detection system as described in any one of claim 1 to 7, which is characterized in that the network money
Producing information collection subsystem further includes with the one or more of lower module:
Task management module is configured to receive assignment instructions, dispatches multiple collection modules by strategy and completes corresponding task, moves
It monitors to state the running state information of each collection module in real time and carries out the load balancing and allotment of task in real time, to guarantee
Each collection module can reasonably work;
Data filtering module is configured to pass acquisition strategies and matches to initial data, carries out to the data of redundancy
Filter;
Data transmission module, data will be acquired by being configured to is sent to and networked asset information collection by hidden subnet
The management subsystem of subsystem connection.
9. distribution assets information detection system as claimed in any one of claims 1 to 8, which is characterized in that further include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and mentions for data manipulation personnel
Corresponding business operation is carried out for human-computer interaction interface;
Preferably, management end accesses distributed data source, the asynchronous returned data of server, in data receiver by polling mechanism
On, management Platform Requirements carry out poll periodically with an informing mechanism and a monitoring establishment and come from data-interface service mould
The response of block handles service by data receiver and new data is added to response data storage after having new data to return
In file.
10. a kind of distribution assets information detection method, which is characterized in that use as claimed in any one of claims 1 to 8 point
Cloth assets information detection system passes through the fortune of multiple networked asset information collection subsystems in different zones distributed deployment
Row detection is to collect assets information;Preferably, divided as follows using the distributed task dispatching and data process subsystem
Cloth task schedule comprising following steps:
1) when mission dispatching, system detection task size will consume biggish task automatically according to detection node information and divide
For internal small task, and it is put into task queue;
2) internal small task is taken out from task queue, passes to detection module node according to mission dispatching standard interface;
3) business detection module of each operation layer is provided which the task schedule interface of standard, by interface by mission dispatching submodule
Task parameters data are finally transmitted to each operation layer according to interface specification by block, and the correctness of validation task supplemental characteristic
Detection node;
4) when being handed down to the task of detection node and being unable to complete due to detection node server failure or network failure, exception
Reason module continues to execute the issuing the detection node automatically of the task to other nodes;
5) last detection node reports progress according to interface specification, these progresses are summarized storage by progress summarizing module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811341226.2A CN109525427A (en) | 2018-11-12 | 2018-11-12 | Distributed assets information detection method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811341226.2A CN109525427A (en) | 2018-11-12 | 2018-11-12 | Distributed assets information detection method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109525427A true CN109525427A (en) | 2019-03-26 |
Family
ID=65773881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811341226.2A Pending CN109525427A (en) | 2018-11-12 | 2018-11-12 | Distributed assets information detection method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109525427A (en) |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109905492A (en) * | 2019-04-24 | 2019-06-18 | 苏州浪潮智能科技有限公司 | Operation safety management system and method based on distributed modular data center |
CN110162977A (en) * | 2019-04-24 | 2019-08-23 | 北京邮电大学 | A kind of Android vehicle-mounted terminal system leakage location and method |
CN110380925A (en) * | 2019-06-28 | 2019-10-25 | 中国科学院信息工程研究所 | A kind of network equipment detection middle port selection method and system |
CN110661808A (en) * | 2019-09-29 | 2020-01-07 | 国家计算机网络与信息安全管理中心 | Asset detection-based host vulnerability rapid scanning method and device |
CN111010405A (en) * | 2019-12-30 | 2020-04-14 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
CN111130947A (en) * | 2019-12-30 | 2020-05-08 | 成都科来软件有限公司 | Network space mapping method based on service verification |
CN111131429A (en) * | 2019-12-19 | 2020-05-08 | 北京安华金和科技有限公司 | Efficient and accurate database service discovery method |
CN111178760A (en) * | 2019-12-30 | 2020-05-19 | 成都烽创科技有限公司 | Risk monitoring method and device, terminal equipment and computer readable storage medium |
CN111245643A (en) * | 2019-12-31 | 2020-06-05 | 贵州电网有限责任公司 | IT asset monitoring method and system |
CN111586033A (en) * | 2020-03-07 | 2020-08-25 | 浙江齐治科技股份有限公司 | Asset data middle platform of data center |
CN111818024A (en) * | 2020-06-23 | 2020-10-23 | 广州锦行网络科技有限公司 | Network asset information collecting and monitoring system |
CN111865724A (en) * | 2020-07-28 | 2020-10-30 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
CN112003884A (en) * | 2019-05-27 | 2020-11-27 | 北京白帽汇科技有限公司 | Network asset acquisition and natural language retrieval method |
CN112202629A (en) * | 2020-09-11 | 2021-01-08 | 智网安云(武汉)信息技术有限公司 | Network asset monitoring method and network asset monitoring device |
CN112364355A (en) * | 2020-11-12 | 2021-02-12 | 中国石油天然气集团有限公司 | Method for actively discovering distributed self-built system and scanning security vulnerability |
CN112398782A (en) * | 2019-08-15 | 2021-02-23 | 北京国双科技有限公司 | Network asset identification method, device, medium and equipment |
CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
CN112905288A (en) * | 2021-03-08 | 2021-06-04 | 北京华顺信安信息技术有限公司 | Method for hierarchically displaying asset attributes |
CN113067818A (en) * | 2021-03-18 | 2021-07-02 | 中电运行(北京)信息技术有限公司 | Probe distribution method and device based on network asset checking |
CN113810393A (en) * | 2021-09-03 | 2021-12-17 | 杭州安恒信息技术股份有限公司 | Industrial internet vulnerability scanning platform and scanning method |
CN113839833A (en) * | 2021-09-24 | 2021-12-24 | 北京天融信网络安全技术有限公司 | Method and device for identifying silent equipment, computer equipment and storage medium |
CN114025014A (en) * | 2021-10-29 | 2022-02-08 | 北京恒安嘉新安全技术有限公司 | Asset detection method and device, electronic equipment and storage medium |
CN114500024A (en) * | 2022-01-19 | 2022-05-13 | 恒安嘉新(北京)科技股份公司 | Network asset management method, device, equipment and storage medium |
CN114584477A (en) * | 2022-02-10 | 2022-06-03 | 烽台科技(北京)有限公司 | Industrial control asset detection method and device, terminal and storage medium |
CN114584486A (en) * | 2022-02-23 | 2022-06-03 | 滨州东方地毯有限公司 | Distributed network asset scanning detection platform and scanning detection method |
CN114826726A (en) * | 2022-04-22 | 2022-07-29 | 南方电网数字电网研究院有限公司 | Network asset vulnerability detection method and device, computer equipment and storage medium |
CN115296891A (en) * | 2022-08-02 | 2022-11-04 | 中国电子科技集团公司信息科学研究院 | Data detection system and data detection method |
CN115348197A (en) * | 2022-06-10 | 2022-11-15 | 国网思极网安科技(北京)有限公司 | Network asset detection method and device, electronic equipment and storage medium |
CN115412471A (en) * | 2022-07-12 | 2022-11-29 | 广州大学 | Distributed stateless port scanning method |
CN115549945A (en) * | 2022-07-29 | 2022-12-30 | 浪潮卓数大数据产业发展有限公司 | Information system security state scanning system and method based on distributed architecture |
CN115567425A (en) * | 2022-08-22 | 2023-01-03 | 清华大学 | Internet distributed active detection method and system |
CN115695044A (en) * | 2022-11-29 | 2023-02-03 | 贵州电网有限责任公司 | IT asset safety control platform and management method |
CN116318824A (en) * | 2023-01-09 | 2023-06-23 | 广州云峰信息科技有限公司 | Web attack trapping system |
CN117640258A (en) * | 2024-01-25 | 2024-03-01 | 远江盛邦(北京)网络安全科技股份有限公司 | Protection method, device, equipment and storage medium for network asset mapping |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180103054A1 (en) * | 2016-10-10 | 2018-04-12 | BugCrowd, Inc. | Vulnerability Detection in IT Assets by utilizing Crowdsourcing techniques |
CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
-
2018
- 2018-11-12 CN CN201811341226.2A patent/CN109525427A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180103054A1 (en) * | 2016-10-10 | 2018-04-12 | BugCrowd, Inc. | Vulnerability Detection in IT Assets by utilizing Crowdsourcing techniques |
CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
Cited By (53)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162977A (en) * | 2019-04-24 | 2019-08-23 | 北京邮电大学 | A kind of Android vehicle-mounted terminal system leakage location and method |
CN109905492A (en) * | 2019-04-24 | 2019-06-18 | 苏州浪潮智能科技有限公司 | Operation safety management system and method based on distributed modular data center |
CN110162977B (en) * | 2019-04-24 | 2020-12-04 | 北京邮电大学 | Android vehicle-mounted terminal system vulnerability detection system and method |
CN109905492B (en) * | 2019-04-24 | 2020-10-02 | 苏州浪潮智能科技有限公司 | Safety operation management system and method based on distributed modular data center |
CN112003884A (en) * | 2019-05-27 | 2020-11-27 | 北京白帽汇科技有限公司 | Network asset acquisition and natural language retrieval method |
CN112003884B (en) * | 2019-05-27 | 2024-04-16 | 北京白帽汇科技有限公司 | Method for collecting network assets and retrieving natural language |
CN110380925A (en) * | 2019-06-28 | 2019-10-25 | 中国科学院信息工程研究所 | A kind of network equipment detection middle port selection method and system |
CN112398782A (en) * | 2019-08-15 | 2021-02-23 | 北京国双科技有限公司 | Network asset identification method, device, medium and equipment |
CN110661808A (en) * | 2019-09-29 | 2020-01-07 | 国家计算机网络与信息安全管理中心 | Asset detection-based host vulnerability rapid scanning method and device |
CN111131429B (en) * | 2019-12-19 | 2022-03-08 | 北京安华金和科技有限公司 | Efficient and accurate database service discovery method |
CN111131429A (en) * | 2019-12-19 | 2020-05-08 | 北京安华金和科技有限公司 | Efficient and accurate database service discovery method |
CN111178760A (en) * | 2019-12-30 | 2020-05-19 | 成都烽创科技有限公司 | Risk monitoring method and device, terminal equipment and computer readable storage medium |
CN111130947A (en) * | 2019-12-30 | 2020-05-08 | 成都科来软件有限公司 | Network space mapping method based on service verification |
CN111010405A (en) * | 2019-12-30 | 2020-04-14 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
CN111130947B (en) * | 2019-12-30 | 2021-11-30 | 成都科来网络技术有限公司 | Network space mapping method based on service verification |
CN111010405B (en) * | 2019-12-30 | 2021-10-22 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
CN111245643A (en) * | 2019-12-31 | 2020-06-05 | 贵州电网有限责任公司 | IT asset monitoring method and system |
CN111586033A (en) * | 2020-03-07 | 2020-08-25 | 浙江齐治科技股份有限公司 | Asset data middle platform of data center |
CN111818024A (en) * | 2020-06-23 | 2020-10-23 | 广州锦行网络科技有限公司 | Network asset information collecting and monitoring system |
CN111865724A (en) * | 2020-07-28 | 2020-10-30 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
CN112202629A (en) * | 2020-09-11 | 2021-01-08 | 智网安云(武汉)信息技术有限公司 | Network asset monitoring method and network asset monitoring device |
CN112202629B (en) * | 2020-09-11 | 2023-08-25 | 智网安云(武汉)信息技术有限公司 | Network asset monitoring method and network asset monitoring device |
CN112364355B (en) * | 2020-11-12 | 2024-03-29 | 中国石油天然气集团有限公司 | Method for actively discovering distributed self-built system and scanning security holes |
CN112364355A (en) * | 2020-11-12 | 2021-02-12 | 中国石油天然气集团有限公司 | Method for actively discovering distributed self-built system and scanning security vulnerability |
CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
CN112905288A (en) * | 2021-03-08 | 2021-06-04 | 北京华顺信安信息技术有限公司 | Method for hierarchically displaying asset attributes |
CN113067818A (en) * | 2021-03-18 | 2021-07-02 | 中电运行(北京)信息技术有限公司 | Probe distribution method and device based on network asset checking |
CN113067818B (en) * | 2021-03-18 | 2022-07-01 | 中电运行(北京)信息技术有限公司 | Probe distribution method and device based on network asset checking |
CN113810393A (en) * | 2021-09-03 | 2021-12-17 | 杭州安恒信息技术股份有限公司 | Industrial internet vulnerability scanning platform and scanning method |
CN113839833A (en) * | 2021-09-24 | 2021-12-24 | 北京天融信网络安全技术有限公司 | Method and device for identifying silent equipment, computer equipment and storage medium |
CN113839833B (en) * | 2021-09-24 | 2023-12-05 | 北京天融信网络安全技术有限公司 | Identification method and device of silent equipment, computer equipment and storage medium |
CN114025014A (en) * | 2021-10-29 | 2022-02-08 | 北京恒安嘉新安全技术有限公司 | Asset detection method and device, electronic equipment and storage medium |
CN114025014B (en) * | 2021-10-29 | 2024-01-30 | 北京恒安嘉新安全技术有限公司 | Asset detection method and device, electronic equipment and storage medium |
CN114500024A (en) * | 2022-01-19 | 2022-05-13 | 恒安嘉新(北京)科技股份公司 | Network asset management method, device, equipment and storage medium |
CN114500024B (en) * | 2022-01-19 | 2024-03-22 | 恒安嘉新(北京)科技股份公司 | Network asset management method, device, equipment and storage medium |
CN114584477B (en) * | 2022-02-10 | 2023-06-27 | 烽台科技(北京)有限公司 | Industrial control asset detection method, device, terminal and storage medium |
CN114584477A (en) * | 2022-02-10 | 2022-06-03 | 烽台科技(北京)有限公司 | Industrial control asset detection method and device, terminal and storage medium |
CN114584486A (en) * | 2022-02-23 | 2022-06-03 | 滨州东方地毯有限公司 | Distributed network asset scanning detection platform and scanning detection method |
CN114584486B (en) * | 2022-02-23 | 2023-09-29 | 滨州东方地毯有限公司 | Distributed network asset scanning detection platform and scanning detection method |
CN114826726B (en) * | 2022-04-22 | 2024-02-23 | 南方电网数字电网研究院有限公司 | Network asset vulnerability detection method, device, computer equipment and storage medium |
CN114826726A (en) * | 2022-04-22 | 2022-07-29 | 南方电网数字电网研究院有限公司 | Network asset vulnerability detection method and device, computer equipment and storage medium |
CN115348197B (en) * | 2022-06-10 | 2023-07-21 | 国网思极网安科技(北京)有限公司 | Network asset detection method and device, electronic equipment and storage medium |
CN115348197A (en) * | 2022-06-10 | 2022-11-15 | 国网思极网安科技(北京)有限公司 | Network asset detection method and device, electronic equipment and storage medium |
CN115412471A (en) * | 2022-07-12 | 2022-11-29 | 广州大学 | Distributed stateless port scanning method |
CN115549945A (en) * | 2022-07-29 | 2022-12-30 | 浪潮卓数大数据产业发展有限公司 | Information system security state scanning system and method based on distributed architecture |
CN115549945B (en) * | 2022-07-29 | 2023-10-31 | 浪潮卓数大数据产业发展有限公司 | Information system security state scanning system and method based on distributed architecture |
CN115296891B (en) * | 2022-08-02 | 2023-12-22 | 中国电子科技集团公司信息科学研究院 | Data detection system and data detection method |
CN115296891A (en) * | 2022-08-02 | 2022-11-04 | 中国电子科技集团公司信息科学研究院 | Data detection system and data detection method |
CN115567425A (en) * | 2022-08-22 | 2023-01-03 | 清华大学 | Internet distributed active detection method and system |
CN115695044A (en) * | 2022-11-29 | 2023-02-03 | 贵州电网有限责任公司 | IT asset safety control platform and management method |
CN116318824A (en) * | 2023-01-09 | 2023-06-23 | 广州云峰信息科技有限公司 | Web attack trapping system |
CN117640258A (en) * | 2024-01-25 | 2024-03-01 | 远江盛邦(北京)网络安全科技股份有限公司 | Protection method, device, equipment and storage medium for network asset mapping |
CN117640258B (en) * | 2024-01-25 | 2024-04-26 | 远江盛邦(北京)网络安全科技股份有限公司 | Protection method, device, equipment and storage medium for network asset mapping |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109525427A (en) | Distributed assets information detection method and system | |
CN109327461A (en) | Distributed asset identification and change cognitive method and system | |
CN108769064A (en) | Realize the distributed asset identification and change cognitive method and system that loophole is administered | |
CN108712396A (en) | Networked asset management and loophole governing system | |
CN108183895B (en) | Network asset information acquisition system | |
CN108011893A (en) | A kind of asset management system based on networked asset information gathering | |
CN110324310A (en) | Networked asset fingerprint identification method, system and equipment | |
Debar et al. | Aggregation and correlation of intrusion-detection alerts | |
US6704874B1 (en) | Network-based alert management | |
US8108930B2 (en) | Secure self-organizing and self-provisioning anomalous event detection systems | |
US7171689B2 (en) | System and method for tracking and filtering alerts in an enterprise and generating alert indications for analysis | |
CN104509034B (en) | Pattern merges to identify malicious act | |
Haddadi et al. | Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification | |
CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
Burbeck et al. | Adwice–anomaly detection with real-time incremental clustering | |
US20100162350A1 (en) | Security system of managing irc and http botnets, and method therefor | |
CN113691566B (en) | Mail server secret stealing detection method based on space mapping and network flow statistics | |
CN108900527A (en) | A kind of security configuration check system | |
CN112887268B (en) | Network security guarantee method and system based on comprehensive detection and identification | |
CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
CN108600260A (en) | A kind of industry Internet of Things security configuration check method | |
CN102906756A (en) | Security threat detection associated with security events and actor category model | |
CN114611576A (en) | Accurate identification technology for terminal equipment in power grid | |
CN114978614A (en) | IP asset rapid scanning processing system | |
KR102314557B1 (en) | System for managing security control and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190326 |