CN109660401A - A kind of distributed network assets detection method - Google Patents

A kind of distributed network assets detection method Download PDF

Info

Publication number
CN109660401A
CN109660401A CN201811591364.6A CN201811591364A CN109660401A CN 109660401 A CN109660401 A CN 109660401A CN 201811591364 A CN201811591364 A CN 201811591364A CN 109660401 A CN109660401 A CN 109660401A
Authority
CN
China
Prior art keywords
detection
target
probe node
probe
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811591364.6A
Other languages
Chinese (zh)
Inventor
段梦军
刘方
张江
徐锐
饶志宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN201811591364.6A priority Critical patent/CN109660401A/en
Publication of CN109660401A publication Critical patent/CN109660401A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/18Multiprotocol handlers, e.g. single devices capable of handling multiple protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Environmental & Geological Engineering (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of distributed network assets detection method, include the following steps: 1) to dispose multiple probe nodes for having assets detecting function;2) according to IP location information, IP address is divided into multiple detection Target IP lists;3) probe node selection strategy model is constructed, and selects reasonable probe node for each Target IP list;4) Target IP list is carried out in each probe node enlivening the detection of host viability;5) open port detection is carried out to survival Target IP;6) probe messages are sent to survival Target IP open port, and obtains networked asset information by comparing fingerprint base.This method uses probe node optimum choice strategy by constructing the probe node of multiple and different countries and regions, selects the probe node for being most suitable for Target IP list, significantly improves the accuracy of the detection efficient and detection result of networked asset.

Description

A kind of distributed network assets detection method
Technical field
The present invention relates to technical field of network management, and in particular to a kind of distributed network assets detection method.
Background technique
Sharp increase with the continuous development and user of network to Web vector graphic demand, network size constantly expand Greatly, and tend to complicate, more and more terminal devices have been added in cyberspace, such as intelligent mobile mobile phone, printing The equipment such as machine, IP Camera, digital media device.It is detected by cyberspace assets, can find potentially to pacify in time Full blast danger, avoids being attacked by unprincipled fellow.Therefore asset of equipments identification has network security assessment and threat early warning important Meaning.Cyberspace has become the important place of national economy and social life, and network technology has become investigation and measures country The important indicator of core technology, network security have become the important composition of national security.Networked asset detection is understanding, research network The foundation in network space, research networked asset detection facilitate Strengthens network security incident emergency command capacity building.
Existing global network Detection Techniques have the following disadvantages:
(1) existing cyberspace assets detection method, Distributed probing building is using multiple detections single with area Node, and without using probe node selection strategy, the optimization choosing of different regions and probe node self attributes is not considered Strategy is selected, causes detection efficient lower, Effect on Detecting is bad;
(2) existing cyberspace assets detection method can only go out manufacturer, the type of cyberspace assets by protocol identification Number etc. essential informations, judgement cannot be combined by other methods, not to detection result carry out accuracy validation, the network equipment Banner information inaccuracy, confidence level be not high.
Summary of the invention
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides a kind of multiple probe nodes of building, building detection Node selection strategy and the distributed network assets detection method that assets detection result is verified in conjunction with crawler technology.
The technical solution adopted by the present invention to solve the technical problems is: a kind of distributed network assets detection method, packet Include following steps:
1) multiple probe nodes for having assets detecting function are disposed;
2) according to IP location information, IP address is divided into multiple detection Target IP lists;
3) probe node selection strategy model is constructed, and selects reasonable probe node for each Target IP list;
4) Target IP list is carried out in each probe node enlivening the detection of host viability;
5) open port detection is carried out to survival Target IP;
6) probe messages are sent to survival Target IP open port, and obtains networked asset information by comparing fingerprint base.
In above-mentioned technical proposal, by constructing the probe node of multiple and different countries and regions, and it is excellent using probe node Change selection strategy, selects the probe node for being most suitable for Target IP list, significantly improve the detection efficient and detection of networked asset As a result accuracy.Wherein, the networked asset information includes service, operating system, device manufacturer, device type, equipment type Number etc. information.
Further, above-mentioned distributed network assets detection method further includes verification step:
In conjunction with crawler technology, assets detection result is verified using picture and text identification mode.This method is for the first time It realizes the distributed network assets quick detection function based on port detection and web crawlers, detection hit rate and standard is substantially improved True rate provides basic guarantee for network security.
Preferably, the method for probe node selection strategy model is constructed in step 3) are as follows:
Using the detection result of existing different probe nodes as sample, each probe node of Logistic analysis of regression model is utilized Influence of the attribute feature to detection result constructs probe node selection strategy model.
Probe node is divided into according to detection result situation and is suitable as probe node and is not suitable as probe node two Kind classification, and using judging result as dependent variable, there is significant statistics to anticipate detection result influence with what probe node itself had Justice factor (probe node attribute feature, such as: detection time delay, node tasks number, network bandwidth) be used as variable, utilize Logistic analysis of regression model simultaneously constructs probe node selection strategy model, and passes through the probe node selection strategy model, Probe node the most suitable is selected for different Target IP lists.
Preferably, in step 3) it is foundation that each Target IP list selects reasonable probe node are as follows:
Network delay, network bandwidth, detection risk, probe node resource utilization and detection Target IP location information At least one of relationship between probe node.Usually comprehensively consider IP location information, network detection node bandwidth, detection The factors such as node resource utilization power select reasonable probe node for each Target IP list and carry out task distribution.
Preferably, the prospecting tools of each probe node are C/S framework, and client and server end is all made of SSL association View;
The server end distributes detection mission according to probe node selection strategy, and the client executing detects accordingly Detection result is simultaneously returned to server end by task, and the client can be deployed in any position for having linking Internet condition It sets.
Preferably, the probe node is constructed using Virtual Private Server.To realize the resource detection that globalizes, use VPS (Virtual Private Server Virtual Private Server) constructs probe node.Compared with traditional fictitious host computer, VPS server is not due to being the situation for sharing the same host hardware resource using a large amount of fictitious host computers, in bandwidth, speed Degree, website and safety etc. all have more apparent advantage, and can according to need flexible configuration, and supporting to realize has The long-range management of effect.
Preferably, step 4) is based on ICMP, TCP, Stream Control Transmission Protocol detects destination host viability.What multi-protocols combined sweeps Retouch technology, detection efficient can be improved, be able to achieve the more cyberspace assets of detection, can extensive quick detection it is entirely mutual Networking space assets.
Preferably, the method for open port detection being carried out to survival IP in step 5) are as follows:
SYN message is sent in all of the port of each probe node to corresponding survival Target IP, if port can receive The ACK message of survival Target IP, illustrates the open-ended, and the survival Target IP and survival port are stored in database.
Preferably, in step 6), according to different application layer protocol or serviced component, different data packets is sent to obtain The response Banner data for taking target device, according to of the device-fingerprint in the feature field and fingerprint base in Banner data Equipment identification is completed with result.By depth scan, can complete to include mainly service, operating system, device manufacturer, equipment The detection of the information such as type, device model.
Preferably, in assets detection result, 80 port TCP is web services port, and TCP8080 is to provide web services generation The port of reason, the port TCP443 are HTTPS serve port, choose http, https agreement of the ports such as open 80,443,8080 Data, which carry out crawling the modes such as Web page picture and text identification, further verifies detection result.
By adopting the above technical scheme, the present invention has following good effect:
1, this method carries out the detection of global network assets using Distributed probing method, and constructs multiple and different countries and regions Probe node the accuracy of detection efficient and detection result is improved using probe node optimum choice strategy.
2, detection effect can be improved in the scanning technique that this method is combined using multi-protocols such as ICMP, TCP, SCTP, UDP Rate is able to achieve the more cyberspace assets of detection, being capable of the entire the Internet space assets of extensive quick detection.
3, this method is combined with crawler technology, is carried out using modes such as picture and text identifications to detection result further Detection hit rate and accuracy rate can be substantially improved to obtain more accurate global network assets information in verifying.
Detailed description of the invention
Examples of the present invention will be described by way of reference to the accompanying drawings, in which:
Fig. 1 is distributed network assets detection method flow chart of the present invention.
Specific embodiment
For the prior art in the detection building of distributed network assets, probe node selection strategy is not used, is not examined The optimum choice strategy that worry different regions and probe node self attributes influence detection result, causes detection efficient lower, Effect on Detecting is bad;And by protocol identification, accuracy validation is not carried out to detection result, detection result detects accuracy rate Problem the present invention provides a kind of multiple probe nodes of building, building probe node selection strategy and combines crawler technology to money Produce the distributed network assets detection method that detection result is verified.The detection method is carried out complete using Distributed probing method The detection of ball networked asset, and the probe node of multiple and different countries and regions is constructed, using probe node optimum choice strategy, improve The accuracy of detection efficient and detection result;Using the scanning technique that the multi-protocols such as ICMP, TCP, SCTP, UDP combine, Detection efficient can be improved, and be able to achieve the more cyberspace assets of detection, can quickly detect entire internet on a large scale Space assets;In conjunction with crawler technology, detection result is further verified using modes such as picture and text identifications, is obtained complete Net network assets information can improve detection hit rate and accuracy rate to greatest extent.The flow chart of the method such as Fig. 1 institute Show.
Basic skills of the invention includes the following steps:
1) multiple probe nodes for having assets detecting function are disposed;
2) according to IP location information, IP address is divided into multiple detection Target IP lists;
3) probe node selection strategy model is constructed, and selects reasonable probe node for each Target IP list;
4) Target IP list is carried out in each probe node enlivening the detection of host viability;
5) open port detection is carried out to survival Target IP;
6) probe messages are sent to survival Target IP open port, and obtains networked asset information by comparing fingerprint base.
Multiple probe nodes for having assets detecting function are disposed in global network space first;Based in global range points The IP address matched is divided into multiple detection Target IP lists according to IP location information, comprehensively considers IP location information, network detection Node bandwidth and the available node efficiency for calculating power construct probe node selection strategy model using Logistic regression model, and Reasonable probe node is selected to carry out task distribution for each Target IP list;ICMP ECHO/ is used in each probe node TIMESTAMP/NETMASK message, TCPSYN/ACK packet, SCTP INIT/COOKIE-ECHO packet voice to Target IP list into Row enlivens the detection of host viability;Then port detection is carried out to survival IP, detects all IP open port situations;And to institute Have IP open port send probe messages, by compare fingerprint base obtain service, operating system, device manufacturer, device type, The information such as device model;Crawler technology is finally combined, the modes such as picture and text identification further verify detection result, Obtain global network assets information.The present invention can improve detection efficient, detection hit rate and accuracy rate to greatest extent.For the first time It realizes based on the distributed network assets quick detection function of port detection and web crawlers, provides basic guarantor for network security Barrier.
Embodiment
A kind of distributed network assets detection method, includes the following steps:
1) multiple probe nodes for having networked asset detecting function are disposed in global network space.Prospecting tools are the whole world Assets distributed detection system is constructed using C/S framework, and client, server end communication mechanism are using reliable SSL (association View);Server end is responsible for distributing detection mission according to probe node selection strategy, and client is responsible for executing corresponding detection times Business, and detection result is returned into server end, client can be deployed in any position for having linking Internet condition.For It realizes globalization resource detection, probe node is constructed using VPS (Virtual Private Server Virtual Private Server). Compared with traditional fictitious host computer, VPS server is not due to being to share the same host hardware resource using a large amount of fictitious host computers Situation, therefore bandwidth, speed, website and in terms of all there is more apparent advantage, and can be according to need Flexible configuration is wanted, supports to realize effective long-range management.
2) geography information of detection Target IP is obtained according to open source data set, and will be global according to the geography information of Target IP IP sections are divided into multiple detection Target IP lists.
3) it using the detection result of existing different probe nodes as sample, is first analyzed respectively using Logistic regression model Influence of a probe node attribute feature for detection result, establishes probe node selection strategy model.Target IP list root again According to probe node network bandwidth, reasonable exploration policy can be formulated, control node passes through RPC with power and network delay is calculated (Remote Procedure Call, remote procedure call) is communicated with probe node, and reliable mission dispatching may be implemented, disappear Breath transmitting and abnormality processing, and comprehensively consider the bandwidth of existing network node and the case propagation delays to destination node, it reasonably selects It is suitble to the probe node of each Target IP list and carries out distributed task scheduling distribution.In the selection of probe node, general synthesis is examined The conditions such as the relationship between time delay, detection risk, node resource utilization power, detection Target IP and probe node are considered, to select It is suitble to the probe node of detection target.
The construction method of probe node selection strategy model is as follows:
Probe node is divided into according to detection result situation of the probe node to Target IP list and is suitable as probe node Be not suitable as two classification of probe node, and (be suitable as probe node assignment 0 by dependent variable of judging result, be not suitable for It is assigned a value of 1) as probe node, the factor being statistically significant is influenced on detection result with what probe node itself had (probe node attribute feature, such as detection time delay, node tasks number, network bandwidth) is used as variable.In a=0.05, p=0.10 Under establish multifactor binary Logistic regression model, by Logistic stepwise regression analysis obtain selection probe node itself What is had influences the principal element being statistically significant to detection result, tests to model, in the significant water in P < 0.05 Flat Regression equation is significant, and following table is that model mainly studies factor and assignment.
Factor Assignment
Probe node resource Node tasks number
Network bandwidth Netowrk tape width values (unit million)
Network delay Time delay (unit is the second)
Dependent variable It is suitable as probe node=0, is not suitable as probe node=1
Analysis of Policy Making index is detected by choosing, and uses existing detection result data, returns mould using Logistic Type obtains being suitable for probe node selection strategy model.It can be by the probe node selection strategy model, for different spies Survey the most appropriate probe node of target selection.
4) based on ICMP, TCP, Stream Control Transmission Protocol detect destination host viability, according to well known port rank order, successively into The common 100 port viability detection of row.It for the efficiency for improving detection, is detected using asynchronous port viability, records Target IP The detection result of port survival condition.Based on each network detection node, corresponding detection Target IP list is calculated using random Method upsets IP sequence in list, sends ICMP ECHO/TIMESTAMP/NETMASK message, transmission to target in each probe node TCPSYN/ACK packet sends SCTP INIT/COOKIE-ECHO packet voice and carries out enlivening host viability to Target IP list and sweeps It retouches, probe messages quickly scan the host survived in network, and record;
5) step 4) is repeated until having detected all IP;
6) using the detection result of step 5) as survival IP collection, in each probe node respectively to all targets of the set The all of the port of IP sends SYN message and illustrates the open-ended if port can receive the ACK message of Target IP, then should IP and its survival port are stored in database;
7) step 6) is repeated until having detected all survival IP and having commonly used 100 ports;
8) entering the depth scan stage, depth scan mainly includes service, operating system, device manufacturer, device type, if The detections such as standby model, the IP and open-ended data obtain to step 7) send detection report for certain port of destination host Text analyzes back message, and obtains agreement corresponding to the port from software fingerprinting library, then to the port of the destination host It sends the data packet for meeting corresponding protocol format, operating system identification, send assets probe messages, detection obtains device type; When detecting operating system, using ICP/IP protocol stack fingerprint technique, obtained by sending a series of special network detection packets The ICP/IP protocol stack feature of destination OS is taken, the fingerprint in its feature and operation system fingerprint library matches simultaneously later It obtains a result.According to different application layer protocol or serviced component, different data packets is sent to obtain the response of target device Banner data complete equipment knowledge according to the matching result of the device-fingerprint in the feature field and fingerprint base in Banner Not.
9) IP and open-ended data obtained for step 8), 80 port TCP are web services port, and TCP8080 is The port of web service proxy is provided, the port TCP443 is HTTPS serve port, chooses the ports such as open 80,443,8080 Http, https protocol data, which carry out crawling the modes such as Web page picture and text identification, further verifies detection result.

Claims (10)

1. a kind of distributed network assets detection method, which comprises the steps of:
1) multiple probe nodes for having assets detecting function are disposed;
2) according to IP location information, IP address is divided into multiple detection Target IP lists;
3) probe node selection strategy model is constructed, and selects reasonable probe node for each Target IP list;
4) Target IP list is carried out in each probe node enlivening the detection of host viability;
5) open port detection is carried out to survival Target IP;
6) probe messages are sent to survival Target IP open port, and obtains networked asset information by comparing fingerprint base.
2. distributed network assets detection method as described in claim 1, which is characterized in that further include verification step:
In conjunction with crawler technology, assets detection result is verified using picture and text identification mode.
3. distributed network assets detection method as described in claim 1, which is characterized in that construct probe node in step 3) The method of selection strategy model are as follows:
Using the detection result of existing different probe nodes as sample, each probe node attribute of Logistic analysis of regression model is utilized Influence of the feature to detection result constructs probe node selection strategy model.
4. distributed network assets detection method as claimed in claim 3, which is characterized in that be each Target IP column in step 3) Table selects the foundation of reasonable probe node are as follows:
Network delay, network bandwidth, detection risk, probe node resource utilization and detection Target IP location information and spy Survey at least one of the relationship between node.
5. distributed network assets detection method as described in claim 1, which is characterized in that the detection of each probe node Tool is C/S framework, and client and server end is all made of ssl protocol;
The server end distributes detection mission, the corresponding detection mission of client executing according to probe node selection strategy And detection result is returned into server end, the client can be deployed in any position for having linking Internet condition.
6. distributed network assets detection method as described in claim 1, which is characterized in that use Virtual Private Server structure Build the probe node.
7. distributed network assets detection method as described in claim 1, which is characterized in that step 4) be based on ICMP, TCP, Stream Control Transmission Protocol detects destination host viability.
8. distributed network assets detection method as described in claim 1, which is characterized in that carried out in step 5) to survival IP The method of open port detection are as follows:
SYN message is sent in all of the port of each probe node to corresponding survival Target IP, if port can receive survival The ACK message of Target IP, illustrates the open-ended, and the survival Target IP and survival port are stored in database.
9. distributed network assets detection method as described in claim 1, which is characterized in that in step 6), according to different Application layer protocol or serviced component, send different data packets to obtain the response Banner data of target device, according to The matching result of the device-fingerprint in feature field and fingerprint base in Banner data identifies to complete equipment.
10. distributed network assets detection method as claimed in claim 2, which is characterized in that in assets detection result, TCP 80 ports are web services port, and TCP8080 is to provide the port of web service proxy, and the port TCP443 is HTTPS serve port, Http, https protocol data for choosing open 80,443,8080 ports carry out crawling the modes pair such as Web page picture and text identification Detection result is further verified.
CN201811591364.6A 2018-12-20 2018-12-20 A kind of distributed network assets detection method Pending CN109660401A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811591364.6A CN109660401A (en) 2018-12-20 2018-12-20 A kind of distributed network assets detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811591364.6A CN109660401A (en) 2018-12-20 2018-12-20 A kind of distributed network assets detection method

Publications (1)

Publication Number Publication Date
CN109660401A true CN109660401A (en) 2019-04-19

Family

ID=66116209

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811591364.6A Pending CN109660401A (en) 2018-12-20 2018-12-20 A kind of distributed network assets detection method

Country Status (1)

Country Link
CN (1) CN109660401A (en)

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131320A (en) * 2019-12-31 2020-05-08 奇安信科技集团股份有限公司 Asset identification method, device, system, medium, and program product
CN111756598A (en) * 2020-06-23 2020-10-09 北京凌云信安科技有限公司 Asset discovery method based on combination of active detection and flow analysis
CN111786857A (en) * 2020-07-03 2020-10-16 国网湖北省电力有限公司 Network asset active detection method and system based on distribution
CN111835596A (en) * 2020-07-21 2020-10-27 北京长亭未来科技有限公司 Target state detection method and device and electronic equipment
CN111885220A (en) * 2020-07-30 2020-11-03 哈尔滨工业大学(威海) Active acquisition and verification method for target unit IP assets
CN112003884A (en) * 2019-05-27 2020-11-27 北京白帽汇科技有限公司 Network asset acquisition and natural language retrieval method
CN112398782A (en) * 2019-08-15 2021-02-23 北京国双科技有限公司 Network asset identification method, device, medium and equipment
CN112671887A (en) * 2020-12-21 2021-04-16 哈尔滨工大天创电子有限公司 Asset identification method and device, electronic equipment and computer storage medium
CN112769635A (en) * 2020-12-10 2021-05-07 青岛海洋科学与技术国家实验室发展中心 Service identification method and device for multi-granularity feature analysis
CN112787875A (en) * 2019-11-06 2021-05-11 杭州海康威视数字技术股份有限公司 Equipment identification method, device and equipment, and storage medium
CN113114519A (en) * 2020-01-09 2021-07-13 厦门网宿有限公司 Network quality detection method and device
CN113259197A (en) * 2021-05-13 2021-08-13 北京天融信网络安全技术有限公司 Asset detection method and device and electronic equipment
CN113300915A (en) * 2021-07-21 2021-08-24 杭州安恒信息技术股份有限公司 Device identification method, system, electronic apparatus, and storage medium
CN113347319A (en) * 2021-08-05 2021-09-03 杭州海康威视数字技术股份有限公司 Self-adaptive asset scanning method and device
CN113378172A (en) * 2020-02-25 2021-09-10 奇安信科技集团股份有限公司 Method, apparatus, computer system, and medium for identifying sensitive web pages
CN113472813A (en) * 2021-09-02 2021-10-01 浙江齐安信息科技有限公司 Security asset identification method and system
CN113660134A (en) * 2021-07-27 2021-11-16 杭州安恒信息技术股份有限公司 Port detection method, device, electronic device and storage medium
CN113708984A (en) * 2020-05-20 2021-11-26 中国移动通信集团浙江有限公司 Network quality detection method and device, computing equipment and computer storage medium
CN113765922A (en) * 2021-09-08 2021-12-07 福建天晴数码有限公司 System for risk control is carried out in reverse detection
CN114500346A (en) * 2022-04-08 2022-05-13 北京华顺信安科技有限公司 Network space mapping method and device
CN114584477A (en) * 2022-02-10 2022-06-03 烽台科技(北京)有限公司 Industrial control asset detection method and device, terminal and storage medium
CN114598504A (en) * 2022-02-21 2022-06-07 烽台科技(北京)有限公司 Risk assessment method and device, electronic equipment and readable storage medium
CN114793204A (en) * 2022-06-27 2022-07-26 山东林天信息科技有限责任公司 Network asset detection method
CN115348197A (en) * 2022-06-10 2022-11-15 国网思极网安科技(北京)有限公司 Network asset detection method and device, electronic equipment and storage medium
CN115412471A (en) * 2022-07-12 2022-11-29 广州大学 Distributed stateless port scanning method
CN115442259A (en) * 2022-08-30 2022-12-06 奇安信网神信息技术(北京)股份有限公司 System identification method and device
CN115567425A (en) * 2022-08-22 2023-01-03 清华大学 Internet distributed active detection method and system
CN115604160A (en) * 2021-07-09 2023-01-13 腾讯科技(深圳)有限公司(Cn) Network detection processing method and device, electronic equipment and storage medium
CN115794780A (en) * 2023-02-15 2023-03-14 远江盛邦(北京)网络安全科技股份有限公司 Method and device for collecting network space assets, electronic equipment and storage medium
CN116471130A (en) * 2023-06-20 2023-07-21 荣耀终端有限公司 Network asset detection method and device
CN116546009A (en) * 2023-07-06 2023-08-04 北京华云安信息技术有限公司 Asset discovery method, device, electronic equipment and storage medium
CN116915451A (en) * 2023-06-30 2023-10-20 上海螣龙科技有限公司 Network asset scanning system and method based on custom strategy

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030200294A1 (en) * 2002-04-18 2003-10-23 Thorpe John Robert Apparatus and method to automatically collect data regarding assets of a business entity
CN106888194A (en) * 2015-12-16 2017-06-23 国家电网公司 Intelligent grid IT assets security monitoring systems based on distributed scheduling
CN108769064A (en) * 2018-06-26 2018-11-06 广东电网有限责任公司信息中心 Realize the distributed asset identification and change cognitive method and system that loophole is administered

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030200294A1 (en) * 2002-04-18 2003-10-23 Thorpe John Robert Apparatus and method to automatically collect data regarding assets of a business entity
CN106888194A (en) * 2015-12-16 2017-06-23 国家电网公司 Intelligent grid IT assets security monitoring systems based on distributed scheduling
CN108769064A (en) * 2018-06-26 2018-11-06 广东电网有限责任公司信息中心 Realize the distributed asset identification and change cognitive method and system that loophole is administered

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张江等: "基于 ICMP、UDP、TCP 协议的分布式 IP 级拓扑探测方法", 《通信技术》 *
李富合: "网络设备识别系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112003884B (en) * 2019-05-27 2024-04-16 北京白帽汇科技有限公司 Method for collecting network assets and retrieving natural language
CN112003884A (en) * 2019-05-27 2020-11-27 北京白帽汇科技有限公司 Network asset acquisition and natural language retrieval method
CN112398782A (en) * 2019-08-15 2021-02-23 北京国双科技有限公司 Network asset identification method, device, medium and equipment
CN112787875A (en) * 2019-11-06 2021-05-11 杭州海康威视数字技术股份有限公司 Equipment identification method, device and equipment, and storage medium
CN112787875B (en) * 2019-11-06 2022-03-01 杭州海康威视数字技术股份有限公司 Equipment identification method, device and equipment, and storage medium
CN111131320A (en) * 2019-12-31 2020-05-08 奇安信科技集团股份有限公司 Asset identification method, device, system, medium, and program product
CN111131320B (en) * 2019-12-31 2022-06-14 奇安信科技集团股份有限公司 Asset identification method, device, system and medium
CN113114519A (en) * 2020-01-09 2021-07-13 厦门网宿有限公司 Network quality detection method and device
CN113378172A (en) * 2020-02-25 2021-09-10 奇安信科技集团股份有限公司 Method, apparatus, computer system, and medium for identifying sensitive web pages
CN113378172B (en) * 2020-02-25 2023-12-29 奇安信科技集团股份有限公司 Method, apparatus, computer system and medium for identifying sensitive web pages
CN113708984A (en) * 2020-05-20 2021-11-26 中国移动通信集团浙江有限公司 Network quality detection method and device, computing equipment and computer storage medium
CN113708984B (en) * 2020-05-20 2023-10-27 中国移动通信集团浙江有限公司 Network quality detection method, device, computing equipment and computer storage medium
CN111756598A (en) * 2020-06-23 2020-10-09 北京凌云信安科技有限公司 Asset discovery method based on combination of active detection and flow analysis
CN111786857B (en) * 2020-07-03 2022-08-05 国网湖北省电力有限公司 Network asset active detection method and system based on distribution
CN111786857A (en) * 2020-07-03 2020-10-16 国网湖北省电力有限公司 Network asset active detection method and system based on distribution
CN111835596A (en) * 2020-07-21 2020-10-27 北京长亭未来科技有限公司 Target state detection method and device and electronic equipment
CN111835596B (en) * 2020-07-21 2022-03-18 北京长亭未来科技有限公司 Target state detection method and device and electronic equipment
CN111885220A (en) * 2020-07-30 2020-11-03 哈尔滨工业大学(威海) Active acquisition and verification method for target unit IP assets
CN111885220B (en) * 2020-07-30 2023-04-07 哈尔滨工业大学(威海) Active acquisition and verification method for target unit IP assets
CN112769635A (en) * 2020-12-10 2021-05-07 青岛海洋科学与技术国家实验室发展中心 Service identification method and device for multi-granularity feature analysis
CN112671887A (en) * 2020-12-21 2021-04-16 哈尔滨工大天创电子有限公司 Asset identification method and device, electronic equipment and computer storage medium
CN112671887B (en) * 2020-12-21 2023-03-03 哈尔滨工大天创电子有限公司 Asset identification method and device, electronic equipment and computer storage medium
CN113259197A (en) * 2021-05-13 2021-08-13 北京天融信网络安全技术有限公司 Asset detection method and device and electronic equipment
CN115604160A (en) * 2021-07-09 2023-01-13 腾讯科技(深圳)有限公司(Cn) Network detection processing method and device, electronic equipment and storage medium
CN113300915A (en) * 2021-07-21 2021-08-24 杭州安恒信息技术股份有限公司 Device identification method, system, electronic apparatus, and storage medium
CN113660134A (en) * 2021-07-27 2021-11-16 杭州安恒信息技术股份有限公司 Port detection method, device, electronic device and storage medium
CN113660134B (en) * 2021-07-27 2024-03-19 杭州安恒信息技术股份有限公司 Port detection method, device, electronic device and storage medium
CN113347319A (en) * 2021-08-05 2021-09-03 杭州海康威视数字技术股份有限公司 Self-adaptive asset scanning method and device
CN113472813A (en) * 2021-09-02 2021-10-01 浙江齐安信息科技有限公司 Security asset identification method and system
CN113765922A (en) * 2021-09-08 2021-12-07 福建天晴数码有限公司 System for risk control is carried out in reverse detection
CN113765922B (en) * 2021-09-08 2023-03-14 福建天晴数码有限公司 System for risk control is carried out in reverse detection
CN114584477B (en) * 2022-02-10 2023-06-27 烽台科技(北京)有限公司 Industrial control asset detection method, device, terminal and storage medium
CN114584477A (en) * 2022-02-10 2022-06-03 烽台科技(北京)有限公司 Industrial control asset detection method and device, terminal and storage medium
CN114598504A (en) * 2022-02-21 2022-06-07 烽台科技(北京)有限公司 Risk assessment method and device, electronic equipment and readable storage medium
CN114598504B (en) * 2022-02-21 2023-11-03 烽台科技(北京)有限公司 Risk assessment method and device, electronic equipment and readable storage medium
CN114500346B (en) * 2022-04-08 2022-08-02 北京华顺信安科技有限公司 Network space mapping method and device
CN114500346A (en) * 2022-04-08 2022-05-13 北京华顺信安科技有限公司 Network space mapping method and device
CN115348197A (en) * 2022-06-10 2022-11-15 国网思极网安科技(北京)有限公司 Network asset detection method and device, electronic equipment and storage medium
CN115348197B (en) * 2022-06-10 2023-07-21 国网思极网安科技(北京)有限公司 Network asset detection method and device, electronic equipment and storage medium
CN114793204A (en) * 2022-06-27 2022-07-26 山东林天信息科技有限责任公司 Network asset detection method
CN115412471A (en) * 2022-07-12 2022-11-29 广州大学 Distributed stateless port scanning method
CN115567425A (en) * 2022-08-22 2023-01-03 清华大学 Internet distributed active detection method and system
CN115442259A (en) * 2022-08-30 2022-12-06 奇安信网神信息技术(北京)股份有限公司 System identification method and device
CN115794780A (en) * 2023-02-15 2023-03-14 远江盛邦(北京)网络安全科技股份有限公司 Method and device for collecting network space assets, electronic equipment and storage medium
CN116471130A (en) * 2023-06-20 2023-07-21 荣耀终端有限公司 Network asset detection method and device
CN116471130B (en) * 2023-06-20 2023-11-10 荣耀终端有限公司 Network asset detection method and device
CN116915451A (en) * 2023-06-30 2023-10-20 上海螣龙科技有限公司 Network asset scanning system and method based on custom strategy
CN116915451B (en) * 2023-06-30 2024-03-22 上海螣龙科技有限公司 Network asset scanning system, method, computer equipment and computer readable storage medium based on custom strategy
CN116546009A (en) * 2023-07-06 2023-08-04 北京华云安信息技术有限公司 Asset discovery method, device, electronic equipment and storage medium
CN116546009B (en) * 2023-07-06 2023-09-22 北京华云安信息技术有限公司 Asset discovery method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109660401A (en) A kind of distributed network assets detection method
Torabi et al. Detecting Internet abuse by analyzing passive DNS traffic: A survey of implemented systems
Dong et al. Network measurement based modeling and optimization for IP geolocation
Rahman et al. Network modelling and simulation tools
US9001668B2 (en) Endpoint selection in a network test system
WO2009093226A2 (en) A method and apparatus for fingerprinting systems and operating systems in a network
Geddes et al. How low can you go: Balancing performance with anonymity in Tor
Chang et al. Protecting mobile crowd sensing against sybil attacks using cloud based trust management system
US10659335B1 (en) Contextual analyses of network traffic
Lin et al. MREA: a minimum resource expenditure node capture attack in wireless sensor networks
CN111064817B (en) City-level IP positioning method based on node sorting
Traudt et al. Flashflow: A secure speed test for tor
Karame et al. On the security of end-to-end measurements based on packet-pair dispersions
Radoglou-Grammatikis et al. Strategic honeypot deployment in ultra-dense beyond 5g networks: A reinforcement learning approach
Marshall CANDID: classifying assets in networks by determining importance and dependencies
CN103326892B (en) The operating method and device of web interface
Dowling et al. Data-centric framework for adaptive smart city honeynets
Gokulraj et al. Data consistency matrix based data processing model for efficient data storage in wireless sensor networks
Berenguer et al. Radiography of internet autonomous systems interconnection in Latin America and the Caribbean
Claffy et al. The 11th workshop on active internet measurements (aims-11) workshop report
Oliveira et al. Do we need a perfect ground-truth for benchmarking Internet traffic classifiers?
Brunner Reassembler-Towards a Global DDoS Attack Analysis Using Attack Fingerprints
US11516226B2 (en) Contextual analyses of network traffic
Kang Research on anonymous network topology analysis
Singh et al. Distilling command and control network intrusions from network flow metadata using temporal pagerank

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190419