CN110519106A - The determination method, apparatus and electronic equipment of device type in target network - Google Patents
The determination method, apparatus and electronic equipment of device type in target network Download PDFInfo
- Publication number
- CN110519106A CN110519106A CN201910885584.8A CN201910885584A CN110519106A CN 110519106 A CN110519106 A CN 110519106A CN 201910885584 A CN201910885584 A CN 201910885584A CN 110519106 A CN110519106 A CN 110519106A
- Authority
- CN
- China
- Prior art keywords
- data
- device type
- flows
- identification model
- type identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Abstract
The present invention provides a kind of determination method, apparatus of device type in target network and electronic equipments, are related to technical field of the computer network, comprising: obtain the data on flows of target network;The device type for generating data on flows is determined according to data on flows and machine learning algorithm;Device type includes NAT device and host.The present invention preferably improves the applicability of device type identification technology.
Description
Technical field
The present invention relates to technical field of the computer network, more particularly, to a kind of determination side of device type in target network
Method, device and electronic equipment.
Background technique
NAT (Network Address Translation, network address translation) is also known as network masking, and IP masking is being counted
It is a kind of skill that source IP addresses or purpose IP address are rewritten when IP data packet is by router or firewall in calculation machine network
Art, this technology is generally existing to be had multiple host but only passes through under the network scenarios that a public network IP address accesses internet, it
The technology for being a convenience and being used widely also avoids leading while having saved increasingly depleted Ipv4 address resource
Machine is directly exposed to the risk of internet.Existing device type (NAT device and host) identification technology, which mainly passes through, actively to be visited
It surveys, however, the existing device type identification technology based on active probe requires the connectivity at network, and can not detect
The network area of stringent access control, therefore, the existing device type identification technology problem poor there is also applicability.
Summary of the invention
The determination method, apparatus and electronics for being designed to provide device type in a kind of target network of the embodiment of the present invention
Equipment preferably improves the applicability of device type identification technology.
In a first aspect, the embodiment of the present invention provides a kind of determination method of device type in target network, comprising: obtain institute
State the data on flows of target network;The equipment for generating the data on flows is determined according to the data on flows and machine learning algorithm
Type;The device type includes NAT device and host.
In alternative embodiments, described determined according to the data on flows and machine learning algorithm generates the flow
The step of device type of data, comprising: the data on flows is input to preparatory trained device type identification model, is led to
It crosses the device type identification model and determines the device type for generating the data on flows;Wherein, the device type identifies mould
Type is that the data on flows training based on known device type obtains.
In alternative embodiments, the method also includes: obtain the historical traffic data of the NAT device and described
The historical traffic data of host;Filter out the NAT device historical traffic data and the host historical traffic data it
Between variance data;The variance data is divided into multi-group data set by the source IP based on the variance data;From described more
The training data for training device type identification model is chosen in group data set conjunction;By the training data to the equipment
Type identification model is trained, until obtaining trained device type identification model.
In alternative embodiments, the method also includes: from the multi-group data set choose for verifying
State the verify data of device type identification model;The identification for verifying the device type identification model by the verify data is quasi-
True rate;If the recognition accuracy reaches preset threshold, determine that the device type identification model has trained.
In alternative embodiments, the variance data include Web address field, User-Agent field analysis data,
The subscriber identity information of the client release of the designated software of OICQ agreement and designated software, the inside end IP ttl value, in data packet
Row downlink data packet quantity and accounting, data packet upstream and downstream data packet byte number and accounting, data packet TCP/UDP stream quantity and
One of accounting, the distribution of IP packet time interval and DNS data request quantity are a variety of.
Second aspect, the embodiment of the present invention provide a kind of determining device of device type in target network, comprising: flow number
According to module is obtained, for obtaining the data on flows of the target network;Device type determining module, for according to the flow number
According to the device type for determining the generation data on flows with machine learning algorithm;The device type includes NAT device and host.
In alternative embodiments, the device type determining module is further used for inputting the data on flows
To preparatory trained device type identification model, is determined by the device type identification model and generate the data on flows
Device type;Wherein, the device type identification model is that the data on flows training based on known device type obtains.
In alternative embodiments, described device further include: model training module, for obtaining the NAT device
The historical traffic data of historical traffic data and the host;Filter out the NAT device historical traffic data and the master
Variance data between the historical traffic data of machine;The variance data is divided into multiple groups by the source IP based on the variance data
Data acquisition system;The training data for training device type identification model is chosen from the multi-group data set;By described
Training data is trained the device type identification model, until obtaining trained device type identification model.
The third aspect, the embodiment of the invention provides a kind of electronic equipment, including memory, processor, the memories
In be stored with the computer program that can be run on the processor, wherein when the processor executes the computer program
The step of realizing method as described in relation to the first aspect.
Fourth aspect, the embodiment of the invention provides a kind of computer-readable mediums, wherein the computer-readable medium
Computer executable instructions are stored with, the computer executable instructions are when being called and being executed by processor, the computer
Executable instruction promotes the method for the processor realization as described in relation to the first aspect.
The embodiment of the invention provides a kind of determination method, apparatus of device type in target network and electronic equipments, should
Method includes: to obtain the data on flows of target network first;Then it is determined according to data on flows and machine learning algorithm and generates stream
Measure the device type (including NAT device and host) of data.This method mainly passes through the data on flows and engineering of target network
It practises algorithm and determines the device type for generating data on flows in target network, generate flow number due to using machine learning algorithm to determine
According to device type when, the connectivity at network do not required, therefore determined using machine learning algorithm and generate data on flows
The network influence factor that device type is subject to is less, preferably improves the applicability of device type identification technology.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the determination method flow diagram of device type in a kind of target network provided in an embodiment of the present invention;
Fig. 2 is the determination method flow diagram of device type in a kind of target network provided in an embodiment of the present invention;
Fig. 3 is the determination apparatus structure schematic diagram of device type in a kind of target network provided in an embodiment of the present invention;
Fig. 4 is a kind of electronic equipment structural schematic diagram provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.The present invention being usually described and illustrated herein in the accompanying drawings is implemented
The component of example can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed
The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiments of the present invention, this field is common
Technical staff's every other embodiment obtained without creative efforts belongs to the model that the present invention protects
It encloses.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
With reference to the accompanying drawing, it elaborates to some embodiments of the present invention.In the absence of conflict, following
Feature in embodiment and embodiment can be combined with each other.
In view of the existing device type identification technology based on active probe requires the connectivity at network, and can not
Detection has the network area of stringent access control, and there is also the problems that applicability is poor, and the embodiment of the invention provides a kind of mesh
The determination method, apparatus and electronic equipment for marking equipment in network type can be applied to the suitable of lifting means type identification technology
The property used.
For convenient for understanding the present embodiment, first to equipment in a kind of target network disclosed in the embodiment of the present invention
The determination method of type describes in detail.
The embodiment of the invention provides a kind of determination methods of device type in target network, referring to mesh as shown in Figure 1
Mark equipment in network type determination method flow diagram, this method by target network controller execute, this method include with
Lower step S102~step S104:
Step S102: the data on flows of target network is obtained.
Above-mentioned target network can be the computer network for needing that identification types identification is carried out to the data on flows of generation, on
State the data volume that data on flows is transmission over networks.The above-mentioned mode that data on flows is obtained from target network, which can be, to be passed through
Interchanger mirror image obtains in network.
Step S104: the device type for generating data on flows is determined according to data on flows and machine learning algorithm;Equipment class
Type includes NAT device and host.
Above-mentioned machine learning algorithm can be K mean cluster algorithm, decision-tree model, naive Bayesian, neural network and calculate
One of classic algorithms such as method are a variety of.When determining the device type for generating data on flows using machine learning algorithm, lead to
Model can be constructed by crossing above-mentioned machine learning algorithm, and input flow rate data in the model then constructed to machine learning algorithm obtain
To the device type for generating data on flows.
The determination method of device type in above-mentioned target network provided in an embodiment of the present invention mainly passes through target network
Data on flows and machine learning algorithm determine the device type that data on flows is generated in target network, due to using machine learning to calculate
When method determines the device type for generating data on flows, the connectivity at network is not required, therefore true using machine learning algorithm
The network influence factor that the device type of the raw data on flows of fixed output quota is subject to is less, preferably improves device type identification technology
Applicability.
In order to promote the accuracy for determining the device type for generating data on flows, present embodiments provide according to data on flows
The specific embodiment for generating the device type of data on flows is determined with machine learning algorithm: data on flows is input to preparatory instruction
The device type identification model perfected determines the device type for generating data on flows by device type identification model;Wherein, if
Standby type identification model is that the data on flows training based on known device type obtains.Above equipment type identification model can be with
It is constructed when being machine algorithm classical using K mean cluster algorithm, decision-tree model, naive Bayesian, neural network algorithm etc.
The model of device type for identification.Device type identification model is that the data on flows training by known device type obtains
, above-mentioned known device type can be NAT device and host.
Influence in view of device type identification model to device type is determined generates flow in order to further enhance determining
The accuracy of the device type of data, the determination method of device type, further includes following in target network provided in this embodiment
Step specifically can refer to step 1~step 5 and execute:
Step 1: obtaining the historical traffic data of NAT device and the historical traffic data of host.
In order to be trained to device type identification model, the historical traffic of NAT device is obtained first from target network
The historical traffic data of data and host, to use the historical traffic data of above-mentioned NAT device and the historical traffic number of host
According to training device type identification model, so that device type identification model be allow to identify NAT device and host.
Step 2: filtering out the variance data between the historical traffic data of NAT device and the historical traffic data of host.
Above-mentioned variance data is the number that can distinguish feature between the data on flows of NAT device and the data on flows of host
According to due to there is multiple devices in the subsequent internal network of NAT device, the data on flows of data on flows and normal hosts has very big
Difference.Inventor it has been investigated that, above-mentioned variance data (the focus analysis data for being referred to as machine learning) can wrap
Include Web address field, User-Agent field analysis data (for example, OS Type, operating system version number, dbase,
Software version number, hardware brand, ardware model number etc.), the visitor of the client release of the designated software of OICQ agreement and designated software
Family identification information (for example, QQ client release and QQ number code information), the inside end IP ttl value, data packet upstream and downstream data packet
When quantity and accounting, data packet upstream and downstream data packet byte number and accounting, data packet TCP/UDP stream quantity and accounting, IP packet
Between be spaced apart and one of DNS data request quantity or a variety of.
Step 3: variance data is divided by multi-group data set based on the source IP of variance data.
It is known that the device type of each data is generated in above-mentioned multi-group data set.Above-mentioned source IP may refer in network
Equipment, every equipment export has unique IP, passes through the type for distinguishing the available equipment of type of IP.By above-mentioned difference
Data in data with identical sources IP are divided into one group of data, to obtain multi-group data set.
Step 4: the training data for training device type identification model is chosen from multi-group data set.
Above-mentioned training data is the data acquisition system chosen from multi-group data set, for training device type to identify mould
Type, since training data is more, the device type identification model recognition accuracy that training obtains is higher, therefore, can be from multiple groups
Training data as much as possible is chosen in data acquisition system.
Step 5: device type identification model being trained by training data, until obtaining trained device type
Identification model.
Training data is marked, to mark the device type of all training datas, is then inputted training data
Device type identification model carries out more wheel training to device type identification model, until obtaining trained device type identification
Model.
In a kind of specific embodiment, the above method further includes the verification step of device type identification model, specifically
It can refer to following steps (1)~step (3) to execute:
Step (1): the verify data for verifying device type identification model is chosen from multi-group data set.It is above-mentioned to test
Card data are used to examine the recognition accuracy of device type identification model, in order to guarantee the accuracy examined, above-mentioned verify data
It is different data from above-mentioned training data.Since the training data of device type identification model is more, device type identifies mould
The recognition accuracy of type is higher, and above-mentioned multi-group data set can be divided into training data and verifying number according to a certain percentage
According to ratio shared by training data is higher, and the ratio that verify data occupies is lower, for example, the ratio of training data and verify data
Example can be 10/1.
Step (2): the recognition accuracy of device type identification model is verified by verify data.Verify data input is set
Standby type identification model, makes device type identification model identify the device type of above-mentioned verify data, obtains above-mentioned verify data
Recognition result, due in verify data generate data device type be it is known, according to the identification knot of above-mentioned verify data
The known device type of fruit and verify data, the recognition accuracy of available device type identification model.In order to more intuitive
Verification result is observed on ground, and the recognition accuracy that can also be obtained according to multiple authentication device type identification model draws line chart.
Step (3): if recognition accuracy reaches preset threshold, determine that device type identification model has trained.In order to
Recognition accuracy can be reached the device type identification mould of preset threshold by the recognition accuracy for guaranteeing device type identification model
Type is as trained model.If the recognition accuracy of device type identification model is not up to preset threshold, can continue
Device type identification model is trained using training data or acquisition new training data, and using verify data to equipment
Type identification model is verified, until the recognition accuracy of device type identification model reaches preset threshold.
In practical applications, referring to the determination method flow diagram of device type in target network as shown in Figure 2, in utilization
The determination method of device type in target network is stated to the scheme of identification device type, is referred to 202~step of following steps
S208 is executed:
Step 202: obtaining the mirror image data on flows of NAT device and the mirror image data on flows of host in network.
Step 204: by the mirror image data on flows of above-mentioned NAT device and the mirror image data on flows of host according to the different sources IP
Carry out tagsort, and the multiple groups traffic characteristic data that statistical classification obtains.
Step 206: establishing device type identification model using machine learning algorithm, and utilize above-mentioned multiple groups traffic characteristic number
It is trained according to device type identification model, obtains trained device type identification model.
Step 208: the current data on flows of acquisition target network utilizes above-mentioned trained device type identification model pair
Current data on flows is identified, determines the device type (including NAT device and host) for generating the data on flows.
The determination method of device type in above-mentioned target network provided in an embodiment of the present invention, in going through for screening NAT device
When variance data between history data on flows and the historical traffic data of host, by choosing a variety of variance datas as feature stream
Training device type identification model is measured, solves the problems, such as that analysis dimension is single in existing device type identification technology, and base
When the device type identification model identification that the training of multiple variance datas obtains generates the device type of data on flows, do not operated
The behavioural habits of system and user influence, and also carry out accuracy rate verifying to device type identification model using verify data, are promoted
The accuracy of device type identification.
Corresponding to the determination method of preceding aim equipment in network type, the embodiment of the invention provides a kind of target networks
The determining device of middle device type, referring to the determination apparatus structure schematic diagram of device type in target network as shown in Figure 3, packet
It includes:
Data on flows obtains module 31, for obtaining the data on flows of target network.
Device type determining module 32 generates setting for data on flows for determining according to data on flows and machine learning algorithm
Standby type;Device type includes NAT device and host.
The determining device of device type, mainly passes through the flow of target network in above-mentioned target network provided in this embodiment
Data and machine learning algorithm determine the device type that data on flows is generated in target network, due to using machine learning algorithm true
When the device type of the raw data on flows of fixed output quota, the connectivity at network is not required, therefore determined and produced using machine learning algorithm
The network influence factor that the device type of raw data on flows is subject to is less, preferably improves being applicable in for device type identification technology
Property.
In one embodiment, above equipment determination type module 32 is further used for for data on flows being input to pre-
First trained device type identification model determines the device type for generating data on flows by device type identification model;Its
In, device type identification model is that the data on flows training based on known device type obtains.
In one embodiment, above-mentioned apparatus further include:
Model training module, for obtaining the historical traffic data of NAT device and the historical traffic data of host;It filters out
Variance data between the historical traffic data of NAT device and the historical traffic data of host;Source IP based on variance data will
Variance data is divided into multi-group data set;The training for training device type identification model is chosen from multi-group data set
Data;Device type identification model is trained by training data, until obtaining trained device type identification model.
Model authentication module, for choosing the verifying number for verifying device type identification model from multi-group data set
According to;The recognition accuracy of device type identification model is verified by verify data;If recognition accuracy reaches preset threshold, really
Locking equipment type identification model has trained.
In one embodiment, above-mentioned variance data includes Web address field, User-Agent field analysis data, OICQ
Under the subscriber identity information of the client release of the designated software of agreement and designated software, the inside end IP ttl value, data packet uplink
Row data packet number flows quantity with accounting, data packet upstream and downstream data packet byte number and accounting, data packet TCP/UDP and accounts for
Than one of the distribution of, IP packet time interval and DNS data request quantity or a variety of.
The determining device of device type in above-mentioned target network provided in this embodiment, in the history stream of screening NAT device
When measuring the variance data between data and the historical traffic data of host, instructed by choosing a variety of variance datas as feature flow
Practice device type identification model, solves the problems, such as that analysis dimension is single in existing device type identification technology, and based on more
When the device type identification model identification that a variance data training obtains generates the device type of data on flows, not by operating system
It is influenced with the behavioural habits of user, accuracy rate verifying also is carried out to device type identification model using verify data, improves and sets
The accuracy of standby type identification.
The technical effect of device provided by the present embodiment, realization principle and generation is identical with previous embodiment, for letter
It describes, Installation practice part does not refer to place, can refer to corresponding contents in preceding method embodiment.
The embodiment of the invention provides a kind of electronic equipment, electronic devices structure schematic diagram as shown in Figure 4, electronic equipment
Including processor 41, memory 42, the computer program that can be run on the processor is stored in the memory, it is described
The step of processor realizes method provided by the above embodiment when executing the computer program.
Referring to fig. 4, electronic equipment further include: bus 44 and communication interface 43, processor 41, communication interface 43 and memory
42 are connected by bus 44.Processor 41 is for executing the executable module stored in memory 42, such as computer program.
Wherein, memory 42 may include high-speed random access memory (RAM, Random Access Memory),
It may further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least
One communication interface 43 (can be wired or wireless) realizes the communication between the system network element and at least one other network element
Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 44 can be ISA (Industry Standard Architecture, industry standard architecture) bus,
PCI (Peripheral Component Interconnect, Peripheral Component Interconnect standard) bus or EISA (Extended
Industry Standard Architecture, expanding the industrial standard structure) bus etc..It is total that the bus can be divided into address
Line, data/address bus, control bus etc..Only to be indicated with a four-headed arrow in Fig. 4, it is not intended that only one convenient for indicating
Root bus or a type of bus.
Wherein, memory 42 is for storing program, and the processor 41 executes the journey after receiving and executing instruction
Sequence, method performed by the device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied to handle
In device 41, or realized by processor 41.
Processor 41 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side
Each step of method can be completed by the integrated logic circuit of the hardware in processor 41 or the instruction of software form.Above-mentioned
Processor 41 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network
Processor (Network Processor, abbreviation NP) etc..It can also be digital signal processor (Digital Signal
Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable
Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention
Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint
What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing
Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at
Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally
In the storage medium of field maturation.The storage medium is located at memory 42, and processor 41 reads the information in memory 42, in conjunction with
Its hardware completes the step of above method.
The embodiment of the invention provides a kind of computer-readable mediums, wherein the computer-readable medium storage has meter
Calculation machine executable instruction, when being called and being executed by processor, the computer is executable to be referred to the computer executable instructions
Order promotes the processor to realize method described in above-described embodiment.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of determination method of device type in target network characterized by comprising
Obtain the data on flows of the target network;
The device type for generating the data on flows is determined according to the data on flows and machine learning algorithm;The device type
Including NAT device and host.
2. the method according to claim 1, wherein described true according to the data on flows and machine learning algorithm
The step of device type of the raw data on flows of fixed output quota, comprising:
The data on flows is input to preparatory trained device type identification model, passes through the device type identification model
Determine the device type for generating the data on flows;Wherein, the device type identification model is based on known device type
Data on flows training obtains.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
Obtain the historical traffic data of the NAT device and the historical traffic data of the host;
Filter out the variance data between the historical traffic data of the NAT device and the historical traffic data of the host;
The variance data is divided into multi-group data set by the source IP based on the variance data;
The training data for training device type identification model is chosen from the multi-group data set;
The device type identification model is trained by the training data, is known until obtaining trained device type
Other model.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
The verify data for verifying the device type identification model is chosen from the multi-group data set;
The recognition accuracy of the device type identification model is verified by the verify data;
If the recognition accuracy reaches preset threshold, determine that the device type identification model has trained.
5. according to the method described in claim 3, it is characterized in that, the variance data includes Web address field, User-Agent
Field analysis data, the subscriber identity information of the client release of the designated software of OICQ agreement and designated software, the inside end IP
Ttl value, data packet upstream and downstream data packet number and accounting, data packet upstream and downstream data packet byte number and accounting, data packet
TCP/UDP flows one of quantity and accounting, the distribution of IP packet time interval and DNS data request quantity or a variety of.
6. the determining device of device type in a kind of target network characterized by comprising
Data on flows obtains module, for obtaining the data on flows of the target network;
Device type determining module generates the data on flows for determining according to the data on flows and machine learning algorithm
Device type;The device type includes NAT device and host.
7. device according to claim 6, which is characterized in that the device type determining module is further used for institute
It states data on flows and is input to preparatory trained device type identification model, determined and generated by the device type identification model
The device type of the data on flows;Wherein, the device type identification model is the data on flows based on known device type
What training obtained.
8. device according to claim 7, which is characterized in that described device further include:
Model training module, for obtaining the historical traffic data of the NAT device and the historical traffic data of the host;Sieve
Select the variance data between the historical traffic data of the NAT device and the historical traffic data of the host;Based on described
The variance data is divided into multi-group data set by the source IP of variance data;It chooses from the multi-group data set for instructing
Practice the training data of device type identification model;The device type identification model is trained by the training data,
Until obtaining trained device type identification model.
9. a kind of electronic equipment, including memory, processor, be stored in the memory to run on the processor
Computer program, which is characterized in that the processor realizes any one of the claims 1-5 when executing the computer program
The method.
10. a kind of computer-readable medium, which is characterized in that the computer-readable medium storage has computer is executable to refer to
It enables, for the computer executable instructions when being called and being executed by processor, the computer executable instructions promote the place
It manages device and realizes the described in any item methods of claim 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910885584.8A CN110519106A (en) | 2019-09-18 | 2019-09-18 | The determination method, apparatus and electronic equipment of device type in target network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910885584.8A CN110519106A (en) | 2019-09-18 | 2019-09-18 | The determination method, apparatus and electronic equipment of device type in target network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110519106A true CN110519106A (en) | 2019-11-29 |
Family
ID=68632872
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910885584.8A Pending CN110519106A (en) | 2019-09-18 | 2019-09-18 | The determination method, apparatus and electronic equipment of device type in target network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110519106A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111027048A (en) * | 2019-12-11 | 2020-04-17 | 北京天融信网络安全技术有限公司 | Operating system identification method and device, electronic equipment and storage medium |
CN111711946A (en) * | 2020-06-28 | 2020-09-25 | 北京司马科技有限公司 | IoT (Internet of things) equipment identification method and identification system under encrypted wireless network |
CN113255724A (en) * | 2021-04-15 | 2021-08-13 | 国家计算机网络与信息安全管理中心 | Method and device for identifying node type, computer storage medium and terminal |
WO2022156492A1 (en) * | 2021-01-20 | 2022-07-28 | 华为技术有限公司 | Method for determining type of terminal device and related device |
CN115021986A (en) * | 2022-05-24 | 2022-09-06 | 中国科学院计算技术研究所 | Construction method and device for Internet of things equipment identification deployable model |
CN115866582A (en) * | 2022-11-29 | 2023-03-28 | 中国联合网络通信集团有限公司 | Equipment identification method, device, equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103152325A (en) * | 2013-01-30 | 2013-06-12 | 深信服网络科技(深圳)有限公司 | Method and device for preventing visiting internet through sharing mode |
CN105897777A (en) * | 2016-06-28 | 2016-08-24 | 合肥酷睿网络科技有限公司 | NAT (Network Address Translation) identification method based on network traffic characteristics |
CN108259637A (en) * | 2017-11-30 | 2018-07-06 | 湖北大学 | A kind of NAT device recognition methods and device based on decision tree |
-
2019
- 2019-09-18 CN CN201910885584.8A patent/CN110519106A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103152325A (en) * | 2013-01-30 | 2013-06-12 | 深信服网络科技(深圳)有限公司 | Method and device for preventing visiting internet through sharing mode |
CN105897777A (en) * | 2016-06-28 | 2016-08-24 | 合肥酷睿网络科技有限公司 | NAT (Network Address Translation) identification method based on network traffic characteristics |
CN108259637A (en) * | 2017-11-30 | 2018-07-06 | 湖北大学 | A kind of NAT device recognition methods and device based on decision tree |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111027048A (en) * | 2019-12-11 | 2020-04-17 | 北京天融信网络安全技术有限公司 | Operating system identification method and device, electronic equipment and storage medium |
CN111027048B (en) * | 2019-12-11 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Operating system identification method and device, electronic equipment and storage medium |
CN111711946A (en) * | 2020-06-28 | 2020-09-25 | 北京司马科技有限公司 | IoT (Internet of things) equipment identification method and identification system under encrypted wireless network |
WO2022156492A1 (en) * | 2021-01-20 | 2022-07-28 | 华为技术有限公司 | Method for determining type of terminal device and related device |
CN113255724A (en) * | 2021-04-15 | 2021-08-13 | 国家计算机网络与信息安全管理中心 | Method and device for identifying node type, computer storage medium and terminal |
CN115021986A (en) * | 2022-05-24 | 2022-09-06 | 中国科学院计算技术研究所 | Construction method and device for Internet of things equipment identification deployable model |
CN115866582A (en) * | 2022-11-29 | 2023-03-28 | 中国联合网络通信集团有限公司 | Equipment identification method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110519106A (en) | The determination method, apparatus and electronic equipment of device type in target network | |
CN110213227B (en) | Network data flow detection method and device | |
CN110532168B (en) | Full-link interface pressure measurement method and device, computer equipment and storage medium | |
WO2019214309A1 (en) | Model test method and device | |
CN109885452B (en) | Performance monitoring method and device and terminal equipment | |
CN108255725B (en) | Test method and device | |
JPWO2018105330A1 (en) | Information processing method, information processing system, and program | |
CN110535727A (en) | Asset identification method and apparatus | |
CN109167812B (en) | Method for evaluating service quality and determining adjustment strategy, server and storage medium | |
CN111371638A (en) | Intelligent equipment testing method and device, server and storage medium | |
CN110519290A (en) | Anomalous traffic detection method, device and electronic equipment | |
CN108319550A (en) | A kind of test system and test method | |
CN110808994A (en) | Method and device for detecting brute force cracking operation and server | |
CN110321457A (en) | Access log resolution rules generation method and device, log analytic method and system | |
CN110457137A (en) | Flow analytic method, device, electronic equipment and computer-readable medium | |
CN114785567A (en) | Traffic identification method, device, equipment and medium | |
CN108234687B (en) | Intelligent IP address configuration method and device and terminal equipment | |
CN112437022B (en) | Network traffic identification method, device and computer storage medium | |
CN109522296A (en) | A kind of Engine ECU Data Matching scaling method and device | |
CN109389014A (en) | Apply detection method, device and the electronic equipment of license plate vehicle | |
CN107948022B (en) | Identification method and identification device for peer-to-peer network traffic | |
CN108170403B (en) | Data screening method and device | |
CN107025294B (en) | Information acquisition method and device | |
CN109002544A (en) | A kind of data processing method, device and computer-readable medium | |
CN108108306A (en) | A kind of method and system for improving packet parsing test coverage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191129 |
|
RJ01 | Rejection of invention patent application after publication |