CN110519106A - The determination method, apparatus and electronic equipment of device type in target network - Google Patents

The determination method, apparatus and electronic equipment of device type in target network Download PDF

Info

Publication number
CN110519106A
CN110519106A CN201910885584.8A CN201910885584A CN110519106A CN 110519106 A CN110519106 A CN 110519106A CN 201910885584 A CN201910885584 A CN 201910885584A CN 110519106 A CN110519106 A CN 110519106A
Authority
CN
China
Prior art keywords
data
device type
flows
identification model
type identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910885584.8A
Other languages
Chinese (zh)
Inventor
郭昱蔚
赵卓成
马奥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Zhongfu Information Technology Co Ltd
Original Assignee
Nanjing Zhongfu Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Zhongfu Information Technology Co Ltd filed Critical Nanjing Zhongfu Information Technology Co Ltd
Priority to CN201910885584.8A priority Critical patent/CN110519106A/en
Publication of CN110519106A publication Critical patent/CN110519106A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters

Abstract

The present invention provides a kind of determination method, apparatus of device type in target network and electronic equipments, are related to technical field of the computer network, comprising: obtain the data on flows of target network;The device type for generating data on flows is determined according to data on flows and machine learning algorithm;Device type includes NAT device and host.The present invention preferably improves the applicability of device type identification technology.

Description

The determination method, apparatus and electronic equipment of device type in target network
Technical field
The present invention relates to technical field of the computer network, more particularly, to a kind of determination side of device type in target network Method, device and electronic equipment.
Background technique
NAT (Network Address Translation, network address translation) is also known as network masking, and IP masking is being counted It is a kind of skill that source IP addresses or purpose IP address are rewritten when IP data packet is by router or firewall in calculation machine network Art, this technology is generally existing to be had multiple host but only passes through under the network scenarios that a public network IP address accesses internet, it The technology for being a convenience and being used widely also avoids leading while having saved increasingly depleted Ipv4 address resource Machine is directly exposed to the risk of internet.Existing device type (NAT device and host) identification technology, which mainly passes through, actively to be visited It surveys, however, the existing device type identification technology based on active probe requires the connectivity at network, and can not detect The network area of stringent access control, therefore, the existing device type identification technology problem poor there is also applicability.
Summary of the invention
The determination method, apparatus and electronics for being designed to provide device type in a kind of target network of the embodiment of the present invention Equipment preferably improves the applicability of device type identification technology.
In a first aspect, the embodiment of the present invention provides a kind of determination method of device type in target network, comprising: obtain institute State the data on flows of target network;The equipment for generating the data on flows is determined according to the data on flows and machine learning algorithm Type;The device type includes NAT device and host.
In alternative embodiments, described determined according to the data on flows and machine learning algorithm generates the flow The step of device type of data, comprising: the data on flows is input to preparatory trained device type identification model, is led to It crosses the device type identification model and determines the device type for generating the data on flows;Wherein, the device type identifies mould Type is that the data on flows training based on known device type obtains.
In alternative embodiments, the method also includes: obtain the historical traffic data of the NAT device and described The historical traffic data of host;Filter out the NAT device historical traffic data and the host historical traffic data it Between variance data;The variance data is divided into multi-group data set by the source IP based on the variance data;From described more The training data for training device type identification model is chosen in group data set conjunction;By the training data to the equipment Type identification model is trained, until obtaining trained device type identification model.
In alternative embodiments, the method also includes: from the multi-group data set choose for verifying State the verify data of device type identification model;The identification for verifying the device type identification model by the verify data is quasi- True rate;If the recognition accuracy reaches preset threshold, determine that the device type identification model has trained.
In alternative embodiments, the variance data include Web address field, User-Agent field analysis data, The subscriber identity information of the client release of the designated software of OICQ agreement and designated software, the inside end IP ttl value, in data packet Row downlink data packet quantity and accounting, data packet upstream and downstream data packet byte number and accounting, data packet TCP/UDP stream quantity and One of accounting, the distribution of IP packet time interval and DNS data request quantity are a variety of.
Second aspect, the embodiment of the present invention provide a kind of determining device of device type in target network, comprising: flow number According to module is obtained, for obtaining the data on flows of the target network;Device type determining module, for according to the flow number According to the device type for determining the generation data on flows with machine learning algorithm;The device type includes NAT device and host.
In alternative embodiments, the device type determining module is further used for inputting the data on flows To preparatory trained device type identification model, is determined by the device type identification model and generate the data on flows Device type;Wherein, the device type identification model is that the data on flows training based on known device type obtains.
In alternative embodiments, described device further include: model training module, for obtaining the NAT device The historical traffic data of historical traffic data and the host;Filter out the NAT device historical traffic data and the master Variance data between the historical traffic data of machine;The variance data is divided into multiple groups by the source IP based on the variance data Data acquisition system;The training data for training device type identification model is chosen from the multi-group data set;By described Training data is trained the device type identification model, until obtaining trained device type identification model.
The third aspect, the embodiment of the invention provides a kind of electronic equipment, including memory, processor, the memories In be stored with the computer program that can be run on the processor, wherein when the processor executes the computer program The step of realizing method as described in relation to the first aspect.
Fourth aspect, the embodiment of the invention provides a kind of computer-readable mediums, wherein the computer-readable medium Computer executable instructions are stored with, the computer executable instructions are when being called and being executed by processor, the computer Executable instruction promotes the method for the processor realization as described in relation to the first aspect.
The embodiment of the invention provides a kind of determination method, apparatus of device type in target network and electronic equipments, should Method includes: to obtain the data on flows of target network first;Then it is determined according to data on flows and machine learning algorithm and generates stream Measure the device type (including NAT device and host) of data.This method mainly passes through the data on flows and engineering of target network It practises algorithm and determines the device type for generating data on flows in target network, generate flow number due to using machine learning algorithm to determine According to device type when, the connectivity at network do not required, therefore determined using machine learning algorithm and generate data on flows The network influence factor that device type is subject to is less, preferably improves the applicability of device type identification technology.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the determination method flow diagram of device type in a kind of target network provided in an embodiment of the present invention;
Fig. 2 is the determination method flow diagram of device type in a kind of target network provided in an embodiment of the present invention;
Fig. 3 is the determination apparatus structure schematic diagram of device type in a kind of target network provided in an embodiment of the present invention;
Fig. 4 is a kind of electronic equipment structural schematic diagram provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.The present invention being usually described and illustrated herein in the accompanying drawings is implemented The component of example can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiments of the present invention, this field is common Technical staff's every other embodiment obtained without creative efforts belongs to the model that the present invention protects It encloses.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
With reference to the accompanying drawing, it elaborates to some embodiments of the present invention.In the absence of conflict, following Feature in embodiment and embodiment can be combined with each other.
In view of the existing device type identification technology based on active probe requires the connectivity at network, and can not Detection has the network area of stringent access control, and there is also the problems that applicability is poor, and the embodiment of the invention provides a kind of mesh The determination method, apparatus and electronic equipment for marking equipment in network type can be applied to the suitable of lifting means type identification technology The property used.
For convenient for understanding the present embodiment, first to equipment in a kind of target network disclosed in the embodiment of the present invention The determination method of type describes in detail.
The embodiment of the invention provides a kind of determination methods of device type in target network, referring to mesh as shown in Figure 1 Mark equipment in network type determination method flow diagram, this method by target network controller execute, this method include with Lower step S102~step S104:
Step S102: the data on flows of target network is obtained.
Above-mentioned target network can be the computer network for needing that identification types identification is carried out to the data on flows of generation, on State the data volume that data on flows is transmission over networks.The above-mentioned mode that data on flows is obtained from target network, which can be, to be passed through Interchanger mirror image obtains in network.
Step S104: the device type for generating data on flows is determined according to data on flows and machine learning algorithm;Equipment class Type includes NAT device and host.
Above-mentioned machine learning algorithm can be K mean cluster algorithm, decision-tree model, naive Bayesian, neural network and calculate One of classic algorithms such as method are a variety of.When determining the device type for generating data on flows using machine learning algorithm, lead to Model can be constructed by crossing above-mentioned machine learning algorithm, and input flow rate data in the model then constructed to machine learning algorithm obtain To the device type for generating data on flows.
The determination method of device type in above-mentioned target network provided in an embodiment of the present invention mainly passes through target network Data on flows and machine learning algorithm determine the device type that data on flows is generated in target network, due to using machine learning to calculate When method determines the device type for generating data on flows, the connectivity at network is not required, therefore true using machine learning algorithm The network influence factor that the device type of the raw data on flows of fixed output quota is subject to is less, preferably improves device type identification technology Applicability.
In order to promote the accuracy for determining the device type for generating data on flows, present embodiments provide according to data on flows The specific embodiment for generating the device type of data on flows is determined with machine learning algorithm: data on flows is input to preparatory instruction The device type identification model perfected determines the device type for generating data on flows by device type identification model;Wherein, if Standby type identification model is that the data on flows training based on known device type obtains.Above equipment type identification model can be with It is constructed when being machine algorithm classical using K mean cluster algorithm, decision-tree model, naive Bayesian, neural network algorithm etc. The model of device type for identification.Device type identification model is that the data on flows training by known device type obtains , above-mentioned known device type can be NAT device and host.
Influence in view of device type identification model to device type is determined generates flow in order to further enhance determining The accuracy of the device type of data, the determination method of device type, further includes following in target network provided in this embodiment Step specifically can refer to step 1~step 5 and execute:
Step 1: obtaining the historical traffic data of NAT device and the historical traffic data of host.
In order to be trained to device type identification model, the historical traffic of NAT device is obtained first from target network The historical traffic data of data and host, to use the historical traffic data of above-mentioned NAT device and the historical traffic number of host According to training device type identification model, so that device type identification model be allow to identify NAT device and host.
Step 2: filtering out the variance data between the historical traffic data of NAT device and the historical traffic data of host.
Above-mentioned variance data is the number that can distinguish feature between the data on flows of NAT device and the data on flows of host According to due to there is multiple devices in the subsequent internal network of NAT device, the data on flows of data on flows and normal hosts has very big Difference.Inventor it has been investigated that, above-mentioned variance data (the focus analysis data for being referred to as machine learning) can wrap Include Web address field, User-Agent field analysis data (for example, OS Type, operating system version number, dbase, Software version number, hardware brand, ardware model number etc.), the visitor of the client release of the designated software of OICQ agreement and designated software Family identification information (for example, QQ client release and QQ number code information), the inside end IP ttl value, data packet upstream and downstream data packet When quantity and accounting, data packet upstream and downstream data packet byte number and accounting, data packet TCP/UDP stream quantity and accounting, IP packet Between be spaced apart and one of DNS data request quantity or a variety of.
Step 3: variance data is divided by multi-group data set based on the source IP of variance data.
It is known that the device type of each data is generated in above-mentioned multi-group data set.Above-mentioned source IP may refer in network Equipment, every equipment export has unique IP, passes through the type for distinguishing the available equipment of type of IP.By above-mentioned difference Data in data with identical sources IP are divided into one group of data, to obtain multi-group data set.
Step 4: the training data for training device type identification model is chosen from multi-group data set.
Above-mentioned training data is the data acquisition system chosen from multi-group data set, for training device type to identify mould Type, since training data is more, the device type identification model recognition accuracy that training obtains is higher, therefore, can be from multiple groups Training data as much as possible is chosen in data acquisition system.
Step 5: device type identification model being trained by training data, until obtaining trained device type Identification model.
Training data is marked, to mark the device type of all training datas, is then inputted training data Device type identification model carries out more wheel training to device type identification model, until obtaining trained device type identification Model.
In a kind of specific embodiment, the above method further includes the verification step of device type identification model, specifically It can refer to following steps (1)~step (3) to execute:
Step (1): the verify data for verifying device type identification model is chosen from multi-group data set.It is above-mentioned to test Card data are used to examine the recognition accuracy of device type identification model, in order to guarantee the accuracy examined, above-mentioned verify data It is different data from above-mentioned training data.Since the training data of device type identification model is more, device type identifies mould The recognition accuracy of type is higher, and above-mentioned multi-group data set can be divided into training data and verifying number according to a certain percentage According to ratio shared by training data is higher, and the ratio that verify data occupies is lower, for example, the ratio of training data and verify data Example can be 10/1.
Step (2): the recognition accuracy of device type identification model is verified by verify data.Verify data input is set Standby type identification model, makes device type identification model identify the device type of above-mentioned verify data, obtains above-mentioned verify data Recognition result, due in verify data generate data device type be it is known, according to the identification knot of above-mentioned verify data The known device type of fruit and verify data, the recognition accuracy of available device type identification model.In order to more intuitive Verification result is observed on ground, and the recognition accuracy that can also be obtained according to multiple authentication device type identification model draws line chart.
Step (3): if recognition accuracy reaches preset threshold, determine that device type identification model has trained.In order to Recognition accuracy can be reached the device type identification mould of preset threshold by the recognition accuracy for guaranteeing device type identification model Type is as trained model.If the recognition accuracy of device type identification model is not up to preset threshold, can continue Device type identification model is trained using training data or acquisition new training data, and using verify data to equipment Type identification model is verified, until the recognition accuracy of device type identification model reaches preset threshold.
In practical applications, referring to the determination method flow diagram of device type in target network as shown in Figure 2, in utilization The determination method of device type in target network is stated to the scheme of identification device type, is referred to 202~step of following steps S208 is executed:
Step 202: obtaining the mirror image data on flows of NAT device and the mirror image data on flows of host in network.
Step 204: by the mirror image data on flows of above-mentioned NAT device and the mirror image data on flows of host according to the different sources IP Carry out tagsort, and the multiple groups traffic characteristic data that statistical classification obtains.
Step 206: establishing device type identification model using machine learning algorithm, and utilize above-mentioned multiple groups traffic characteristic number It is trained according to device type identification model, obtains trained device type identification model.
Step 208: the current data on flows of acquisition target network utilizes above-mentioned trained device type identification model pair Current data on flows is identified, determines the device type (including NAT device and host) for generating the data on flows.
The determination method of device type in above-mentioned target network provided in an embodiment of the present invention, in going through for screening NAT device When variance data between history data on flows and the historical traffic data of host, by choosing a variety of variance datas as feature stream Training device type identification model is measured, solves the problems, such as that analysis dimension is single in existing device type identification technology, and base When the device type identification model identification that the training of multiple variance datas obtains generates the device type of data on flows, do not operated The behavioural habits of system and user influence, and also carry out accuracy rate verifying to device type identification model using verify data, are promoted The accuracy of device type identification.
Corresponding to the determination method of preceding aim equipment in network type, the embodiment of the invention provides a kind of target networks The determining device of middle device type, referring to the determination apparatus structure schematic diagram of device type in target network as shown in Figure 3, packet It includes:
Data on flows obtains module 31, for obtaining the data on flows of target network.
Device type determining module 32 generates setting for data on flows for determining according to data on flows and machine learning algorithm Standby type;Device type includes NAT device and host.
The determining device of device type, mainly passes through the flow of target network in above-mentioned target network provided in this embodiment Data and machine learning algorithm determine the device type that data on flows is generated in target network, due to using machine learning algorithm true When the device type of the raw data on flows of fixed output quota, the connectivity at network is not required, therefore determined and produced using machine learning algorithm The network influence factor that the device type of raw data on flows is subject to is less, preferably improves being applicable in for device type identification technology Property.
In one embodiment, above equipment determination type module 32 is further used for for data on flows being input to pre- First trained device type identification model determines the device type for generating data on flows by device type identification model;Its In, device type identification model is that the data on flows training based on known device type obtains.
In one embodiment, above-mentioned apparatus further include:
Model training module, for obtaining the historical traffic data of NAT device and the historical traffic data of host;It filters out Variance data between the historical traffic data of NAT device and the historical traffic data of host;Source IP based on variance data will Variance data is divided into multi-group data set;The training for training device type identification model is chosen from multi-group data set Data;Device type identification model is trained by training data, until obtaining trained device type identification model.
Model authentication module, for choosing the verifying number for verifying device type identification model from multi-group data set According to;The recognition accuracy of device type identification model is verified by verify data;If recognition accuracy reaches preset threshold, really Locking equipment type identification model has trained.
In one embodiment, above-mentioned variance data includes Web address field, User-Agent field analysis data, OICQ Under the subscriber identity information of the client release of the designated software of agreement and designated software, the inside end IP ttl value, data packet uplink Row data packet number flows quantity with accounting, data packet upstream and downstream data packet byte number and accounting, data packet TCP/UDP and accounts for Than one of the distribution of, IP packet time interval and DNS data request quantity or a variety of.
The determining device of device type in above-mentioned target network provided in this embodiment, in the history stream of screening NAT device When measuring the variance data between data and the historical traffic data of host, instructed by choosing a variety of variance datas as feature flow Practice device type identification model, solves the problems, such as that analysis dimension is single in existing device type identification technology, and based on more When the device type identification model identification that a variance data training obtains generates the device type of data on flows, not by operating system It is influenced with the behavioural habits of user, accuracy rate verifying also is carried out to device type identification model using verify data, improves and sets The accuracy of standby type identification.
The technical effect of device provided by the present embodiment, realization principle and generation is identical with previous embodiment, for letter It describes, Installation practice part does not refer to place, can refer to corresponding contents in preceding method embodiment.
The embodiment of the invention provides a kind of electronic equipment, electronic devices structure schematic diagram as shown in Figure 4, electronic equipment Including processor 41, memory 42, the computer program that can be run on the processor is stored in the memory, it is described The step of processor realizes method provided by the above embodiment when executing the computer program.
Referring to fig. 4, electronic equipment further include: bus 44 and communication interface 43, processor 41, communication interface 43 and memory 42 are connected by bus 44.Processor 41 is for executing the executable module stored in memory 42, such as computer program.
Wherein, memory 42 may include high-speed random access memory (RAM, Random Access Memory), It may further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least One communication interface 43 (can be wired or wireless) realizes the communication between the system network element and at least one other network element Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 44 can be ISA (Industry Standard Architecture, industry standard architecture) bus, PCI (Peripheral Component Interconnect, Peripheral Component Interconnect standard) bus or EISA (Extended Industry Standard Architecture, expanding the industrial standard structure) bus etc..It is total that the bus can be divided into address Line, data/address bus, control bus etc..Only to be indicated with a four-headed arrow in Fig. 4, it is not intended that only one convenient for indicating Root bus or a type of bus.
Wherein, memory 42 is for storing program, and the processor 41 executes the journey after receiving and executing instruction Sequence, method performed by the device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied to handle In device 41, or realized by processor 41.
Processor 41 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side Each step of method can be completed by the integrated logic circuit of the hardware in processor 41 or the instruction of software form.Above-mentioned Processor 41 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network Processor (Network Processor, abbreviation NP) etc..It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally In the storage medium of field maturation.The storage medium is located at memory 42, and processor 41 reads the information in memory 42, in conjunction with Its hardware completes the step of above method.
The embodiment of the invention provides a kind of computer-readable mediums, wherein the computer-readable medium storage has meter Calculation machine executable instruction, when being called and being executed by processor, the computer is executable to be referred to the computer executable instructions Order promotes the processor to realize method described in above-described embodiment.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (10)

1. a kind of determination method of device type in target network characterized by comprising
Obtain the data on flows of the target network;
The device type for generating the data on flows is determined according to the data on flows and machine learning algorithm;The device type Including NAT device and host.
2. the method according to claim 1, wherein described true according to the data on flows and machine learning algorithm The step of device type of the raw data on flows of fixed output quota, comprising:
The data on flows is input to preparatory trained device type identification model, passes through the device type identification model Determine the device type for generating the data on flows;Wherein, the device type identification model is based on known device type Data on flows training obtains.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
Obtain the historical traffic data of the NAT device and the historical traffic data of the host;
Filter out the variance data between the historical traffic data of the NAT device and the historical traffic data of the host;
The variance data is divided into multi-group data set by the source IP based on the variance data;
The training data for training device type identification model is chosen from the multi-group data set;
The device type identification model is trained by the training data, is known until obtaining trained device type Other model.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
The verify data for verifying the device type identification model is chosen from the multi-group data set;
The recognition accuracy of the device type identification model is verified by the verify data;
If the recognition accuracy reaches preset threshold, determine that the device type identification model has trained.
5. according to the method described in claim 3, it is characterized in that, the variance data includes Web address field, User-Agent Field analysis data, the subscriber identity information of the client release of the designated software of OICQ agreement and designated software, the inside end IP Ttl value, data packet upstream and downstream data packet number and accounting, data packet upstream and downstream data packet byte number and accounting, data packet TCP/UDP flows one of quantity and accounting, the distribution of IP packet time interval and DNS data request quantity or a variety of.
6. the determining device of device type in a kind of target network characterized by comprising
Data on flows obtains module, for obtaining the data on flows of the target network;
Device type determining module generates the data on flows for determining according to the data on flows and machine learning algorithm Device type;The device type includes NAT device and host.
7. device according to claim 6, which is characterized in that the device type determining module is further used for institute It states data on flows and is input to preparatory trained device type identification model, determined and generated by the device type identification model The device type of the data on flows;Wherein, the device type identification model is the data on flows based on known device type What training obtained.
8. device according to claim 7, which is characterized in that described device further include:
Model training module, for obtaining the historical traffic data of the NAT device and the historical traffic data of the host;Sieve Select the variance data between the historical traffic data of the NAT device and the historical traffic data of the host;Based on described The variance data is divided into multi-group data set by the source IP of variance data;It chooses from the multi-group data set for instructing Practice the training data of device type identification model;The device type identification model is trained by the training data, Until obtaining trained device type identification model.
9. a kind of electronic equipment, including memory, processor, be stored in the memory to run on the processor Computer program, which is characterized in that the processor realizes any one of the claims 1-5 when executing the computer program The method.
10. a kind of computer-readable medium, which is characterized in that the computer-readable medium storage has computer is executable to refer to It enables, for the computer executable instructions when being called and being executed by processor, the computer executable instructions promote the place It manages device and realizes the described in any item methods of claim 1-5.
CN201910885584.8A 2019-09-18 2019-09-18 The determination method, apparatus and electronic equipment of device type in target network Pending CN110519106A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910885584.8A CN110519106A (en) 2019-09-18 2019-09-18 The determination method, apparatus and electronic equipment of device type in target network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910885584.8A CN110519106A (en) 2019-09-18 2019-09-18 The determination method, apparatus and electronic equipment of device type in target network

Publications (1)

Publication Number Publication Date
CN110519106A true CN110519106A (en) 2019-11-29

Family

ID=68632872

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910885584.8A Pending CN110519106A (en) 2019-09-18 2019-09-18 The determination method, apparatus and electronic equipment of device type in target network

Country Status (1)

Country Link
CN (1) CN110519106A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111027048A (en) * 2019-12-11 2020-04-17 北京天融信网络安全技术有限公司 Operating system identification method and device, electronic equipment and storage medium
CN111711946A (en) * 2020-06-28 2020-09-25 北京司马科技有限公司 IoT (Internet of things) equipment identification method and identification system under encrypted wireless network
CN113255724A (en) * 2021-04-15 2021-08-13 国家计算机网络与信息安全管理中心 Method and device for identifying node type, computer storage medium and terminal
WO2022156492A1 (en) * 2021-01-20 2022-07-28 华为技术有限公司 Method for determining type of terminal device and related device
CN115021986A (en) * 2022-05-24 2022-09-06 中国科学院计算技术研究所 Construction method and device for Internet of things equipment identification deployable model
CN115866582A (en) * 2022-11-29 2023-03-28 中国联合网络通信集团有限公司 Equipment identification method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152325A (en) * 2013-01-30 2013-06-12 深信服网络科技(深圳)有限公司 Method and device for preventing visiting internet through sharing mode
CN105897777A (en) * 2016-06-28 2016-08-24 合肥酷睿网络科技有限公司 NAT (Network Address Translation) identification method based on network traffic characteristics
CN108259637A (en) * 2017-11-30 2018-07-06 湖北大学 A kind of NAT device recognition methods and device based on decision tree

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152325A (en) * 2013-01-30 2013-06-12 深信服网络科技(深圳)有限公司 Method and device for preventing visiting internet through sharing mode
CN105897777A (en) * 2016-06-28 2016-08-24 合肥酷睿网络科技有限公司 NAT (Network Address Translation) identification method based on network traffic characteristics
CN108259637A (en) * 2017-11-30 2018-07-06 湖北大学 A kind of NAT device recognition methods and device based on decision tree

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111027048A (en) * 2019-12-11 2020-04-17 北京天融信网络安全技术有限公司 Operating system identification method and device, electronic equipment and storage medium
CN111027048B (en) * 2019-12-11 2022-09-16 北京天融信网络安全技术有限公司 Operating system identification method and device, electronic equipment and storage medium
CN111711946A (en) * 2020-06-28 2020-09-25 北京司马科技有限公司 IoT (Internet of things) equipment identification method and identification system under encrypted wireless network
WO2022156492A1 (en) * 2021-01-20 2022-07-28 华为技术有限公司 Method for determining type of terminal device and related device
CN113255724A (en) * 2021-04-15 2021-08-13 国家计算机网络与信息安全管理中心 Method and device for identifying node type, computer storage medium and terminal
CN115021986A (en) * 2022-05-24 2022-09-06 中国科学院计算技术研究所 Construction method and device for Internet of things equipment identification deployable model
CN115866582A (en) * 2022-11-29 2023-03-28 中国联合网络通信集团有限公司 Equipment identification method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110519106A (en) The determination method, apparatus and electronic equipment of device type in target network
CN110213227B (en) Network data flow detection method and device
CN110532168B (en) Full-link interface pressure measurement method and device, computer equipment and storage medium
WO2019214309A1 (en) Model test method and device
CN109885452B (en) Performance monitoring method and device and terminal equipment
CN108255725B (en) Test method and device
JPWO2018105330A1 (en) Information processing method, information processing system, and program
CN110535727A (en) Asset identification method and apparatus
CN109167812B (en) Method for evaluating service quality and determining adjustment strategy, server and storage medium
CN111371638A (en) Intelligent equipment testing method and device, server and storage medium
CN110519290A (en) Anomalous traffic detection method, device and electronic equipment
CN108319550A (en) A kind of test system and test method
CN110808994A (en) Method and device for detecting brute force cracking operation and server
CN110321457A (en) Access log resolution rules generation method and device, log analytic method and system
CN110457137A (en) Flow analytic method, device, electronic equipment and computer-readable medium
CN114785567A (en) Traffic identification method, device, equipment and medium
CN108234687B (en) Intelligent IP address configuration method and device and terminal equipment
CN112437022B (en) Network traffic identification method, device and computer storage medium
CN109522296A (en) A kind of Engine ECU Data Matching scaling method and device
CN109389014A (en) Apply detection method, device and the electronic equipment of license plate vehicle
CN107948022B (en) Identification method and identification device for peer-to-peer network traffic
CN108170403B (en) Data screening method and device
CN107025294B (en) Information acquisition method and device
CN109002544A (en) A kind of data processing method, device and computer-readable medium
CN108108306A (en) A kind of method and system for improving packet parsing test coverage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191129

RJ01 Rejection of invention patent application after publication