CN111625807A - Equipment type identification method and device - Google Patents
Equipment type identification method and device Download PDFInfo
- Publication number
- CN111625807A CN111625807A CN202010233782.9A CN202010233782A CN111625807A CN 111625807 A CN111625807 A CN 111625807A CN 202010233782 A CN202010233782 A CN 202010233782A CN 111625807 A CN111625807 A CN 111625807A
- Authority
- CN
- China
- Prior art keywords
- equipment
- identification
- type
- identification feature
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a device type identification method and a device, which are characterized in that an identification characteristic reference library with initial data is established according to device information of medical advice, and then the unknown device is identified by matching with the reference library, and meanwhile, the dynamic update of the reference library is kept. That is, the identification of the equipment type depends on the identification characteristic reference library, and the development of the reference library is supplemented by continuous equipment type identification, so that the characteristic data of the reference library is ensured to be in a real-time updating state, and more accurate identification is provided.
Description
Technical Field
The invention belongs to the technical field of computer communication and network access control, and particularly relates to an equipment type identification method and an identification device of an application identification method.
Background
With the development of information technology, more and more devices and terminals access the internet, and particularly for enterprises, in order to meet the requirements of work and business, the types and models of the devices are numerous, so that various security problems such as illegal occupation of enterprise networks and information resources, virus and Trojan flooding, enterprise data disclosure, unauthorized access and the like, which may be brought by random access of an untrusted terminal, are faced, and different network resources and access permissions need to be configured for different devices or interrupts.
The important link is to identify the type of the equipment or the terminal, and then to formulate a corresponding network access strategy based on different equipment types, so as to realize the process management of the use of the terminal and the network. Therefore, accurate device type identification becomes a first problem for realizing network security admission control.
In the current device type identification, a system type, a manufacturer, and the like which can characterize a device type and are obtained from connection parameters of a device access network are generally used as identification features, and the device type is matched from a preset model according to the identification features. The specific identification process is as follows: extracting feature keywords manually based on service features and service experience according to the equipment information of the known type, and then performing matching detection on the equipment information of the unknown type by using a model to further determine the equipment type. Therefore, the accuracy of establishing the direct relationship identification of the identification model is gradually improved along with the development of the technology, so that how to further efficiently and accurately update the data in the identification model under the condition of fully utilizing the existing equipment type and the information thereof becomes a technical problem to be solved urgently.
Disclosure of Invention
In view of this, the present invention provides a device type identification method and apparatus, which process limited device information of known types to obtain a more accurate identification feature reference library, thereby improving the accuracy of device type identification.
The embodiment of the invention provides the following specific technical scheme:
in one aspect, a device type identification method includes:
extracting first device information of a known device type, and marking a first identification feature of the first device;
associating a first device type with the first identification feature to form a first device identification feature chain;
extracting known second equipment information which is the same as the first equipment in type, and matching the second equipment information with the first identification feature; if the matching is successful, marking the remaining identification features except the first identification feature in the second equipment information in sequence, and adding the marking to the first equipment identification feature chain; if the matching is unsuccessful, associating all the identification features of the second equipment to the first equipment identification feature chain;
processing the equipment information of the same type according to the steps to obtain an identification feature chain of the equipment of the type;
continuously acquiring the information of the equipment with the known type, and constructing an identification feature chain of the equipment with the known type; forming an identification feature reference library by an identification feature chain of the known type equipment;
acquiring information of unknown equipment to be identified, extracting identification features, and sequentially matching the identification features with the identification feature reference library; and if the matching is successful, determining the type of the equipment to be identified according to the equipment type corresponding to the successfully matched identification feature.
Preferably, the first identification feature determination process of the wired or wireless device includes: acquiring specific quantity of equipment information of the same type, dividing the equipment information according to a uniform rule, and determining an identification feature set forming the equipment information; and calculating the occurrence rate of the character strings in the feature set, and marking the identification features of the character strings with the occurrence rate reaching a preset rank as first identification features of the type of equipment. The dividing of the device information according to the unified rule includes: and partitioning according to the components of the equipment information, wherein the components comprise equipment names, manufacturer names, systems and versions, Media Access Control (MAC) addresses and network request parameters.
In another aspect, an apparatus for identifying a device type includes:
the device information acquisition module is used for acquiring device information of a known or unknown type;
the equipment information processing module is used for processing the known or unknown type of equipment information according to a preset processing method, including segmentation and extraction of associated identification features, and storing the processed associated identification features in an identification feature reference library;
the identification characteristic reference library stores equipment type identification reference characteristics;
and the judging module is used for matching the device information of the unknown type with the identification characteristic reference library to determine the type of the device to be identified.
The equipment type identification method and device provided by the technical scheme have the following beneficial effects: firstly, an identification feature reference library with initial data is established according to the equipment information of the medical advice, and then the unknown equipment is identified by matching with the reference library, and meanwhile, the dynamic update of the reference library is kept. That is, the identification of the equipment type depends on the identification characteristic reference library, and the development of the reference library is supplemented by continuous equipment type identification, so that the characteristic data of the reference library is ensured to be in a real-time updating state, and more accurate identification is provided.
Drawings
FIG. 1 is a schematic diagram illustrating a process of establishing a reference library of identification features according to an embodiment of the device type identification method of the present invention;
FIG. 2 is a schematic view of an unknown device type identification process according to an embodiment of the device type identification method of the present invention;
fig. 3 is a block diagram of an embodiment of the device type identifier according to the present invention.
Detailed Description
The technical solution of the present invention will be described in detail below with reference to the accompanying drawings and examples, and the technical terms involved will be explained first.
The MAC address (Media Access Control) of each device is a globally unique identifier assigned to each manufacturer by IEEE, and the first six bits of the MAC address represent the ID of the manufacturer. Thus, the manufacturer or brand of the device may be identified by the first six bits of the unique MAC address.
The DHCP OPTION information is derived from a Dynamic Host Configuration Protocol (DHCP), and is a communication protocol that all devices need to be configured, where the DHCH packet information includes a plurality of values, and DHCP contents represented by each value are different. For example, DHCP OPTION1 characterizes subnet masks, DHCP OPTION6 characterizes domain name servers, DHCPOPTION12 characterizes host names, DHCP OPTION55 characterizes network request parameter lists, DHCP OPTION 60 characterizes vendor class identification information, and so on.
The MAC address and DHCP information may be sent to the server when the device initiates a network connection request. Alternatively, the collection may be performed by active scanning by a dedicated device, such as using Nmap: network scanning and sniffing tools, active discovery devices, scanning ports, sniffing versions and operating systems, MAC addresses, IP addresses, etc.
The dumb terminal refers to a network terminal which cannot be manually controlled to initiate authentication, and common dumb terminals include IP phones, printers and the like.
In a first aspect, a device type identification method establishes an identification feature reference library in advance, processes device information of an unknown device when the unknown device is acquired, extracts identification features in a separated manner, and then compares the extracted identification features with the identification feature reference library to identify the type of the device.
Establishing an identification feature reference library, as shown in fig. 1, specifically including:
extracting first device information of a known device type, and marking a first identification feature of the first device;
associating a first device type with the first identification feature to form a first device identification feature chain;
extracting known second equipment information which is the same as the first equipment in type, and matching the second equipment information with the first identification feature chain; if the matching is successful, marking the remaining identification features except the first identification feature in the second equipment information in sequence, and adding the marking to the first equipment identification feature chain; if the matching is unsuccessful, associating all the identification features of the second equipment to the first equipment identification feature chain;
processing the known equipment information of the same type according to the steps to obtain an identification feature chain of the equipment of the type;
continuously acquiring the information of the equipment with the known type, and constructing an identification feature chain of the equipment with the known type; the chain of identifying features of a known type of device constitutes a library of identifying feature references.
The method for identifying an unknown type of device, as shown in fig. 2, specifically includes:
acquiring information of unknown equipment to be identified, extracting identification features, and sequentially matching the identification features with the identification feature reference library; if the matching is successful, determining the type of the equipment to be identified according to the equipment type corresponding to the successfully matched identification feature;
if the matching is unsuccessful: manually determining the equipment type of the equipment according to the identification characteristics in the equipment information; if the equipment type exists in the identification feature reference library, supplementing the identification feature of the equipment to an identification feature chain of the corresponding equipment type; if the equipment type does not exist in the identification feature reference library, a corresponding identification feature chain is newly established in the feature identification standard library; or marking the equipment as an unknown type and establishing an identification feature chain in the identification feature reference library until the equipment features of the known type are successfully matched with the identification feature chain, and modifying the unknown type of the equipment into a corresponding known type.
Preferably, the device comprises a wired or wireless device with network data receiving/transmitting/forwarding function: wired network equipment, wireless network equipment, a mobile terminal and a dumb terminal; the dumb terminal includes: the system comprises an entrance guard, a UPS host, a Ploycom terminal, an integrated video conference terminal, a printer, an IP phone, a network camera, a POS terminal, a switch, a router, a wireless router and a computer.
Further, the first identification feature determination process of the wired or wireless device includes: acquiring specific quantity of equipment information of the same type, dividing the equipment information according to a uniform rule, and determining an identification feature set forming the equipment information; and calculating the occurrence rate of the character strings in the feature set, and marking the identification features of the character strings with the occurrence rate reaching a preset rank as first identification features of the type of equipment.
The dividing of the device information according to the unified rule includes: and partitioning according to the component parts of the equipment information, wherein the component parts comprise equipment names, manufacturer names, system types, Media Access Control (MAC) addresses and network request parameters.
Preferably, the method comprises the following steps: for the PC terminal, a manufacturer name corresponding to the equipment type, the equipment name and/or the system type and the MAC address is called as an identification feature chain, wherein the equipment name or the system and the version are marked as a first identification feature; for the mobile terminal, a manufacturer name corresponding to the equipment type, the equipment name and the MAC address is called as an identification feature chain, wherein the manufacturer name is marked as a first identification feature; and for the dummy terminal, the device type, the manufacturer name corresponding to the MAC address and the open port are used as an identification feature chain, wherein the manufacturer name corresponding to the MAC address is marked as a first identification feature.
In a second aspect, as shown in fig. 3, the apparatus for identifying a device type includes:
the device information acquisition module is used for acquiring device information of a known or unknown type;
the equipment information processing module is used for processing the known or unknown type of equipment information according to a preset processing method, including segmentation and extraction of associated identification features, and storing the processed associated identification features in an identification feature reference library;
the identification characteristic reference library stores equipment type identification reference characteristics;
and the device type judging module is used for matching the device information of the unknown type with the identification characteristic reference library to determine the type of the device to be identified.
Further developments are described below in connection with the implementation of the embodiments of the invention.
Example one
Establishing a recognition feature reference library:
(1) given that the type of the device a is a PC, device information of the device a is acquired, including information such as a device name, a system type, a manufacturer name, a media access control MAC address, and the like, and the device information may be acquired when a network request is initiated, or may be actively collected by scanning the device.
The device information is communicated according to a certain rule, for example, the information composition and the ordering of the information are specified by a corresponding protocol. Thus separating the information of device a, at least the following information is available:
for example, device name PC-A1, MAC address A0; also as a preferred embodiment, the order of the device information is also sorted in the aforementioned order.
According to empirical statistics, most of default device names of PC-side devices when leaving a factory contain character strings such as "PC", "windows", and the like, that is, the probability of occurrence of the character strings in the device names is high. Therefore, the device name and content "PC" may be marked as the first identification feature of the PC-side type terminal, and other identification features may be sequentially sorted and marked, for example, the device information "MAC address a 0", and the device manufacturer name may be queried from IEEE according to the first six bits of the MAC address, for example, the manufacturer name of a is "dell", so the second identification feature of the device a is marked as "dell".
The device name "PC side" and the identification features "PC", "a 0" are associated to be stored as an identification feature chain of the device a, and the form may be:
"PC end _ PC _ dell",
of course, the separator may be in other forms as long as it can separate character strings representing the identification features.
(2) Acquiring device information of a device B whose device type is also "PC side", for example, obtaining at least the following information: device name PC-B1, MAC address B0. From the first six bits of the MAC address, the device manufacturer name, e.g., manufacturer name of B as "hp", can be queried, so that its first identification feature is "PC" and its second identification feature is "hp".
Matching the identification features of the device B with the identification feature chain of the device a, that is, comparing the identification features in sequence, it can be obtained that the device a and the device B have at least one identical identification feature of "PC", that is, the device names have the same feature. At this time, it can be said that the first identification feature matching of the device B and the device a is successful, and the second identification feature matching is unsuccessful, so that the second identification feature "hp" of the device B is added to the identification feature chain associated with the device a, and the following form of feature chain can be obtained:
"PC terminal _ PC _ dell/hp".
(3) Acquiring device information of a device C whose device type is also "PC side", for example, obtaining at least the following information: device name windows-C1, MAC address C0. From the first six bits of the MAC address, the device manufacturer name can be queried from the IEEE, for example the manufacturer name of C is "hp", so that its first identification feature is "windows" and its second identification feature is "asus".
Similarly, comparing the identification feature chain obtained in step (2), and if there is no identification feature successfully matched between the two, associating the identification feature of the device C into the identification feature chain of step (2), so as to obtain a feature chain of the following form:
"PC terminal _ PC/windows _ dell/hp/asus".
If the device with the known device type of "PC end" is obtained, matching of the identification features and association of the feature chain are performed according to the same method as described above.
After a large number of devices of the same type are matched with each other, more identification features are originally included in the identification feature chain of the devices of the same type, so that a more sufficient matching object is provided for the subsequent matching of unknown devices.
According to the method, the other types of equipment information are processed to obtain the corresponding identification feature chains. It should be noted here that various pieces of known device information may be mixed together to perform analysis processing, and only need to be respectively matched according to respective device types, for example, the device information of the type "PC end" is only matched with the identification feature chain of the "PC end", and the device information of the type "mobile phone end" is also only matched with the identification feature chain of the "mobile phone end".
The device types include wired or wireless devices having a network data receiving/transmitting/forwarding function, such as: a desktop computer of wired network equipment, a notebook computer of wireless network equipment, a mobile terminal mobile phone, a tablet, a dumb terminal and the like; the dumb terminal comprises an entrance guard, a UPS host, a Ploycom terminal, an integrated video conference terminal, a printer, an IP phone, a network camera, a POS terminal, a switch, a router, a wireless router and the like.
As a preferred embodiment, for a PC terminal, a device name or a system type is marked as a first identification feature; for the mobile terminal, marking the manufacturer name corresponding to the MAC address as a first identification characteristic; and for the dummy terminal, marking the manufacturer name corresponding to the MAC address as a first identification characteristic.
For example, a character string (e.g., vivo, honor, meizu, applet, etc.) representing a name of a manufacturer of a mobile phone is used as a first identification feature of a mobile terminal of the mobile phone, and a system and a version (e.g., andriod10.0, andriod4.4.4, ios13.3.1, etc.) thereof are used; a character string (e.g., dahua, hikivisn, etc.) indicating a name of a manufacturer of the camera device is used as a first identification feature of the camera terminal, and an open port number thereof may be used as a second identification feature.
And summarizing the identification feature chains of the known types obtained according to the method to obtain an identification feature reference library for matching of the equipment of the unknown type. Here, in order to improve the matching efficiency, the content of the device identification feature chain and the feature order thereof are predefined, for example, a fixed ID number (for example, device name ID is 1, MAC address ID is 2, etc.) is configured for each identification feature type, and it is only necessary to determine the feature type according to the keyword of the information content and match the content with the feature content of the corresponding ID number in the matching. Meanwhile, the sequence of the features in the feature chain can be determined according to the statistical probability of the features in the type of device information, or determined by integrating the type of device information, and the sequence can be adjusted according to actual statistics. Preferably, a Bayesian theorem formula is used for determining the first recognition feature, namely, the information of each device is divided according to the recognition feature composition of the determined type of the device, then the items to be divided are manually divided to form a training sample set, all the data to be divided are input, and the recognition feature and the training sample can be output; calculating the occurrence frequency of the specific content of each identification feature in the training sample and the conditional probability estimation of each specific content to each identification feature, and recording the result; and continuously inputting the information of the equipment to be recognized into the training model, and outputting the mapping relation between the item to be recognized and the recognition characteristics.
When device information continues to be acquired, two situations can occur: one is to acquire the known type of device information in the identification feature reference library again, and then continue to improve the identification feature chain of the type according to the method; and the other method is to acquire unknown type of equipment information, analyze and separate the unknown equipment information and then match the unknown equipment information with an identification feature reference library.
For example, the information of the unknown type device D is obtained and analyzed, and at least the MAC address D0, the device name D1, the system and version D2, and the open port D3 can be obtained. Analyzing the equipment information of the D to obtain three identification characteristics: d1, D0, D2 and D3, matching the D1 with 'PC/windows', inquiring the name of the manufacturer according to D0, and then matching with 'dell/hp/asus', wherein the device type can be determined only if at least 2 items are successfully matched; and if at least two types are successfully matched and the number of matched features is the same, determining the type with the most continuous matched feature numbers as the type of the device to be identified, for example, successfully matching with the features 1, 2 and 3 in the feature chain of the type 1, and successfully matching with the features 1, 2 and 4 in the feature chain of the type 2, and determining the type of the device to be identified as the type 1 according to the feature sequence determined according to the importance.
And for the equipment with successful type identification, associating the equipment information which is not successfully matched with the equipment with the identification feature chain of the corresponding type of equipment.
For the equipment with the type which is not successfully identified, two processing modes can be provided, wherein one mode is to manually determine the equipment type according to the identification characteristics in the equipment information; if the equipment type exists in the identification feature reference library, supplementing the identification feature of the equipment to an identification feature chain of the corresponding equipment type; if the equipment type does not exist in the identification feature reference library, a corresponding identification feature chain is newly established in the feature identification standard library; and the other method is that the equipment is marked as an unknown type, an identification feature chain is newly established in an identification feature reference library until the equipment features of the known type are successfully matched with the identification feature chain, the unknown type of the equipment is modified into a corresponding known type, and the identification features are combined.
Therefore, the identification of the equipment type depends on the identification characteristic reference library, and the development of the reference library is supplemented by continuous equipment type identification, so that the characteristic data of the reference library is ensured to be in a real-time updating state, and more accurate identification is provided.
Those skilled in the art will appreciate that all or part of the steps in the above embodiments may be implemented by a program to instruct associated hardware to perform the steps, and the program may be stored in a computer readable storage medium, such as: ROM/RAM, magnetic disk, optical disk, etc.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (7)
1. A device type identification method, comprising the steps of:
s11, extracting first equipment information of a known equipment type, and marking a first identification feature of the first equipment;
s12, associating a first equipment type with the first identification feature to form a first equipment identification feature chain;
s13, extracting known second equipment information which is the same as the first equipment in type, and matching the second equipment information with the first identification feature chain; if the matching is successful, marking the remaining identification features except the first identification feature in the second equipment information in sequence, and adding the marking to the first equipment identification feature chain; if the matching is unsuccessful, associating all the identification features of the second equipment to the first equipment identification feature chain;
s14, processing the information of the devices of the same type according to the steps S11 to S13 to obtain an identification feature chain of the devices of the same type;
s15, continuously acquiring the information of the equipment with the known type, and constructing an identification feature chain of the equipment with the known type according to the steps S11 to S14; forming an identification feature reference library by an identification feature chain of the known type equipment;
s16, obtaining information of unknown equipment to be identified, extracting identification features, and sequentially matching the identification features with the identification feature reference library; and if the matching is successful, determining the type of the equipment to be identified according to the equipment type corresponding to the successfully matched identification feature.
2. The identification method of claim 1, wherein the device comprises a wired or wireless device with network data receiving/transmitting/forwarding function: wired network equipment, wireless network equipment, a mobile terminal and a dumb terminal; the dumb terminal includes: the system comprises an entrance guard, a UPS host, a Ploycom terminal, an integrated video conference terminal, a printer, an IP phone, a network camera, a POS terminal, a switch, a router, a wireless router and a computer.
3. The identification method according to claim 2, wherein the first identification feature determination process of the wired or wireless device comprises: acquiring specific quantity of equipment information of the same type, dividing the equipment information according to a uniform rule, and determining an identification feature set forming the equipment information; and calculating the occurrence rate of the character strings in the feature set, and marking the identification features of the character strings with the occurrence rate reaching a preset rank as first identification features of the type of equipment.
4. The identification method according to claim 3, wherein the dividing the device information according to the uniform rule comprises: and partitioning according to the component parts of the equipment information, wherein the component parts comprise equipment names, manufacturer names, system types, Media Access Control (MAC) addresses and network request parameters.
5. The identification method according to claim 4, characterized in that, for the PC terminal, the manufacturer name corresponding to the device type, the device name and/or the system type, and the MAC address is called as the identification feature chain, wherein the device name or the system type is marked as the first identification feature; for the mobile terminal, a manufacturer name corresponding to the equipment type, the equipment name and the MAC address is called as an identification feature chain, wherein the manufacturer name is marked as a first identification feature; and for the dummy terminal, the device type, the manufacturer name corresponding to the MAC address and the open port are used as an identification feature chain, wherein the manufacturer name corresponding to the MAC address is marked as a first identification feature.
6. The identification method according to claim 1, wherein in step S16, if the matching is not successful:
manually determining the equipment type of the equipment according to the identification characteristics in the equipment information; if the equipment type exists in the identification feature reference library, supplementing the identification feature of the equipment to an identification feature chain of the corresponding equipment type;
or marking the equipment as an unknown type and establishing an identification feature chain in the identification feature reference library until the equipment features of the known type are successfully matched with the identification feature chain, and modifying the unknown type of the equipment into a corresponding known type.
7. An apparatus for identifying the type of the device, comprising:
the device information acquisition module is used for acquiring device information of a known or unknown type;
the equipment information processing module is used for processing the known or unknown type of equipment information according to a preset processing method, including segmentation and extraction of associated identification features, and storing the processed associated identification features in an identification feature reference library;
the identification characteristic reference library stores equipment type identification reference characteristics;
and the device type judging module is used for matching the device information of the unknown type with the identification characteristic reference library to determine the type of the device to be identified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010233782.9A CN111625807A (en) | 2020-03-30 | 2020-03-30 | Equipment type identification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010233782.9A CN111625807A (en) | 2020-03-30 | 2020-03-30 | Equipment type identification method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111625807A true CN111625807A (en) | 2020-09-04 |
Family
ID=72271768
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010233782.9A Pending CN111625807A (en) | 2020-03-30 | 2020-03-30 | Equipment type identification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111625807A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112600793A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Internet of things equipment classification and identification method and system based on machine learning |
-
2020
- 2020-03-30 CN CN202010233782.9A patent/CN111625807A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112600793A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Internet of things equipment classification and identification method and system based on machine learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110113345B (en) | Automatic asset discovery method based on flow of Internet of things | |
| CN111565205B (en) | Network attack identification method and device, computer equipment and storage medium | |
| US9503465B2 (en) | Methods and apparatus to identify malicious activity in a network | |
| CN111212053B (en) | Industrial control honeypot-oriented homologous attack analysis method | |
| US9197523B2 (en) | Systems and methods for extracting media from network traffic having unknown protocols | |
| US20100305990A1 (en) | Device classification system | |
| CN113706100B (en) | Real-time detection and identification method and system for Internet of things terminal equipment of power distribution network | |
| EP3972315A1 (en) | Network device identification | |
| CN112733045B (en) | User behavior analysis method and device and electronic equipment | |
| Ammar et al. | Autonomous identification of IoT device types based on a supervised classification | |
| CN105516395A (en) | Network address assignment method and device | |
| CN116956083A (en) | Data processing method and device | |
| CN109347785A (en) | A kind of terminal type recognition methods and device | |
| Valdez et al. | How to discover IoT devices when network traffic is encrypted | |
| CN111625807A (en) | Equipment type identification method and device | |
| CN111148185A (en) | Method and device for establishing user relationship | |
| CN111865724B (en) | Information acquisition control implementation method for video monitoring equipment | |
| CN111031068B (en) | DNS analysis method based on complex network | |
| CN114615015A (en) | Method, device, equipment and medium for determining repair priority of service system | |
| US11528189B1 (en) | Network device identification and categorization using behavioral fingerprints | |
| CN113032089B (en) | Distributed simulation service construction method based on API gateway | |
| CN114629693B (en) | Suspicious broadband account identification method and device | |
| CN115550076B (en) | Method and system for authentication by using domain log | |
| CN114462588B (en) | Training method, system and equipment of neural network model for detecting network intrusion | |
| JP7366690B2 (en) | Equipment type estimation system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |