CN112000852A - Method for establishing local product rule database - Google Patents
Method for establishing local product rule database Download PDFInfo
- Publication number
- CN112000852A CN112000852A CN201910598186.8A CN201910598186A CN112000852A CN 112000852 A CN112000852 A CN 112000852A CN 201910598186 A CN201910598186 A CN 201910598186A CN 112000852 A CN112000852 A CN 112000852A
- Authority
- CN
- China
- Prior art keywords
- product
- product rule
- database
- rule
- rules
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 239000012634 fragment Substances 0.000 claims abstract description 6
- 238000012545 processing Methods 0.000 claims abstract description 3
- 238000012216 screening Methods 0.000 claims description 2
- 238000013507 mapping Methods 0.000 description 7
- 238000005259 measurement Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 2
- 238000012800 visualization Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000000691 measurement method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000007794 visualization technique Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90344—Query processing by using string matching techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/9035—Filtering based on additional data, e.g. user or group profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/9038—Presentation of query results
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/907—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Library & Information Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method for establishing a local product rule database, which comprises the following steps: scanning the open ports of the IP network segment to obtain the original character string information of the product of each port; processing product original character string information of each port to obtain fragment character strings with the same expression in the product original character strings, and defining the fragment character strings as characteristic information of product rules in a manual intervention mode; establishing a product rule corresponding database locally, establishing, modifying or deleting known product rule information in the database, wherein each product rule corresponding record in the database comprises a product rule and characteristic information of the product rule; matching the characteristic information of the classified groups in a database corresponding to the product rules, or matching the original character strings of the products in a database corresponding to the product rules, and giving product rule suggestions by the database corresponding to the product rules according to matching results; and after the product rule corresponding to the specified port is obtained, establishing a local product rule database, and storing the corresponding relation between the product rule and the IP network segment open port. The method of the invention builds the product rule database locally, thereby providing possibility for intuitively providing and displaying the product rules for users.
Description
Technical Field
The invention relates to a method for building a local product rule database, in particular to a method for building a product rule database in a network space mapping process.
Background
Network space mapping is a form of network asset management, and is to scan all or a specific IP network segment to obtain all port information of the IP network segment, wherein the ports of the IP network segment correspond to hardware, and under a part of application scenes, product rules or fingerprint information of the hardware is desired by a user. Therefore, it is necessary to build a product rule database locally, which can provide the user with the product rules specifying the hardware involved in the IP network segment when the user needs to obtain such information.
Hardware products are updated quickly, manufacturers are frequently changed, and in addition, the hardware composition condition of the whole internet is very complex, for example, on the internet, the hardware equipment in the early development stage of the internet and the latest hardware equipment are provided; the hardware devices of the internet are massive, which brings certain difficulty to network space mapping. In summary, it is necessary to build a product rule database locally, so as to solve the problem of knowing the product rule in network space mapping.
CN108769018A discloses a multidimensional and multi-granularity network space security measurement method, which divides a network system into 3 levels according to logic layering, wherein the levels are reliability security, environmental security and vulnerability security; extracting and selecting indexes in the network system according to the three levels, and establishing a network space safety index system by adopting a system engineering principle and an Analytic Hierarchy Process (AHP); performing dimension division on each layer on the basis of a constructed network space safety index system; the reliability security is measured by weak communication dimensionality and strong communication dimensionality, the environment security is measured from two dimensionalities of network assets, service dimensions and asset index change dimensionality, and the vulnerability security is measured from vulnerability dimension and attack graph dimensionality; adding granularity on the basis of the levels and the dimensions, and obtaining the measurement values of each level and each dimension in the range specified by the granularity, wherein the sum of the measurement values is the network space security measurement result. The invention provides a measurement standard for the result of network space mapping, but the implementation of the method firstly needs to master the product rule information of the network space, and on the basis, the network space safety measurement can be accurately carried out.
CN106936637A discloses a panoramic exploration type visualization field of network space situation. Aiming at the problems in the prior art, a visualization method and a visualization device are provided. And performing man-machine interaction through a graphical interface, expressing knowledge represented by the network space basic situation data, the attack situation data and the protection situation data in a visual mode, and capturing the subtle conditions and changes of the concerned key points by a user based on an interactive exploration mode. The evolution law of the network space situation can be found from different angles of different views. The invention also requires first to grasp the product rule information of the network space.
It follows that mastering the production rules of the cyberspace is the basis for cyberspace mapping and subsequent evaluation. The invention provides a building method for building a local product rule database.
Disclosure of Invention
The invention relates to a method for establishing a local product rule database, which comprises the following steps: scanning the open ports of the IP network segment to obtain the original character string information of the product of each port; processing product original character string information of each port to obtain fragment character strings with the same expression in the product original character strings, and defining the fragment character strings as characteristic information of product rules in a manual intervention mode; establishing a product rule corresponding database locally, establishing, modifying or deleting known product rule information in the database, wherein each product rule corresponding record in the database comprises a product rule name and characteristic information of the product rule; screening out product names from all related product original character strings by using a specific regular pattern aiming at suspected product rule names to be grabbed by the system; after the product name is obtained, generating search sentences of product rules in batches according to the rules of the batch of products, establishing a local product rule database, and storing the product rule name and the search sentences related to the product; using the product name, a search statement may be invoked so that data for the product may be further searched.
The process of matching the original character strings of the products in the database corresponding to the product rules comprises the following steps: matching the original character strings of the products with the corresponding records of the product rules in the corresponding database of the product rules one by one; if the matching is successful, quitting the matching and simultaneously giving out the product rule name; if the matching is unsuccessful, continuing to match the corresponding record of the next product rule name; and if all the product rule corresponding records in the product rule corresponding database cannot be matched, the given product rule name is matched but not.
Each product rule corresponding record of the local product rule corresponding database at least comprises a product rule and characteristic information of the product rule; if the product rule changes, maintaining the database in a manual intervention mode, and corresponding the changed product rule with the characteristic information of the product rule; if the corresponding relation between the product rule and the characteristic information of the product rule changes, a new product rule corresponding record of the product rule and the characteristic information of the product rule is established in a manual intervention mode, or the characteristic information of the product rule is added into the existing product rule corresponding record.
After maintaining the database corresponding to the local product rule, automatically updating the product rule database; the updating mode is to maintain each record in the product rule database by using the maintained corresponding record of the product rule.
The content of the product rule stored in the local product rule database comprises ip related information including ip, ip longitude and latitude, asn, the country of the local product rule database, province and the like, and the information is recorded before the rule is automatically acquired.
The method for maintaining each record in the product rule database is that firstly, the product rules are in one-to-one correspondence with the classification groups, and when the product rules of the IP network segment open ports need to be displayed, the product rule information of the IP network segment open ports is obtained from the classification groups.
After the local product rule database is established, when the search engine calls the local product rule database, the search statement of the product rule in the local product rule database is provided to the search engine according to the instruction of the search engine.
The local product rule database is a distributed architecture.
The invention has the beneficial effects that:
1) the invention can provide product rules for users by establishing a local product rule database;
2) the invention can reduce the time for the product rule to correspond to the original character string of the product which represents the product rule by establishing the product rule corresponding database, and effectively reduces the time for marking the product rule under the condition of larger IP network segment, even IP full network segment.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
Referring to fig. 1, a flow chart of the method of the present invention is shown, and in the process of network space mapping, product rules of hardware need to be known. The product rules can also be called fingerprints, and usually, the product rules are recorded item by item, so that the process of recording the product rules is very complicated, and a large amount of manpower is consumed. In fact, the product rules are regular, for example, a website such as a string containing "var product name …" is followed by huacheng products; for another example, the common feature of the CLX printer of Samsung is that the header contains the Samsung CLX character string, so that information can be collected according to the rule, and the product names of the CLX series of Samsung can be collected. Further example is the page containing location. The logo affSubmit is a printer of a certain series in Xiapu, and can analyze which related product names exist by acquiring all data containing the character string; for another example, the firewall of Netgear includes class ═ forBgsH1 and Netgear in the pages, and the collection of these pages can analyze the product name of Netgear in the series. The system can collect data according to such rules and then analyze the data, thus collecting the rule name.
Referring to the flowchart of fig. 1, firstly, an open port of an IP network segment is scanned to obtain original character string information of a product at each port; for example, the website contains a character string "var productname …", and by identifying the character string, "var productname …" can be found; the string containing "varproductname." is a series of products, and the product name "follows the product name, at this time, the product name of each page is matched out by regular matching, so that the product names of all the rules are obtained, and according to the rule, a specific product rule can be automatically generated, for example, var productname" HG8245D ", so that the product rule name is HG 8245D.
The method comprises the steps of establishing a product rule corresponding database locally, manually marking characteristic information similar to 'var product name …', and establishing a product rule corresponding record in the database by using the characteristic information, wherein the product rule corresponding record comprises a product rule and the characteristic information of the product rule. The number of records in the database is increasing, newly generated hardware needs to be updated, and the database needs to be maintained after new characteristic information is identified.
Matching the information obtained by scanning according to the regular matching with the information obtained by scanning of the IP network segment to obtain the name of a suspected product, and giving a product rule suggestion by a database corresponding to the product rule according to the matching result; the product rules can be directly added into the product rule database according to the product rule suggestions, or can be added into the product rule database after manual intervention according to the suggestions. Of course, the original character strings of the product can also be directly matched in the database corresponding to the product rules, and the database corresponding to the product rules provides the product rule suggestions according to the matching results; the product rules can be directly added into the product rule database according to the product rule suggestions, or can be added into the product rule database after manual intervention according to the suggestions. Predetermining a database structure of a local product rule database, wherein the database defines various attribute field information, and the product rule is used for recording search sentences for searching products in the database; when a user searches the product, the name of the product is directly input, the database corresponds to a search statement for searching the product, and corresponding product data is found out through the search statement. Thus, a local product rule database is established. After the local product rule database is established, a fola search engine is used for searching products by using rule names (natural language) of product rules or establishing other search vocabularies, so that information of the products, including IP, ports, unknown geography where IP is located, asn numbers, product banner information and the like, can be obtained, and then the information can be displayed to a user through an interface.
In the invention, the feature information of the classification group needs to be matched in the database corresponding to the product rule. The matching mode is that the characteristic information is matched with the product rule corresponding records in the product rule corresponding database one by one; if the matching can be successful, quitting the matching, simultaneously giving out a product rule suggestion, and automatically or manually adding the product rule suggestion to the database after the matching; and if the matching is unsuccessful, continuing to match the corresponding record of the next product rule until the matching result is achieved. And if all the product rule corresponding records in the database corresponding to the product rules cannot be matched, the product rule matching is not successful. At this time, manual intervention is needed, and a new product rule is given for the situation that the matching cannot be carried out.
Each product rule corresponding record of the local product rule corresponding database at least comprises a product rule and characteristic information of the product rule; when the big data method finds that the characteristic information of the classification group does not correspond to the product rule corresponding record in the local product rule corresponding database, determining a product rule for the characteristic information in a manual intervention mode, and adding the product rule and the characteristic information into the local product rule corresponding database to serve as a newly added product rule corresponding record in the local product rule corresponding database; if the product rule changes, maintaining the database in a manual intervention mode, and corresponding the changed product rule with the characteristic information of the product rule; if the corresponding relation between the product rule and the characteristic information of the product rule changes, a new product rule corresponding record of the product rule and the characteristic information of the product rule is established in a manual intervention mode, or the characteristic information of the product rule is added into the existing product rule corresponding record. For example, feature information similar to "varproductname …" is recorded in the database, and if other feature information is found later and has a similar rule to the above feature information, a similar product rule may be set for the other feature information.
Characteristic information, such as "var product name …," may be maintained through manual intervention and the product rules database updated. The local product rule database stores product rules which correspond to the IP network segment open ports one by one; wherein, the one-by-one correspondence is that the product rules are in one-to-one correspondence with the open ports of the IP network segments. The method of one-by-one correspondence does not need to establish a grouping correspondence table, updating needs to be performed one-by-one, although the database is extremely huge, the database is established in such a way because the product features are updated rarely.
After the local product rule database is established, when the search engine calls the local product rule database, the product rules and the IP network segment open port information in the local product rule database are provided to the search engine according to the instruction of the search engine. For example, the characteristic information like "var product name …" is followed by hua-qi product rules, and when searching for hua-qi specific products in the search engine, interface presentation may be performed according to IP network segments, or product types, etc.
The foregoing is a more detailed description of the present invention in connection with specific preferred embodiments and is not intended to limit the practice of the invention to these embodiments. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (9)
1. A method for building a local product rule database comprises the following steps:
scanning the open ports of the IP network segment to obtain the original character string information of the product of each port;
processing product original character string information of each port to obtain fragment character strings with the same expression in the product original character strings, and defining the fragment character strings as characteristic information of product rules in a manual intervention mode;
establishing a product rule corresponding database locally, establishing, modifying or deleting known product rule information in the database, wherein each product rule corresponding record in the database comprises a product rule name and characteristic information of the product rule;
screening out product names from all related product original character strings by using a specific regular pattern aiming at suspected product rule names to be grabbed by the system; after the product name is obtained, generating search sentences of product rules in batches according to the rules of the batch of products, establishing a local product rule database, and storing the product rule name and the search sentences related to the product; and calling a search statement by using the product name so as to further search the data of the obtained product.
2. The method of claim 1, wherein:
the process of matching the original character strings of the products in the database corresponding to the product rules comprises the following steps:
matching the original character strings of the products with the corresponding records of the product rules in the corresponding database of the product rules one by one; if the matching is successful, quitting the matching and simultaneously giving out the product rule name; if the matching is unsuccessful, continuing to match the corresponding record of the next product rule name; and if all the product rule corresponding records in the product rule corresponding database cannot be matched, the given product rule name is matched but not.
3. The method of claim 1, wherein:
each product rule corresponding record of the local product rule corresponding database at least comprises a product rule and characteristic information of the product rule; if the product rule changes, maintaining the database in a manual intervention mode, and corresponding the changed product rule with the characteristic information of the product rule;
if the corresponding relation between the product rule and the characteristic information of the product rule changes, a new product rule corresponding record of the product rule and the characteristic information of the product rule is established in a manual intervention mode, or the characteristic information of the product rule is added into the existing product rule corresponding record.
4. The method of claim 1, wherein: after maintaining the database corresponding to the local product rule, automatically updating the product rule database; the updating mode is to maintain each record in the product rule database by using the maintained corresponding record of the product rule.
5. The method of claim 1, wherein: the local product rule database stores the content of the product rule including IP related information.
6. The method of claim 5, wherein: the IP related information comprises IP, IP longitude and latitude, asn, the country of the IP, province and the like.
7. The method of claim 1, wherein: the method for maintaining each record in the product rule database is that firstly, the product rules are in one-to-one correspondence with the classification groups, and when the product rules of the IP network segment open ports need to be displayed, the product rule information of the IP network segment open ports is obtained from the classification groups.
8. The method of claim 1, wherein:
after the local product rule database is established, when the search engine calls the local product rule database, the search statement of the product rule in the local product rule database is provided to the search engine according to the instruction of the search engine.
9. The method of claim 1, wherein:
the local product rule database is a distributed architecture.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910444156 | 2019-05-27 | ||
CN2019104441561 | 2019-05-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112000852A true CN112000852A (en) | 2020-11-27 |
Family
ID=73461342
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910598186.8A Pending CN112000852A (en) | 2019-05-27 | 2019-07-04 | Method for establishing local product rule database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112000852A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060242401A1 (en) * | 2005-04-22 | 2006-10-26 | Digi International Inc. | Recognition of devices connected to a console server |
CN107426166A (en) * | 2017-05-17 | 2017-12-01 | 北京启明星辰信息安全技术有限公司 | A kind of acquisition methods of information, device and electronic equipment |
CN108418727A (en) * | 2018-01-26 | 2018-08-17 | 中国科学院信息工程研究所 | A kind of method and system of detection network equipment |
-
2019
- 2019-07-04 CN CN201910598186.8A patent/CN112000852A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060242401A1 (en) * | 2005-04-22 | 2006-10-26 | Digi International Inc. | Recognition of devices connected to a console server |
CN107426166A (en) * | 2017-05-17 | 2017-12-01 | 北京启明星辰信息安全技术有限公司 | A kind of acquisition methods of information, device and electronic equipment |
CN108418727A (en) * | 2018-01-26 | 2018-08-17 | 中国科学院信息工程研究所 | A kind of method and system of detection network equipment |
Non-Patent Citations (1)
Title |
---|
邹宇驰 等: "基于搜索的物联网设备识别框架", 信息安全学报, vol. 3, no. 04, 15 July 2018 (2018-07-15) * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109948911B (en) | Evaluation method for calculating network product information security risk | |
CN104737166B (en) | Data lineage system | |
US8112401B2 (en) | Analyzing externally generated documents in document management system | |
CN110688456A (en) | Vulnerability knowledge base construction method based on knowledge graph | |
US20020055919A1 (en) | Method and system for gathering, organizing, and displaying information from data searches | |
CN109635120A (en) | Construction method, device and the storage medium of knowledge mapping | |
US20040083422A1 (en) | System and method for automatically generating patent analysis reports | |
CN109656954A (en) | Trade mark inquiry method, apparatus and computer equipment | |
CN113360566A (en) | Information content monitoring method and system | |
CN117539893A (en) | Data processing method, medium, device and computing equipment | |
CN115687787A (en) | Industry policy target group portrait construction method, system and storage medium | |
CN117474724A (en) | Chinese privacy automatic compliance detection method and related equipment | |
CN113407678B (en) | Knowledge graph construction method, device and equipment | |
US20040078361A1 (en) | System and method for analyzing patent families | |
CN110851630A (en) | Management system and method for deep learning labeled samples | |
US9595071B2 (en) | Document identification and inspection system, document identification and inspection method, and document identification and inspection program | |
US20010025277A1 (en) | Categorisation of data entities | |
CN117171650A (en) | Document data processing method, system and medium based on web crawler technology | |
Richter et al. | HeidelPlace: An extensible framework for geoparsing | |
CN112000852A (en) | Method for establishing local product rule database | |
US12099551B2 (en) | Information search system | |
CN109783455B (en) | Large-scale data-based management method, system and storage device | |
CN112100670A (en) | Big data based privacy data grading protection method | |
CN112733186A (en) | User privacy data analysis method and device | |
CN117473074B (en) | Judicial case intelligent information matching system and method based on artificial intelligence |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |