CN112637159A - Network asset scanning method, device and equipment based on active detection technology - Google Patents
Network asset scanning method, device and equipment based on active detection technology Download PDFInfo
- Publication number
- CN112637159A CN112637159A CN202011466117.0A CN202011466117A CN112637159A CN 112637159 A CN112637159 A CN 112637159A CN 202011466117 A CN202011466117 A CN 202011466117A CN 112637159 A CN112637159 A CN 112637159A
- Authority
- CN
- China
- Prior art keywords
- asset
- network
- assets
- scanning
- ports
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000005516 engineering process Methods 0.000 title claims abstract description 34
- 238000001514 detection method Methods 0.000 title claims abstract description 24
- 238000004590 computer program Methods 0.000 claims description 10
- 238000013515 script Methods 0.000 claims description 4
- 230000000694 effects Effects 0.000 abstract description 2
- 238000012423 maintenance Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000001914 filtration Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The application discloses a network asset scanning method based on an active detection technology, which can determine network assets to be scanned; scanning a plurality of ports of the network assets at the same time to obtain asset information of the network assets; carrying out vulnerability scanning on the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities. Therefore, the method can automatically discover assets in the network, remarkably improve asset scanning efficiency, discover vulnerabilities of the assets in time, avoid loss caused by the vulnerabilities and achieve effective management of the network assets. In addition, the application also provides a network asset scanning device, equipment and a readable storage medium based on the active detection technology, and the technical effect of the network asset scanning device corresponds to the method.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for scanning a network asset based on an active probing technique.
Background
Most asset management systems were designed and deployed decades ago, and as a result they tend to lack the basic asset discovery and management functions in IT networks. Unlike the highly evolved IT networking world, most businesses often rely on manual processes, annotations, and spreadsheets, and automated discovery solutions and advanced asset management practices are less than perfect.
Because network deployments tend to be accompanied by recorded changes to the original design, relying on the original blueprint is spectrum-independent. Many enterprise systems manage assets with cluttered information that makes it difficult to obtain a complete view of their own assets, and tracking changes to these assets becomes more difficult. Automated asset discovery is critical to securing these networks, such as discovering new assets just deployed, or retired old assets, helping to prioritize security work.
In recent years, with diversification of enterprise services and increase of various supporting platforms and information management systems, network scale is continuously enlarged, network assets are more and more complex, and coordination difficulty between information security management departments and service departments is increasingly prominent. Often, it is necessary to card and check assets such as hosts or application systems within a certain range. If the enterprise assets are huge in quantity, the implementation difficulty is very large and the efficiency is very low based on manual statistics.
Disclosure of Invention
The application aims to provide a network asset scanning method, a device, equipment and a readable storage medium based on an active detection technology, which are used for solving the problems that the discovery of the network assets is mainly realized manually and the efficiency is low at present.
In a first aspect, the present application provides a network asset scanning method based on an active probing technique, including:
determining network assets to be scanned;
scanning a plurality of ports of the network assets at the same time to obtain asset information of the network assets;
carrying out vulnerability scanning on the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities.
Preferably, the determining the network assets to be scanned includes:
determining network assets to be scanned according to an asset list imported by a user;
alternatively, the first and second electrodes may be,
and carrying out asset identification on a preset network range to obtain the network asset to be scanned, wherein the preset network range is an IP address range and/or a domain name set.
Preferably, the network assets include any one or more of: domain name assets, web assets, and host assets.
Preferably, the simultaneously scanning the plurality of ports of the network asset to obtain the asset information of the network asset includes:
when the network assets are domain name assets, scanning a plurality of ports of the domain name assets at the same time to obtain asset information of the domain name assets, wherein the asset information of the domain name assets comprises any one or more of the following items: domain name, resolution state, fingerprint, whois expiration time, ICP docket number, docket subject, registrant, asset source;
when the network asset is a web asset, scanning a plurality of ports of the web asset simultaneously to obtain asset information of the web asset, wherein the asset information of the web asset comprises any one or more of the following items: whether the system name, URL, status code, asset source, fingerprint, corresponding IP and access status are normal or not;
when the network asset is a host asset, simultaneously scanning a plurality of ports of the host asset to obtain asset information of the host asset, wherein the asset information of the host asset comprises any one or more of the following items: host IP, whether online, hardware vendor, operating system, fingerprint, port service, operator, location, asset source.
Preferably, the method further comprises the following steps:
and when the network assets are host assets, acquiring the MAC addresses of the host assets by using the target scripts, and storing the MAC addresses as the asset information of the host assets.
Preferably, the simultaneously scanning the plurality of ports of the network asset to obtain the asset information of the network asset includes:
periodically scanning a plurality of ports of the network asset simultaneously to obtain asset information of the network asset;
and updating real-time data of the target database according to the asset information of the network assets.
Preferably, after the determining the network assets to be scanned, the method further includes:
and setting the authority of the network assets.
In a second aspect, the present application provides a network asset scanning apparatus based on active probing technology, including:
an asset determination module: for determining network assets to be scanned;
an asset scanning module: the system comprises a plurality of ports, a network asset management server and a plurality of network assets, wherein the ports are used for scanning the network assets simultaneously to obtain asset information of the network assets;
vulnerability scanning module: the vulnerability scanning module is used for carrying out vulnerability scanning on the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities.
In a third aspect, the present application provides a network asset scanning device based on active probing technology, including:
a memory: for storing a computer program;
a processor: for executing the computer program to implement the network asset scanning method based on active probing technology as described above.
In a fourth aspect, the present application provides a readable storage medium having stored thereon a computer program for implementing the network asset scanning method based on active probing technique as described above when the computer program is executed by a processor.
The application provides a network asset scanning method based on an active detection technology, which comprises the following steps: determining network assets to be scanned; scanning a plurality of ports of the network assets at the same time to obtain asset information of the network assets; carrying out vulnerability scanning on the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities. Therefore, the method can automatically find assets in the network, remarkably improves asset scanning efficiency, finds the vulnerability of the assets in time, avoids loss caused by the vulnerability, and realizes effective management of the network assets.
In addition, the application also provides a network asset scanning device, equipment and a readable storage medium based on the active detection technology, and the technical effect of the network asset scanning device corresponds to the method, which is not described herein again.
Drawings
For a clearer explanation of the embodiments or technical solutions of the prior art of the present application, the drawings needed for the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a first embodiment of a network asset scanning method based on active probing technology provided in the present application;
fig. 2 is a schematic process diagram of a second embodiment of a network asset scanning method based on active probing technology according to the present application;
FIG. 3 is a functional block diagram of an embodiment of a network asset scanning apparatus based on active probing technology provided in the present application;
fig. 4 is a schematic structural diagram of an embodiment of a network asset scanning device based on an active probing technique according to the present application.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
With the rapid popularization of network technology, a great deal of diversified network assets provide great convenience for production and life of people, and simultaneously challenge the safety management of the people. Accurate and comprehensive detection of network assets is a precondition for realizing effective management of the network assets and is also a basis for threat analysis.
The core of the application is to provide a network asset scanning method, a device, equipment and a readable storage medium based on an active detection technology, which can automatically discover assets in a network, remarkably improve asset scanning efficiency, discover vulnerabilities of the assets in time, avoid loss caused by the vulnerabilities and realize effective management of the network assets. By adopting a novel active detection technology, the pain point problem of a user is solved, the time cost of operation and maintenance personnel is reduced, and the operation and maintenance personnel pay more attention to the safety of the service. Of course, asset discovery may also help users learn about the risk issues of the assets themselves in real time.
In the following, a first embodiment of a network asset scanning method based on an active detection technology provided by the present application is introduced, where the active detection technology mentioned in the present application refers to a technology that adds an active and periodic asset discovery function based on an original function of the detection technology.
Referring to fig. 1, an embodiment includes the following steps:
s101, determining network assets to be scanned.
Specifically, the present embodiment provides two ways to determine the network assets to be scanned:
in the first mode, a user automatically imports an asset list, and the system determines the network assets to be scanned according to the asset list.
And in the second mode, the user sets a preset network range, the system identifies the assets of the preset network range, and quickly discovers the network assets accessed to the network to obtain the network assets to be scanned. The preset network range may be an IP address range, a domain name set, or even a unit name, a unit keyword, or the like.
S102, scanning the plurality of ports of the network assets at the same time to obtain asset information of the network assets.
Specifically, the network assets in this embodiment include any one or more of the following: domain name assets, web assets, and host assets.
When the scanned network assets are domain name assets, simultaneously scanning a plurality of ports of the domain name assets to obtain the asset information of the domain name assets, wherein the asset information of the domain name assets comprises any one or more of the following items: domain name, resolution status, fingerprint, whois expiration time, ICP docket number, docket subject, registrar, asset source.
When the scanned network assets are web assets, simultaneously scanning a plurality of ports of the web assets to obtain asset information of the web assets, wherein the asset information of the web assets comprises any one or more of the following items: system name, URL, status code, asset source, fingerprint, corresponding IP, access status is normal.
When the scanned network assets are host assets, simultaneously scanning a plurality of ports of the host assets to obtain asset information of the host assets, wherein the asset information of the host assets comprises any one or more of the following items: host IP, whether online, hardware vendor, operating system, fingerprint, port service, operator, location, asset source.
In addition, when the network assets are host assets, the MAC addresses of the host assets are obtained by using the target scripts, and then the MAC addresses are used as the asset information of the host assets to be stored together.
In practical application, a scanning strategy can be set for each type of network assets respectively, and asset information required to be collected by each type of network assets is described in the scanning strategy.
Furthermore, trigger conditions for the scanning process may also be set. In practical application, the network assets can be periodically scanned, and after scanning is completed each time, the scanned asset information is stored in the database, so that the aim of updating the database in time is fulfilled, and the database is ensured to always contain the latest asset information for reference of operation and maintenance personnel.
S103, scanning the vulnerability of the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities.
Specifically, the trigger condition of the vulnerability scanning process may be set in advance, including but not limited to periodically performing vulnerability scanning. Alarm strategies, such as alarm modes, notifiers, etc., can also be set in advance.
The network asset scanning method based on the active detection technology provided by the embodiment can accurately and quickly master asset information and changes thereof in an all-round manner, remarkably improve accuracy of network risk and vulnerability assessment of assets, improve mastery conditions and quick processing capability of asset vulnerabilities, better manage assets, find faults, even prevent faults from occurring, quickly respond to processing faults and the like, and provide favorable conditions and good guarantee.
The following description starts to describe in detail an embodiment two of a network asset scanning method based on an active probing technique according to the present application. Embodiment two is implemented based on a network asset scanning system, as shown in fig. 2, the system includes two system components:
an asset management platform: the system is used for issuing an asset detection request through the kafka platform and managing the detected asset.
An asset detection engine: the system is used for detecting the assets according to the unit name keywords, the IP/IP section and the website main domain name and transmitting the asset detection result to the asset management platform through the kafka platform.
The asset detection engine further comprises: an asset discovery module and an asset risk discovery module.
The asset discovery module can scan and detect three types of network assets (domain name assets, web assets and host assets), perform classified management on the three types of network assets, and embody departments to which the assets belong, asset managers and the like.
The asset risk discovery module can periodically perform missing scanning on network assets, and can discover host risks, web risks and the like. The periodic missed scan allows custom configuration, can generate a timing task, execute the missed scan operation at a timing, and can manually perform single or batch risk reinspection.
In practical applications, the network asset scanning system may include one or more of the following modules:
a data filtering module: and matching the original data acquired by the asset detection engine according to an acquisition strategy, and filtering redundant data.
And a notification alarm module: and customizing notification information, a notification mode, a notifier and the like, and sending the asset risk early warning notification at regular time.
A safety reporting module: the platform can be accessed to a three-party platform to report the discovered risks.
The MAC address collection module: and compiling script files through an arpscan program, respectively detecting the MAC addresses of the IP sections in Linux and Windows, generating TXT documents named by IP by the detected MAC addresses, and importing the TXT documents into a system.
In a specific embodiment, the asset identification technology is called circularly to perform scanning detection on the asset, and the attributes which can sense the change of the asset comprise: operating system type and version, application component type and version, database type and version, port, service, operating system and version, etc. And for the confirmed assets, the attributes of the assets are stored in the asset library, and the asset library is updated regularly or in real time, so that the attribute information in the asset library is ensured to be up-to-date.
When detecting the domain name asset, the ICP domain name and the WHIOS domain name can be detected according to the unit name, the detected domain name is put in storage, and the expanded sub-domain name is detected according to the domain name.
As a specific implementation manner, whether there is a cname is resolved according to the domain name, if there is a cname, cdn is resolved according to the cname, if cdn is determined, the domain name information is saved, otherwise, the domain name multi-path resolution IP data is determined, and cdn determination is performed in other manners. Specifically, if the number of analyzed IPs is greater than 15, it is determined to be cdn, and if the number of analyzed IPs is less than 3, it is determined not to be cdn, and it is cdn, it is discarded.
As a specific implementation mode, the operating system can be scanned by adopting an nmap multithreading mode according to the IP range, and if the IP number is more than 10 and the parameter is too long, the parameter adopts a file mode. Or, the IP ping can be scanned by using the massscan first, and the scanning port can be directly scanned by the operating system.
As a preferred implementation manner, the asset management platform of this embodiment can set permissions for the detected network assets to distinguish the operation permission levels of different network assets.
Therefore, according to the network asset scanning method based on the active detection technology provided by the embodiment, a user can import assets by himself, and also can actively detect the network assets according to unit name keywords, IP/IP sections, website main domain names and the like, so as to automatically discover equipment in a network, and also can periodically and simultaneously detect a plurality of ports of the equipment, so that the information collection efficiency is improved, and detected and identified asset information is stored in a database. And the authority classification management can be carried out on the detected assets, and the risks of the assets can be notified and early warned in time. The network asset detection can be accurately and comprehensively carried out, and the effective management of the network assets is realized.
The embodiment brings great changes to the work of the maintenance department, can bring greater improvement to the maintenance work, and is the basis for accelerating fault diagnosis and work establishment. The method is beneficial to the asset management personnel to master the full life cycle information of all assets in a row globally, thereby enhancing the utilization rate of the assets and avoiding repeated investment and unnecessary waste. And moreover, the assets of the enterprise can be detected more quickly and accurately, and the effective management of the network assets is realized. The cost of traditional asset management is saved to a great extent, the vulnerability of the assets is discovered in time, and the loss caused by the vulnerability is avoided. The fixed asset management system is combined with the management of monitoring, operation and maintenance and the like, the traditional passive asset maintenance mode of asset personnel is changed, faults can be found in time and even prevented from occurring, and the quick response processing can be realized, so that the effectiveness and the availability of enterprise assets are improved.
In the following, a network asset scanning apparatus based on an active probing technique provided by an embodiment of the present application is introduced, and a network asset scanning apparatus based on an active probing technique described below and a network asset scanning method based on an active probing technique described above may be referred to correspondingly.
As shown in fig. 3, the network asset scanning apparatus based on active probing technology of this embodiment includes:
asset determination module 301: for determining network assets to be scanned;
asset scanning module 302: the system comprises a plurality of ports, a network asset management server and a plurality of network assets, wherein the ports are used for scanning the network assets simultaneously to obtain asset information of the network assets;
vulnerability scanning module 303: the vulnerability scanning module is used for carrying out vulnerability scanning on the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities.
The network asset scanning device based on the active probing technology of this embodiment is used to implement the aforementioned network asset scanning method based on the active probing technology, and therefore, the specific implementation manner of this device can be seen in the foregoing embodiments of the network asset scanning method based on the active probing technology, for example, the asset determination module 301, the asset scanning module 302, and the vulnerability scanning module 303 are respectively used to implement steps S101, S102, and S103 in the aforementioned network asset scanning method based on the active probing technology. Therefore, specific embodiments thereof may be referred to in the description of the corresponding respective partial embodiments, and will not be described herein.
In addition, since the network asset scanning apparatus based on the active probing technique of this embodiment is used to implement the network asset scanning method based on the active probing technique, the function thereof corresponds to the function of the method described above, and is not described herein again.
In addition, the present application further provides a network asset scanning device based on active probing technology, as shown in fig. 4, including:
the memory 100: for storing a computer program;
the processor 200: for executing the computer program to implement the network asset scanning method based on active probing technique as described above.
Finally, the present application provides a readable storage medium having stored thereon a computer program for implementing the method for network asset scanning based on active probing technique as described above when executed by a processor.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above detailed descriptions of the solutions provided in the present application, and the specific examples applied herein are set forth to explain the principles and implementations of the present application, and the above descriptions of the examples are only used to help understand the method and its core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A network asset scanning method based on active detection technology is characterized by comprising the following steps:
determining network assets to be scanned;
scanning a plurality of ports of the network assets at the same time to obtain asset information of the network assets;
carrying out vulnerability scanning on the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities.
2. The method of claim 1, wherein the determining network assets to scan comprises:
determining network assets to be scanned according to an asset list imported by a user;
alternatively, the first and second electrodes may be,
and carrying out asset identification on a preset network range to obtain the network asset to be scanned, wherein the preset network range is an IP address range and/or a domain name set.
3. The method of claim 1, wherein the network assets comprise any one or more of: domain name assets, web assets, and host assets.
4. The method of claim 3, wherein said scanning a plurality of ports of the network asset simultaneously for asset information of the network asset comprises:
when the network assets are domain name assets, scanning a plurality of ports of the domain name assets at the same time to obtain asset information of the domain name assets, wherein the asset information of the domain name assets comprises any one or more of the following items: domain name, resolution state, fingerprint, whois expiration time, ICP docket number, docket subject, registrant, asset source;
when the network asset is a web asset, scanning a plurality of ports of the web asset simultaneously to obtain asset information of the web asset, wherein the asset information of the web asset comprises any one or more of the following items: whether the system name, URL, status code, asset source, fingerprint, corresponding IP and access status are normal or not;
when the network asset is a host asset, simultaneously scanning a plurality of ports of the host asset to obtain asset information of the host asset, wherein the asset information of the host asset comprises any one or more of the following items: host IP, whether online, hardware vendor, operating system, fingerprint, port service, operator, location, asset source.
5. The method of claim 4, further comprising:
and when the network assets are host assets, acquiring the MAC addresses of the host assets by using the target scripts, and storing the MAC addresses as the asset information of the host assets.
6. The method of claim 1, wherein said scanning a plurality of ports of the network asset simultaneously for asset information of the network asset comprises:
periodically scanning a plurality of ports of the network asset simultaneously to obtain asset information of the network asset;
and updating real-time data of the target database according to the asset information of the network assets.
7. The method of any of claims 1-6, further comprising, after the determining the network assets to scan:
and setting the authority of the network assets.
8. A network asset scanning device based on active detection technology is characterized by comprising:
an asset determination module: for determining network assets to be scanned;
an asset scanning module: the system comprises a plurality of ports, a network asset management server and a plurality of network assets, wherein the ports are used for scanning the network assets simultaneously to obtain asset information of the network assets;
vulnerability scanning module: the vulnerability scanning module is used for carrying out vulnerability scanning on the network assets to obtain vulnerability scanning results of the network assets; and informing and alarming the network assets with the vulnerabilities.
9. A network asset scanning device based on active probing technology, comprising:
a memory: for storing a computer program;
a processor: for executing the computer program for implementing the method for network asset scanning based on active probing technique according to any of claims 1-7.
10. A readable storage medium, having stored thereon a computer program for implementing an active probing technology based network asset scanning method according to any of claims 1-7 when being executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011466117.0A CN112637159A (en) | 2020-12-14 | 2020-12-14 | Network asset scanning method, device and equipment based on active detection technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011466117.0A CN112637159A (en) | 2020-12-14 | 2020-12-14 | Network asset scanning method, device and equipment based on active detection technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112637159A true CN112637159A (en) | 2021-04-09 |
Family
ID=75312624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011466117.0A Pending CN112637159A (en) | 2020-12-14 | 2020-12-14 | Network asset scanning method, device and equipment based on active detection technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112637159A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113239360A (en) * | 2021-04-30 | 2021-08-10 | 杭州安恒信息技术股份有限公司 | Network asset management method based on machine learning and related components |
| CN113326514A (en) * | 2021-07-30 | 2021-08-31 | 紫光恒越技术有限公司 | Risk assessment method and device for network assets, switch, equipment and server |
| CN113422759A (en) * | 2021-06-10 | 2021-09-21 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, electronic device and storage medium |
| CN113472588A (en) * | 2021-07-13 | 2021-10-01 | 杭州安恒信息技术股份有限公司 | Network asset detection method and device, electronic device and storage medium |
| CN113542270A (en) * | 2021-07-14 | 2021-10-22 | 山东林天信息科技有限责任公司 | Internet asset fingerprint rapid detection method and system |
| CN113742629A (en) * | 2021-09-14 | 2021-12-03 | 杭州安恒信息技术股份有限公司 | Daily information security check method and device for internet data center |
| CN114124913A (en) * | 2021-09-24 | 2022-03-01 | 绿盟科技集团股份有限公司 | Method and device for monitoring network asset change and electronic equipment |
| CN114257530A (en) * | 2021-11-29 | 2022-03-29 | 中国联合网络通信集团有限公司 | Network asset mapping method, device, equipment and storage medium |
| CN114363058A (en) * | 2021-12-31 | 2022-04-15 | 深信服科技股份有限公司 | Equipment detection method, device and related equipment |
| CN114448829A (en) * | 2022-01-18 | 2022-05-06 | 五凌电力有限公司 | Industrial control network asset detection device and detection method thereof |
| CN114584486A (en) * | 2022-02-23 | 2022-06-03 | 滨州东方地毯有限公司 | Distributed network asset scanning detection platform and scanning detection method |
| CN115361358A (en) * | 2022-08-19 | 2022-11-18 | 山石网科通信技术股份有限公司 | IP extraction method, device, storage medium and electronic device |
| CN116094851A (en) * | 2023-04-11 | 2023-05-09 | 北京安博通科技股份有限公司 | Method, device, equipment and storage medium for repairing enterprise network loopholes |
| CN116305154A (en) * | 2023-03-08 | 2023-06-23 | 北京航天驭星科技有限公司 | Vulnerability management method of satellite measurement and control software and related equipment |
| CN116915451A (en) * | 2023-06-30 | 2023-10-20 | 上海螣龙科技有限公司 | Network asset scanning system and method based on custom strategy |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130275574A1 (en) * | 2012-04-11 | 2013-10-17 | Mcafee, Inc. | Asset detection system |
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
| CN107392031A (en) * | 2017-08-04 | 2017-11-24 | 杭州安恒信息技术有限公司 | The scan method and device of leak |
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN108696544A (en) * | 2018-09-05 | 2018-10-23 | 杭州安恒信息技术股份有限公司 | Security breaches detection method based on industrial control system and device |
| CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
| CN109033844A (en) * | 2018-09-10 | 2018-12-18 | 四川长虹电器股份有限公司 | Automation vulnerability detection system and method based on port identification |
| CN109768870A (en) * | 2017-11-09 | 2019-05-17 | 国网青海省电力公司电力科学研究院 | A kind of industry control network assets discovery method and system based on active probing technique |
| CN110708315A (en) * | 2019-10-09 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Asset vulnerability identification method, device and system |
-
2020
- 2020-12-14 CN CN202011466117.0A patent/CN112637159A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130275574A1 (en) * | 2012-04-11 | 2013-10-17 | Mcafee, Inc. | Asset detection system |
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
| CN107392031A (en) * | 2017-08-04 | 2017-11-24 | 杭州安恒信息技术有限公司 | The scan method and device of leak |
| CN109768870A (en) * | 2017-11-09 | 2019-05-17 | 国网青海省电力公司电力科学研究院 | A kind of industry control network assets discovery method and system based on active probing technique |
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
| CN108696544A (en) * | 2018-09-05 | 2018-10-23 | 杭州安恒信息技术股份有限公司 | Security breaches detection method based on industrial control system and device |
| CN109033844A (en) * | 2018-09-10 | 2018-12-18 | 四川长虹电器股份有限公司 | Automation vulnerability detection system and method based on port identification |
| CN110708315A (en) * | 2019-10-09 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Asset vulnerability identification method, device and system |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113239360A (en) * | 2021-04-30 | 2021-08-10 | 杭州安恒信息技术股份有限公司 | Network asset management method based on machine learning and related components |
| CN113422759A (en) * | 2021-06-10 | 2021-09-21 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, electronic device and storage medium |
| CN113472588A (en) * | 2021-07-13 | 2021-10-01 | 杭州安恒信息技术股份有限公司 | Network asset detection method and device, electronic device and storage medium |
| CN113542270A (en) * | 2021-07-14 | 2021-10-22 | 山东林天信息科技有限责任公司 | Internet asset fingerprint rapid detection method and system |
| CN113326514B (en) * | 2021-07-30 | 2021-10-29 | 紫光恒越技术有限公司 | Risk assessment method and device for network assets, switch, equipment and server |
| CN113326514A (en) * | 2021-07-30 | 2021-08-31 | 紫光恒越技术有限公司 | Risk assessment method and device for network assets, switch, equipment and server |
| CN113742629A (en) * | 2021-09-14 | 2021-12-03 | 杭州安恒信息技术股份有限公司 | Daily information security check method and device for internet data center |
| CN114124913A (en) * | 2021-09-24 | 2022-03-01 | 绿盟科技集团股份有限公司 | Method and device for monitoring network asset change and electronic equipment |
| CN114124913B (en) * | 2021-09-24 | 2023-11-28 | 绿盟科技集团股份有限公司 | Method and device for monitoring network asset change and electronic equipment |
| CN114257530B (en) * | 2021-11-29 | 2023-08-22 | 中国联合网络通信集团有限公司 | Network asset mapping method, device, equipment and storage medium |
| CN114257530A (en) * | 2021-11-29 | 2022-03-29 | 中国联合网络通信集团有限公司 | Network asset mapping method, device, equipment and storage medium |
| CN114363058A (en) * | 2021-12-31 | 2022-04-15 | 深信服科技股份有限公司 | Equipment detection method, device and related equipment |
| CN114363058B (en) * | 2021-12-31 | 2024-02-23 | 深信服科技股份有限公司 | Equipment detection method and device and related equipment |
| CN114448829A (en) * | 2022-01-18 | 2022-05-06 | 五凌电力有限公司 | Industrial control network asset detection device and detection method thereof |
| CN114584486A (en) * | 2022-02-23 | 2022-06-03 | 滨州东方地毯有限公司 | Distributed network asset scanning detection platform and scanning detection method |
| CN114584486B (en) * | 2022-02-23 | 2023-09-29 | 滨州东方地毯有限公司 | Distributed network asset scanning detection platform and scanning detection method |
| CN115361358A (en) * | 2022-08-19 | 2022-11-18 | 山石网科通信技术股份有限公司 | IP extraction method, device, storage medium and electronic device |
| CN115361358B (en) * | 2022-08-19 | 2024-02-06 | 山石网科通信技术股份有限公司 | IP extraction method and device, storage medium and electronic device |
| CN116305154B (en) * | 2023-03-08 | 2023-11-21 | 北京航天驭星科技有限公司 | Vulnerability management method of satellite measurement and control software and related equipment |
| CN116305154A (en) * | 2023-03-08 | 2023-06-23 | 北京航天驭星科技有限公司 | Vulnerability management method of satellite measurement and control software and related equipment |
| CN116094851B (en) * | 2023-04-11 | 2023-07-04 | 北京安博通科技股份有限公司 | Method, device, equipment and storage medium for repairing enterprise network loopholes |
| CN116094851A (en) * | 2023-04-11 | 2023-05-09 | 北京安博通科技股份有限公司 | Method, device, equipment and storage medium for repairing enterprise network loopholes |
| CN116915451A (en) * | 2023-06-30 | 2023-10-20 | 上海螣龙科技有限公司 | Network asset scanning system and method based on custom strategy |
| CN116915451B (en) * | 2023-06-30 | 2024-03-22 | 上海螣龙科技有限公司 | Network asset scanning system, method, computer equipment and computer readable storage medium based on custom strategy |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112637159A (en) | Network asset scanning method, device and equipment based on active detection technology | |
| US11240256B2 (en) | Grouping alerts into bundles of alerts | |
| Kührer et al. | Paint it black: Evaluating the effectiveness of malware blacklists | |
| CN108471429B (en) | Network attack warning method and system | |
| Perdisci et al. | Alarm clustering for intrusion detection systems in computer networks | |
| CN104509034B (en) | Pattern merges to identify malicious act | |
| CN108683687B (en) | Network attack identification method and system | |
| US9154516B1 (en) | Detecting risky network communications based on evaluation using normal and abnormal behavior profiles | |
| CN108881263B (en) | Network attack result detection method and system | |
| Bryant et al. | Improving SIEM alert metadata aggregation with a novel kill-chain based classification model | |
| CN114070629B (en) | Security arrangement and automatic response method, device and system for APT attack | |
| WO2008028163A2 (en) | Security monitoring tool for computer network | |
| Vaarandi et al. | Using security logs for collecting and reporting technical security metrics | |
| CN113542278B (en) | Network security assessment method, system and device | |
| CN112668010A (en) | Method, system and computing device for scanning industrial control system for bugs | |
| CN112131577A (en) | Vulnerability detection method, device and equipment and computer readable storage medium | |
| CN112636985A (en) | Network asset detection device based on automatic discovery algorithm | |
| CN109862129A (en) | DNS Traffic anomaly detection method, apparatus, electronic equipment and storage medium | |
| CN112804369A (en) | Network system, network access security detection method and device and related equipment | |
| US9729505B2 (en) | Security threat analysis | |
| CN114978614A (en) | IP asset rapid scanning processing system | |
| CN111159702A (en) | Process list generation method and device | |
| CN113778806A (en) | Method, device, equipment and storage medium for processing safety alarm event | |
| CN112714118B (en) | Network traffic detection method and device | |
| Erlansari et al. | Early Intrusion Detection System (IDS) using Snort and Telegram approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210409 |