CN112967125A - Method for identifying old assets - Google Patents
Method for identifying old assets Download PDFInfo
- Publication number
- CN112967125A CN112967125A CN202110263978.7A CN202110263978A CN112967125A CN 112967125 A CN112967125 A CN 112967125A CN 202110263978 A CN202110263978 A CN 202110263978A CN 112967125 A CN112967125 A CN 112967125A
- Authority
- CN
- China
- Prior art keywords
- asset
- assets
- product
- old
- identifying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
Abstract
The invention discloses a method for identifying old assets; the method comprises the following steps: s1, scanning the asset database by a query method; s2, determining data information of the scanned assets; s3, calculating the current maintenance status of the assets and the attributes of the assets; s4, after determining the products of the old assets, performing tag annotation; s5, detecting the time of the old assets, and determining the time length of the old assets; the invention realizes the rapid detection of the asset information by various detection methods, extracts all the asset information, and the various detection methods can adapt to different conditions for detection when detecting the assets. The proportion calculation is carried out on the product of the asset, effective scanning detection is carried out on the information of the asset, the information of the asset is determined, and the old degree of the asset is judged and calculated according to the proportion of the asset and the time of the asset.
Description
Technical Field
The invention belongs to the technical field of network assets, and particularly relates to an old asset identification method.
Background
In recent years, with the rapid development of computer technology, various information assets in an enterprise, such as network devices and other devices that frequently interact with each other through a network, have become important assets in the enterprise. With the continuous growth of enterprises and organization businesses, difficulties are brought to information asset management work, a large amount of non-master information assets and zombie information assets are easily generated, and great hidden dangers are brought to enterprise and organization safety. Under the background, it is important to identify target information assets (i.e. information assets which access other information assets through the network and are accessed frequently by other information assets) in the enterprise in time, and in the production of the enterprise, products are continuously replaced and replaced, some customer assets are many, some assets are used or forgotten for many years, and with the development of technology, some security problems can occur in the old products. The customers want to know which assets managed by the customers belong to old assets, so that the asset information of enterprises is too long and inconvenient to manage. However, there are still various problems with the identification of assets on the market.
The method and identification tag for asset management as disclosed in the grant publication No. CN1667647B, although the identification data may comprise a first data element comprising a global routing prefix and a second data element comprising an asset identifier. Based on the global routing prefix, a uniform resource locator may be determined for the selected asset lookup service. Based on the determined uniform resource locator, the received asset identifier can be sent to an asset lookup service, but the problems that the scanning of the asset and the extraction of the asset cannot be effectively realized, the calculation of the product proportion of the asset cannot be realized, the occupation amount of the product of the asset is determined, and the judgment of the old asset cannot be solved are not solved, and therefore the method for identifying the old asset is provided.
Disclosure of Invention
The present invention is directed to a method for identifying old assets, so as to solve the problems mentioned in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: a method for identifying old assets comprises the following steps:
s1, scanning the asset database by a query method: firstly, scanning the network assets in the asset database by network asset detection, and further extracting the assets in the asset database;
s2, determining data information of the scanned assets: the method comprises the steps of scanning attributes of assets to further determine the attributes of the assets, wherein the attributes of the assets comprise product maintenance status and product proportion of the assets, and then storing the attributes of the assets and the attributes of the assets in another database;
s3, calculating the current maintenance status of the assets and the attributes of the assets: selecting the product maintenance condition of the assets determined in the S2, calculating the product proportion of the assets, comparing the determined product proportion with the standard, and determining whether the assets are old assets or not;
s4, after product determination for the old asset, making tag annotation: in S3, the old factor of the product is obtained according to the product proportion of the asset, so that the old product is determined, and then the old product is labeled;
s5, detecting the time of the old assets, and determining the time length of the old assets: the method comprises the steps of detecting the earliest storage time in the property of the asset, calculating the existence duration of the old asset, determining the existence duration of the old asset, and selecting a time period for directional query in subsequent query.
Preferably, the network asset detection in S1 includes an active method, a passive method and a search engine-based method, and the network asset detection is one or more of the three methods.
Preferably, the active method is to actively send the constructed data packet to the target network asset, and extract the target fingerprint from the related information of the returned data packet, where the related information includes the protocol content of each layer and the packet retransmission time.
Preferably, the target fingerprint is compared with fingerprints in a fingerprint database, so as to detect an open port, an operating system, a service and an application type, and the active method is mainly divided into an active detection method based on a response protocol stack fingerprint and an active detection method based on single-packet response delay statistics according to the type of used fingerprint information.
Preferably, the passive detection method is to collect the traffic of the target network, and analyze the fingerprint characteristics of the special fields banner or IP, TCP three-way handshake and DHCP protocol data packet in the HTTP, FTP and SMTP protocol data packets of the application layer in the traffic, thereby implementing the passive detection of the network asset information.
Preferably, the search engine based method is used for rapidly detecting new technologies such as big data and cloud computing, and the search engine based method is a search engine special for network security.
Preferably, the status of product maintenance and the product weight of the asset in S2 are the product weight of all the products of the asset, and the aging factor of the product of the asset is determined according to whether the product of the asset is continuously subjected to maintenance production.
Preferably, the selecting of the product maintenance condition of the asset in S4 is to determine whether the product of the asset needs to be calculated in terms of specific gravity, and the product including the asset is calculated in terms of specific gravity when in maintenance, and the product of the asset does not need to be calculated in terms of specific gravity when not in maintenance.
Preferably, the standard in S3 is that the product according to the asset accounts for the weight of all the products during maintenance, and the standard of the weight is ten percent.
Preferably, the earliest time of deposit in S5 is detected by the time when the asset is viewed by stat command, and the product running time of the asset is obtained by the time difference, and after the old asset is determined, the content, time period, tag and asset product information of the old asset are packaged and stored in the database.
Compared with the prior art, the invention has the beneficial effects that:
(1) the asset information can be rapidly detected by various detection methods, so that the assets can be comprehensively and safely scanned, all the asset information can be extracted, and the various detection methods can adapt to different conditions for detection when the assets are detected, so that the detection is rapid and convenient to operate.
(2) The invention can calculate the proportion of the product of the asset, can effectively scan and detect the information of the asset, can determine the information of the asset, and can judge and calculate the old degree of the asset according to the proportion of the asset and the time of the asset.
Drawings
FIG. 1 is a schematic diagram of the process steps of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution: a method for identifying old assets comprises the following steps:
s1, scanning the asset database by a query method: firstly, scanning the network assets in the asset database by network asset detection, and further extracting the assets in the asset database;
s2, determining data information of the scanned assets: the method comprises the steps of scanning attributes of assets to further determine the attributes of the assets, wherein the attributes of the assets comprise product maintenance status and product proportion of the assets, and then storing the attributes of the assets and the attributes of the assets in another database;
s3, calculating the current maintenance status of the assets and the attributes of the assets: selecting the product maintenance condition of the assets determined in the S2, calculating the product proportion of the assets, comparing the determined product proportion with the standard, and determining whether the assets are old assets or not;
s4, after product determination for the old asset, making tag annotation: in S3, the old factor of the product is obtained according to the product proportion of the asset, so that the old product is determined, and then the old product is labeled;
s5, detecting the time of the old assets, and determining the time length of the old assets: the method comprises the steps of detecting the earliest storage time in the property of the asset, calculating the existence duration of the old asset, determining the existence duration of the old asset, and selecting a time period for directional query in subsequent query.
In order to realize rapid scanning detection of assets, in this embodiment, it is preferable that the network asset detection in S1 includes an active method, a passive method and a search engine-based method, and the network asset detection is one or more of three methods.
In order to adapt to different detection situations and implement detection of an active asset, in this embodiment, it is preferable that the active method actively sends a constructed data packet to a target network asset, and extracts a target fingerprint from related information of a returned data packet, where the related information includes protocol contents of each layer and packet retransmission time.
In order to implement connection and transmission of data through fingerprints, in this embodiment, preferably, the target fingerprint is compared with fingerprints in a fingerprint library, so as to implement detection of an open port, an operating system, a service and an application type, and according to a type of used fingerprint information, the active method is mainly divided into an active detection method based on a response protocol stack fingerprint and a single-packet response delay statistics method.
In order to adapt to different detection situations and implement detection of passive assets, in this embodiment, preferably, the passive detection method is to collect traffic of a target network, and analyze a special field banner in HTTP, FTP, and SMTP protocol data packets of an application layer in the traffic or fingerprint features of IP, TCP three-way handshake and DHCP protocol data packets, thereby implementing passive detection of network asset information.
In order to adapt to different detection situations and realize detection of assets by a search engine, in this embodiment, it is preferable that the search engine-based method performs rapid detection on new technologies such as big data and cloud computing, and the search engine-based method adopts a search engine dedicated for network security.
In order to realize the calculation of the specific gravity of the product of the asset, in this embodiment, it is preferable that the current product maintenance status and the product specific gravity of the asset in S2 are whether the maintenance production is continued for the product of the asset, and the specific gravity of the product of the asset in all the products, so as to determine the old factor of the product of the asset.
In order to reduce the calculation of the assets and improve the efficiency of the calculation, in this embodiment, it is preferable that the selection of the product maintenance condition of the assets in S4 is used to determine whether the product of the assets needs to be calculated in terms of specific gravity, and the product including the assets needs to be calculated in terms of specific gravity when the product is under maintenance, and the product of the assets does not need to be calculated in terms of specific gravity when the product is not under maintenance.
In order to set the specific gravity standard of the product and compare the specific gravities of the products, in this embodiment, it is preferable that the standard in S3 is that the product according to the asset accounts for the specific gravity of all the products during the maintenance, and the standard of the specific gravity is ten percent.
In order to detect the information of the asset and determine the time of the asset, in this embodiment, it is preferable that the earliest time in S5 is detected by looking up the time of the asset by a stat instruction, and the product running time of the asset is obtained by the time difference, and after the old asset is determined, the content, the time period, the tag and the asset product information of the old asset are packaged and stored in the database.
The working principle and the using process of the invention are as follows:
firstly, scanning an asset database through a query method: firstly, scanning the network assets in the asset database by network asset detection, and further extracting the assets in the asset database;
secondly, determining data information of the scanned assets: the method comprises the steps of scanning attributes of assets to further determine the attributes of the assets, wherein the attributes of the assets comprise product maintenance status and product proportion of the assets, and then storing the attributes of the assets and the attributes of the assets in another database;
thirdly, calculating the current maintenance status of the assets and the attributes of the assets: selecting the product maintenance condition of the assets determined in the S2, calculating the product proportion of the assets, comparing the determined product proportion with the standard, and determining whether the assets are old assets or not;
fourth, after the product determination for the old asset, tag annotation is performed: in S3, the old factor of the product is obtained according to the product proportion of the asset, so that the old product is determined, and then the old product is labeled;
and fifthly, detecting the time of the old assets, and determining the time length of the old assets: the method comprises the steps of detecting the earliest storage time in the property of the asset, calculating the existence duration of the old asset, determining the existence duration of the old asset, and selecting a time period for directional query in subsequent query.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A method for identifying old assets is characterized by comprising the following steps:
s1, scanning the asset database by a query method: firstly, scanning the network assets in the asset database by network asset detection, and further extracting the assets in the asset database;
s2, determining data information of the scanned assets: the method comprises the steps of scanning attributes of assets to further determine the attributes of the assets, wherein the attributes of the assets comprise product maintenance status and product proportion of the assets, and then storing the attributes of the assets and the attributes of the assets in another database;
s3, calculating the current maintenance status of the assets and the attributes of the assets: selecting the product maintenance condition of the assets determined in the S2, calculating the product proportion of the assets, comparing the determined product proportion with the standard, and determining whether the assets are old assets or not;
s4, after product determination for the old asset, making tag annotation: in S3, the old factor of the product is obtained according to the product proportion of the asset, so that the old product is determined, and then the old product is labeled;
s5, detecting the time of the old assets, and determining the time length of the old assets: the method comprises the steps of detecting the earliest storage time in the property of the asset, calculating the existence duration of the old asset, determining the existence duration of the old asset, and selecting a time period for directional query in subsequent query.
2. The method of identifying an old asset as claimed in claim 1, wherein: the network asset detection in S1 includes an active method, a passive method and a search engine-based method, and the network asset detection is one or more of three methods.
3. The method of identifying an old asset as claimed in claim 2, wherein: the active method is to actively send the constructed data packet to the target network asset and extract the target fingerprint from the related information of the returned data packet, wherein the related information comprises the protocol content of each layer and the retransmission time of the packet.
4. A method of identifying an old asset as claimed in claim 3, wherein: the target fingerprint is compared with fingerprints in a fingerprint library, so that detection of an open port, an operating system, service and application types is realized, and the active method mainly comprises an active detection method based on response protocol stack fingerprints and an active detection method based on single-packet response time delay statistics according to the type of used fingerprint information.
5. The method of identifying an old asset as claimed in claim 2, wherein: the passive method is to collect the flow of the target network and analyze the special field banner or IP, TCP three-way handshake in HTTP, FTP and SMTP protocol data packets of the application layer in the flow and the fingerprint characteristics of DHCP protocol data packets, thereby realizing the passive detection of the network asset information.
6. The method of identifying an old asset as claimed in claim 2, wherein: the search engine based method is used for rapidly detecting big data and cloud computing, and the search engine based method is a search engine special for network security.
7. The method of identifying an old asset as claimed in claim 1, wherein: the product maintenance status and the product weight of the asset in S2 are the product weight of all the products of the asset, and the aging factor of the product of the asset is determined according to whether the product of the asset is continuously subjected to maintenance production.
8. The method of identifying an old asset as claimed in claim 1, wherein: the selection of the product maintenance condition of the asset in S4 is to determine whether the product of the asset needs to be calculated in terms of specific gravity, calculate the specific gravity of the product when the product including the asset is under maintenance, and not calculate the specific gravity of the product when the product of the asset is not under maintenance.
9. The method of identifying an old asset as claimed in claim 1, wherein: the standard in S3 is that the product by asset accounts for the weight of all products during maintenance, and the standard of weight is ten percent.
10. The method of identifying an old asset as claimed in claim 1, wherein: the earliest time for storage in S5 is detected by the time of viewing the asset at stat instruction, and the product running time of the asset is obtained by the time difference, and after the old asset is determined, the content, time period, tag and asset product information of the old asset are packaged and stored in the database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110263978.7A CN112967125A (en) | 2021-03-08 | 2021-03-08 | Method for identifying old assets |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110263978.7A CN112967125A (en) | 2021-03-08 | 2021-03-08 | Method for identifying old assets |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112967125A true CN112967125A (en) | 2021-06-15 |
Family
ID=76277184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110263978.7A Pending CN112967125A (en) | 2021-03-08 | 2021-03-08 | Method for identifying old assets |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112967125A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1667647A (en) * | 2004-03-10 | 2005-09-14 | 微软公司 | Method and identification tag for asset management |
| CN104899688A (en) * | 2015-05-29 | 2015-09-09 | 国家电网公司 | Unified asset management and planning method for center and distribution substations |
| CN105631592A (en) * | 2015-12-28 | 2016-06-01 | 海南华人智慧科技有限公司 | RFID asset supervision system based on internet of things |
| CN106101098A (en) * | 2016-06-13 | 2016-11-09 | 金邦达有限公司 | A kind of information assets recognition methods and device |
| CN111756598A (en) * | 2020-06-23 | 2020-10-09 | 北京凌云信安科技有限公司 | Asset discovery method based on combination of active detection and flow analysis |
-
2021
- 2021-03-08 CN CN202110263978.7A patent/CN112967125A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1667647A (en) * | 2004-03-10 | 2005-09-14 | 微软公司 | Method and identification tag for asset management |
| CN104899688A (en) * | 2015-05-29 | 2015-09-09 | 国家电网公司 | Unified asset management and planning method for center and distribution substations |
| CN105631592A (en) * | 2015-12-28 | 2016-06-01 | 海南华人智慧科技有限公司 | RFID asset supervision system based on internet of things |
| CN106101098A (en) * | 2016-06-13 | 2016-11-09 | 金邦达有限公司 | A kind of information assets recognition methods and device |
| CN111756598A (en) * | 2020-06-23 | 2020-10-09 | 北京凌云信安科技有限公司 | Asset discovery method based on combination of active detection and flow analysis |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108881263B (en) | Network attack result detection method and system | |
| CN108833185B (en) | Network attack route restoration method and system | |
| CN107124434B (en) | Method and system for discovering DNS malicious attack traffic | |
| CN106411934A (en) | DoS(denial of service)/DDoS(distributed denial of service) attack detection method and device | |
| CN111866027B (en) | Asset safety assessment method and system based on intelligence analysis | |
| CN110213212A (en) | A kind of classification method and device of equipment | |
| TW201428528A (en) | Method and device for identifying website user | |
| KR20140027616A (en) | Apparatus and method for detecting http botnet based on the density of web transaction | |
| CN109194680A (en) | A kind of network attack identification method, device and equipment | |
| CN111935082A (en) | Network threat information correlation system and method | |
| CN108900486A (en) | A kind of scanner fingerprint identification method and its system | |
| CN110677384A (en) | Phishing website detection method and device, storage medium and electronic device | |
| US8775613B2 (en) | Method and system for providing network monitoring, security event collection apparatus and service abnormality detection apparatus for network monitoring | |
| KR100901696B1 (en) | Apparatus of content-based Sampling for Security events and method thereof | |
| CN114978614A (en) | IP asset rapid scanning processing system | |
| CN117040943B (en) | Cloud network endophytic security defense method and device based on IPv6 address driving | |
| CN112967125A (en) | Method for identifying old assets | |
| CN117424743A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN113283906A (en) | Payment electricity purchasing risk monitoring method and device based on equipment fingerprint | |
| Patil et al. | SS-DDoS:: spark-based DDoS attacks classification approach | |
| CN112291225A (en) | Big data abnormal flow detection method and system applied to integral system | |
| CN112685510B (en) | Asset labeling method, computer program and storage medium based on full flow label | |
| CN110443187A (en) | The recording method of characteristic information and device | |
| CN110839045B (en) | Abnormal flow detection method for power monitoring system | |
| CN115118525A (en) | Internet of things safety protection system and protection method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |