CN113300915A - Device identification method, system, electronic apparatus, and storage medium - Google Patents
Device identification method, system, electronic apparatus, and storage medium Download PDFInfo
- Publication number
- CN113300915A CN113300915A CN202110825973.9A CN202110825973A CN113300915A CN 113300915 A CN113300915 A CN 113300915A CN 202110825973 A CN202110825973 A CN 202110825973A CN 113300915 A CN113300915 A CN 113300915A
- Authority
- CN
- China
- Prior art keywords
- equipment
- information
- fingerprint information
- identified
- historical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/065—Generation of reports related to network devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
Abstract
The application relates to a device identification method, a device identification system, an electronic device and a storage medium, wherein a request message is initiated to a test port; acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information; the method comprises the steps of obtaining pre-stored historical equipment fingerprint information of the equipment from a database, judging whether historical equipment fingerprint information matched with current equipment fingerprint information exists or not, obtaining equipment identity information corresponding to the historical equipment fingerprint information if the historical equipment fingerprint information matched with the current equipment fingerprint information exists, and identifying to obtain the identity of the equipment to be identified.
Description
Technical Field
The present application relates to the field of internet of things, and in particular, to an apparatus identification method, system, electronic device, and storage medium.
Background
The internet of things equipment is used as an internet of things asset and has the requirement of regular inventory. At present, the conventional methods, namely a flow analysis probe mode and a full-port scanning mode, are still used for checking the assets of the Internet of things in the industry.
The traffic analysis probe method requires adding one or more traffic probe hardware devices into the lan, and the hardware cost increases with the increase of devices, which results in traffic being acquired by a third party and privacy leakage.
The full-port scanning mode needs to scan a large number of ports, occupies a large amount of network bandwidth, and has high network load during scanning, so that normal service communication is blocked, and even switch paralysis can be caused; and the firewall can easily act as a DDOS attack to block the IP, is not suitable for a public network environment and even can violate laws and regulations.
Aiming at the problems of low inventory efficiency and safety of the assets of the Internet of things and influence on normal business communication in the related technology, no effective solution is provided at present.
Disclosure of Invention
The embodiment provides an equipment identification method, an equipment identification system, an electronic device and a storage medium, so as to solve the problems of low inventory efficiency and low security of assets of the internet of things and influence on normal business communication in the related technology.
In a first aspect, in this embodiment, a device identification method is provided, including:
acquiring a port number according to a port of identified equipment, taking the port number as a test port of equipment to be identified, and initiating a request message to the test port;
acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information;
the method comprises the steps of obtaining pre-stored historical device fingerprint information of the device from a database, judging whether historical device fingerprint information matched with the current device fingerprint information exists or not, if the historical device fingerprint information matched with the current device fingerprint information exists, obtaining device identity information corresponding to the historical device fingerprint information, and identifying to obtain the identity of the device to be identified.
In some embodiments, the HTML page information further includes DOM tree information, acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating the current device fingerprint information of the device to be identified according to the HTML page information includes:
and splicing the DOM tree information and the JS file information to generate a character string with a preset length, and determining that the character string with the preset length is the fingerprint information of the equipment.
In some embodiments, the HTML page information further includes IMG file information, acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating the current device fingerprint information of the device to be identified according to the HTML page information includes:
and splicing the DOM tree information, the JS file information and the IMG file information to generate a character string with a preset length, and determining that the character string with the preset length is the equipment fingerprint information.
In some embodiments, if there is historical device fingerprint information that matches the current device fingerprint information, obtaining device identity information corresponding to the historical device fingerprint information, and obtaining the identity of the device to be identified by identification includes:
judging whether the historical equipment fingerprint information carries a label or not;
and if the historical equipment fingerprint information carries the label, acquiring equipment identity information corresponding to the historical equipment fingerprint information according to the label, and identifying to obtain the identity of the equipment to be identified.
In some embodiments, if the tag is not carried by the historical device fingerprint information, the method further includes:
acquiring equipment identity information which is not input into the database and corresponds to the historical equipment fingerprint information;
and marking the historical equipment fingerprint information according to the equipment identity information.
In some embodiments, before obtaining the pre-stored historical device fingerprint information of the device and determining whether there is historical device fingerprint information matching the current device fingerprint information, the method further includes:
acquiring equipment identity information and equipment fingerprint information of identified equipment;
and storing the equipment identity information and the equipment fingerprint information of the identified equipment, and marking the equipment fingerprint information according to the equipment identity information of the identified equipment.
In some embodiments, obtaining a port number according to a port of an identified device, and using the port number as a test port of a device to be identified, and initiating a request message to the test port includes:
configuring an IP network segment and a test port list of the equipment to be identified;
and initiating the request message to a plurality of test ports in the test port list in the IP network segment according to a preset scanning speed and a preset scanning protocol.
In some of these embodiments, the device identity information includes at least one of:
equipment brand, equipment type, equipment model.
In a second aspect, there is provided in this embodiment a device identification system, including: the system comprises a scanning engine, a database and a management platform, wherein the scanning engine and the database are respectively in communication connection with the management platform; wherein the content of the first and second substances,
the scanning engine is used for acquiring the equipment fingerprint information of the equipment and uploading the equipment fingerprint information to the management platform; wherein the scan engine obtaining the device fingerprint information comprises: the scanning engine acquires a port number according to a port of the identified equipment, takes the port number as a test port of the equipment to be identified, and initiates a request message to the test port; acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information;
the database is used for storing equipment identity information and/or equipment fingerprint information;
the management platform is used for identifying the identity of the equipment to be identified according to the current equipment fingerprint information uploaded by the scanning engine; the identification of the identity of the equipment to be identified by the management platform according to the current equipment fingerprint information uploaded by the scanning engine comprises the following steps: the management platform acquires pre-stored historical device fingerprint information of the device from the database, judges whether historical device fingerprint information matched with the current device fingerprint information exists or not, acquires device identity information corresponding to the historical device fingerprint information if the historical device fingerprint information matched with the current device fingerprint information exists, and identifies the device to be identified to obtain the identity of the device to be identified.
In a third aspect, in this embodiment, there is provided an electronic apparatus, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the apparatus identification method of the first aspect is implemented.
In a fourth aspect, in the present embodiment, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the device identification method of the first aspect described above.
Compared with the related art, the device identification method, the device identification system, the electronic apparatus and the storage medium provided in this embodiment initiate a request message to a test port by acquiring a port number according to a port of an identified device and using the port number as the test port of a device to be identified; acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information; the method comprises the steps of obtaining pre-stored historical equipment fingerprint information of the equipment from a database, judging whether historical equipment fingerprint information matched with current equipment fingerprint information exists or not, obtaining equipment identity information corresponding to the historical equipment fingerprint information if the historical equipment fingerprint information matched with the current equipment fingerprint information exists, and identifying to obtain the identity of the equipment to be identified.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware configuration of a terminal of the device identification method of the present embodiment;
fig. 2 is a flowchart of the device identification method of the present embodiment;
fig. 3 is a block diagram of the configuration of the device recognition system of the present embodiment.
Detailed Description
For a clearer understanding of the objects, aspects and advantages of the present application, reference is made to the following description and accompanying drawings.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of this application do not denote a limitation of quantity, either in the singular or the plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference throughout this application to "connected," "coupled," and the like is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". The terms "first," "second," "third," and the like in this application are used for distinguishing between similar items and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the present embodiment may be executed in a terminal, a computer, or a similar computing device. For example, the method is executed on a terminal, and fig. 1 is a block diagram of a hardware structure of the terminal according to the device identification method of the embodiment. As shown in fig. 1, the terminal may include one or more processors 102 (only one shown in fig. 1) and a memory 104 for storing data, wherein the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA. The terminal may also include a transmission device 106 for communication functions and an input-output device 108. It will be understood by those of ordinary skill in the art that the structure shown in fig. 1 is merely an illustration and is not intended to limit the structure of the terminal described above. For example, the terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to the device identification method in the present embodiment, and the processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, so as to implement the method described above. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. The network described above includes a wireless network provided by a communication provider of the terminal. In one example, the transmission device 106 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In this embodiment, an apparatus identification method is provided, and fig. 2 is a flowchart of the apparatus identification method of this embodiment, as shown in fig. 2, the flowchart includes the following steps:
step S201, acquiring a port number according to the port of the identified device, taking the port number as a test port of the device to be identified, and initiating a request message to the test port.
The number of test ports may be one or plural. Before initiating the request message to the test port, the IP network segment and the test port list of the device to be identified are configured, and the request message is initiated to a plurality of test ports in the test port list in the IP network segment according to the preset scanning speed and the preset scanning protocol. The preset scanning Protocol includes HTTP (Hyper Text Transfer Protocol). The test port list comprises a list of common WEB ports of various manufacturers.
Generally, a device will include multiple ports, such as 8080 ports and 554 ports, and the ports of HTML (hypertext Markup Language) pages of the same type of device manufactured by the same manufacturer are substantially fixed, so that the same port number of the HTML page may exist for devices manufactured by the same manufacturer.
In this embodiment, the same port number of the HTML page may exist between the recognized device and the device to be recognized. Accordingly, the port numbers can be obtained according to the ports of the identified equipment, and the port numbers are used as test ports of the equipment to be identified. By the arrangement, the response message returned by the equipment to be identified can be acquired by only initiating the request message to the specific test ports without scanning the whole ports of the equipment to be identified.
Step S202, acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information.
For example, the HTML page information is processed by using a Hash (Hash function) algorithm to obtain a character string with a preset length, i.e. the fingerprint information of the device is obtained.
The HTML page includes a World Wide WEB (World Wide WEB) login page of the device to be identified, and the WEB login pages of the devices produced by different manufacturers are different, so that the devices produced by different manufacturers can be distinguished according to the page feature information of the WEB login pages.
In the related art, a browser is usually used to analyze an HTML page, and HTML page features are extracted according to the analyzed HTML page, so as to identify a device according to the HTML page features, but the browser is often automatically upgraded, which causes the HTML page analyzed by the browser to change, and thus the HTML page feature library of the browser needs to be frequently maintained.
In the embodiment, the request message is sent to the test port instead of the HTML page obtained by the browser analysis, so that the problem that the HTML page feature library needs to be frequently maintained due to the change of the HTML page obtained by the browser analysis can be solved.
In the related art for extracting the features of the HTML page, the type and version of the front end of the server, the type and version of the component, the type and version of the software of the server, the type and version of the frame, and the WEB application and version carried in the HTML page are compressed as key information to obtain a string with fixed length. However, the features obtained by the type and version processing are not obvious enough, and the HTML page features obtained after compression may cause data collision and result in a library collision phenomenon.
And JS (JavaScript), a scripting language, has obvious file information characteristics, and the identification degree of the fingerprint information of the equipment can be increased by introducing the JS file information into the fingerprint information of the equipment, so that the identification rate of the fingerprint information of the equipment is improved, an HTML page characteristic library does not need to be frequently maintained, and the library collision phenomenon does not occur.
Step S203, obtaining the pre-stored historical device fingerprint information of the device from the database, judging whether the historical device fingerprint information matched with the current device fingerprint information exists, if the historical device fingerprint information matched with the current device fingerprint information exists, obtaining the device identity information corresponding to the historical device fingerprint information, and identifying to obtain the identity of the device to be identified.
The database stores associated equipment identity information and equipment fingerprint information, historical equipment fingerprint information and current equipment fingerprint information are compared by traversing the historical equipment fingerprint information in the database, under the condition that the historical equipment fingerprint information matched with the current equipment fingerprint information is obtained through comparison, the equipment identity information corresponding to the historical equipment fingerprint information is obtained, and the identity of the equipment to be identified can be determined according to the equipment identity information.
In the above steps S201 to S203, HTML page information of the device to be identified is acquired based on the specific test port, device fingerprint information of the device to be identified is generated based on the HTML page information, and the identity of the device to be identified is uniquely determined based on the comparison of the device fingerprint information, where the HTML page information includes JS file information. By the mode, the bandwidth occupation is extremely low, only a plurality of specific ports are accessed, and the DDOS object attack is avoided, so that the problems of low inventory efficiency and safety of the assets of the Internet of things and influence on normal business communication are solved; the checking efficiency and the safety of the assets of the Internet of things are improved, and normal business communication cannot be influenced; the identification rate of the fingerprint information of the equipment is improved, an HTML page feature library does not need to be maintained frequently, and the phenomenon of library collision does not occur.
In the related art for extracting the HTML page features, the type and the version are unstable information, and the extracted HTML page features also change along with the version change of equipment or software, so that the HTML page feature library needs to be maintained frequently.
To solve this problem, in some embodiments, the HTML page information further includes DOM (Document Object Model) tree information, and when generating current device fingerprint information of the device to be identified from the HTML page information, the DOM tree information and the JS file information are concatenated to generate a character string of a preset length, and the character string of the preset length is determined to be the device fingerprint information.
The DOM tree information comprises an organization relation of DOM nodes, the tag structure of the HTML page is obtained through one layer of the DOM tree information, then the DOM tree of the whole HTML page is assembled, and the DOM tree information of the whole HTML page is obtained. Because DOM tree information is relatively fixed and the JS file information is obvious in characteristic, the stability and the recognition rate are improved according to the equipment fingerprint information generated by the DOM tree information and the JS file information.
In addition, the DOM tree information supports the custom setting of the HTML page characteristic information, so that fine-grained matching can be achieved when the fingerprint information of the equipment is compared, and the identification rate is further improved.
Preferably, when the device fingerprint information is generated according to the DOM tree information and the JS file information, some data with vivid features in the HTML page may be extracted first. For example, a min.js random character string in the JS file information can be extracted first, and the min.js random character string is used as the compressed JS file name of the HTML page, has a high recognition degree, and can be used as a part of the fingerprint information of the device.
JS is a source code file, min.js is JS file information of a compressed version, and the JS file information is smaller in size compared with the JS file information before compiling. In order to prevent the JS file information from causing data leakage in the transmission process, the original names of variables and functions in the JS file information can be changed into preset characters so as to prevent other people from peeping and stealing the source codes, and the comments, the skip lattices, the line feed symbols and the useless spaces in the JS file information are deleted, so that the size of the JS file is compressed.
In order to further improve the identification degree of the fingerprint information of the device, in some embodiments, the HTML page information further includes IMG file information, and when the current device fingerprint information of the device to be identified is generated according to the HTML page information, the DOM tree information, the JS file information, and the IMG file information are spliced to generate a character string with a preset length, and the character string with the preset length is determined to be the device fingerprint information.
For example, an IMG file link is introduced on the basis of DOM tree information and a min.js random string, and the DOM tree information, the min.js random string, and the IMG file link are spliced to generate device fingerprint information.
In some embodiments, the device identity information and the device fingerprint information associated therewith may be obtained by obtaining and storing the device identity information and the device fingerprint information of the identified device, and marking the device fingerprint information according to the device identity information of the identified device.
Therefore, under the condition that the historical device fingerprint information matched with the current device fingerprint information exists in the database, whether the historical device fingerprint information carries the label or not is judged, if the historical device fingerprint information carries the label, the device identity information corresponding to the historical device fingerprint information is obtained according to the label, and the identity of the device to be identified is identified and obtained.
However, some device fingerprint information is stored in the database before the device identity information corresponding to the device fingerprint information is not determined, so that when it is determined whether the historical device fingerprint information carries a tag, it is determined that the historical device fingerprint information does not carry a tag. In order to solve the problem, in some embodiments, the historical device fingerprint information which is not tagged is marked according to the device identity information by acquiring the device identity information which is not recorded in the database and corresponds to the historical device fingerprint information.
For example, when the fingerprint information of the historical device is judged not to carry the label, the fingerprint information of the historical device is recorded, and in the subsequent marking process, if the fingerprint information of the historical device and the equipment identity information corresponding to the fingerprint information of the historical device appear, the equipment identity information is recorded into a database and the fingerprint information of the historical device is marked by the equipment identity information.
According to the arrangement, the corresponding relation between the equipment identity information and the equipment fingerprint information is continuously increased, and the database can be continuously enriched.
In some embodiments, the device identity information includes, but is not limited to, device brand, device type, device model.
With reference to the device identification method in the foregoing embodiment, this embodiment further provides a device identification system, fig. 3 is a block diagram of the device identification system in this embodiment, and as shown in fig. 3, the device identification system includes: the scanning engine 31, the database 32 and the management platform 33, wherein the scanning engine 31 and the database 32 are respectively connected with the management platform 33 in a communication way.
The scan engine 31 is configured to obtain device fingerprint information of the device, and upload the device fingerprint information to the management platform 33. The scan engine 31 obtains device fingerprint information by:
the scan engine 31 obtains the port number according to the port of the identified device, and initiates a request message to the test port by using the port number as the test port of the device to be identified; and acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information.
The database 32 is used to store device identity information and/or device fingerprint information.
The management platform 33 is configured to identify an identity of the device to be identified according to the current device fingerprint information uploaded by the scan engine 31. The management platform 33 identifies the identity of the device to be identified by the following method:
the management level acquires the pre-stored historical device fingerprint information of the device from the database 32, judges whether the historical device fingerprint information matched with the current device fingerprint information exists, and acquires the device identity information corresponding to the historical device fingerprint information if the historical device fingerprint information matched with the current device fingerprint information exists, and identifies and obtains the identity of the device to be identified.
In some embodiments, the scan engine 31 scans a WEB login page of a device, extracts and screens DOM tree information in the WEB login page, adds JS file information and IMG file information to the current DOM tree information, and presses the JS file information and the IMG file information into fingerprint information with a distinct device characteristic, and all devices with the fingerprint information of the device can be classified as a class of devices.
The user can tag the device fingerprint information through the management platform 33 to establish a corresponding relationship between the device fingerprint information and the identity information of the device. After the corresponding relation is established, all the devices with the fingerprint information of the devices can be quickly identified.
With the continuous iteration of the scan engine 31, the fingerprint calculation rule is continuously updated, the database is continuously enlarged, and the identification rate of the device is higher and higher.
The method of using the device identification system will be described below in terms of a preferred embodiment.
A process for detecting an inventory asset based on a device identification system is given below, the process comprising the steps of:
step (1), the scan engine 31 is deployed in a network capable of communicating with the device, and an IP network segment and a test port list to be scanned are configured, and a scan speed and a scan protocol are configured, for example, an HTTP protocol is used.
And (2) the scanning engine 31 initiates a request of an HTTP (hyper text transport protocol) protocol to an IP + test port in the IP network segment and receives the packet returning information returned by the test port.
And (3) extracting DOM tree information, JS file information and IMG file information from the repackaging information of the HTML page type by the scanning engine 31, splicing the DOM tree information, the JS file information and the IMG file information into equipment fingerprint information, matching the equipment fingerprint information with the database after splicing, and establishing the corresponding relation between the equipment fingerprint information and the identity information of the equipment. If the fingerprint information of a certain device is labeled with identity information, such as the brand of the device, the type of the device, and the model of the device, the IP device can be successfully identified.
If the device fingerprint information is not tagged, the management platform 33 acquires the device fingerprint information of the identified device, tags the device fingerprint information, and inputs the device fingerprint information into the database 32 in the subsequent tagging process. Or, the user accesses the open port of the device by himself, extracts the HTML page feature information in the HTML page, inputs the HTML page feature information as device fingerprint information of the device into the database 32, and adds a tag to complete the manual identification process.
There is also provided in this embodiment an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, obtaining the port number according to the identified device port, and using the port number as the test port of the device to be identified, and sending the request message to the test port.
And S2, acquiring the response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information.
S3, obtaining the pre-stored historical device fingerprint information of the device from the database, judging whether the historical device fingerprint information matched with the current device fingerprint information exists, if the historical device fingerprint information matched with the current device fingerprint information exists, obtaining the device identity information corresponding to the historical device fingerprint information, and identifying to obtain the identity of the device to be identified.
It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementations, and details are not described again in this embodiment.
In addition, in combination with the device identification method provided in the foregoing embodiment, a storage medium may also be provided to implement in this embodiment. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any of the device identification methods in the above embodiments.
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be derived by a person skilled in the art from the examples provided herein without any inventive step, shall fall within the scope of protection of the present application.
It is obvious that the drawings are only examples or embodiments of the present application, and it is obvious to those skilled in the art that the present application can be applied to other similar cases according to the drawings without creative efforts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
The term "embodiment" is used herein to mean that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly or implicitly understood by one of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the patent protection. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (11)
1. A device identification method, comprising:
acquiring a port number according to a port of identified equipment, taking the port number as a test port of equipment to be identified, and initiating a request message to the test port;
acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information;
the method comprises the steps of obtaining pre-stored historical device fingerprint information of the device from a database, judging whether historical device fingerprint information matched with the current device fingerprint information exists or not, if the historical device fingerprint information matched with the current device fingerprint information exists, obtaining device identity information corresponding to the historical device fingerprint information, and identifying to obtain the identity of the device to be identified.
2. The device identification method according to claim 1, wherein the HTML page information further includes DOM tree information, acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating the current device fingerprint information of the device to be identified according to the HTML page information includes:
and splicing the DOM tree information and the JS file information to generate a character string with a preset length, and determining that the character string with the preset length is the fingerprint information of the equipment.
3. The device identification method according to claim 2, wherein the HTML page information further includes IMG file information, acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating the current device fingerprint information of the device to be identified according to the HTML page information includes:
and splicing the DOM tree information, the JS file information and the IMG file information to generate a character string with a preset length, and determining that the character string with the preset length is the equipment fingerprint information.
4. The device identification method according to claim 1, wherein if there is historical device fingerprint information that matches the current device fingerprint information, obtaining device identity information corresponding to the historical device fingerprint information, and obtaining the identity of the device to be identified by identification includes:
judging whether the historical equipment fingerprint information carries a label or not;
and if the historical equipment fingerprint information carries the label, acquiring equipment identity information corresponding to the historical equipment fingerprint information according to the label, and identifying to obtain the identity of the equipment to be identified.
5. The device identification method of claim 4, wherein if the tag is not carried by the historical device fingerprint information, the method further comprises:
acquiring equipment identity information which is not input into the database and corresponds to the historical equipment fingerprint information;
and marking the historical equipment fingerprint information according to the equipment identity information.
6. The device identification method according to claim 1, wherein before acquiring the historical device fingerprint information of the device stored in advance and determining whether there is historical device fingerprint information matching the current device fingerprint information, the method further comprises:
acquiring equipment identity information and equipment fingerprint information of identified equipment;
and storing the equipment identity information and the equipment fingerprint information of the identified equipment, and marking the equipment fingerprint information according to the equipment identity information of the identified equipment.
7. The device identification method according to claim 1, wherein obtaining a port number according to a port of an identified device, and taking the port number as a test port of a device to be identified, and initiating a request message to the test port comprises:
configuring an IP network segment and a test port list of the equipment to be identified;
and initiating the request message to a plurality of test ports in the test port list in the IP network segment according to a preset scanning speed and a preset scanning protocol.
8. The device identification method according to any of claims 1 to 7, wherein the device identity information comprises at least one of:
equipment brand, equipment type, equipment model.
9. A device identification system, comprising: the system comprises a scanning engine, a database and a management platform, wherein the scanning engine and the database are respectively in communication connection with the management platform; wherein the content of the first and second substances,
the scanning engine is used for acquiring the equipment fingerprint information of the equipment and uploading the equipment fingerprint information to the management platform; wherein the scan engine obtaining the device fingerprint information comprises: the scanning engine acquires a port number according to a port of the identified equipment, takes the port number as a test port of the equipment to be identified, and initiates a request message to the test port; acquiring a response message returned by the test port, extracting HTML page information carried in the response message, and generating current equipment fingerprint information of the equipment to be identified according to the HTML page information, wherein the HTML page information comprises JS file information;
the database is used for storing equipment identity information and/or equipment fingerprint information;
the management platform is used for identifying the identity of the equipment to be identified according to the current equipment fingerprint information uploaded by the scanning engine; the identification of the identity of the equipment to be identified by the management platform according to the current equipment fingerprint information uploaded by the scanning engine comprises the following steps: the management platform acquires pre-stored historical device fingerprint information of the device from the database, judges whether historical device fingerprint information matched with the current device fingerprint information exists or not, acquires device identity information corresponding to the historical device fingerprint information if the historical device fingerprint information matched with the current device fingerprint information exists, and identifies the device to be identified to obtain the identity of the device to be identified.
10. An electronic apparatus comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the device identification method of any one of claims 1 to 8.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the device identification method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110825973.9A CN113300915A (en) | 2021-07-21 | 2021-07-21 | Device identification method, system, electronic apparatus, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110825973.9A CN113300915A (en) | 2021-07-21 | 2021-07-21 | Device identification method, system, electronic apparatus, and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113300915A true CN113300915A (en) | 2021-08-24 |
Family
ID=77330883
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110825973.9A Pending CN113300915A (en) | 2021-07-21 | 2021-07-21 | Device identification method, system, electronic apparatus, and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113300915A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710341A (en) * | 2022-03-28 | 2022-07-05 | 杭州安恒信息技术股份有限公司 | Asset identification method, device, system, electronic device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080049644A1 (en) * | 2006-08-22 | 2008-02-28 | Wal-Mart Stores, Inc. | Network device inventory system |
| US20140281919A1 (en) * | 2013-03-15 | 2014-09-18 | Webroot Inc. | Detecting a change to the content of information displayed to a user of a website |
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN109257378A (en) * | 2018-11-05 | 2019-01-22 | 杭州安恒信息技术股份有限公司 | A kind of quick identification environment of internet of things illegally accesses the method and system of assets |
| CN109660401A (en) * | 2018-12-20 | 2019-04-19 | 中国电子科技集团公司第三十研究所 | A kind of distributed network assets detection method |
-
2021
- 2021-07-21 CN CN202110825973.9A patent/CN113300915A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080049644A1 (en) * | 2006-08-22 | 2008-02-28 | Wal-Mart Stores, Inc. | Network device inventory system |
| US20140281919A1 (en) * | 2013-03-15 | 2014-09-18 | Webroot Inc. | Detecting a change to the content of information displayed to a user of a website |
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN109257378A (en) * | 2018-11-05 | 2019-01-22 | 杭州安恒信息技术股份有限公司 | A kind of quick identification environment of internet of things illegally accesses the method and system of assets |
| CN109660401A (en) * | 2018-12-20 | 2019-04-19 | 中国电子科技集团公司第三十研究所 | A kind of distributed network assets detection method |
Non-Patent Citations (1)
| Title |
|---|
| 毕浩然: ""基于设备识别的网络扫描工具Kscan的设计与实现"", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710341A (en) * | 2022-03-28 | 2022-07-05 | 杭州安恒信息技术股份有限公司 | Asset identification method, device, system, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10360426B2 (en) | Computer configured to display multimedia content | |
| CN107026821B (en) | Message processing method and device | |
| CN113316926B (en) | Domain name processing method, device, electronic equipment and storage medium | |
| CN109862021B (en) | Method and device for acquiring threat information | |
| CN108268635B (en) | Method and apparatus for acquiring data | |
| CN112926061B (en) | Plug-in processing method and device | |
| CN111931188B (en) | Vulnerability testing method and system in login scene | |
| CN106790206A (en) | The protocol analysis method and device of operation system | |
| CN111740923A (en) | Method and device for generating application identification rule, electronic equipment and storage medium | |
| CN108494762A (en) | Web access method, device and computer readable storage medium, terminal | |
| CN113014549B (en) | HTTP-based malicious traffic classification method and related equipment | |
| CN112532605B (en) | Network attack tracing method and system, storage medium and electronic device | |
| CN107547524A (en) | A kind of page detection method, device and equipment | |
| CN103731429A (en) | Method and device for web application vulnerability detection | |
| CN112733057A (en) | Network content security detection method, electronic device and storage medium | |
| CA3122975A1 (en) | Network device identification | |
| CN108667768B (en) | Network application fingerprint identification method and device | |
| CN113300915A (en) | Device identification method, system, electronic apparatus, and storage medium | |
| CN113810381A (en) | Crawler detection method, web application cloud firewall, device and storage medium | |
| CN115865457A (en) | Network attack behavior identification method, server and medium | |
| CN110490258B (en) | Method and device for automatically judging website scanning login result and electronic equipment | |
| CN111159509B (en) | Data processing method and related product | |
| CN112788078B (en) | Data transmission method, receiving device, sending device and computer equipment | |
| CN114329459A (en) | Browser protection method and device | |
| CN114090112B (en) | Method and device for loading configuration file, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210824 |
|
| RJ01 | Rejection of invention patent application after publication |