CN113645079A - Internet of things terminal networking method, device, equipment and storage medium - Google Patents
Internet of things terminal networking method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113645079A CN113645079A CN202110937890.9A CN202110937890A CN113645079A CN 113645079 A CN113645079 A CN 113645079A CN 202110937890 A CN202110937890 A CN 202110937890A CN 113645079 A CN113645079 A CN 113645079A
- Authority
- CN
- China
- Prior art keywords
- target terminal
- equipment
- terminal
- networking
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006855 networking Effects 0.000 title claims abstract description 99
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000006870 function Effects 0.000 claims description 73
- 238000004590 computer program Methods 0.000 claims description 15
- 238000010276 construction Methods 0.000 claims description 4
- 238000011217 control strategy Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method, a device, equipment and a storage medium for networking an Internet of things terminal. The method comprises the following steps: acquiring network flow of a target terminal, and determining equipment attribute information of the target terminal based on the network flow; determining the application function and the equipment type of the target terminal according to the equipment attribute information; determining a connection strategy of the target terminal according to the application function and the equipment type; and generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule. By analyzing the application function and the equipment type of the target terminal, the networking authority rules of the terminal equipment of the Internet of things are automatically generated, so that the target terminal can access the rest equipment of the intranet according to the networking authority rules, and the networking efficiency of the terminal of the Internet of things is improved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for networking terminals of the Internet of things.
Background
At present, the access networking management of the terminal of the internet of things comprises modes such as protocol access, equipment identification and the like, in the prior art, the terminal networking is realized through manual configuration, the convenience of the terminal networking of the internet of things is reduced, in the prior art, the networking behavior of the terminal of the internet of things is controlled through a machine learning method, the time consumption is long, and the accuracy rate cannot be guaranteed.
Disclosure of Invention
In view of this, the present invention aims to provide a method, an apparatus, a device and a medium for networking an internet of things terminal, which can improve the efficiency of networking the internet of things terminal. The specific scheme is as follows:
in a first aspect, the application discloses a method for networking terminals of the internet of things, comprising the following steps:
acquiring network flow of a target terminal, and determining equipment attribute information of the target terminal based on the network flow;
determining the application function and the equipment type of the target terminal according to the equipment attribute information;
determining a connection strategy of the target terminal according to the application function and the equipment type;
and generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule.
Optionally, the determining the device attribute information of the target terminal based on the network traffic includes:
extracting a terminal IP address of the target terminal from the network flow, and scanning the target terminal according to the terminal IP address to determine the equipment attribute information of the target terminal; the equipment attribute information comprises a manufacturer, an equipment name and a model;
the determining the device attribute information of the target terminal further includes:
and extracting the terminal MAC address of the target terminal from the network flow, and comparing the terminal MAC address with an MAC address manufacturer distribution table to determine a manufacturer corresponding to the target terminal.
Optionally, determining the application function and the device type of the target terminal according to the device attribute information includes:
determining the application function and the equipment type of the target terminal according to the equipment attribute information and a pre-constructed terminal function type table;
the terminal function type table is a list constructed on the basis of device attribute information, application functions and device types of various devices acquired from a manufacturer official website through a crawler.
Optionally, the determining the connection policy of the target terminal according to the application function and the device type includes:
searching a pre-constructed connection strategy table according to the application function and the equipment type to determine the connection strategy of the target terminal;
the construction process of the connection policy table comprises the following steps:
establishing access control strategies, access protocols and access ports corresponding to various devices according to the device types and the application functions to obtain the connection strategy table; wherein the access control policy includes an allowed access device type.
Optionally, the generating a networking permission rule of the target terminal based on the connection policy includes:
determining a networking authority rule of the target terminal according to the connection strategy and the parameter information of the current in-network equipment; the networking permission rules include a target IP address, a target MAC address, a target port, and ACL control rules.
Optionally, before generating the networking right rule of the target terminal based on the connection policy, the method further includes:
acquiring flow data of the target terminal accessing the external network server;
determining manufacturer information of the equipment accessed by the target terminal according to the flow data;
and judging whether the manufacturer information is matched with the manufacturer information of the intranet equipment, and if so, starting the step of generating the networking authority rule of the target terminal based on the connection strategy.
Optionally, the determining whether the vendor information is matched with the vendor information of the intranet device includes:
according to the uniform resource locator in the flow data, determining a registered manufacturer of the domain name in the uniform resource locator through a domain name query system to obtain information of the manufacturer;
or obtaining the manufacturer to which the IP address belongs through an IP library according to the IP address in the flow data so as to obtain the manufacturer information.
In a second aspect, the application discloses an internet of things terminal networking device, includes:
the attribute determining module is used for acquiring the network flow of a target terminal and determining the equipment attribute information of the target terminal based on the network flow;
the function and type determining module is used for determining the application function and the equipment type of the target terminal according to the equipment attribute information;
a connection policy determination module, configured to determine a connection policy of the target terminal according to the application function and the device type;
and the rule determining module is used for generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the Internet of things terminal networking method.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; the computer program is used for realizing the Internet of things terminal networking method when being executed by the processor.
In the method, the network flow of a target terminal is obtained, and the equipment attribute information of the target terminal is determined based on the network flow; determining the application function and the equipment type of the target terminal according to the equipment attribute information; determining a connection strategy of the target terminal according to the application function and the equipment type; and generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule. Therefore, through the network flow of the target terminal, the equipment attribute information of the target terminal is firstly determined, then the application function and the equipment type of the target terminal are determined according to the attribute information, then the matched connection strategy is determined according to the application function and the equipment type of the target terminal, and finally the networking authority rule of the intranet is automatically generated based on the link strategy, so that the target terminal can access the rest equipment of the intranet according to the networking authority rule, and the networking efficiency of the terminal of the internet of things is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for networking an internet of things terminal according to the present application;
fig. 2 is a flowchart of a specific internet-of-things terminal networking method provided by the present application;
fig. 3 is a schematic structural diagram of an internet of things terminal networking device provided in the present application;
fig. 4 is a block diagram of an electronic device provided in the present application.
Detailed Description
In the prior art, terminal networking is realized through manual configuration, convenience of networking of the terminal of the Internet of things is reduced, and the networking behavior of the terminal of the Internet of things is controlled through a machine learning method in the prior art, so that time is long, and accuracy cannot be guaranteed. In order to overcome the technical problem, the application provides an internet of things terminal networking method, which can automatically generate a networking authority rule of an internet of things terminal device, so that a target terminal can access other devices in an intranet according to the networking authority rule, and the networking efficiency of the internet of things terminal is improved.
The embodiment of the application discloses a method for networking terminals of the Internet of things, and as shown in figure 1, the method can comprise the following steps:
step S11: the method comprises the steps of obtaining network flow of a target terminal, and determining equipment attribute information of the target terminal based on the network flow.
In this embodiment, first, network traffic of a target terminal is obtained, then, device attribute information of the target terminal is determined based on the network traffic, specifically, the network traffic of the target terminal may be captured by a flow device such as a gateway or a firewall, and then, the captured traffic is analyzed to identify the target terminal device, where the target terminal may be a terminal newly accessing a current local area network or all terminals in the current local area network.
In this embodiment, the determining the device attribute information of the target terminal based on the network traffic may include: extracting a terminal IP address of the target terminal from the network flow, and scanning the target terminal according to the terminal IP address to determine the equipment attribute information of the target terminal; the device attribute information includes a manufacturer, a device name, and a model. In this embodiment, the determining the device attribute information of the target terminal may further include: and extracting the terminal MAC address of the target terminal from the network flow, and comparing the terminal MAC address with an MAC address manufacturer distribution table to determine a manufacturer corresponding to the target terminal. It can be understood that the terminal can be actively scanned through the extracted terminal IP address to identify the manufacturer, device name, model, etc. of the terminal, and when the manufacturer of the terminal cannot be accurately identified through the active scanning mode, the manufacturer name of the target terminal can be obtained by comparing the three first bits of the terminal MAC address with the MAC address manufacturer allocation table. After all the device attribute information of the target terminal is obtained, a current local area network internet of things terminal device list can be formed, and the list can include but is not limited to attributes such as a terminal IP address, a terminal MAC address, a manufacturer, a device name, a model and the like.
Step S12: and determining the application function and the equipment type of the target terminal according to the equipment attribute information.
In this embodiment, after the device attribute information is obtained, the application function and the device type of the target terminal are determined according to the device attribute information, and if it is determined that the application function is access control, the device type is a camera.
In this embodiment, determining the application function and the device type of the target terminal according to the device attribute information may include: determining the application function and the equipment type of the target terminal according to the equipment attribute information and a pre-constructed terminal function type table; the terminal function type table is a list constructed on the basis of device attribute information, application functions and device types of various devices acquired from a manufacturer official website through a crawler. The method comprises the steps of obtaining device attribute information, application functions and device types of various devices from a manufacturer official website through a crawler in advance to build a terminal function type table, and determining the application functions and the device types of a target terminal by inquiring the terminal function type table after the device attribute information is determined. Of course, the device attribute information can also be directly inquired through the official website after being determined.
Step S13: and determining the connection strategy of the target terminal according to the application function and the equipment type.
In this embodiment, after the application function and the device type are determined, a connection policy corresponding to the target terminal is determined according to the application function and the device type. It can be understood that different terminal devices correspond to different connection strategies, for example, if one camera monitoring device is used, the device type is a camera, the application function is access control, and then the connection strategy of the camera is only to allow access to the access control device, but not to allow access to other terminal devices.
In this embodiment, the determining the connection policy of the target terminal according to the application function and the device type may include: searching a pre-constructed connection strategy table according to the application function and the equipment type to determine the connection strategy of the target terminal; the construction process of the connection policy table may include: establishing access control strategies, access protocols and access ports corresponding to various devices according to the device types and the application functions to obtain the connection strategy table; wherein the access control policy includes an allowed access device type. The connection policy of each function type device of the terminal of the internet of things may be pre-constructed, and the pre-constructed connection policy table may be searched according to the determined application function and device type to determine the connection policy of the target terminal, where the connection policy may specifically include an access control policy, an access protocol, and an access port corresponding to the target terminal.
Step S14: and generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule.
In this embodiment, the generating the networking permission rule of the target terminal based on the connection policy may include: determining a networking authority rule of the target terminal according to the connection strategy and the parameter information of the current in-network equipment; the networking permission rules include a target IP address, a target MAC address, a target port, and ACL control rules. Based on the determined connection strategy, combining the types and functions of all devices in the current intranet, generating the networking authority rules of the target terminal, wherein the networking authority rules include, but are not limited to, a target IP address, a target MAC address, a target port and an ACL (Access Control List) Control rule, so that the target terminal can access the rest devices in the intranet according to the networking authority rules
As can be seen from the above, in this embodiment, the network traffic of the target terminal is obtained, and the device attribute information of the target terminal is determined based on the network traffic; determining the application function and the equipment type of the target terminal according to the equipment attribute information; determining a connection strategy of the target terminal according to the application function and the equipment type; and generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule. Therefore, through the network flow of the target terminal, the equipment attribute information of the target terminal is firstly determined, then the application function and the equipment type of the target terminal are determined according to the attribute information, then the matched connection strategy is determined according to the application function and the equipment type of the target terminal, and finally the networking authority rule of the intranet is automatically generated based on the link strategy, so that the target terminal can access the rest equipment of the intranet according to the networking authority rule, and the networking efficiency of the terminal of the internet of things is improved
The embodiment of the application discloses a specific internet of things terminal networking method, and as shown in fig. 2, the method can include the following steps:
step S21: the method comprises the steps of obtaining network flow of a target terminal, and determining equipment attribute information of the target terminal based on the network flow.
Step S22: and determining the application function and the equipment type of the target terminal according to the equipment attribute information.
Step S23: and determining the connection strategy of the target terminal according to the application function and the equipment type.
Step S24: and acquiring the flow data of the target terminal accessing the external network server.
Step S25: and determining the manufacturer information of the equipment accessed by the target terminal according to the flow data.
In this embodiment, the manufacturer information of the device accessed by the target terminal is determined by analyzing the traffic data obtained by the target terminal accessing the extranet server.
In this embodiment, the following may be specifically used: according to the uniform resource locator in the flow data, determining a registered manufacturer of the domain name in the uniform resource locator through a domain name query system to obtain information of the manufacturer; or obtaining the manufacturer to which the IP address belongs through an IP library according to the IP address in the flow data so as to obtain the manufacturer information. That is, the address of the extranet server accessed by the terminal is obtained through traffic analysis, and if the uniform resource locator is obtained, the manufacturer registered for the domain name can be obtained through the whois domain name query system. If the acquired address is an IP address, the IP home manufacturer can be acquired through the IP library.
Step S26: and judging whether the manufacturer information is matched with the manufacturer information of the intranet equipment, if so, generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access the rest intranet equipment according to the networking authority rule.
In this embodiment, after the manufacturer information of the device accessed by the target device is determined, the manufacturer information is compared with the manufacturer information of the intranet device, if there is a match, the networking permission rule of the target terminal is generated based on the connection policy, otherwise, the blocking ACL control rule is generated or a corresponding service alarm is generated.
For the specific processes of the above steps S21 to S23, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
As can be seen from the above, in this embodiment, the traffic data of the target terminal accessing the extranet server is obtained, the manufacturer information of the device accessed by the target terminal is determined according to the traffic data, whether the manufacturer information is matched with the manufacturer information of the intranet device is judged, and if so, the networking permission rule of the target terminal is generated based on the connection policy, so that the target terminal accesses the rest devices in the intranet according to the networking permission rule. Therefore, the accuracy and the safety of the networking access of the target terminal equipment can be further ensured.
Correspondingly, the embodiment of the present application further discloses an internet of things terminal networking device, as shown in fig. 3, the device includes:
the attribute determining module 11 is configured to acquire a network traffic of a target terminal, and determine device attribute information of the target terminal based on the network traffic;
a function and type determining module 12, configured to determine an application function and a device type of the target terminal according to the device attribute information;
a connection policy determining module 13, configured to determine a connection policy of the target terminal according to the application function and the device type;
and a rule determining module 14, configured to generate a networking permission rule of the target terminal based on the connection policy, so that the target terminal accesses the rest devices in the intranet according to the networking permission rule.
As can be seen from the above, in this embodiment, the network traffic of the target terminal is obtained, and the device attribute information of the target terminal is determined based on the network traffic; determining the application function and the equipment type of the target terminal according to the equipment attribute information; determining a connection strategy of the target terminal according to the application function and the equipment type; and generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule. Therefore, through the network flow of the target terminal, the equipment attribute information of the target terminal is firstly determined, then the application function and the equipment type of the target terminal are determined according to the attribute information, then the matched connection strategy is determined according to the application function and the equipment type of the target terminal, and finally the networking authority rule of the intranet is automatically generated based on the link strategy, so that the target terminal can access the rest equipment of the intranet according to the networking authority rule, and the networking efficiency of the terminal of the internet of things is improved
In some specific embodiments, the attribute determining module 11 may specifically include:
the scanning unit is used for extracting and obtaining a terminal IP address of the target terminal from the network flow, and scanning the target terminal according to the terminal IP address to determine the equipment attribute information of the target terminal; the equipment attribute information comprises a manufacturer, an equipment name and a model;
and the MAC comparison unit is used for extracting the terminal MAC address of the target terminal from the network flow and comparing the terminal MAC address with an MAC address manufacturer distribution table so as to determine a manufacturer corresponding to the target terminal.
In some embodiments, the function and type determining module 12 may specifically include:
a function and type determining unit, configured to determine an application function and a device type of the target terminal according to the device attribute information and a pre-constructed terminal function type table;
the terminal function type table is a list constructed on the basis of device attribute information, application functions and device types of various devices acquired from a manufacturer official website through a crawler.
In some specific embodiments, the connection policy determining module 13 may specifically include:
a connection policy determining unit, configured to search a pre-constructed connection policy table according to the application function and the device type, so as to determine a connection policy of the target terminal;
the construction process of the connection policy table comprises the following steps:
establishing access control strategies, access protocols and access ports corresponding to various devices according to the device types and the application functions to obtain the connection strategy table; wherein the access control policy includes an allowed access device type.
In some specific embodiments, the rule determining module 14 may specifically include:
a rule determining unit, configured to determine a networking permission rule of the target terminal according to the connection policy and parameter information of the current in-network device; the networking permission rules include a target IP address, a target MAC address, a target port, and ACL control rules.
In some specific embodiments, the internet of things terminal networking device may specifically include:
a traffic data acquiring unit, configured to acquire traffic data of the target terminal accessing the extranet server;
the manufacturer information determining unit is used for determining manufacturer information of the equipment accessed by the target terminal according to the flow data;
and the judging unit is used for judging whether the manufacturer information is matched with the manufacturer information of the intranet equipment or not, and starting the step of generating the networking authority rule of the target terminal based on the connection strategy if the manufacturer information is matched with the manufacturer information of the intranet equipment.
In some specific embodiments, the determining unit may specifically include:
the first judgment subunit is configured to determine, according to a uniform resource locator in the traffic data, a registered vendor of a domain name in the uniform resource locator through a domain name query system, so as to obtain vendor information;
and the second judgment subunit is used for acquiring a manufacturer to which the IP address belongs through an IP library according to the IP address in the flow data so as to obtain the manufacturer information.
Further, the embodiment of the present application also discloses an electronic device, which is shown in fig. 4, and the content in the drawing cannot be considered as any limitation to the application scope.
Fig. 4 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is configured to store a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the internet of things terminal networking method disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resources stored thereon include an operating system 221, a computer program 222, data 223 including network traffic, etc., and the storage may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the electronic device 20, so as to realize the operation and processing of the mass data 223 in the memory 22 by the processor 21, and may be Windows Server, Netware, Unix, Linux, and the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the internet of things terminal networking method performed by the electronic device 20 disclosed in any of the foregoing embodiments.
Further, an embodiment of the present application further discloses a computer storage medium, where computer-executable instructions are stored in the computer storage medium, and when the computer-executable instructions are loaded and executed by a processor, the steps of the internet of things terminal networking method disclosed in any of the foregoing embodiments are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The internet of things terminal networking method, device, equipment and medium provided by the invention are described in detail, a specific example is applied in the text to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. An Internet of things terminal networking method is characterized by comprising the following steps:
acquiring network flow of a target terminal, and determining equipment attribute information of the target terminal based on the network flow;
determining the application function and the equipment type of the target terminal according to the equipment attribute information;
determining a connection strategy of the target terminal according to the application function and the equipment type;
and generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule.
2. The internet of things terminal networking method of claim 1, wherein the determining the device attribute information of the target terminal based on the network traffic comprises:
extracting a terminal IP address of the target terminal from the network flow, and scanning the target terminal according to the terminal IP address to determine the equipment attribute information of the target terminal; the equipment attribute information comprises a manufacturer, an equipment name and a model;
the determining the device attribute information of the target terminal further includes:
and extracting the terminal MAC address of the target terminal from the network flow, and comparing the terminal MAC address with an MAC address manufacturer distribution table to determine a manufacturer corresponding to the target terminal.
3. The internet of things terminal networking method of claim 1, wherein determining the application function and the device type of the target terminal according to the device attribute information comprises:
determining the application function and the equipment type of the target terminal according to the equipment attribute information and a pre-constructed terminal function type table;
the terminal function type table is a list constructed on the basis of device attribute information, application functions and device types of various devices acquired from a manufacturer official website through a crawler.
4. The internet of things terminal networking method according to claim 1, wherein the determining the connection policy of the target terminal according to the application function and the device type includes:
searching a pre-constructed connection strategy table according to the application function and the equipment type to determine the connection strategy of the target terminal;
the construction process of the connection policy table comprises the following steps:
establishing access control strategies, access protocols and access ports corresponding to various devices according to the device types and the application functions to obtain the connection strategy table; wherein the access control policy includes an allowed access device type.
5. The internet of things terminal networking method according to claim 1, wherein the generating of the networking permission rule of the target terminal based on the connection policy includes:
determining a networking authority rule of the target terminal according to the connection strategy and the parameter information of the current in-network equipment; the networking permission rules include a target IP address, a target MAC address, a target port, and ACL control rules.
6. The internet-of-things terminal networking method according to any one of claims 1 to 5, wherein before generating the networking right rule of the target terminal based on the connection policy, the method further comprises:
acquiring flow data of the target terminal accessing the external network server;
determining manufacturer information of the equipment accessed by the target terminal according to the flow data;
and judging whether the manufacturer information is matched with the manufacturer information of the intranet equipment, and if so, starting the step of generating the networking authority rule of the target terminal based on the connection strategy.
7. The internet of things terminal networking method according to claim 6, wherein the judging whether the vendor information is matched with the intranet equipment vendor information comprises:
according to the uniform resource locator in the flow data, determining a registered manufacturer of the domain name in the uniform resource locator through a domain name query system to obtain information of the manufacturer;
or obtaining the manufacturer to which the IP address belongs through an IP library according to the IP address in the flow data so as to obtain the manufacturer information.
8. An internet of things terminal networking device, comprising:
the attribute determining module is used for acquiring the network flow of a target terminal and determining the equipment attribute information of the target terminal based on the network flow;
the function and type determining module is used for determining the application function and the equipment type of the target terminal according to the equipment attribute information;
a connection policy determination module, configured to determine a connection policy of the target terminal according to the application function and the device type;
and the rule determining module is used for generating a networking authority rule of the target terminal based on the connection strategy so that the target terminal can access other internal network equipment according to the networking authority rule.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the internet of things terminal networking method of any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by the processor implements the internet of things terminal networking method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110937890.9A CN113645079A (en) | 2021-08-16 | 2021-08-16 | Internet of things terminal networking method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110937890.9A CN113645079A (en) | 2021-08-16 | 2021-08-16 | Internet of things terminal networking method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113645079A true CN113645079A (en) | 2021-11-12 |
Family
ID=78422067
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110937890.9A Pending CN113645079A (en) | 2021-08-16 | 2021-08-16 | Internet of things terminal networking method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113645079A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106255135A (en) * | 2016-09-09 | 2016-12-21 | 深圳市金立通信设备有限公司 | A kind of network type determines method and terminal |
| CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
| US20200336513A1 (en) * | 2019-04-16 | 2020-10-22 | FireMon, LLC | Network security and management system |
| CN112822160A (en) * | 2020-12-29 | 2021-05-18 | 新华三技术有限公司 | Equipment identification method, device, equipment and machine-readable storage medium |
-
2021
- 2021-08-16 CN CN202110937890.9A patent/CN113645079A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106255135A (en) * | 2016-09-09 | 2016-12-21 | 深圳市金立通信设备有限公司 | A kind of network type determines method and terminal |
| US20200336513A1 (en) * | 2019-04-16 | 2020-10-22 | FireMon, LLC | Network security and management system |
| CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
| CN112822160A (en) * | 2020-12-29 | 2021-05-18 | 新华三技术有限公司 | Equipment identification method, device, equipment and machine-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11652793B2 (en) | Dynamic firewall configuration | |
| JP5889445B2 (en) | Method and apparatus for identifying an application associated with an IP flow using DNS data | |
| CN110311929B (en) | Access control method and device, electronic equipment and storage medium | |
| CN103825895B (en) | A kind of information processing method and electronic equipment | |
| CN100433645C (en) | Network device management method and network management system | |
| WO2017007783A1 (en) | Wide area service discovery for internet of things | |
| CN111935167A (en) | Illegal external connection detection method, device, equipment and storage medium for industrial control | |
| CN113691646A (en) | Domain name service resource access method, device, electronic equipment and medium | |
| CN113542292A (en) | Intranet safety protection method and system based on DNS and IP credit data | |
| CN114465791B (en) | Method and device for establishing white list in network management equipment, storage medium and processor | |
| CN109561172B (en) | DNS transparent proxy method, device, equipment and storage medium | |
| CN114726547A (en) | Industrial internet access control method based on data exchange middleware and readable medium | |
| CN113194099B (en) | Data proxy method and proxy server | |
| CN107592299B (en) | Proxy internet access identification method, computer device and computer readable storage medium | |
| CN114338597A (en) | Network access method and device | |
| CN107623916B (en) | Method and equipment for WiFi network security monitoring | |
| CN113630418A (en) | Network service identification method, device, equipment and medium | |
| CN108040124B (en) | Method and device for controlling mobile terminal application based on DNS-Over-HTTP protocol | |
| CN113645079A (en) | Internet of things terminal networking method, device, equipment and storage medium | |
| CN113852697B (en) | SDP terminal flow proxy method, device, equipment and storage medium | |
| JP7383145B2 (en) | Network service processing methods, systems and gateway devices | |
| CN112565203B (en) | Centralized management platform | |
| CN108768987B (en) | Data interaction method, device and system | |
| JP2007226343A (en) | Presence system, presence presentation method, and program | |
| CN114070624A (en) | Message monitoring method and device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |