CN114221932B - IPv6 active address security evaluation method and electronic equipment - Google Patents

IPv6 active address security evaluation method and electronic equipment Download PDF

Info

Publication number
CN114221932B
CN114221932B CN202111279512.2A CN202111279512A CN114221932B CN 114221932 B CN114221932 B CN 114221932B CN 202111279512 A CN202111279512 A CN 202111279512A CN 114221932 B CN114221932 B CN 114221932B
Authority
CN
China
Prior art keywords
ipv6
address
addresses
autonomous system
active
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111279512.2A
Other languages
Chinese (zh)
Other versions
CN114221932A (en
Inventor
张沛
黄小红
唐霄
吴益杭
寇新睿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202111279512.2A priority Critical patent/CN114221932B/en
Publication of CN114221932A publication Critical patent/CN114221932A/en
Application granted granted Critical
Publication of CN114221932B publication Critical patent/CN114221932B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides an IPv6 active address security evaluation method, including: acquiring a registration prefix, an autonomous system number and an interface identification type corresponding to each IPv6 address in an IPv6 data source, and classifying all IPv6 addresses in the IPv6 data source to obtain an IPv6 address classification set; generating corresponding predicted address sets respectively based on the IPv6 address classification sets and calculating the activity rates of the predicted address sets; wherein the activity rate of the predicted address set is the percentage of IPv6 active addresses in the predicted address set; based on the activity rate of the predicted address set corresponding to each IPv6 address classification set, taking the interface identification type, autonomous system, organization and country as measurement to evaluate the safety performance; by collecting the IPv6 addresses and merging and classifying the IPv6 addresses by means of autonomous system numbers, registration prefixes and interface identification types, the address structure and the distribution rule among the same type of addresses can be analyzed more accurately, and the generated predicted address activity rate is more accurate.

Description

IPv6 active address security evaluation method and electronic equipment
Technical Field
The disclosure relates to the field of IPv6 network space security, and in particular, to an IPv6 active address security evaluation method and an electronic device.
Background
With the rapid advance of IPv6 deployment, IPv6 traffic accounts for an increasing proportion. The active addresses in the IPv6 flow are seed address sets of IPv6 asset detection and topology discovery, have an important role in generating new active addresses, and bring certain security risks.
At present, much attention is paid to the research of a plurality of IPv6 active addresses to emphasize the generation of a new IPv6 active address space and neglect the safety evaluation of an IPv6 active address space, so that the safety evaluation of the IPv6 active address space has important significance for the management of the IPv6 network space.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide an IPv6 active address security evaluation method and an electronic device.
Based on the above purpose, the present disclosure provides a method for evaluating security of IPv6 active addresses, including:
acquiring a registration prefix, an autonomous system number and an interface identification type corresponding to each IPv6 address in an IPv6 data source, and classifying all IPv6 addresses in the IPv6 data source to obtain an IPv6 address classification set;
respectively generating corresponding predicted address sets based on all IPv6 address classification sets and calculating the activity rates of the predicted address sets; wherein the activity rate of the predicted address set is the percentage of IPv6 active addresses in the predicted address set;
and based on the activity rate of the predicted address set corresponding to each IPv6 address classification set, taking the interface identification type, the autonomous system, the organization and the country as measurement degrees to evaluate the safety performance.
Based on the same purpose, the disclosure also provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the IPv6 active address security evaluation method when executing the program.
As can be seen from the above, according to the IPv6 active address security assessment method and the electronic device provided by the present disclosure, first, a registration prefix, an autonomous system number, and an interface identification type corresponding to each IPv6 address in an IPv6 data source are obtained, all IPv6 addresses in the IPv6 data source are classified based on the registration prefix, the autonomous system number, and the interface identification type of each IPv6 address to obtain an IPv6 address classification set, then, corresponding predicted address sets are respectively generated based on each IPv6 address classification set, the percentage of IPv6 active addresses in the predicted address sets is calculated, and finally, based on the activity rates of the predicted addresses, interface identification type security performance assessment, autonomous system security performance assessment, organization security performance assessment, and national security performance assessment are respectively performed; according to the IPv6 active address security evaluation method, the IPv6 addresses are collected, the IPv6 addresses are merged and classified by means of autonomous system numbers, registration prefixes and interface identification types, the address structure and the distribution rule among the same type of addresses can be analyzed more accurately, and the generated predicted address active rate is more accurate; and the interface identification type, the autonomous system, the organization and the country are used as measures to evaluate the security performance, thereby providing a guiding direction for the security defense of the network space.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for evaluating security of an IPv6 active address according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram illustrating an IPv6 address classification flow provided by an embodiment of the present disclosure;
fig. 3 is a schematic diagram of an IPv6 address classification tree structure provided in the embodiment of the present disclosure;
fig. 4 is a more specific schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items.
IPv6 is an abbreviation of "Internet Protocol Version 6" (Internet Protocol Version 6) in english, and is a next-generation IP Protocol designed by Internet Engineering Task Force (IETF) to replace IPv4, and because the biggest problem of IPv4 is that network address resources are insufficient, application and development of the Internet are severely restricted. The use of the IPv6 not only solves the problem of the number of network address resources, but also solves the obstacle of connecting various access devices to the Internet.
With the rapid advance of IPv6 deployment, IPv6 traffic is becoming larger. The active addresses in the IPv6 traffic are seed address sets of IPv6 asset detection and topology discovery, have an important role in generating new active addresses, and bring certain security risks.
At present, much attention is paid to the research of a plurality of IPv6 active addresses to emphasize the generation of a new IPv6 active address space and neglect the safety evaluation of an IPv6 active address space, so that the safety evaluation of the IPv6 active address space has important significance for the management of the IPv6 network space.
In order to solve the above problems, the present disclosure provides an IPv6 active address security evaluation method and an electronic device, the method includes obtaining a registration prefix, an autonomous system number and an interface identification type corresponding to each IPv6 address in an IPv6 data source, classifying all IPv6 addresses in an IPv6 data source based on the registration prefix, the autonomous system number and the interface identification type of each IPv6 address to obtain an IPv6 address classification set, then generating corresponding prediction address sets based on each IPv6 address classification set respectively and calculating the percentage of IPv6 active addresses in the prediction address set, and finally performing interface identification type security performance evaluation, autonomous system security performance evaluation, organizational security performance evaluation and national security performance evaluation based on the active rates of the prediction addresses respectively; the method can be applied to desktop computers, mobile phones, tablet computers, intelligent wearable devices, personal digital assistants and the like, and is not limited specifically.
For the convenience of understanding, the first aid information transmission method will be described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of an IPv6 active address security evaluation method according to an embodiment of the present disclosure; as shown in fig. 1, the method may include the steps of:
s11, acquiring registration prefixes, autonomous system numbers and interface identification types corresponding to all IPv6 addresses in the IPv6 data source, and classifying all IPv6 addresses in the IPv6 data source to obtain an IPv6 address classification set.
In the present disclosure, an autonomous system (AS for short) is a large network or a network group managed by a single organization, and there may be multiple subnetworks in a single autonomous system, and the multiple subnetworks share the same routing policy. Each autonomous system is assigned its own autonomous system number (ASN for short) to facilitate its identification.
The autonomous system has multi-dimensional attribute information, which includes static information and dynamic information, the static information may include country attribution, organization attribution, name, description of each attribute information, technical administrator, industry property, etc., the dynamic information may include declaration routing prefix, adjacency relation, etc., and the declaration routing prefix may obtain the allocated address prefix and the registered routing prefix of its own attribution through address query.
The Interface Identifier (IID) is 64 bits and is used to identify the interface on the link, and the interface identifier must be unique on each link. The interface identifier has multiple uses, the most common use being to attach behind the prefix of the link local address to form a 128-bit interface link local address. In practical applications, the interface identification of the IPv6 address can be roughly divided into seven types:
(1) IEEE EUI-64: and generating the interface type based on the MAC address. The interface identifier is obtained by 48 bits of hardware address (MAC address), and is obtained by embedding 0xfffe in the combination of IEEE specified public 24 bits of manufacturer identifier and 24 bits of value specified by the manufacturer for the product, and the interface identifier is fixed by random hardware and is globally unique.
(2) ISATAP: an IPv6 local link address is generated based on the IPv4 address. ISATAP is an IPv6 transition mechanism, a dual-stack host supporting ISATAP in a network can establish an ISATAP tunnel with an ISATAP router when needing to access IPv6 resources, an IPv6 address of the ISATAP router is constructed according to an IPv6 prefix issued by the ISATAP router, the ISATAP router is set as an IPv6 default gateway of the ISATAP router, and then the resources of IPv6 can be accessed. ISATAP adds a specific IPv6 prefix to an IPv4 address bit string of a host as an IPv6 address of an interface, uses a specific 0200:5efe prefix for global unicast addresses, and uses 0000:5efe for private network addresses. For example, if a host IPv4 address is 1.1.1.1, then its ISATAP generates a link local address of fe80::0200:5efe:0101:0101 and a global unicast address of 2001::0000:5efe:0101:0101(0101:0101 is a hexadecimal value of its IPv4 address 1.1.1.1).
(3)Embed-IPv4: the interface embedded by the IPv4 address identifies the generation mode. The IPv4 address is used as the last four bytes or eight bytes of the interface identification to generate the IPv6 address, such as 2001: da8::0c00:0201(0c00:0a01, 192.0.2.1), 2001: da8:: 192.0.2.1.
(4) Embedded-Port: and the service port number is embedded in the interface identifier generation mode. The number and port number of the server are usually coded into the interface identification, for example, for a server using 80 port of HTTP, the IPv6 address can be 2001: da8::80:1 or 2001: da8::1: 80.
(5) Low-Byte: and identifying a generation mode based on the interface of the low byte. The last 64 bits of an IPv6 address are mostly set to 0, with the lowest 1 or 2 bytes often being non-0, e.g., 2001: da8::1, 2001: da8:: 12.
(6) Byte-Pattern: the shapes are 2409:8954: d955:75ab:1:1: d5: f182, 2a03:32c0:4001: ed2f:1:0: e323:8e 49.
(7) Random: the temporary address. The random temporary address is generated by concatenating the random identifier with the auto-configured IPv6 prefix advertised in the router advertisement message. In addition to being unpredictable, temporary addresses are often fugitive, i.e., valid for a limited time, and stale, i.e., fail, with great security.
In practical application, in order to evaluate the security of the IPv6 active address, an IPv6 data source needs to be acquired first; then, in some possible embodiments, the method further comprises: an IPv6 data source containing a plurality of IPv6 addresses is obtained. Specifically, all IPv6 addresses may be extracted from the global routing table as IPv6 data sources.
After acquiring an IPv6 data source containing a plurality of IPv6 addresses, further acquiring registration prefixes and autonomous system numbers corresponding to all IPv6 addresses; then, in some possible embodiments, obtaining the registration prefix and the autonomous system number corresponding to each IPv6 address in the IPv6 data source may include:
acquiring subnet prefixes of all IPv6 addresses in an IPv6 data source;
and searching the registered prefix with the highest matching degree with the subnet prefix and the corresponding autonomous system number according to a pre-established registered routing prefix search tree.
IPv6 addresses have 128 bits in total, for convenience of representation, a dotted decimal representation analogous to IPv4, IPv6 uses an apostrophe hexadecimal representation, and to simplify the very long zero sequences appearing in addresses, the long zero sequences are further replaced by double colons, for example 2001:0da8:0000: fb58:0000: 0c4f:7e69, which is simplified to 2001: da8:0: fb58: c4f:7e 69.
The IPv6 address may be divided into two parts, respectively a subnet prefix for network routing and an interface identification for addressing within the subnet.
The registration prefix with the highest matching degree with the subnet prefix refers to the registration prefix which can be matched with the subnet prefix longest, and after the registration prefix with the highest matching degree with the subnet prefix is found in the registration routing prefix lookup tree, the autonomous system number corresponding to the registration prefix can be further obtained, so that the registration prefix and the autonomous system number of the IPv6 address are obtained.
Through the subnet prefixes of all IPv6 addresses, the registration prefixes and the autonomous system numbers corresponding to all IPv6 addresses can be accurately and quickly found in the registration routing prefix search tree, and the efficiency and the accuracy of IPv6 active address security evaluation are improved.
In order to search the registration prefix and the autonomous system number corresponding to each IPv6 address, a registration route prefix search tree can be established in advance; then, in some possible embodiments, the method for establishing the registered routing prefix lookup tree includes:
establishing a registration routing prefix search tree by respectively taking the registration prefix and the registration prefix attribute information as nodes and node contents; the registered prefix attribute information comprises an autonomous system number corresponding to a registered prefix.
In practical application, the registered prefix attribute information may include an autonomous system number, attribute information description, and the like; the registration prefix attribute information may be obtained from an internet registry. The address prefix is arbitrarily input in the registration routing prefix search tree, and the registration prefix with the highest matching degree with the address prefix and the parent-level prefix node information can be found.
By establishing a prefix search tree of the registered route in advance, the speed of safety evaluation of the IPv6 active address can be further improved.
In order to perform multi-measure security evaluation on the IPv6 active address, countries and organizations corresponding to all IPv6 addresses can be further obtained; then, in some possible embodiments, the method may further include: acquiring countries and organizations corresponding to the IPv6 addresses based on the autonomous system numbers corresponding to the IPv6 addresses; the method specifically comprises the following steps: and searching countries and organizations matched with the autonomous system numbers corresponding to the IPv6 addresses according to a pre-established two-dimensional autonomous system information dictionary.
In some possible embodiments, the method for establishing the two-dimensional dictionary of the autonomous system information may include: respectively taking the autonomous system number, the autonomous system attribute information classification name and the autonomous system attribute information as key values, secondary key values and values to construct an autonomous system information two-dimensional dictionary; the autonomous system attribute information includes a country and an organization corresponding to the autonomous system number.
In practical application, the attribute information of the autonomous system may include country attribution, organization attribution, name, technical administrator, industry property, description of each attribute information, and the like, and is not limited specifically; the autonomous system attribute information may be obtained from an internet registry. The autonomous system numbers corresponding to the IPv6 addresses are input into the autonomous system information two-dimensional dictionary, so that the countries and organizations matched with the numbers of the autonomous systems can be found, namely the countries and organizations corresponding to the IPv6 addresses can be found.
Through the two-dimensional dictionary of the autonomous system information, the countries and the organizations corresponding to the IPv6 addresses can be quickly and accurately obtained, so that multi-measure safety assessment can be conveniently carried out on the IPv6 active addresses, the accuracy of the safety assessment on the IPv6 active addresses is improved, and a guiding direction is conveniently provided for network space safety defense.
In some possible embodiments, obtaining the interface identification type corresponding to each IPv6 address in the IPv6 data source may include:
acquiring interface identifiers of all IPv6 addresses in an IPv6 data source;
and determining the interface identification type corresponding to each IPv6 address in the IPv6 data source based on the interface identification of each IPv6 address.
In practical application, an addr6 tool may be used to query the interface identifier type corresponding to each IPv6 address in the IPv6 data source, which is not limited specifically.
After acquiring the registration prefix, the autonomous system number and the interface identification type corresponding to each IPv6 address, classifying all IPv6 addresses to obtain an IPv6 address classification set further based on the information; then, in some possible embodiments, classifying all IPv6 addresses in the IPv6 data source results in an IPv6 address classification set, including:
classifying all IPv6 addresses in the IPv6 data source by taking all autonomous system numbers corresponding to all IPv6 addresses in the IPv6 data source as first nodes to obtain a first classification result;
classifying the first classification result by using all registration prefixes corresponding to all IPv6 addresses in an IPv6 data source as second nodes to obtain a second classification result;
and classifying the second classification result by taking all interface identification types corresponding to all IPv6 addresses in an IPv6 data source as third nodes to obtain an IPv6 address classification set.
The IPv6 address classification set obtained by the classification method is a classification tree structure which is an ordered tree structure, each layer represents different classification rules, leaf nodes store IPv6 addresses, the classification types of the IPv6 address classification set can be determined according to the positions of the IPv6 addresses in the classification tree, all brother nodes in the classification tree have no same place, and the only intersection is a father node.
Fig. 2 is a schematic diagram of an IPv6 address classification process provided in the embodiment of the present disclosure, as shown in fig. 2, first, for all IPv6 addresses in an IPv6 data source, classifying according to autonomous system numbers, taking all acquired autonomous system numbers as first-order nodes, determining whether an autonomous system number corresponding to each IPv6 address exists in an existing first-order node, if so, adding the IPv6 address to a corresponding autonomous system number node, and if not, newly building an autonomous system number node in the first-order node and adding an IPv6 address to the newly built node.
Then, according to the registration prefixes, classifying all IPv6 addresses included under each first-order node, taking all acquired registration prefixes as second-order nodes, judging whether the registration prefixes corresponding to all IPv6 addresses exist in the second-order nodes, if so, adding the IPv6 addresses to the corresponding registration prefix nodes, and if not, newly building registration prefix nodes in the second-order nodes and adding IPv6 addresses to the newly built nodes.
And finally, classifying all IPv6 addresses included under each second-order node according to the interface identifier type, taking all acquired interface identifiers as third-order nodes, judging whether the interface identifier type corresponding to each IPv6 address exists in the third-order nodes, if so, adding the IPv6 address into the corresponding interface identifier type, if not, newly building an interface identifier type node in the third-order nodes and adding the IPv6 address into the newly built node, finishing the classification process of all IPv6 addresses in an IPv6 data source, and obtaining an IPv6 address classification set of a classification tree structure. Since the interface identification type is the last node when classifying the IPv6 address, after the number of the autonomous system and the registration prefix are determined, a single IPv6 address classification set corresponds to a single interface identification type.
Fig. 3 is a schematic structural diagram of an IPv6 address classification tree provided in the embodiment of the present disclosure, and as shown in fig. 3, a root node at the top position in the classification tree sequentially includes, from the root node to the bottom, an autonomous system numbering node, a registration prefix node, an interface identification type node, and leaf nodes, where each leaf node represents a type of IPv6 address.
By finely classifying all IPv6 addresses in an IPv6 data source by means of a registration prefix, an autonomous system number and an interface identification type, the address structure and the distribution rule among the same IPv6 addresses can be analyzed more accurately.
S12, generating corresponding predicted address sets respectively based on the IPv6 address classification sets and calculating the activity rates of the predicted address sets; wherein the activity rate of the predicted address set is the percentage of IPv6 active addresses in the predicted address set.
In some possible embodiments, generating a corresponding predicted address set based on each IPv6 address classification set and calculating an activity rate of the predicted address set may specifically include:
generating a prediction address set based on each IPv6 address included in each IPv6 address classification set respectively;
judging whether each IPv6 predicted address in the predicted address set is an IPv6 active address;
calculating the percentage of the number of IPv6 active addresses in the predicted address set to the total number of IPv6 predicted addresses in the predicted address set to obtain the active rate of the predicted address set;
the calculation formula for predicting the activity rate of the address set is as follows:
Figure BDA0003321804850000081
count active indicating the number, count, of IPv6 active addresses in the predicted address set total Indicating the number of IPv6 predicted addresses in the predicted address set.
In practical applications, a heuristic algorithm may be utilized to generate a corresponding set of predicted addresses based on each IPv6 address classification set. For example, an Entropy/IP algorithm may be used to generate a predicted address set, specifically, a 32-bit Entropy value of each IPv6 address in the IPv6 address classification set is calculated, adjacent address bits are combined into segments according to the Entropy value, and the probability of occurrence of each bit value of each segment is counted, so as to construct a bayesian graph model. The 6gen algorithm can also be adopted to generate a prediction address set, specifically, dense areas in the IPv6 address value space are identified in the IPv6 address classification set, new address values are selected in the dense areas, and then candidate addresses needing to be scanned are generated. The prediction address set can also be generated by adopting a 6tree algorithm, specifically, the IPv6 address is understood as a 32-dimensional high-dimensional vector, and top-down split hierarchical clustering is performed on a corresponding seed vector to generate a spatial tree, and addresses contained in leaf nodes of the clustering tree and new addresses are generated at the same time.
After the predicted address set is generated, the activity rate of the predicted address set needs to be further calculated, namely, the percentage of IPv6 active addresses in the predicted address set is calculated. In practical application, ping and traceroute may be adopted to determine whether each IPv6 predicted address in the predicted address set is an IPv6 active address, which is not specifically limited.
And respectively carrying out activity judgment on the IPv6 predicted addresses included in the predicted address set, counting the number of IPv6 active addresses in the predicted address set, and calculating the percentage of the number of IPv6 active addresses to the total number of IPv6 predicted addresses to obtain the activity rate of the predicted address set.
And S13, based on the activity rates of the predicted address sets corresponding to the IPv6 address classification sets, taking the interface identification types, autonomous systems, organizations and countries as measures to evaluate the safety performance.
In the disclosure, after the activity rates of the predicted address sets corresponding to the IPv6 address classification sets are obtained, interface identifier type security performance evaluation, autonomous system security performance evaluation, organization security performance evaluation, and national security performance evaluation may be further performed, so as to provide a guidance direction for network space security defense. The national security performance evaluation result represents the security of the IPv6 active address within the national scope; the organization security performance evaluation result represents the security of the IPv6 active address within the range of the organization after the country is determined; the safety performance evaluation result of the autonomous system represents the safety of the IPv6 active address within the range of the autonomous system after the country and the organization are determined, and the safety performance evaluation result of the interface identification type represents the safety of the IPv6 active address within the range of the interface identification type after the country, the organization structure and the autonomous system are determined.
In some possible implementation paradigms, the calculation formula adopted when performing security performance evaluation with the interface identification type as a measure may be:
grade IID =1-active IID
wherein grade IID Safety performance evaluation value, active, representing each interface identification type IID Representing the activity rate of a prediction address set corresponding to each interface identification type;
the calculation formula adopted when the autonomous system is used as the measure to evaluate the safety performance can be as follows:
Figure BDA0003321804850000101
wherein, gradesan represents the safety performance evaluation value of each autonomous system, n represents the number of interface identification types included in the autonomous system, count IID_i The number, count, of IPv6 active addresses included in a predicted address set corresponding to each interface identification type under the autonomous system ASN_total The sum of the number of IPv6 active addresses included in the predicted address set representing all interface identification types under the autonomous system;
the calculation formula adopted when the safety performance is evaluated by taking an organization as a measure can be as follows:
Figure BDA0003321804850000102
wherein grade org Represents the safety performance evaluation value of each organization, m represents the number of autonomous systems included in the organization, count ASN_i Indicating the number of IPv6 active addresses, counts, included in the predicted address set of each autonomous system under an organization org_total The sum of the number of IPv6 active addresses included in the predicted address set representing all autonomous systems under an organization;
the calculation formula adopted when the security evaluation is performed by taking the country as the measure can be as follows:
Figure BDA0003321804850000103
wherein grade country Denotes the safety performance evaluation value of each country, t denotes the number of organizations included in the country, count org_i Number of IPv6 active addresses, count, included in a predicted address set representing organizations under a country country_total The sum of the number of IPv6 active addresses included in the predicted address set representing all organizations under the country.
In practical application, after the number of the autonomous system and the registration prefix are determined, a single interface identification type only corresponds to one IPv6 address classification set, and a single IPv6 address classification set corresponds to one predicted address set, so that after the number of the autonomous system and the registration prefix are determined, a single interface identification type only corresponds to one predicted address set. The safety performance of the interface identification can be evaluated according to the activity rate of the predicted address set under each interface identification type, the activity rate of the predicted address set represents the difficulty degree of scanning and detecting the IPv6 predicted address under the type, and the higher the activity rate of the predicted address set is, the easier the detection is, the lower the safety performance of the corresponding interface identification type is. For example, the predicted address activity rate corresponding to the address classification set of the Random type IPv6 is 15%, and then the security performance evaluation result of the Random type is 1-0.15 ═ 0.85; if the active rate of the Low-Byte type predicted address is 30%, the result of the security performance evaluation of the Low-Byte type predicted address is 1-0.3-0.7.
The IPv6 active addresses of multiple interface identification types may exist in a single autonomous system, and the number of the IPv6 active addresses of the same interface identification type in different autonomous systems is different, so that the safety performance evaluation result of the autonomous system can be obtained according to the scale of the IPv6 active addresses of different interface identification types in the single autonomous system, namely the IPv6 active address ratio in the interface identification type and the safety performance evaluation result of the interface identification type. For example, if autonomous system AS-4134, autonomous System number 4134, has four interface identification types, the security performance assessment score of the interface identification type and the number of IPv6 active addresses contained therein are shown in Table 1 below, then the grade 4134 The calculation is as follows:
Figure BDA0003321804850000111
similarly, a plurality of autonomous systems may exist under a single organization, and the security performance evaluation result of the organization can be obtained according to the IPv6 active address ratios in different autonomous systems under the single organization and the security performance evaluation results of the different autonomous systems under the organization.
Further, a plurality of organizations may exist in a single country, and the security performance evaluation result of the country may be obtained according to the IPv6 active address ratio of different organizations in the single country and the security performance evaluation result of different organizations in the country.
The interface identification type safety performance evaluation score, the autonomous system safety performance evaluation result, the organization safety performance evaluation result and the national safety performance evaluation result are all between 0 and 1, the closer to 1, the safer the IPv6 active address is, and the safer the address is, on the contrary, the closer to 0, the unsafe is.
In practical application, after obtaining the interface identification type safety performance evaluation result, the autonomous system safety performance evaluation result, the organization safety performance evaluation result and the national safety performance evaluation result, the security performance can be further ranked for the country, the organization, the autonomous system and the interface identification type respectively; for example, the security performance of a plurality of countries may be ranked according to the national security performance evaluation result; after the country is determined, ranking the safety performance of a plurality of organization structures according to the safety performance evaluation result of the organization; after the countries and the organizations are determined, the safety performance of the autonomous systems can be ranked according to the safety performance evaluation results of the autonomous systems; after the country, the organization and the autonomous system are determined, the safety performance of the interface identification types can be ranked according to the interface identification type safety performance evaluation result.
In some possible implementation paradigms, the method comprises: outputting a multi-measure safety arrangement table according to the safety performance evaluation result; and the network space security defense strategy is convenient to make.
It can be understood that the IPv6 active address security evaluation method collects IPv6 addresses and merges and classifies the IPv6 addresses by the aid of autonomous system numbers, registration prefixes and interface identification types, so that address structures and distribution rules among the same type of addresses can be analyzed more accurately, and the generated predicted address active rate is more accurate; and the interface identification type, the autonomous system, the organization and the country are taken as measures to evaluate the security performance, thereby providing a guiding direction for the security defense of the network space.
It should be noted that the method of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may only perform one or more steps of the method of the embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to any embodiment of the method, the present disclosure further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the IPv6 active address security evaluation method described in any embodiment of the present disclosure is implemented.
Fig. 4 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component within the device (not shown) or may be external to the device to provide corresponding functionality. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (for example, USB, network cable, etc.), and can also realize communication in a wireless mode (for example, mobile network, WIFI, bluetooth, etc.).
The bus 1050 includes a path to transfer information between various components of the device, such as the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only the components necessary to implement the embodiments of the present disclosure, and need not include all of the components shown in the figures.
The electronic device of the foregoing embodiment is used to implement the corresponding IPv6 active address security evaluation method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
It should be noted that the embodiments of the present disclosure can be further described in the following ways:
an IPv6 active address security assessment method comprises the following steps:
acquiring a registration prefix, an autonomous system number and an interface identification type corresponding to each IPv6 address in an IPv6 data source, and classifying all IPv6 addresses in the IPv6 data source to obtain an IPv6 address classification set;
respectively generating corresponding predicted address sets based on all IPv6 address classification sets and calculating the activity rates of the predicted address sets; wherein the active rate of the predicted address set is the percentage of IPv6 active addresses in the predicted address set;
and based on the activity rate of the predicted address set corresponding to each IPv6 address classification set, taking the interface identification type, the autonomous system, the organization and the country as measurement degrees to evaluate the safety performance.
Optionally, the obtaining of the registration prefix and the autonomous system number corresponding to each IPv6 address in the IPv6 data source includes:
acquiring subnet prefixes of all IPv6 addresses in an IPv6 data source;
and searching the registered prefix with the highest matching degree with the subnet prefix and the corresponding autonomous system number according to a pre-established registered routing prefix search tree.
Optionally, the method for establishing the prefix lookup tree of the registered route includes:
establishing a registration routing prefix search tree by respectively taking the registration prefix and the registration prefix attribute information as nodes and node contents; and the registered prefix attribute information comprises an autonomous system number corresponding to the registered prefix.
Optionally, the method further comprises:
acquiring countries and organizations corresponding to the IPv6 addresses based on the autonomous system numbers corresponding to the IPv6 addresses;
the acquiring countries and organizations corresponding to the IPv6 addresses based on the autonomous system numbers corresponding to the IPv6 addresses includes:
and searching countries and organizations matched with the autonomous system numbers corresponding to the IPv6 addresses according to a pre-established two-dimensional autonomous system information dictionary.
Optionally, the method for establishing the two-dimensional dictionary of the autonomous system information includes:
respectively taking the autonomous system number, the autonomous system attribute information classification name and the autonomous system attribute information as key values, secondary key values and values to construct an autonomous system information two-dimensional dictionary; the autonomous system attribute information includes a country and an organization corresponding to an autonomous system number.
Optionally, classifying all IPv6 addresses in the IPv6 data source to obtain an IPv6 address classification set, including:
classifying all IPv6 addresses in the IPv6 data source by taking all autonomous system numbers corresponding to all IPv6 addresses in the IPv6 data source as first nodes to obtain a first classification result;
classifying the first classification result by using all registration prefixes corresponding to all IPv6 addresses in an IPv6 data source as second nodes to obtain a second classification result;
and classifying the second classification result by taking all interface identification types corresponding to all IPv6 addresses in an IPv6 data source as third nodes to obtain an IPv6 address classification set.
Optionally, the generating a corresponding predicted address set based on each IPv6 address classification set and calculating an activity rate of the predicted address set respectively includes:
generating a prediction address set based on each IPv6 address included in each IPv6 address classification set respectively;
judging whether each IPv6 predicted address in the predicted address set is an IPv6 active address;
calculating the percentage of the number of IPv6 active addresses in the predicted address set to the total number of IPv6 predicted addresses in the predicted address set to obtain the active rate of the predicted address set;
the calculation formula for predicting the activity rate of the address set is as follows:
Figure BDA0003321804850000151
count active indicating the number, count, of IPv6 active addresses in the predicted address set total Indicating the number of IPv6 predicted addresses in the predicted address set.
Optionally, a calculation formula adopted when the interface identifier type is used as a measure to perform the security performance evaluation is as follows:
grade IID =1-active IID
wherein grade IID Safety performance evaluation value, active, representing each interface identification type IID Representing the activity rate of a prediction address set corresponding to each interface identification type;
the calculation formula adopted when the safety performance evaluation is carried out by taking the autonomous system as the measure is as follows:
Figure BDA0003321804850000152
wherein grade ASN Represents the safety performance evaluation value of each autonomous system, n represents the number of interface identification types included in the autonomous system, count IID_i The number, count, of IPv6 active addresses included in a predicted address set corresponding to each interface identification type under the autonomous system ASN_total The sum of the number of IPv6 active addresses included in the predicted address set representing all interface identification types under the autonomous system;
the calculation formula adopted when the safety performance is evaluated by taking an organization as a measure is as follows:
Figure BDA0003321804850000153
wherein, grade org Represents the safety performance evaluation value of each organization, m represents the number of autonomous systems included in the organization, count ASN_i Indicating the number of IPv6 active addresses, counts, included in the predicted address set of each autonomous system under an organization org_total The sum of the number of IPv6 active addresses included in the predicted address set representing all autonomous systems under an organization;
the calculation formula adopted when the security evaluation is carried out by taking the country as the measure is as follows:
Figure BDA0003321804850000161
wherein grade country Denotes the safety performance evaluation value of each country, t denotes the number of organizations included in the country, count org_i Number of IPv6 active addresses, count, included in a predicted address set representing organizations under a country country_total The sum of the number of IPv6 active addresses included in the predicted address set representing all organizations under the country.
Optionally, the method further comprises: and outputting a multi-measure safety arrangement table according to the safety performance evaluation result.
An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing an IPv6 active address security assessment method when executing the program.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that the embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made without departing from the spirit or scope of the embodiments of the present disclosure are intended to be included within the scope of the disclosure.

Claims (9)

1. An IPv6 active address security assessment method includes:
acquiring a registration prefix, an autonomous system number and an interface identification type corresponding to each IPv6 address in an IPv6 data source, and classifying all IPv6 addresses in the IPv6 data source to obtain an IPv6 address classification set;
respectively generating corresponding predicted address sets based on all IPv6 address classification sets and calculating the activity rates of the predicted address sets; wherein the activity rate of the predicted address set is the percentage of IPv6 active addresses in the predicted address set;
based on the activity rate of the predicted address set corresponding to each IPv6 address classification set, taking interface identification type, autonomous system, organization and country as measures to evaluate the safety performance;
the calculation formula adopted when the interface identification type is used as the measure to evaluate the safety performance is as follows:
grade IID =1-active IID
wherein grade IID Safety performance evaluation value, active representing each interface identification type IID Representing the activity rate of the predicted address set corresponding to each interface identification type;
the calculation formula adopted when the safety performance evaluation is carried out by taking the autonomous system as the measure is as follows:
Figure FDA0003775915540000011
wherein grade ASN Represents the safety performance evaluation value of each autonomous system, n represents the number of interface identification types included in the autonomous system, count IID_i The number, count, of IPv6 active addresses included in a predicted address set corresponding to each interface identification type under the autonomous system ASN_total The sum of the number of IPv6 active addresses included in the predicted address set representing all interface identification types under the autonomous system;
the calculation formula adopted when taking an organization as a measure to evaluate the safety performance is as follows:
Figure FDA0003775915540000012
wherein grade org Represents the safety performance evaluation value of each organization, m represents the number of autonomous systems included in the organization, count ASN_i Indicating the number of IPv6 active addresses, counts, included in the predicted address set of each autonomous system under an organization org_total The sum of the number of IPv6 active addresses included in the predicted address set representing all autonomous systems under an organization;
the calculation formula adopted when the security evaluation is carried out by taking the country as the measure is as follows:
Figure FDA0003775915540000021
wherein grade country Denotes the safety performance evaluation value of each country, t denotes the number of organizations included in the country, count org_i Number of IPv6 active addresses, count, included in a predicted address set representing organizations under a country country_total The sum of the number of IPv6 active addresses included in the predicted address set representing all organizations under the country.
2. The IPv6 active address security evaluation method according to claim 1, wherein obtaining a registration prefix and an autonomous system number corresponding to each IPv6 address in an IPv6 data source includes:
acquiring subnet prefixes of all IPv6 addresses in an IPv6 data source;
and searching the registered prefix with the highest matching degree with the subnet prefix and the corresponding autonomous system number according to a pre-established registered routing prefix search tree.
3. The IPv6 active address security evaluation method according to claim 2, wherein the method for establishing the registration routing prefix lookup tree includes:
establishing a registration routing prefix search tree by respectively taking the registration prefix and the registration prefix attribute information as nodes and node contents; and the registered prefix attribute information comprises an autonomous system number corresponding to the registered prefix.
4. The IPv6 active address security evaluation method of claim 1, further comprising:
acquiring countries and organizations corresponding to the IPv6 addresses based on the autonomous system numbers corresponding to the IPv6 addresses;
the obtaining of the country and the organization corresponding to each IPv6 address based on the number of the autonomous system corresponding to each IPv6 address includes:
and searching countries and organizations matched with the autonomous system numbers corresponding to the IPv6 addresses according to a pre-established two-dimensional autonomous system information dictionary.
5. The IPv6 active address security assessment method according to claim 4, wherein the method for establishing the autonomous system information two-dimensional dictionary comprises the following steps:
respectively taking the autonomous system number, the autonomous system attribute information classification name and the autonomous system attribute information as key values, secondary key values and values to construct an autonomous system information two-dimensional dictionary; the autonomous system attribute information includes a country and an organization corresponding to an autonomous system number.
6. The IPv6 active address security evaluation method of claim 1, wherein classifying all IPv6 addresses in the IPv6 data source results in an IPv6 address classification set, comprising:
classifying all IPv6 addresses in the IPv6 data source by taking all autonomous system numbers corresponding to all IPv6 addresses in the IPv6 data source as first nodes to obtain a first classification result;
classifying the first classification result by using all registration prefixes corresponding to all IPv6 addresses in an IPv6 data source as second nodes to obtain a second classification result;
and classifying the second classification result by taking all interface identification types corresponding to all IPv6 addresses in an IPv6 data source as third nodes to obtain an IPv6 address classification set.
7. The IPv6 active address security evaluation method of claim 1, wherein the generating corresponding predicted address sets based on respective IPv6 address classification sets and calculating the active rates of the predicted address sets respectively comprises:
generating a prediction address set based on each IPv6 address included in each IPv6 address classification set respectively;
judging whether each IPv6 predicted address in the predicted address set is an IPv6 active address;
calculating the percentage of the number of IPv6 active addresses in the predicted address set to the total number of IPv6 predicted addresses in the predicted address set to obtain the active rate of the predicted address set;
the calculation formula for predicting the activity rate of the address set is as follows:
Figure FDA0003775915540000031
count active indicating the number, count, of IPv6 active addresses in the predicted address set total Indicating the number of IPv6 predicted addresses in the predicted address set.
8. The IPv6 active address security evaluation method of claim 1, further comprising:
and outputting a multi-measure safety arrangement table according to the safety performance evaluation result.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 8 when executing the program.
CN202111279512.2A 2021-10-26 2021-10-26 IPv6 active address security evaluation method and electronic equipment Active CN114221932B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111279512.2A CN114221932B (en) 2021-10-26 2021-10-26 IPv6 active address security evaluation method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111279512.2A CN114221932B (en) 2021-10-26 2021-10-26 IPv6 active address security evaluation method and electronic equipment

Publications (2)

Publication Number Publication Date
CN114221932A CN114221932A (en) 2022-03-22
CN114221932B true CN114221932B (en) 2022-09-30

Family

ID=80696286

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111279512.2A Active CN114221932B (en) 2021-10-26 2021-10-26 IPv6 active address security evaluation method and electronic equipment

Country Status (1)

Country Link
CN (1) CN114221932B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115378912B (en) * 2022-07-21 2023-06-09 北京华顺信安科技有限公司 Scanning method and system for active IPv6 address

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031469A (en) * 2019-10-31 2020-04-17 东南大学 Data forwarding mode in IPv6 wireless sensor network based on location awareness

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7768946B2 (en) * 2003-04-07 2010-08-03 Nokia Corporation Resource determination in IP-based networks
FI120612B (en) * 2005-02-14 2009-12-15 Teliasonera Ab Procedure for providing virtual private network service between autonomous systems
CN100364306C (en) * 2006-09-19 2008-01-23 清华大学 Identifying method for IPv6 actual source address between autonomy systems based on signature
CN111447292B (en) * 2020-02-24 2021-10-01 北京邮电大学 IPv6 geographical position positioning method, device, equipment and storage medium
CN111432043B (en) * 2020-03-09 2021-06-01 清华大学 Dynamic IPv6 address detection method based on density
CN111901201B (en) * 2020-07-30 2021-09-28 中国电子信息产业集团有限公司第六研究所 IPv6 network topology measurement target selection method
CN112383644B (en) * 2020-10-21 2022-08-05 北京邮电大学 Heuristic IPv6 address scanning target generation method and related equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031469A (en) * 2019-10-31 2020-04-17 东南大学 Data forwarding mode in IPv6 wireless sensor network based on location awareness

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
6Topo:一种测量IPv6网络拓扑的新方法;朱正一等;《小型微型计算机系统》;20200529(第06期);全文 *
Altyeb Altaher ; Sureswaran Ramadass.A dual Stack IPv4/IPv6 Testbed for Malware detection in IPv6 Networks.《 2011 IEEE International Conference on Control System, Computing and Engineering》.2011, *
李果 ; 何林 ; 宋光磊 ; 王之梁 ; 杨家海.基于种子地址的IPv6地址探测技术综述.《电信科学》.2020, *

Also Published As

Publication number Publication date
CN114221932A (en) 2022-03-22

Similar Documents

Publication Publication Date Title
CN108769111A (en) A kind of server connection method, computer readable storage medium and terminal device
CN112104677A (en) Controlled host detection method and device based on knowledge graph
CN103825976A (en) NAT (network address translation) processing method and device in distributed system architecture
US20170359227A1 (en) Internet address structure analysis, and applications thereof
US20090279437A1 (en) Locality-based routing table generation
JP2008033409A (en) Asset management system and method, information processor, management device and program
CN114221932B (en) IPv6 active address security evaluation method and electronic equipment
CN114301874B (en) IPv6 address positioning method based on IPv4 address geographical position information and electronic equipment
CN111107181B (en) NAT rule matching method and device, electronic equipment and storage medium
CN112492056A (en) IP address use analysis method and device
Song et al. {AddrMiner}: A Comprehensive Global Active {IPv6} Address Discovery System
CN104702618B (en) The method and apparatus for determining network access information
CN103117864A (en) Subnet combination method and device
Ma et al. GraphNEI: A GNN-based network entity identification method for IP geolocation
Kardeş et al. Structural graph indexing for mining complex networks
WO2017145843A1 (en) Analysis method, analysis device, and analysis program
Berenguer et al. Radiography of internet autonomous systems interconnection in Latin America and the Caribbean
US20190005533A1 (en) Signal Matching for Entity Resolution
CN114071448B (en) Data transmission method, related network node and storage medium
CN112235134B (en) Router ownership detection method and system based on IP connection probability classification
CN113301001B (en) Attacker determination method, attacker determination device, computing equipment and attacker determination medium
CN114448849A (en) Website IPv6 network support mode detection method and electronic equipment
CN113746738A (en) Data forwarding method, device and related equipment
CN113079034A (en) Internet basic resource and relation model thereof, and construction and application methods of model
Tang et al. HDLBR: A name-independent compact routing scheme for power-law networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant