CN114338415A - Port scanning method and device, computer equipment and storage medium - Google Patents
Port scanning method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114338415A CN114338415A CN202210218768.0A CN202210218768A CN114338415A CN 114338415 A CN114338415 A CN 114338415A CN 202210218768 A CN202210218768 A CN 202210218768A CN 114338415 A CN114338415 A CN 114338415A
- Authority
- CN
- China
- Prior art keywords
- scanning
- failure
- task
- result
- initial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The application provides a port scanning method, a port scanning device, computer equipment and a storage medium, which can be applied to the field of cloud computing or intelligent transportation and the like and are used for solving the problem that the accuracy and reliability of a scanning result are low when port scanning is carried out. The method comprises the following steps: establishing a plurality of initial scanning tasks; respectively executing a plurality of established initial scanning tasks to obtain corresponding initial scanning results; when at least one scanning failure result exists, executing a failure reason represented based on one scanning failure result aiming at each scanning failure result, and performing at least one round of task updating processing on the corresponding initial scanning task to obtain a target scanning task and a corresponding scanning success result; and fusing the obtained successful scanning results to obtain a target scanning result. And through at least one round of task updating processing, the initial scanning task is subjected to port scanning again to obtain a successful scanning result, so that the accuracy and the reliability of the scanning result are improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a port scanning method and apparatus, a computer device, and a storage medium.
Background
With the continuous development of science and technology, more and more detection devices can acquire network access devices in a local area network by performing port scanning on target devices, so that the network asset state associated with the target devices is recorded; all services provided by the target device can be acquired, so that the safety problem possibly existing in the target device is determined, and penetration testing is performed.
In some cases, when the detection device performs port scanning, a scanning failure is likely to occur.
For example, in the case of network congestion caused by network fluctuation or excessive traffic, and in the case of complex network conditions such as long connection of network services, after the detection device sends a scan instruction to the scanned port of the target device, the detection device cannot receive scan information returned by the scanned port within the maximum limit time, and thus scan failure is caused.
However, when acquiring the network access device in the lan, if the port scanning of the detection device for the target device in the lan fails, the detection device may misjudge that the scanned port does not exist in the target device, and thus the detection device may not accurately determine the network asset state associated with the target device.
When all services provided by the target device are acquired, if the port scanning of the detection device is performed on the target device, the scanning fails, and the detection device easily misjudges that the scanned port of the target device has no safety problem, so that the detection device cannot accurately determine the possible safety problem of the target device, and therefore cannot accurately perform penetration testing and the like.
Therefore, in the related art, when port scanning is performed, the accuracy and reliability of the obtained scanning result are low.
Disclosure of Invention
The embodiment of the application provides a port scanning method, a port scanning device, computer equipment and a storage medium, which are used for improving the accuracy and reliability of a scanning result during port scanning.
In a first aspect, a port scanning method is provided, including:
dividing a scanning range of a target port to obtain a plurality of initial scanning ranges, and respectively establishing corresponding initial scanning tasks based on the plurality of initial scanning ranges;
respectively executing a plurality of established initial scanning tasks to obtain corresponding initial scanning results; wherein, each initial scanning result is a scanning failure result or a scanning success result;
when there is at least one scan failure result, for each scan failure result, performing the following operations: based on a failure reason represented by a scanning failure result, performing at least one round of task updating processing on a corresponding initial scanning task to obtain a target scanning task and a corresponding scanning success result;
and fusing the obtained successful scanning results to obtain a target scanning result of the scanning range of the target port.
In a second aspect, there is provided a port scanning device, including:
a first processing module: the system comprises a scanning range acquisition module, a scanning range generation module, a scanning range calculation module and a scanning range calculation module, wherein the scanning range acquisition module is used for acquiring a plurality of initial scanning ranges and respectively establishing corresponding initial scanning tasks based on the plurality of initial scanning ranges;
a second processing module: the system comprises a plurality of scanning modules, a plurality of scanning modules and a plurality of scanning modules, wherein the scanning modules are used for respectively executing a plurality of established initial scanning tasks and obtaining corresponding initial scanning results; wherein, each initial scanning result is a scanning failure result or a scanning success result;
the second processing module is further configured to: when there is at least one scan failure result, for each scan failure result, performing the following operations: based on a failure reason represented by a scanning failure result, performing at least one round of task updating processing on a corresponding initial scanning task to obtain a target scanning task and a corresponding scanning success result;
the second processing module is further configured to: and fusing the obtained successful scanning results to obtain a target scanning result of the scanning range of the target port.
Optionally, the first processing module is specifically configured to:
acquiring an internet protocol address set to be scanned and a port address set to be scanned contained in each internet protocol address in the internet protocol address set to obtain a target port scanning range;
and dividing the scanning range of the target port by taking one internet protocol address and at least one port address contained in the one internet protocol address as a group to obtain a plurality of initial scanning ranges.
Optionally, the second processing module is specifically configured to:
sending the plurality of initial scanning tasks to a message queue middleware, so that the message queue middleware selects an alternative scanning node with an idle state mark from all alternative scanning nodes as an initial scanning node, controls the selected at least one initial scanning node, respectively executes the plurality of initial scanning tasks, and obtains and feeds back a corresponding initial scanning result;
and receiving initial scanning results fed back by the message queue middleware to obtain each initial scanning result.
Optionally, the second processing module is specifically configured to:
sequencing the plurality of initial scanning tasks to obtain an initial scanning task sequence;
based on the initial scanning task sequence, sequentially aiming at the plurality of initial scanning tasks, the following operations are executed:
when determining that the alternative scanning nodes with the idle state marks exist in all the alternative scanning nodes, selecting one alternative scanning node with the idle state marks as an initial scanning node;
updating the idle state mark of the initial scanning node into a busy state mark;
and controlling the initial scanning node to execute an initial scanning task to obtain an initial scanning result.
Optionally, the second processing module is specifically configured to, in each round of task update processing, perform the following operations:
based on the failure reason represented by the scanning failure result, adjusting the initial scanning range indicated by the initial scanning task, establishing and executing an updating scanning task, and obtaining an updating scanning result;
when the updated scanning result is a scanning success result, taking the updated scanning task as the target scanning task and obtaining a corresponding scanning success result;
and when the updated scanning result is a scanning failure result and the number of times of task updating processing is not more than the preset number of times, taking the updated scanning result as the initial scanning task and taking the updated scanning result as the scanning failure result to perform the next round of task updating processing.
Optionally, the second processing module is specifically configured to:
determining a target time for re-executing the initial scanning task based on the failure reason represented by the scanning failure result and the current time;
adjusting an initial scanning range indicated by the initial scanning task to establish the updated scanning task;
selecting alternative scanning nodes with idle state marks from all the alternative scanning nodes as updated scanning nodes;
and controlling the update scanning node to execute the update scanning task at the target moment to obtain the update scanning result.
Optionally, the second processing module is further configured to:
and after the updated scanning result is obtained, when the updated scanning result is a scanning failure result and the number of times of task updating processing is greater than a preset number of times, sending fault prompt information to a client based on the failure reason represented by the scanning failure result, wherein the fault prompt information is used for prompting that a fault corresponding to the failure reason represented by the scanning failure result exists.
Optionally, when the at least one scan failure result is a plurality of scan failure results, the second processing module is specifically configured to:
determining the priority of an initial scanning task corresponding to each of a plurality of scanning failure results based on the failure reasons represented by each of the plurality of scanning failure results, wherein the priority is used for representing the probability of obtaining a scanning success result after at least one round of task updating processing is carried out on the corresponding initial scanning task, and the higher the probability is, the higher the priority is;
based on the order of the priority of the initial scanning task corresponding to each of the plurality of scanning failure results, the following operations are executed for each initial scanning task in sequence: and performing at least one round of task updating processing on the corresponding initial scanning task based on a failure reason represented by a scanning failure result to obtain a target scanning task and a corresponding scanning success result.
Optionally, the second processing module is specifically configured to:
counting the historical failure times of each failure reason based on the failure reasons represented by the scanning failure results of each historical scanning task in the historical time;
configuring priorities for corresponding failure reasons based on the counted historical failure times, wherein the higher the historical failure times, the lower the priority;
and taking the priority corresponding to the failure reason represented by each of the plurality of scanning failure results as the priority of the corresponding initial scanning task.
Optionally, the second processing module is specifically configured to:
counting the current failure times of each failure reason based on the failure reasons represented by the scanning failure results;
determining weights corresponding to failure reasons represented by the scanning failure results respectively based on pre-stored mapping relations between the failure reasons and the weights;
based on the counted current failure times and the products between the current failure times and the corresponding weights, priorities are configured for the corresponding failure reasons, wherein the larger the product is, the lower the priority is;
and taking the priority corresponding to the failure reason represented by each of the plurality of scanning failure results as the priority of the corresponding initial scanning task.
Optionally, the second processing module is further configured to:
after the obtained scanning success results are subjected to fusion processing to obtain a target scanning result of the scanning range of the target port, the target scanning result is sent to a client in response to a viewing operation triggered by the target scanning result, so that the client receives the target scanning result and presents an initial scanning task or a target scanning task corresponding to each scanning success result.
In a third aspect, a computer program product is provided, comprising a computer program which, when executed by a processor, performs the method according to the first aspect.
In a fourth aspect, there is provided a computer device comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing the method according to the first aspect according to the obtained program instructions.
In a fifth aspect, there is provided a computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of the first aspect.
In the embodiment of the application, a plurality of initial scanning tasks are established based on the scanning range of a target port, and after each initial scanning task is executed respectively, if at least one scanning failure result exists in the obtained initial scanning results, at least one round of task updating processing is performed on the corresponding initial scanning task, so that the target scanning task and the corresponding scanning success result are obtained. The situation that the whole initial scanning task fails to be executed and a scanning failure result is obtained when the scanning range indicated by the initial scanning task contains the scanning range influenced by network fluctuation or complex network conditions is avoided. Through at least one round of task updating processing, the initial scanning task can be adjusted to be a target scanning task capable of obtaining a successful scanning result, and the initial scanning task can be rescanned, so that the influence of network fluctuation or complex network conditions is avoided. Therefore, when the obtained successful scanning results are subjected to fusion processing to obtain the target scanning result of the scanning range of the target port, the scanning integrity and the reliability of the target scanning result can be improved.
Drawings
FIG. 1a is a first flowchart of a port scanning method in the related art;
fig. 1b is an application scenario of the port scanning method according to the embodiment of the present application;
fig. 2 is a first flowchart illustrating a port scanning method according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram illustrating a first principle of a port scanning method according to an embodiment of the present disclosure;
fig. 4a is a schematic flowchart illustrating a second port scanning method according to an embodiment of the present application;
fig. 4b is a schematic diagram illustrating a second principle of a port scanning method according to an embodiment of the present disclosure;
fig. 5a is a schematic diagram illustrating a third principle of a port scanning method according to an embodiment of the present application;
fig. 5b is a schematic diagram illustrating a fourth principle of a port scanning method according to an embodiment of the present application;
fig. 5c is a schematic diagram illustrating a principle of a port scanning method according to an embodiment of the present application;
fig. 6 is an interaction diagram of a port scanning method according to an embodiment of the present application;
fig. 7 is a first schematic structural diagram of a port scanning apparatus according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a port scanning apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
Some terms in the embodiments of the present application are explained below to facilitate understanding by those skilled in the art.
(1) Port scanning:
the port is an outlet for communication between the equipment and the outside. The port scanning is to send a group of port scanning messages to the computer equipment, determine whether the computer equipment uses the port and can search the weak point according to the received response type, so as to invade a certain computer equipment and acquire the type of computer network service provided by the computer equipment. One port is a potential communication channel, i.e., an intrusion channel.
(2) Message queue middleware (Rabbitmq):
the Message queue middleware Rabbitmq is open source Message agent software that implements Advanced Message Queuing Protocol (AMQP).
(3) Network security tool (Network Mapper, Nmap):
the network security tool Nmap is used for network discovery and security audit, and can enumerate a network host list, manage service upgrade scheduling, monitor a host and service running conditions. The Nmap can detect whether the target host is on-line, the port opening condition, the information of the service type and version of the detection operation, the information of the detection operation system and the equipment type and the like. The Nmap may be utilized to gather network settings of the target host, gathering basic state information of the target host.
The embodiment of the application relates to a cloud computing (cloud computing) technology, is designed based on a cloud storage (cloud storage) technology, and can be applied to the fields of artificial intelligence, intelligent traffic or maps and the like.
Cloud computing is a computing model that distributes computing tasks over a resource pool of large numbers of computers, enabling various application systems to obtain computing power, storage space, and information services as needed. The network that provides the resources is referred to as the "cloud". Resources in the "cloud" appear to the user as being infinitely expandable and available at any time, available on demand, expandable at any time, and paid for on-demand.
As a basic capability provider of cloud computing, a cloud computing resource pool (called as an Infrastructure as a Service (IaaS) platform for short) is established, and multiple types of virtual resources are deployed in the resource pool and are selectively used by external clients.
According to the logic function division, a Platform as a Service (PaaS) layer can be deployed on the IaaS layer, a Software as a Service (SaaS) layer is deployed on the PaaS layer, and the SaaS layer can be directly deployed on the IaaS layer. PaaS is a platform on which software runs, such as a database, a web container, etc. SaaS is a variety of business software, such as web portal, sms, and mass texting. Generally speaking, SaaS and PaaS are upper layers relative to IaaS.
Cloud storage is a new concept extended and developed from a cloud computing concept, and a distributed cloud storage system (hereinafter referred to as a storage system) refers to a storage system which integrates a large number of storage devices (storage devices are also referred to as storage nodes) of different types in a network through application software or application interfaces to cooperatively work through functions of cluster application, a grid technology, a distributed storage file system and the like, and provides data storage and service access functions to the outside.
At present, a storage method of a storage system is as follows: logical volumes are created, and when created, each logical volume is allocated physical storage space, which may be the disk composition of a certain storage device or of several storage devices. The client stores data on a certain logical volume, that is, the data is stored on a file system, the file system divides the data into a plurality of parts, each part is an object, the object not only contains the data but also contains additional information such as data Identification (ID), the file system writes each object into a physical storage space of the logical volume, and the file system records storage location information of each object, so that when the client requests to access the data, the file system can allow the client to access the data according to the storage location information of each object.
The process of allocating physical storage space for the logical volume by the storage system specifically includes: physical storage space is divided in advance into stripes according to a group of capacity measures of objects stored in a logical volume (the measures often have a large margin with respect to the capacity of the actual objects to be stored) and Redundant Array of Independent Disks (RAID), and one logical volume can be understood as one stripe, thereby allocating physical storage space to the logical volume.
It should be noted that, in the embodiments of the present application, related data such as user input is involved, when the above embodiments of the present application are applied to specific products or technologies, user permission or consent needs to be obtained, and the collection, use and processing of the related data need to comply with related laws and regulations and standards of related countries and regions.
The following briefly introduces an application field of the port scanning method provided in the embodiment of the present application.
With the continuous development of science and technology, more and more detection devices can acquire network access devices in a local area network by performing port scanning on target devices, so that the network asset state associated with the target devices is recorded; all services provided by the target device can be acquired, so that the safety problem possibly existing in the target device is determined, and penetration testing is performed.
For example, in an asset management system of an enterprise, a port scanning method may be used to manage network assets of the enterprise. Through periodic port scanning, network access equipment in the enterprise network can be monitored, and the network asset state is recorded.
For another example, before performing the penetration test, a port scanning method may be adopted to perform scout collection on each piece of information. Through port scanning, comprehensive scanning and safety evaluation can be realized.
In the related art, referring to fig. 1a and S101, a method for performing port scanning by a detection device obtains an asset scanning task including a scanning target and a scanning parameter; s102, the detection equipment stores the asset scanning task into a Redis queue; s103, the detecting device monitors the Redis queue in real time and executes an asset scanning task in the Redis queue.
In some cases, when the detection device performs port scanning, a scanning failure is likely to occur.
For example, in the case of network congestion caused by network fluctuation or excessive traffic, and in the case of complex network conditions such as long connection of network services, after the detection device sends a scan instruction to the scanned port of the target device, the detection device cannot receive scan information returned by the scanned port within the maximum limit time, and thus scan failure is caused.
However, in these cases, port scanning fails not due to a failure of the detection device, and therefore, directly obtaining a scanning result of the port scanning failure may cause a problem of inaccurate port scanning. In these cases, when a scan job in the scan queue fails, a process for the failed job is absent in the related art. When a scanning task fails, failure processing and task scheduling cannot be well performed, and the problem of inaccurate port scanning is easy to occur.
For example, when acquiring a network access device in a local area network, if a port scanning failure occurs when a detection device scans a port for a target device in the local area network, the detection device may misjudge that the scanned port does not exist in the target device, and thus the detection device may not accurately determine a network asset state associated with the target device.
For another example, when all services provided by the target device are acquired, if the port scanning of the detection device for the target device fails, the detection device may misjudge that there is no security problem on the scanned port of the target device, and thus the detection device may not accurately determine the security problem that may exist in the target device, and thus cannot accurately perform a penetration test.
Therefore, in the related art, when port scanning is performed, the accuracy and reliability of the obtained scanning result are low.
In order to solve the problem that the accuracy and reliability of an obtained scanning result are low when port scanning is carried out, the application provides a port scanning method. In the method, a scanning range of a target port is divided to obtain a plurality of initial scanning ranges, and corresponding initial scanning tasks are respectively established based on the plurality of initial scanning ranges. And respectively executing the established multiple initial scanning tasks to obtain corresponding initial scanning results, wherein each initial scanning result is a scanning failure result or a scanning success result. When there is at least one scan failure result, for each scan failure result, performing the following operations: and performing at least one round of task updating processing on the corresponding initial scanning task based on a failure reason represented by a scanning failure result to obtain a target scanning task and a corresponding scanning success result. And fusing the obtained successful scanning results to obtain a target scanning result of the scanning range of the target port.
In the embodiment of the application, a plurality of initial scanning tasks are established based on the scanning range of a target port, and after each initial scanning task is executed respectively, if at least one scanning failure result exists in the obtained initial scanning results, at least one round of task updating processing is performed on the corresponding initial scanning task, so that the target scanning task and the corresponding scanning success result are obtained. The situation that the whole initial scanning task fails to be executed and a scanning failure result is obtained when the scanning range indicated by the initial scanning task contains the scanning range influenced by network fluctuation or complex network conditions is avoided. Through at least one round of task updating processing, the initial scanning task can be adjusted to be a target scanning task capable of obtaining a successful scanning result, and the initial scanning task can be rescanned, so that the influence of network fluctuation or complex network conditions is avoided. Therefore, when the obtained successful scanning results are subjected to fusion processing to obtain the target scanning result of the scanning range of the target port, the scanning integrity and the reliability of the target scanning result can be improved.
An application scenario of the port scanning method provided in the present application is described below.
Please refer to fig. 1b, which is a schematic view of an application scenario of the port scanning method provided in the present application. The application scenario includes a client 101 and a server 102. Communication is possible between the client 101 and the server 102. The communication mode may be a wired communication technology, for example, communication is performed through a connection network line or a serial port line; the communication may also be performed by using a wireless communication technology, for example, communication is performed by using technologies such as bluetooth or wireless fidelity (WIFI), and the like, which is not limited specifically.
The client 101 generally refers to a device that can provide the target port scanning range to the server 102, for example, a terminal device, a third-party application accessible by the terminal device, or a web page accessible by the terminal device. The terminal devices include, but are not limited to, mobile phones, computers, intelligent transportation devices, intelligent appliances, and the like. The server 102 generally refers to a device that can perform port scanning, such as a terminal device or a server. Servers include, but are not limited to, cloud servers, local servers, or associated third party servers, etc. The client 101 and the server 102 can both adopt cloud computing to reduce the occupation of local computing resources; cloud storage can also be adopted to reduce the occupation of local storage resources.
As an embodiment, the client 101 and the server 102 may be the same device, and are not limited in particular. In the embodiment of the present application, the client 101 and the server 102 are respectively different devices for example.
Based on fig. 1b, the port scanning method provided in the embodiment of the present application is specifically described below with the server 102 as a server and the server as a main body. Please refer to fig. 2, which is a flowchart illustrating a port scanning method according to an embodiment of the present disclosure.
S201, dividing the scanning range of the target port to obtain a plurality of initial scanning ranges, and respectively establishing corresponding initial scanning tasks based on the plurality of initial scanning ranges.
The server may obtain the scanning range of the target port before dividing the scanning range of the target port to obtain a plurality of initial scanning ranges. The server can take the default port scanning range as a target port scanning range; the server can also obtain a target port scanning range through the client, and the client responds to the input operation triggered by the target object aiming at the internet protocol address and the port address to obtain an internet protocol address set to be scanned and a port address set to be scanned contained in each internet protocol address in the internet protocol address set. The client can combine the Internet protocol address set and the port address set to serve as a target port scanning range and send the target port scanning range to the server, and the server receives the target port scanning range sent by the client; the client may also directly send an internet protocol address set and a port address set to the server, and after the server receives the internet protocol address set and the port address set sent by the client, the internet protocol address set and the port address set are used as a target port scanning range, and the like, which is not particularly limited.
The internet protocol address (IP address) is used to indicate the device to be scanned, and the internet protocol address contains a port address used to indicate the port to be scanned in the device.
For example, the client responds to an input operation triggered by the target object, and obtains 123.45.678.000-123.45.678.999 internet protocol address sets, wherein the port address sets are 0001-1000 ports contained in each internet protocol address. Thus, the server may use the set of internet protocol addresses and the set of port addresses as the target port scan range.
After the server obtains the internet protocol address set to be scanned and the port address set to be scanned contained in each internet protocol address in the internet protocol address set, that is, after the target port scanning range is obtained, the server can divide the target port scanning range to obtain a plurality of initial scanning ranges, so that the server can perform port scanning on the corresponding initial scanning ranges by a plurality of scanning nodes.
As an embodiment, when dividing the target port scanning range, the server may divide the target port scanning range by using one internet protocol address and at least one port address included in one internet protocol address as a group to obtain a plurality of initial scanning ranges; the server can also divide the scanning range of the target port by taking an internet protocol address and all port addresses contained in the internet protocol address as a group to obtain a plurality of initial scanning ranges; the server can also divide the scanning range of the target port by taking a plurality of internet protocol addresses and at least one port address contained in each internet protocol address as a group to obtain a plurality of initial scanning ranges; the server may also divide the target port scanning range by using a plurality of internet protocol addresses and all port addresses included in each internet protocol address as a group, to obtain a plurality of initial scanning ranges, and the like, which is not limited specifically.
For example, referring to FIG. 3, the target port scan range obtained by the server includes a set of Internet protocol addresses 123.45.678.000-123.45.678.999, and the set of port addresses is 0001-1000 ports included in each Internet protocol address. The server can divide the scanning range of the target port to obtain an initial scanning range A which is 0001-0100 ports contained in the Internet protocol address 123.45.678.000; the initial scanning range B is 0101-1000 ports contained in the Internet protocol address 123.45.678.000; the initial scanning range C is 0001 port included in the internet protocol address 123.45.678.001; the initial scanning range D is 0002 to 1000 ports contained in the Internet protocol address 123.45.678.001, and the initial scanning range N is 0010 to 1000 ports contained in the Internet protocol address 123.45.678.999.
After obtaining each initial scanning range, the server may respectively establish a corresponding initial scanning task based on each initial scanning range. The server can establish a corresponding initial scanning task based on the initial scanning range; the server can also establish a corresponding initial scanning task based on the initial scanning range and the maximum scanning duration, so that the server can time at the starting moment of executing the initial scanning task, and still does not receive a corresponding initial scanning result after the maximum scanning duration, so that a scanning failure result can be used as a corresponding initial scanning result, and the problem of unnecessary resource occupation caused by long-time execution of one initial scanning task is avoided.
S202, a plurality of established initial scanning tasks are executed respectively, and corresponding initial scanning results are obtained.
After obtaining each initial scanning task, the server may respectively execute the multiple initial scanning tasks that are established, perform port scanning on the initial scanning range indicated by the corresponding initial scanning task, and obtain a corresponding initial scanning result, where each initial scanning result may be a scanning failure result or a scanning success result. For example, the server performs each initial scanning task by using a network security tool Nmap to implement port scanning.
The server may select an alternative scanning node with an idle state flag from the alternative scanning nodes as an initial scanning node. The server may select an initial scanning node, sequentially send each initial scanning task to the initial scanning node, and control the initial scanning node to sequentially execute each initial scanning task. The server may also select a plurality of initial scanning nodes, send each initial scanning task to one initial scanning node, control the plurality of initial scanning nodes to synchronously perform port scanning on each initial scanning task, and the like, which is not limited specifically.
For example, the server may send a plurality of initial scan tasks to the message queue middleware, and the message queue middleware receives the plurality of initial scan tasks sent by the server. The message queue middleware can sequence a plurality of initial scanning tasks, so that each initial scanning task can be issued to different initial scanning nodes according to the sequence number, so that the initial scanning task executes the corresponding initial scanning task.
After obtaining a plurality of initial scanning tasks, the message queue middleware selects an alternative scanning node with an idle state mark from all alternative scanning nodes as an initial scanning node. And the message queue middleware controls the selected at least one initial scanning node to respectively execute a plurality of initial scanning tasks to obtain corresponding initial scanning results. And the message queue middleware feeds back each obtained initial scanning result to the server, and the server receives the initial scanning results fed back from the message queue to obtain each initial scanning result.
As an embodiment, when the established multiple initial scanning tasks are respectively executed to obtain corresponding initial scanning results, the server may also execute the multiple initial scanning tasks without the message queue middleware. The server can sequence a plurality of initial scanning tasks to obtain an initial scanning task sequence, so that each initial scanning task can be sequentially executed conveniently, the process of selecting one initial scanning task from a plurality of initial scanning tasks before each scanning task is executed is simplified, and the efficiency of port scanning is improved.
In obtaining the initial scanning task sequence, based on the sequence of each initial scanning task in the initial scanning task sequence, processing is sequentially performed on a plurality of initial scanning tasks, taking the processing process of one of the initial scanning tasks as an example below, and the processing processes of other initial scanning tasks are similar, and are not described herein again.
When the server determines that the alternative scanning nodes with the idle state marks exist in the alternative scanning nodes, one alternative scanning node with the idle state marks is selected as an initial scanning node.
After an initial scanning node is selected, because the initial scanning node is used for executing an initial scanning task, the idle state flag of the initial scanning node can be updated to a busy state flag, so that the situation that the scanning task is repeatedly allocated to the initial scanning node is avoided.
The server may control the initial scanning node to perform an initial scanning task to obtain an initial scanning result.
For example, please refer to fig. 4a, which is a schematic flow chart illustrating a process of respectively executing a plurality of established initial scanning tasks to obtain corresponding initial scanning results. Please refer to fig. 4b, which is a schematic diagram illustrating that the server issues each initial scanning task to a corresponding initial scanning node through the message queue middleware.
S401, storing a plurality of initial scanning tasks into a message queue middleware, wherein the initial scanning tasks are sequentially arranged in the message queue middleware. At this time, if there is a task that needs to be executed in the message queue middleware, S402 is continuously executed. And if the task needing to be executed does not exist in the message queue middleware, indicating that the task in the message queue middleware is executed completely, finishing port scanning.
S402, obtaining each alternative scanning node, wherein each alternative scanning node has a state mark, and the state mark can be a busy state mark or an idle state mark. The busy state flag may indicate that the corresponding alternative scanning node is currently performing port scanning, or may indicate that the currently available resources of the corresponding alternative scanning node are insufficient to perform other scanning tasks; the idle status flag may indicate that the corresponding candidate scanning node does not perform port scanning currently, or may indicate that the corresponding candidate scanning node has available resources currently enough to perform other scanning tasks, and the like, which is not limited specifically.
S403, determining whether there is an alternative scanning node with an idle status flag from the alternative scanning nodes. The method comprises the steps of determining whether a state identifier of each alternative scanning node is an idle state mark or not by sequentially acquiring the state identifier of each alternative scanning node, and determining that an alternative scanning node with an idle state mark exists in each alternative scanning node when the state identifier of one alternative scanning node is determined to be the idle state mark; and when the state marks of all the alternative scanning nodes are determined to be busy state marks, determining that no alternative scanning node with an idle state mark exists in each alternative scanning node.
Or screening out the alternative scanning nodes of which the state identifications are idle state marks by simultaneously acquiring the state identifications of all the alternative scanning nodes, and if the screening result is empty, determining that no alternative scanning node with the idle state mark exists in each alternative scanning node; and if the screening result is not null, determining that the alternative scanning nodes with the idle state marks exist in the alternative scanning nodes.
And executing S404-S406 when determining that the alternative scanning node with the idle state mark exists, and executing S407 when determining that the alternative scanning node with the idle state mark does not exist.
S404, when the candidate scanning node with the idle state mark is determined to exist, the candidate scanning node with the idle state mark is selected as the initial scanning node. When the candidate scanning nodes with the idle state marks are determined to exist, selecting a corresponding number of candidate scanning nodes with the idle state marks from all the candidate scanning nodes according to the number of the initial scanning tasks, and obtaining a corresponding number of initial scanning nodes; or, an initial scanning node may be obtained every time an alternative scanning node with an idle state flag is determined, which is not limited specifically.
S405, selecting an initial scanning node, wherein the initial scanning node is responsible for executing the first initial scanning task arranged in the message queue middleware currently, and the message queue middleware issues the first initial scanning task to the initial scanning node, so that the initial scanning task arranged next becomes the first initial scanning task arranged currently, and continuously selects the next initial scanning node.
S406, after selecting an initial scan node, updating the status flag of the initial scan node to a busy status flag. Therefore, when the alternative scanning node with the idle state mark is selected from the alternative scanning nodes, the initial scanning node is the busy state mark, so that other scanning tasks cannot be redistributed in the process of executing the initial scanning task by the initial scanning node, the condition that the redistributed other scanning tasks cannot be executed in time due to the fact that the initial scanning node is busy is avoided, and the efficiency of port scanning is improved.
S407, upon determining that there is no candidate scanning node with the idle status flag, S403 may be re-executed at intervals of a preset time period. When the alternative scanning nodes with the idle state marks do not exist, it is indicated that all the alternative scanning nodes are currently executing corresponding scanning tasks, and in order to avoid that each initial scanning task can be executed in time, whether the alternative scanning nodes with the idle state marks exist can be determined again after a preset time period, until the alternative scanning nodes with the idle state marks exist is determined, the situation that each initial scanning task is directly discarded or returned to the target object to re-trigger port scanning is avoided.
S203, when at least one scanning failure result exists, the following operations are executed for each scanning failure result: and performing at least one round of task updating processing on the corresponding initial scanning task based on a failure reason represented by a scanning failure result to obtain a target scanning task and a corresponding scanning success result.
The failure reasons represented by the scanning failure result are various, including network congestion, unreachable targets, protection facilities for port addresses, network packet loss, forbidden IP addresses, interception by a Web Application level intrusion prevention system (WAF), too large concurrence, abnormal scanning types, abnormal task action port number or abnormal concurrence action number, and the like.
For the failure reason of network congestion, when the initial scanning task is subjected to port scanning again in the idle time of other networks, the successful scanning result can be obtained. For the failure reason of the unreachable target, after the problem of the unreachable target is solved, when the port scanning is performed on the initial scanning task again, the scanning success result can be obtained.
For the reason that the port address has the failure of the protection facility, it may be because the corresponding port address is prohibited from scanning, and at this time, it is not necessary to obtain the scanning success result of the initial scanning task; it may also be necessary to re-scan the ports of the initial scan task after the security facility is closed to obtain a successful scan result. For the reason of network packet loss or too large concurrent failure, the initial scanning task can be subjected to port scanning again, and a scanning success result can be obtained.
For the reason of the failure of disabling the IP address, it may be that the corresponding IP address is disabled, and it is not necessary to obtain the successful scanning result of the initial scanning task; it may also be necessary to re-enable the IP address and then re-perform port scanning on the initial scanning task to obtain a successful scanning result. For the reason of failure of WAF interception, after authorization is obtained, port scanning is performed on the initial scanning task again, and then a scanning success result can be obtained.
When the initial scanning task fails to be scanned, if the scanning failure result is directly obtained, misjudgment can be made on the initial scanning tasks corresponding to some failure reasons, actually, some initial scanning tasks only fail at the current scanning moment, and can succeed at other scanning moments or can succeed after some repairs. Thus, when there is at least one scan failure result, the server may perform the following for each scan failure result: and performing at least one round of task updating processing on the corresponding initial scanning task based on a failure reason represented by a scanning failure result to obtain a target scanning task and a corresponding scanning success result.
After at least one round of task updating processing is carried out on each initial scanning task which fails to execute, a scanning success result can be obtained for the original failed initial scanning task, the scanning success rate of the scanning task can be improved, the accuracy and the reliability of a target scanning result are improved, and the scanning integrity of a target port scanning range can also be improved.
As an embodiment, at least one round of task update processing is performed on the initial scanning task, which may be to adjust an initial scanning range indicated by the initial scanning task, for example, to narrow the initial scanning range, so as to achieve the purpose of filtering a port address that cannot obtain a successful scanning result; or the initial scanning range is divided into two sub-ranges, so that the purpose of reducing the number of port addresses required to be scanned by one scanning node is achieved.
In the following, a round of task update processing is taken as an example for description, and each round of task update processing is similar and is not described herein again.
The server adjusts the initial scanning range indicated by the initial scanning task based on a failure reason represented by a scanning failure result, establishes an updating scanning task, executes the updating scanning task and obtains an updating scanning result.
The server adjusts the initial scanning range indicated by the initial scanning task based on a failure reason represented by a scanning failure result, so as to obtain updated scanning results in various ways, for example, a target time for re-executing the initial scanning task may be determined based on the failure reason, and for example, an adjustment way for the initial scanning range may be determined based on the failure reason, which is not limited specifically, and the two ways are described as examples below.
The first method is as follows:
and determining the target time for re-executing the initial scanning task based on the failure reason represented by one scanning failure result.
The server may determine a target time for re-executing the initial scanning task based on a failure reason represented by a scanning failure result and the current time. For example, when the failure reason represented by one scan failure result is the network congestion, the target time for re-executing the initial scan task may be determined according to the current time based on the execution duration of one scan task. For another example, when the failure reason represented by one scan failure result is a network packet loss or too large concurrency, and the like, the target time for re-executing the initial scan task may be determined according to the current time based on the preset minimum time duration. For another example, when the failure cause represented by one scan failure result is a failure cause such as existence of a protection facility, subject to WAF interception or scan type abnormality, the target time for re-executing the initial scan task may be determined according to the current time by manually processing the estimated time length of existence of the protection facility, subject to WAF interception or scan type abnormality.
The server can adjust the initial scanning range indicated by the initial scanning task to establish an updated scanning task. And selecting the alternative scanning nodes with the idle state marks from all the alternative scanning nodes as the updated scanning nodes.
When the target moment is reached, the server can control the update scanning node to execute the update scanning task, obtain the update scanning result and fulfill the aim of re-executing the initial scanning task.
The second method comprises the following steps:
and determining an adjustment mode of the corresponding initial scanning range based on the failure reason represented by one scanning failure result.
When the failure reason represented by one scanning failure result is a network congestion reason, a network packet loss reason or too large concurrency reason and the like, the server can take the initial scanning task as an updated scanning task; the initial scanning range indicated by the initial scanning task can be reduced, and an updated scanning task is established based on the reduced initial scanning range; or dividing the initial scanning range indicated by the initial scanning task into a plurality of sub-ranges, establishing corresponding sub-tasks based on each sub-range, and taking the obtained plurality of sub-tasks as the updated scanning task.
After obtaining the update scan task, the server may execute the update scan task to obtain an update scan result. Because the time for executing the initial scanning task is different from the time for executing the updating scanning task, the network congestion condition, the packet loss probability and the concurrency condition are also different, so that the purpose of carrying out port scanning on the initial scanning task again is achieved by executing the updating scanning task, and the condition that the initial scanning range indicated by the initial scanning task cannot be scanned due to misjudgment caused by network congestion, network packet loss or overlarge concurrency is avoided.
When the failure reason represented by one scan failure result is the failure reason that the target is not reachable, the IP address is disabled, and the like, the port scan may not be performed on the corresponding initial scan task any more, possibly because the port address or the IP address is prohibited from being used.
When the failure reason represented by one scan failure result is a failure reason such as existence of a protection facility, WAF interception or abnormal scan type, the server may first perform a repair based on the failure reason, for example, close the protection facility or obtain the WAF authority, then use the initial scan task as an update scan task, and execute the update scan task to obtain an update scan result. The server can also adjust the initial scanning range indicated by the initial scanning task based on the failure reason to establish the updated scanning task. For example, deleting the port address intercepted by the WAF and existing the protection facility in the initial scanning range, and establishing the scanning task based on the initial scanning range after deleting the port address. For another example, in the initial scanning range, the port addresses of the same scanning type are divided into a range, a plurality of sub-ranges are obtained, a sub-task is established for each sub-range, and the established plurality of sub-tasks are used as the update scanning task, and the like, which is not limited specifically.
And after the update scanning task is executed and the obtained update scanning result is a scanning success result, taking the update scanning task as a target scanning task and obtaining a corresponding scanning success result. When the updated scanning result is the successful scanning result, the task updating processing is not required to be performed on the initial scanning task, so that the updated scanning task obtained by the last sequential task updating processing can be used as the target scanning task, and the successful scanning result can be obtained by executing the target scanning task. Compared with the case that the initial scanning task is determined to be failed in the related art, in the embodiment of the application, after the initial scanning task is updated to the updated scanning task, a scanning success result can be obtained, that is, the initial scanning range indicated by the initial scanning task can be scanned successfully, the integrity of the scanning range of the target port is improved, and the accuracy of the obtained target scanning result is higher based on the scanning success result obtained by updating the scanning task.
For example, referring to fig. 5a, after performing port scanning on a plurality of initial scanning tasks, each scanning success result and one scanning failure result are obtained. The initial scanning range indicated by the initial scanning task corresponding to the scanning failure result is port addresses '0101-1000' contained in an internet protocol address '123.45.678.000', and the failure reason represented by the scanning failure result is that concurrence is too large.
The server can perform a first round of task updating processing on the corresponding initial scanning task based on the failure reason represented by the scanning failure result, and divide the initial scanning range into two sub-ranges, wherein the first sub-range is port addresses '0101-0540' contained in the internet protocol address '123.45.678.000', and the second sub-range is port addresses '0541-1000' contained in the internet protocol address '123.45.678.000'. And the server establishes a first subtask and a second subtask respectively based on the first sub-range and the second sub-range, and takes the first subtask and the second subtask as an updating scanning task. An update scan task is performed.
The server selects two alternative scanning nodes with idle state marks from the alternative scanning nodes as updating scanning nodes, respectively performs port scanning on the first subtask and the second subtask, and avoids the scanning failure caused by too large concurrency due to the fact that the number of the ports scanned by each updating scanning node in a concurrent manner is reduced, so that the scanning success result is obtained for the updating scanning task.
After obtaining the scan success result, the server may take the updated scan task as the target scan task and obtain a corresponding scan success result.
As an embodiment, each time the task update process is performed, the server may record the turn of the task update process, and after obtaining the update scanning result, if the update scanning result is still the scan failure result, the server may determine whether the turn of the task update process has exceeded the preset number of times.
If the number of times of task updating processing is not more than the preset number of times, the server can take the updating scanning result as an initial scanning task and take the updating scanning result as a scanning failure result to perform the next round of task updating processing.
If the scanning result is updated to be a scanning failure result, and the number of times of task updating processing is greater than the preset number of times, the server may send failure prompt information to the client based on the failure reason represented by the scanning failure result, where the failure prompt information is used to prompt that a failure corresponding to the failure reason represented by the scanning failure result exists.
As an embodiment, when at least one scan failure result is a plurality of scan failure results, based on failure reasons represented by the plurality of scan failure results, priorities of initial scan tasks corresponding to the plurality of scan failure results may be determined, where the priorities are used to represent probabilities of obtaining scan success results after at least one round of task update processing is performed on corresponding initial scan tasks, and the higher the probability is, the higher the priority is.
Therefore, when the initial scanning tasks needing to be rescanned are more, the server can perform rescanning on the initial scanning tasks with higher probability of obtaining a successful scanning result after performing at least one round of task updating processing preferentially, and when the initial scanning tasks with high priority are rescanned, the failure reasons corresponding to the initial scanning tasks with low priority can be synchronously repaired, so that the aim of reasonably distributing the scanning tasks is fulfilled, and the rescanning efficiency is improved.
As an embodiment, the server may determine the priority of the initial scanning task corresponding to each of the plurality of scanning failure results based on a mapping relationship between pre-stored failure reasons and the probability of obtaining the scanning success result. Please refer to table 1, which is a possible mapping relationship.
After obtaining the priority corresponding to each failure reason, the server may use the priority corresponding to the failure reason represented by each of the multiple scanning failure results as the priority of the corresponding initial scanning task.
After obtaining the priorities of the initial scanning tasks corresponding to the multiple scanning failure results, the server may perform the following operations for each initial scanning task in turn based on the order of the priorities of the initial scanning tasks corresponding to the multiple scanning failure results: and performing at least one round of task updating processing on the corresponding initial scanning task based on a failure reason represented by a scanning failure result to obtain a target scanning task and a corresponding scanning success result.
As an embodiment, when at least one scan failure result is a plurality of scan failure results, the server may count failure reasons represented by the plurality of scan failure results, and determine, based on the counted current failure times of each failure reason, a priority of an initial scan task corresponding to each of the plurality of scan failure results.
The server may count the current failure times of each failure reason based on the failure reasons characterized by the multiple scan failure results. When the current failure times are large, the same problem exists when a plurality of scanning nodes execute scanning tasks, and when the current failure times are small, the problem exists when an individual scanning node executes the individual scanning tasks.
The server may determine, based on a pre-stored mapping relationship between each failure cause and each weight, a weight corresponding to a failure cause represented by each of the plurality of scan failure results. And configuring the priority for the corresponding failure reason based on the product of each counted current failure frequency and the corresponding weight, wherein the larger the product is, the lower the priority is. When the priority is configured, on one hand, the configured priority is more accurate according to failure reasons which are respectively represented by a plurality of scanning failure results obtained by port scanning at this time, and on the other hand, the mapping relation between each failure reason and each weight preset according to experience values from multiple angles.
After configuring the priority for the corresponding failure reason, the server may use the priority corresponding to the failure reason represented by each of the multiple scanning failure results as the priority of the corresponding initial scanning task.
As an embodiment, the server may perform statistics on failure reasons represented by the scanning failure results of the historical scanning tasks, and determine influence factors of the failure reasons on obtaining the scanning success results.
The server may count respective historical failure times of each failure reason based on the failure reasons represented by the scanning failure results of each historical scanning task within the historical time, where the larger the historical failure times, the smaller the probability that the historical scanning task obtains the scanning success results is, and the smaller the historical failure times, the larger the probability that the historical scanning task obtains the scanning success results is.
After obtaining the historical failure times, the server may configure a priority for the corresponding failure reason based on the counted historical failure times. The greater the number of historical failures, the lower the priority. The server may determine a value interval to which each historical failure frequency belongs, and each value interval represents a different influence degree of the scanning success result, so that the server may establish a mapping relationship between each failure reason and the influence degree of the failure reason on the scanning success result based on the value interval of the historical failure frequency, please refer to table 2, which is a possible mapping relationship.
The larger the influence degree of the obtained scanning success result is, the smaller the probability of obtaining the scanning success result is, the smaller the influence degree of the obtained scanning success result is, and the larger the probability of obtaining the scanning success result is. The server may configure a priority for the corresponding failure reason based on the mapping relationship. For example, the failure cause with an influence of 0.2 is configured as the highest priority, and the failure cause with an influence of 1 is configured as the lowest priority.
For example, referring to fig. 5B, when the at least one scan failure result is a plurality of scan failure results, the plurality of scan failure results include a scan failure result a, a scan failure result B, and a scan failure result C. The failure reason represented by the scanning failure result A is network congestion, the failure reason represented by the scanning failure result B is that the target is not reachable, and the failure reason represented by the scanning failure result C is network packet loss.
The scanning failure result A corresponds to the initial scanning task A, the scanning failure result B corresponds to the initial scanning task B, and the scanning failure result C corresponds to the initial scanning task C. After the server performs port scanning on a plurality of initial scanning tasks, each scanning success result, a scanning failure result A, a scanning failure result B and a scanning failure result C are obtained. The server needs to perform port scanning again for the initial scanning task a, the initial scanning task B, and the initial scanning task C.
The server determines, through the mapping relationship in table 2, that the influence degree of the scanning success result obtained corresponding to the failure reason of the scanning failure result a is 0.5, the influence degree of the scanning success result obtained corresponding to the failure reason of the scanning failure result B is 1, and the influence degree of the scanning success result obtained corresponding to the failure reason of the scanning failure result C is 0.2.
The server divides the influence degree interval 0-1 into three numerical value intervals, wherein the numerical value interval A is 0-0.4 corresponding to the highest priority, the numerical value interval B is 0.5-0.8 corresponding to the middle priority, and the numerical value interval C is 0.9-1 corresponding to the lowest priority. Therefore, the server can allocate the priority to each initial scanning task according to the numerical value interval to which the influence degree belongs. The influence degree corresponding to the initial scanning task A belongs to a numerical value interval B, the influence degree corresponding to the initial scanning task B belongs to a numerical value interval C, and the influence degree corresponding to the initial scanning task C belongs to a numerical value interval A.
The server configures different priorities for each initial scanning task according to the influence degree corresponding to each initial scanning task belonging to the numerical range, so that the server preferentially performs port scanning on the initial scanning task C again, namely performs at least one round of task updating processing on the initial scanning task C to obtain a target scanning task C and a corresponding scanning success result C. And then, carrying out port scanning on the initial scanning task A again, namely, carrying out at least one round of task updating processing on the initial scanning task A to obtain a target scanning task A and a corresponding scanning success result A. And finally, carrying out port scanning on the initial scanning task B again, namely carrying out at least one round of task updating processing on the initial scanning task B to obtain a target scanning task B and a corresponding scanning success result B.
And S204, fusing the obtained successful scanning results to obtain a target scanning result of the scanning range of the target port.
After performing at least one round of task update processing on the initial scanning task corresponding to each scanning failure result in the at least one scanning failure result, the server may perform fusion processing on each obtained scanning success result based on each scanning success result obtained for the initial scanning task and the target scanning task, so as to obtain a target scanning result in the target port scanning range.
For example, referring to fig. 5c, after the server performs port scanning on a plurality of initial scanning tasks, each scanning success result and at least one scanning failure result are obtained. The server performs at least one round of task updating processing on the initial scanning task corresponding to each of the at least one scanning failure result to obtain a target scanning task, so as to achieve the purpose of rescanning the at least one initial scanning task. And the server achieves the aim of obtaining the scanning success result corresponding to at least one initial scanning task by rescanning. And the server performs fusion processing on each scanning success result obtained firstly and at least one scanning success result obtained later, so as to obtain a butterfly target scanning result.
The server can sort the scanning success results according to the time for obtaining the scanning success results, and the sorted scanning success results are used as simulation scanning results. The server may further use the scanning task and the group corresponding to each successful scanning result as the target scanning result, and the like, which is not limited specifically.
As an embodiment, after obtaining a target scanning result for a target port scanning range, in response to a viewing operation triggered for the target scanning result, the server may send the target scanning result to the client, so that the client receives the target scanning result and presents each scanning success result, or may send an initial scanning task or a target scanning task corresponding to each scanning success result.
For an exemplary description of the port scanning method provided in the embodiments of the present application, please refer to fig. 6.
S601, the client responds to the input operation triggered by the target object to obtain an IP address set and a port address set contained in each IP address. The input operation may be a selection operation for each IP address and each port address, an editing operation for an IP address or a port address, a voice instruction for an IP address or a port address, or the like, and is not limited specifically.
S602, the client sends an IP address set and a port address set contained in each IP address to the server, and the server receives the IP address set sent by the client and the port address set contained in each IP address. The server takes the received IP address set and the port address set contained in each IP address as the target port scanning range.
S603, the server divides the scanning range of the target port to obtain a plurality of initial scanning ranges, and establishes corresponding initial scanning tasks respectively based on the plurality of initial scanning ranges. The server may divide the target port scanning range based on one IP address and at least one port address included in the one IP address, so that each obtained initial scanning range includes one IP address and at least one port address included in the one IP address. The server may establish a corresponding initial scanning task based on the initial scanning range and the corresponding scanning duration, thereby obtaining a plurality of initial scanning tasks.
S604, the server sends the plurality of initial scanning tasks to a message queue middleware for storing the plurality of initial scanning tasks into the message queue middleware in sequence, and the message queue middleware receives the plurality of initial scanning tasks sent by the server to form a sequential initial scanning task queue.
S605, the message queue middleware selects at least one initial scanning node from each alternative scanning node, the respective state marks of the at least one initial scanning node are idle marks, and the at least one initial scanning node is enough to provide port scanning service for the initial scanning task in the initial scanning task queue.
And the message queue middleware sequentially issues the initial scanning tasks to each initial scanning node according to the arrangement sequence of each initial scanning task in the initial scanning task queue, and each initial scanning node receives the corresponding initial scanning task sent by the message queue middleware.
And S606, after each initial scanning node receives the initial scanning task, executing the corresponding initial scanning task, performing port scanning on the initial scanning range indicated by the initial scanning task, and sequentially scanning each port address.
S607, each initial scanning node generates a corresponding initial scanning result when the port scanning is completed. The initial scan result may be a scan success result, or a scan failure result. The port scanning is completed before the corresponding scanning duration reaches the time or the scanning duration reaches the time, so that when the initial scanning result is not obtained before the corresponding scanning duration reaches the time or the scanning duration reaches the time, the port scanning fails, and a scanning failure result can be generated. The scanning time length can be specified by the target object when the input operation is executed; the server may also be preset according to an empirical value, and the like, without limitation.
S608, after each initial scanning node obtains the corresponding initial scanning result, the obtained initial scanning result is sent to the message queue middleware, and the message queue middleware receives the initial scanning result sent by each initial scanning node. The scan success result may include information of the corresponding initial scan task, scan time, initial scan node, and the like, and the scan failure result may include information of the initial scan task, scan time, initial scan node, failure reason, and the like.
And S609, the message queue middleware performs at least one round of task updating processing on the initial scanning task corresponding to the scanning failure result until a target scanning task and a corresponding scanning success result are obtained. And performing at least one round of task updating processing on the initial scanning task to obtain a successful scanning result, namely re-scanning the initial scanning task, or after rejecting the part which cannot be successfully scanned in the initial scanning task, re-scanning to obtain a successful scanning result. Therefore, the scanning of the scanning range of the target port is more comprehensive, and the obtained target scanning result is more reliable.
S610, the message queue middleware sends the obtained scanning success results to a server, and the server receives the scanning success results sent by the message queue middleware. The middle of the message queue can send all the received scanning success results to the server within the specified time length when no scanning success result is received; the message queue may also determine the number of received scanning success results and scanning failure results after performing at least one round of task update processing on each initial scanning task, and send all the received scanning success results to the server and the like when the number of the initial scanning tasks is the same, which is not limited specifically.
And S611, the server performs fusion processing on the successful scanning results to obtain a target scanning result aiming at the scanning range of the target port. The server can arrange all the scanning success results according to the scanning completion time, and the arranged scanning success results are used as target scanning results aiming at the scanning range of the target port; the server can also count the number of successful scanning results, and the number is used as a target scanning result aiming at the scanning range of the target port; the server may also present an initial scanning task or a target scanning task corresponding to each successful scanning result, and use each initial scanning task or target scanning task as a target scanning result for a target port scanning range, and the like, which is not limited specifically.
And S612, responding to the checking operation of the client on the target scanning result, sending the target scanning result to the client by the server, receiving the target scanning result sent by the server by the client, and presenting the target scanning result. The checking operation can be the same operation as the input operation, when the target scanning result is obtained in response to the input operation, the target scanning result is sent to the client, and the client receives the target scanning result sent by the server and presents the target scanning result; the click operation aiming at the 'view details' key can also be performed; and may also be a voice control command, etc., without limitation.
Based on the same inventive concept, embodiments of the present application provide a port scanning apparatus, which can implement a function corresponding to the port scanning method. Referring to fig. 7, the apparatus includes an obtaining module 701 and a processing module 702, wherein:
the first processing module 701: the system comprises a scanning range acquisition module, a scanning range generation module, a scanning range calculation module and a scanning range calculation module, wherein the scanning range acquisition module is used for acquiring a plurality of initial scanning ranges and respectively establishing corresponding initial scanning tasks based on the plurality of initial scanning ranges;
the second processing module 702: the system comprises a plurality of scanning modules, a plurality of scanning modules and a plurality of scanning modules, wherein the scanning modules are used for respectively executing a plurality of established initial scanning tasks and obtaining corresponding initial scanning results; wherein, each initial scanning result is a scanning failure result or a scanning success result;
the second processing module 702 is further configured to: when there is at least one scan failure result, for each scan failure result, performing the following operations: based on a failure reason represented by a scanning failure result, performing at least one round of task updating processing on a corresponding initial scanning task to obtain a target scanning task and a corresponding scanning success result;
the second processing module 702 is further configured to: and fusing the obtained successful scanning results to obtain a target scanning result of the scanning range of the target port.
In a possible embodiment, the first processing module 701 is specifically configured to:
acquiring an internet protocol address set to be scanned and a port address set to be scanned contained in each internet protocol address in the internet protocol address set to obtain a target port scanning range;
dividing the scanning range of the target port by taking an internet protocol address and at least one port address contained in the internet protocol address as a group to obtain a plurality of initial scanning ranges.
In a possible embodiment, the second processing module 702 is specifically configured to:
sending a plurality of initial scanning tasks to the message queue middleware, so that the message queue middleware selects an alternative scanning node with an idle state mark from all alternative scanning nodes as an initial scanning node, controls at least one selected initial scanning node, respectively executes the plurality of initial scanning tasks, and obtains and feeds back a corresponding initial scanning result;
and receiving initial scanning results fed back from the message queue to obtain each initial scanning result.
In a possible embodiment, the second processing module 702 is specifically configured to:
sequencing a plurality of initial scanning tasks to obtain an initial scanning task sequence;
based on the initial scanning task sequence, sequentially aiming at a plurality of initial scanning tasks, the following operations are executed:
when determining that the alternative scanning nodes with the idle state marks exist in all the alternative scanning nodes, selecting one alternative scanning node with the idle state marks as an initial scanning node;
updating the idle state mark of the initial scanning node into a busy state mark;
and controlling the initial scanning node to execute an initial scanning task to obtain an initial scanning result.
In a possible embodiment, the second processing module 702 is specifically configured to, during each task update process, perform the following operations:
based on a failure reason represented by a scanning failure result, adjusting an initial scanning range indicated by an initial scanning task, establishing and executing an updated scanning task, and obtaining an updated scanning result;
when the updated scanning result is a scanning success result, taking the updated scanning task as a target scanning task and obtaining a corresponding scanning success result;
and when the updated scanning result is a scanning failure result and the number of times of task updating processing is not more than the preset number of times, taking the updated scanning result as an initial scanning task and taking the updated scanning result as a scanning failure result, and performing next round of task updating processing.
In a possible embodiment, the second processing module 702 is specifically configured to:
determining a target time for re-executing the initial scanning task based on a failure reason represented by a scanning failure result and the current time;
adjusting the initial scanning range indicated by the initial scanning task, and establishing an updated scanning task;
selecting alternative scanning nodes with idle state marks from all the alternative scanning nodes as updated scanning nodes;
and at the target moment, controlling the update scanning node to execute the update scanning task and obtain an update scanning result.
In a possible embodiment, the second processing module 702 is further configured to:
and after the updated scanning result is obtained, when the updated scanning result is the scanning failure result and the number of times of task updating processing is greater than the preset number of times, sending fault prompt information to the client based on the failure reason represented by the scanning failure result, wherein the fault prompt information is used for prompting that a fault corresponding to the failure reason represented by the scanning failure result exists.
In a possible embodiment, when at least one scan failure result is a plurality of scan failure results, the second processing module 702 is specifically configured to:
determining the priority of the initial scanning task corresponding to each of the plurality of scanning failure results based on the failure reasons represented by each of the plurality of scanning failure results, wherein the priority is used for representing the probability of the scanning success result obtained after at least one round of task updating processing is carried out on the corresponding initial scanning task, and the higher the probability is, the higher the priority is;
based on the order of the priority of the initial scanning task corresponding to each of the plurality of scanning failure results, the following operations are executed for each initial scanning task in sequence: and performing at least one round of task updating processing on the corresponding initial scanning task based on a failure reason represented by a scanning failure result to obtain a target scanning task and a corresponding scanning success result.
In a possible embodiment, the second processing module 702 is specifically configured to:
counting the historical failure times of each failure reason based on the failure reasons represented by the scanning failure results of each historical scanning task in the historical time;
configuring priorities for corresponding failure reasons based on the counted historical failure times, wherein the higher the historical failure times, the lower the priority;
and taking the priority corresponding to the failure reason represented by each of the plurality of scanning failure results as the priority of the corresponding initial scanning task.
In a possible embodiment, the second processing module 702 is specifically configured to:
counting the current failure times of each failure reason based on the failure reasons represented by the scanning failure results;
determining weights corresponding to failure reasons represented by a plurality of scanning failure results respectively based on the pre-stored mapping relation between the failure reasons and the weights;
based on the counted current failure times and the products between the current failure times and the corresponding weights, priorities are configured for the corresponding failure reasons, wherein the larger the product is, the lower the priority is;
and taking the priority corresponding to the failure reason represented by each of the plurality of scanning failure results as the priority of the corresponding initial scanning task.
In a possible embodiment, the second processing module 702 is further configured to:
and after fusion processing is carried out on the obtained successful scanning results to obtain a target scanning result of a target port scanning range, the target scanning result is sent to the client in response to the checking operation triggered aiming at the target scanning result, so that the client receives the target scanning result and presents an initial scanning task or a target scanning task corresponding to each successful scanning result.
Referring to fig. 8, the port scanning apparatus may be run on a computer device 800, and a current version and a historical version of a data storage program and application software corresponding to the data storage program may be installed on the computer device 800, where the computer device 800 includes a processor 880 and a memory 820. In some embodiments, the computer device 800 may include a display unit 840, the display unit 840 including a display panel 841 for displaying an interface for interaction by a user, or the like.
In one possible embodiment, the Display panel 841 may be configured in the form of a Liquid Crystal Display (LCD) or an Organic Light-Emitting Diode (OLED) or the like.
The processor 880 is used to read the computer program and then execute a method defined by the computer program, for example, the processor 880 reads a data storage program or a file, etc., so as to run the data storage program on the computer device 800 and display a corresponding interface on the display unit 840. The Processor 880 may include one or more general-purpose processors, and may further include one or more DSPs (Digital Signal processors) for performing relevant operations to implement the technical solutions provided in the embodiments of the present application.
The display unit 840 is used to receive input numerical information, character information, or contact touch operation/non-contact gesture, and generate signal input related to user setting and function control of the computer device 800, and the like. Specifically, in the embodiment of the present application, the display unit 840 may include a display panel 841. The display panel 841, such as a touch screen, may collect touch operations of a user (e.g., operations of a user on the display panel 841 or on the display panel 841 using a finger, a stylus, or any other suitable object or accessory) thereon or nearby, and drive a corresponding connection device according to a preset program.
In one possible embodiment, the display panel 841 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a player, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts it to touch point coordinates, and sends the touch point coordinates to the processor 880, and can receive and execute commands from the processor 880.
The display panel 841 can be implemented by various types, such as resistive, capacitive, infrared, and surface acoustic wave. In addition to the display unit 840, in some embodiments, the computer device 800 may also include an input unit 830, and the input unit 830 may include an image input device 831 and other input devices 832, wherein the other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
In addition to the above, computer device 800 may also include a power supply 890 for powering the other modules, audio circuitry 860, near field communication module 870, and RF circuitry 810. The computer device 800 may also include one or more sensors 850, such as acceleration sensors, light sensors, pressure sensors, and the like. The audio circuit 860 specifically includes a speaker 861, a microphone 862, and the like, for example, the computer device 800 may collect the sound of the user through the microphone 862 and perform corresponding operations.
For one embodiment, the number of the processors 880 may be one or more, and the processors 880 and the memory 820 may be coupled or relatively independent.
As an embodiment, the processor 880 in fig. 8 may be used to implement the functions of the first processing module 701 and the second processing module 702 in fig. 7.
As an example, the processor 880 in fig. 8 may be used to implement the corresponding functions of the server or the terminal device discussed above.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on this understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, for example, a computer program product stored in a storage medium and including instructions for causing a computer device to perform all or part of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (15)
1. A method for port scanning, comprising:
dividing a scanning range of a target port to obtain a plurality of initial scanning ranges, and respectively establishing corresponding initial scanning tasks based on the plurality of initial scanning ranges;
respectively executing a plurality of established initial scanning tasks to obtain corresponding initial scanning results; wherein, each initial scanning result is a scanning failure result or a scanning success result;
when there is at least one scan failure result, for each scan failure result, performing the following operations: based on a failure reason represented by a scanning failure result, performing at least one round of task updating processing on a corresponding initial scanning task to obtain a target scanning task and a corresponding scanning success result;
and fusing the obtained successful scanning results to obtain a target scanning result of the scanning range of the target port.
2. The method of claim 1, wherein the dividing the target port scan range to obtain a plurality of initial scan ranges comprises:
acquiring an internet protocol address set to be scanned and a port address set to be scanned contained in each internet protocol address in the internet protocol address set to obtain a target port scanning range;
and dividing the scanning range of the target port by taking one internet protocol address and at least one port address contained in the one internet protocol address as a group to obtain a plurality of initial scanning ranges.
3. The method according to claim 1, wherein the performing the established plurality of initial scanning tasks respectively to obtain corresponding initial scanning results comprises:
sending the plurality of initial scanning tasks to a message queue middleware, so that the message queue middleware selects an alternative scanning node with an idle state mark from all alternative scanning nodes as an initial scanning node, controls the selected at least one initial scanning node, respectively executes the plurality of initial scanning tasks, and obtains and feeds back a corresponding initial scanning result;
and receiving initial scanning results fed back by the message queue middleware to obtain each initial scanning result.
4. The method according to claim 1, wherein the performing the established plurality of initial scanning tasks respectively to obtain corresponding initial scanning results comprises:
sequencing the plurality of initial scanning tasks to obtain an initial scanning task sequence;
based on the initial scanning task sequence, sequentially aiming at the plurality of initial scanning tasks, the following operations are executed:
when determining that the alternative scanning nodes with the idle state marks exist in all the alternative scanning nodes, selecting one alternative scanning node with the idle state marks as an initial scanning node;
updating the idle state mark of the initial scanning node into a busy state mark;
and controlling the initial scanning node to execute an initial scanning task to obtain an initial scanning result.
5. The method according to any one of claims 1 to 4, wherein the performing at least one round of task update processing on the corresponding initial scanning task based on the failure reason represented by one scanning failure result to obtain the target scanning task and the corresponding scanning success result includes:
in each round of task updating processing, the following operations are executed:
based on the failure reason represented by the scanning failure result, adjusting the initial scanning range indicated by the initial scanning task, establishing and executing an updating scanning task, and obtaining an updating scanning result;
when the updated scanning result is a scanning success result, taking the updated scanning task as the target scanning task and obtaining a corresponding scanning success result;
and when the updated scanning result is a scanning failure result and the number of times of task updating processing is not more than the preset number of times, taking the updated scanning result as the initial scanning task and taking the updated scanning result as the scanning failure result to perform the next round of task updating processing.
6. The method according to claim 5, wherein the adjusting the initial scanning range indicated by the initial scanning task based on the failure reason represented by the one scanning failure result, and establishing and executing an updated scanning task to obtain an updated scanning result comprises:
determining a target time for re-executing the initial scanning task based on the failure reason represented by the scanning failure result and the current time;
adjusting an initial scanning range indicated by the initial scanning task to establish the updated scanning task;
selecting alternative scanning nodes with idle state marks from all the alternative scanning nodes as updated scanning nodes;
and controlling the update scanning node to execute the update scanning task at the target moment to obtain the update scanning result.
7. The method according to claim 5, wherein after the step of adjusting the initial scanning range indicated by the initial scanning task, establishing and executing an updated scanning task, and obtaining an updated scanning result, based on the failure reason characterized by the one scanning failure result, further comprises:
and when the updated scanning result is a scanning failure result and the number of times of task updating processing is greater than the preset number of times, sending failure prompt information to a client based on the failure reason represented by the scanning failure result, wherein the failure prompt information is used for prompting that a failure corresponding to the failure reason represented by the scanning failure result exists.
8. The method according to any one of claims 1 to 4, wherein when the at least one scan failure result is a plurality of scan failure results, the following operations are performed for each scan failure result: based on a failure reason represented by a scanning failure result, at least one round of task updating processing is carried out on a corresponding initial scanning task to obtain a target scanning task and a corresponding scanning success result, and the method comprises the following steps:
determining the priority of an initial scanning task corresponding to each of a plurality of scanning failure results based on the failure reasons represented by each of the plurality of scanning failure results, wherein the priority is used for representing the probability of obtaining a scanning success result after at least one round of task updating processing is carried out on the corresponding initial scanning task, and the higher the probability is, the higher the priority is;
based on the order of the priority of the initial scanning task corresponding to each of the plurality of scanning failure results, the following operations are executed for each initial scanning task in sequence: and performing at least one round of task updating processing on the corresponding initial scanning task based on a failure reason represented by a scanning failure result to obtain a target scanning task and a corresponding scanning success result.
9. The method of claim 8, wherein determining the priority of the initial scan task corresponding to each of the plurality of scan failure results based on the failure reason characterized by each of the plurality of scan failure results comprises:
counting the historical failure times of each failure reason based on the failure reasons represented by the scanning failure results of each historical scanning task in the historical time;
configuring priorities for corresponding failure reasons based on the counted historical failure times, wherein the higher the historical failure times, the lower the priority;
and taking the priority corresponding to the failure reason represented by each of the plurality of scanning failure results as the priority of the corresponding initial scanning task.
10. The method of claim 8, wherein determining the priority of the initial scan task corresponding to each of the plurality of scan failure results based on the failure reason characterized by each of the plurality of scan failure results comprises:
counting the current failure times of each failure reason based on the failure reasons represented by the scanning failure results;
determining weights corresponding to failure reasons represented by the scanning failure results respectively based on pre-stored mapping relations between the failure reasons and the weights;
based on the counted current failure times and the products between the current failure times and the corresponding weights, priorities are configured for the corresponding failure reasons, wherein the larger the product is, the lower the priority is;
and taking the priority corresponding to the failure reason represented by each of the plurality of scanning failure results as the priority of the corresponding initial scanning task.
11. The method according to any one of claims 1 to 4, further comprising, after performing fusion processing on the obtained successful results of the scanning to obtain a target scanning result of the scanning range of the target port:
and responding to a viewing operation triggered by the target scanning result, sending the target scanning result to a client so that the client receives the target scanning result and presents an initial scanning task or a target scanning task corresponding to each scanning success result.
12. A port scanning device, comprising:
a first processing module: the system comprises a scanning range acquisition module, a scanning range generation module, a scanning range calculation module and a scanning range calculation module, wherein the scanning range acquisition module is used for acquiring a plurality of initial scanning ranges and respectively establishing corresponding initial scanning tasks based on the plurality of initial scanning ranges;
a second processing module: the system comprises a plurality of scanning modules, a plurality of scanning modules and a plurality of scanning modules, wherein the scanning modules are used for respectively executing a plurality of established initial scanning tasks and obtaining corresponding initial scanning results; wherein, each initial scanning result is a scanning failure result or a scanning success result;
the second processing module is further configured to: when there is at least one scan failure result, for each scan failure result, performing the following operations: based on a failure reason represented by a scanning failure result, performing at least one round of task updating processing on a corresponding initial scanning task to obtain a target scanning task and a corresponding scanning success result;
the second processing module is further configured to: and fusing the obtained successful scanning results to obtain a target scanning result of the scanning range of the target port.
13. A computer program product comprising a computer program, characterized in that the computer program realizes the method according to any of claims 1-11 when executed by a processor.
14. A computer device, comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing the method according to any one of claims 1 to 11 according to the obtained program instructions.
15. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210218768.0A CN114338415B (en) | 2022-03-08 | 2022-03-08 | Port scanning method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210218768.0A CN114338415B (en) | 2022-03-08 | 2022-03-08 | Port scanning method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338415A true CN114338415A (en) | 2022-04-12 |
| CN114338415B CN114338415B (en) | 2022-06-03 |
Family
ID=81033181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210218768.0A Active CN114338415B (en) | 2022-03-08 | 2022-03-08 | Port scanning method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338415B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN110691072A (en) * | 2019-09-11 | 2020-01-14 | 光通天下网络科技股份有限公司 | Distributed port scanning method, device, medium and electronic equipment |
| US20210297305A1 (en) * | 2018-12-11 | 2021-09-23 | Huawei Technologies Co., Ltd. | Fault root cause identification method, apparatus, and device |
| CN114050940A (en) * | 2022-01-10 | 2022-02-15 | 北京华云安信息技术有限公司 | Asset vulnerability detection method and device and electronic equipment |
-
2022
- 2022-03-08 CN CN202210218768.0A patent/CN114338415B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| US20210297305A1 (en) * | 2018-12-11 | 2021-09-23 | Huawei Technologies Co., Ltd. | Fault root cause identification method, apparatus, and device |
| CN110691072A (en) * | 2019-09-11 | 2020-01-14 | 光通天下网络科技股份有限公司 | Distributed port scanning method, device, medium and electronic equipment |
| CN114050940A (en) * | 2022-01-10 | 2022-02-15 | 北京华云安信息技术有限公司 | Asset vulnerability detection method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338415B (en) | 2022-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757906B2 (en) | Detecting behavior anomalies of cloud users for outlier actions | |
| CN108776934B (en) | Distributed data calculation method and device, computer equipment and readable storage medium | |
| CN110266716B (en) | Unified service platform system of power grid | |
| JP5054120B2 (en) | Apparatus and method for providing and providing an indication of communication events on a map | |
| US6862619B1 (en) | Network management system equipped with event control means and method | |
| US10944655B2 (en) | Data verification based upgrades in time series system | |
| CN108600034B (en) | Service pressure management method, device, equipment, system and storage medium | |
| US12013933B2 (en) | Enhancing security using anomaly detection | |
| US11656928B2 (en) | Detecting datacenter mass outage with near real-time/offline using ml models | |
| US20140259167A1 (en) | Behavior based application blacklisting | |
| EP3566141B1 (en) | Integrated application issue detection and correction control | |
| CN109684155A (en) | Monitor configuration method, device, equipment and readable storage medium storing program for executing | |
| CN110471749A (en) | Task processing method, device, computer readable storage medium and computer equipment | |
| CN108540582B (en) | Terminal identification processing method, server and terminal | |
| US20170031743A1 (en) | Quorum based distributed anomaly detection and repair | |
| CN111625383A (en) | Process abnormal event processing method and device, electronic equipment and storage medium | |
| US20200348840A1 (en) | System and method for event driven storage management | |
| CN108270839A (en) | Access frequency control system and method | |
| CN114338415B (en) | Port scanning method and device, computer equipment and storage medium | |
| US7860919B1 (en) | Methods and apparatus assigning operations to agents based on versions | |
| US10970157B2 (en) | Detecting and surfacing user interactions | |
| CN112199176A (en) | Service processing method, device and related equipment | |
| US10579446B2 (en) | Per-request event detection to improve request-response latency | |
| CN110727555A (en) | Service interface management method, device, medium and computer equipment | |
| CN114760121B (en) | Access frequency control method and access frequency control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |