CN114363206A - Terminal asset identification method and device, computing equipment and computer storage medium - Google Patents
Terminal asset identification method and device, computing equipment and computer storage medium Download PDFInfo
- Publication number
- CN114363206A CN114363206A CN202111629025.4A CN202111629025A CN114363206A CN 114363206 A CN114363206 A CN 114363206A CN 202111629025 A CN202111629025 A CN 202111629025A CN 114363206 A CN114363206 A CN 114363206A
- Authority
- CN
- China
- Prior art keywords
- terminal
- asset
- asset information
- preset
- confidence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 76
- 230000005540 biological transmission Effects 0.000 claims abstract description 29
- 238000000605 extraction Methods 0.000 claims abstract description 22
- 230000006854 communication Effects 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 15
- 238000004458 analytical method Methods 0.000 claims description 7
- 230000000875 corresponding effect Effects 0.000 description 51
- 238000004364 calculation method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000011664 signaling Effects 0.000 description 5
- 230000009191 jumping Effects 0.000 description 4
- 230000000670 limiting effect Effects 0.000 description 4
- 238000012937 correction Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000010924 continuous production Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Abstract
The invention discloses a terminal asset identification method, a terminal asset identification device, computing equipment and a computer storage medium. The method comprises the following steps: acquiring terminal flow transmitted by a terminal to be identified based on a preset transmission protocol; analyzing the terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction fields corresponding to the terminal asset information are defined in the preset character template; calculating a 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight; if the 1 st asset confidence value is larger than or equal to a preset confidence threshold value, determining the 1 st terminal asset information as the terminal asset information of the terminal to be identified; and if the asset confidence value 1 is smaller than the preset confidence threshold value, skipping to the step of acquiring the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol, so that the asset information of the terminal can be accurately identified, and the identified terminal asset information is more complete.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a terminal asset identification method, a terminal asset identification device, computing equipment and a computer storage medium.
Background
With the continuous upgrading of network technology and the continuous improvement of network bandwidth, terminal devices such as network cameras and network video recorders are becoming indispensable tools in human life. Generally, thousands of terminal devices are distributed in different areas in a video network, and how to accurately and completely identify the terminal assets becomes an important problem.
Common terminal asset identification methods based on network traffic mainly focus on technologies such as ports, protocols, device fingerprints and the like, which need to extract session information from captured terminal traffic and perform Deep Packet Inspection (DPI) at the same time, however, there are situations of poor identification accuracy and incomplete asset information identification.
Disclosure of Invention
In view of the above, the present invention has been made to provide a terminal asset identification method, apparatus, computing device and computer storage medium that overcome or at least partially address the above-mentioned problems.
According to an aspect of the present invention, there is provided a terminal asset identification method, including:
acquiring terminal flow transmitted by a terminal to be identified based on a preset transmission protocol;
analyzing the terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction fields corresponding to the terminal asset information are defined in the preset character template;
calculating a 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
if the 1 st asset confidence value is larger than or equal to a preset confidence threshold value, determining the 1 st terminal asset information as the terminal asset information of the terminal to be identified; and if the asset confidence value 1 is smaller than a preset confidence threshold value, skipping to the step of acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol.
According to another aspect of the present invention, there is provided a terminal asset identification device, including:
the acquisition module is suitable for acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol;
the analysis module is suitable for analyzing the terminal flow by utilizing a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction fields corresponding to the terminal asset information are defined in the preset character template;
the computing module is suitable for computing a 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
the determining module is suitable for determining the 1 st terminal asset information as the terminal asset information of the terminal to be identified if the 1 st asset confidence value is greater than or equal to a preset confidence threshold value; and if the 1 st asset confidence value is smaller than a preset confidence threshold value, triggering the acquisition module to execute.
According to yet another aspect of the present invention, there is provided a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the terminal asset identification method.
According to still another aspect of the present invention, there is provided a computer storage medium having at least one executable instruction stored therein, the executable instruction causing a processor to perform operations corresponding to the above-mentioned terminal asset identification method.
The method and the device can accurately identify the asset information of the terminal based on the terminal flow, and the identified asset information of the terminal is more complete.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 illustrates a flow diagram of a terminal asset identification method according to one embodiment of the present invention;
FIG. 2 illustrates a flow diagram of a terminal asset identification method according to another embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a terminal asset identification device according to an embodiment of the present invention;
FIG. 4 shows a schematic structural diagram of a computing device according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a flowchart illustrating a terminal asset identification method according to an embodiment of the present invention.
As shown in fig. 1, the method comprises the steps of:
and step S101, acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol.
Specifically, the embodiment is mainly used for identifying assets corresponding to industrial terminals, for example, assets corresponding to terminals such as a network camera IPC and a network video recorder NVR, which are commonly used in a video monitoring network, where the terminal assets mainly include: terminal manufacturer information, terminal model information, etc., which are not listed here.
When the resource corresponding to a certain terminal needs to be identified, the terminal traffic transmitted by the terminal to be identified based on the preset transmission protocol may be obtained, where the terminal traffic includes an audio/video stream and a control signaling stream, and the embodiment mainly analyzes the control signaling stream.
And S102, analyzing the terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extracted field, wherein the extracted fields corresponding to the terminal asset information are defined in the preset character template.
In this embodiment, a character template is preset, extraction fields corresponding to terminal asset information are defined in the character template, after terminal traffic is acquired, the preset character template may be used to analyze the terminal traffic, and the 1 st terminal asset information corresponding to each extraction field may be obtained through analysis, where the terminal asset information is asset information related to a terminal, such as terminal manufacturer information, model information, and the like.
And step S103, calculating a 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight.
In this step, each 1 st terminal asset information is assigned with a confidence weight, for example, a confidence weight value of 30%, 20%, 15%, etc., and then the 1 st asset confidence value is calculated by combining the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, for example, the 1 st asset confidence value is calculated by a weighted summation method.
Step S104, if the 1 st asset confidence value is greater than or equal to a preset confidence threshold value, determining the 1 st terminal asset information as the terminal asset information of the terminal to be identified; and if the 1 st asset confidence value is smaller than the preset confidence threshold value, jumping to the step S101.
Specifically, after the 1 st asset confidence value is obtained through calculation, the 1 st asset confidence value is compared with a preset confidence threshold value, for example, the preset confidence threshold value is set to be 85%, and if the 1 st asset confidence value is greater than or equal to the preset confidence threshold value, the 1 st terminal asset information is determined as the terminal asset of the terminal to be identified; and if the 1 st asset confidence value is smaller than the preset confidence threshold value, jumping to the step S101.
The method and the device can accurately identify the asset information of the terminal based on the terminal flow, and the identified asset information of the terminal is more complete.
Fig. 2 shows a flowchart illustrating a terminal asset identification method according to an embodiment of the present invention.
As shown in fig. 2, the method comprises the steps of:
step S201, associating the terminal traffic of the terminal to be identified, which is transmitted based on the preset transmission protocol, according to the terminal metadata and the call identifier, and acquiring the associated terminal traffic.
Specifically, terminal traffic of the terminal to be identified may be dispersed, and in order to improve accuracy of terminal asset identification, the dispersed terminal traffic may be associated, for example, the terminal traffic transmitted by the terminal to be identified based on a preset transmission protocol is associated according to terminal metadata and a call identifier, where the terminal metadata includes: source IP address (SIP), destination IP address (DIP), source port number (port), destination port number (DPORT).
The SIP, the DIP, the SPORT and the DPORT are called network quadruplets, the terminal traffic comprises audio and video streams and control signaling streams, and the control signaling streams comprise terminal metadata and a call identifier (SIP _ CALLID), so that the terminal traffic of the terminal to be identified can be tracked through the terminal metadata (SIP, DIP, SPORT and DPORT) and the SIP _ CALLID, and the association of the terminal traffic is realized. The embodiment mainly analyzes the control signaling flow to identify and determine the terminal asset.
The embodiment is mainly used for identifying industrial terminals, for example, assets corresponding to terminals such as a network camera IPC and a network video recorder NVR which are common in a video monitoring network, wherein the terminal assets mainly include: terminal manufacturer information, terminal model information, etc., which are not listed here.
Step S202, identifying and determining a protocol communication process from a protocol header of a transmission protocol corresponding to the terminal flow.
The terminal traffic in this embodiment is transmitted based on a preset transmission protocol, for example, the GB28181 protocol, and the GB28181 protocol has the following protocol communication process: the method comprises a REGISTER registration process, a heartbeat process, a directory retrieval process, a preview process, a video playback process, an equipment information inquiry process and a logout process, wherein in a common situation, a protocol communication process is encapsulated in a protocol header of a transmission protocol corresponding to terminal flow, so that the protocol communication process can be identified and determined from the protocol header of the transmission protocol corresponding to the terminal flow. For example, the protocol header of the transport protocol encapsulates the keyword REGISTER, and by analyzing the protocol header to determine that the protocol header carries the REGISTER, the REGISTER registration process can be determined, which is only an example and does not have any limiting effect.
And step S203, analyzing the terminal flow by using a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
In this embodiment, a character template is respectively set for each protocol communication process, and therefore, after the protocol communication process is determined according to step S202, the terminal traffic can be analyzed by using the character template matched with the protocol communication process, and the 1 st terminal asset information corresponding to each extracted field is obtained. The character template is specifically a regular expression.
Specifically, after obtaining the terminal traffic of at least one Protocol communication process, the corresponding terminal asset information 1 may be extracted from an extraction field of the terminal traffic of at least one Protocol communication process, for example, the corresponding terminal asset information 1 is extracted from a User Agent field (UA field for short) carried in a Message Header field (Message Header) of a REGISTER registration Message, and specific manufacturer and model information of the terminal asset is extracted from a Media Dec field, etc. carried in a Session Description Protocol field (Session Description Protocol field) of a preview Message. For example, the UA field may extract information such as Hikvision, the Media Dec field may extract codec number information supported by IPC such as RTP/AVP 969798, and a specific vendor may be determined by the codec number information.
And step S204, calculating a 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight.
In this step, each 1 st terminal asset information is assigned with a confidence weight, for example, a confidence weight value of 30%, 20%, 15%, etc., and then the 1 st asset confidence value is calculated by combining the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, for example, the 1 st asset confidence value is calculated by a weighted summation method.
Step S205, if the 1 st asset confidence value is larger than or equal to a preset confidence threshold, determining the 1 st terminal asset information as the initial terminal asset information of the terminal to be identified; and if the 1 st asset confidence value is smaller than the preset confidence threshold value, jumping to the step S201.
Specifically, after the 1 st asset confidence value is obtained through calculation, the 1 st asset confidence value is compared with a preset confidence threshold value, for example, the preset confidence threshold value is set to be 85%, if the 1 st asset confidence value is greater than or equal to the preset confidence threshold value, the 1 st terminal asset information is determined as the initial terminal asset of the terminal to be identified, that is, the terminal asset identification has a first conclusion; and if the 1 st asset confidence value is smaller than the preset confidence threshold value, jumping to the step S201.
And step S206, correlating the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol according to the terminal metadata and the call identifier again, and acquiring the correlated terminal flow.
In this embodiment, the terminal traffic is a continuous process, and therefore, whether the initial terminal asset is accurate or not can be continuously verified according to the subsequent terminal traffic, that is, self-correction is performed according to the subsequent terminal traffic. This step is implemented similarly to step S201, and is not described here again.
And step S207, analyzing the terminal flow by using a preset character template to obtain ith terminal asset information corresponding to each extraction field, wherein i is more than or equal to 2, and i is an integer.
Similar to the implementation of step S203, details are not repeated here, and it should be noted that the ith terminal asset information obtained in this step may be new terminal asset information extracted again, or may be a combination of part of the new terminal asset information obtained by extraction and part of the terminal asset information obtained before, for example, when the terminal is an OEM terminal, there may be a case where the ith terminal asset information determined by the extraction field is not unique.
And step S208, calculating an ith asset confidence value according to the ith terminal asset information corresponding to each extracted field and the corresponding confidence weight.
This step is implemented similarly to step S204, and is not described in detail here.
And step S209, if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the (i-1) th asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified.
And after the ith asset confidence value is obtained through calculation, comparing the ith asset confidence value with the 1 st asset confidence value to the i-1 st asset confidence value, and if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified, and finally finishing the whole process of asset identification.
Optionally, in this embodiment, whether the terminal traffic is transmitted based on the preset transmission protocol may also be identified by whether the port number corresponding to the transmission protocol and the preset keyword are included, for example, the port number is 5060, if yes, the terminal traffic transmitted by the terminal to be identified based on the preset transmission protocol is obtained, and if not, the terminal traffic is ignored.
The method and the device can accurately identify the asset information of the terminal based on the terminal flow, the identified terminal asset information is more complete, and continuous correction can be performed according to the subsequent terminal flow, so that more accurate terminal asset information is obtained.
Fig. 3 is a schematic structural diagram illustrating a terminal asset recognition apparatus according to an embodiment of the present invention. As shown in fig. 3, the apparatus includes: the device comprises an acquisition module 301, an analysis module 302, a calculation module 303 and a determination module 304.
The acquiring module 301 is adapted to acquire a terminal traffic transmitted by a terminal to be identified based on a preset transmission protocol;
the analysis module 302 is adapted to analyze the terminal traffic by using a preset character template to obtain the 1 st terminal asset information corresponding to each extracted field, wherein the extracted fields corresponding to the terminal asset information are defined in the preset character template;
the calculation module 303 is adapted to calculate a 1 st asset confidence value according to the 1 st terminal asset information and the corresponding confidence weight corresponding to each extracted field;
the determining module 304 is adapted to determine the 1 st terminal asset information as the terminal asset information of the terminal to be identified if the 1 st asset confidence value is greater than or equal to the preset confidence threshold value; and if the 1 st asset confidence value is smaller than a preset confidence threshold value, triggering the acquisition module to execute.
Optionally, the analysis module is further adapted to: analyzing the terminal flow by using a preset character template to obtain ith terminal asset information corresponding to each extraction field;
the calculation module is further adapted to: calculating an ith asset confidence value according to ith terminal asset information corresponding to each extraction field and corresponding confidence weight, wherein i is more than or equal to 2, and i is an integer;
the determination module is further adapted to: and if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the (i-1) th asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified.
Optionally, the analysis module is further adapted to: identifying and determining a protocol communication process from a protocol header of a transmission protocol corresponding to the terminal flow;
and analyzing the terminal flow by using a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
Optionally, the protocol communication procedure includes: the method comprises a registration process, a heartbeat process, a catalog retrieval process, a preview process, a video playback process, an equipment information inquiry process and a logout process.
Optionally, the obtaining module is further adapted to: associating the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol according to the terminal metadata and the call identifier;
analyzing the terminal flow by using a preset character template, and obtaining the 1 st terminal asset information corresponding to each extracted field further comprises:
and analyzing the associated terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field.
Optionally, the terminal metadata includes: source IP address, destination IP address, source port number, destination port number.
Optionally, the transmission protocol is: the GB28181 protocol.
The method and the device can accurately identify the asset information of the terminal based on the terminal flow, the identified terminal asset information is more complete, and continuous correction can be performed according to the subsequent terminal flow, so that more accurate terminal asset information is obtained.
The embodiment of the application also provides a nonvolatile computer storage medium, wherein the computer storage medium stores at least one executable instruction, and the computer executable instruction can execute the terminal asset identification method in any method embodiment.
Fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computing device.
As shown in fig. 4, the computing device may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein:
the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
The processor 402 is configured to execute the program 410, and may specifically execute the relevant steps in the above-described terminal asset identification method embodiment.
In particular, program 410 may include program code comprising computer operating instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 410 may specifically be adapted to cause the processor 402 to perform the terminal asset identification method in any of the method embodiments described above. For specific implementation of each step in the program 410, reference may be made to corresponding steps and corresponding descriptions in units in the foregoing terminal asset identification embodiment, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.
Claims (10)
1. A terminal asset identification method comprises the following steps:
acquiring terminal flow transmitted by a terminal to be identified based on a preset transmission protocol;
analyzing the terminal flow by using a preset character template to obtain 1 st terminal asset information corresponding to each extraction field, wherein the extraction fields corresponding to the terminal asset information are defined in the preset character template;
calculating a 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
if the 1 st asset confidence value is larger than or equal to a preset confidence threshold value, determining the 1 st terminal asset information as the terminal asset information of the terminal to be identified; and if the asset confidence value 1 is smaller than a preset confidence threshold value, skipping to the step of acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol.
2. The method of claim 1, wherein the method further comprises: the method comprises the following steps of updating terminal asset information:
re-acquiring the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol;
analyzing the terminal flow by using the preset character template to obtain ith terminal asset information corresponding to each extraction field, wherein i is more than or equal to 2, and i is an integer;
calculating an ith asset confidence value according to the ith terminal asset information corresponding to each extraction field and the corresponding confidence weight;
and if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the (i-1) th asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified.
3. The method according to claim 1 or 2, wherein the analyzing the terminal traffic by using a preset character template to obtain the 1 st terminal asset information corresponding to each extracted field further comprises:
identifying and determining a protocol communication process from a protocol header of a transmission protocol corresponding to the terminal flow;
and analyzing the terminal flow by using a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
4. The method of claim 3, wherein the protocol communication procedure comprises one or more of: the method comprises a registration process, a heartbeat process, a catalog retrieval process, a preview process, a video playback process, an equipment information inquiry process and a logout process.
5. The method according to claim 1 or 2, wherein the obtaining of the terminal traffic transmitted by the terminal to be identified based on the preset transmission protocol further comprises:
associating the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol according to the terminal metadata and the call identifier;
the analyzing the terminal flow by using the preset character template to obtain the 1 st terminal asset information corresponding to each extracted field further comprises:
and analyzing the associated terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field.
6. The method of claim 5, wherein the terminal metadata comprises: source IP address, destination IP address, source port number, destination port number.
7. The method according to any of claims 1-4, wherein the transmission protocol is: the GB28181 protocol.
8. A terminal asset identification device comprising:
the acquisition module is suitable for acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol;
the analysis module is suitable for analyzing the terminal flow by utilizing a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction fields corresponding to the terminal asset information are defined in the preset character template;
the computing module is suitable for computing a 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
the determining module is suitable for determining the 1 st terminal asset information as the terminal asset of the terminal to be identified if the 1 st asset confidence value is greater than or equal to a preset confidence threshold value; and if the 1 st asset confidence value is smaller than a preset confidence threshold value, triggering an acquisition module to execute.
9. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the terminal asset identification method according to any one of claims 1-7.
10. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the terminal asset identification method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111629025.4A CN114363206A (en) | 2021-12-28 | 2021-12-28 | Terminal asset identification method and device, computing equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111629025.4A CN114363206A (en) | 2021-12-28 | 2021-12-28 | Terminal asset identification method and device, computing equipment and computer storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114363206A true CN114363206A (en) | 2022-04-15 |
Family
ID=81103456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111629025.4A Pending CN114363206A (en) | 2021-12-28 | 2021-12-28 | Terminal asset identification method and device, computing equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363206A (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100091873A (en) * | 2009-02-11 | 2010-08-19 | 엘지전자 주식회사 | Method for recognizing ue capability |
| CN105095919A (en) * | 2015-09-08 | 2015-11-25 | 北京百度网讯科技有限公司 | Image recognition method and image recognition device |
| US20160380867A1 (en) * | 2015-06-23 | 2016-12-29 | Above Security Inc. | Method and System for Detecting and Identifying Assets on a Computer Network |
| CN108833541A (en) * | 2018-06-15 | 2018-11-16 | 北京奇安信科技有限公司 | A kind of method and device of identification terminal information |
| CN109688183A (en) * | 2018-08-20 | 2019-04-26 | 深圳壹账通智能科技有限公司 | Group control device recognition methods, device, equipment and computer readable storage medium |
| CN109961080A (en) * | 2017-12-26 | 2019-07-02 | 腾讯科技(深圳)有限公司 | Terminal identification method and device |
| CN109978170A (en) * | 2019-03-05 | 2019-07-05 | 浙江邦盛科技有限公司 | A kind of mobile device recognition methods based on more elements |
| CN111177483A (en) * | 2019-12-04 | 2020-05-19 | 北京奇虎科技有限公司 | Terminal device identification method, device and computer readable storage medium |
| CN111460803A (en) * | 2020-03-18 | 2020-07-28 | 北京邮电大学 | Equipment identification method based on Web management page of industrial Internet of things equipment |
| CN112039853A (en) * | 2020-08-11 | 2020-12-04 | 深信服科技股份有限公司 | Asset identification method and device for local area network, equipment and readable storage medium |
| CN112087744A (en) * | 2020-08-21 | 2020-12-15 | 宜通世纪科技股份有限公司 | Method, system, device and storage medium for identifying terminal model |
| CN112806045A (en) * | 2018-12-05 | 2021-05-14 | 深圳市欢太科技有限公司 | Pseudo base station identification method and device, electronic equipment and computer readable storage medium |
| CN113660663A (en) * | 2021-07-27 | 2021-11-16 | 杭州安恒信息技术股份有限公司 | Internet of things equipment identification method and device, computer equipment and storage medium |
| CN113706100A (en) * | 2021-08-24 | 2021-11-26 | 国网辽宁省电力有限公司电力科学研究院 | Real-time detection and identification method and system for distribution network Internet of things terminal equipment |
-
2021
- 2021-12-28 CN CN202111629025.4A patent/CN114363206A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100091873A (en) * | 2009-02-11 | 2010-08-19 | 엘지전자 주식회사 | Method for recognizing ue capability |
| US20160380867A1 (en) * | 2015-06-23 | 2016-12-29 | Above Security Inc. | Method and System for Detecting and Identifying Assets on a Computer Network |
| CN105095919A (en) * | 2015-09-08 | 2015-11-25 | 北京百度网讯科技有限公司 | Image recognition method and image recognition device |
| CN109961080A (en) * | 2017-12-26 | 2019-07-02 | 腾讯科技(深圳)有限公司 | Terminal identification method and device |
| CN108833541A (en) * | 2018-06-15 | 2018-11-16 | 北京奇安信科技有限公司 | A kind of method and device of identification terminal information |
| CN109688183A (en) * | 2018-08-20 | 2019-04-26 | 深圳壹账通智能科技有限公司 | Group control device recognition methods, device, equipment and computer readable storage medium |
| CN112806045A (en) * | 2018-12-05 | 2021-05-14 | 深圳市欢太科技有限公司 | Pseudo base station identification method and device, electronic equipment and computer readable storage medium |
| CN109978170A (en) * | 2019-03-05 | 2019-07-05 | 浙江邦盛科技有限公司 | A kind of mobile device recognition methods based on more elements |
| CN111177483A (en) * | 2019-12-04 | 2020-05-19 | 北京奇虎科技有限公司 | Terminal device identification method, device and computer readable storage medium |
| CN111460803A (en) * | 2020-03-18 | 2020-07-28 | 北京邮电大学 | Equipment identification method based on Web management page of industrial Internet of things equipment |
| CN112039853A (en) * | 2020-08-11 | 2020-12-04 | 深信服科技股份有限公司 | Asset identification method and device for local area network, equipment and readable storage medium |
| CN112087744A (en) * | 2020-08-21 | 2020-12-15 | 宜通世纪科技股份有限公司 | Method, system, device and storage medium for identifying terminal model |
| CN113660663A (en) * | 2021-07-27 | 2021-11-16 | 杭州安恒信息技术股份有限公司 | Internet of things equipment identification method and device, computer equipment and storage medium |
| CN113706100A (en) * | 2021-08-24 | 2021-11-26 | 国网辽宁省电力有限公司电力科学研究院 | Real-time detection and identification method and system for distribution network Internet of things terminal equipment |
Non-Patent Citations (1)
| Title |
|---|
| 韦峰;蒋凡;: "基于信息流的资产识别及其重要性评估方法研究", 《信息网络安全》, no. 12, 10 December 2014 (2014-12-10) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11451566B2 (en) | Network traffic anomaly detection method and apparatus | |
| CN108985199B (en) | Detection method and device for commodity taking and placing operation and storage medium | |
| CN111045952B (en) | Software testing method, flow playback device, terminal equipment and readable storage medium | |
| CN110609937A (en) | Crawler identification method and device | |
| CN109905292B (en) | Terminal equipment identification method, system and storage medium | |
| CN110031697B (en) | Method, device, system and computer readable medium for testing target identification equipment | |
| CN104219230A (en) | Method and device for identifying malicious websites | |
| CN113763211A (en) | Infringement detection method and device based on block chain and electronic equipment | |
| CN113472803A (en) | Vulnerability attack state detection method and device, computer equipment and storage medium | |
| CN107070851B (en) | System and method for connecting fingerprint generation and stepping stone tracing based on network flow | |
| CN112637223B (en) | Application protocol identification method and device, computer equipment and storage medium | |
| CN108287859B (en) | Multimedia information retrieval method and device | |
| CN114363206A (en) | Terminal asset identification method and device, computing equipment and computer storage medium | |
| CN110163183B (en) | Target detection algorithm evaluation method and device, computer equipment and storage medium | |
| CN107517237B (en) | Video identification method and device | |
| CN110868360B (en) | Flow statistics method, electronic equipment, system and medium | |
| CN114422776A (en) | Detection method and device for camera equipment, storage medium and electronic device | |
| CN113852551A (en) | Message processing method and device | |
| CN113205079A (en) | Face detection method and device, electronic equipment and storage medium | |
| CN113824721A (en) | Information processing method based on network and electronic equipment | |
| CN113824644A (en) | Method, device and equipment for identifying HTTPS (hypertext transfer protocol secure) service content | |
| CN112767348B (en) | Method and device for determining detection information | |
| CN117472640B (en) | Cross-platform event processing method and system | |
| CN105991581A (en) | Method and device for recognizing protocol | |
| CN111131370A (en) | Method, device and system for detecting whether service call is correct |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |