CN114448822A - Node detection data representation method and device, electronic equipment and storage medium - Google Patents
Node detection data representation method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114448822A CN114448822A CN202210076280.9A CN202210076280A CN114448822A CN 114448822 A CN114448822 A CN 114448822A CN 202210076280 A CN202210076280 A CN 202210076280A CN 114448822 A CN114448822 A CN 114448822A
- Authority
- CN
- China
- Prior art keywords
- data
- node
- port
- detection data
- node detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 101
- 238000000034 method Methods 0.000 title claims abstract description 50
- 239000000523 sample Substances 0.000 claims description 66
- 238000004590 computer program Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 5
- 238000013507 mapping Methods 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
Abstract
The application provides a node detection data representation method, a node detection data representation device, electronic equipment and a storage medium, and relates to the field of network space mapping. The method comprises the following steps: acquiring node detection data, wherein the node detection data comprises an IP address of a node, a port number of an open port of the node, an associated domain name or a host name of the node, and open time of the open port; carrying out format processing on the node detection data to generate a data file with a preset structure; and storing the data file into a database in an IP PORT HOST TIME format for a user to acquire and query the node detection data. Therefore, the user can quickly search and acquire the required node detection data through the IP address, the port number, the domain name and the port opening time, and the searching efficiency of searching the required node detection data by the user and the acquisition efficiency of the node detection data are improved.
Description
Technical Field
The present application relates to the field of network space mapping, and in particular, to a method for representing node probe data, a device for representing node probe data, an electronic device, and a computer-readable storage medium.
Background
In the prior art, a plurality of network node asset detection platforms can detect network node assets and acquire detection data corresponding to nodes.
However, after acquiring node probe data, different platforms display the data to the user in different manners, such as different orders, different emphasis points on the displayed data types, different representation manners of the same data, and the like, which results in that the user needs to search for required data from a plurality of probe data, and even obtains the required data from a plurality of platforms, and thus the efficiency of querying and obtaining the required data by the user is low.
Disclosure of Invention
In view of the above, the present invention is directed to a node probe data representation method, a node probe data representation apparatus, an electronic device, and a computer-readable storage medium, so as to improve efficiency of querying and obtaining node probe data by a user.
In a first aspect, an embodiment of the present application provides a node probe data representation method, including: acquiring node detection data, wherein the node detection data comprises an IP address of a node, a port number of an open port of the node, an associated domain name or a host name of the node, and open time of the open port; carrying out format processing on the node detection data to generate a data file with a preset structure; and storing the data file into a database in an IP PORT HOST TIME format for a user to acquire and query the node detection data, wherein the IP is the IP address, the PORT is the PORT number of an open PORT of the node, the HOST is an associated domain name or a HOST name of the node, and the TIME is the open TIME.
In the embodiment of the application, the data file with the preset structure is generated by processing the format of the node detection data, so that a user can conveniently and quickly search and acquire required data from the file with the unified structure, and the data acquisition efficiency is improved. The data files are stored in the format of IP PORT HOST TIME, so that on one hand, a user can search the required data and data files of the target node through at least one of the IP address of the node, the PORT number of the open PORT of the node, the associated domain name or HOST name of the node and the open TIME information of the PORT, the query efficiency is improved, on the other hand, the IP address, the PORT number and the open TIME of the target node can be directly acquired, and the data acquisition efficiency is improved. After the data file of the node is inquired, more comprehensive node detection data can be further acquired through the data file, and therefore the inquiry efficiency of the user on the required node detection data and the acquisition efficiency of the required data are improved.
In an embodiment, before the formatting the node probe data to generate the data file with the preset structure, the method further includes: searching matched data in a preset rule base aiming at each subdata of the node detection data; and determining attributes, fields, field types or field descriptions of the matched data as the attributes, the fields included by the attributes, the field types of the fields and the field descriptions of the fields of corresponding sub-data.
In the embodiment of the application, the subdata of the node detection data is matched with the data in the preset rule base, so that the attribute, the field type or the field description of each subdata of the node detection data is determined, and therefore, after a user acquires part of the node detection data, the information related to the acquired data can be rapidly acquired, and the user can rapidly search the required data.
In an embodiment, the attribute includes a basic attribute and an extended attribute, the extended attribute includes the PORT and the TIME, the data file is a JSON file, and the processing of the format of the node probe data to generate the data file with a preset structure includes: defining the base attribute based on a target { } object; defining the extended attribute based on a results { } object; and generating a JSON file comprising the target { } and the results { }.
In the embodiment of the application, basic attributes and extended data are respectively defined by target { } and results { } to classify the node detection data, so that a user can quickly search required data information from a data file when determining the attribute of the required data. Meanwhile, the node detection data is stored as a JSON file, so that the reading by a user is facilitated, and the machine analysis and the generation are facilitated, and therefore, the efficiency of searching and obtaining the node detection data can be further improved.
In an embodiment, when any sub-data in the node detection data does not have matching data in the preset rule base, the sub-data without matching data is marked as unknown attribute data, so that a user can confirm the unknown attribute data.
In the embodiment of the application, the subdata which is not matched with the preset rule base and has no data is marked as unknown attribute data to be displayed to a user, so that data omission is avoided, and more comprehensive node detection data is displayed for the user.
In one embodiment, after marking the sub-data as unknown attribute data, the method further includes: and establishing a rule for the unknown attribute data and storing the rule into the preset rule base, so that after the node detection data is obtained, the attribute, the field type and the field description of each subdata in the node detection data are determined based on the preset rule base in which the rule for the unknown attribute data is stored.
In the embodiment of the application, the rule for the unknown attribute data is established and stored in the preset rule base, so that when the same data is encountered in the subsequent process, the attribute, the field type and the field description of the data with the same format as the unknown attribute data can be determined based on the established rule, the same subdata can be obtained in the subsequent process, the attribute, the field type and the field description of the subdata can be judged quickly, and the data acquisition efficiency is improved.
In one embodiment, the acquiring node probe data includes: acquiring the node detection data corresponding to the node based on the IP address of the node; determining said PORT from said node probing data; determining data related to the PORT from the node probing data based on the PORT.
In the embodiment of the application, because the IP addresses are in one-to-one correspondence with the nodes, the nodes to be detected can be determined through the IP addresses, the detection data of the nodes are further acquired, and the data related to the ports are acquired through the ports in the detection data, so that a user can conveniently search the node detection data related to the target node according to the IP addresses, and the data related to the ports, which are more comprehensive, of the nodes are acquired through the ports, and therefore, the data acquisition efficiency can be improved.
In one embodiment, the TIME is represented by a character string, wherein the content of the character string is TIME data in UTC standard date format.
In the embodiment of the application, the open time data of the port is displayed to the user in the UTC standard date format, so that the user can quickly acquire the open time information of the target node port, and the user can conveniently search the open port and the corresponding node through the open date, thereby improving the query efficiency and the acquisition efficiency of the node detection data.
In a second aspect, an embodiment of the present application provides a node probe data representation apparatus, including:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module acquires node detection data, and the node detection data comprises an IP address of a node, a port number of an open port of the node, an associated domain name or a host name of the node and open time of the open port; the format processing module is used for carrying out format processing on the node detection data to generate a data file with a preset structure; the format processing module is further configured to store the data file into a database in an IP PORT, HOST, and TIME format, so that a user can obtain and query the node detection data, where the IP is the IP address, the PORT is a PORT number of an open PORT of the node, the HOST is an associated domain name or a HOST name of the target node, and the TIME is the open TIME.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory stores computer-readable instructions, and the computer-readable instructions, when executed by the processor, cause the processor to execute a node probe data representation method according to the first aspect or implement functions of a node probe data representation apparatus according to the second aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium, which stores a computer program, and when the computer program runs on a computer, the computer program causes the computer to execute a node probe data representation method according to the first aspect or implement the functions of the node probe data representation apparatus according to the second aspect.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart of a node probe data representation method according to an embodiment of the present disclosure;
fig. 2 is a block diagram of a structure of a node detection data representation apparatus according to an embodiment of the present disclosure;
fig. 3 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Icon: node probe data representation apparatus 200; an acquisition module 210; format processing module 220.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Referring to fig. 1, fig. 1 is a flowchart of a method for representing node probe data according to an embodiment of the present application, where the method includes the following steps:
s110, acquiring node detection data, wherein the node detection data comprises an IP address of a node, a port number of an open port of the node, an associated domain name or host name of the node, and open time of the open port.
In this embodiment, the network node mainly refers to various types of entity devices that can be connected to a communication network and various types of software and protocols that are carried, such as entity devices like computers, servers, switches, routers, and industrial personal computers, and software and protocols that can be carried on each device, such as operating systems, application software, and communication protocols.
In this embodiment, in the process of network space mapping, if a node is to be described or imaged, information as complete as possible needs to be acquired to describe the node, so that the node needs to be detected to acquire information as complete as possible. One node at least includes information of an Internet Protocol Address (IP Address), a port number of an open port of the node, an associated domain name of the IP Address of the node, open time of the open port of the corresponding node, and the like. Specifically, the IP address of the target node may be determined according to the target node to be detected; PORT related information, namely PORT information, of the node can be obtained through the IP address, and HOST information of the node can also be obtained, wherein the HOST comprises information of one or more combinations of associated domain names, sub-domain names or HOST names; the opening time information corresponding to the port can be acquired through the port information; through the port information, information such as protocols or services used by the nodes can be acquired.
In this embodiment, the node probe data may further include other probe data related to the node, such as a geographical location of the node device, an asset affiliation, an organization structure, and an ISP (Internet Service Provider).
In one embodiment, the node probe data of the target node may be obtained based on the IP address of the target node; determining a PORT from the node probe data; determining PORT-related data from node probing data based on PORT
In this embodiment, a node to be described may be detected, and node detection data of the node may be obtained. Specifically, in the probing process, an IP address or a URL (Uniform Resource Locator) address of a node to be probed may be used as an entry, and request information requesting to acquire each item of data of the node is sent to the corresponding node through the IP address or the URL address, so as to acquire response information fed back by the node, where the response information includes various basic attributes of the node, such as a port, a geographic location, and the like.
From the response information, the PORT of the node may also be determined. Further, by using various network node detection methods, extended attributes of data, such as an operating system type, a device type, and bearer software of the node, may be obtained, and specifically, by using a PORT, data related to an open TIME of the PORT may be obtained. In the prior art, there are many network node detection modes, and the specific processes of the detection modes are not described in detail herein.
In this embodiment, in order to obtain more comprehensive node detection data, detection data may also be obtained from different network node asset detection platforms. It can be understood that, in the prior art, there are various network node asset detection platforms for acquiring detection data of nodes, where different platforms have different emphasis points or advantage points, and the data displayed for users are also different, so that node detection data can be acquired from different platforms for acquiring node information more comprehensively, thereby acquiring more comprehensive data.
It can be understood that, when the node detection data is used for describing information of each aspect of the node, more comprehensive information of the node can be obtained as much as possible when the detection data is obtained, so as to be provided for a user, thereby improving the data amount obtained by the user, reducing the time for the user to search and obtain the node detection data from multiple platforms, and further improving the query efficiency and the obtaining efficiency of the user on the node detection data.
And S120, performing format processing on the node detection data to generate a data file with a preset structure.
In this embodiment, the format processing is performed on the node detection data, and the node detection data is represented in the data file with the unified preset structure, so that a user can quickly search the data required by the user from the corresponding position in the data file with the unified format, and the searching efficiency and the obtaining efficiency of the user on the required node detection data are improved.
In an embodiment, before performing format processing on the node probe data to generate a data file with a preset structure, the node probe data needs to be processed to identify information of each sub-data in the node probe data. Specifically, for each subdata of the node detection data, matching data is searched in a preset rule base; and determining the attribute, the field type or the field description of the matched data as the attribute, the field included by the attribute, the field type of the field and the field description of the field of the sub data.
After the node probe data is obtained through probing or other methods, the node probe data may have problems such as that the node probe data is not identified and classified, for example, sub-data of one node probe data is expressed in the form/format of numbers or fields, and it is unclear which item of the geographic location, the operator, and the affiliation unit the content represented by the field is, and therefore, the node probe data needs to be identified first to be confirmed. Therefore, in this embodiment, the classification of the node probe data is implemented by the rule data preset in the preset rule base. Specifically, each subdata in the node detection data is respectively matched with rule data set in a preset rule base, and when the subdata is determined to be matched with the data in the preset rule base, namely when matched data matched with the subdata exists, attributes, fields, types, field descriptions and field descriptions corresponding to the matched data in the preset rule base are determined as the attributes, the fields, the types, the field descriptions and the field descriptions of the subdata. For example, the IP address format in the preset rule base is "x.x.x.x", and when data having the same sub-data format as the field expression format of the IP address of the preset rule base exists in the node probe data, if the sub-data of the node probe data is "a.a.a.a", and the sub-data are matched, the sub-data of the node probe data can be determined as the IP address, and the sub-data is determined as the basic attribute of the node, the field thereof is IP _ str, the type thereof is determined as the character string strng, and the field thereof is determined as the IP address.
It is understood that there may be other matching rules and manners in the actual matching process. For example, the partial data may determine the attribute, field and type of the data through the field description, and the partial data may determine the type, attribute, field description and the like through the field. In addition, by matching the node detection data, the node detection data can be recognized and supplemented to a certain extent, so that a user can acquire more comprehensive information, for example, when the user only knows field information, the attribute, the field type and the field description corresponding to the field can be acquired through matching.
In an embodiment, when any sub-data in the node detection data does not have matching data with data in the preset rule base, the sub-data without matching data is marked as unknown attribute data, so that a user can confirm the unknown attribute data.
In this embodiment, because the sub-data of the obtained node detection data is more and more comprehensive, there may be a case where part of the sub-data has not been obtained before, or a case where the representation manner of part of the sub-data is different from the previous representation manner, so that there is no matching data in the preset rule base for the part of the sub-data, and information such as an attribute, a field description, and a type of the part of the unmatched sub-data cannot be determined, and therefore, the part of the unmatched sub-data can be marked as unknown attribute data and fed back to the user, so that the user can confirm the part of the data on the one hand, and on the other hand, the user can avoid overlong search time due to data omission.
In an embodiment, after the sub-data without matching data is marked as unknown attribute data, a rule for the unknown attribute data may be established based on information such as a field, a field description, an attribute, and a type defined by a user for the unknown attribute data, and the rule is stored in a preset rule base, so that after node detection data is obtained subsequently, the attribute, the field type, and the field description of each sub-data in the node detection data may be determined based on the preset rule base in which the rule for the unknown attribute data is stored.
Referring to table 1, table 1 is a description of node probe data and field definitions provided in the embodiments of the present application.
In this embodiment, after the node probe data is identified, information such as attributes, fields, field types, and field descriptions corresponding to each sub-data of the node probe data may be determined. Specifically, as shown in table 1, the data items corresponding to the sub-data of different node detection data are different, the attributes may include a basic attribute and an extended attribute of the node, the basic data may include information such as a domain name, a geographic location, an organization structure, and a detection TIME, and the extended attribute includes information such as a PORT, a protocol, and vulnerability, and an attribute, a field, a type, and a field description corresponding to each information.
TABLE 1 node Probe data and field definition Specification
In an embodiment, after determining information such as an attribute, a field type, and a field description of node probe data, format processing may be performed on the node probe data to generate a data file with a preset structure, and specifically, a basic attribute is defined based on a target { } object; defining an extended attribute based on the results { } object; and generating a JSON file comprising target { } and results { }.
After the node detection data are subjected to matching identification, the node detection data are expressed in a file with a uniform preset structure format. Specifically, the preset structure represents the basic attribute of the node by target, and represents the sub-data of the node detection data by "{ }", for example, the sub-data of the basic attribute may have an ip address, a geographical location, and the like, and the geographical location may also have information of a city and the like. After the basic attribute is expressed, the extended attribute of the node is expressed by means of results, and the subdata of the node detection data is expressed by means of { }. For example, the sub-data of the extended attribute may have information such as port and port data.
After each data is expressed, the node probe data is saved in a JSON file.
To facilitate understanding of those skilled in the art, the representation of the node probe data is described herein by way of example, and the contents of a node probe data file are:
wherein the symbol "" following the field is used to define the field description or sub-data, e.g., "x.x.x" in "IP _ str": x.x.x "is used to indicate the specific IP address, i.e., the field description in table 1.
S130, storing the data file into a database in the format of IP PORT HOST TIME for the user to obtain and inquire the node detection data.
In this embodiment, after the JSON file having the preset structure including the node probe data is saved, the node probe data needs to be stored in the database, so that a user can query the required data through the database. Specifically, the name or description information of the JSON file (or called a piece of node probe data) of one piece of node probe data is expressed in the way of IP: PORT: HOST: TIME. Wherein, IP refers to the detected IP address of the target node, PORT refers to the PORT number opened by the target node, HOST represents one of the associated domain name, sub-domain name or HOST name of the target node, and TIME represents the date and TIME of opening the PORT of the target node.
In this embodiment, TIME is represented by a character string, where the content of the character string is TIME data in UTC standard date format. Specifically, in years-months-days, in time: dividing into: millisecond-wise, such as the format with TIME being "yyyy-MM-dd 'T' HH: MM: ss.SSSZ", where T is an arbitrary character that can be replaced.
In the embodiment of the application, the node detection data is processed in the format to generate the data file with the preset structure, so that a user can conveniently and quickly search and acquire required data from the file with the unified structure, and the data acquisition efficiency is improved. The data files are stored in the format of IP PORT HOST TIME, so that on one hand, a user can search the needed data and data files of the target node through at least one of the IP address of the node, the PORT number of the node open PORT, the associated domain name or HOST name of the target node and the PORT open TIME information, and the query efficiency is improved. After the data file of the target node is queried, more comprehensive node detection data can be further acquired through the data file, and therefore the query efficiency of the user on the required node detection data and the acquisition efficiency of the required data are improved.
Based on the same inventive concept, an embodiment of the present application further provides a node probe data representation apparatus, please refer to fig. 2, which is a block diagram illustrating a structure of the node probe data representation apparatus according to the embodiment of the present application. The node probe data representation apparatus includes an acquisition module 210 and a format processing module 220.
The obtaining module 210 is configured to obtain node probe data, where the node probe data includes an IP address of a node, a port number of an open port of the node, an associated domain name or a host name of the node, and an open time of the open port.
And the format processing module is used for carrying out format processing on the node detection data so as to generate a data file with a preset structure.
And the format processing module is also used for storing the data file into a database in the format of IP PORT HOST TIME for a user to acquire and query the node detection data, wherein the IP is an IP address, the PORT is a PORT number of an open PORT of the node, the HOST is an associated domain name or a HOST name of the node, and the TIME is PORT open TIME.
The obtaining module 210 is further configured to search, before performing format processing on the node detection data to generate a data file with a preset structure, for each sub-data of the node detection data, matching data in a preset rule base; and determining the attribute, the field type or the field description of the matched data as the attribute, the field included by the attribute, the field type of the field and the field description of the field of the sub-data.
The obtaining module 210 is further configured to mark any sub-data in the node detection data as unknown attribute data when there is no matching data in the preset rule base, so that a user can confirm the unknown attribute data.
The obtaining module 210 is further configured to establish a rule for the unknown attribute data and store the rule into the preset rule base, so that after the node detection data is obtained, based on the preset rule base in which the rule for the unknown attribute data is stored, the attribute, the field type, and the field description of each subdata in the node detection data are determined.
The obtaining module 210 is further configured to obtain node detection data of the node based on the IP address of the node; determining a PORT from the node probe data; determining PORT-related data from node probing data based on PORT
A format processing module 220, further configured to define a base attribute based on the target { } object; defining an extended attribute based on the results { } object; and generating a JSON file comprising target { } and the results { }.
The format processing module 220 is further configured to represent the TIME by a character string, where the content of the character string is TIME data in a UTC standard date format.
It can be understood that the node probing data representation apparatus 200 provided in the present application corresponds to the node probing data representation method provided in the present application, and for brevity of the description, the same or similar parts may refer to the contents of the node probing data representation method part, and are not described herein again.
The modules in the node detection data representation apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the server, and can also be stored in a memory in the server in a software form, so that the processor can call and execute operations corresponding to the modules. The processor can be a Central Processing Unit (CPU), a microprocessor, a singlechip and the like.
The above-described node probe data representation method or storage means may be embodied in the form of computer readable instructions which may be executed on an electronic device as shown in fig. 3.
An embodiment of the present application further provides an electronic device, which includes a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor implements the above-mentioned node probe data representation method when executing the program.
Fig. 3 is a schematic diagram of an internal structure of an electronic device according to an embodiment of the present application, where the electronic device may be a server. Referring to fig. 3, the electronic device includes a processor, a nonvolatile storage medium, an internal memory, an input device, a display screen, and a network interface, which are connected by a system bus. The nonvolatile storage medium of the electronic device may store an operating system and computer readable instructions, and when the computer readable instructions are executed, the processor may execute a node probe data representation method according to embodiments of the present application, and a specific implementation process of the method may refer to specific contents in fig. 1 and fig. 2, which is not described herein again. The processor of the electronic device is used for providing calculation and control capability and supporting the operation of the whole electronic device. The internal memory may have stored therein computer readable instructions that, when executed by the processor, cause the processor to perform a method of node probe data representation. The input device of the electronic equipment is used for inputting various parameters, the display screen of the electronic equipment is used for displaying, and the network interface of the electronic equipment is used for network communication. Those skilled in the art will appreciate that the architecture shown in fig. 3 is a block diagram of only a portion of the architecture associated with the subject application, and does not constitute a limitation on the electronic devices to which the subject application may be applied, and that a particular electronic device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Based on the same inventive concept, embodiments of the present application further provide a computer-readable storage medium, in which a computer program is stored, and when the computer program runs on a computer, the computer is caused to execute the node probe data representing method.
In the embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. The above-described apparatus embodiments are merely illustrative. The functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for representing node probe data, comprising:
acquiring node detection data, wherein the node detection data comprises an IP address of a node, a port number of an open port of the node, an associated domain name or a host name of the node, and open time of the open port;
carrying out format processing on the node detection data to generate a data file with a preset structure;
and storing the data file into a database in an IP PORT HOST TIME format for a user to acquire and query the node detection data, wherein the IP is the IP address, the PORT is the PORT number of an open PORT of the node, the HOST is an associated domain name or a HOST name of the node, and the TIME is the open TIME.
2. The method of claim 1, wherein before formatting the node probe data to generate the data file with a predetermined structure, the method further comprises:
searching matched data in a preset rule base aiming at each subdata of the node detection data; and determining attributes, fields, field types or field descriptions of the matched data as the attributes, the fields included by the attributes, the field types of the fields and the field descriptions of the fields of corresponding sub-data.
3. The method according to claim 2, wherein the attributes include basic attributes and extended attributes, the extended attributes include the PORT and the TIME, the data file is a JSON file, and the formatting the node probe data to generate a data file with a preset structure includes: defining the base attribute based on a target { } object; defining the extended attribute based on a results { } object; and generating a JSON file comprising the target { } and the results { }.
4. The method of claim 2, further comprising: when any subdata in the node detection data and the preset rule base do not have matching data, the subdata without the matching data is marked as unknown attribute data, so that a user can confirm the unknown attribute data.
5. The method of claim 4, wherein after marking the sub-data as unknown attribute data, the method further comprises: and establishing a rule for the unknown attribute data and storing the rule into the preset rule base, so that after the node detection data is obtained, the attribute, the field type and the field description of each subdata in the node detection data are determined based on the preset rule base in which the rule for the unknown attribute data is stored.
6. The method of claim 1, wherein obtaining node probe data comprises: acquiring the node detection data corresponding to the node based on the IP address of the node; determining said PORT from said node probing data; determining data related to the PORT from the node probing data based on the PORT.
7. The method of claim 1, further comprising: and representing the TIME by a character string, wherein the content of the character string is TIME data in a UTC standard date format.
8. A node probe data presentation apparatus, comprising:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module acquires node detection data, and the node detection data comprises an IP address of a node, a port number of an open port of the node, an associated domain name or a host name of the node and open time of the open port;
the format processing module is used for carrying out format processing on the node detection data to generate a data file with a preset structure;
the format processing module is further configured to store the data file into a database in an IP PORT, HOST, and TIME format, so that a user can obtain and query the node detection data, where the IP is the IP address, the PORT is a PORT number of an open PORT of the node, the HOST is an associated domain name or a HOST name of the target node, and the TIME is the open TIME.
9. An electronic device comprising a memory and a processor, the memory having stored therein computer-readable instructions that, when executed by the processor, cause the processor to perform the method of any one of claims 1-7 or to carry out the functions of the node probe data representation apparatus of claim 8.
10. A computer-readable storage medium, in which a computer program is stored which, when run on a computer, causes the computer to perform the method of any one of claims 1 to 7 or to carry out the functions of the node probe data representation apparatus of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210076280.9A CN114448822A (en) | 2022-01-21 | 2022-01-21 | Node detection data representation method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210076280.9A CN114448822A (en) | 2022-01-21 | 2022-01-21 | Node detection data representation method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114448822A true CN114448822A (en) | 2022-05-06 |
Family
ID=81369498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210076280.9A Pending CN114448822A (en) | 2022-01-21 | 2022-01-21 | Node detection data representation method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114448822A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018121589A1 (en) * | 2016-12-30 | 2018-07-05 | 中兴通讯股份有限公司 | Data link detection method, apparatus and system |
| CN111090615A (en) * | 2019-12-11 | 2020-05-01 | 哈尔滨安天科技集团股份有限公司 | Method and device for analyzing and processing mixed assets, electronic equipment and storage medium |
| CN112134893A (en) * | 2020-09-25 | 2020-12-25 | 杭州迪普科技股份有限公司 | Internet of things safety protection method and device, electronic equipment and storage medium |
| CN112202609A (en) * | 2020-09-28 | 2021-01-08 | 全球能源互联网研究院有限公司 | Industrial control asset detection method and device, electronic equipment and storage medium |
| CN112636924A (en) * | 2020-12-23 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Network asset identification method and device, storage medium and electronic equipment |
| CN112671553A (en) * | 2020-11-26 | 2021-04-16 | 中国电子科技网络信息安全有限公司 | Industrial control network topological graph generation method based on active and passive detection |
| CN113342923A (en) * | 2021-06-29 | 2021-09-03 | 招商局金融科技有限公司 | Data query method and device, electronic equipment and readable storage medium |
| CN113949748A (en) * | 2021-10-15 | 2022-01-18 | 北京知道创宇信息技术股份有限公司 | Network asset identification method and device, storage medium and electronic equipment |
-
2022
- 2022-01-21 CN CN202210076280.9A patent/CN114448822A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018121589A1 (en) * | 2016-12-30 | 2018-07-05 | 中兴通讯股份有限公司 | Data link detection method, apparatus and system |
| CN111090615A (en) * | 2019-12-11 | 2020-05-01 | 哈尔滨安天科技集团股份有限公司 | Method and device for analyzing and processing mixed assets, electronic equipment and storage medium |
| CN112134893A (en) * | 2020-09-25 | 2020-12-25 | 杭州迪普科技股份有限公司 | Internet of things safety protection method and device, electronic equipment and storage medium |
| CN112202609A (en) * | 2020-09-28 | 2021-01-08 | 全球能源互联网研究院有限公司 | Industrial control asset detection method and device, electronic equipment and storage medium |
| CN112671553A (en) * | 2020-11-26 | 2021-04-16 | 中国电子科技网络信息安全有限公司 | Industrial control network topological graph generation method based on active and passive detection |
| CN112636924A (en) * | 2020-12-23 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Network asset identification method and device, storage medium and electronic equipment |
| CN113342923A (en) * | 2021-06-29 | 2021-09-03 | 招商局金融科技有限公司 | Data query method and device, electronic equipment and readable storage medium |
| CN113949748A (en) * | 2021-10-15 | 2022-01-18 | 北京知道创宇信息技术股份有限公司 | Network asset identification method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10757101B2 (en) | Using hash signatures of DOM objects to identify website similarity | |
| US9686283B2 (en) | Using hash signatures of DOM objects to identify website similarity | |
| EP2410478B1 (en) | Browser based user identification | |
| US6910077B2 (en) | System and method for identifying cloaked web servers | |
| US11816161B2 (en) | Asset search and discovery system using graph data structures | |
| US20160142858A1 (en) | Contextual deep linking of applications | |
| US20100146132A1 (en) | Methods, Systems, And Computer Program Products For Accessing A Resource Having A Network Address Associated With A Location On A Map | |
| JP2006146882A (en) | Content evaluation | |
| WO2019109529A1 (en) | Webpage identification method, device, computer apparatus, and computer storage medium | |
| US20060173815A1 (en) | Facilitating Identification of Entire Web Pages When Each Web Page is Rendered From Multiple Portions and Interest is Expressed Based on Content of the Portions | |
| CN108304531B (en) | Visualization method and device for reference relationship of digital object identifiers | |
| US11431602B2 (en) | Network asset discovery | |
| US20130282699A1 (en) | Using Authority Website to Measure Accuracy of Business Information | |
| JP2019103039A (en) | Firewall device | |
| CN114880641A (en) | API asset detection method, device, equipment and medium | |
| CN111224878A (en) | Route forwarding method and device, electronic equipment and storage medium | |
| CN113849820A (en) | Vulnerability detection method and device | |
| US10924365B2 (en) | Method and system for generating directed graphs | |
| JP2013242782A (en) | Character string conversion method and program | |
| CN110120918B (en) | Identification analysis method and device | |
| CN114448822A (en) | Node detection data representation method and device, electronic equipment and storage medium | |
| CN111209325A (en) | Service system interface identification method, device and storage medium | |
| CN111385360A (en) | Terminal equipment identification method and device and computer readable storage medium | |
| CN115309968A (en) | Method and device for generating webpage fingerprint rule based on resource search engine | |
| CN111478984B (en) | Server IP address obtaining method and device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |