CN114866354B - Internet of things terminal equipment identification method based on fingerprint element search and extended identification - Google Patents
Internet of things terminal equipment identification method based on fingerprint element search and extended identification Download PDFInfo
- Publication number
- CN114866354B CN114866354B CN202210789049.4A CN202210789049A CN114866354B CN 114866354 B CN114866354 B CN 114866354B CN 202210789049 A CN202210789049 A CN 202210789049A CN 114866354 B CN114866354 B CN 114866354B
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- terminal equipment
- fingerprint
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses an Internet of things terminal equipment identification method based on fingerprint element search and extended identification, which relates to the technical field of Internet of things terminal equipment identification and comprises the following steps: 1) Constructing a networking terminal equipment fingerprint information base; 2) Acquiring an initial IP of the terminal equipment of the meta search Internet of things; 3) Expanding to obtain all the IPs of the C-type network where the IP is located; 4) Searching, identifying and analyzing whether the class C network IP element is an Internet of things terminal device; 5) And standardizing the information of the terminal equipment of the Internet of things, and uniformly storing the information into an information base of the terminal equipment of the Internet of things. According to the invention, by means of the global distribution probe of the mainstream equipment search engine and the comprehensive equipment fingerprint and other strong resources, and combining the advantages of the Internet of things terminal equipment identification efficiency of fingerprint element search, the strong pertinence of extended identification analysis and the like, the efficiency and the accuracy of the Internet of things terminal equipment identification are improved, the equipment identification legality is improved, and the probability of finding alarm and tracing of identification behaviors is reduced.
Description
Technical Field
The invention relates to the technical field of terminal equipment identification of the Internet of things, in particular to the technical field of terminal equipment identification methods of the Internet of things based on fingerprint element search and extended identification.
Background
In recent years, internet of things search engines have become an important channel for searching networked devices, and there are many excellent internet of things search engines such as Shodan, zoomeye, fofa, censys, fool search, etc. on the internet. The most representative foreign country is Shodan introduced by John Matherly in 2009, which is often subjected to early testing and acquisition work, and stores all network device information that can be detected in a database thereof, wherein the devices are various and comprise switches, routers, network cameras, network printers, various internet of things terminal devices and the like. Domestic famous internet security manufacturers know that a search engine zoomeeye of the internet of things under the creative flag supports fingerprint retrieval of public network equipment and Web fingerprint retrieval. The Web fingerprint comprises an application name, a version, a front-end framework, a back-end framework, a server-end language, a server operating system, a website container, a content management system, a database and the like. The device fingerprint includes an application name, version, open port, operating system, service name, geographic location, and the like. Dozens of machines at the rear end of the zoomeeye adopt a distributed deployment mode to carry out fingerprint acquisition on website application, and the current peak speed can complete fingerprint identification of more than 100 million domain names every day.
At present, discovery and perception of terminal equipment of the internet of things are mainly realized by adopting an active identification method. The active identification method is characterized in that the identification of information such as an open port, the terminal equipment or equipment of the internet of things, a version and a manufacturer is realized by actively sending a constructed data packet to a specified network asset, extracting an equipment fingerprint from related information (including protocol contents of each layer, packet retransmission time and the like) of a returned data packet and comparing the equipment fingerprint with a fingerprint in a fingerprint library of the terminal equipment of the internet of things.
The current active identification method mainly has the following problems:
(1) A large amount of network traffic noise caused by the active identification behavior is easy to influence some normally-operated internet-of-things equipment, so that the method is not suitable for identifying key internet-of-things terminal equipment needing to be continuously operated;
(2) The method has the advantages that alarms of various special security equipment of the equipment control system are easily triggered through active identification, the legality of equipment detail information collection is not facilitated, and alarming and tracing are easily found;
(3) The active identification has great difficulty in identifying details of the equipment protected by the agent, the NAT routing and the security equipment, and the comprehensiveness of the identification result is relatively limited.
Disclosure of Invention
The invention aims to: in order to solve the technical problems, the invention provides an internet of things terminal device identification method based on fingerprint element search and extended identification.
The invention specifically adopts the following technical scheme for realizing the purpose:
the Internet of things terminal equipment identification method based on fingerprint element search and extended identification comprises the following steps:
s1, extracting fingerprint information of networking terminal equipment from a fingerprint list page of a mainstream Internet of things search engine (such as Shodan, censys, FOFA, zoomeye and the like) based on a traditional web crawler, normalizing and removing duplication, and constructing a networking terminal equipment fingerprint information base;
s2, for each piece of terminal equipment fingerprint of the Internet of things, on the basis of driving an embedded browser to simulate a registered user to log in a specific Internet of things search engine (such as Shodan), starting meta search to obtain an Internet of things terminal equipment seed IP list, and extracting fingerprint information of each seed Internet of things terminal equipment;
s3, expanding all the IP of the C-type network where the IP is located according to each Internet of things terminal equipment seed IP obtained by meta search;
s4, aiming at each C-type network IP obtained by seed expansion, firstly, identifying and analyzing whether the C-type network IP is an Internet of things terminal device or not based on meta search by utilizing a mainstream Internet of things search engine IP detail search interface, if the C-type network IP is the Internet of things terminal device, extracting fingerprint information of the C-type network IP, and identifying the C-type network IP which is not identified by adopting an active identification method;
and S5, normalizing the information of the terminal equipment of the Internet of things, namely meta search recognition, extended recognition and active recognition, and uniformly storing the information into an information base (MongoDB) of the terminal equipment of the Internet of things.
Further, in step S1, the fingerprint information of the terminal device of the internet of things includes a device name, a meta search fingerprint, a manufacturer name, a software version, and a product description.
Further, step S1 specifically includes:
s11, taking a fingerprint page url of the internet of things terminal equipment of the mainstream internet of things search engine as a seed url set of the traditional web crawler;
s12, automatically acquiring and regularly updating the fingerprint information of the Internet of things terminal equipment on the mainstream Internet of things engine based on the web crawler;
and S13, carrying out standard processing on the acquired fingerprints of the terminal equipment of the Internet of things, and uniformly storing and warehousing the processed fingerprints.
Further, the step S2 specifically includes:
s21, establishing an equipment search engine account pool by utilizing a pre-registered legal account of an internet of things terminal equipment search engine (such as Shodan), and then simulating user login by adopting a drive embedded browser; the embedded browser is driven to adopt a leader-chrome browser based on Selenium automatic scheduling embedding, an account (user name + password) is randomly taken out from a pre-constructed device search engine account pool, and the browser is driven to automatically input the user name and the password for logging in;
s22, after legally logging in a search engine of terminal equipment of the Internet of things, taking the search engine of Shodan equipment as an example, firstly, a token value of a login page needs to be analyzed and stored, and when a form is submitted by subsequent execution meta search, a user name and a password need to be submitted by a post method, and a token of the login page needs to be submitted at the same time; here, token acquisition mainly breaks through an Anti CSRF Token mechanism adopted by Shodan and other equipment search engines for preventing CSRF (Cross-Site Request broker, cross-Site Request Forgery) attacks;
s23, after legally logging in and obtaining token, driving a browser to execute searching based on each piece of Internet of things terminal equipment fingerprint, and obtaining result page turning url information;
s24, turning page url and token information according to the obtained result, executing fingerprint element search of the Internet of things terminal equipment to obtain a result response result page, extracting the Internet of things terminal equipment of each page in a combined mode of xpath and regular expression to serve as seeds, and extracting fingerprint information such as an IP address, a software version, an open port list and system response of each seed equipment;
s25, after the extracted seed equipment and the fingerprint information format thereof are standardized, the extracted seed equipment and the fingerprint information format thereof are stored in an Internet of things terminal equipment information base in a unified mode.
Further, step S3 specifically includes:
s31, on the basis of the seed Internet of things terminal equipment IP obtained in the step S2, performing C-type network address field expansion on each seed IP to obtain an expanded IP address of the C-type network where the seed IP is located;
and S32, loading each extension IP address obtained in the step S31 into the IP to be extended and identified, and providing a data source for the subsequent extension, identification and analysis of the adjacent Internet of things terminal equipment.
Further, step S4 specifically includes:
s41, logging in the Internet of things search engine by adopting the same legal account in the step S2;
s42, for each C-type network IP obtained by seed IP expansion, driving a browser to execute specific IP detail search of a mainstream Internet of things search engine, and obtaining a detail page result of specified IP retrieval;
s43, extracting equipment information in the detailed page based on the regular expression, judging the equipment type based on the field, the label, the fingerprint and the like, and extracting the fingerprint information if the equipment is identified to be the terminal equipment of the Internet of things; and if the terminal equipment is not the terminal equipment or the non-survival equipment of the Internet of things, discarding the terminal equipment or the non-survival equipment.
The invention has the following beneficial effects:
the invention provides an Internet of things terminal equipment identification method based on fingerprint element search and seed IP expansion identification, which effectively combines the Internet of things terminal equipment identification efficiency of fingerprint element search and the strong pertinence of expansion identification analysis and the like by means of strong resources such as global distribution probes of mainstream Internet of things terminal equipment search engines and comprehensive equipment fingerprints, improves the identification and identification efficiency and accuracy of the Internet of things terminal equipment, improves the legality and safety of equipment identification, and greatly reduces the probability of identification behavior finding alarm and tracing.
Drawings
FIG. 1 is a flow chart of the present invention;
fig. 2 is a diagram of the internet of things terminal device identification software architecture of the present invention;
fig. 3 is a flow chart of searching for the internet of things terminal device element based on the search behavior simulation in step S2 in the method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Example 1
As shown in fig. 1, the present embodiment provides a method for identifying an internet of things terminal device based on fingerprint element search and extended identification, and the method implements identification software for an internet of things terminal device s (a software architecture is shown in fig. 2), and includes the following steps:
s1, crawling fingerprint information of networking terminal equipment from a fingerprint list page of a mainstream Internet of things search engine (such as Shodan, censys, FOFA, zoomeye and the like) based on a traditional network crawler, normalizing and removing duplication, and constructing a networking terminal equipment fingerprint information base;
the fingerprint information of the terminal equipment of the Internet of things comprises the name of the terminal equipment of the Internet of things, a meta search fingerprint, a manufacturer name, a software version and a product description, and specifically comprises the following steps:
s11, taking a fingerprint page url of the internet of things terminal equipment of the mainstream internet of things search engine as a seed url set of the traditional web crawler;
s12, automatically acquiring and regularly updating the fingerprint information of the Internet of things terminal equipment on the mainstream Internet of things engine based on the web crawler;
and S13, carrying out standard processing on the acquired fingerprints of the terminal equipment of the Internet of things, and uniformly storing and warehousing the processed fingerprints.
S2, for each piece of terminal equipment fingerprint of the Internet of things, on the basis of driving an embedded browser to simulate a registered user to log in a specific Internet of things search engine (such as Shodan), starting meta search to obtain an Internet of things terminal equipment seed IP list, and simultaneously extracting fingerprint information of each seed Internet of things terminal equipment, as shown in FIG. 3, the method specifically comprises the following steps:
s21, establishing an account pool of the device search engine by using a pre-registered legal account of the device search engine (such as Shodan), and then simulating user login by adopting a drive embedded browser; the method comprises the steps that an embedded browser is driven to adopt a leader-chrome browser which is automatically scheduled and embedded based on a Selenium, an account (a user name and a password) is randomly taken out from a pre-constructed device search engine account pool, and the browser is driven to automatically input the user name and the password for logging in;
s22, after legally logging in the equipment search engine, taking the Shodan equipment search engine as an example, firstly, analyzing and storing a token value of a login page, and when subsequently executing meta search and submitting a form, submitting a user name and a password by a post method and simultaneously submitting the token of the login page; here, token acquisition mainly breaks through an Anti CSRF Token mechanism adopted by Shodan and other equipment search engines for preventing CSRF (Cross-Site Request broker, cross-Site Request Forgery) attacks;
s23, after legally logging in and obtaining a token, driving a browser to execute searching based on each device fingerprint, and obtaining result page turning url information;
s24, aiming at the obtained result page turning url and token information, after device fingerprint element searching is performed to obtain a result response result page, extracting the Internet of things terminal device of each page as a seed in a combined mode of xpath and regular expression, and extracting fingerprint information such as an IP address, a software version, an open port list, a system response and the like of the Internet of things terminal device of each seed;
and S25, after the extracted seed Internet of things terminal equipment and the fingerprint information format thereof are standardized, the extracted seed Internet of things terminal equipment and the fingerprint information format thereof are uniformly stored in an Internet of things terminal equipment information base.
S3, expanding and obtaining all the IP of the C-type network where the IP is located according to each Internet of things terminal equipment seed IP obtained by meta-search, and specifically comprising the following steps:
s31, based on the seed Internet of things terminal equipment IP obtained in the step S2, performing C-type network address field expansion on each seed IP to obtain an expanded IP address of a C-type network where the seed IP is located;
s32, loading each extended IP address obtained in the step S31 into an IP to be extended and identified, and providing a data source for the extended identification and analysis of the subsequent adjacent Internet of things terminal equipment;
s4, aiming at each C-type network IP obtained by seed expansion, firstly, a mainstream Internet of things search engine IP detail search interface is utilized, whether the C-type network IP is an Internet of things terminal device is analyzed based on meta search identification, if the fingerprint information of the C-type network IP is extracted for the Internet of things terminal device, and an active identification method is adopted to identify unidentified C-type network IPs, and the method specifically comprises the following steps:
s41, logging in the Internet of things search engine by adopting the same legal account in the step S2;
s42, for each C-type network IP obtained by seed IP expansion, driving a browser to execute specific IP detail search of a mainstream Internet of things search engine, and obtaining a detail page result of specified IP retrieval;
s43, extracting equipment information in the detailed page based on the regular expression, judging the equipment based on the field, the label, the fingerprint and the like, and extracting the fingerprint information if the equipment is identified to be the terminal equipment of the Internet of things; if the terminal device is not the terminal device of the Internet of things or the non-survival device, discarding the terminal device;
and S5, standardizing the information of the Internet of things terminal equipment of the meta search identification, the expansion identification and the active identification, and uniformly storing the information into an Internet of things terminal equipment information base (MongoDB database).
Claims (6)
1. The method for identifying the terminal equipment of the Internet of things based on fingerprint element search and extended identification is characterized by comprising the following steps of:
s1, crawling device fingerprint information from a fingerprint list page of a mainstream Internet of things search engine based on a traditional web crawler, normalizing and removing duplicate, and constructing a networking terminal device fingerprint information base;
s2, for each fingerprint of the terminal equipment of the Internet of things, on the basis of driving an embedded browser to simulate a registered user to log in a search engine of the Internet of things, starting a meta search to obtain a seed IP list of the equipment, and extracting fingerprint information of each seed equipment;
s3, expanding all the IP of the C-type network where the IP is located according to each Internet of things terminal equipment seed IP obtained by meta search;
s4, aiming at each C-type network IP obtained by seed expansion, firstly, identifying and analyzing whether the C-type network IP is an Internet of things terminal device or not based on meta search by utilizing a mainstream Internet of things search engine IP detail search interface, if the C-type network IP is the Internet of things terminal device, extracting fingerprint information of the C-type network IP, and identifying the C-type network IP which is not identified by adopting an active identification method;
and S5, standardizing the information of the terminal equipment of the Internet of things, including meta search recognition, extended recognition and active recognition, and uniformly storing the information into an information base of the terminal equipment of the Internet of things.
2. The method for identifying the terminal equipment of the internet of things based on the fingerprint meta search and the extended identification as claimed in claim 1, wherein in the step S1, the fingerprint information of the terminal equipment of the internet of things comprises an equipment name, a meta search fingerprint, a manufacturer name, a software version and a product description.
3. The method for identifying the terminal equipment of the internet of things based on the fingerprint meta search and the extended identification as claimed in claim 2, wherein the step S1 specifically comprises:
s11, taking a fingerprint page url of the internet of things terminal equipment of the mainstream internet of things search engine as a seed url set of the traditional web crawler;
s12, automatically acquiring and regularly updating the fingerprint information of the Internet of things terminal equipment on the mainstream Internet of things engine based on the web crawler;
and S13, carrying out standard processing on the acquired fingerprints of the terminal equipment of the Internet of things, and uniformly storing and warehousing the processed fingerprints.
4. The method for identifying the terminal equipment of the internet of things based on the fingerprint meta search and the extended identification as claimed in claim 2, wherein the step S2 specifically comprises the steps of:
s21, establishing an equipment search engine account pool by using a pre-registered equipment search engine legal account, and then simulating user login by adopting a drive embedded browser; the embedded browser is driven to adopt a leader-chrome browser which is automatically scheduled and embedded based on the Selenium, an account is randomly taken out from a pre-constructed account pool of the equipment search engine, and the browser is driven to automatically input a user name and a password for logging in;
s22, after legally logging in the equipment search engine, taking the Shodan equipment search engine as an example, firstly, analyzing and storing a token value of a login page, and when subsequently executing meta search and submitting a form, submitting a user name and a password by a post method and simultaneously submitting the token of the login page;
s23, after legally logging in and obtaining a token, driving a browser to execute searching based on each device fingerprint, and obtaining result page turning url information;
s24, aiming at the obtained result page url and token information, after device fingerprint element search is executed to obtain a result response result page, extracting the terminal device of the Internet of things of each page in a combined mode of xpath and regular expression as a seed, and extracting the IP address, the software version, the open port list and the system response of each seed device asset;
s25, after the extracted seed Internet of things terminal equipment and the fingerprint information format thereof are standardized, the seed Internet of things terminal equipment and the fingerprint information format thereof are stored in an Internet of things terminal equipment information base in a unified mode.
5. The method for identifying the terminal equipment of the internet of things based on the fingerprint meta search and the extended identification as claimed in claim 3, wherein the step S3 specifically comprises:
s31, based on the seed Internet of things terminal equipment IP obtained in the step S2, performing C-type network address field expansion on each seed IP to obtain an expanded IP address of a C-type network where the seed IP is located;
and S32, loading each extended IP address obtained in the step S31 into the IP to be extended and identified, and providing a data source for the extended identification and analysis of the subsequent adjacent Internet of things terminal equipment.
6. The method for identifying the terminal equipment of the internet of things based on the fingerprint meta search and the extended identification as claimed in claim 4, wherein the step S4 specifically comprises:
s41, adopting the same legal account in the step S2 to log in an Internet of things search engine;
s42, for each C-type network IP obtained by seed IP expansion, driving a browser to execute specific IP detail search of a mainstream Internet of things search engine, and obtaining a detail page result of the IP search;
s43, extracting equipment information in the detail page based on the regular expression, studying and judging the equipment based on the field, the label and the fingerprint, and if the equipment is identified as the Internet of things terminal equipment, extracting the fingerprint information; and if the terminal equipment is not the terminal equipment or the non-survival equipment of the Internet of things, discarding the terminal equipment or the non-survival equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210789049.4A CN114866354B (en) | 2022-07-06 | 2022-07-06 | Internet of things terminal equipment identification method based on fingerprint element search and extended identification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210789049.4A CN114866354B (en) | 2022-07-06 | 2022-07-06 | Internet of things terminal equipment identification method based on fingerprint element search and extended identification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114866354A CN114866354A (en) | 2022-08-05 |
CN114866354B true CN114866354B (en) | 2022-10-11 |
Family
ID=82626316
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210789049.4A Active CN114866354B (en) | 2022-07-06 | 2022-07-06 | Internet of things terminal equipment identification method based on fingerprint element search and extended identification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114866354B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107087001A (en) * | 2017-05-15 | 2017-08-22 | 华中科技大学 | A kind of important address spatial retrieval system in distributed internet |
CN111601361A (en) * | 2020-05-22 | 2020-08-28 | 中国人民解放军国防科技大学 | Method and device for detecting key nodes of Ad hoc network in real time |
CN112347328A (en) * | 2020-10-27 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Network platform identification method, device, equipment and readable storage medium |
CN112532489A (en) * | 2020-12-01 | 2021-03-19 | 深圳万物安全科技有限公司 | Internet of things equipment identification method and system and storage medium |
CN112702405A (en) * | 2020-12-18 | 2021-04-23 | 太原理工大学 | Internet of things equipment identification method based on multi-protocol detection |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160275190A1 (en) * | 2013-10-21 | 2016-09-22 | Convida Wireless, Llc | Crawling of m2m devices |
CA3072045A1 (en) * | 2017-08-02 | 2019-02-07 | Strong Force Iot Portfolio 2016, Llc | Methods and systems for detection in an industrial internet of things data collection environment with large data sets |
CA3102306A1 (en) * | 2019-12-10 | 2021-06-10 | Battelle Memorial Institute | Mitigation of external exposure of energy delivery systems |
-
2022
- 2022-07-06 CN CN202210789049.4A patent/CN114866354B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107087001A (en) * | 2017-05-15 | 2017-08-22 | 华中科技大学 | A kind of important address spatial retrieval system in distributed internet |
CN111601361A (en) * | 2020-05-22 | 2020-08-28 | 中国人民解放军国防科技大学 | Method and device for detecting key nodes of Ad hoc network in real time |
CN112347328A (en) * | 2020-10-27 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Network platform identification method, device, equipment and readable storage medium |
CN112532489A (en) * | 2020-12-01 | 2021-03-19 | 深圳万物安全科技有限公司 | Internet of things equipment identification method and system and storage medium |
CN112702405A (en) * | 2020-12-18 | 2021-04-23 | 太原理工大学 | Internet of things equipment identification method based on multi-protocol detection |
Non-Patent Citations (1)
Title |
---|
非入侵式网络安全扫描技术研究;王宸东等;《信息安全与通信保密》;20160910(第09期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114866354A (en) | 2022-08-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10454969B2 (en) | Automatic generation of low-interaction honeypots | |
CN105721427B (en) | A method of excavating attack Frequent Sequential Patterns from Web daily records | |
CN107087001B (en) | distributed internet important address space retrieval system | |
CN111600850B (en) | Method, equipment and storage medium for detecting mine digging virtual currency | |
CN110221977A (en) | Website penetration test method based on ai | |
CN105376217B (en) | A kind of malice jumps and the automatic judging method of malice nested class objectionable website | |
WO2014000537A1 (en) | System and method for finding phishing website | |
CN111865925A (en) | Network traffic based fraud group identification method, controller and medium | |
US11570196B2 (en) | Method for determining duplication of security vulnerability and analysis apparatus using same | |
CN113923003A (en) | Attacker portrait generation method, system, equipment and medium | |
CN114826671B (en) | Network asset identification method and device based on hierarchical matching of fingerprints | |
CN111447224A (en) | Web vulnerability scanning method and vulnerability scanner | |
CN114528457A (en) | Web fingerprint detection method and related equipment | |
CN109547294B (en) | Networking equipment model detection method and device based on firmware analysis | |
CN113300977B (en) | Application flow identification and classification method based on multi-feature fusion analysis | |
CN103440454A (en) | Search engine keyword-based active honeypot detection method | |
CN112714118B (en) | Network traffic detection method and device | |
CN114866354B (en) | Internet of things terminal equipment identification method based on fingerprint element search and extended identification | |
CN112003884B (en) | Method for collecting network assets and retrieving natural language | |
CN112667875A (en) | Data acquisition method, data analysis method, data acquisition device, data analysis device, equipment and storage medium | |
CN110611673B (en) | IP credit calculation method, device, electronic equipment and medium | |
CN113132340B (en) | Phishing website identification method based on vision and host characteristics and electronic device | |
CN112202763B (en) | IDS strategy generation method, device, equipment and medium | |
CN106411879B (en) | A kind of acquisition methods and device of software identification feature | |
CN115296892A (en) | Data information service system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |