CN115705244A - Network asset detection method and device and server - Google Patents
Network asset detection method and device and server Download PDFInfo
- Publication number
- CN115705244A CN115705244A CN202110912740.2A CN202110912740A CN115705244A CN 115705244 A CN115705244 A CN 115705244A CN 202110912740 A CN202110912740 A CN 202110912740A CN 115705244 A CN115705244 A CN 115705244A
- Authority
- CN
- China
- Prior art keywords
- subtasks
- subtask
- server
- detection
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 113
- 238000000034 method Methods 0.000 claims abstract description 41
- 239000000523 sample Substances 0.000 claims abstract description 30
- 230000004044 response Effects 0.000 claims description 28
- 230000000875 corresponding effect Effects 0.000 claims description 21
- 230000002596 correlated effect Effects 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 14
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000004083 survival effect Effects 0.000 description 4
- 238000012502 risk assessment Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides a method, an apparatus and a server for detecting network assets, which relate to the field of information security, and the method comprises: receiving a probe task comprising a plurality of subtasks, each subtask comprising an IP address of a target asset; acquiring the current available resources of a server; determining a first number of threads that can be currently concurrently executed by the server based on reference information including available resources and hardware configuration parameters of the server; judging whether the second quantity of the first group of sub-tasks which are not executed in the plurality of sub-tasks is larger than the first quantity or not so as to obtain a judgment result; under the condition that the judgment result is negative, executing the first group of subtasks by utilizing a plurality of threads with a second quantity to obtain the detection result of the first group of subtasks; if the judgment result is yes, executing a second group of subtasks with the number of the subtasks being the first number by utilizing a plurality of threads with the first number to obtain a detection result of the second group of subtasks; and after the execution of the second group of subtasks is finished, repeatedly executing the obtaining, determining and judging.
Description
Technical Field
The disclosure relates to the field of information security, in particular to a method, a device and a server for detecting network assets.
Background
With the popularization of network technologies, various network assets also face extremely high network security risks while providing life convenience.
The network assets can be managed by probing the network assets and advanced risk analysis can be performed based on the probing results to improve the network security risk.
Disclosure of Invention
The inventor notices that in the related art, the efficiency of network asset detection is not high, and the detection result cannot be obtained in time. In this way, risk analysis cannot be performed in time, and thus, network security risks cannot be improved in time.
The inventors have analyzed that this is because the number of threads concurrently executing the probing task of the network asset is a default value or a fixed value specified by the user. If the number of threads performing a probing task is too small, the available resources of the server cannot be fully utilized, resulting in inefficient probing. If the number of threads executing probing tasks is too large, the server cannot concurrently execute probing tasks with a specified number of threads, but needs to switch back and forth between different threads, which increases the time required for switching between different threads, and also causes probing inefficiency.
In order to solve the above problem, the embodiments of the present disclosure propose the following solutions.
According to an aspect of the embodiments of the present disclosure, there is provided a method for detecting a network asset, including: receiving a probe task, wherein the probe task comprises a plurality of subtasks, and each subtask comprises an IP address of a target asset; acquiring the current available resources of a server; determining a first number of threads that the server is currently capable of concurrently executing based on reference information, the reference information including the available resources and hardware configuration parameters of the server; judging whether the second quantity of the first group of unexecuted subtasks in the plurality of subtasks is larger than the first quantity to obtain a judgment result; under the condition that the judgment result is negative, executing the first group of subtasks by utilizing the plurality of threads with the second quantity to obtain the detection result of each subtask in the first group of subtasks; if the judgment result is yes, executing a second group of subtasks by using the first number of multiple threads to obtain a detection result of each subtask in the second group of subtasks, wherein the number of the subtasks in the second group of subtasks is the first number; after the execution of the second set of subtasks is completed, the obtaining, the determining, and the judging are repeatedly performed until the second number is 0.
In some embodiments, the method further comprises: determining a ratio corresponding to the detection type according to the detection type of the detection task, wherein the ratio is the ratio of the waiting time and the calculating time of the detection task of the detection type executed by a central processing unit of the server; wherein the reference information further comprises the ratio, the first quantity being positively correlated with the ratio.
In some embodiments, the method further comprises: acquiring the current network bandwidth of the server; wherein the reference information further comprises the network bandwidth, and the first quantity is positively correlated with the network bandwidth.
In some embodiments, the hardware configuration parameters include the core number of a central processing unit of the server and the read-write speed of a memory.
In some embodiments, performing the second set of subtasks to obtain the probe result for each subtask in the second set of subtasks includes: sending a first data packet corresponding to the detection type of the detection task to the IP address of each subtask in the second group of subtasks; under the condition that a response packet of a first data packet of a certain subtask is not received within a preset time period, sending a second data packet of the escape protection equipment to an IP address of the subtask; and determining the detection result of the subtask according to the receiving condition of the response packet of the second data packet.
In some embodiments, each subtask in the second group of subtasks further includes a port number of a target asset, and the second packet is sent to a port corresponding to the port number of the target asset in the subtask; determining the detection result of the subtask according to the receiving condition of the response packet of the second data packet includes: determining that the port is open in a case where a response packet of the second data packet is received; and determining that the port is closed under the condition that a response packet of the second data packet is not received.
In some embodiments, the detection type is a device type of the target asset, and the response packet of the second data packet carries fingerprint information of the device type of the target asset in the subtask; determining the detection result of the subtask according to the receiving condition of the response packet of the second data packet includes: and comparing the fingerprint information with various preset fingerprint information to obtain the equipment type of the target asset, wherein different types of fingerprint information in the various fingerprint information correspond to different equipment types.
In some embodiments, the method further comprises: caching the detection result of each subtask in the plurality of subtasks to the server in association with the IP address of the subtask; and storing the detection result cached by the server in a database according to a preset period.
In some embodiments, the method further comprises: before the available resources are obtained, judging whether the number of the plurality of subtasks is larger than the free capacity of a queue with preset capacity; adding the plurality of subtasks to the queue if the number of the plurality of subtasks is not greater than the free capacity; prior to executing the first set of subtasks, fetching the first set of subtasks from the queue; fetching the second set of sub-tasks from the queue prior to executing the second set of sub-tasks.
According to another aspect of the embodiments of the present disclosure, there is provided a network asset detection apparatus, including: a receiving module configured to receive a probe task, the probe task comprising a plurality of subtasks, each subtask comprising an IP address of a target asset; an obtaining module configured to obtain currently available resources of a server where the apparatus is located; a determining module configured to determine a first number of threads that the server can currently concurrently execute based on reference information, the reference information including the available resources and hardware configuration parameters of the server; the judging module is configured to judge whether the second quantity of the first group of unexecuted subtasks in the plurality of subtasks is larger than the first quantity so as to obtain a judging result; the execution module is configured to execute the first group of subtasks by using the second number of threads to obtain a detection result of each subtask in the first group of subtasks under the condition that the judgment result is negative; if the judgment result is yes, executing a second group of subtasks by using the first number of multiple threads to obtain a detection result of each subtask in the second group of subtasks, wherein the number of the subtasks in the second group of subtasks is the first number; after the second set of subtasks is completed, instructing the fetch module to repeat the fetching until the second number is 0.
According to another aspect of the embodiments of the present disclosure, there is provided a network asset detection apparatus, including: a memory; and a processor coupled to the memory, the processor configured to perform the method of any of the above embodiments based on instructions stored in the memory.
According to still another aspect of the embodiments of the present disclosure, there is provided a server including: the network asset detection device according to any of the above embodiments.
According to yet another aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium comprising computer-executable instructions that, when executed by one or more processors, cause the one or more processors to perform the method of any one of the above embodiments.
In the embodiment of the disclosure, after receiving a probe task, each time, a first number of threads that can be currently and concurrently executed by a server is determined by using reference information including currently available resources and hardware configuration parameters of the server, and when a second number of subtasks that are not currently executed is greater than the first number, the subtasks are executed by using a plurality of threads of the first number to obtain a probe result of the subtasks. Therefore, the current resources of the server can be fully utilized to execute the subtasks, and the server can be ensured to concurrently execute the subtasks by utilizing the first number of threads without switching back and forth among different threads, so that the detection efficiency can be improved, and the detection result can be obtained in time.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow diagram of a method of detection of a network asset according to some embodiments of the present disclosure;
FIG. 2 is a flow diagram of a method of detection of a network asset according to further embodiments of the present disclosure;
FIG. 3 is a flow diagram of a method of detection of a network asset according to yet further embodiments of the present disclosure;
FIG. 4 is a schematic block diagram of a detection device of a network asset according to some embodiments of the present disclosure;
FIG. 5 is a schematic block diagram of a detection apparatus for a network asset according to further embodiments of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the embodiments described are only some embodiments of the present disclosure, rather than all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as exemplary only and not as limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be discussed further in subsequent figures.
FIG. 1 is a flow diagram of a method of detection of a network asset according to some embodiments of the present disclosure.
As shown in fig. 1, the method for detecting a network asset includes steps 102 to 112.
At step 102, a probe task is received. Here, the probe task includes a plurality of subtasks, each subtask including an IP address of the target asset.
Target assets are network assets representing various devices used in a computer or communications network, e.g., hosts, routers, etc. The IP addresses of the target assets included in different ones of the plurality of subtasks may be the same or different.
In some embodiments, the probe task belongs to one of a plurality of probe types, e.g., survival probe, port probe, device type probe, etc.
In step 104, the currently available resources of the server are obtained.
The server is a server where the device executing the probing method is located. The currently available resources of the server include, for example, at least one of available resources of a Central Processing Unit (CPU) of the server and available space of a memory, and the like.
At step 106, a first number of threads that the server can currently execute concurrently is determined based on the reference information.
Here, the reference information includes the available resources acquired in step 104 and the hardware configuration parameters of the server. The hardware configuration parameters of the server include, for example, the core number of the CPU of the server and the read-write speed of the memory.
It should be appreciated that the first number of threads that the server is currently capable of concurrently executing is less than or equal to the maximum number of threads that the server is currently capable of concurrently executing.
In some embodiments, the first number of threads that the server can currently execute concurrently is positively correlated with the available resources. For example, if the CPU resources and the memory space required by the server to run each thread are fixed, the first number of threads may be determined according to the available resources of the CPU and the available space of the memory, and the larger the available resources of the CPU and the available space of the memory, the larger the determined first number of threads.
In some embodiments, the first number of threads that a server can currently execute concurrently is positively correlated with a hardware configuration parameter of the server. For example, the first number of threads is determined to be greater when the number of cores of the CPU is greater; for another example, the first number of threads is determined to be greater when the read-write speed of the memory is higher.
In step 108, it is determined whether the second number of the first group of sub-tasks that are not executed in the plurality of sub-tasks is greater than the first number to obtain a determination result.
It should be understood that the second number of the first set of subtasks represents the total number of subtasks of the probing task that are not executed.
In case the judgment result is no (i.e. the second number is not greater than the first number), step 110 is executed; in case the determination result is yes (i.e. the second number is larger than the first number), step 112 is performed.
At step 110, the first set of subtasks is executed using a second number of the plurality of threads to obtain a detection result for each subtask in the first set of subtasks.
At step 112, the second set of subtasks is executed using the first number of the plurality of threads to obtain a probe result for each subtask in the second set of subtasks. Here, the number of subtasks in the second group of subtasks is the first number.
After the second set of subtasks is completed, the steps 104 to 108 are repeatedly performed until the second number is 0, that is, until all of the plurality of subtasks of the probe task are completed.
For example, a data packet corresponding to the detection type of each subtask may be sent to the IP address of the subtask, and the detection result of the subtask may be obtained according to the reception condition of the response packet of the data packet.
Taking the probing task with the probing type as the survival probing as an example, a corresponding data packet is sent to the IP address of each subtask. Under the condition that a response packet of a data packet sent to the IP address of a certain subtask is received, determining that the detection result of the IP address of the subtask is survival; and under the condition that a response packet of a data packet sent to the IP address of a certain subtask is not received, determining that the detection result of the IP address of the subtask is non-survival.
In the above embodiment, after receiving the probe task, each time, the reference information including the current available resources and the hardware configuration parameters of the server is used to determine a first number of threads that can be currently and concurrently executed by the server, and when a second number of sub tasks that are not currently executed is greater than the first number, the sub tasks are executed by using a plurality of threads of the first number to obtain a probe result of the sub tasks. Therefore, the current resources of the server can be fully utilized to execute the subtasks, and the server can be ensured to utilize the threads with the first number to concurrently execute the subtasks without switching back and forth among different threads, so that the detection efficiency can be improved, and the detection result can be obtained in time.
And risk analysis can be timely carried out according to the detection result subsequently, so that the network security risk is timely improved.
In addition, each time after the second set of subtasks is completed, the currently available resources of the server are reacquired and the first number of threads is redetermined. Therefore, the detection efficiency can be improved, and meanwhile, other applications on the server can be ensured to normally run.
The method for detecting a network asset provided by the embodiment of the present disclosure is further described below with reference to fig. 2.
FIG. 2 is a flow diagram of a method for detection of a network asset according to further embodiments of the present disclosure.
As shown in fig. 2, the method for detecting a network asset further includes at least one of steps 202 to 204 in addition to steps 102 to 112.
In some embodiments, the detection method further comprises step 202.
In step 202, a ratio corresponding to the detection type is determined according to the detection type of the detection task. Here, the ratio corresponding to the probe type is a ratio of a waiting time period for the CPU of the server to execute the probe task of the probe type to a calculation time period. In this case, the reference information in step 106 further includes a ratio corresponding to the detection type of the detection task, and the first quantity is positively correlated with the ratio.
The calculation time length represents a time length for the CPU to perform the calculation during the execution of the task, and the waiting time length represents a time length for the CPU not to perform the calculation (for example, a memory read-write time length, etc.) during the execution of the task.
For probing tasks of different probing types, the computation time and the waiting time during the execution of the task may also be different. The calculation duration and the waiting duration corresponding to each detection type can be predetermined through testing, so that the ratio of the calculation duration and the waiting duration corresponding to each detection type, namely the preset ratio, is obtained.
The first number determined based on the reference information including the ratio corresponding to the detection type of the detection task is more suitable for the actual time overhead condition of the detection task to be executed, so that the detection efficiency can be further improved.
The inventor has noticed that the decrease of the network bandwidth may cause the network packet loss rate to increase, so the accuracy of the detection result of the asset detection is not high under the condition of small network bandwidth, and the network security risk cannot be effectively improved.
In some embodiments, in order to improve the accuracy of the detection result, the detection method further includes step 204.
In step 204, the current network bandwidth of the server is obtained. In this case, the reference information further includes the acquired network bandwidth, and the first amount is positively correlated with the network bandwidth.
Under the condition that the network bandwidth is smaller, the first number of threads is smaller; and in case of a larger network bandwidth, the first number of threads is also larger. Therefore, the accuracy of the detection result of the asset detection can be improved while the detection efficiency is improved, and the network security risk is effectively improved.
It should be understood that step 202 and step 204 are both performed before step 106. Step 104, step 202 and step 204 may be performed sequentially or simultaneously.
The method for detecting a network asset provided by the embodiments of the present disclosure is further described below with reference to some embodiments.
In some embodiments, after the detection result of each subtask is obtained, the detection result of the subtask and the IP address of the subtask are cached in the server in association, and then all the detection results cached by the server are stored in the database according to a preset period.
The amount of concurrent access supported by the database is low, and under the condition that the first amount is large, the detection result is directly stored in the database to cause the risk of data loss, so that the accuracy of the detection result is reduced. The detection result is firstly stored in the memory of the server capable of supporting higher concurrent access amount and then stored in the database for subsequent use, so that the accuracy of the detection result can be improved, and the network security risk can be effectively improved.
In some embodiments, before obtaining the currently available resources of the server, it is first determined whether the number of the plurality of subtasks of the probe task is greater than the free capacity of the queue having the preset capacity. And adding the plurality of subtasks into the queue under the condition that the number of the plurality of subtasks is not more than the free capacity of the queue. The first set of sub-tasks is then pulled from the queue before execution of the first set of sub-tasks, and the second set of sub-tasks is pulled from the queue before execution of the second set of sub-tasks. Therefore, the problem of overlarge memory consumption of the server caused by continuous reception of the detection tasks can be avoided.
Some implementations of performing the second set of subtasks to obtain a detection result for each of the second set of subtasks are described below in conjunction with FIG. 3.
FIG. 3 is a flow chart of a method of detection of a network asset according to further embodiments of the present disclosure.
As shown in fig. 3, the method for detecting a network asset includes steps 102 to 112, and step 112 includes steps 1122 to 1126.
At step 1122, a first packet corresponding to the probing type of the probing task is sent to the IP address of each of the second set of subtasks.
For example, each thread of the determined first number of multiple threads executes a corresponding one of the second set of sub-tasks, respectively. Each thread sends a packet corresponding to the type of probing, e.g., an Acknowledgement (ACK) packet, a synchronization sequence number (SYN) packet, etc., to the IP address of the corresponding subtask.
In some embodiments, the detection result of each subtask is determined according to the receiving condition of the response packet of the first data packet of the subtask.
However, the inventors have noted that, since the target asset is deployed behind the guard device, the first data packet is likely to be intercepted by the guard device, and thus the reply packet of the first data packet cannot be received. This may reduce the accuracy of the probing result determined based on the reception of the response packet of the first data packet. Accordingly, some embodiments of the present disclosure further include step 1124 and step 1126 as follows.
In step 1124, in case that a response packet of a first data packet of a certain subtask is not received within a preset time period, a second data packet of the escape protection apparatus is sent to the IP address of the subtask.
For example, the second packet of the escape protection device (e.g., firewall) is a plurality of packets, each carrying a segment of a Transmission Control Protocol (TCP) header. As another example, the second packet of the escape protection device is a packet of a size not exceeding a Maximum Transmission Unit (MTU).
In step 1126, the probing result of the subtask is determined according to the receiving condition of the response packet of the second data packet of the subtask.
For example, the probing type of the probing task is port probing. In this case, each subtask in the second group also includes a port number of the target asset. And the first data packet and the second data packet are both sent to a port corresponding to the port number of the target asset in the subtask. Determining that the port is opened under the condition of receiving a response packet of a second data packet of a certain subtask; and determining that the port is closed when the response packet of the second data packet of a certain subtask is not received.
As another example, the detection type of the detection task is a device type of the detection target asset (i.e., device type detection). In this case, the response packet of the second data packet carries the fingerprint information of the device type of the target asset in the subtask, and the fingerprint information may be compared with a plurality of preset fingerprint information to obtain the device type of the target asset. Here, different types of fingerprint information in the multiple types of fingerprint information correspond to different device types, one type of fingerprint information to which the fingerprint information belongs can be obtained by comparing the fingerprint information carried by the response packet of the second data packet with the multiple types of fingerprint information, and then the device type of the target asset can be obtained according to the device type corresponding to the fingerprint information.
In the above embodiment, when the response packet of the first data packet of a certain subtask is not received within the preset time period, the second data packet of the escape protection device is sent to the IP address of the subtask, and the detection result of the subtask is determined according to the receiving condition of the response packet of the second data packet of the subtask, instead of directly determining the detection result of the subtask according to the receiving condition of the response packet of the first data packet. Therefore, the accuracy of the detection result can be improved, and the network security risk can be effectively improved.
It should be appreciated that in step 110, the first set of subtasks may be performed in an implementation similar to that of FIG. 3. Therefore, the accuracy of the detection result can be further improved, and the network security risk can be effectively improved.
FIG. 4 is a schematic block diagram of a detection apparatus for a network asset according to some embodiments of the present disclosure.
As shown in fig. 4, the detection apparatus of the network asset includes a receiving module 401, an obtaining module 402, a determining module 403, a judging module 404 and an executing module 405.
The receiving module 401 is configured to receive a probe task. Here, the probe task includes a plurality of subtasks, each subtask including an IP address of the target asset.
The acquisition module 402 is configured to acquire currently available resources of a server in which the apparatus is located.
The determining module 403 is configured to determine a first number of threads that the server can currently execute concurrently based on the reference information. Here, the reference information includes available resources and hardware configuration parameters of the server.
The determining module 404 is configured to determine whether a second number of the first group of sub-tasks that are not executed in the plurality of sub-tasks is greater than the first number to obtain a determination result.
The execution module 405 is configured to execute the first group of subtasks by using a second number of multiple threads to obtain a detection result of each subtask in the first group of subtasks if the determination result is negative; if the judgment result is yes, executing a second group of subtasks by utilizing a plurality of threads with a first number to obtain a detection result of each subtask in the second group of subtasks, wherein the number of the subtasks in the second group of subtasks is the first number; after the second set of subtasks is completed, the fetch module 402 is instructed to repeat fetching until the second number is 0.
It should be understood that, after the obtaining module 402 obtains the available resources of the server, the determining module 403 and the determining module 404 may automatically perform corresponding operations in turn.
FIG. 5 is a schematic block diagram of a detection apparatus for a network asset according to further embodiments of the present disclosure.
As shown in fig. 5, the detection apparatus of the network asset includes a memory 501 and a processor 502 coupled to the memory 501, and the processor 502 is configured to execute the detection method of the network asset according to any one of the foregoing embodiments based on instructions stored in the memory 501.
The memory 501 may include, for example, a system memory, a fixed non-volatile storage medium, and the like. The system memory may store, for example, an operating system, application programs, a Boot Loader (Boot Loader), and other programs.
The detection means of the network asset may further comprise an input output interface 503, a network interface 504, a storage interface 505, etc. The interfaces 503, 504, 505, and the memory 501 and the processor 502 may be connected by a bus 506, for example. The input/output interface 503 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 504 provides a connection interface for various networking devices. The storage interface 505 provides a connection interface for external storage devices such as an SD card and a usb disk.
The embodiment of the disclosure also provides a server, which includes the detection device of the network asset in any one of the above embodiments.
The disclosed embodiments also provide a computer-readable storage medium having stored thereon computer-executable instructions that, when executed by one or more processors, implement the method of any of the above embodiments.
Thus far, various embodiments of the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. Those skilled in the art can now fully appreciate how to implement the teachings disclosed herein, in view of the foregoing description.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the embodiments of the detection apparatus and the server of the network asset, since they basically correspond to the embodiments of the method, the description is relatively simple, and reference may be made to the partial description of the embodiments of the method for relevant points.
In addition, in the description of the present disclosure, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or order.
As will be appreciated by one of skill in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that the functions specified in one or more of the flows in the flowcharts and/or one or more of the blocks in the block diagrams can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be understood by those skilled in the art that various changes may be made in the above embodiments or equivalents may be substituted for elements thereof without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (13)
1. A method of probing a network asset, comprising:
receiving a probe task, wherein the probe task comprises a plurality of subtasks, and each subtask comprises an IP address of a target asset;
acquiring the current available resources of a server;
determining a first number of threads that the server can currently execute concurrently based on reference information, the reference information including the available resources and hardware configuration parameters of the server;
judging whether the second number of the first group of sub tasks which are not executed in the plurality of sub tasks is larger than the first number or not to obtain a judgment result;
under the condition that the judgment result is negative, executing the first group of subtasks by using the plurality of threads with the second quantity to obtain a detection result of each subtask in the first group of subtasks;
if the judgment result is yes, executing a second group of subtasks by using the first number of multiple threads to obtain a detection result of each subtask in the second group of subtasks, wherein the number of the subtasks in the second group of subtasks is the first number;
after the execution of the second set of subtasks is completed, the obtaining, the determining, and the judging are repeatedly performed until the second number is 0.
2. The method of claim 1, further comprising:
determining a ratio corresponding to the detection type according to the detection type of the detection task, wherein the ratio is the ratio of the waiting time of the central processing unit of the server for executing the detection task of the detection type to the calculation time;
wherein the reference information further comprises the ratio, the first quantity being positively correlated with the ratio.
3. The method of claim 1 or 2, further comprising:
acquiring the current network bandwidth of the server;
wherein the reference information further comprises the network bandwidth, and the first quantity is positively correlated with the network bandwidth.
4. The method of claim 1, wherein the hardware configuration parameters include a core count of a central processing unit of the server and a read-write speed of a memory.
5. The method of claim 1, wherein performing a second set of subtasks to obtain a probe result for each subtask of the second set of subtasks comprises:
sending a first data packet corresponding to the detection type of the detection task to the IP address of each subtask in the second group of subtasks;
under the condition that a response packet of a first data packet of a certain subtask is not received within a preset time period, sending a second data packet of escape protection equipment to an IP address of the subtask;
and determining the detection result of the subtask according to the receiving condition of the response packet of the second data packet.
6. The method of claim 5, wherein each subtask in the second set of subtasks further includes a port number of a target asset, and the second packet is sent to a port corresponding to the port number of the target asset in the subtask;
determining the detection result of the subtask according to the receiving condition of the response packet of the second data packet includes:
determining that the port is open in case of receiving a response packet of the second data packet;
and determining that the port is closed under the condition that a response packet of the second data packet is not received.
7. The method according to claim 5, wherein the detection type is a device type of a detection target asset, and the response packet of the second data packet carries fingerprint information of the device type of the target asset in the subtask;
determining the detection result of the subtask according to the receiving condition of the response packet of the second data packet includes:
and comparing the fingerprint information with various preset fingerprint information to obtain the equipment type of the target asset, wherein different types of fingerprint information in the various fingerprint information correspond to different equipment types.
8. The method of claim 1, further comprising:
caching the detection result of each subtask in the plurality of subtasks to the server in association with the IP address of the subtask;
and storing the detection result cached by the server in a database according to a preset period.
9. The method of claim 1, further comprising:
before the available resources are obtained, judging whether the number of the plurality of subtasks is larger than the free capacity of a queue with preset capacity;
adding the plurality of subtasks to the queue if the number of the plurality of subtasks is not greater than the free capacity;
prior to executing the first set of subtasks, fetching the first set of subtasks from the queue;
fetching the second set of sub-tasks from the queue prior to executing the second set of sub-tasks.
10. A detection apparatus for a network asset, comprising:
a receiving module configured to receive a probe task, the probe task comprising a plurality of subtasks, each subtask comprising an IP address of a target asset;
an obtaining module configured to obtain currently available resources of a server where the apparatus is located;
a determining module configured to determine a first number of threads that the server can currently concurrently execute based on reference information, the reference information including the available resources and hardware configuration parameters of the server;
the judging module is configured to judge whether the second number of the first group of sub tasks which are not executed in the plurality of sub tasks is larger than the first number or not so as to obtain a judging result;
the execution module is configured to execute the first group of subtasks by using the second number of threads to obtain a detection result of each subtask in the first group of subtasks under the condition that the judgment result is negative; if the judgment result is yes, executing a second group of subtasks by using the first number of multiple threads to obtain a detection result of each subtask in the second group of subtasks, wherein the number of the subtasks in the second group of subtasks is the first number; after the second set of subtasks is completed, instructing the fetch module to repeat the fetching until the second number is 0.
11. A detection apparatus of a network asset, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-9 based on instructions stored in the memory.
12. A server, comprising:
a detection apparatus for a network asset as claimed in claim 10 or 11.
13. A computer-readable storage medium comprising computer-executable instructions that, when executed by one or more processors, cause the one or more processors to perform the method of any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110912740.2A CN115705244A (en) | 2021-08-10 | 2021-08-10 | Network asset detection method and device and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110912740.2A CN115705244A (en) | 2021-08-10 | 2021-08-10 | Network asset detection method and device and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115705244A true CN115705244A (en) | 2023-02-17 |
Family
ID=85179484
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110912740.2A Pending CN115705244A (en) | 2021-08-10 | 2021-08-10 | Network asset detection method and device and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115705244A (en) |
-
2021
- 2021-08-10 CN CN202110912740.2A patent/CN115705244A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200287794A1 (en) | Intelligent autoscale of services | |
| US9218203B2 (en) | Packet scheduling in a multiprocessor system using inter-core switchover policy | |
| CN108694087A (en) | For the dynamic load leveling in the network interface card of optimal system grade performance | |
| US8806507B1 (en) | Dynamic provisioning of message groups | |
| US10944683B1 (en) | Hybrid queue system for request throttling | |
| US10338822B2 (en) | Systems and methods for non-uniform memory access aligned I/O for virtual machines | |
| KR101679573B1 (en) | Method and apparatus for service traffic security using dimm channel distribution multicore processing system | |
| CN105978821B (en) | The method and device that network congestion avoids | |
| CN109491788A (en) | A kind of virtual platform implementation of load balancing and device | |
| CN111490963A (en) | Data processing method, system, equipment and storage medium based on QUIC protocol stack | |
| EP2634699B1 (en) | Application monitoring | |
| CN110489242B (en) | Distributed data computing method, device, terminal equipment and storage medium | |
| US9507655B2 (en) | Tracking asynchronous entry points for an application | |
| CN113938404B (en) | Asset detection method, device, equipment, system and storage medium | |
| CN103905484B (en) | Handle the method and device of hypertext transfer protocol requests | |
| CN109788251A (en) | Method for processing video frequency, device and storage medium | |
| CN109714214A (en) | A kind of processing method and management equipment of server exception | |
| CN117176802A (en) | Full-link monitoring method and device for service request, electronic equipment and medium | |
| CN115705244A (en) | Network asset detection method and device and server | |
| Zabala et al. | Modelling packet capturing in a traffic monitoring system based on Linux | |
| CN110784337A (en) | Cloud service quality monitoring method and related product | |
| US8479184B2 (en) | General purpose emit for use in value profiling | |
| CN108427615A (en) | A kind of message monitoring method and device | |
| CN113810342A (en) | Intrusion detection method, device, equipment and medium | |
| CN113806083B (en) | Method and device for processing aggregate flow data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |