CN116719868A

CN116719868A - Network asset identification method, device and equipment

Info

Publication number: CN116719868A
Application number: CN202310621764.1A
Authority: CN
Inventors: 刘路阳; 陈帅; 王银龙; 李刚; 冯振平
Original assignee: Information and Data Security Solutions Co Ltd
Current assignee: Information and Data Security Solutions Co Ltd
Priority date: 2023-05-30
Filing date: 2023-05-30
Publication date: 2023-09-08

Abstract

The application discloses a method, a device and equipment for identifying network assets, which relate to the technical field of computers, and can quickly and accurately discover and identify unknown network assets and known network assets in a computer network, thereby improving the perceptibility of the computer assets in an intranet. The method comprises the following steps: acquiring login attribute information of network equipment in a set network domain; identifying associated network asset information of the network equipment by utilizing the login attribute information, and storing the associated network asset information into a network layer in the form of form data; and processing the associated network asset information in the form of table data into asset information associated with the network equipment in different attribute dimensions through a structural processing mode.

Description

Network asset identification method, device and equipment

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for identifying a network asset.

Background

With the development of business, more and more computer assets are built, a safe asset management platform is built, visual safe management of the life cycle of the assets is realized, a comprehensive dynamic asset inventory library of a building enterprise is a basis of information security, and an effective asset discovery and collection tool is a necessary condition for building a sound asset library.

In the related art, most of asset collection relies on a device user to report network assets to a management unit in a manual mode, for example, report newly added network assets, report updated network assets, the management unit collates the reported asset information, establishes an asset library, and identifies the network assets by using the information recorded in the asset library. However, the manner of manually reporting the network asset needs to manually input the running network asset, so that the identification efficiency of the network asset is low, and the condition of misreporting or missing of the network asset and the like can exist in the manual input, thereby affecting the accuracy of the identification of the network asset.

Disclosure of Invention

In view of the above, the application provides a method, a device and equipment for identifying network assets, and mainly aims to solve the problems that in the prior art, the identification efficiency of network assets is low and the accuracy of network asset identification is affected by a mode of manually inputting the network assets.

According to a first aspect of the present application, there is provided a method of identifying a network asset, comprising:

acquiring login attribute information of network equipment in a set network domain;

identifying associated network asset information of the network equipment by utilizing the login attribute information, and storing the associated network asset information into a network layer in the form of form data;

And processing the associated network asset information in the form of table data into asset information associated with the network equipment in different attribute dimensions through a structural processing mode.

Further, the obtaining login attribute information of the network device specifically includes:

acquiring network equipment in a set network domain, and receiving network equipment information provided by a resource user, wherein the network equipment information comprises equipment identification and equipment login information;

and configuring the equipment login information by using a preset field, and combining the equipment identifier with the configured equipment login information to obtain login attribute information of the network equipment.

Further, the identifying the associated network asset information of the network device by using the login attribute information, and storing the associated network asset information in a form of table data in a network layer specifically includes:

starting a device login service by using the login attribute information of the network device, and establishing connection between network resources and the network device by using a login protocol supported by the device login service;

acquiring at least one protocol table information of network equipment communication on the basis of connection of network resources and the network equipment;

And determining associated network asset information of the network equipment according to at least one protocol table information communicated by the network equipment, and storing the associated network asset information into a network layer in the form of table data.

Further, the obtaining at least one protocol table information of the network device communication based on the connection between the network resource and the network device specifically includes:

on the basis of connecting network resources with network equipment, acquiring the version identification of the network equipment by executing an acquisition instruction of the equipment version;

determining acquisition instructions of equipment resources matched with the network equipment from a pre-configured instruction library according to the version identification of the network equipment;

and acquiring at least one protocol table information of network equipment communication by executing the acquisition instruction of the equipment resource.

Further, the acquiring at least one protocol table information of the network device communication includes acquiring routing table information and link layer neighbor table information of the network device communication;

correspondingly, the method for determining the associated network asset information of the network device according to the at least one protocol table information communicated by the network device, and storing the associated network asset information into a network layer in the form of table data specifically comprises the following steps:

Acquiring original network asset information of network equipment communication by analyzing the routing table information and link layer neighbor table information of the network equipment;

and screening out the associated network asset information of the network equipment from the original network asset information communicated by the network equipment, and storing the associated network asset information into a network layer in the form of form data.

Further, the screening the associated network asset information of the network device from the original network asset information communicated by the network device, and storing the associated network asset information into a network layer in the form of table data, which specifically includes:

according to the original network asset information of the network communication equipment, verifying the equipment identifier recorded in the original network asset information by using a remote scanning tool, and determining a communication state corresponding to the original network asset;

and if the communication state corresponding to the original network asset is connection, taking the original network asset information as the associated network asset information of the network equipment, and storing the associated network asset information into a network layer in a form of form data.

Further, after the processing the associated network asset information in the form of table data into asset information associated with the network device in different attribute dimensions by the structuring processing manner, the method further includes:

Constructing a topological relation diagram for setting network equipment in a network domain by utilizing the attribute information of the network asset in different dimensions, wherein the attribute information for setting network equipment associated with the network asset in the network domain is presented by using different dimensions in the topological relation diagram;

if the conflict exists among the associated network asset information of different network devices in the topological relation diagram, carrying out association identification on the network asset information with the conflict;

and adjusting the associated network asset information of the conflict network equipment in the topological relation diagram according to the associated identification result.

According to a second aspect of the present application there is provided an identification device for a network asset, comprising:

the acquisition unit is used for acquiring login attribute information of the network equipment in the set network domain;

an identifying unit, configured to identify associated network asset information of a network device by using the login attribute information, and store the associated network asset information in a form of table data in a network layer;

and the processing unit is used for processing the associated network asset information in the form of table data into asset information associated with the network equipment in different attribute dimensions in a structuring processing mode.

Further, the acquiring unit is specifically configured to acquire network equipment in a set network domain, and receive network equipment information provided by a resource user, where the network equipment information includes equipment identification and equipment login information; and configuring the equipment login information by using a preset field, and combining the equipment identifier with the configured equipment login information to obtain login attribute information of the network equipment.

Further, the identification unit includes:

the establishing module is used for starting equipment login service by utilizing the login attribute information of the network equipment and establishing connection between the network resource and the network equipment by using a login protocol supported by the equipment login service;

the acquisition module is used for acquiring at least one protocol table information of network equipment communication on the basis of connection of network resources and the network equipment;

and the determining module is used for determining the associated network asset information of the network equipment according to at least one protocol table information communicated by the network equipment, and storing the associated network asset information into a network layer in the form of table data.

Further, the acquiring module is specifically configured to acquire a version identifier of the network device by executing an acquisition instruction of the device version on the basis that the network resource is connected with the network device; determining acquisition instructions of equipment resources matched with the network equipment from a pre-configured instruction library according to the version identification of the network equipment; and acquiring at least one protocol table information of network equipment communication by executing the acquisition instruction of the equipment resource.

The determining module is specifically configured to obtain original network asset information of network device communication by analyzing routing table information and link layer neighbor table information of the network device; and screening out the associated network asset information of the network equipment from the original network asset information communicated by the network equipment, and storing the associated network asset information into a network layer in the form of form data.

Further, the determining module is specifically further configured to verify, according to the original network asset information of the network communication device, a device identifier recorded in the original network asset information by using a remote scanning tool, and determine a communication state corresponding to the original network asset;

Further, the apparatus further comprises:

the construction unit is used for constructing a topological relation diagram of the network equipment in the set network domain by utilizing the attribute information of the network equipment in different dimensions after the related network asset information in the form of table data is processed into the asset information related to the network equipment in different attribute dimensions in a structuring processing mode, wherein the attribute information of the network equipment related to the network equipment in the set network domain is presented by using different dimensions in the topological relation diagram;

An authentication unit, configured to perform association authentication on network asset information with conflicts if conflicts exist between associated network asset information of different network devices in the topological relation diagram;

and the adjusting unit is used for adjusting the associated network asset information of the network equipment with conflict in the topological relation diagram according to the associated identification result.

According to a third aspect of the present application there is provided a computer device comprising a memory storing a computer program and a processor implementing the steps of the method of the first aspect described above when the computer program is executed by the processor.

According to a fourth aspect of the present application there is provided a readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of the first aspect described above.

By means of the technical scheme, compared with the method for manually reporting the network assets to identify the network assets in the prior art, the method, the device and the equipment for identifying the network assets provided by the application have the advantages that the login attribute information of the network equipment in the set network domain is obtained, the associated network asset information of the network equipment is identified by utilizing the login attribute information, the associated network asset information is stored in a network layer in a form of form data, the associated network asset information in the form of form data is processed into the asset information associated with the network equipment in different attribute dimensions in a structuring processing mode, the network asset information associated with the network equipment can be automatically identified by directly using the login attribute information in the whole process, the network asset does not need to be manually input, the accuracy of network asset identification is ensured, the unknown network assets and the known network assets in a computer network can be quickly and accurately found and identified after the network equipment is logged in, the perception capability of the computer assets in the internal network is improved, and the identification efficiency of the network assets is improved.

The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

FIG. 1 is a flow chart of a method of identifying network assets in an embodiment of the application;

FIG. 2 is a flow chart of step 101 of FIG. 1;

FIG. 3 is a flow chart of step 102 of FIG. 1;

FIG. 4 is a flow chart of a method of identifying network assets in another embodiment of the application;

FIG. 5 is a schematic diagram of a network asset identification device according to an embodiment of the present application;

fig. 6 is a schematic diagram of an apparatus structure of a computer device according to an embodiment of the present application.

Detailed Description

The present disclosure will now be discussed with reference to several exemplary embodiments. It should be understood that these embodiments are discussed only to enable those of ordinary skill in the art to better understand and thus practice the teachings of the present application, and are not meant to imply any limitation on the scope of the application.

As used herein, the term "comprising" and variants thereof are to be interpreted as meaning "including but not limited to" open-ended terms. The term "based on" is to be interpreted as "based at least in part on". The terms "one embodiment" and "an embodiment" are to be interpreted as "at least one embodiment. The term "another embodiment" is to be interpreted as "at least one other embodiment".

In order to solve the problem, the present embodiment provides a method for identifying network assets, as shown in fig. 1, where the method is applied to a server corresponding to a network asset identification system, and includes the following steps:

101. And acquiring login attribute information of the network equipment in the set network domain.

The set network domain may be a network range within a set area, for example, the network range is limited to an area of one room, is limited to an area of one square, or may be a network range within a set distance, for example, the set network range may be a circular area within a set radius range with the routing device as a network center point, and is not limited herein. The specific acquisition mode can be to collect and input login attribute information of the network equipment in the set network domain.

Typically, the network device may operate in a network environment, equivalent to a physical entity connected to a network, such as a host computer, a switch, a router, a firewall, a network printer, etc. In a network environment, each network device can be connected to a network in a certain mode, the connection mode can be wired connection or wireless connection, different types of network devices can select different connection modes, and finally an interconnected network is formed. As an implementation manner, the wired connection may use an ethernet networking structure, form a network through a hub, a switch and a router in a local network assembly manner, connect the network device with the host by using an optical fiber, connect the network device with the host by using WIFI in a wireless connection, connect all the networking devices through the wireless router in a smaller space, and form a wireless local area network by means of a wireless controller and an access point controller in a larger space, and connect the network device with the host.

In this embodiment, the login attribute information of the network device includes an IP of the network device and login information, where the IP of the network device is a protocol interconnected between networks and may be used as a unique identifier of the network device in a network environment, each network device may identify through the IP of the network device, and the login information is login authentication for a user of the network device, where the login authentication may protect account security of the user, and form an identity of the user, so as to prove that the user operation behavior is initiated by the user. As a method for obtaining login attribute information of network devices, network device information provided by a user in a set network range may be received, where the network device information records an IP address and login information of the network device, the IP address and login information of the network device are maintained in a database through a configuration method, and further login attribute information of each network device is obtained by combining, as another method for obtaining login attribute information of the network device, device identification information provided by the user may be used, where the device identification information may be an IP address, a port, an account name, etc., a core of the network device is a switch or a router, if the network device is a switch or a router, the network device is found in the set network range, other network devices mounted in the network environment by the switch or the router may be obtained, and if the network device is not a switch or a router, the network device cannot be obtained through the found method.

The execution main body of the embodiment can be a network asset identification device or equipment, and can be configured at a server corresponding to a network asset identification system, login attribute information of network equipment in a set network domain is acquired, login is performed by using the login attribute information, equipment resources associated with the network equipment are acquired after the network equipment is logged in, the network asset is identified according to the acquired equipment resources, the network asset is not required to be manually input, further, asset information associated with the network equipment is more accurately identified, and the identification efficiency of the network asset is improved.

102. And identifying the associated network asset information of the network equipment by utilizing the login attribute information, and storing the associated network asset information into a network layer in the form of table data.

In this embodiment, the login attribute information may be used to enable a login service of the network device, after the login service is connected, the network device may implement forwarding of a data packet on a communication path with other network devices through the switching device, and further query associated network asset information of the network device through a communication data resource recorded in the switching device, where the network asset information at least includes manufacturer, model and version information of the network device.

In an actual application scenario, network equipment in a network environment can forward data packets flowing through the network equipment by different nodes on a communication path, and common network equipment mainly comprises a switch and a router. Because the two network devices are usually located at different positions in the network topology, most of the time, the two network devices are not directly and physically connected, a communication path determined according to routing of a routing protocol is needed between the two network devices, the network layer protocol is responsible for enabling the data packet to be finally sent to the target network device, and logic communication between the different network devices can be achieved through the network layer protocol.

In the process of identifying the associated network assets of the network equipment, the table structure data of the network equipment, which relates to the network data packet forwarding function in the communication process, can be obtained by further analyzing the table structure data, so as to obtain the association relationship between the network equipment, and the associated network asset information of the network equipment can be identified according to the association relationship between the network equipment. The table structure data mainly comprises a forwarding table, an ARP table and a routing table, and specifically, a MAC address (Media Access Control Address ) is stored in the forwarding table and is used for confirming the address of the network device location. The address resolution protocol of the network device is stored in the ARP table, and runs in each network device to realize mapping from the IP address to the MAC address of the network device. The IP addresses of the network devices are stored in the routing table, which are addresses assigned to the respective network devices on the network, for recording path information of communications between different network segments.

In an actual application scenario, network equipment can be logged in through network login attribute information, equipment is identified, a routing table and link layer neighbor acquisition instruction is executed, an acquisition result of the acquisition instruction is analyzed, and associated network asset information, such as ip, mac and switch port information of the network asset, is collected.

In the forwarding table, each network device corresponds to a unique MAC address, after receiving a communication data frame, the network device records a source MAC address and a corresponding arrival port in the communication data frame in the MAC table, then the network device checks whether the network device has a matching entry of a destination MAC address in the data frame or not in the MAC table, if so, the network device forwards the communication data frame according to the corresponding port recorded in the MAC table, if not, the network device sends the communication data frame out of all other ports which are not the arrival ports, and the MAC address of the network device and the communication device resources of the network device can be determined by analyzing the forwarding table.

In the ARP table, the IP address and the MAC address of the network device are stored in a cache form, before the network device performs communication, whether the corresponding relation between the IP address and the MAC address of the target network device is recorded is checked through the ARP table, if so, the MAC address of the target network device is taken as a target MAC address to be packaged into a data frame, all information required by the data frame package is acquired without further operation, the data frame is packaged and sent to the target MAC address, if not, the network device sends an ARP request message, the requested target IP address is the IP address of the target network device, the target MAC address is a broadcast address of an MAC layer, and the source IP address and the MAC address are the IP address and the MAC address of the network device. The corresponding relation between the IP address and the MAC address of the network equipment and the communication equipment resources can be determined by analyzing the ARP table.

The information of different network segments is recorded in the routing table, some information recorded in the routing table needs to be manually added, and some information is automatically acquired through a routing protocol, and the routing table is continuously updated and maintained by periodically exchanging routing information with the adjacent router. The IP address of the network device and its communication device resources may be determined by parsing the routing table.

103. And processing the associated network asset information in the form of table data into asset information associated with the network equipment in different attribute dimensions through a structural processing mode.

It can be understood that the related network asset information in the form of table data can be identified through a probe form, and can acquire asset information of a target device communicating with the network device, and specific table records device attribute information and application attribute information of the target device, for example, IP survivability, port/service, operating system, traffic collection, alias resolution, application type and the like, while the related asset information in the form of table data does not have a complete attribute mapping relationship, and further, the related network asset information needs to be standardized by using an asset comparison mode to acquire asset information related to different attribute dimensions of the network device.

The asset attributes may be determined using an asset texture comparison approach in view of identifying that the associated network asset is a different type of network device. In an actual application scene, the identified related network asset information mainly comprises equipment components, application components, business type inference and the like, the network asset has differences in terms of protocol implementation, network application and the like, such as open port/service information, canner information, web page data and the like, the differences are subjected to feature extraction to obtain feature fingerprints of the network asset, a large number of network asset fingerprints are accumulated in a feature fingerprint library of the network asset, and attribute information of the related network asset can be identified through asset fingerprint comparison.

Compared with the method for manually reporting the network asset to identify the network asset in the prior art, the method for identifying the network asset provided by the embodiment of the application has the advantages that the login attribute information of the network device in the set network domain is obtained, the associated network asset information of the network device is identified by utilizing the login attribute information, the associated network asset information is stored in a network layer in the form of form data, the associated network asset information in the form of form data is processed into the asset information associated with the network device in different attribute dimensions in a structuring processing mode, the network asset information associated with the network device can be automatically identified by directly using the login attribute information in the whole process, the network asset is not required to be manually input, the accuracy of network asset identification is ensured, the unknown network asset and the known network asset in a computer network can be quickly and accurately found and identified after the network device is logged in, the perceptibility of the computer asset in the intranet is improved, and the identification efficiency of the network asset is improved.

Specifically, in the above embodiment, as shown in fig. 2, step 101 includes the steps of:

201. network equipment in a set network domain is obtained, and network equipment information provided by a resource user is received.

202. And configuring the equipment login information by using a preset field, and combining the equipment identifier with the configured equipment login information to obtain login attribute information of the network equipment.

In this embodiment, the network device in the network domain may be configured to be a network device in a network segment where a local area network is located, in the local area network, a resource user may access the network device to the local area network through a login account, in order to more accurately identify asset information associated with the network device in the local area network, a server corresponding to the network asset identification system may provide corresponding network device information by initiating an information acquisition request to the resource user, where the network device information includes a device identifier and device login information, the device identifier may include an identifier such as an IP address, an MAC address, a login user name of the network device, and the device login information may include information such as a login account number, a login password, and a login use protocol of the network device.

The preset field may be at least one field in the device login information, for example, one or more of a login account number, a login protocol, a login secret key, and the like, information with a login connection function in the device login information is configured as login connection fields through the preset field, each login connection field can realize a login service of the network device through a login program, and further, the device identifier and the login connection fields are combined to obtain login attribute information of the network device.

It should be noted that, considering that there may be a defect in the device login information, the default configuration may be performed on the defect item of the device login information by using a preset field, and the device identifier and the configured device login information may be combined to obtain login attribute information of the network device

By way of example, the login attribute information of the network device may include the following attribute fields, as shown in table 1 below:

table 1 login attribute information of network device

It can be understood that, considering different connection modes supported by different types of network devices, some network devices support protocol SSH to implement login service, and some network devices support Telnet protocol to implement login service, and for different types of network devices, the connection modes corresponding to the login connection fields are different, and can be specifically configured according to practical situations.

Further, by writing the program, the logging information of the network equipment is used for logging and managing, the terminal interaction environment of the network equipment is connected to through a logging protocol supported by the network equipment terminal, the display back data of the equipment are read, and the command zone bit for executing the beginning and ending of each command is determined.

Specifically, in the above embodiment, as shown in fig. 3, step 102 includes the following steps:

301. and starting the equipment login service by using the login attribute information of the network equipment, and establishing connection between the network resource and the network equipment by using a login protocol supported by the equipment login service.

302. At least one protocol table information of the network device communication is acquired on the basis of the connection of the network resource and the network device.

303. And determining associated network asset information of the network equipment according to at least one protocol table information communicated by the network equipment, and storing the associated network asset information into a network layer in the form of table data.

In general, for convenience of management, a device login service is configured on a network device, and according to different connection modes supported by different network devices, used login protocols are different, where the login protocols can support ssh, telnet, and the like, and further, the login protocols supported by the network device can be selected to establish connection between a network resource and the network device. For example, if the network device supports a Telnet protocol for logging in, connection between the network resource and the network device is established, and the device logging service supports Telnet, but all information in the Telnet protocol is transmitted in plain text, which has a certain potential safety hazard, if a safer Telnet mode is desired to be selected, the SSH protocol can be used for logging in, and the SSH encrypts the transmitted account password and data information, thereby greatly reducing the leakage risk.

Further, considering that the version identification of the network device is obtained by executing the collection instruction of the device version on the basis that the network resource is connected with the network device, then the collection instruction of the device resource matched with the network device is determined from a pre-configured instruction library according to the version identification of the network device, and at least one protocol table information of the network device communication is obtained by executing the collection instruction of the device resource.

As an implementation manner, obtaining at least one protocol table information of the network device communication includes obtaining routing table information and link layer neighbor table information of the network device communication, and correspondingly, obtaining original network asset information of the network device communication by analyzing the routing table information and the link layer neighbor table information of the network device, screening associated network asset information of the network device from the original network asset information of the network device communication, and storing the associated network asset information in a form of table data in a network layer.

In one embodiment, the device version acquisition instruction mainly includes a routing table acquisition instruction and a link layer neighbor acquisition instruction, after the instruction is executed, an acquisition result of the routing table and an acquisition result of the link layer neighbor are obtained respectively, each row in the acquisition result of the routing table is parsed, ip addresses, mac addresses and device port names are extracted through regular table matching, each row in the routing table is parsed and identified as one piece of surviving network asset information, all management ip addresses are preferentially extracted for the acquisition result of the link layer neighbor, then the result is segmented according to the management ip addresses, each section is identified as one device asset, vendor, mac and model analysis extraction are performed for each section of content, and finally the acquisition result of the routing table and the acquisition result of the link layer neighbor are combined to obtain the network asset information as the original network asset information.

Specifically, the device routing table collection instruction, such as cisco device, may be executed first: the showmap is read, then the instruction result is read, the routing table is analyzed, each ip information which is analyzed and proposed is identified as an associated asset, in addition, the mac address of the associated asset, the port information of a communication exchanger and vlan information are extracted at the same time in the analysis process, and finally the associated network asset information in the routing table is collected; and executing device link layer neighbor acquisition instructions, such as cisco devices: and in addition, the mac address of the associated asset is extracted simultaneously in the analysis process, and finally the associated network asset information in the link layer neighborhood is collected.

Further, in order to enhance and identify the identified related network asset information, as an implementation manner of screening the related network asset information of the network device from the original network asset information of the network device communication, the device identifier recorded in the original network asset information may be verified by using a remote scanning tool according to the original network asset information of the network communication device, so as to determine a communication state corresponding to the original network asset, if the communication state corresponding to the original network asset is a connection, the original network asset information is used as the related network asset information of the network device, and the related network asset information is stored in a form of table data in a network layer. The communication state may be represented by whether the network device is connected, and it can be determined whether the IP address of the associated network device is in a surviving state, if the communication state is connected, it indicates that the IP address of the associated network device is in a surviving state, otherwise, it indicates that the IP address of the associated network device is disconnected, and is not in a surviving state.

In one embodiment, remote scanning and identification are performed on an asset ip obtained by executing a link table and link layer neighbor acquisition instruction by using a remote scanning tool such as nmap, and the like, so as to perfect asset attribute information, including obtaining the survival state, the asset manufacturer, the model, the operating system version number, and the like of the asset.

It can be understood that the remote scanning tool can be used for scanning the original network asset information by means of a probe, so as to detect the information of an open port, service, operating system and the like of an online network device machine in a target range, and the original network asset information with coarse granularity acquired by login acquisition is scanned and identified in a remote scanning mode, so that the information of the survival state, manufacturer, operating system and the like of the asset can be further supplemented and perfected. The data packet can be actively sent for scanning to obtain the network address, the system open port and the service type of the network asset information, and the type, the operating system, the manufacturer information and the like of each network asset are determined according to the fingerprint database built in the system, so that the associated network asset information of the network device is obtained.

Further, in the above embodiment, as shown in fig. 4, after step 103, the method further includes:

401. And constructing a topological relation diagram for setting network equipment in the network domain by utilizing the attribute information of the network assets in different dimensions.

402. If the conflict exists among the associated network asset information of different network devices in the topological relation diagram, carrying out association identification on the network asset information with the conflict.

403. And adjusting the associated network asset information of the conflict network equipment in the topological relation diagram according to the associated identification result.

The topology relation graph uses different dimensions to present attribute information of network equipment associated network assets in a set network domain, and can sort and summarize connection relations among the identified network assets, mainly network equipment and actual running states through a certain means to obtain communication connection relations among all network equipment in the set network domain.

According to the embodiment of the invention, the host equipment carried by the network equipment and the adjacent network equipment are acquired through logging in the account information of the network equipment, the asset information related to each network equipment in different attribute dimensions is determined and identified, the asset information related to all the network equipment in the network domain in different attribute dimensions is further summarized and set, the asset topology information is drawn, and specifically, the topology relation diagram of the network equipment in the set network domain can be constructed according to the connection relation of the network equipment by comparing the connection relation of each network equipment in the set network domain.

It may be appreciated that, considering that a plurality of network devices may be associated in the communication process by a network device, so that a conflict exists between associated asset information, which is not beneficial to building a topological relation diagram, in the case of the topological relation diagram, association authentication may be performed on the conflicting network assets, so as to confirm that the network devices directly connected to the associated network devices, for example, switch a and switch B both detect the same host, then association authentication is performed on the host, and the first switch directly connected to the host is confirmed.

Further, as a specific implementation of the method of fig. 1-4, an embodiment of the present application provides a device for identifying a network asset, as shown in fig. 5, where the device includes: an acquisition unit 51, an identification unit 51, a processing unit 53.

An obtaining unit 51, configured to obtain login attribute information of a network device in a set network domain;

an identifying unit 52, configured to identify associated network asset information of a network device by using the login attribute information, and store the associated network asset information in a form of table data in a network layer;

the processing unit 53 is configured to process the associated network asset information in the form of table data into asset information associated with the network device in different attribute dimensions through a structured processing manner.

Compared with the method of manually reporting the network asset to identify the network asset in the prior art, the network asset identification device provided by the embodiment of the application has the advantages that the login attribute information of the network device in the set network domain is obtained, the associated network asset information of the network device is identified by utilizing the login attribute information, the associated network asset information is stored in a network layer in the form of form data, the associated network asset information in the form of form data is processed into the asset information associated with the network device in different attribute dimensions in a structuring processing mode, the network asset information associated with the network device can be automatically identified by directly using the login attribute information in the whole process, the network asset identification accuracy is ensured without manually inputting the network asset, the unknown network asset and the known network asset in a computer network can be quickly and accurately found and identified after the network device is logged in, the perception capability of the computer asset in the intranet is improved, and the identification efficiency of the network asset is improved.

In a specific application scenario, the acquiring unit is specifically configured to acquire network equipment in a set network domain, and receive network equipment information provided by a resource user, where the network equipment information includes equipment identification and equipment login information; and configuring the equipment login information by using a preset field, and combining the equipment identifier with the configured equipment login information to obtain login attribute information of the network equipment.

In a specific application scenario, the identification unit includes:

In a specific application scenario, the acquiring module is specifically configured to acquire a version identifier of the network device by executing an acquisition instruction of the device version on the basis that the network resource is connected with the network device; determining acquisition instructions of equipment resources matched with the network equipment from a pre-configured instruction library according to the version identification of the network equipment; and acquiring at least one protocol table information of network equipment communication by executing the acquisition instruction of the equipment resource.

In a specific application scenario, the obtaining at least one protocol table information of the network device communication includes obtaining routing table information and link layer neighbor table information of the network device communication;

In a specific application scenario, the determining module is specifically further configured to verify, according to the original network asset information of the network communication device, a device identifier recorded in the original network asset information by using a remote scanning tool, and determine a communication state corresponding to the original network asset;

In a specific application scenario, the apparatus further includes:

It should be noted that, for other corresponding descriptions of each functional unit related to the network asset identification apparatus provided in this embodiment, reference may be made to corresponding descriptions in fig. 1 to fig. 4, and details are not repeated here.

Based on the above method shown in fig. 1-4, correspondingly, the embodiment of the present application further provides a storage medium, on which a computer program is stored, which when executed by a processor, implements the above method for identifying network assets shown in fig. 1-4.

Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.), and includes several instructions for causing a computer device (may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective implementation scenario of the present application.

Based on the method shown in fig. 1-4 and the virtual device embodiment shown in fig. 5, in order to achieve the above objective, the embodiment of the present application further provides an entity device for identifying a network asset, which may specifically be a computer, a smart phone, a tablet computer, a smart watch, a server, or a network device, where the entity device includes a storage medium and a processor; a storage medium storing a computer program; a processor for executing a computer program to implement the method of identifying network assets as described above and illustrated in fig. 1-4.

Optionally, the physical device may further include a user interface, a network interface, a camera, radio Frequency (RF) circuitry, sensors, audio circuitry, WI-FI modules, and the like. The user interface may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), etc., and the optional user interface may also include a USB interface, a card reader interface, etc. The network interface may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), etc.

In an exemplary embodiment, referring to fig. 6, the entity device includes a communication bus, a processor, a memory, a communication interface, an input/output interface, and a display device, where each functional unit may perform communication with each other through the bus. The memory stores a computer program and a processor for executing the program stored on the memory to perform the network asset identification method of the above embodiment.

It will be appreciated by those skilled in the art that the identified entity device structure of a network asset provided in this embodiment is not limited to this entity device, and may include more or fewer components, or may combine certain components, or may be a different arrangement of components.

The storage medium may also include an operating system, a network communication module. The operating system is a program that manages the identified physical device hardware and software resources of the network assets described above, supporting the execution of information handling programs and other software and/or programs. The network communication module is used for realizing communication among all components in the storage medium and communication with other hardware and software in the information processing entity equipment.

From the above description of the embodiments, it will be apparent to those skilled in the art that the present application may be implemented by means of software plus necessary general hardware platforms, or may be implemented by hardware. By applying the technical scheme of the application, compared with the existing mode, the application can automatically identify the network asset information associated with the network equipment directly by using the login attribute information, does not need to manually input the network asset, ensures the accuracy of network asset identification, can quickly and accurately discover and identify the unknown network asset and the known network asset in the computer network after the network equipment logs in, improves the perceptibility of the computer asset in the intranet, and improves the identification efficiency of the network asset.

Those skilled in the art will appreciate that the drawing is merely a schematic illustration of a preferred implementation scenario and that the modules or flows in the drawing are not necessarily required to practice the application. Those skilled in the art will appreciate that modules in an apparatus in an implementation scenario may be distributed in an apparatus in an implementation scenario according to an implementation scenario description, or that corresponding changes may be located in one or more apparatuses different from the implementation scenario. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.

The above-mentioned inventive sequence numbers are merely for description and do not represent advantages or disadvantages of the implementation scenario. The foregoing disclosure is merely illustrative of some embodiments of the application, and the application is not limited thereto, as modifications may be made by those skilled in the art without departing from the scope of the application.

Claims

1. A method for identifying a network asset, comprising:

identifying associated network asset information of network equipment by using the login attribute information, storing the associated network asset information in a network layer in the form of table data, and specifically, analyzing the table structure data to obtain the association relationship between the network equipment by acquiring the table structure data of the network equipment, which relates to a network data packet forwarding function in the communication process, and identifying the associated network asset information of the network equipment according to the association relationship between the network equipment;

2. The method according to claim 1, wherein the obtaining login attribute information of the network device in the set network domain specifically includes:

3. The method according to claim 1, wherein the identifying the associated network asset information of the network device by using the login attribute information, and storing the associated network asset information in a form of table data in a network layer, specifically comprises:

4. A method according to claim 3, wherein the obtaining at least one protocol table information of the network device communication based on the connection between the network resource and the network device specifically comprises:

5. The method of claim 3, wherein the obtaining at least one protocol table information for network device communications comprises obtaining routing table information and link layer neighbor table information for network device communications;

6. The method according to claim 5, wherein the screening the associated network asset information of the network device from the original network asset information communicated by the network device, and storing the associated network asset information in the form of table data in a network layer, specifically comprises:

7. The method of any of claims 1-6, wherein after the processing of the associated network asset information in tabular data form into asset information associated with the network device in different attribute dimensions by a structured process, the method further comprises:

8. An apparatus for identifying a network asset, comprising:

the identification unit is used for identifying the associated network asset information of the network equipment by utilizing the login attribute information, storing the associated network asset information into a network layer in the form of table data, and specifically, analyzing the table structure data to obtain the association relationship between the network equipment by acquiring the table structure data of the network equipment, which relates to a network data packet forwarding function in the communication process, and identifying the associated network asset information of the network equipment according to the association relationship between the network equipment;

9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the network asset identification method of any of claims 1 to 7.

10. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor realizes the steps of the network asset identification method of any of claims 1 to 7.