CN116760571A - Asset identification method, device, electronic equipment and storage medium - Google Patents

Asset identification method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116760571A
CN116760571A CN202310574257.7A CN202310574257A CN116760571A CN 116760571 A CN116760571 A CN 116760571A CN 202310574257 A CN202310574257 A CN 202310574257A CN 116760571 A CN116760571 A CN 116760571A
Authority
CN
China
Prior art keywords
asset
identification information
asset identification
network segment
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310574257.7A
Other languages
Chinese (zh)
Inventor
张靖雯
叶盛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qax Technology Group Inc
Original Assignee
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qax Technology Group Inc filed Critical Qax Technology Group Inc
Priority to CN202310574257.7A priority Critical patent/CN116760571A/en
Publication of CN116760571A publication Critical patent/CN116760571A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/695Types of network addresses using masks or ranges of addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application provides an asset identification method, an asset identification device, electronic equipment and a storage medium, and relates to the technical field of information security. According to the method, the assets in the network are identified according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses, so that the assets can be accurately identified in a mode for the scene of IP address overlapping under different network segments.

Description

Asset identification method, device, electronic equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to an asset identification method, an apparatus, an electronic device, and a storage medium.
Background
In the risk assessment work, important factors of risks are centered on the asset, and threats, vulnerabilities and risks exist objectively for the asset. Threat exploits the vulnerability of the asset itself, making possible the occurrence of security events, thus creating a security risk. Over the years, the evolution of security situations and the development of security concepts have led to the realization that asset security is the basis of all security in enterprise security operation management, and thus asset identification is particularly important.
At present, the identification of the assets is mainly based on the IP address, but in practical application, the situation that the IP addresses overlap exists in the network is likely to cause false identification based on the IP address under the scene, and the accuracy is low.
Disclosure of Invention
The embodiment of the application aims to provide an asset identification method, an asset identification device, electronic equipment and a storage medium, which are used for solving the problem of low accuracy of an asset identification mode in the prior art.
In a first aspect, an embodiment of the present application provides an asset identification method, including:
acquiring a plurality of asset identification information, wherein each asset identification information comprises an IP address and a network segment identifier corresponding to the IP address;
and identifying the assets in the network according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses.
In the implementation process, the assets in the network are identified according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses, so that the assets can be accurately identified in the mode for the scene of overlapping IP addresses under different network segments.
Optionally, the asset identification information further includes asset information, and the identifying the asset in the network according to the IP address in the plurality of asset identification information and the network segment identifier corresponding to the IP address includes:
if the plurality of asset identification information has different IP addresses in at least two asset identification information and network segment identifiers corresponding to the IP addresses and the asset information is the same, determining that the assets corresponding to the at least two asset identification information are the same asset, wherein the asset information is attribute information for representing the uniqueness of the asset.
In the implementation process, the asset information of the same asset can be combined to accurately identify the asset under the condition that the same asset is in different network segments.
Optionally, the identifying the asset in the network according to the IP address in the plurality of asset identification information and the network segment identifier corresponding to the IP address includes:
and if the IP addresses in the at least two asset identification information and the network segment identifications corresponding to the IP addresses are the same in the plurality of asset identification information, determining that the assets corresponding to the at least two asset identification information are the same asset. Thus, the identification of the asset with overlapped IP addresses under different network segments can be realized.
Optionally, the acquiring the plurality of asset identification information includes:
acquiring IP addresses of the assets collected by each collecting device deployed in the network;
determining network segment identifiers configured for the acquisition equipment, wherein each network segment identifier corresponds to a preset IP address network segment;
and generating corresponding asset identification information based on the IP address and the corresponding network segment identification.
In the implementation process, the corresponding network segment identifiers are configured for each acquisition device, so that the asset identification information of the IP address and the network segment identifiers can be directly generated, and the distinction of the repeated IP addresses under different network segments is realized.
Optionally, the acquiring the plurality of asset identification information includes:
and acquiring asset identification information from each acquisition device deployed in the network, wherein network segment identifiers corresponding to IP addresses in the asset identification information are added for the acquisition devices.
In the implementation process, the network segment identification is added through the acquisition equipment, so that the identification equipment only needs to acquire the asset identification information to carry out identification, and the identification efficiency is improved.
Optionally, the method further comprises:
if two different asset identification information are identified to belong to different assets, and the two different asset identification information are currently identified to belong to the same asset, conflict judgment is carried out on the identification result.
In the implementation process, when the asset identification conflicts, conflict judgment is carried out so as to improve the accuracy of the asset identification.
Optionally, the performing conflict judgment on the identification result includes:
and taking the identification result of the two different asset identification information currently identified belonging to the same asset as a final identification result.
In the implementation process, conflict judgment is carried out on the identification result, and a final identification result is obtained, so that the problem that the same asset is identified as different assets is avoided.
In a second aspect, an embodiment of the present application provides an asset identification apparatus, the apparatus including:
the information acquisition module is used for acquiring a plurality of asset identification information, wherein each asset identification information comprises an IP address and a network segment identifier corresponding to the IP address;
and the asset identification module is used for identifying the asset in the network according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses.
In a third aspect, an embodiment of the present application provides an electronic device comprising a processor and a memory storing computer readable instructions which, when executed by the processor, perform the steps of the method as provided in the first aspect above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method as provided in the first aspect above.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an asset identification method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of asset identification information collected by a collection device according to an embodiment of the present application;
FIG. 3 is a schematic diagram of asset identification information generation according to an embodiment of the present application;
FIG. 4 is a block diagram of an asset identification device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device for performing an asset identification method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be noted that the terms "system" and "network" in embodiments of the present application may be used interchangeably. "plurality" means two or more, and "plurality" may also be understood as "at least two" in this embodiment of the present application. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/", unless otherwise specified, generally indicates that the associated object is an "or" relationship.
The embodiment of the application provides an asset identification method, which is used for identifying assets in a network according to IP addresses in asset identification information and network segment identifications corresponding to the IP addresses, so that the assets can be accurately identified in a mode for scenes with overlapping IP addresses in different network segments.
Referring to fig. 1, fig. 1 is a flowchart of an asset identification method according to an embodiment of the present application, where the method includes the following steps:
step S110: a plurality of asset identification information is obtained.
The execution subject of the method in the embodiment of the application is an identification device, which can acquire asset identification information of each asset in the network, and because some acquired asset identification information possibly belongs to the same asset, in order to uniquely identify the assets, the acquired asset identification information comprises an IP address and a network segment identifier corresponding to the IP address.
The network segment identifier refers to an identifier corresponding to a network segment to which the IP address belongs, and the identifier may be an identifier added to the IP address after the identification device acquires the IP address, or the identifier may be an identifier that carries the corresponding network segment identifier in the IP address acquired by the identification device.
Step S120: and identifying the assets in the network according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses.
The plurality of asset identification information may be part of asset identification information acquired by the identification device at the current moment, and may not be asset identification information of all the assets in the network. Of course, the plurality of asset identification information may be asset identification information of all the assets currently available.
In the identification, if the IP addresses in at least two asset identification information in the plurality of asset identification information and the network segment identifications corresponding to the IP addresses are the same, determining that the assets corresponding to the at least two asset identification information are the same asset. The same means that the IP addresses are the same, and the network segment identifications corresponding to the IP addresses are the same, that is, the same asset identification information is identified as asset identification information corresponding to the same asset, and if different asset identification information exists, the same asset identification information is identified as one asset.
For example, if 10 pieces of asset identification information are obtained in total, 2 pieces of asset identification information being identical, the two pieces of asset identification information are identified as the same asset, and the other 8 pieces of asset identification information are different, 8 different assets are identified, that is, 9 pieces of assets are identified in total.
For the 9 assets, it is also possible that the asset identification information has been previously acquired for identification, so the 9 assets may also be compared with the identified assets, where the comparison is also of asset identification information, for example, the asset identification information of the 9 assets and the asset identification information of the identified assets are compared, if the comparison is the same, they are combined into the identified assets, if not the same, they are indicated as newly added assets, and they may be added to the asset list. Therefore, the assets in the network can be counted, and the newly added assets can be known in time conveniently.
In the implementation process, the assets in the network are identified according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses, so that the assets can be accurately identified in the mode for the scene of overlapping IP addresses under different network segments.
On the basis of the above embodiments, a plurality of acquisition devices may be deployed in the network, and these acquisition devices may be used to acquire asset identification information of assets in the network, and the acquisition devices may be information scanning devices, for example. In some scenarios, an asset in a network, such as a gateway, proxy, etc., that may have multiple IP addresses for one asset device, belonging to one or more network segments, i.e., multiple IP addresses for the same device may belong to different network segments, for which the same asset may be identified as multiple different assets if the asset is identified based solely on the IP address and the network segment identification.
In order to identify the asset in such a scenario, the asset identification information may further include asset information, where the asset information may be attribute information for characterizing the uniqueness of the asset, such as device information of the asset, and when identifying, if the IP addresses and network segment identifications corresponding to the IP addresses in at least two asset identification information in the plurality of asset identification information are different and the asset information is the same, it may be determined that the asset corresponding to the at least two asset identification information is the same asset.
In some embodiments, asset information may refer to information of the asset itself, such as a device serial number, etc., in which case the same asset may be considered if the device serial numbers are the same, even though the IP addresses and their corresponding network segment identifications are different. However, in many cases, the acquisition device cannot acquire the device serial number, so that the asset identification can be performed based on the IP address and the network segment identification, and if the acquired asset identification information contains asset information, the asset identification information can be combined to identify the asset. At this time, if the asset information in the two asset identification information is the same, the two asset identification information may originate from the same acquisition device or may originate from different acquisition devices.
In other embodiments, the asset information may refer to information that the asset presents externally, such as a client number, where the client numbers that the asset presents for the collection devices of different manufacturers may be different, that is, the asset information collected by the collection devices of different manufacturers may be different, and the asset information obtained by the same collection device for different assets may be different, and the asset information obtained by the same collection device for the same asset may be the same, where the attribute information that characterizes the uniqueness of the asset may be understood as unique for the same collection device. At this time, if asset information in the two asset identification information is the same, the two asset identification information originate from the same acquisition device.
For the case that the asset information is a client number, the collecting device generally obtains the asset information through a proxy service mode, namely, the collecting device scans asset identification information of the asset through proxy services according to proxy services of different factories, the proxy service generates a client number based on the asset and then sends the client number to the collecting device together, and at the moment, the collecting device can collect the asset identification information to contain the asset information. Of course, for situations where proxy services are not deployed and other situations, the acquisition device cannot acquire asset information in most cases, so asset identification is performed mainly based on the IP address and the network segment identifier.
For example, as shown in fig. 2, the collecting device 1 (shown as a collecting source 1 in the drawing) can collect two IP addresses, 10.10.2.35 and 192.168.1.68, on the device 1, where the two IP addresses belong to different network segments, namely a network segment a and a network segment C, and in order to distinguish the two asset identification information, the two IP addresses are added with the network segment identification to form asset identification information respectively 10.10.2.35A and 192.168.1.68C.
At this time, when the collection device 1 collects two IP addresses of the device 1 through the proxy, the device 1 may attach asset information of the device 1 to the collection device when sending the IP addresses to the collection device, where the asset information may include the client number, and the device 1 transmits the asset information to the collection device 1 through the proxy, so that for the proxy of different manufacturers, it generates unique asset information, so that for the device 1, the asset information acquired by different collection devices may be different, depending on the proxy service deployed on the device 1, and the proxy service is related to the collection device, so that it is possible that the asset information acquired by different collection devices to the same device is different.
Therefore, if the acquisition device 1 acquires two IP addresses of the device 1, and the two IP addresses belong to different network segments, and the acquired asset information corresponding to the two IP addresses is the same, it can be said that the two asset identification information belong to the same asset.
In fig. 2, the collecting device 2 (shown as the collecting source 2 in the drawing) may collect two IP addresses, 10.20.22.33 and 192.168.1.68 respectively, on the device 2 through the proxy, and after adding network segment identifiers to the two IP addresses, the generated asset identification information includes 10.20.22.23B and 192.168.1.68D.
When the collecting device 2 receives the IP address sent by the device 2, the device 2 will send the asset information to the collecting device 2 by proxy, so that the two asset identification information are the same although the IP address and the network segment identification are different, and therefore the two asset identification information can be considered to belong to the same asset, namely, 10.20.22.23B and 192.168.1.68D are considered to be the asset identification information corresponding to the device 1.
The identification device, after acquiring the asset identification information of the acquisition device 1 and the acquisition device 2, though the IP addresses (192.168.1.68) in the two asset identification information are the same, but the network segment identifiers are different, can be considered to belong to different assets, so that the asset identification of the repeated IP of different network segments can be realized through the network segment identifiers.
In addition, in practical applications, the asset identification information of the same asset may be collected by different collection devices, for example, for the network segment C of the device 1, it may also be collected by the collection device 3, and the asset identification information collected by the collection device 3 at this time is 192.168.1.68C, so that the asset identification information is already identified as the asset identification information of the device 1 through the above identification, so that if the asset identification information collected by the collection device 3 is obtained, the asset identification information is identified and then is confirmed as the asset identification information of the device 1. And by matching the IP address and the network segment identification, it is found that it is identical to the asset identification information of the device 1 (i.e., the IP address and the network segment identification are identical), and at this time, even if the asset information is different, it can be regarded as the same asset.
In other embodiments, the asset information may also include location information of the asset, such as coordinate information of the asset, so that the asset may be further identified in conjunction with the location information during subsequent identification, such as when the coordinate information is the same, and other asset identification information is the same, the same asset may be determined. Alternatively, for example, the IP addresses are different and the network segment identifiers are different as described above, but if the coordinate information is the same, it may be considered as the same asset, and of course, each asset corresponds to unique coordinate information here. Thus, accurate identification of the asset can be achieved.
In the implementation process, the asset information of the same asset can be combined to accurately identify the asset under the condition that the same asset is in different network segments.
On the basis of the above embodiment, in the manner of acquiring the plurality of asset identification information, the identification device may acquire the IP address of the asset acquired by the identification device from each acquisition device deployed in the network, determine the network segment identifier configured for each acquisition device, each network segment identifier corresponds to a preset IP address network segment, and then generate the corresponding asset identification information based on the IP address and the corresponding network segment identifier.
For example, the identification device collects related information of each collection device in advance, such as a network segment range that can be collected by each collection device, and then configures a network segment identifier for each collection device based on the network segment range that can be collected by the collection device. For example, in the example of fig. 2 described above, the segments configuring acquisition device 1 are identified as segment a and segment C, and the segments configuring acquisition device 2 are identified as segment B and segment D. In this embodiment, the collecting device only collects the IP address of the asset and transmits the IP address to the identifying device, the identifying device obtains a plurality of IP addresses from each collecting device, after the identifying device obtains the plurality of IP addresses, based on the collecting device from which the IP address originates, obtains the network segment identifier configured for the collecting device, then determines the network segment identifier to which each IP address belongs according to the correspondence between the network segment identifier and the network segment of the IP address, and then generates asset identification information based on the IP address and the corresponding network segment identifier. When determining the network segment identifier to which the IP address belongs, the determination may be based on the network segment range to which the IP address belongs (i.e., the IP address network segment). If the identification device acquires two IP addresses sent by the acquisition device 1, and the identification device configures a network segment range of the acquisition device 1, the network segment identifier corresponding to each IP address can be determined based on the network segment range to which the IP address belongs.
As shown in fig. 3, a network segment a and a network segment C are configured for an acquisition device 1 (shown as an acquisition source 1 in the figure), the IP addresses of the acquired device 1 (shown as an asset 1 in the figure) include 10.10.2.35 and 192.168.1.68, when asset identification information is generated, corresponding network segment identifiers are added to the corresponding IP addresses, and the obtained asset identification information includes 10.10.2.35A and 192.168.1.68C. Similarly, a network segment B and a network segment D are configured for the collecting device 2 (shown as a collecting source 2 in the figure), the IP address of the collecting device 2 (shown as an asset 2 in the figure) includes 10.20.22.33 and 192.168.1.68, when asset identification information is generated, the corresponding IP address is added with the corresponding network segment identifier, and the obtained asset identification information includes 10.20.22.33B and 192.168.1.68D.
In practical application, the network segment identifier may be carried by the IP address acquired by the identifying device, for example, the cloud platform is attached with the cloud identifier to which the cloud platform belongs, and the cloud identifier at this time may be used as the network segment identifier, so the identifying device may first determine whether the IP address carries the network segment identifier after acquiring the IP address, if not, add the network segment identifier to the IP address according to the above manner, and if so, directly identify the asset according to the IP address and the network segment identifier carried by the IP address.
In the implementation process, the network segment range is pre-configured, and the network segment range which can be acquired is configured for each acquisition device, so that which network segment the IP belongs to can be determined according to the network segment range to which the acquired IP address belongs, the corresponding network segment identification is further determined, and the asset identification information of the IP address and the network segment identification is generated, so that the asset unique identification when the IP address ranges of a plurality of network segments overlap is realized based on the matching of the asset identification information.
On the basis of the above embodiment, in the manner of acquiring the plurality of asset identification information, the asset identification information may also be acquired from each acquisition device deployed in the network, where the network segment identifier corresponding to the IP address in the asset identification information is added to the acquisition device.
In this embodiment, the collecting device has the capability of adding the network segment identifier, for example, the collecting device is configured with the network segment range that can be collected by the collecting device in advance, so that after the collecting device collects the IP address of the asset, the collecting device can also determine the network segment identifier corresponding to the IP address according to the network segment range to which the IP address belongs, then adds the IP address with the corresponding network segment identifier, generates the asset identification information, and can send the generated asset identification information to the identifying device or be actively obtained by the identifying device.
In the implementation process, the network segment identification is added through the acquisition equipment, so that the identification equipment only needs to acquire the asset identification information to carry out identification, and the identification efficiency is improved.
On the basis of the above-described embodiment, since the asset identification information collected by different collection devices is limited, that is, the collected asset identification information is not comprehensive, it is likely that the asset identification information belonging to the same asset is determined as the information of different assets at the time of identification. Therefore, in order to avoid such a problem of misidentification, it is also possible to perform conflict judgment for the case where there is a conflict in asset identification, if two different asset identification information are already identified as belonging to different assets, and if it is currently identified that the two different asset identification information belong to the same asset, then conflict judgment is performed for the identification result.
For example, in the history recognition result, there is an asset recognition information 1 corresponding to an asset a, an asset recognition information 2 corresponding to an asset B, the two asset recognition information being acquired by different acquisition devices, and then the asset recognition information 1 and the asset recognition information 2 are acquired by the same acquisition device (of course, it is also possible that not only the asset recognition information 1 and the asset recognition information 2, but also the asset recognition information 1 and/or the asset recognition information 2 may be included), and the two asset recognition information are identified by the acquisition device as the same asset, for example, as the asset 2, then there is an asset conflict when the asset recognition is performed at this time.
When conflict judgment is carried out, the recognition device can be configured by default to consider that the confidence of the two different asset recognition information belongs to the same asset is higher, so that the recognition result that the two different asset recognition information currently recognized belongs to the same asset can be directly used as a final recognition result, the final recognition result is stored, and the rest recognition results are deleted from the historical recognition results so as to facilitate subsequent recognition.
Or, the conflict judgment may be performed according to the number of the identification results, for example, in the three identification results, the currently obtained asset identification information is matched in the history identification results through the asset identification information (IP address+network segment identification), so as to find two identification results, at this time, one of the two identification results is identified as asset 1, one is identified as asset 2, the current identification result is asset 2, at this time, two identification results are all asset 2, and only 1 identification result of asset 1 is obtained, and according to a few voting rules obeying most, the identification result of asset 2 is identified as the final identification result.
Alternatively, the three recognition results may be output to a manager, and the manager makes a manual decision on the recognition results, and then stores the recognition results obtained by the manual decision as final recognition results.
On the basis of the above embodiment, in order to realize quick identification of the asset, after the asset identification information is obtained, the asset identification information may be generated into a hash value, then whether the hash value identical to the hash value exists is searched from the history identification result, if so, merging identification of the asset is directly performed, that is, merging the asset into the identified asset, and if not, identifying the asset as a new asset, and then storing the new asset in the history identification result.
On the basis of the above embodiment, in the manner of acquiring the plurality of asset identification information, the plurality of asset identification information may also be acquired from the constructed first information queue, where the newly acquired asset identification information acquired from each acquisition device deployed in the network is stored in the first information queue, and after asset identification is performed using the plurality of asset identification information, the plurality of asset identification information may be stored in the constructed second information queue.
It will be appreciated that the first information queue herein may refer to a queue for storing newly acquired asset identification information and the second information queue may refer to a queue for storing historical asset identification information. Since the assets in the network do not necessarily change in real time, if asset identification information of all the assets in the network is periodically acquired to be identified, there is a problem that a plurality of acquired asset identification information may be repeated with the asset identification information that has been acquired previously, and thus two information queues may be employed to store newly acquired asset identification information and acquired asset identification information, respectively.
In order to avoid repeated identification, the asset identification information newly acquired by each acquisition device can be stored in the first information queue, and then a plurality of asset identification information is acquired from the first information queue for identification, so that the problem that all acquired asset identification information is completely re-identified by the identification device each time can be avoided.
In order to further improve the identification efficiency, after a plurality of asset identification information is acquired from the first information queue, the asset identification information is compared with the asset identification information in the second information queue, the same asset identification information is screened out, and then the remaining asset identification information different from the asset identification information in the second information queue is subjected to asset identification, so that the problem of repeated identification of the same asset identification information can be effectively reduced.
In the implementation process, the two information queues are used for respectively storing the new asset identification information and the historical asset identification information, so that the problem of resource waste caused by repeated identification of the same asset identification information when the asset identification information is identified can be avoided.
On the basis of the above embodiment, in order to improve the efficiency of collecting the asset identification information, the asset scanning task may be further obtained from the task queue, where the asset scanning task includes scanning a network segment range, and then, in response to executing the asset scanning task, issuing the asset scanning task to the collecting device in the corresponding scanning network segment range, so as to instruct the collecting device to collect the asset identification information in the corresponding network segment.
Because the assets in the network are not changed at any time, and new assets can be added after a certain time, the identification equipment does not need to instruct the acquisition equipment to acquire comprehensive asset identification information in real time, and resource waste is avoided. Therefore, a task queue can be set, a plurality of asset scanning tasks are stored in the task queue, the scanning network segment range corresponding to each asset scanning task can be different, so that the identification equipment can acquire one asset scanning task from the task queue periodically to execute, and the corresponding scanning network segment range is configured for each acquisition equipment in the identification equipment, so that after the identification equipment acquires one asset scanning task in the task queue, the identification equipment can find the corresponding acquisition equipment according to the scanning network segment range in the asset scanning task, and then the asset scanning task can be issued to the corresponding acquisition equipment to instruct the acquisition equipment to acquire asset identification information in the scanning network segment range, namely, acquire the asset identification information of the asset in the scanning network segment range. The identification equipment performs asset identification after acquiring the capital information, then acquires the next asset scanning task from the task queue for execution after a period of time, so that the asynchronous identification is performed on the assets in the network, the asynchronous scanning of the assets is realized, the problem of repeated acquisition of the same asset identification information can be effectively reduced, and the scanning speed is high and the accuracy is higher.
Or the identification equipment can also acquire asset scanning tasks in the task queue respectively, then execute each asset scanning task, at the moment, the acquisition equipment indicated by each asset scanning task is different, and the respective execution is not affected, so that the efficiency of acquiring the asset identification information can also be improved.
In other embodiments, since the identification device is configured with a network segment range that can be acquired by each acquisition device, the asset scanning task may include a scanning target, that is, the scanning target refers to an acquisition device, so that the identification device may directly determine the corresponding acquisition device based on the asset scanning task, and then issue the scanning task to the acquisition device.
In the implementation process, the asset scanning task is acquired from the task queue, so that the asset scanning task can be issued to the acquisition equipment in different network segment ranges each time, asynchronous acquisition of the asset identification information can be realized through the task queue, and the information acquisition efficiency is improved.
In some embodiments, in a manner of acquiring the plurality of asset identification information, the identification device may further periodically send an asset detection message to the acquisition device, where the asset detection message is used to instruct the acquisition device to acquire the asset identification information.
That is, the acquisition device does not actively acquire the asset identification information, and scans the asset only after receiving the asset detection message issued by the identification device to acquire the asset identification information.
Of course, the acquisition device may also periodically trigger asset scanning itself to obtain asset identification information and send the asset identification information to the identification device.
On the basis of the embodiment, after the asset is identified based on the plurality of asset identification information, for the purpose of subsequent rapid identification of the assets, the identified assets can be imaged, namely, the knowledge graphs of the assets are constructed, which comprise the assets and the asset identification information corresponding to the assets, so that the acquired asset identification information can be compared with the asset identification information of each node in the knowledge graphs when the asset is identified subsequently, and the efficiency of asset identification can be effectively improved.
And after the knowledge graph of the asset is constructed, the asset is conveniently and directly combed based on the knowledge graph, such as counting the asset, searching the newly added asset, searching the distribution condition of the asset and the like, so that the effective management of the asset in the network can be conveniently realized.
Referring to fig. 4, fig. 4 is a block diagram illustrating a structure of an asset identifying apparatus 200 according to an embodiment of the application, where the apparatus 200 may be a module, a program segment or a code on an electronic device. It should be understood that the apparatus 200 corresponds to the above embodiment of the method of fig. 1, and is capable of performing the steps involved in the embodiment of the method of fig. 1, and specific functions of the apparatus 200 may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy.
Optionally, the apparatus 200 includes:
an information obtaining module 210, configured to obtain a plurality of asset identification information, where each asset identification information includes an IP address and a network segment identifier corresponding to the IP address;
and the asset identification module 220 is configured to identify an asset in the network according to the IP address in the plurality of asset identification information and the network segment identifier corresponding to the IP address.
Optionally, the asset identification information further includes asset information, and the asset identification module 220 is configured to determine that the assets corresponding to the at least two asset identification information are the same asset if the plurality of asset identification information has different IP addresses and network segment identifiers corresponding to the IP addresses in the at least two asset identification information, and the asset information is the same.
Optionally, the asset identification module 220 is configured to determine that the assets corresponding to the at least two asset identification information are the same asset if the IP addresses in the at least two asset identification information and the network segment identifiers corresponding to the IP addresses are the same in the plurality of asset identification information.
Optionally, the information obtaining module 210 is configured to obtain, from each collection device deployed in the network, an IP address of an asset collected by the collection device; determining network segment identifiers configured for the acquisition equipment, wherein each network segment identifier corresponds to a preset IP address network segment; and generating corresponding asset identification information based on the IP address and the corresponding network segment identification.
Optionally, the information obtaining module 210 is configured to obtain asset identification information from each collection device deployed in the network, where a network segment identifier corresponding to an IP address in the asset identification information is added to the collection device.
Optionally, the asset identification module 220 is further configured to, if two different asset identification information are identified as belonging to different assets, and the two different asset identification information are currently identified as belonging to the same asset, perform conflict resolution on the identification result.
Optionally, the asset identifying module 220 is further configured to take, as a final identifying result, an identifying result that the two different asset identifying information currently identified belong to the same asset.
It should be noted that, for convenience and brevity, a person skilled in the art will clearly understand that, for the specific working procedure of the apparatus described above, reference may be made to the corresponding procedure in the foregoing method embodiment, and the description will not be repeated here.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device for performing an asset identification method according to an embodiment of the present application, where the electronic device may include: at least one processor 310, such as a CPU, at least one communication interface 320, at least one memory 330, and at least one communication bus 340. Wherein the communication bus 340 is used to enable direct connection communication of these components. The communication interface 320 of the device in the embodiment of the present application is used for performing signaling or data communication with other node devices. The memory 330 may be a high-speed RAM memory or a nonvolatile memory (non-volatile memory), such as at least one disk memory. Memory 330 may also optionally be at least one storage device located remotely from the aforementioned processor. The memory 330 has stored therein computer readable instructions which, when executed by the processor 310, perform the method process described above in fig. 1.
It will be appreciated that the configuration shown in fig. 5 is merely illustrative, and that the electronic device may also include more or fewer components than shown in fig. 5, or have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs a method process performed by an electronic device in the method embodiment shown in fig. 1.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example, comprising:
acquiring a plurality of asset identification information, wherein each asset identification information comprises an IP address and a network segment identifier corresponding to the IP address;
and identifying the assets in the network according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses.
In summary, the embodiments of the present application provide an asset identification method, apparatus, electronic device, and storage medium, where the method identifies an asset in a network according to an IP address in asset identification information and a network segment identifier corresponding to the IP address, so that for a scenario where IP addresses overlap in different network segments, the method can be used to accurately identify the asset.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (10)

1. A method of asset identification, the method comprising:
acquiring a plurality of asset identification information, wherein each asset identification information comprises an IP address and a network segment identifier corresponding to the IP address;
and identifying the assets in the network according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses.
2. The method of claim 1, wherein the asset identification information further includes asset information, and wherein the identifying the asset in the network based on the IP address in the plurality of asset identification information and the network segment identifier corresponding to the IP address includes:
if the plurality of asset identification information has different IP addresses in at least two asset identification information and network segment identifiers corresponding to the IP addresses and the asset information is the same, determining that the assets corresponding to the at least two asset identification information are the same asset, wherein the asset information is attribute information for representing the uniqueness of the asset.
3. The method according to claim 1, wherein the identifying the asset in the network according to the IP address in the plurality of asset identification information and the network segment identification corresponding to the IP address includes:
and if the IP addresses in the at least two asset identification information and the network segment identifications corresponding to the IP addresses are the same in the plurality of asset identification information, determining that the assets corresponding to the at least two asset identification information are the same asset.
4. The method of claim 1, wherein the obtaining a plurality of asset identification information comprises:
acquiring IP addresses of the assets collected by each collecting device deployed in the network;
determining network segment identifiers configured for the acquisition equipment, wherein each network segment identifier corresponds to a preset IP address network segment;
and generating corresponding asset identification information based on the IP address and the corresponding network segment identification.
5. The method of claim 1, wherein the obtaining a plurality of asset identification information comprises:
and acquiring asset identification information from each acquisition device deployed in the network, wherein network segment identifiers corresponding to IP addresses in the asset identification information are added for the acquisition devices.
6. The method according to claim 1, wherein the method further comprises:
if two different asset identification information are identified to belong to different assets, and the two different asset identification information are currently identified to belong to the same asset, conflict judgment is carried out on the identification result.
7. The method of claim 6, wherein said performing a collision resolution on the identification thereof comprises:
and taking the identification result of the two different asset identification information currently identified belonging to the same asset as a final identification result.
8. An asset identification device, the device comprising:
the information acquisition module is used for acquiring a plurality of asset identification information, wherein each asset identification information comprises an IP address and a network segment identifier corresponding to the IP address;
and the asset identification module is used for identifying the asset in the network according to the IP addresses in the asset identification information and the network segment identifications corresponding to the IP addresses.
9. An electronic device comprising a processor and a memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-7.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, performs the method according to any of claims 1-7.
CN202310574257.7A 2023-05-19 2023-05-19 Asset identification method, device, electronic equipment and storage medium Pending CN116760571A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310574257.7A CN116760571A (en) 2023-05-19 2023-05-19 Asset identification method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310574257.7A CN116760571A (en) 2023-05-19 2023-05-19 Asset identification method, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116760571A true CN116760571A (en) 2023-09-15

Family

ID=87950430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310574257.7A Pending CN116760571A (en) 2023-05-19 2023-05-19 Asset identification method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116760571A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117633666A (en) * 2024-01-26 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 Network asset identification method, device, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117633666A (en) * 2024-01-26 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 Network asset identification method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110798360B (en) NWDAF network element selection method and device, electronic equipment and readable storage medium
CN108683687B (en) Network attack identification method and system
CN109150572B (en) Method, device and computer readable storage medium for realizing alarm association
CN108471429B (en) Network attack warning method and system
CN108881263B (en) Network attack result detection method and system
CN110659560B (en) Method and system for identifying associated object
CN106888106A (en) The extensive detecting system of IT assets in intelligent grid
CN107276851B (en) Node abnormity detection method and device, network node and console
CN112468364B (en) CIP asset detection method and device, computer equipment and readable storage medium
CN116760571A (en) Asset identification method, device, electronic equipment and storage medium
CN104021141A (en) Method, device and system for data processing and cloud service
Zali et al. Real-time attack scenario detection via intrusion detection alert correlation
CN112685175A (en) Method and device for constructing service topological graph and computer readable storage medium
CN111628878A (en) Fault positioning method, device and system based on multi-stage network nodes
CN113098852A (en) Log processing method and device
US11595419B2 (en) Communication monitoring system, communication monitoring apparatus, and communication monitoring method
CN111752819B (en) Abnormality monitoring method, device, system, equipment and storage medium
CN112152824A (en) Performance index data acquisition method and device
CN106649678B (en) Data processing method and system
CN115080771A (en) Data processing method and device based on artificial intelligence, medium and gateway equipment
CN113891309A (en) Method and system for detecting malicious node in wireless sensor network and sink node
CN110489568B (en) Method and device for generating event graph, storage medium and electronic equipment
CN109462592B (en) Data sharing method, device, equipment and storage medium
CN112468400A (en) Fault positioning method, device, equipment and medium
CN108173689B (en) Output system of load balancing data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination