[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109327461A - Distributed asset identification and change cognitive method and system - Google Patents

Distributed asset identification and change cognitive method and system Download PDF

Info

Publication number
CN109327461A
CN109327461A CN201811341217.3A CN201811341217A CN109327461A CN 109327461 A CN109327461 A CN 109327461A CN 201811341217 A CN201811341217 A CN 201811341217A CN 109327461 A CN109327461 A CN 109327461A
Authority
CN
China
Prior art keywords
asset
information
host
data
assets
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811341217.3A
Other languages
Chinese (zh)
Inventor
王文佳
陈志华
陈宁
杨少滨
吉威炎
陆文哲
宋琅靖
杨历
陈嘉琪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Security Test And Appraisal Center Guangdong Province
Original Assignee
Information Security Test And Appraisal Center Guangdong Province
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Security Test And Appraisal Center Guangdong Province filed Critical Information Security Test And Appraisal Center Guangdong Province
Priority to CN201811341217.3A priority Critical patent/CN109327461A/en
Publication of CN109327461A publication Critical patent/CN109327461A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

A kind of asset identification and change cognitive method and system, the system includes networked asset information collection subsystem, asset data processing subsystem and asset library, the networked asset information collection subsystem collects the assets information of networking activity host, the asset data processing subsystem obtains the assets information of networking activity host from the networked asset information collection subsystem, and it is compared with the asset attribute information for passing through confirmation in the asset library is stored in, to realize automatically updating to the assets information of the networking survival host in the asset library.The asset identification and change cognitive method and system can it is comprehensive accurately, dynamically grasp assets information and its variation, significantly improve the network risks of assets, the accuracy of vulnerability assessment, the grasp situation and fast throughput to assets loophole are improved, to improve significantly to the response disposition to attack.

Description

Distributed asset identification and change cognitive method and system
Technical field
The present invention relates to networked asset information security, especially a kind of distributed asset identification and change cognitive method and it is System.
Background technique
Information systems internetting space is made of countless nodes, each node be one access network IT assets (or Claim information assets), information assets include host operating system, the network equipment, safety equipment, database, middleware, using group Part.Information assets is most basic most important carrier in information security management.With going from strength to strength for intra-enterprise business, business Information-based high speed development, various businesses support platform and management system become increasingly complex, and information assets such as server, storage are set The standby, network equipment, safety equipment quantity are cumulative, and type is also more and more abundant, bring the Assets Management of administrator More difficult.Over time, a large amount of dereliction assets, corpse assets are produced, these assets long-time unmanned maintenances cause to deposit In more known bugs and configuration violation.More seriously these assets are difficult to be included within the scope of administrator's daily maintenance, Very big hidden danger is brought for enterprise security, becomes the weakness of enterprise information security.
By taking Guangdong Power Grid as an example, common power information equipment, as server, interchanger, router, power communication are whole End, intelligent transformer equipment etc. will affect the normal confession of the normal acquisition and electrical power services of power information once safety problem occurs It answers, not only brings inconvenience to the daily production and living of people, will also result in great economic loss.
Currently, country is higher and higher to the attention degree of network security, and effective management of IT assets is just more important.IT money Production is most basic most important carrier in information security management, differentiates IT assets, grasps to comprehensive no dead angle assets information meaning Justice is great.Meanwhile on the basis of finding out assets information, whether the protection of the dangerous risk in awareness network space is effective, such as Influence of the service that the network equipment is run with the presence or absence of known bugs and physical address, the loophole newly exposed to the network equipment How range carries out the information such as repairing for known bugs, this safe condition that will be helpful to accurately grasp enterprise is simultaneously effective It solves to threaten risk.
Summary of the invention
It is a primary object of the present invention in view of the deficiencies of the prior art, provide a kind of asset identification and change cognitive method With system.
To achieve the above object, the invention adopts the following technical scheme:
A kind of asset identification and change sensory perceptual system, including networked asset information collection subsystem, asset data processing System and asset library, the networked asset information collection subsystem collect the assets information of networking activity host, the assets Data process subsystem obtains the assets information of networking activity host from the networked asset information collection subsystem, and by its with It is stored in the asset attribute information in the asset library by confirmation to be compared, the networking in the asset library is deposited with realizing The assets information of host living automatically updates.
Further:
The asset identification and change sensory perceptual system include multiple networked asset information in different zones distributed deployment The distributed task dispatching and data processing subsystem of collection subsystem and the multiple networked asset information collection subsystem of connection System is based on distributed structure/architecture, and Task-decomposing is passed through task schedule by the distributed task dispatching and data process subsystem The task of decomposition is assigned in suitable resource, task distribution and processing is realized for multiple nodes, realizes the distribution of task Formula executes, and executes assets information detection and perception in a distributed manner, and data storage and management subordinate is together.
The networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with Detect the OS Type of remote target host;
Application component fingerprint-collection module is configured to version, service that discovery includes web application or component One of port, protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, be configured to networked hosts and The fragility of application system carries out perception analysis, to find the tender spots of operating system, service, application component, finds networking master Machine, its system, service, loophole that may be present in application component.
The basic information collection module receives answer number by sending a series of TCP and UDP message packet to destination host According to packet, and each of reply data packet data item is detected, then compared with fingerprint database, detected far by analyzing comparison The OS Type of journey destination host.
The basic information collection module includes:
Detecting host submodule is configured to inquire IP address library according to setting strategy for objective area and be converted into IP Range sets multiple scan procedures and/or thread according to scanning, detects target machine corresponding port, each port receives one kind Legal response packet, then judge open-ended, only one open port of each host then judges that host is survived, will deposit The IP of host living, the port of opening and protocol information are stored in mobile host computers library;Preferably, the setting strategy includes scanning target Area, scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule is configured to pass the specific detection packet of transmission, find each node in network with And their interconnected relationships;Preferably, the node includes router and host;
System fingerprint information collects submodule, is configured to utilize the finger for establishing different operating system, different agreement stack Line database detects TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information;
It services finger print information and collects submodule, be configured to be sent to from the corresponding detection fingerprint of service fingerprint base selection Corresponding port is matched by the fingerprint in the packet of return, is judged whether containing corresponding component.
The system fingerprint information collect submodule identified using ICP/IP protocol stack fingerprint different operating system and Equipment, it is preferable that the system fingerprint information is collected submodule and is configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of known system is established, this fingerprint characteristic is stored in system fingerprint library, is made For the sample database of fingerprint comparison;
Systems scan task is set, selects the destination host of detecting, then activation system detection task;The task is chosen respectively An opening and a port closed are selected, is sent to it by pre-set TCP/UDP/ICMP data packet, detection is returned The data packet returned simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is from mobile host computers Selection;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
The application component fingerprint-collection module by carry out based on Web service, service end instruction, Web Development Framework, One of Web application, front end library and third party's component recognition a variety of collect finger print information.
Web Development Framework wherein is identified by using Component service Detection Techniques, wherein detecting by the application component page Which kind of language technology and Component service Detection Techniques detection Web site backstage use, wherein detecting skill by the serviced component page Art is applied to detect Web, and one or several pages of preferably crawl website match corresponding to differentiate to the fingerprint of fingerprint base Web application, wherein using page Detection Techniques detect the space Web, preferably page Detection Techniques include pass through the page CLASSID identified.
The fragility sensing module carries out system vulnerability scanning, database vulnerability scanning, in Web application vulnerability scanning It is one or more;Preferably, the vulnerability database that the fragility sensing module is established by backstage carries out certainly the loophole scanned Dynamic matching, and automatically confirm that the CVE number of loophole and whether have Land use systems.
Vulnerability scanning is based on Port Scanning Technology, on the port and port that destination host unlatching is learnt after port scan Network service, these relevant informations are matched with the vulnerability database being provided previously, wherein by simulation this system is attacked Hitter's method is checked whether with the presence of the loophole for meeting matching condition;Preferably, aggressive safety is carried out to target host systems Vulnerability scanning, it is preferred to use test weak tendency password, if simulation success attack, showing target host systems, there are security breaches.
Using rule-based matching technique, the network system vulnerability database of formation constitutes corresponding on basis herein With rule, the work of vulnerability scanning is carried out automatically by scanner program, if being matched the condition of satisfaction, be considered as there are loophole, Client is returned the result to after the completion of detection;Preferably, if the rule not being matched, forbid the network connection of system;It is excellent Selection of land, loophole data are separated from scan code, to be updated to scanning engine.
The networked asset information collection subsystem further includes with the one or more of lower module:
Task management module is configured to receive assignment instructions, dispatches multiple collection modules by strategy and completes corresponding appoint Business dynamically monitors the running state information of each collection module in real time and carries out the load balancing and allotment of task in real time, To guarantee that each collection module can reasonably work;
Data filtering module is configured to pass acquisition strategies and matches to initial data, to the data of redundancy into Row filtering;
Data transmission module, data will be acquired by being configured to is sent to and the networked asset information by hidden subnet The management subsystem of collection subsystem connection.
The asset identification and change sensory perceptual system further include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and is data manipulation people Member provides human-computer interaction interface and carries out corresponding business operation;
Preferably, management end accesses distributed data source by polling mechanism, and the asynchronous returned data of server connects in data In receipts, management Platform Requirements carry out poll periodically with an informing mechanism and a monitoring establishment and come from data-interface service New data are added to response data by data receiver processing service and deposited by the response of module after having new data to return It stores up in file.
A kind of asset identification and change cognitive method, using the asset identification and change sensory perceptual system, by not Assets information is collected with the operation detection of multiple networked asset information collection subsystems of region distributed deployment.
A kind of asset identification and change cognitive method, using the asset identification and change sensory perceptual system, wherein
The asset data processing subsystem obtains networking activity host from the networked asset information collection subsystem Assets information, and it is compared with the asset attribute information for passing through confirmation in the asset library is stored in, to realize to institute State automatically updating for the assets information of the networking survival host in asset library.
Preferably, networked asset information collection subsystem collects networking by the way that network foundation information collection mode is recycled Mobile host computers and asset attribute information;Asset data processing subsystem obtains networking activity from networked asset information collection subsystem Host and asset attribute information, and be compared with being stored in asset library by the Asset Attributes confirmed, to realize to networking Survival host library automatically update and the attributes such as OS Type and version, application component type and version information from It is dynamic to update.
Preferably, using the recursive call of asset identification technology, the attribute that can perceive change for assets includes operation System type and version, application component type and version, type of database and version, port, service;For the money having confirmed that It producing, attribute is stored in asset library, and the information collection module of networked asset information collection subsystem uses asset identification technology, Periodic cyclic is scanned desired asset, collects its attribute information, after collecting attribute, with the original category being stored in asset library Property is compared, and desired asset attribute such as changes, and data processing module will do it the update of asset library, it is ensured that in asset library Attribute information is newest.
Preferably, survival assets change perception is carried out, is realized by the recursive call of asset identification technology;It is wherein right In the assets having confirmed that, state is stored in asset library, and using asset identification technology, periodic cyclic sweeps desired asset It retouches, detects whether its state survives, if it find that host is reactionless, then record current time, and modify its state, otherwise, Standing state is kept, and increases time-to-live record.
Beneficial effects of the present invention:
The present invention provides a kind of asset identification and change cognitive method and system, comprehensive can accurately, dynamically slap Assets information and its variation are held, the network risks of assets, the accuracy of vulnerability assessment are significantly improved, is improved to assets loophole Situation and fast throughput are grasped, to improve significantly to the response disposition to attack.System and method passes through Carry out asset identification and assets change perception, quickly handle for the management of assets and loophole provide solid foundation with well Guarantee.
It further, can also be by using multiple networked asset information collection subsystems of distributed deployment, Neng Gouji When, reliably detection finds the mobile host computers of specific multiple network areas, collect assets information, including realize to its operating system With the collection of application component information, and data storage and management subordinate is together, is conveniently uniformly processed and shows data;Meanwhile Task distribution formula is executed, by using distributed structure/architecture, the task of decomposition is assigned to by Task-decomposing by task schedule In suitable resource, the task distribution of intelligence, load balancing, abnormality processing, progress, which summarizes, result summarizes to be realized to multiple nodes Deng, realize that the distribution of task executes, the perception and assets information exception processes that such as distribution executes assets, raising processing capacity.
It further, can also be by the fragility sensing module in networked asset information collection subsystem, based on detection The case where carry out targetedly vulnerability information and collect, perception analysis, hair are carried out to the fragility of networked hosts and application system The now tender spots of operating system, service, application component provides data supporting for penetration attack/test and using resource, finally seeks Find out networked hosts, its system, service, loophole that may be present in application component.Networked asset information in the present invention is collected Subsystem can accurately and reliably find the security breaches of networked information system, to realize that loophole is quickly administered, repair in time The security breaches of information system provide advantage and good guarantee.
Detailed description of the invention
Fig. 1 asset identification of the present invention and the basic structure block diagram for changing sensory perceptual system;
Fig. 2 is that the asset identification of an embodiment of the present invention and change sensory perceptual system carry out changing for Asset Attributes and perceive Flow chart;
Fig. 3 is the distributed asset identification of an embodiment of the present invention and the structural block diagram for changing sensory perceptual system;
Fig. 4 is the structural block diagram of the networked asset information collection subsystem in an embodiment of the present invention;
Fig. 5 is the vulnerability scanning system assumption diagram based on network system vulnerability database in the preferred embodiment of the present invention;
Fig. 6 is the stream of progress distributed task dispatching in the asset identification and change cognitive method of the preferred embodiment of the present invention Cheng Tu.
Specific embodiment
It elaborates below to embodiments of the present invention.It is emphasized that following the description is only exemplary, The range and its application being not intended to be limiting of the invention.
Refering to fig. 1, in one embodiment, a kind of asset identification and change sensory perceptual system, which includes networked asset Information collection subsystem, asset data processing subsystem and asset library, the networked asset information collection subsystem collect connection The assets information of net mobile host computers, the asset data processing subsystem are joined from the networked asset information collection subsystem The assets information of net mobile host computers, and it is compared with the asset attribute information for passing through confirmation in the asset library is stored in It is right, to realize automatically updating to the assets information of the networking survival host in the asset library.The asset identification and change sense Perception method and system can it is comprehensive accurately, dynamically grasp assets information and its variation, significantly improve the network wind of assets Dangerous, vulnerability assessment accuracy, improves the grasp situation and fast throughput to assets loophole, to improve significantly to Response disposition to attack.
Refering to Fig. 4, in a preferred embodiment, which is preferably included: basic information is collected Module is configured to discovery networked hosts, the fingerprint recognition of host operating system is carried out, to detect remote target host OS Type;Application component fingerprint-collection module, be configured to version that discovery includes web application or component, One of serve port, protocol interaction feature or a variety of application programs or component finger print information.
Networked asset information collection subsystem can by be recycled network foundation information collection mode (including host send out Existing, port scan, operating system are detected, using detecting and IP address library etc.) collect networking activity host and asset attribute information; Asset data processing subsystem can obtain networking activity host and asset attribute information from networked asset information collection subsystem, and It is compared with being stored in asset library by the Asset Attributes confirmed, networking survival host library is automatically updated with realizing, And the attributes such as OS Type and version, application component type and version information automatically update.The present embodiment is assets Change perception and the detection of distributed assets provide the foundation function, effectively, the quickly and accurately known and unknown money of identification It produces, and collects asset attribute information.
In a preferred embodiment, the asset identification and change sensory perceptual system, which perceive the change of Asset Attributes, uses The recursive call of asset identification is realized.Detailed process is as shown in Figure 2.The attribute that change can be perceived for assets mainly has operation System type and version, application component type and the information such as version, type of database and version, port, service.The present embodiment In, for the assets having confirmed that, attribute is stored in asset library, the information collection module of networked asset information collection subsystem Using asset identification technology, periodic cyclic is scanned desired asset, collects its attribute information, after collecting attribute, with preservation Primitive attribute in asset library is compared, and desired asset attribute such as changes, and data processing module will do it asset library It updates, it is ensured that the attribute information in asset library is newest.
In a preferred embodiment, the asset identification and change sensory perceptual system also carry out survival assets change perception, It can also be realized by the recursive call of asset identification technology.In the present embodiment, for the assets having confirmed that, state is same It is stored in asset library, the information collection module of networked asset information collection subsystem uses asset identification technology, periodic cyclic Desired asset is scanned, detects whether its state survives, if it find that host is reactionless, then records current time, and Its state is modified, otherwise, keeps standing state, and increases time-to-live record.
In other preferred embodiments, the asset identification and change sensory perceptual system further include fragility perception mould Block is configured to carry out perception analysis to the fragility of networked hosts and application system, to find operating system, service, answer With the tender spots of component, networked hosts, its system, service, loophole that may be present in application component are found.
Based on the preferred embodiment of the present invention, it can establish loophole and administer control platform, according to system type and application component, Targetedly vulnerability information is carried out to collect.
In some embodiments, networked asset information collection subsystem collects (including master by using network foundation information Machine discovery, port scan, operating system are detected, using detecting and IP address library) and fragility cognition technology, it can be found that specific Mobile host computers in network area, and realize and its OS Type and version, application component type and version information are collected, Targetedly vulnerability information is carried out according to system type and application component to collect.
In some embodiments, IP address positioning, detecting host and port can be used in networked asset information collection subsystem Scanning, operating system and application type detecting, network application scanning, vulnerability scanning, advanced escape technology (AET), firewall/ IDS such as evades at the technologies, realizes networked asset information collection.
In an exemplary embodiment, networked asset information collection subsystem includes basic information collection module, application component Fingerprint-collection module and fragility sensing module.
(1) basic information collection module
This module is configured to discovery networked hosts, and carries out the fingerprint recognition of host operating system.By to target Host sends a series of TCP and UDP message packet, receives reply data packet, and detect each of reply data packet data item, It is compared again with fingerprint database, the OS Type of remote target host can be detected finally by analysis comparison.
In a preferred embodiment, basic information collection module specifically includes:
Detecting host submodule: detecting host module sets strategy, including scanning objective area, scanning association according to user View, port range, the scanning technique used and evade technology etc., inquires IP address library for objective area and be converted into IP range, root It is scanned into (line) journey according to scanning setting is multiple, detects target machine corresponding port, each port receives legal time a kind of It should wrap, then judge open-ended, only one open port of each host then judges that host is survived, by the IP for host of surviving, opens The port put and protocol information are stored in mobile host computers library.
Topology Discovery submodule: network topology is a kind of table of interconnecting relation between each entity interconnected in network Show.Topological structure is usually modeled as a figure, and equipment (router, host etc.) is represented with node, is represented and is connected with Bian Lai Relationship (physically or logically).Topology Discovery be by sending specific detection packet, find each node in network and it Interconnected relationship.
System fingerprint information collects submodule: utilizing the fingerprint database for establishing different operating system, different agreement stack, inspection Survey TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information.
It is preferable to use ICP/IP protocol stack fingerprints for this system to identify different operating system and equipment.In RFC specification, There is no mandatory provisions for some realizations of place to TCP/IP, thus may have the specific of oneself in different TCP/IP schemes Mode.This system is mainly that the type of operating system is judged according to the difference in these details.In preferred embodiment In, specific implementation is as follows:
Firstly, analysis sorts of systems feature, establishes the fingerprint characteristic of known system, this fingerprint characteristic is stored in system fingerprint Library, the sample database as fingerprint comparison;
Systems scan task is set, the destination host (preferably selecting from mobile host computers, avoid ineffective detection) of detecting is selected, Then activation system detection task;The task selects an opening (open) respectively and closes the port of (closed), Xiang Qifa The excessively pre-set TCP/UDP/ICMP data packet of the warp let-off generates a system fingerprint according to the data packet of return;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
If can not match, possible system is enumerated with Probability Forms.
Service finger print information collects submodule: choosing corresponding detection fingerprint since servicing fingerprint base and is sent to accordingly Fingerprint matching judges whether containing corresponding component in the packet that port passes through return.
(2) application component fingerprint-collection module
This module is configured to version, serve port, protocol interaction feature of discovery web application or component etc. and refers to Line information.
This module can be supported to service end instruction, Web Development Framework, Web application, front end library and third party based on Web service The identification such as component.
Web Development Framework is a kind of service routine, and server externally provides service by some port, is handled from client The request of sending, such as the Tomcat container in JAVA, IIS the or PWS frame of ASP, this module is detected by using Component service Technology can identify Web Development Framework, for example can detect Tomcat frame by sending finger print information " URI/status ".
Application component page Detection Techniques and service Component service Detection Techniques detection Web site backstage can be used in this module Using which kind of language, specific method includes passing through meta information, script label, header information, session, error The fingerprints such as page, certain contents including webpage judge.
Serviced component page Detection Techniques can be used to realize the detection of Web application in this module.By grab website one A or several pages match with the fingerprint of fingerprint base and can differentiate corresponding web application.
The page Detection Techniques detection space Web can be used.For example, being identified by the CLASSID of the page etc.
(3) fragility sensing module
This module is configured to perceive the fragility of networked hosts and application system, analyze, discovery operating system, It services, the tender spots of application component, integrated system vulnerability scanning, database vulnerability scanning, Web application vulnerability scanning etc. are a variety of Whether tool can carry out Auto-matching to loophole by the vulnerability database that backstage is established, and automatically confirm that the CVE number of loophole with There are Land use systems.
In a preferred embodiment, the vulnerability scanning architecture based on network system vulnerability database is as shown in Figure 5.
Vulnerability-scanning technology is built upon on the basis of Port Scanning Technology.From the analysis and collection to attack From the point of view of loophole, the overwhelming majority is both for some network service, that is, is directed to some specific port.Therefore, exist In preferred embodiment, the Vulnerability-scanning technology used is scanned with thinking same as Port Scanning Technology to carry out.Vulnerability scanning Technology preferably checks destination host with the presence or absence of loophole by the following method: learning what destination host was opened after port scan Network service on port and port, the vulnerability database progress that these relevant informations and Network Vulnerability Scanning System are provided Match.By simulating the attacking ways to this system, check whether with the presence of the loophole for meeting matching condition.Preferably, to target Host system carries out aggressive security scan, such as test weak tendency password.If simulating success attack, show target master There are security breaches for machine system.
This system uses rule-based matching technique, i.e., according to security expert to network system security loophole, Hei Kegong The practical experience that the analysis and system manager for hitting case configure network system security forms the leakage of standard set network system Cave depot constitutes corresponding matching rule on basis herein, the work of vulnerability scanning is initiatively carried out by scanner program.Preferably Forbid the network connection of system if the rule not being matched in ground.
In preferred embodiment, matched by the system vulnerability library that vulnerability scanning system provides, if meeting condition, depending on For there are loopholes.Client is returned the result to after the completion of the detection of server, and generates intuitive report.In server end Rule match library can be the set of many shared routings, store various scanning attack methods.Loophole data are from scan code Separation, enables users to voluntarily be updated scanning engine.
In a more preferred embodiment, present networks assets information collection subsystem can also include task management module.
(4) task management module
Task management module is configured to receive assignment instructions, and dispatches multiple collection modules and complete corresponding appoint by strategy Business, task management module need dynamically to monitor in real time the running state information of each collection module and carry out task in real time Load balancing and allotment, to guarantee that each collection module can reasonably work.
In a more preferred embodiment, present networks assets information collection subsystem can also include data filtering module.
(5) data filtering module
Data filtering module is configured to match initial data by acquisition strategies, carries out to the data of redundancy Filter.
In a more preferred embodiment, present networks assets information collection subsystem can also include data transmission module.
(6) data transmission module
Data transmission module, which is configured, is sent to management subsystem by hidden subnet for acquisition data.
Asset identification and change sensory perceptual system of the invention uses the networked asset information collection subsystem of above-described embodiment, The mobile host computers of the detectable discovery particular network area of networked asset information collection subsystem, and realize to its operating system and answer It with the collection of module information, and carries out targetedly vulnerability information and collects, provide data branch for subsequent penetration attack/test Resource is supportted and utilizes, so that asset identification and change sensory perceptual system of the invention can much sooner, effectively, reliably, accurately Networked asset information is acquired, so as to preferably find simultaneously the security breaches of restoration information system in time.
In a preferred embodiment, the asset identification and change sensory perceptual system can also include one in following subsystem Kind is a variety of:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and is data manipulation people Member provides human-computer interaction interface and carries out corresponding business operation;
Bug excavation subsystem is configured and provides bug excavation tool, constructs the general operations environment of bug excavation, real Now to the bug excavation of destination OS and target application software;
Vulnerability exploit verifies subsystem, is configured and provides the verification environment of building loophole and vulnerability exploit method, to leakage Hole is verified using sample, and assesses the effect of vulnerability exploit;
Security tool subsystem, is configured offer security tool, including for destination OS and target application into Row penetration attack, and realize that long-term control is kept.
Preferably but not compulsorily, asset identification of the invention and change sensory perceptual system include that networked asset information collects son Systems and management subsystem.Specifically, management subsystem can provide to information gathering subsystem, bug excavation subsystem, loophole The ability of data displaying is carried out using results such as verifying subsystem, security tools, operation management can also be carried out to above system, The work system of a query analysis is provided simultaneously, this system includes the task processing environment of a regulation management mode, And a series of analysis tool of man-machine interactives, allow analysis personnel that can complete various data analysis tasks by it.In addition, There is system individual operation desktop (workbench) and converging information for different rights user to show interface.Eventually by this The configuration management in the complete paired data area of system and the analysis of Various types of data and report show, and provides for data manipulation personnel man-machine Interactive interface carries out corresponding business operation.
Preferably but not compulsorily, asset identification of the invention and change sensory perceptual system can further include including leakage Excavate subsystem in hole.Bug excavation subsystem is based on typical bug excavation technological means, by integrated bug excavation tool and The bug excavation tool for developing customization, constructs the general operations environment of bug excavation, and destination OS and target are answered in realization Vulnerability exploit sample is developed with the bug excavation of software, and for newfound loophole.
Preferably but not compulsorily, asset identification of the invention and change sensory perceptual system can further include including leakage Hole utilizes verifying subsystem.The verification environment that loophole and vulnerability exploit method can be constructed verifies vulnerability exploit sample, And assess the effect of vulnerability exploit.
Preferably but not compulsorily, asset identification of the invention and change sensory perceptual system can further include safe work Has subsystem.Penetration attack can be carried out for destination OS and target application, and realize with customized development security tool Long-term control is kept.
In further embodiments, a kind of asset identification and change cognitive method, use the assets of aforementioned any embodiment Identification and change sensory perceptual system, wherein
The asset data processing subsystem obtains networking activity host from the networked asset information collection subsystem Assets information, and it is compared with the asset attribute information for passing through confirmation in the asset library is stored in, to realize to institute State automatically updating for the assets information of the networking survival host in asset library.
In a preferred embodiment, networked asset information collection subsystem is by being recycled network foundation information collection mode Collect networking activity host and asset attribute information;Asset data processing subsystem is obtained from networked asset information collection subsystem Networking activity host and asset attribute information, and be compared with being stored in asset library by the Asset Attributes confirmed, with reality Now networking survival host library is automatically updated and OS Type and version, application component type and version information etc. Attribute automatically updates;
In a preferred embodiment, using the recursive call of asset identification technology, assets can be perceived with the attribute of change Including OS Type and version, application component type and version, type of database and version, port, service;For really The assets recognized, attribute are stored in asset library, and the information collection module of networked asset information collection subsystem is known using assets Other technology, periodic cyclic are scanned desired asset, collect its attribute information, after collecting attribute, and are stored in asset library Primitive attribute be compared, desired asset attribute such as changes, and data processing module will do it the update of asset library, it is ensured that money Attribute information in product storehouse is newest;
In a preferred embodiment, survival assets change perception is carried out, by the recursive call of asset identification technology come real It is existing;Wherein for the assets having confirmed that, state is stored in asset library, and using asset identification technology, periodic cyclic is to target Assets are scanned, and detect whether its state survives, if it find that host is reactionless, then record current time, and modify it Otherwise state keeps standing state, and increase time-to-live record.
In further embodiments, a kind of asset identification and change cognitive method, are administered for loophole, wherein using aforementioned The system of embodiment searches out networked hosts, its system, service, loophole that may be present in application component, with for being looked for The loophole arrived carries out loophole disposition and loophole reparation, to realize that loophole is quickly administered.
Refering to Fig. 3, a kind of asset identification and change based on the detection of distributed assets information is felt in yet other embodiments, Know system, including multiple networked asset information collection subsystems in different zones distributed deployment and connects the multiple network The distributed task dispatching and data process subsystem of assets information collection subsystem are based on distributed structure/architecture, the distribution The task of decomposition is assigned to suitable resource by Task-decomposing, and by task schedule by task schedule and data process subsystem In, task distribution and processing are realized for multiple nodes, are realized that the distributed of task executes, are executed assets information in a distributed manner and visit It surveys and perceives, and data storage and management subordinate is together.The each of the multiple networked asset information collection subsystem can To be the networked asset information collection subsystem of aforementioned any embodiment.
By using distributed structure/architecture, Task-decomposing is passed through task schedule by the distribution assets information detection system The task of decomposition is assigned in suitable resource, multiple nodes are realized with task distribution, the load balancing, exception of intelligence Reason, progress summarizes, result summarizes, and realizes that the distributed of task executes, such as distribution executes the perception of assets and assets information becomes It more handles, improves processing capacity.
In a preferred embodiment, management end (such as management subsystem) accesses distributed data source, clothes by polling mechanism The asynchronous returned data of device of being engaged in manages Platform Requirements and sets up and with an informing mechanism and a monitoring on data receiver Response of the poll from data-interface service module periodically is handled by data receiver and is serviced after having new data to return New data are added in response data storage file.
A kind of distributed asset identification and change cognitive method in yet other embodiments, using described based on distribution The asset identification and change sensory perceptual system of formula assets information detection, pass through multiple networked assets in different zones distributed deployment The operation of information collection subsystem detects to collect assets information.
In a particular embodiment, the task tune of assets security monitoring is carried out using above-mentioned asset identification and change sensory perceptual system Degree, call each information acquisition module, to cyberspace IT assets carry out various dimensions scanning, obtain IT assets software and hardware information, Port information etc., is finally written distributed data base for scanning result.The task that distributed scheduling completes whole system generates, appoints The functions such as business distribution, task reception, task execution, abnormality processing, data statistics, task load equilibrium.
As shown in fig. 6, in a preferred embodiment, being carried out using distributed task dispatching above-mentioned and data process subsystem Following distributed task dispatching comprising following steps:
1) when mission dispatching, system detection task size will consume biggish task automatically according to detection node information It is divided into internal small task, and is put into task queue;
2) internal small task is taken out from task queue, passes to detection module node according to mission dispatching standard interface;
3) business detection module of each operation layer is provided which the task schedule interface of standard, by interface that mission dispatching is sub Task parameters data are finally transmitted to each operation layer according to interface specification by module, and the correctness of validation task supplemental characteristic Detection node;
4) different when being handed down to the task of detection node and being unable to complete due to detection node server failure or network failure Normal processing module continues to execute the issuing the detection node automatically of the task to other nodes;
5) last detection node reports progress according to interface specification, these progresses are summarized storage by progress summarizing module.
The above content is combine it is specific/further detailed description of the invention for preferred embodiment, cannot recognize Fixed specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs, Without departing from the inventive concept of the premise, some replacements or modifications can also be made to the embodiment that these have been described, And these substitutions or variant all shall be regarded as belonging to protection scope of the present invention.

Claims (10)

1. a kind of asset identification and change sensory perceptual system, which is characterized in that including networked asset information collection subsystem, assets number According to processing subsystem and asset library, the networked asset information collection subsystem collects the assets information of networking activity host, The asset data processing subsystem obtains the assets information of networking activity host from the networked asset information collection subsystem, And it is compared with the asset attribute information for passing through confirmation in the asset library is stored in, to realize in the asset library The assets information of networking survival host automatically update;
Preferably, the asset identification and change sensory perceptual system include multiple networked assets letter in different zones distributed deployment Cease the distributed task dispatching and data processing of collection subsystem and the multiple networked asset information collection subsystem of connection System is based on distributed structure/architecture, and Task-decomposing is passed through task tune by the distributed task dispatching and data process subsystem The task of decomposition is assigned in suitable resource by degree, is realized task distribution and processing for multiple nodes, is realized point of task Cloth executes, and executes assets information detection and perception in a distributed manner, and data storage and management subordinate is together;
Preferably, the networked asset information collection subsystem includes:
Basic information collection module is configured to discovery networked hosts, carries out the fingerprint recognition of host operating system, with detection The OS Type of remote target host out;
Application component fingerprint-collection module, be configured to version, serve port that discovery includes web application or component, One of protocol interaction feature or a variety of application programs or component finger print information;
The networked asset information collection subsystem further includes fragility sensing module, is configured to networked hosts and application The fragility of system carries out perception analysis, to find the tender spots of operating system, service, application component, find networked hosts, its System, service, loophole that may be present in application component.
2. asset identification as described in claim 1 and change sensory perceptual system, which is characterized in that the basic information collection module Include:
Detecting host submodule is configured to inquire IP address library according to setting strategy for objective area and be converted into IP range, Multiple scan procedures and/or thread are set according to scanning, detect target machine corresponding port, each port receives one kind and meets rule Response packet then, then judge open-ended, only one open port of each host then judges that host is survived, by host of surviving IP, opening port and protocol information be stored in mobile host computers library;Preferably, setting strategy include scanning objective area, Scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule is configured to pass the specific detection packet of transmission, find each node in network and it Interconnected relationship;Preferably, the node includes router and host;
System fingerprint information collects submodule, is configured to utilize the fingerprint number for establishing different operating system, different agreement stack According to library, TCP the and UDP reply data packet of destination host, identifying system and Protocol fingerprint information are detected;
It services finger print information and collects submodule, be configured to be sent to accordingly from the corresponding detection fingerprint of service fingerprint base selection Port, matched, judged whether containing corresponding component by the fingerprint in the packet of return.
3. asset identification as claimed in claim 2 and change sensory perceptual system, which is characterized in that the system fingerprint information is collected Submodule identifies different operating system and equipment using ICP/IP protocol stack fingerprint, it is preferable that the system fingerprint information Submodule is collected to be configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of known system is established, this fingerprint characteristic is stored in system fingerprint library, as finger The sample database of line comparison;
Systems scan task is set, selects the destination host of detecting, then activation system detection task;The task selects one respectively The port of a opening and a closing, is sent to it by pre-set TCP/UDP/ICMP data packet, detects return Data packet simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is selected from mobile host computers;
The fingerprint that detection generates is compared with system fingerprint library, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
4. asset identification as described in any one of claims 1 to 3 and change sensory perceptual system, which is characterized in that the application group Part fingerprint-collection module is by carrying out based on Web service, service end instruction, Web Development Framework, Web application, front end library and third One of square component recognition or it is a variety of collect finger print information, wherein being opened by using Component service Detection Techniques identification Web Frame is sent out, wherein detecting which kind of Web site backstage uses by application component page Detection Techniques and Component service Detection Techniques Language preferably grabs one or several pages of website wherein detecting Web application by serviced component page Detection Techniques Matched with the fingerprint of fingerprint base to differentiate corresponding web application, wherein the space Web is detected using page Detection Techniques, Preferably page Detection Techniques include being identified by the CLASSID of the page.
5. such as the described in any item asset identifications of Claims 1-4 and change sensory perceptual system, which is characterized in that the fragility Sensing module carries out one of system vulnerability scanning, database vulnerability scanning, Web application vulnerability scanning or a variety of;Preferably, The vulnerability database that the fragility sensing module is established by backstage carries out Auto-matching to the loophole scanned, and automatically confirms that leakage The CVE in hole is numbered and whether is had Land use systems.
6. asset identification as claimed in claim 5 and change sensory perceptual system, which is characterized in that vulnerability scanning is based on port scan Technology, learnt after port scan destination host open port and port on network service, by these relevant informations with The vulnerability database being provided previously is matched, wherein having checked whether to meet matching item by simulation to the attacking ways of this system The loophole of part exists;Preferably, aggressive security scan is carried out to target host systems, it is preferred to use test weak tendency mouth It enables, if simulation success attack, showing target host systems, there are security breaches.
7. such as asset identification described in claim 5 or 6 and change sensory perceptual system, which is characterized in that use rule-based With technology, the network system vulnerability database of formation constitutes corresponding matching rule on basis herein, is carried out automatically by scanner program The work of vulnerability scanning is considered as there are loophole, detection returns the result to client after the completion if being matched the condition of satisfaction End;Preferably, if the rule not being matched, forbid the network connection of system;Preferably, loophole data are divided from scan code From to be updated to scanning engine.
8. asset identification as described in any one of claim 1 to 7 and change sensory perceptual system, which is characterized in that the network money Producing information collection subsystem further includes with the one or more of lower module:
Task management module is configured to receive assignment instructions, dispatches multiple collection modules by strategy and completes corresponding task, moves It monitors to state the running state information of each collection module in real time and carries out the load balancing and allotment of task in real time, to guarantee Each collection module can reasonably work;
Data filtering module is configured to pass acquisition strategies and matches to initial data, carries out to the data of redundancy Filter;
Data transmission module, data will be acquired by being configured to is sent to and networked asset information collection by hidden subnet The management subsystem of subsystem connection.
9. asset identification as claimed in any one of claims 1 to 8 and change sensory perceptual system, which is characterized in that further include:
Management subsystem is configured and provides data displaying, query analysis and operation management function, and mentions for data manipulation personnel Corresponding business operation is carried out for human-computer interaction interface;
Preferably, management end accesses distributed data source, the asynchronous returned data of server, in data receiver by polling mechanism On, management Platform Requirements carry out poll periodically with an informing mechanism and a monitoring establishment and come from data-interface service mould The response of block handles service by data receiver and new data is added to response data storage after having new data to return In file.
10. a kind of asset identification and change cognitive method, which is characterized in that use money as described in any one of claim 1 to 9 Identification and change sensory perceptual system are produced, wherein
The asset data processing subsystem obtains the assets of networking activity host from the networked asset information collection subsystem Information, and it is compared with the asset attribute information for passing through confirmation in the asset library is stored in, to realize to the money The assets information of networking survival host in product storehouse automatically updates;
Preferably, networked asset information collection subsystem collects networking activity by the way that network foundation information collection mode is recycled Host and asset attribute information;Asset data processing subsystem obtains networking activity host from networked asset information collection subsystem And asset attribute information, and be compared with being stored in asset library by the Asset Attributes confirmed, it is survived with realizing to networking Host library automatically update and the attributes such as OS Type and version, application component type and version information it is automatic more Newly;
Preferably, using the recursive call of asset identification technology, the attribute that can perceive change for assets includes operating system Type and version, application component type and version, type of database and version, port, service;For the assets having confirmed that, Attribute is stored in asset library, and the information collection module of networked asset information collection subsystem uses asset identification technology, periodically Circulation is scanned desired asset, collects its attribute information, after collecting attribute, with the primitive attribute that is stored in asset library into Row compares, and desired asset attribute such as changes, and data processing module will do it the update of asset library, it is ensured that the attribute in asset library Information is newest;
Preferably, survival assets change perception is carried out, is realized by the recursive call of asset identification technology;Wherein for The assets of confirmation, state are stored in asset library, and using asset identification technology, periodic cyclic is scanned desired asset, It detects whether its state survives, if it find that host is reactionless, then records current time, and modify its state, otherwise, keep Standing state, and increase time-to-live record.
CN201811341217.3A 2018-11-12 2018-11-12 Distributed asset identification and change cognitive method and system Pending CN109327461A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811341217.3A CN109327461A (en) 2018-11-12 2018-11-12 Distributed asset identification and change cognitive method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811341217.3A CN109327461A (en) 2018-11-12 2018-11-12 Distributed asset identification and change cognitive method and system

Publications (1)

Publication Number Publication Date
CN109327461A true CN109327461A (en) 2019-02-12

Family

ID=65261477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811341217.3A Pending CN109327461A (en) 2018-11-12 2018-11-12 Distributed asset identification and change cognitive method and system

Country Status (1)

Country Link
CN (1) CN109327461A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905492A (en) * 2019-04-24 2019-06-18 苏州浪潮智能科技有限公司 Operation safety management system and method based on distributed modular data center
CN110336684A (en) * 2019-03-21 2019-10-15 北京天防安全科技有限公司 A kind of networked asset intelligent identification Method and system
CN110535727A (en) * 2019-09-02 2019-12-03 杭州安恒信息技术股份有限公司 Asset identification method and apparatus
CN110798335A (en) * 2019-09-24 2020-02-14 北京华顺信安科技有限公司 Network asset index analysis method and device, service terminal and storage medium
CN111245643A (en) * 2019-12-31 2020-06-05 贵州电网有限责任公司 IT asset monitoring method and system
CN112003884A (en) * 2019-05-27 2020-11-27 北京白帽汇科技有限公司 Network asset acquisition and natural language retrieval method
CN112039853A (en) * 2020-08-11 2020-12-04 深信服科技股份有限公司 Asset identification method and device for local area network, equipment and readable storage medium
CN112217824A (en) * 2020-10-13 2021-01-12 福建奇点时空数字科技有限公司 Network asset conformance analysis method based on flow perception
CN112422483A (en) * 2019-08-23 2021-02-26 东北大学秦皇岛分校 Identity protection strategy for ubiquitous power Internet of things
CN112685406A (en) * 2020-12-22 2021-04-20 中通天鸿(北京)通信科技股份有限公司 Monitoring system for ascertaining use state of cloud platform assets in real time
CN113242154A (en) * 2021-07-12 2021-08-10 广东睿江云计算股份有限公司 Remote asset management system and method thereof
CN113904910A (en) * 2021-10-08 2022-01-07 安徽高颐科技有限公司 Intelligent asset discovery method and device based on operation and maintenance system
CN113949568A (en) * 2021-10-18 2022-01-18 安天科技集团股份有限公司 Middleware identification method and device, computing equipment and storage medium
CN113992451A (en) * 2021-12-29 2022-01-28 北京微步在线科技有限公司 Asset data processing method and device
CN114500024A (en) * 2022-01-19 2022-05-13 恒安嘉新(北京)科技股份公司 Network asset management method, device, equipment and storage medium
CN114650185A (en) * 2022-04-24 2022-06-21 金祺创(北京)技术有限公司 Security risk analysis method and security monitoring management system with network data assets as cores
CN115150202A (en) * 2022-09-02 2022-10-04 北京云科安信科技有限公司 Method for collecting Internet IT information assets and detecting attack surface
CN115766547A (en) * 2022-10-26 2023-03-07 杭州迪普科技股份有限公司 Asset identification terminal testing method and system
CN116980468A (en) * 2023-09-20 2023-10-31 长扬科技(北京)股份有限公司 Asset discovery and management method, device, equipment and medium in industrial control environment
CN116975007A (en) * 2023-07-29 2023-10-31 上海螣龙科技有限公司 Method, system, equipment and medium for storing and displaying network assets

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7370276B2 (en) * 2002-05-17 2008-05-06 Sap Aktiengesellschaft Interface for collecting user preferences
CN106685707A (en) * 2016-12-15 2017-05-17 华南师范大学 Asset information control method in distributed infrastructure system
CN108769064A (en) * 2018-06-26 2018-11-06 广东电网有限责任公司信息中心 Realize the distributed asset identification and change cognitive method and system that loophole is administered

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7370276B2 (en) * 2002-05-17 2008-05-06 Sap Aktiengesellschaft Interface for collecting user preferences
CN106685707A (en) * 2016-12-15 2017-05-17 华南师范大学 Asset information control method in distributed infrastructure system
CN108769064A (en) * 2018-06-26 2018-11-06 广东电网有限责任公司信息中心 Realize the distributed asset identification and change cognitive method and system that loophole is administered

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110336684A (en) * 2019-03-21 2019-10-15 北京天防安全科技有限公司 A kind of networked asset intelligent identification Method and system
CN110336684B (en) * 2019-03-21 2022-03-18 北京天防安全科技有限公司 Intelligent network asset identification method and system
CN109905492A (en) * 2019-04-24 2019-06-18 苏州浪潮智能科技有限公司 Operation safety management system and method based on distributed modular data center
CN112003884B (en) * 2019-05-27 2024-04-16 北京白帽汇科技有限公司 Method for collecting network assets and retrieving natural language
CN112003884A (en) * 2019-05-27 2020-11-27 北京白帽汇科技有限公司 Network asset acquisition and natural language retrieval method
CN112422483B (en) * 2019-08-23 2022-04-08 东北大学秦皇岛分校 Identity protection strategy for ubiquitous power Internet of things
CN112422483A (en) * 2019-08-23 2021-02-26 东北大学秦皇岛分校 Identity protection strategy for ubiquitous power Internet of things
CN110535727B (en) * 2019-09-02 2021-06-18 杭州安恒信息技术股份有限公司 Asset identification method and device
CN110535727A (en) * 2019-09-02 2019-12-03 杭州安恒信息技术股份有限公司 Asset identification method and apparatus
CN110798335A (en) * 2019-09-24 2020-02-14 北京华顺信安科技有限公司 Network asset index analysis method and device, service terminal and storage medium
CN111245643A (en) * 2019-12-31 2020-06-05 贵州电网有限责任公司 IT asset monitoring method and system
CN112039853A (en) * 2020-08-11 2020-12-04 深信服科技股份有限公司 Asset identification method and device for local area network, equipment and readable storage medium
CN112039853B (en) * 2020-08-11 2022-09-30 深信服科技股份有限公司 Asset identification method and device for local area network, equipment and readable storage medium
CN112217824A (en) * 2020-10-13 2021-01-12 福建奇点时空数字科技有限公司 Network asset conformance analysis method based on flow perception
CN112685406A (en) * 2020-12-22 2021-04-20 中通天鸿(北京)通信科技股份有限公司 Monitoring system for ascertaining use state of cloud platform assets in real time
CN113242154A (en) * 2021-07-12 2021-08-10 广东睿江云计算股份有限公司 Remote asset management system and method thereof
CN113904910A (en) * 2021-10-08 2022-01-07 安徽高颐科技有限公司 Intelligent asset discovery method and device based on operation and maintenance system
CN113949568A (en) * 2021-10-18 2022-01-18 安天科技集团股份有限公司 Middleware identification method and device, computing equipment and storage medium
CN113949568B (en) * 2021-10-18 2023-11-10 安天科技集团股份有限公司 Middleware identification method, device, computing equipment and storage medium
CN113992451A (en) * 2021-12-29 2022-01-28 北京微步在线科技有限公司 Asset data processing method and device
CN114500024B (en) * 2022-01-19 2024-03-22 恒安嘉新(北京)科技股份公司 Network asset management method, device, equipment and storage medium
CN114500024A (en) * 2022-01-19 2022-05-13 恒安嘉新(北京)科技股份公司 Network asset management method, device, equipment and storage medium
CN114650185A (en) * 2022-04-24 2022-06-21 金祺创(北京)技术有限公司 Security risk analysis method and security monitoring management system with network data assets as cores
CN115150202A (en) * 2022-09-02 2022-10-04 北京云科安信科技有限公司 Method for collecting Internet IT information assets and detecting attack surface
CN115150202B (en) * 2022-09-02 2022-11-25 北京云科安信科技有限公司 Internet IT information asset collection and attack detection method
CN115766547A (en) * 2022-10-26 2023-03-07 杭州迪普科技股份有限公司 Asset identification terminal testing method and system
CN115766547B (en) * 2022-10-26 2024-06-28 杭州迪普科技股份有限公司 Asset identification terminal testing method and system
CN116975007A (en) * 2023-07-29 2023-10-31 上海螣龙科技有限公司 Method, system, equipment and medium for storing and displaying network assets
CN116975007B (en) * 2023-07-29 2024-03-22 上海螣龙科技有限公司 Method, system, equipment and medium for storing and displaying network assets
CN116980468A (en) * 2023-09-20 2023-10-31 长扬科技(北京)股份有限公司 Asset discovery and management method, device, equipment and medium in industrial control environment
CN116980468B (en) * 2023-09-20 2023-12-19 长扬科技(北京)股份有限公司 Asset discovery and management method, device, equipment and medium in industrial control environment

Similar Documents

Publication Publication Date Title
CN109327461A (en) Distributed asset identification and change cognitive method and system
CN109525427A (en) Distributed assets information detection method and system
CN108769064A (en) Realize the distributed asset identification and change cognitive method and system that loophole is administered
CN108712396A (en) Networked asset management and loophole governing system
CN108183895B (en) Network asset information acquisition system
CN108011893A (en) A kind of asset management system based on networked asset information gathering
Debar et al. Aggregation and correlation of intrusion-detection alerts
US8108930B2 (en) Secure self-organizing and self-provisioning anomalous event detection systems
US7171689B2 (en) System and method for tracking and filtering alerts in an enterprise and generating alert indications for analysis
CN110324310A (en) Networked asset fingerprint identification method, system and equipment
Haddadi et al. Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification
Ning et al. Intrusion detection techniques
Burbeck et al. Adwice–anomaly detection with real-time incremental clustering
CN106888106A (en) The extensive detecting system of IT assets in intelligent grid
KR101883400B1 (en) detecting methods and systems of security vulnerability using agentless
US20070180107A1 (en) Security incident manager
CN111586033A (en) Asset data middle platform of data center
KR20100075043A (en) Management system for security control of irc and http botnet and method thereof
US20100305990A1 (en) Device classification system
JP2002330177A (en) Security management server and host sever operating in linkage with the security management server
CN113691566B (en) Mail server secret stealing detection method based on space mapping and network flow statistics
CN108900527A (en) A kind of security configuration check system
CN108600260A (en) A kind of industry Internet of Things security configuration check method
CN114679292B (en) Honeypot identification method, device, equipment and medium based on network space mapping
CN102906756A (en) Security threat detection associated with security events and actor category model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190212

RJ01 Rejection of invention patent application after publication