CN106850333A - A kind of network equipment recognition methods and system based on feedback cluster - Google Patents

A kind of network equipment recognition methods and system based on feedback cluster Download PDF

Info

Publication number
CN106850333A
CN106850333A CN201611204074.2A CN201611204074A CN106850333A CN 106850333 A CN106850333 A CN 106850333A CN 201611204074 A CN201611204074 A CN 201611204074A CN 106850333 A CN106850333 A CN 106850333A
Authority
CN
China
Prior art keywords
cluster
clustering
network equipment
response message
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611204074.2A
Other languages
Chinese (zh)
Other versions
CN106850333B (en
Inventor
朱红松
任春林
丰轩
白稳平
闫兆腾
李志�
孙利民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201611204074.2A priority Critical patent/CN106850333B/en
Publication of CN106850333A publication Critical patent/CN106850333A/en
Application granted granted Critical
Publication of CN106850333B publication Critical patent/CN106850333B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to a kind of network equipment recognition methods based on feedback cluster and system.Methods described includes collecting device procotol message response information, and message response information data is pre-processed, and extracts message response information eigenvector, is clustered using characteristic vector;Set up cluster effect assessment function and cluster result is verified;If this cluster result value of utility is less than target value of utility, start feedback module carries out parameter regulation to Clustering Model, conversely, the cluster result that will then obtain is used to recognize network equipment brand and model;Clustering Model can be effectively adjusted by clustering effect assessment model and feedback module, Clustering Effect is lifted.The present invention can be based on procotol response message using automatic cluster and the method for feedback regulation identification network equipment brand and model, relative to existing method, reduce the workload of equipment identification, also have the reference value of identification simultaneously for unknown device.

Description

A kind of network equipment recognition methods and system based on feedback cluster
Technical field
Set the present invention relates to network security and machine learning techniques field, more particularly to a kind of network based on feedback cluster Standby recognition methods and system.
Background technology
With becoming increasingly popular for network-termination device, increasing network-termination device (such as camera, printer etc.) Public network space is linked into for people provide service, these equipment bring facilitate while, itself there is also many peaces Full hidden danger.Such potential safety hazard is not attracted people's attention typically, and is once broken out, and will often cause loss difficult to the appraisal (such as 2016 extensive suspension events in the U.S., perpetrator is exactly to carry out ddos attack using internet of things equipment leak).For Effectively prevent this kind of potential safety hazard, it is necessary first to the essential information of terminal device in quick detection cyberspace, and then have must The identification of brand and model is carried out to the network equipment.
The content of the invention
Problem to be solved by this invention is directed to various terminal devices present in cyberspace, proposes a kind of The general method based on feedback cluster, effectively identification network equipment brand and type is reached using procotol response message feature Number purpose.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:
A kind of procotol response report of the general network equipment recognition methods based on feedback cluster, first collecting device Literary information, extracts effective characteristic vector in protocol massages, after being clustered according to ad hoc approach to it, sets up cluster effect assessment mould Type simultaneously assesses cluster result, according to the original Clustering Model of cluster result feedback regulation (including clustering method parameter adjustment, or Replacing clustering method), the process of cluster and assessment is repeated, untill the satisfied cluster result of acquisition.Specific steps include:
Step 1, the network equipment survived in public network is found out by scanning server, and network association is carried out to these network equipments View detection, obtains the response message information of procotol;
Step 2, according to the type of different network protocol, pre-processes to response message information;
Step 3, to selecting some corresponding network equipments in the response message information after treatment, is manually marked to it Fixed (carrying out manual identified and mark);
Step 4, for specific network protocol type, the characteristic information in selection and extraction response message information passes through The method of statistical analysis is by characteristic information vectorization;
Step 5, is clustered to the characteristic information after vectorization using specific clustering schemes, is used in setting Clustering Model Initial parameter;
Step 6, cluster effect assessment model is set up to cluster result, according to the artificial data demarcated in step 3, calculates poly- Class effectiveness result;
Step 7, if cluster effectiveness result is met to setting the goal, stops, and otherwise starts cluster feedback regulation module, regulation The initial parameter in effect assessment model, and repeat step 6 and step 7 are clustered in step 5, until cluster effectiveness result is finally full Foot is set the goal, so as to realize the identification of the network equipment.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Further, the scan method in the step 1 to the network equipment of surviving includes but is not limited to be swept using Nmap, Zmap Retouch instrument.For the detection of network equipment agreement, including but not limited to common procotol such as Transmission Control Protocol, udp protocol, Telnet agreements, http protocol and RTSP agreements etc..
Further, for the preprocessing process of protocol responses information in the step 2, include but is not limited to screen out to cluster The unworthy protocol responses content of process, duplicate removal work of protocol responses content multiple to appearance etc., for the network equipment System of selection includes but is not limited to random selection, and the classical response message of each model of various brands is selected according to priori.
Further, protocol contents are included but is not limited to for the information that protocol responses message characteristic is extracted in the step 4 Keyword, the method for feature extraction includes but is not limited to use PCA or Relief algorithms selections effectively special Levy, for the vectorization procedure of feature, including but not limited to set up word vector space using TF-IDF methods, by latent semanteme Analysis method LSA excavates the potential semantic feature in protocol massages inside.
Further, the clustering method for being used in the step 5, including but not limited to using K-means clustering methods, uses Bayesian Clustering method, uses hierarchical clustering algorithm or use increment clustering method.
Further, cluster effect assessment is including but not limited to set up for the evaluation measures of cluster result in the step 6 Model, clustering validation is verified using the mode of manual verification, obtains clustering the assessment result of effectiveness.
Further, parameter bag of the feedback regulation module for the feedback regulation of clustering method module is clustered in the step 7 Include but be not limited to cluster number in regulation K-mean clustering algorithms, class spacing size in regulation level clustering procedure, increment of adjustment gathers The metric of utility function of classifying in class.
A kind of network equipment identifying system of the feedback cluster based on feedback cluster, it includes:
Procotol detecting module, for carrying out procotol detection to the network equipment survived in public network, obtains network The response message information of agreement;
Artificial demarcating module, for selecting some corresponding network equipments from response message information, is carried out manually to it Demarcate;
Characteristic extracting module, for for specific network protocol type, the spy in selection and extraction response message information Reference ceases, by the method for statistical analysis by characteristic information vectorization;
Cluster module, for being clustered to the characteristic information after vectorization;
Cluster effect assessment module, for being estimated to cluster result according to the artificial data demarcated, obtains cluster effect Assessment result;
Cluster feedback regulation module, during for being unsatisfactory for given targets threshold in the assessment result for clustering effectiveness, regulation The parameter of clustering schemes in cluster module, until the assessment result for clustering effectiveness meets given targets threshold.
The beneficial effects of the invention are as follows:Existing network equipment identification technology depends on artificial extraction equipment fingerprint simultaneously mostly Equipment identification process is carried out by way of canonical is matched, such RM is not only wasted time and energy, and recognition correct rate is obtained not It is also helpless simultaneously for discovery and identification unknown device to guarantee.The method that the method for the invention passes through automatic cluster Device type and the unclear problem of type kind during Network Recognition are solved, and is realized in fingerprint extraction process The effect of automatic identification.
Brief description of the drawings
Fig. 1 is by feeding back the flow chart of the clustering recognition network equipment in the embodiment of the present invention;
Fig. 2 is to carry out feeding back clustering recognition IP device brand and model based on web page information in the embodiment of the present invention Flow chart.
Specific embodiment
Principle of the invention and feature are described below in conjunction with accompanying drawing, example is served only for explaining the present invention, and It is non-for limiting the scope of the present invention.
The present embodiment is related to a kind of network equipment identification framework based on feedback cluster, mainly deposit in public network by being gathered The http protocol information of video monitoring equipment living, extracts the header information and message entity information of http response information, screens out To clustering unhelpful response message (for for http protocol, mainly including that conditional code is unsuccessful response message example), The camera of the 20 class brands such as Hikvision and Dahua to wherein artificial easily identification is marked, by header keyword with And the content information of specific html tag (such as title labels, script labels) is used as characteristic vector, by TF-IDF algorithms Word vector space is converted into, the method for taking sample increment to cluster, the classification utility function set in increment cluster is initial It is worth and obtains cluster result, define specimen discerning accuracy rate and specimen discerning recall rate as cluster effect assessment model, passes through Manual verification's cluster result obtains clustering the evaluation of estimate of effectiveness, and the classification employed in increment cluster process is adjusted according to evaluation of estimate The initial parameter of utility function.
According to the identification process flow chart that Fig. 1 is given, the method for the present embodiment specifically includes following steps:
Step 1, by scanning server to detection public network survival Network Video Surveillance equipment, gathers these equipment and is based on The response message information of http protocol.
Step 2, screens out for clustering useless response message information, the equipment for merging same response message.
Step 3, more than the 20 character string finger print informations for planting brand, the side matched by canonical are extracted according to manual identified experience Formula is marked to which part equipment.
Step 4, selects the content letter in http response header keyword and http response main body of the packet in specific label Breath is used as feature.By TF-IDF algorithms, by the response message information MAP of HTTP to a word vector space, using this Feature space launches cluster.
Step 5, is clustered to the characteristic information after vectorization by the way of increment cluster, sets dividing for increment cluster The initial value of parameter in class utility function.
Step 6, using marker samples discrimination and recall rate as assessment models, by the method for manual verification to having gathered Class result tries to achieve cluster value of utility.
Step 7, if cluster effectiveness result is met to setting the goal, stops, and otherwise starts cluster feedback regulation module, regulation The parameter value of the classification utility function in step 5 in increment clustering schemes.
Describe the identification of this example in detail as a example by carrying out brand recognition to network monitoring device using http protocol below Process.It is as shown in Figure 2 that it implements process.
First, information gathering and process of data preprocessing
The Internet video of open 80 ports in public network is scanned by traditional scanner (such as Nmap, Zmap instrument) first Monitoring device, solicited message, the http protocol response message that collecting device is returned are sent to device server by GET modes.
Screen out in corresponding information to clustering insignificant part, the generally conditional code (such as 404,301 of web response header Web failure Etc. conditional code), the web page information in response data message entity is extracted, the cryptographic Hash of page-out is calculated, gone according to cryptographic Hash Except the page for repeating, some page samples are obtained.
Brand (such as Hikvision, Dahua, TVT of easy identification are selected from the sample after treatment according to artificial experience Deng), the character string fingerprint of these brands is extracted, a portion video monitoring equipment is marked using these fingerprints, and Sample after mark and original data set are mixed, as the input source information that cluster is final.
2nd, feature extraction and vectorization procedure
For the sample information based on web page, it is considered to extract the text feature of the page, remove unrelated in the page first Label information, extract label in content information, by TF-IDF algorithms extract the page in keyword message, each is closed Key word is considered as a dimension, and original content of pages is mapped to a word vector space.
3rd, using clustering algorithm automatic cluster process
Page sample is clustered in word vector space, increment clustering method can be used --- incremental DBSCAN (Density-Based Spatial Clustering of Applications with Noise have noisy based on close The clustering method of degree) algorithm clustered.Needed in incremental clustering algorithm defining classification utility function for instruct cluster matter Amount, in utility function of classifying, we will turn into the minimum of kernel object in neighborhood in the DBSCAN algorithms of utility function of classifying Neighborhood points carry out parameter of the parameter adjustment as feedback regulation, and one initial value of selection is clustered, and this can be obtained at the beginning of one The cluster result of step.
4th, Clustering Effect is estimated and feedback procedure
In these cluster results, comprising facility information marked before, using these labeled facility informations The recognition correct rate and identification recall rate of each brand are calculated by the method for desk checking, and obtains both clusters of weighting and commented Estimate result, stop if this cluster result reaches the threshold value specified, otherwise need to start cluster feedback module regulation DBSCAN Minimum neighborhood points in algorithm.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this area Personnel can modify or equivalent to technical scheme, without departing from the spirit and scope of the present invention, this The protection domain of invention should be to be defined described in claims.

Claims (9)

1. a kind of network equipment recognition methods based on feedback cluster, it is characterised in that its step includes:
Step 1, the network equipment to being survived in public network carries out procotol detection, obtains the response message information of procotol;
Step 2, selects some corresponding network equipments from response message information, and it is manually demarcated;
Step 3, for specific network protocol type, the characteristic information in selection and extraction response message information, by statistics The method of analysis is by characteristic information vectorization;
Step 4, clusters to the characteristic information after vectorization;
Step 5, is estimated according to the artificial data demarcated in step 2 to cluster result, obtains clustering the assessment result of effectiveness;
Step 6, if the assessment result of cluster effectiveness meets given targets threshold, cluster process stops, otherwise regulating step 4 The parameter of middle clustering schemes, and repeat step 5 and step 6, until the assessment result for clustering effectiveness meets given targets threshold, So as to realize the identification of the network equipment.
2. method according to claim 1, its spy is that step 1 is simultaneously visited by the network equipment that scanner scans survival The network protocol type of measurement equipment, including be scanned using Nmap instruments, Zmap instruments;The used network equipment association of detection View includes Transmission Control Protocol, udp protocol, Telnet agreements, http protocol and RTSP agreements.
3. method according to claim 1, it is characterised in that step 1 according to the type of different network protocol, to what is obtained The response message information of procotol is pre-processed, and then carries out step 2.
4. method according to claim 3, it is characterised in that the pretreatment include screening out for specific network protocols without The response contents of meaning, and the duplicate removal work to there is multiple protocol responses content;For the system of selection of the network equipment Including random selection, and the classical response message that each model of various brands is selected according to priori.
5. method according to claim 1, it is characterised in that the feature in step 3 for response message information extraction is believed Breath includes protocol contents keyword;The method of feature extraction includes effective using PCA or Relief algorithms selections Feature;Include setting up word vector space using TF-IDF methods for the vectorization procedure of feature, and by latent semanteme Analysis method LSA excavates the potential semantic feature in protocol massages inside.
6. method according to claim 1, it is characterised in that the clustering method used in step 4 includes:K-means gathers Class method, Bayesian Clustering method, hierarchical clustering algorithm, or increment clustering method.
7. method according to claim 1, it is characterised in that the evaluation measures in step 5 for cluster result include:Build Vertical cluster effect assessment model, clustering validation is verified using the mode of manual verification, obtains clustering the assessment result of effectiveness.
8. method according to claim 1, it is characterised in that in step 6 for clustering method feedback regulation parameter Including:Number is clustered in regulation K-mean clustering algorithms, class spacing size in regulation level clustering procedure is divided in increment of adjustment cluster The metric of class utility function.
9. a kind of based on the network equipment identifying system for feeding back cluster, it is characterised in that including:
Procotol detecting module, for carrying out procotol detection to the network equipment survived in public network, obtains procotol Response message information;
Artificial demarcating module, for selecting some corresponding network equipments from response message information, is manually demarcated to it;
Characteristic extracting module, for believing for specific network protocol type, selection and the feature extracted in response message information Breath, by the method for statistical analysis by characteristic information vectorization;
Cluster module, for being clustered to the characteristic information after vectorization;
Cluster effect assessment module, for being estimated cluster result according to the artificial data demarcated, obtains clustering effectiveness Assessment result;
Cluster feedback regulation module, during for being unsatisfactory for given targets threshold in the assessment result for clustering effectiveness, regulation cluster The parameter of clustering schemes in module, until the assessment result for clustering effectiveness meets given targets threshold.
CN201611204074.2A 2016-12-23 2016-12-23 A kind of network equipment recognition methods and system based on feedback cluster Active CN106850333B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611204074.2A CN106850333B (en) 2016-12-23 2016-12-23 A kind of network equipment recognition methods and system based on feedback cluster

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611204074.2A CN106850333B (en) 2016-12-23 2016-12-23 A kind of network equipment recognition methods and system based on feedback cluster

Publications (2)

Publication Number Publication Date
CN106850333A true CN106850333A (en) 2017-06-13
CN106850333B CN106850333B (en) 2019-11-29

Family

ID=59135447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611204074.2A Active CN106850333B (en) 2016-12-23 2016-12-23 A kind of network equipment recognition methods and system based on feedback cluster

Country Status (1)

Country Link
CN (1) CN106850333B (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108564102A (en) * 2018-01-04 2018-09-21 百度在线网络技术(北京)有限公司 Image clustering evaluation of result method and apparatus
CN108832976A (en) * 2018-06-14 2018-11-16 南京邮电大学 A kind of uplink channel estimation method of extensive mimo system
CN108846429A (en) * 2018-05-31 2018-11-20 清华大学 Cyberspace resource automatic classification method and device based on unsupervised learning
CN109034248A (en) * 2018-07-27 2018-12-18 电子科技大学 A kind of classification method of the Noise label image based on deep learning
CN109063745A (en) * 2018-07-11 2018-12-21 南京邮电大学 A kind of types of network equipment recognition methods and system based on decision tree
CN109167798A (en) * 2018-11-01 2019-01-08 四川长虹电器股份有限公司 A kind of household internet of things equipment DDoS detection method based on machine learning
CN109784354A (en) * 2017-11-14 2019-05-21 中移(杭州)信息技术有限公司 Based on the non-parametric clustering method and electronic equipment for improving classification effectiveness
CN110034977A (en) * 2019-04-18 2019-07-19 浙江齐治科技股份有限公司 A kind of device security monitoring method and safety monitoring equipment
CN110099074A (en) * 2019-05-28 2019-08-06 阿里巴巴集团控股有限公司 A kind of method for detecting abnormality of internet of things equipment, system and electronic equipment
CN110445689A (en) * 2019-08-15 2019-11-12 平安科技(深圳)有限公司 Identify the method, apparatus and computer equipment of internet of things equipment type
CN110502677A (en) * 2019-04-18 2019-11-26 杭州海康威视数字技术股份有限公司 A kind of device identification method, device and equipment, storage medium
CN110675361A (en) * 2019-08-16 2020-01-10 北京百度网讯科技有限公司 Method and device for establishing video detection model and video detection
CN111314109A (en) * 2020-01-15 2020-06-19 太原理工大学 Weak key-based large-scale Internet of things equipment firmware identification method
CN111507232A (en) * 2020-04-10 2020-08-07 三一重工股份有限公司 Multi-mode multi-strategy fused stranger identification method and system
CN113139593A (en) * 2021-04-19 2021-07-20 湖南大学 Industrial control protocol message classification method and system based on conversation analysis
CN113283504A (en) * 2021-05-24 2021-08-20 平安国际融资租赁有限公司 Device state detection method and device based on clustering, computer device and medium
CN113709182A (en) * 2021-09-13 2021-11-26 支付宝(杭州)信息技术有限公司 Interface identification method, device and equipment
CN114724069A (en) * 2022-04-09 2022-07-08 北京天防安全科技有限公司 Video equipment model confirming method, device, equipment and medium
CN114978703A (en) * 2022-05-24 2022-08-30 湖北天融信网络安全技术有限公司 Method for training network attack classification model and method for identifying network attack type
CN115604158A (en) * 2022-12-15 2023-01-13 中国人民解放军国防科技大学(Cn) Intelligent equipment identification method, device, equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101583949A (en) * 2007-01-05 2009-11-18 雅虎公司 Clustered search processing
CN102299863A (en) * 2011-09-27 2011-12-28 北京网康科技有限公司 Method and equipment for clustering network flow
US20130268375A1 (en) * 2012-04-05 2013-10-10 Blis Media Limited Identifying the Physical Location of Internet Service Providers
CN105281973A (en) * 2015-08-07 2016-01-27 南京邮电大学 Webpage fingerprint identification method aiming at specific website category
EP3018957A1 (en) * 2013-07-02 2016-05-11 Ntt Docomo, Inc. Base station, user equipment, resource allocation method, and resource determination method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101583949A (en) * 2007-01-05 2009-11-18 雅虎公司 Clustered search processing
CN102299863A (en) * 2011-09-27 2011-12-28 北京网康科技有限公司 Method and equipment for clustering network flow
US20130268375A1 (en) * 2012-04-05 2013-10-10 Blis Media Limited Identifying the Physical Location of Internet Service Providers
EP3018957A1 (en) * 2013-07-02 2016-05-11 Ntt Docomo, Inc. Base station, user equipment, resource allocation method, and resource determination method
CN105281973A (en) * 2015-08-07 2016-01-27 南京邮电大学 Webpage fingerprint identification method aiming at specific website category

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李勐,王晓峰,崔莉: "一种物联网设备自动描述方法", 《电子学报》 *

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784354A (en) * 2017-11-14 2019-05-21 中移(杭州)信息技术有限公司 Based on the non-parametric clustering method and electronic equipment for improving classification effectiveness
CN108564102A (en) * 2018-01-04 2018-09-21 百度在线网络技术(北京)有限公司 Image clustering evaluation of result method and apparatus
CN108846429A (en) * 2018-05-31 2018-11-20 清华大学 Cyberspace resource automatic classification method and device based on unsupervised learning
CN108832976A (en) * 2018-06-14 2018-11-16 南京邮电大学 A kind of uplink channel estimation method of extensive mimo system
CN108832976B (en) * 2018-06-14 2020-10-27 南京邮电大学 Uplink channel estimation method of large-scale MIMO system
CN109063745B (en) * 2018-07-11 2023-06-09 南京邮电大学 Network equipment type identification method and system based on decision tree
CN109063745A (en) * 2018-07-11 2018-12-21 南京邮电大学 A kind of types of network equipment recognition methods and system based on decision tree
CN109034248A (en) * 2018-07-27 2018-12-18 电子科技大学 A kind of classification method of the Noise label image based on deep learning
CN109034248B (en) * 2018-07-27 2022-04-05 电子科技大学 Deep learning-based classification method for noise-containing label images
CN109167798B (en) * 2018-11-01 2020-03-17 四川长虹电器股份有限公司 Household Internet of things device DDoS detection method based on machine learning
CN109167798A (en) * 2018-11-01 2019-01-08 四川长虹电器股份有限公司 A kind of household internet of things equipment DDoS detection method based on machine learning
CN110502677A (en) * 2019-04-18 2019-11-26 杭州海康威视数字技术股份有限公司 A kind of device identification method, device and equipment, storage medium
CN110034977B (en) * 2019-04-18 2021-11-09 浙江齐治科技股份有限公司 Equipment safety monitoring method and safety monitoring equipment
CN110034977A (en) * 2019-04-18 2019-07-19 浙江齐治科技股份有限公司 A kind of device security monitoring method and safety monitoring equipment
CN110099074A (en) * 2019-05-28 2019-08-06 阿里巴巴集团控股有限公司 A kind of method for detecting abnormality of internet of things equipment, system and electronic equipment
CN110445689A (en) * 2019-08-15 2019-11-12 平安科技(深圳)有限公司 Identify the method, apparatus and computer equipment of internet of things equipment type
CN110445689B (en) * 2019-08-15 2022-03-18 平安科技(深圳)有限公司 Method and device for identifying type of equipment of Internet of things and computer equipment
CN110675361B (en) * 2019-08-16 2022-03-25 北京百度网讯科技有限公司 Method and device for establishing video detection model and video detection
CN110675361A (en) * 2019-08-16 2020-01-10 北京百度网讯科技有限公司 Method and device for establishing video detection model and video detection
CN111314109A (en) * 2020-01-15 2020-06-19 太原理工大学 Weak key-based large-scale Internet of things equipment firmware identification method
CN111507232A (en) * 2020-04-10 2020-08-07 三一重工股份有限公司 Multi-mode multi-strategy fused stranger identification method and system
CN111507232B (en) * 2020-04-10 2023-07-21 盛景智能科技(嘉兴)有限公司 Stranger identification method and system based on multi-mode multi-strategy fusion
CN113139593A (en) * 2021-04-19 2021-07-20 湖南大学 Industrial control protocol message classification method and system based on conversation analysis
CN113139593B (en) * 2021-04-19 2022-06-21 湖南大学 Industrial control protocol message classification method and system based on conversation analysis
CN113283504A (en) * 2021-05-24 2021-08-20 平安国际融资租赁有限公司 Device state detection method and device based on clustering, computer device and medium
CN113709182A (en) * 2021-09-13 2021-11-26 支付宝(杭州)信息技术有限公司 Interface identification method, device and equipment
CN113709182B (en) * 2021-09-13 2023-03-10 支付宝(杭州)信息技术有限公司 Interface identification method, device and equipment
CN114724069A (en) * 2022-04-09 2022-07-08 北京天防安全科技有限公司 Video equipment model confirming method, device, equipment and medium
CN114978703A (en) * 2022-05-24 2022-08-30 湖北天融信网络安全技术有限公司 Method for training network attack classification model and method for identifying network attack type
CN115604158A (en) * 2022-12-15 2023-01-13 中国人民解放军国防科技大学(Cn) Intelligent equipment identification method, device, equipment and readable storage medium

Also Published As

Publication number Publication date
CN106850333B (en) 2019-11-29

Similar Documents

Publication Publication Date Title
CN106850333B (en) A kind of network equipment recognition methods and system based on feedback cluster
US9781139B2 (en) Identifying malware communications with DGA generated domains by discriminative learning
CN109391602A (en) A kind of zombie host detection method
CN103795723B (en) Distributed type internet-of-things safety situation awareness method
US20170063893A1 (en) Learning detector of malicious network traffic from weak labels
CN110113345A (en) A method of the assets based on Internet of Things flow are found automatically
CN109063745A (en) A kind of types of network equipment recognition methods and system based on decision tree
CN103095672A (en) Multi-dimensional reputation scoring
CN102394885A (en) Information classification protection automatic verification method based on data stream
CN111147490A (en) Directional fishing attack event discovery method and device
CN110830490A (en) Malicious domain name detection method and system based on area confrontation training deep network
CN110020161B (en) Data processing method, log processing method and terminal
CN109583567A (en) A kind of Web autoscanner fingerprint recognition model based on CNN
CN111478892A (en) Attacker portrait multi-dimensional analysis method based on browser fingerprints
CN105827611B (en) A kind of distributed denial of service network attack detecting method and system based on fuzzy reasoning
CN105701224B (en) Security information customized service system based on big data
CN113746804B (en) DNS hidden channel detection method, device, equipment and storage medium
CN114036264B (en) Email authorship attribution identification method based on small sample learning
CN109120733B (en) Detection method for communication by using DNS (Domain name System)
CN114817808A (en) Illegal website identification method, device, electronic device and storage medium
CN114710417A (en) Tor user website access identification method and system based on gram angle field transformation
CN106973051A (en) Set up method, device, storage medium and the processor of detection Cyberthreat model
Lampesberger et al. An on-line learning statistical model to detect malicious web requests
CN110472410A (en) Identify method, equipment and the data processing method of data
CN116781341A (en) Decentralised network DDoS attack identification method based on large language model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant