CN109034222A - A kind of hardware assets classification method, system, device and readable storage medium storing program for executing - Google Patents

A kind of hardware assets classification method, system, device and readable storage medium storing program for executing Download PDF

Info

Publication number
CN109034222A
CN109034222A CN201810768873.5A CN201810768873A CN109034222A CN 109034222 A CN109034222 A CN 109034222A CN 201810768873 A CN201810768873 A CN 201810768873A CN 109034222 A CN109034222 A CN 109034222A
Authority
CN
China
Prior art keywords
assets
hardware
group
hardware assets
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810768873.5A
Other languages
Chinese (zh)
Inventor
莫凡
范渊
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201810768873.5A priority Critical patent/CN109034222A/en
Publication of CN109034222A publication Critical patent/CN109034222A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/232Non-hierarchical techniques
    • G06F18/2321Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
    • G06F18/23213Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches

Landscapes

  • Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

This application discloses a kind of hardware assets classification methods, the multiple attribute informations got from each hardware assets are subjected to COMPREHENSIVE CALCULATING, more comprehensively and accurately comprehensive characteristics parameter can be described to hardware assets feature by obtaining one, it only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, a certain number of group of assets finally can be obtained, i.e., the different hardware assets that include in each group of assets can because its unanimously performance is divided in a group of assets present on comprehensive characteristics parameter.The method use the features that more attribute informations carry out each hardware assets of comprehensive description, and consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.The application further simultaneously discloses a kind of hardware assets categorizing system, device and computer readable storage medium, has above-mentioned beneficial effect.

Description

A kind of hardware assets classification method, system, device and readable storage medium storing program for executing
Technical field
This application involves assets classes technical field, in particular to a kind of hardware assets classification method, system, device and meter Calculation machine readable storage medium storing program for executing.
Background technique
Current Internet era, the various convenient services based on network, based on data that people enjoy are all by the bottom Hardware device support, scope of the enterprise whether great or small, can all possess a certain number of hardware devices, these hardware devices or be used for Realize the service that enterprise externally provides, or for promoting Enterprise content office efficiency, as a part of enterprise value, these are hard Part equipment is also referred to as the hardware assets of enterprise.
In practical situations, all hardware assets are usually all to buy Standard Edition in batch by batch when purchasing in enterprise Or the version of customization, also this means that difference is smaller between all hardware assets in same batch, similarity is higher, and smaller Difference and higher similarity also mean that if wherein a hardware assets have a problem that (security risk, function lack Lose, run BUG etc.) when, similar with its other hardware assets may there is also the same problems, but due to using various aspects poor Different factor causes every hardware assets to reflect that the time point of same problem is possible different or differs farther out, will lead to frequently with regard to phase Individually a hardware assets are solved the problems, such as with problem, not only inefficiency, and does not know its band of the hidden danger when broken out Come loss be also it is unknown, therefore to hardware assets each in network carry out group of assets division be very it is necessary to.
The prior art generallys use IP address-based hardware assets mode classification, i.e., will be in same net in IP address The hardware assets of section incorporate into as a group of assets, if a hardware assets in discovery group of assets have a problem that, to packet Entire group of assets containing the hardware assets carries out unified inspection, to eliminate potential risk in time.But due to IP address-based point The similar hardware assets of cross-network segment can not be divided into same group of assets by class mode, and consideration is not comprehensive enough, leads to actual packet result It is more unilateral.
Therefore, how to overcome items technological deficiency existing for group of assets partition mechanism, provide it is a kind of based on it is multiattribute, examine Consider more fully, the more accurate group of assets partition mechanism of group result be those skilled in the art's urgent problem to be solved.
Summary of the invention
The purpose of the application is to provide a kind of hardware assets classification method, multiple by what is got from each hardware assets Attribute information carries out COMPREHENSIVE CALCULATING, and more comprehensively and accurately comprehensive characteristics ginseng can be described to hardware assets feature by obtaining one Number only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, certain amount finally can be obtained Group of assets, i.e., the different hardware assets for including in each group of assets can because its in table consistent present on comprehensive characteristics parameter Now it is divided in a group of assets.The method use the feature that more attribute informations carry out each hardware assets of comprehensive description, Consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.
The another object of the application is the provision of a kind of hardware assets categorizing system, device and computer-readable storage medium Matter.
To achieve the above object, the application provides a kind of hardware assets classification method, this method comprises:
Obtain the dynamic attribute and static attribute of each hardware assets in network;
The comprehensive of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute Close characteristic parameter;
Classify to each comprehensive characteristics parameter, obtains the group of assets of preset quantity.
Optionally, the static attribute include: IP address, vulnerability information, mainboard firmware version, in system activationary time It is at least one.
Optionally, the dynamic attribute include: the generation number of warning information in the first prefixed time interval, it is second default The warning information species number that generates in time interval, the number of network connections in third prefixed time interval, between the 4th preset time Every interior at least one of flowing of access magnitude.
Optionally, each hardware is being calculated according to the dynamic attribute and static attribute of each hardware assets Before the comprehensive characteristics parameter of assets, further includes:
Obtain the similar parameter that every attribute characterizes similarity degree between each hardware assets respectively;Wherein, the attribute Specifically include every kind of dynamic attribute and every kind of static attribute;
It is that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, each hardware is calculated according to the dynamic attribute of each hardware assets and static attribute and is provided The comprehensive characteristics parameter of production, specifically:
Weighting is utilized according to the corresponding weight of the dynamic attribute, static attribute and every attribute of each hardware assets The comprehensive characteristics parameter of each hardware assets is calculated in calculating method.
Optionally, classified using default sorting algorithm to each comprehensive characteristics parameter, obtain the money of preset quantity Production group, comprising:
Classified using K-Means clustering algorithm to each comprehensive characteristics parameter, obtains K group of assets and K poly- Class center;Wherein, K is the preset packet count of K-Means clustering algorithm, and K is the natural number more than or equal to 1.
Optionally, the hardware assets classification method further include:
When increasing new hardware assets and when accelerating less than preset quantity of the new hardware assets in the network, Compare the difference degree of the comprehensive characteristics parameters of each new hardware assets respectively between the K cluster centres, obtains difference Different comparison result;
The desired asset group for possessing minimum difference degree in the K group of assets is determined according to the comparison in difference result;
Desired asset group is added in the new hardware assets.
Optionally, after obtaining the group of assets of preset quantity, further includes:
Calculate the similarity value of each group of assets;
Compare each similarity value and presets the size relation between high similarity value;
Similarity value is determined as high similarity group of assets not less than the group of assets for presetting high similarity value, and is only protected Stay the high similarity group of assets.
To achieve the above object, present invention also provides a kind of hardware assets categorizing system, which includes:
Dynamic attribute and static attribute acquiring unit, for obtaining the dynamic attribute and static state of each hardware assets in network Attribute;
Comprehensive characteristics parametric synthesis computing unit, for the dynamic attribute and static attribute according to each hardware assets The comprehensive characteristics parameter of each hardware assets is calculated;
Classification and each group of assets acquiring unit for classifying to each comprehensive characteristics parameter obtain preset quantity Group of assets.
Optionally, the hardware assets categorizing system further include:
Similarity degree acquiring unit characterizes the phase of similarity degree between each hardware assets for obtaining every attribute respectively Like parameter;Wherein, the attribute specifically includes every kind of dynamic attribute and every kind of static attribute;
Weight setting unit, for being that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, the comprehensive characteristics parametric synthesis computing unit specifically:
Weighting is utilized according to the corresponding weight of the dynamic attribute, static attribute and every attribute of each hardware assets The comprehensive characteristics parameter of each hardware assets is calculated in calculating method.
Optionally, the classification and each group of assets acquiring unit include:
K-Means clustering algorithm classification subelement, for utilizing K-Means clustering algorithm to each comprehensive characteristics parameter Classify, obtains K group of assets and K cluster centre;Wherein, K is the preset packet count of K-Means clustering algorithm, K For the natural number more than or equal to 1.
Optionally, the hardware assets categorizing system further include:
Comparison in difference unit, for when the increase number for increasing new hardware assets and the new hardware assets in the network When amount is less than preset quantity, the comprehensive characteristics parameter of more each new hardware assets is respectively between the K cluster centres Difference degree, obtain comparison in difference result;
Desired asset group determination unit possesses most for being determined in the K group of assets according to the comparison in difference result The desired asset group of small difference degree;
The small-scale updating unit of group of assets, for desired asset group to be added in the new hardware assets.
Optionally, the hardware assets categorizing system further include:
Similarity value computing unit, for calculating the similarity value of each group of assets.
To achieve the above object, present invention also provides a kind of hardware assets sorter, which includes:
Memory, for storing computer program;
Processor realizes the hardware assets classification method as described in above content when for executing the computer program The step of.
To achieve the above object, described computer-readable to deposit present invention also provides a kind of computer readable storage medium It is stored with computer program on storage media, is realized when the computer program is executed by processor hard as described in above content The step of part assets classes method.
Obviously, a kind of hardware assets classification method provided herein is more by what is got from each hardware assets A attribute information carries out COMPREHENSIVE CALCULATING, and more comprehensively and accurately comprehensive characteristics can be described to hardware assets feature by obtaining one Parameter only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, finally an available fixed number The group of assets of amount, i.e., the different hardware assets for including in each group of assets can because its consistent present on comprehensive characteristics parameter Performance is divided in a group of assets.The method use the spies that more attribute informations carry out each hardware assets of comprehensive description Sign, consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.The application additionally provides one simultaneously Kind hardware assets categorizing system, device and computer readable storage medium, have above-mentioned beneficial effect, details are not described herein.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Fig. 1 is a kind of flow chart of hardware assets classification method provided by the embodiments of the present application;
Fig. 2 is the flow chart of another hardware assets classification method provided by the embodiments of the present application;
Fig. 3 is the flow chart of another hardware assets classification method provided by the embodiments of the present application;
Fig. 4 is the flow chart of another hardware assets classification method provided by the embodiments of the present application;
Fig. 5 is a kind of structural block diagram of hardware assets categorizing system provided by the embodiments of the present application.
Specific embodiment
The core of the application is to provide a kind of hardware assets classification method, multiple by what is got from each hardware assets Attribute information carries out COMPREHENSIVE CALCULATING, and more comprehensively and accurately comprehensive characteristics ginseng can be described to hardware assets feature by obtaining one Number only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, certain amount finally can be obtained Group of assets, i.e., the different hardware assets for including in each group of assets can because its in table consistent present on comprehensive characteristics parameter Now it is divided in a group of assets.The method use the feature that more attribute informations carry out each hardware assets of comprehensive description, Consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.Another core of the application is to provide one Kind hardware assets categorizing system, device and computer readable storage medium, have above-mentioned beneficial effect.
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art All other embodiment obtained without making creative work, shall fall in the protection scope of this application.
Embodiment one
Below in conjunction with Fig. 1, Fig. 1 is a kind of flow chart of hardware assets classification method provided by the embodiments of the present application, tool Body the following steps are included:
S101: the dynamic attribute and static attribute of each hardware assets in network are obtained;
This step is intended to obtain multiple characteristic informations of each hardware assets in network, specially dynamic attribute (at any time Variation can change) and static attribute (being unchanged over time), wherein dynamic attribute and static attribute again may be used To include a variety of specific characteristic parameters, for example, static attribute may include: IP address (static IP is generallyd use in enterprise, this Place the case where not considering dynamic IP), vulnerability information, mainboard firmware version, at least one of system activationary time, the dynamic Attribute may include: the announcement for generating the interior generation of number, the second prefixed time interval of warning information in the first prefixed time interval Alert information category number, the number of network connections in third prefixed time interval, the flowing of access magnitude in the 4th prefixed time interval At least one of.
It should be noted that when the first, second, third, fourth prefixed time interval used above can respectively refer to different The long time cycle, can also the same time cycle for referring to identical duration, can flexible choice according to the actual situation.
Certainly, in addition to the above-mentioned several specific characteristic parameters enumerated, can also can be used for characterizing including various other The parameter of hardware assets feature, and having some characteristic parameters is complex characteristics parameter, by taking vulnerability information as an example, vulnerability information can be with Operating system version, application type, the open port etc. of installation simultaneously, the purpose of this step, which is to obtain, multiple can characterize The parameter of hardware assets feature carrys out the feature of the corresponding hardware assets of comprehensive description for subsequent synthesis these parameters, to eliminate IP address is used only in the prior art, classification is carried out in the presence of every technological deficiency to hardware assets, is placed in and specifically includes how many kinds of spy The design parameter of sign is not specifically limited, and in conjunction with the demand of different practical application scenes, can obtain most suitable target application scene The multiple design parameters for including under the feature type and this feature type of business.
S102: the comprehensive special of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute Levy parameter;
On the basis of S101, this step is intended to comprehensively utilize the dynamic attribute that S101 is got and static attribute to integrate Being calculated one being capable of more comprehensive, the description more accurate comprehensive characteristics parameter of hardware assets feature.
Basis due to obtaining the comprehensive characteristics parameter is the characteristic information of multiple and different types, it is also necessary to consider whether to need The relationship between various species characteristic information is considered, further, since variety classes characteristic information is special in description hardware assets The unique difference of representative degree when sign, what it is according to degree is not all that different weighting weights is arranged in every kind of characteristic information, with logical It crosses the high characteristic information type of the prominent influence degree of weighted calculation method, reduce the low characteristic information type of influence degree to subsequent point Erroneous effects caused by when class.It is subsequent to provide a specific embodiment based on such mode combination concrete application scene, The application scenarios Integrated Understanding provided in combination with subsequent embodiment.
S103: classify to each comprehensive characteristics parameter, obtain the group of assets of preset quantity.
On the basis of S102, this step is intended to carry out classification processing to each comprehensive characteristics parameter being calculated, with The group of assets of the preset quantity obtained after to classification.
Assorting process can be realized based on sorting algorithm, since what is obtained is not only special including single kind one by one herein The characteristic parameter of reference breath, but include the comprehensive characteristics parameter of various features information, it is also difficult to using traditional classification side Formula classifies to it, i.e., the mode classification that can recognize content based on surface has been unsuitable for this scene, therefore can be used close The intelligent algorithm (also referred to as machine learning algorithm) that a little years occur, wherein being broadly divided into supervised learning and unsupervised learning two Major class, supervised learning refer to the guiding theory being artificially placed in classification there are one, make machine according to this guiding theory It goes to excavate the hiding common trait for being respectively hidden in chaotic data behind, unsupervised learning refers to that the guidance not artificially being placed in is thought Think, excavates hiding common trait by the framework of respective algorithms merely, this two major classes machine learning algorithm includes a variety of tools The realization algorithm of body, wherein for supervised learning algorithm due to there is the guiding theory being manually placed in, effect can be relatively preferable, and without prison Although it is slightly poor to superintend and direct learning algorithm effect, without artificial, which specifically used class machine learning algorithm is also needed according to reality victory The different flexible choices of application scenarios.
By taking unsupervised learning algorithm as an example, the most frequently used in unsupervised learning algorithm is clustering algorithm, the cluster used point Analysis be based on similitude it is preceding so that between data in a cluster compared between the data in the different clusters Person has more similitudes.Specifically include DBSCAN (Density-Based Spatial Clustering of Applications with Noise has noisy density clustering method, is a kind of density-based spatial clustering Region division with sufficient density is cluster, and finds arbitrary shape in having noisy spatial database by algorithm, the algorithm The cluster of shape, cluster is defined as the maximum set of the connected point of density by it), K-Medoids, K-Means (K center) etc..
Further, although having obtained a certain number of group of assets after sorting algorithm, there should be certain phase Like property, but some special application scenarios are there is also to similarity, there are higher requirements, therefore can also use similarity meter Algorithm calculates separately the similarity value of each group of assets, by the similarity value being calculated and the similarity value of standard requirements into Row compares, and obtains satisfactory group of assets with screening, can also will be undesirable according to particular/special requirement that may be present Group of assets is reclassified or is directly abandoned etc., herein and is not specifically limited, can flexible choice according to the actual situation.
After obtaining point good group of assets, so that it may according to requirement existing under practical scene, will monitoring visual angle from single Hardware assets extend to the group of assets including multiple hardware assets, so that the problem of individually finding from each hardware assets (peace Full blast danger, BUG discovery, afunction etc.) it can be timely, unification to remaining hardware in the group of assets comprising the hardware assets Assets are repaired, so that efficiency greatly increases.
Based on the above-mentioned technical proposal, a kind of hardware assets classification method provided by the embodiments of the present application, will be from each hardware The multiple attribute informations got in assets carry out COMPREHENSIVE CALCULATING, and obtaining one can be more complete to the description of hardware assets feature Face, accurate comprehensive characteristics parameter only need that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and are classified, A certain number of group of assets finally can be obtained, i.e., the different hardware assets for including in each group of assets can be because of it in comprehensive characteristics Unanimously performance is divided in a group of assets present on parameter.The method use more attribute informations, to carry out comprehensive description every The feature of a hardware assets, consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.
Embodiment two
Below in conjunction with Fig. 2, Fig. 2 is the flow chart of another hardware assets classification method provided by the embodiments of the present application, area Not in embodiment one, the present embodiment also adds the scheme for calculating each group of assets similarity value, and based on each group of assets Whether similarity value is to meeting default similarity and requiring to screen, to further promote the phase of each hardware assets in group of assets Like degree, the specific steps are as follows:
S201: the dynamic attribute and static attribute of each hardware assets in network are obtained;
S202: the comprehensive special of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute Levy parameter;
S203: classify to each comprehensive characteristics parameter, obtain the group of assets of preset quantity;
S204: the similarity value of each group of assets is calculated;
S205: more each similarity value and the size relation between high similarity value is preset;
S206: similarity value is determined as high similarity group of assets not less than the group of assets for presetting high similarity value, and only Retain high similarity group of assets.
S204, S205 and S206 provide a kind of calculating similarity value and by with preset high similarity value and be compared The mode of high similarity group of assets is filtered out, certainly, the screening mode provided in this embodiment based on similarity value is only crowd One of more implementations, those skilled in the art can obtain a variety of specific implementations under the guidance of this thought, herein No longer repeat one by one.
Embodiment three
Below in conjunction with Fig. 3, Fig. 3 is the flow chart of another hardware assets classification method provided by the embodiments of the present application, area Not in embodiment one, the present embodiment is that different types of characteristic information presses the difference of influence degree provided with corresponding weighting power Value describes more accurate comprehensive characteristics parameter to combine the weighting weight to obtain feature by weighted calculation method, and with K-Means clustering algorithm is classified, and is provided one kind based on K-Means clustering algorithm and increased new hardware assets on a small scale When how to add it to the mode of suitable group of assets, specifically comprise the following steps:
S301: the dynamic attribute and static attribute of each hardware assets in network are obtained;
S302: the similar parameter that every attribute characterizes similarity degree between each hardware assets respectively is obtained;Wherein, attribute is specific Including every kind of dynamic attribute and every kind of static attribute;
S303: being that different weights is arranged in corresponding attribute according to each similar parameter;
S304: it utilizes and adds according to the dynamic attribute of each hardware assets, static attribute and the corresponding weight of every attribute The comprehensive characteristics parameter of each hardware assets is calculated in power calculating method;
S305: classifying to each comprehensive characteristics parameter using K-Means clustering algorithm, obtains K group of assets and K poly- Class center;
S306: when increasing new hardware assets and new when accelerating less than preset quantity of hardware assets in network, compare The comprehensive characteristics parameter of each new hardware assets difference degree between K cluster centre respectively, obtains comparison in difference result;
S307: the desired asset group for possessing minimum difference degree in K group of assets is determined according to comparison in difference result;
S308: desired asset group is added in new hardware assets.
Wherein, which should be one using the hardware assets number retained before increasing new hardware assets in network as base Plinth, the upper limit of the number when will not clearly result in original classification results inaccuracy after these new hardware assets increases, with original For having retained 100 hardware assets, if newly-increased 1, it can be seen that a newly-increased stylobate originally will not to it is original with 100 for base The classification results of plinth impact, and the mode that S305 then can be used at this time adds it to a suitable group of assets, if newly-increased 50, once increasing quantity newly is more than half, it is more likely that can change original classification results, therefore it is necessary to again in the case Classification is re-started with the comprehensive characteristics parameter of 150 hardware assets, obtains new group of assets.
Example IV
The present embodiment will provide a kind of specific implementation under the practical application scene in conjunction with practical application scene, Incorporated by reference to four steps shown in Fig. 4, will illustrate respectively in sequence below:
1, assets move the High Dimensional Mapping of static attribute
1.1, IP field
The form of Asset IP such as A.B.C.D, each field value are 0~255.Usually, IP field is more close, explanation The storage place and purposes of the two assets are more close.
IP field is mapped to the vector of higher dimensional space: V1=(A, B, C, D)
1.2, vulnerability information
Sharp vulnerability scanners or other safety equipments are scanned assets, find the vulnerability information of assets.Because of loophole Information can reflect assets present state such as system version, application type, open port etc., it is possible to return to loophole Class, if shared M class.Loophole type registration is higher, illustrates that assets similarity is higher, more it is possible that being broken through simultaneously by hacker.
Vulnerability information is mapped to the vector V of higher dimensional space2=(m1,…,ml,…,mM)
Wherein, mlIndicate the number of l class loophole, 0 < l≤M, l is integer, M=100
1.3, alarm time
Current various safety equipments can all be alerted for threat suffered by assets, (the T=within T minutes time 60), the 1st minute~T minutes alarm numbers per minute are counted.The time registration for generating alarm is higher, says Bright assets similarity is higher, and hacker, which is concentrating, attacks these similar properties.
Alarm time is mapped to the vector V of higher dimensional space3=(c1,…,ci,…,cT)
Wherein, ciIndicate i-th minute number for generating alarm, 0 < i≤T, i is integer.
1.4, alarm type
Current various safety equipments can all be alerted for threat suffered by assets, (the T=within T minutes time 60), alarm can be sorted out, if shared N class.The type registration for generating alarm is higher, illustrates that assets similarity is higher, Hacker, which is concentrating, attacks these similar properties.
Alarm type is mapped to the vector V of higher dimensional space4=(n1,…,nj,…,nN)
Wherein, njIndicate the number that the alarm of jth class generates in T minutes, 0 < j≤N, j is integer, N=10
2, the weighted array of high dimensional feature
Different attribute is different in the importance of higher dimensional space, and weight can be set and carry out importance adjusting, so poly- Before class, need to be weighted high dimensional feature combination.
The vector V of IP field1, weight λ1
The vector V of vulnerability information2, weight λ2
The vector V of alarm time3, weight λ3
The vector V of alarm type4, weight λ4
Then it is combined: V=[λ1.*V12×V23×V34×V4]
Wherein .* indicates that the corresponding element of vector is multiplied, λ1For weight vectors, the value of each element in the weight vectors Range is [1,1000], λ2、λ3And λ4For weighted value, the value range of these three weighted values is [1,1000];λ1=[8,4,2, 1], λ2=256, λ3=256, λ4=256.
3, cluster and group of assets similarity calculation
3.1, assets cluster: after obtaining the vector V of each assets higher dimensional space, being gathered using K-Means clustering algorithm Class.If clustering number K is that wherein K is
Wherein, NassetFor total assets number, β is parameter.
K-Means clustering algorithm is a kind of public algorithm, input sample SPACE V and K value, exports K group of assets and each The cluster centre of group of assets, and 20 are set by β.
3.2, it assets similarity calculation: after obtaining K group of assets and K cluster centre after step 3.1 cluster, adopts The similarity of each group of assets is measured with root-mean-square error (Root Mean Square Error, RMSE).
Wherein, what root-mean-square error calculated is the square root square with observation frequency n ratio of observation and true value deviation, And in actual measurement, observation frequency n is always limited, and true value can only be replaced with most believable (best) value.Similarly Be common standard error, standard error is very sensitive to the especially big or special small error reflection in one group of measurement, so, standard Error can be well reflected out the precision measured as the method for the dispersion degree for measuring one group of number itself, and root mean square misses Difference is for measuring observation with the deviation between true value, their research object and research purpose is different, but calculating process It is similar.
If the cluster centre of k-th of group of assets is Vk,mean, assets vector set i.e. k-th of the group of assets for being included wrapped The assets vector set contained is combined intoThe assets number of i.e. k-th group of assets of assets vector number is Nk, then k-th of group of assets RMSE are as follows:
RMSE is smaller, and group of assets similarity is bigger.RMSE is bigger, and group of assets similarity is smaller.
Because situation is complicated, it can not enumerate and be illustrated, those skilled in the art should be able to recognize according to the application The basic skills principle combination actual conditions of offer may exist many examples, in the case where not paying enough creative works, It should within the scope of protection of this application.
Fig. 5 is referred to below, Fig. 5 is a kind of structural block diagram of hardware assets categorizing system provided by the embodiments of the present application, The hardware assets categorizing system may include:
Dynamic attribute and static attribute acquiring unit 100, for obtain in network the dynamic attribute of each hardware assets and Static attribute;
Comprehensive characteristics parametric synthesis computing unit 200, for the dynamic attribute and static attribute according to each hardware assets The comprehensive characteristics parameter of each hardware assets is calculated;
Classification and each group of assets acquiring unit 300 for classifying to each comprehensive characteristics parameter obtain preset quantity Group of assets.
Further, which can also include:
Similarity degree acquiring unit characterizes the similar ginseng of similarity degree between each hardware assets for obtaining every attribute respectively Number;Wherein, attribute specifically includes every kind of dynamic attribute and every kind of static attribute;
Weight setting unit, for being that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, comprehensive characteristics parametric synthesis computing unit 200 specifically:
Weighted calculation is utilized according to the dynamic attribute of each hardware assets, static attribute and the corresponding weight of every attribute The comprehensive characteristics parameter of each hardware assets is calculated in method.
Wherein, classification and each group of assets acquiring unit 300 may include:
K-Means clustering algorithm classification subelement, for being carried out using K-Means clustering algorithm to each comprehensive characteristics parameter Classification, obtains K group of assets and K cluster centre;Wherein, K be the preset packet count of K-Means clustering algorithm, K be greater than etc. In 1 natural number.
Further, which can also include:
Comparison in difference unit, for increase in the network new hardware assets and new hardware assets accelerate be less than it is pre- If when quantity, the comprehensive characteristics parameter of the relatively each new hardware assets difference degree between K cluster centre respectively obtains difference Different comparison result;
Desired asset group determination unit, for determination to possess minimum difference from K group of assets according to comparison in difference result The desired asset group of degree;
The small-scale updating unit of group of assets, for desired asset group to be added in new hardware assets.
Further, which can also include:
Similarity value computing unit, for calculating the similarity value of each group of assets.
Based on the above embodiment, present invention also provides a kind of hardware assets sorter, the hardware assets sorters It may include memory and processor, wherein have computer program in the memory, which calls in the memory When computer program, step provided by above-described embodiment may be implemented.Certainly, which can also include Various necessary network interfaces, power supply and other components etc..
Present invention also provides a kind of computer readable storage mediums, have computer program thereon, the computer program Step provided by above-described embodiment may be implemented when being performed terminal or processor execution.The storage medium may include: U Disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), the various media that can store program code such as magnetic or disk.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration ?.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond scope of the present application.
Specific examples are used herein to illustrate the principle and implementation manner of the present application, and above embodiments are said It is bright to be merely used to help understand the present processes and its core concept.For those skilled in the art, Under the premise of not departing from the application principle, can also to the application, some improvement and modification can also be carried out, these improvement and modification It falls into the protection scope of the claim of this application.
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that A little elements, but also other elements including being not explicitly listed, or further include for this process, method, article or The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged Except there is also other identical elements in the process, method, article or equipment for including element.

Claims (10)

1. a kind of hardware assets classification method characterized by comprising
Obtain the dynamic attribute and static attribute of each hardware assets in network;
The comprehensive special of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute Levy parameter;
Classify to each comprehensive characteristics parameter, obtains the group of assets of preset quantity.
2. hardware assets classification method according to claim 1, which is characterized in that the static attribute include: IP address, At least one of vulnerability information, mainboard firmware version, system activationary time.
3. hardware assets classification method according to claim 1, which is characterized in that the dynamic attribute includes: first pre- If the warning information species number for generating the interior generation of number, the second prefixed time interval of warning information, third are pre- in time interval If at least one of the flowing of access magnitude in number of network connections, the 4th prefixed time interval in time interval.
4. hardware assets classification method according to claim 2 or 3, which is characterized in that provided according to each hardware The dynamic attribute and static attribute of production are calculated before the comprehensive characteristics parameter of each hardware assets, further includes:
Obtain the similar parameter that every attribute characterizes similarity degree between each hardware assets respectively;Wherein, the attribute is specific Including dynamic attribute described in every kind and every kind of static attribute;
It is that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, each hardware assets are calculated according to the dynamic attribute of each hardware assets and static attribute Comprehensive characteristics parameter, specifically:
Weighted calculation is utilized according to the dynamic attribute of each hardware assets, static attribute and the corresponding weight of every attribute The comprehensive characteristics parameter of each hardware assets is calculated in method.
5. hardware assets classification method according to claim 1 is classified using to each comprehensive characteristics parameter, is obtained To the group of assets of preset quantity, comprising:
Classified using K-Means clustering algorithm to each comprehensive characteristics parameter, is obtained in K group of assets and K cluster The heart;Wherein, K is the preset packet count of K-Means clustering algorithm, and K is the natural number more than or equal to 1.
6. hardware assets classification method according to claim 5, which is characterized in that further include:
When increasing new hardware assets and when accelerating less than preset quantity of the new hardware assets in the network, compare The comprehensive characteristics parameter of each new hardware assets difference degree between K cluster centres respectively, obtains diversity ratio Relatively result;
The desired asset group for possessing minimum difference degree in the K group of assets is determined according to the comparison in difference result;
The desired asset group is added in the new hardware assets.
7. hardware assets classification method according to claim 1, which is characterized in that the group of assets for obtaining preset quantity it Afterwards, further includes:
Calculate the similarity value of each group of assets;
Compare each similarity value and presets the size relation between high similarity value;
Similarity value is determined as high similarity group of assets not less than the group of assets for presetting high similarity value, and only retains institute State high similarity group of assets.
8. a kind of hardware assets categorizing system characterized by comprising
Dynamic attribute and static attribute acquiring unit, for obtaining the dynamic attribute of each hardware assets and static category in network Property;
Comprehensive characteristics parametric synthesis computing unit, for being calculated according to the dynamic attribute and static attribute of each hardware assets Obtain the comprehensive characteristics parameter of each hardware assets;
Classification and each group of assets acquiring unit for classifying to each comprehensive characteristics parameter obtain the money of preset quantity Production group.
9. a kind of computing device of group of assets similarity characterized by comprising
Memory, for storing computer program;
Processor realizes hardware assets classification as described in any one of claim 1 to 7 when for executing the computer program The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program, the computer program realize hardware assets classification side as described in any one of claim 1 to 7 when being executed by processor The step of method.
CN201810768873.5A 2018-07-13 2018-07-13 A kind of hardware assets classification method, system, device and readable storage medium storing program for executing Pending CN109034222A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810768873.5A CN109034222A (en) 2018-07-13 2018-07-13 A kind of hardware assets classification method, system, device and readable storage medium storing program for executing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810768873.5A CN109034222A (en) 2018-07-13 2018-07-13 A kind of hardware assets classification method, system, device and readable storage medium storing program for executing

Publications (1)

Publication Number Publication Date
CN109034222A true CN109034222A (en) 2018-12-18

Family

ID=64642044

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810768873.5A Pending CN109034222A (en) 2018-07-13 2018-07-13 A kind of hardware assets classification method, system, device and readable storage medium storing program for executing

Country Status (1)

Country Link
CN (1) CN109034222A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109785915A (en) * 2018-12-24 2019-05-21 东软集团股份有限公司 Data collect method, device, storage medium and electronic equipment
EP3705966A1 (en) * 2019-03-04 2020-09-09 Accenture Global Solutions Limited Machine learning (ml)-based auto-visualization of plant assets
CN112732724A (en) * 2021-01-21 2021-04-30 杭州迪普科技股份有限公司 Asset information management method and device
CN112766681A (en) * 2021-01-11 2021-05-07 杭州迪普科技股份有限公司 Equipment classification management method and device
CN113158001A (en) * 2021-03-25 2021-07-23 深圳市联软科技股份有限公司 Method and system for judging attribution and correlation of network space IP assets
CN113554056A (en) * 2021-06-21 2021-10-26 杭州安恒信息技术股份有限公司 Network asset aggregation method, device, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166794A (en) * 2013-02-22 2013-06-19 中国人民解放军91655部队 Information security management method with integration security control function
CN103999091A (en) * 2011-12-29 2014-08-20 迈可菲公司 Geo-mapping system security events
CN104272650A (en) * 2012-04-11 2015-01-07 迈克菲公司 Asset detection system
CN107645493A (en) * 2017-08-20 2018-01-30 杭州安恒信息技术有限公司 A kind of IP groups similarity calculating method
CN108074030A (en) * 2017-03-03 2018-05-25 哈尔滨安天科技股份有限公司 A kind of safety analysis of assets information and Visualized management system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103999091A (en) * 2011-12-29 2014-08-20 迈可菲公司 Geo-mapping system security events
CN104272650A (en) * 2012-04-11 2015-01-07 迈克菲公司 Asset detection system
CN103166794A (en) * 2013-02-22 2013-06-19 中国人民解放军91655部队 Information security management method with integration security control function
CN108074030A (en) * 2017-03-03 2018-05-25 哈尔滨安天科技股份有限公司 A kind of safety analysis of assets information and Visualized management system and method
CN107645493A (en) * 2017-08-20 2018-01-30 杭州安恒信息技术有限公司 A kind of IP groups similarity calculating method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
唐双林: "《基于改进K最近邻分类的IT资产管理***开发》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109785915A (en) * 2018-12-24 2019-05-21 东软集团股份有限公司 Data collect method, device, storage medium and electronic equipment
CN109785915B (en) * 2018-12-24 2021-03-19 东软集团股份有限公司 Data collection method, device, storage medium and electronic equipment
EP3705966A1 (en) * 2019-03-04 2020-09-09 Accenture Global Solutions Limited Machine learning (ml)-based auto-visualization of plant assets
US11574238B2 (en) 2019-03-04 2023-02-07 Accenture Global Solutions Limited Machine learning (ML)-based auto-visualization of plant assets
CN112766681A (en) * 2021-01-11 2021-05-07 杭州迪普科技股份有限公司 Equipment classification management method and device
CN112732724A (en) * 2021-01-21 2021-04-30 杭州迪普科技股份有限公司 Asset information management method and device
CN113158001A (en) * 2021-03-25 2021-07-23 深圳市联软科技股份有限公司 Method and system for judging attribution and correlation of network space IP assets
CN113158001B (en) * 2021-03-25 2024-05-14 深圳市联软科技股份有限公司 Network space IP asset attribution and correlation discrimination method and system
CN113554056A (en) * 2021-06-21 2021-10-26 杭州安恒信息技术股份有限公司 Network asset aggregation method, device, electronic device and storage medium

Similar Documents

Publication Publication Date Title
CN109034222A (en) A kind of hardware assets classification method, system, device and readable storage medium storing program for executing
CN110188198A (en) A kind of anti-fraud method and device of knowledge based map
CN107622326A (en) User&#39;s classification, available resources Forecasting Methodology, device and equipment
CN107679734A (en) It is a kind of to be used for the method and system without label data classification prediction
CN104517052B (en) Invasion detection method and device
CN111353600B (en) Abnormal behavior detection method and device
CN109656967B (en) Big data mining processing method, device, medium and electronic equipment based on space
CN110138745A (en) Abnormal host detection method, device, equipment and medium based on data stream sequences
CN112700324A (en) User loan default prediction method based on combination of Catboost and restricted Boltzmann machine
CN106372215A (en) Credit inquiring system and method
CN110457533A (en) A kind of intelligence data model analysis method
CN114186626A (en) Abnormity detection method and device, electronic equipment and computer readable medium
CN109992588A (en) It is a kind of to divide folk prescription method and relevant device based on data processing
CN111598713B (en) Cluster recognition method and device based on similarity weight updating and electronic equipment
CN108280759A (en) Air control model optimization method, terminal and computer readable storage medium
CN109257383A (en) A kind of BGP method for detecting abnormality and system
CN110135684A (en) A kind of capability comparison method, capability comparison device and terminal device
CN109559218A (en) A kind of determination method, apparatus traded extremely and storage medium
CN110046185A (en) Chart method for pushing and device
CN113434575B (en) Data attribution processing method, device and storage medium based on data warehouse
CN112950359B (en) User identification method and device
CN110400213A (en) Data processing method and device and electronic equipment and readable medium
CN106651630B (en) Crucial electricity consumption industry recognition methods and system
CN109191185A (en) A kind of visitor&#39;s heap sort method and system
CN112686312A (en) Data classification method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181218