CN109034222A - A kind of hardware assets classification method, system, device and readable storage medium storing program for executing - Google Patents
A kind of hardware assets classification method, system, device and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN109034222A CN109034222A CN201810768873.5A CN201810768873A CN109034222A CN 109034222 A CN109034222 A CN 109034222A CN 201810768873 A CN201810768873 A CN 201810768873A CN 109034222 A CN109034222 A CN 109034222A
- Authority
- CN
- China
- Prior art keywords
- assets
- hardware
- group
- hardware assets
- attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/232—Non-hierarchical techniques
- G06F18/2321—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
- G06F18/23213—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Probability & Statistics with Applications (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
This application discloses a kind of hardware assets classification methods, the multiple attribute informations got from each hardware assets are subjected to COMPREHENSIVE CALCULATING, more comprehensively and accurately comprehensive characteristics parameter can be described to hardware assets feature by obtaining one, it only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, a certain number of group of assets finally can be obtained, i.e., the different hardware assets that include in each group of assets can because its unanimously performance is divided in a group of assets present on comprehensive characteristics parameter.The method use the features that more attribute informations carry out each hardware assets of comprehensive description, and consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.The application further simultaneously discloses a kind of hardware assets categorizing system, device and computer readable storage medium, has above-mentioned beneficial effect.
Description
Technical field
This application involves assets classes technical field, in particular to a kind of hardware assets classification method, system, device and meter
Calculation machine readable storage medium storing program for executing.
Background technique
Current Internet era, the various convenient services based on network, based on data that people enjoy are all by the bottom
Hardware device support, scope of the enterprise whether great or small, can all possess a certain number of hardware devices, these hardware devices or be used for
Realize the service that enterprise externally provides, or for promoting Enterprise content office efficiency, as a part of enterprise value, these are hard
Part equipment is also referred to as the hardware assets of enterprise.
In practical situations, all hardware assets are usually all to buy Standard Edition in batch by batch when purchasing in enterprise
Or the version of customization, also this means that difference is smaller between all hardware assets in same batch, similarity is higher, and smaller
Difference and higher similarity also mean that if wherein a hardware assets have a problem that (security risk, function lack
Lose, run BUG etc.) when, similar with its other hardware assets may there is also the same problems, but due to using various aspects poor
Different factor causes every hardware assets to reflect that the time point of same problem is possible different or differs farther out, will lead to frequently with regard to phase
Individually a hardware assets are solved the problems, such as with problem, not only inefficiency, and does not know its band of the hidden danger when broken out
Come loss be also it is unknown, therefore to hardware assets each in network carry out group of assets division be very it is necessary to.
The prior art generallys use IP address-based hardware assets mode classification, i.e., will be in same net in IP address
The hardware assets of section incorporate into as a group of assets, if a hardware assets in discovery group of assets have a problem that, to packet
Entire group of assets containing the hardware assets carries out unified inspection, to eliminate potential risk in time.But due to IP address-based point
The similar hardware assets of cross-network segment can not be divided into same group of assets by class mode, and consideration is not comprehensive enough, leads to actual packet result
It is more unilateral.
Therefore, how to overcome items technological deficiency existing for group of assets partition mechanism, provide it is a kind of based on it is multiattribute, examine
Consider more fully, the more accurate group of assets partition mechanism of group result be those skilled in the art's urgent problem to be solved.
Summary of the invention
The purpose of the application is to provide a kind of hardware assets classification method, multiple by what is got from each hardware assets
Attribute information carries out COMPREHENSIVE CALCULATING, and more comprehensively and accurately comprehensive characteristics ginseng can be described to hardware assets feature by obtaining one
Number only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, certain amount finally can be obtained
Group of assets, i.e., the different hardware assets for including in each group of assets can because its in table consistent present on comprehensive characteristics parameter
Now it is divided in a group of assets.The method use the feature that more attribute informations carry out each hardware assets of comprehensive description,
Consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.
The another object of the application is the provision of a kind of hardware assets categorizing system, device and computer-readable storage medium
Matter.
To achieve the above object, the application provides a kind of hardware assets classification method, this method comprises:
Obtain the dynamic attribute and static attribute of each hardware assets in network;
The comprehensive of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute
Close characteristic parameter;
Classify to each comprehensive characteristics parameter, obtains the group of assets of preset quantity.
Optionally, the static attribute include: IP address, vulnerability information, mainboard firmware version, in system activationary time
It is at least one.
Optionally, the dynamic attribute include: the generation number of warning information in the first prefixed time interval, it is second default
The warning information species number that generates in time interval, the number of network connections in third prefixed time interval, between the 4th preset time
Every interior at least one of flowing of access magnitude.
Optionally, each hardware is being calculated according to the dynamic attribute and static attribute of each hardware assets
Before the comprehensive characteristics parameter of assets, further includes:
Obtain the similar parameter that every attribute characterizes similarity degree between each hardware assets respectively;Wherein, the attribute
Specifically include every kind of dynamic attribute and every kind of static attribute;
It is that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, each hardware is calculated according to the dynamic attribute of each hardware assets and static attribute and is provided
The comprehensive characteristics parameter of production, specifically:
Weighting is utilized according to the corresponding weight of the dynamic attribute, static attribute and every attribute of each hardware assets
The comprehensive characteristics parameter of each hardware assets is calculated in calculating method.
Optionally, classified using default sorting algorithm to each comprehensive characteristics parameter, obtain the money of preset quantity
Production group, comprising:
Classified using K-Means clustering algorithm to each comprehensive characteristics parameter, obtains K group of assets and K poly-
Class center;Wherein, K is the preset packet count of K-Means clustering algorithm, and K is the natural number more than or equal to 1.
Optionally, the hardware assets classification method further include:
When increasing new hardware assets and when accelerating less than preset quantity of the new hardware assets in the network,
Compare the difference degree of the comprehensive characteristics parameters of each new hardware assets respectively between the K cluster centres, obtains difference
Different comparison result;
The desired asset group for possessing minimum difference degree in the K group of assets is determined according to the comparison in difference result;
Desired asset group is added in the new hardware assets.
Optionally, after obtaining the group of assets of preset quantity, further includes:
Calculate the similarity value of each group of assets;
Compare each similarity value and presets the size relation between high similarity value;
Similarity value is determined as high similarity group of assets not less than the group of assets for presetting high similarity value, and is only protected
Stay the high similarity group of assets.
To achieve the above object, present invention also provides a kind of hardware assets categorizing system, which includes:
Dynamic attribute and static attribute acquiring unit, for obtaining the dynamic attribute and static state of each hardware assets in network
Attribute;
Comprehensive characteristics parametric synthesis computing unit, for the dynamic attribute and static attribute according to each hardware assets
The comprehensive characteristics parameter of each hardware assets is calculated;
Classification and each group of assets acquiring unit for classifying to each comprehensive characteristics parameter obtain preset quantity
Group of assets.
Optionally, the hardware assets categorizing system further include:
Similarity degree acquiring unit characterizes the phase of similarity degree between each hardware assets for obtaining every attribute respectively
Like parameter;Wherein, the attribute specifically includes every kind of dynamic attribute and every kind of static attribute;
Weight setting unit, for being that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, the comprehensive characteristics parametric synthesis computing unit specifically:
Weighting is utilized according to the corresponding weight of the dynamic attribute, static attribute and every attribute of each hardware assets
The comprehensive characteristics parameter of each hardware assets is calculated in calculating method.
Optionally, the classification and each group of assets acquiring unit include:
K-Means clustering algorithm classification subelement, for utilizing K-Means clustering algorithm to each comprehensive characteristics parameter
Classify, obtains K group of assets and K cluster centre;Wherein, K is the preset packet count of K-Means clustering algorithm, K
For the natural number more than or equal to 1.
Optionally, the hardware assets categorizing system further include:
Comparison in difference unit, for when the increase number for increasing new hardware assets and the new hardware assets in the network
When amount is less than preset quantity, the comprehensive characteristics parameter of more each new hardware assets is respectively between the K cluster centres
Difference degree, obtain comparison in difference result;
Desired asset group determination unit possesses most for being determined in the K group of assets according to the comparison in difference result
The desired asset group of small difference degree;
The small-scale updating unit of group of assets, for desired asset group to be added in the new hardware assets.
Optionally, the hardware assets categorizing system further include:
Similarity value computing unit, for calculating the similarity value of each group of assets.
To achieve the above object, present invention also provides a kind of hardware assets sorter, which includes:
Memory, for storing computer program;
Processor realizes the hardware assets classification method as described in above content when for executing the computer program
The step of.
To achieve the above object, described computer-readable to deposit present invention also provides a kind of computer readable storage medium
It is stored with computer program on storage media, is realized when the computer program is executed by processor hard as described in above content
The step of part assets classes method.
Obviously, a kind of hardware assets classification method provided herein is more by what is got from each hardware assets
A attribute information carries out COMPREHENSIVE CALCULATING, and more comprehensively and accurately comprehensive characteristics can be described to hardware assets feature by obtaining one
Parameter only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, finally an available fixed number
The group of assets of amount, i.e., the different hardware assets for including in each group of assets can because its consistent present on comprehensive characteristics parameter
Performance is divided in a group of assets.The method use the spies that more attribute informations carry out each hardware assets of comprehensive description
Sign, consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.The application additionally provides one simultaneously
Kind hardware assets categorizing system, device and computer readable storage medium, have above-mentioned beneficial effect, details are not described herein.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is a kind of flow chart of hardware assets classification method provided by the embodiments of the present application;
Fig. 2 is the flow chart of another hardware assets classification method provided by the embodiments of the present application;
Fig. 3 is the flow chart of another hardware assets classification method provided by the embodiments of the present application;
Fig. 4 is the flow chart of another hardware assets classification method provided by the embodiments of the present application;
Fig. 5 is a kind of structural block diagram of hardware assets categorizing system provided by the embodiments of the present application.
Specific embodiment
The core of the application is to provide a kind of hardware assets classification method, multiple by what is got from each hardware assets
Attribute information carries out COMPREHENSIVE CALCULATING, and more comprehensively and accurately comprehensive characteristics ginseng can be described to hardware assets feature by obtaining one
Number only needs that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and is classified, certain amount finally can be obtained
Group of assets, i.e., the different hardware assets for including in each group of assets can because its in table consistent present on comprehensive characteristics parameter
Now it is divided in a group of assets.The method use the feature that more attribute informations carry out each hardware assets of comprehensive description,
Consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.Another core of the application is to provide one
Kind hardware assets categorizing system, device and computer readable storage medium, have above-mentioned beneficial effect.
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art
All other embodiment obtained without making creative work, shall fall in the protection scope of this application.
Embodiment one
Below in conjunction with Fig. 1, Fig. 1 is a kind of flow chart of hardware assets classification method provided by the embodiments of the present application, tool
Body the following steps are included:
S101: the dynamic attribute and static attribute of each hardware assets in network are obtained;
This step is intended to obtain multiple characteristic informations of each hardware assets in network, specially dynamic attribute (at any time
Variation can change) and static attribute (being unchanged over time), wherein dynamic attribute and static attribute again may be used
To include a variety of specific characteristic parameters, for example, static attribute may include: IP address (static IP is generallyd use in enterprise, this
Place the case where not considering dynamic IP), vulnerability information, mainboard firmware version, at least one of system activationary time, the dynamic
Attribute may include: the announcement for generating the interior generation of number, the second prefixed time interval of warning information in the first prefixed time interval
Alert information category number, the number of network connections in third prefixed time interval, the flowing of access magnitude in the 4th prefixed time interval
At least one of.
It should be noted that when the first, second, third, fourth prefixed time interval used above can respectively refer to different
The long time cycle, can also the same time cycle for referring to identical duration, can flexible choice according to the actual situation.
Certainly, in addition to the above-mentioned several specific characteristic parameters enumerated, can also can be used for characterizing including various other
The parameter of hardware assets feature, and having some characteristic parameters is complex characteristics parameter, by taking vulnerability information as an example, vulnerability information can be with
Operating system version, application type, the open port etc. of installation simultaneously, the purpose of this step, which is to obtain, multiple can characterize
The parameter of hardware assets feature carrys out the feature of the corresponding hardware assets of comprehensive description for subsequent synthesis these parameters, to eliminate
IP address is used only in the prior art, classification is carried out in the presence of every technological deficiency to hardware assets, is placed in and specifically includes how many kinds of spy
The design parameter of sign is not specifically limited, and in conjunction with the demand of different practical application scenes, can obtain most suitable target application scene
The multiple design parameters for including under the feature type and this feature type of business.
S102: the comprehensive special of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute
Levy parameter;
On the basis of S101, this step is intended to comprehensively utilize the dynamic attribute that S101 is got and static attribute to integrate
Being calculated one being capable of more comprehensive, the description more accurate comprehensive characteristics parameter of hardware assets feature.
Basis due to obtaining the comprehensive characteristics parameter is the characteristic information of multiple and different types, it is also necessary to consider whether to need
The relationship between various species characteristic information is considered, further, since variety classes characteristic information is special in description hardware assets
The unique difference of representative degree when sign, what it is according to degree is not all that different weighting weights is arranged in every kind of characteristic information, with logical
It crosses the high characteristic information type of the prominent influence degree of weighted calculation method, reduce the low characteristic information type of influence degree to subsequent point
Erroneous effects caused by when class.It is subsequent to provide a specific embodiment based on such mode combination concrete application scene,
The application scenarios Integrated Understanding provided in combination with subsequent embodiment.
S103: classify to each comprehensive characteristics parameter, obtain the group of assets of preset quantity.
On the basis of S102, this step is intended to carry out classification processing to each comprehensive characteristics parameter being calculated, with
The group of assets of the preset quantity obtained after to classification.
Assorting process can be realized based on sorting algorithm, since what is obtained is not only special including single kind one by one herein
The characteristic parameter of reference breath, but include the comprehensive characteristics parameter of various features information, it is also difficult to using traditional classification side
Formula classifies to it, i.e., the mode classification that can recognize content based on surface has been unsuitable for this scene, therefore can be used close
The intelligent algorithm (also referred to as machine learning algorithm) that a little years occur, wherein being broadly divided into supervised learning and unsupervised learning two
Major class, supervised learning refer to the guiding theory being artificially placed in classification there are one, make machine according to this guiding theory
It goes to excavate the hiding common trait for being respectively hidden in chaotic data behind, unsupervised learning refers to that the guidance not artificially being placed in is thought
Think, excavates hiding common trait by the framework of respective algorithms merely, this two major classes machine learning algorithm includes a variety of tools
The realization algorithm of body, wherein for supervised learning algorithm due to there is the guiding theory being manually placed in, effect can be relatively preferable, and without prison
Although it is slightly poor to superintend and direct learning algorithm effect, without artificial, which specifically used class machine learning algorithm is also needed according to reality victory
The different flexible choices of application scenarios.
By taking unsupervised learning algorithm as an example, the most frequently used in unsupervised learning algorithm is clustering algorithm, the cluster used point
Analysis be based on similitude it is preceding so that between data in a cluster compared between the data in the different clusters
Person has more similitudes.Specifically include DBSCAN (Density-Based Spatial Clustering of
Applications with Noise has noisy density clustering method, is a kind of density-based spatial clustering
Region division with sufficient density is cluster, and finds arbitrary shape in having noisy spatial database by algorithm, the algorithm
The cluster of shape, cluster is defined as the maximum set of the connected point of density by it), K-Medoids, K-Means (K center) etc..
Further, although having obtained a certain number of group of assets after sorting algorithm, there should be certain phase
Like property, but some special application scenarios are there is also to similarity, there are higher requirements, therefore can also use similarity meter
Algorithm calculates separately the similarity value of each group of assets, by the similarity value being calculated and the similarity value of standard requirements into
Row compares, and obtains satisfactory group of assets with screening, can also will be undesirable according to particular/special requirement that may be present
Group of assets is reclassified or is directly abandoned etc., herein and is not specifically limited, can flexible choice according to the actual situation.
After obtaining point good group of assets, so that it may according to requirement existing under practical scene, will monitoring visual angle from single
Hardware assets extend to the group of assets including multiple hardware assets, so that the problem of individually finding from each hardware assets (peace
Full blast danger, BUG discovery, afunction etc.) it can be timely, unification to remaining hardware in the group of assets comprising the hardware assets
Assets are repaired, so that efficiency greatly increases.
Based on the above-mentioned technical proposal, a kind of hardware assets classification method provided by the embodiments of the present application, will be from each hardware
The multiple attribute informations got in assets carry out COMPREHENSIVE CALCULATING, and obtaining one can be more complete to the description of hardware assets feature
Face, accurate comprehensive characteristics parameter only need that sorting algorithm is recycled to be based on each comprehensive characteristics parameter later and are classified,
A certain number of group of assets finally can be obtained, i.e., the different hardware assets for including in each group of assets can be because of it in comprehensive characteristics
Unanimously performance is divided in a group of assets present on parameter.The method use more attribute informations, to carry out comprehensive description every
The feature of a hardware assets, consideration is more comprehensive, and feature description is more accurate, may make that classification results are more accurate.
Embodiment two
Below in conjunction with Fig. 2, Fig. 2 is the flow chart of another hardware assets classification method provided by the embodiments of the present application, area
Not in embodiment one, the present embodiment also adds the scheme for calculating each group of assets similarity value, and based on each group of assets
Whether similarity value is to meeting default similarity and requiring to screen, to further promote the phase of each hardware assets in group of assets
Like degree, the specific steps are as follows:
S201: the dynamic attribute and static attribute of each hardware assets in network are obtained;
S202: the comprehensive special of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute
Levy parameter;
S203: classify to each comprehensive characteristics parameter, obtain the group of assets of preset quantity;
S204: the similarity value of each group of assets is calculated;
S205: more each similarity value and the size relation between high similarity value is preset;
S206: similarity value is determined as high similarity group of assets not less than the group of assets for presetting high similarity value, and only
Retain high similarity group of assets.
S204, S205 and S206 provide a kind of calculating similarity value and by with preset high similarity value and be compared
The mode of high similarity group of assets is filtered out, certainly, the screening mode provided in this embodiment based on similarity value is only crowd
One of more implementations, those skilled in the art can obtain a variety of specific implementations under the guidance of this thought, herein
No longer repeat one by one.
Embodiment three
Below in conjunction with Fig. 3, Fig. 3 is the flow chart of another hardware assets classification method provided by the embodiments of the present application, area
Not in embodiment one, the present embodiment is that different types of characteristic information presses the difference of influence degree provided with corresponding weighting power
Value describes more accurate comprehensive characteristics parameter to combine the weighting weight to obtain feature by weighted calculation method, and with
K-Means clustering algorithm is classified, and is provided one kind based on K-Means clustering algorithm and increased new hardware assets on a small scale
When how to add it to the mode of suitable group of assets, specifically comprise the following steps:
S301: the dynamic attribute and static attribute of each hardware assets in network are obtained;
S302: the similar parameter that every attribute characterizes similarity degree between each hardware assets respectively is obtained;Wherein, attribute is specific
Including every kind of dynamic attribute and every kind of static attribute;
S303: being that different weights is arranged in corresponding attribute according to each similar parameter;
S304: it utilizes and adds according to the dynamic attribute of each hardware assets, static attribute and the corresponding weight of every attribute
The comprehensive characteristics parameter of each hardware assets is calculated in power calculating method;
S305: classifying to each comprehensive characteristics parameter using K-Means clustering algorithm, obtains K group of assets and K poly-
Class center;
S306: when increasing new hardware assets and new when accelerating less than preset quantity of hardware assets in network, compare
The comprehensive characteristics parameter of each new hardware assets difference degree between K cluster centre respectively, obtains comparison in difference result;
S307: the desired asset group for possessing minimum difference degree in K group of assets is determined according to comparison in difference result;
S308: desired asset group is added in new hardware assets.
Wherein, which should be one using the hardware assets number retained before increasing new hardware assets in network as base
Plinth, the upper limit of the number when will not clearly result in original classification results inaccuracy after these new hardware assets increases, with original
For having retained 100 hardware assets, if newly-increased 1, it can be seen that a newly-increased stylobate originally will not to it is original with 100 for base
The classification results of plinth impact, and the mode that S305 then can be used at this time adds it to a suitable group of assets, if newly-increased
50, once increasing quantity newly is more than half, it is more likely that can change original classification results, therefore it is necessary to again in the case
Classification is re-started with the comprehensive characteristics parameter of 150 hardware assets, obtains new group of assets.
Example IV
The present embodiment will provide a kind of specific implementation under the practical application scene in conjunction with practical application scene,
Incorporated by reference to four steps shown in Fig. 4, will illustrate respectively in sequence below:
1, assets move the High Dimensional Mapping of static attribute
1.1, IP field
The form of Asset IP such as A.B.C.D, each field value are 0~255.Usually, IP field is more close, explanation
The storage place and purposes of the two assets are more close.
IP field is mapped to the vector of higher dimensional space: V1=(A, B, C, D)
1.2, vulnerability information
Sharp vulnerability scanners or other safety equipments are scanned assets, find the vulnerability information of assets.Because of loophole
Information can reflect assets present state such as system version, application type, open port etc., it is possible to return to loophole
Class, if shared M class.Loophole type registration is higher, illustrates that assets similarity is higher, more it is possible that being broken through simultaneously by hacker.
Vulnerability information is mapped to the vector V of higher dimensional space2=(m1,…,ml,…,mM)
Wherein, mlIndicate the number of l class loophole, 0 < l≤M, l is integer, M=100
1.3, alarm time
Current various safety equipments can all be alerted for threat suffered by assets, (the T=within T minutes time
60), the 1st minute~T minutes alarm numbers per minute are counted.The time registration for generating alarm is higher, says
Bright assets similarity is higher, and hacker, which is concentrating, attacks these similar properties.
Alarm time is mapped to the vector V of higher dimensional space3=(c1,…,ci,…,cT)
Wherein, ciIndicate i-th minute number for generating alarm, 0 < i≤T, i is integer.
1.4, alarm type
Current various safety equipments can all be alerted for threat suffered by assets, (the T=within T minutes time
60), alarm can be sorted out, if shared N class.The type registration for generating alarm is higher, illustrates that assets similarity is higher,
Hacker, which is concentrating, attacks these similar properties.
Alarm type is mapped to the vector V of higher dimensional space4=(n1,…,nj,…,nN)
Wherein, njIndicate the number that the alarm of jth class generates in T minutes, 0 < j≤N, j is integer, N=10
2, the weighted array of high dimensional feature
Different attribute is different in the importance of higher dimensional space, and weight can be set and carry out importance adjusting, so poly-
Before class, need to be weighted high dimensional feature combination.
The vector V of IP field1, weight λ1
The vector V of vulnerability information2, weight λ2
The vector V of alarm time3, weight λ3
The vector V of alarm type4, weight λ4
Then it is combined: V=[λ1.*V1,λ2×V2,λ3×V3,λ4×V4]
Wherein .* indicates that the corresponding element of vector is multiplied, λ1For weight vectors, the value of each element in the weight vectors
Range is [1,1000], λ2、λ3And λ4For weighted value, the value range of these three weighted values is [1,1000];λ1=[8,4,2,
1], λ2=256, λ3=256, λ4=256.
3, cluster and group of assets similarity calculation
3.1, assets cluster: after obtaining the vector V of each assets higher dimensional space, being gathered using K-Means clustering algorithm
Class.If clustering number K is that wherein K is
Wherein, NassetFor total assets number, β is parameter.
K-Means clustering algorithm is a kind of public algorithm, input sample SPACE V and K value, exports K group of assets and each
The cluster centre of group of assets, and 20 are set by β.
3.2, it assets similarity calculation: after obtaining K group of assets and K cluster centre after step 3.1 cluster, adopts
The similarity of each group of assets is measured with root-mean-square error (Root Mean Square Error, RMSE).
Wherein, what root-mean-square error calculated is the square root square with observation frequency n ratio of observation and true value deviation,
And in actual measurement, observation frequency n is always limited, and true value can only be replaced with most believable (best) value.Similarly
Be common standard error, standard error is very sensitive to the especially big or special small error reflection in one group of measurement, so, standard
Error can be well reflected out the precision measured as the method for the dispersion degree for measuring one group of number itself, and root mean square misses
Difference is for measuring observation with the deviation between true value, their research object and research purpose is different, but calculating process
It is similar.
If the cluster centre of k-th of group of assets is Vk,mean, assets vector set i.e. k-th of the group of assets for being included wrapped
The assets vector set contained is combined intoThe assets number of i.e. k-th group of assets of assets vector number is Nk, then k-th of group of assets
RMSE are as follows:
RMSE is smaller, and group of assets similarity is bigger.RMSE is bigger, and group of assets similarity is smaller.
Because situation is complicated, it can not enumerate and be illustrated, those skilled in the art should be able to recognize according to the application
The basic skills principle combination actual conditions of offer may exist many examples, in the case where not paying enough creative works,
It should within the scope of protection of this application.
Fig. 5 is referred to below, Fig. 5 is a kind of structural block diagram of hardware assets categorizing system provided by the embodiments of the present application,
The hardware assets categorizing system may include:
Dynamic attribute and static attribute acquiring unit 100, for obtain in network the dynamic attribute of each hardware assets and
Static attribute;
Comprehensive characteristics parametric synthesis computing unit 200, for the dynamic attribute and static attribute according to each hardware assets
The comprehensive characteristics parameter of each hardware assets is calculated;
Classification and each group of assets acquiring unit 300 for classifying to each comprehensive characteristics parameter obtain preset quantity
Group of assets.
Further, which can also include:
Similarity degree acquiring unit characterizes the similar ginseng of similarity degree between each hardware assets for obtaining every attribute respectively
Number;Wherein, attribute specifically includes every kind of dynamic attribute and every kind of static attribute;
Weight setting unit, for being that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, comprehensive characteristics parametric synthesis computing unit 200 specifically:
Weighted calculation is utilized according to the dynamic attribute of each hardware assets, static attribute and the corresponding weight of every attribute
The comprehensive characteristics parameter of each hardware assets is calculated in method.
Wherein, classification and each group of assets acquiring unit 300 may include:
K-Means clustering algorithm classification subelement, for being carried out using K-Means clustering algorithm to each comprehensive characteristics parameter
Classification, obtains K group of assets and K cluster centre;Wherein, K be the preset packet count of K-Means clustering algorithm, K be greater than etc.
In 1 natural number.
Further, which can also include:
Comparison in difference unit, for increase in the network new hardware assets and new hardware assets accelerate be less than it is pre-
If when quantity, the comprehensive characteristics parameter of the relatively each new hardware assets difference degree between K cluster centre respectively obtains difference
Different comparison result;
Desired asset group determination unit, for determination to possess minimum difference from K group of assets according to comparison in difference result
The desired asset group of degree;
The small-scale updating unit of group of assets, for desired asset group to be added in new hardware assets.
Further, which can also include:
Similarity value computing unit, for calculating the similarity value of each group of assets.
Based on the above embodiment, present invention also provides a kind of hardware assets sorter, the hardware assets sorters
It may include memory and processor, wherein have computer program in the memory, which calls in the memory
When computer program, step provided by above-described embodiment may be implemented.Certainly, which can also include
Various necessary network interfaces, power supply and other components etc..
Present invention also provides a kind of computer readable storage mediums, have computer program thereon, the computer program
Step provided by above-described embodiment may be implemented when being performed terminal or processor execution.The storage medium may include: U
Disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access
Memory, RAM), the various media that can store program code such as magnetic or disk.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities
The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment
Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration
?.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond scope of the present application.
Specific examples are used herein to illustrate the principle and implementation manner of the present application, and above embodiments are said
It is bright to be merely used to help understand the present processes and its core concept.For those skilled in the art,
Under the premise of not departing from the application principle, can also to the application, some improvement and modification can also be carried out, these improvement and modification
It falls into the protection scope of the claim of this application.
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that
A little elements, but also other elements including being not explicitly listed, or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except there is also other identical elements in the process, method, article or equipment for including element.
Claims (10)
1. a kind of hardware assets classification method characterized by comprising
Obtain the dynamic attribute and static attribute of each hardware assets in network;
The comprehensive special of each hardware assets is calculated according to the dynamic attribute of each hardware assets and static attribute
Levy parameter;
Classify to each comprehensive characteristics parameter, obtains the group of assets of preset quantity.
2. hardware assets classification method according to claim 1, which is characterized in that the static attribute include: IP address,
At least one of vulnerability information, mainboard firmware version, system activationary time.
3. hardware assets classification method according to claim 1, which is characterized in that the dynamic attribute includes: first pre-
If the warning information species number for generating the interior generation of number, the second prefixed time interval of warning information, third are pre- in time interval
If at least one of the flowing of access magnitude in number of network connections, the 4th prefixed time interval in time interval.
4. hardware assets classification method according to claim 2 or 3, which is characterized in that provided according to each hardware
The dynamic attribute and static attribute of production are calculated before the comprehensive characteristics parameter of each hardware assets, further includes:
Obtain the similar parameter that every attribute characterizes similarity degree between each hardware assets respectively;Wherein, the attribute is specific
Including dynamic attribute described in every kind and every kind of static attribute;
It is that different weights is arranged in corresponding attribute according to each similar parameter;
It is corresponding, each hardware assets are calculated according to the dynamic attribute of each hardware assets and static attribute
Comprehensive characteristics parameter, specifically:
Weighted calculation is utilized according to the dynamic attribute of each hardware assets, static attribute and the corresponding weight of every attribute
The comprehensive characteristics parameter of each hardware assets is calculated in method.
5. hardware assets classification method according to claim 1 is classified using to each comprehensive characteristics parameter, is obtained
To the group of assets of preset quantity, comprising:
Classified using K-Means clustering algorithm to each comprehensive characteristics parameter, is obtained in K group of assets and K cluster
The heart;Wherein, K is the preset packet count of K-Means clustering algorithm, and K is the natural number more than or equal to 1.
6. hardware assets classification method according to claim 5, which is characterized in that further include:
When increasing new hardware assets and when accelerating less than preset quantity of the new hardware assets in the network, compare
The comprehensive characteristics parameter of each new hardware assets difference degree between K cluster centres respectively, obtains diversity ratio
Relatively result;
The desired asset group for possessing minimum difference degree in the K group of assets is determined according to the comparison in difference result;
The desired asset group is added in the new hardware assets.
7. hardware assets classification method according to claim 1, which is characterized in that the group of assets for obtaining preset quantity it
Afterwards, further includes:
Calculate the similarity value of each group of assets;
Compare each similarity value and presets the size relation between high similarity value;
Similarity value is determined as high similarity group of assets not less than the group of assets for presetting high similarity value, and only retains institute
State high similarity group of assets.
8. a kind of hardware assets categorizing system characterized by comprising
Dynamic attribute and static attribute acquiring unit, for obtaining the dynamic attribute of each hardware assets and static category in network
Property;
Comprehensive characteristics parametric synthesis computing unit, for being calculated according to the dynamic attribute and static attribute of each hardware assets
Obtain the comprehensive characteristics parameter of each hardware assets;
Classification and each group of assets acquiring unit for classifying to each comprehensive characteristics parameter obtain the money of preset quantity
Production group.
9. a kind of computing device of group of assets similarity characterized by comprising
Memory, for storing computer program;
Processor realizes hardware assets classification as described in any one of claim 1 to 7 when for executing the computer program
The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program, the computer program realize hardware assets classification side as described in any one of claim 1 to 7 when being executed by processor
The step of method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810768873.5A CN109034222A (en) | 2018-07-13 | 2018-07-13 | A kind of hardware assets classification method, system, device and readable storage medium storing program for executing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810768873.5A CN109034222A (en) | 2018-07-13 | 2018-07-13 | A kind of hardware assets classification method, system, device and readable storage medium storing program for executing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109034222A true CN109034222A (en) | 2018-12-18 |
Family
ID=64642044
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810768873.5A Pending CN109034222A (en) | 2018-07-13 | 2018-07-13 | A kind of hardware assets classification method, system, device and readable storage medium storing program for executing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109034222A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109785915A (en) * | 2018-12-24 | 2019-05-21 | 东软集团股份有限公司 | Data collect method, device, storage medium and electronic equipment |
EP3705966A1 (en) * | 2019-03-04 | 2020-09-09 | Accenture Global Solutions Limited | Machine learning (ml)-based auto-visualization of plant assets |
CN112732724A (en) * | 2021-01-21 | 2021-04-30 | 杭州迪普科技股份有限公司 | Asset information management method and device |
CN112766681A (en) * | 2021-01-11 | 2021-05-07 | 杭州迪普科技股份有限公司 | Equipment classification management method and device |
CN113158001A (en) * | 2021-03-25 | 2021-07-23 | 深圳市联软科技股份有限公司 | Method and system for judging attribution and correlation of network space IP assets |
CN113554056A (en) * | 2021-06-21 | 2021-10-26 | 杭州安恒信息技术股份有限公司 | Network asset aggregation method, device, electronic device and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
CN103999091A (en) * | 2011-12-29 | 2014-08-20 | 迈可菲公司 | Geo-mapping system security events |
CN104272650A (en) * | 2012-04-11 | 2015-01-07 | 迈克菲公司 | Asset detection system |
CN107645493A (en) * | 2017-08-20 | 2018-01-30 | 杭州安恒信息技术有限公司 | A kind of IP groups similarity calculating method |
CN108074030A (en) * | 2017-03-03 | 2018-05-25 | 哈尔滨安天科技股份有限公司 | A kind of safety analysis of assets information and Visualized management system and method |
-
2018
- 2018-07-13 CN CN201810768873.5A patent/CN109034222A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103999091A (en) * | 2011-12-29 | 2014-08-20 | 迈可菲公司 | Geo-mapping system security events |
CN104272650A (en) * | 2012-04-11 | 2015-01-07 | 迈克菲公司 | Asset detection system |
CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
CN108074030A (en) * | 2017-03-03 | 2018-05-25 | 哈尔滨安天科技股份有限公司 | A kind of safety analysis of assets information and Visualized management system and method |
CN107645493A (en) * | 2017-08-20 | 2018-01-30 | 杭州安恒信息技术有限公司 | A kind of IP groups similarity calculating method |
Non-Patent Citations (1)
Title |
---|
唐双林: "《基于改进K最近邻分类的IT资产管理***开发》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109785915A (en) * | 2018-12-24 | 2019-05-21 | 东软集团股份有限公司 | Data collect method, device, storage medium and electronic equipment |
CN109785915B (en) * | 2018-12-24 | 2021-03-19 | 东软集团股份有限公司 | Data collection method, device, storage medium and electronic equipment |
EP3705966A1 (en) * | 2019-03-04 | 2020-09-09 | Accenture Global Solutions Limited | Machine learning (ml)-based auto-visualization of plant assets |
US11574238B2 (en) | 2019-03-04 | 2023-02-07 | Accenture Global Solutions Limited | Machine learning (ML)-based auto-visualization of plant assets |
CN112766681A (en) * | 2021-01-11 | 2021-05-07 | 杭州迪普科技股份有限公司 | Equipment classification management method and device |
CN112732724A (en) * | 2021-01-21 | 2021-04-30 | 杭州迪普科技股份有限公司 | Asset information management method and device |
CN113158001A (en) * | 2021-03-25 | 2021-07-23 | 深圳市联软科技股份有限公司 | Method and system for judging attribution and correlation of network space IP assets |
CN113158001B (en) * | 2021-03-25 | 2024-05-14 | 深圳市联软科技股份有限公司 | Network space IP asset attribution and correlation discrimination method and system |
CN113554056A (en) * | 2021-06-21 | 2021-10-26 | 杭州安恒信息技术股份有限公司 | Network asset aggregation method, device, electronic device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109034222A (en) | A kind of hardware assets classification method, system, device and readable storage medium storing program for executing | |
CN110188198A (en) | A kind of anti-fraud method and device of knowledge based map | |
CN107622326A (en) | User's classification, available resources Forecasting Methodology, device and equipment | |
CN107679734A (en) | It is a kind of to be used for the method and system without label data classification prediction | |
CN104517052B (en) | Invasion detection method and device | |
CN111353600B (en) | Abnormal behavior detection method and device | |
CN109656967B (en) | Big data mining processing method, device, medium and electronic equipment based on space | |
CN110138745A (en) | Abnormal host detection method, device, equipment and medium based on data stream sequences | |
CN112700324A (en) | User loan default prediction method based on combination of Catboost and restricted Boltzmann machine | |
CN106372215A (en) | Credit inquiring system and method | |
CN110457533A (en) | A kind of intelligence data model analysis method | |
CN114186626A (en) | Abnormity detection method and device, electronic equipment and computer readable medium | |
CN109992588A (en) | It is a kind of to divide folk prescription method and relevant device based on data processing | |
CN111598713B (en) | Cluster recognition method and device based on similarity weight updating and electronic equipment | |
CN108280759A (en) | Air control model optimization method, terminal and computer readable storage medium | |
CN109257383A (en) | A kind of BGP method for detecting abnormality and system | |
CN110135684A (en) | A kind of capability comparison method, capability comparison device and terminal device | |
CN109559218A (en) | A kind of determination method, apparatus traded extremely and storage medium | |
CN110046185A (en) | Chart method for pushing and device | |
CN113434575B (en) | Data attribution processing method, device and storage medium based on data warehouse | |
CN112950359B (en) | User identification method and device | |
CN110400213A (en) | Data processing method and device and electronic equipment and readable medium | |
CN106651630B (en) | Crucial electricity consumption industry recognition methods and system | |
CN109191185A (en) | A kind of visitor's heap sort method and system | |
CN112686312A (en) | Data classification method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |