CN113297253A - Equipment identification method, device, equipment and readable storage medium - Google Patents
Equipment identification method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN113297253A CN113297253A CN202110662989.2A CN202110662989A CN113297253A CN 113297253 A CN113297253 A CN 113297253A CN 202110662989 A CN202110662989 A CN 202110662989A CN 113297253 A CN113297253 A CN 113297253A
- Authority
- CN
- China
- Prior art keywords
- access
- target
- statistical information
- equipment
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000002776 aggregation Effects 0.000 claims description 10
- 238000004220 aggregation Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012216 screening Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 239000013598 vector Substances 0.000 description 3
- 238000004883 computer application Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a device identification method, a device and a readable storage medium, wherein the method comprises the following steps: acquiring all access relations of target equipment; counting access statistical information of the target device based on the access relation; the type of the target device is determined based on the access statistics. Therefore, in the application, the equipment identification can be completed without active participation of the identified target equipment or acquisition of related information from the target equipment and by acquiring and counting all access relations of the target equipment.
Description
Technical Field
The present application relates to the field of computer application technologies, and in particular, to a device identification method, apparatus, device, and readable storage medium.
Background
Identifying device assets can facilitate asset management. In the existing equipment asset identification scheme, the identified equipment needs to actively send a data packet according to specific query, and asset information is identified through a specific protocol packet in a return packet.
Although the device asset identification scheme can identify the type of the device, the scheme needs to extract the characteristic field from the specific protocol packet and then output the matched identification result, so that false alarm is easy to occur in the scene of counterfeit data packets and the like. In addition, each identified device needs to install a specific program to collect corresponding information, so that the problems of complex realization operation and the like exist. Therefore, the existing equipment asset identification scheme has the problems of false alarm, complex implementation operation and the like.
In summary, how to effectively solve the problems of device identification and the like is a technical problem which needs to be solved urgently by those skilled in the art at present.
Disclosure of Invention
The application aims to provide a device identification method, a device, equipment and a readable storage medium, which can improve the accuracy of equipment type identification under the condition that the equipment to be identified does not actively participate.
In order to solve the technical problem, the application provides the following technical scheme:
a device identification method, comprising:
acquiring all access relations of target equipment;
counting access statistical information of the target device based on the access relation;
determining a type of the target device based on the access statistics.
Preferably, determining the type of the target device based on the access statistics comprises:
and matching the access statistical information with a preset rule, and determining the type of the target equipment according to the matching result.
Preferably, matching the access statistical information with a preset rule, and determining the type of the target device according to the matching result includes:
comparing the access statistical information with matching conditions corresponding to each rule in the preset rules; the matching condition comprises at least one of a time period, a port, access times, an IP address and a protocol;
according to the comparison result, determining a target rule matched with the access statistical information from the preset rules;
and acquiring the type of the target equipment to which the target rule belongs, and determining the type of the target equipment according to the type of the target equipment.
Preferably, the preset rules include a custom rule and a default rule, and the comparing the access statistical information with the matching condition corresponding to each rule in the preset rules includes:
comparing the access statistical information with the matching conditions corresponding to each rule in the user-defined rules;
and/or comparing the access statistical information with the matching conditions corresponding to each rule in the default rules.
Preferably, the obtaining all access relationships of the target device includes:
and inquiring all access relations of the target equipment from the equipment access record.
Preferably, the querying, in the slave device access record, all access relationships of the target device includes:
respectively generating database query statements of which the IP addresses of the target equipment are a source IP address and a target IP address;
inquiring a database storing the equipment access records according to the database query statement to obtain all access relations of the target equipment;
correspondingly, the access statistic information of the target device is counted based on the access relation, and the access statistic information comprises:
counting all access relations of the target equipment to obtain access statistical information; the access statistical information includes access statistical information using the target device as a source end and access statistical information using the target device as a destination end.
Preferably, querying a database storing the device access records according to the database query statement to obtain all access relationships of the target device, and counting access statistical information of the target device based on the access relationships, including:
respectively generating class structured aggregation query statements of which the IP addresses of the target equipment are a source IP address and a target IP address;
and sending the class structured aggregation query statement to the database to obtain the access statistical information counted based on all the access relations of the target equipment.
Preferably, before querying all access relationships of the target device in the slave device access record, the method includes:
acquiring a flow packet flowing through each device in a target system to which the target device belongs;
screening the flow packets to obtain data packets;
reading access parameters from the data packet;
generating the equipment access record by using the access parameter;
storing the device access record.
Preferably, after the determining the type of the target device based on the access statistic information, the method further includes:
updating an asset table based on the identified type.
An apparatus for device identification, comprising:
the access relation acquisition module is used for acquiring all access relations of the target equipment;
the access statistical information statistical module is used for counting the access statistical information of the target equipment based on the access relation;
a device type determination module to determine a type of the target device based on the access statistics.
An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the above-mentioned device identification method when executing the computer program.
A readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned device identification method.
By applying the method provided by the embodiment of the application, all access relations of the target equipment are obtained; counting access statistical information of the target device based on the access relation; the type of the target device is determined based on the access statistics.
Considering that different devices correspond to different access features, the device type corresponding to the device may be determined based on the access statistics of the device in the present application. Specifically, only all access relationships of the target device need to be acquired, access statistical information of the target device is counted based on the access relationships, and the type of the target device can be determined based on the access statistical information. Therefore, in the application, the equipment identification can be completed without active participation of the identified target equipment or acquisition of related information from the target equipment and by acquiring and counting all access relations of the target equipment.
Accordingly, the embodiment of the present application further provides an apparatus identification device, an apparatus and a readable storage medium corresponding to the apparatus identification method, which have the above technical effects and are not described herein again.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or related technologies of the present application, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an implementation of a device identification method in an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating the collection and storage of device access records according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an apparatus identification device in an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device in an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart illustrating an apparatus identification method according to an embodiment of the present application, where the method includes the following steps:
s101, acquiring all access relations of the target equipment.
The target device may be a device in the local area network that needs device asset statistics.
The access relationship, that is, the relationship related to access, may record a role that the target device acts in the access relationship, for example, the target device acts as a source end or a destination end, and may also remember content such as access time, access times, access modes, and the like corresponding to access in which the target device participates.
In the application, the access records of each target device can be stored in the database in advance, so that all the access relations of the target devices are obtained by inquiring the database; or all the access relations of the target equipment can be obtained by carrying out mirror image acquisition on the data packets of each equipment and analyzing the data packets.
And S102, counting the access statistical information of the target equipment based on the access relation.
The access statistical information may specifically include access time, access times, access objects, and access modes corresponding to each access.
That is, the access relationship may be statistically sorted, so as to determine the access statistical information of the target device.
And S103, determining the type of the target device based on the access statistical information.
In this embodiment, rules/characteristics of the access statistics corresponding to different device types may be summarized and summarized in advance. For example, for a device of the type of the user terminal, generally, the device is mainly in a visitor role, that is, generally, the access statistics information corresponding to the device has more accesses belonging to the access source side than the access destination side.
Then, after the access statistical information of the target device is obtained, the type of the target device can be determined directly based on the access statistical information.
Preferably, in a specific embodiment of the present application, in order to quickly determine the type of the target device, rules of the corresponding access statistics information may be summarized and summarized for different device types in advance, the device type to which the rule belongs is labeled, and a corresponding matching condition is set in each rule, so that the access statistics information may be matched with a preset rule, and the type of the target device may be determined based on a matching result. That is, the step S103 determines the type of the target device based on the access statistical information, and may include: and matching the access statistical information with a preset rule, and determining the type of the target equipment according to a matching result. The specific implementation process comprises the following steps:
step one, comparing the access statistical information with matching conditions corresponding to each rule in preset rules; the matching condition comprises at least one of time period, port, access times, IP address and protocol;
secondly, determining a target rule matched with the access statistical information from the preset rules according to the comparison result;
and step three, obtaining the type of the target equipment to which the target rule belongs, and determining the type of the target equipment according to the type of the target equipment.
For convenience of description, the above three steps will be described in combination.
In this embodiment, the preset rule may specifically correspond to a matching condition, and the matching condition may specifically correspond to at least one of a time period, a port, an access frequency, an IP creator, and a protocol. For example, the matching condition of the preset rule corresponding to the web server may specifically be: the HTTP port of a certain IP is accessed more than 5 times by different users within a certain period of time. That is, if the HTTP port meeting the certain IP within the certain period of time is accessed by different users more than 5 times, it is considered that the access statistical information meets the matching condition, and the rule corresponding to the web server may be determined as the target rule.
Examples of preset rules include, but are not limited to:
the device identification protocol port of a certain IP is accessed more than X times by different users within a certain period of time, which can be defined as a device identification device.
The access times and the access times of an IP in a certain period of time are consistent, and meanwhile, the destination IP is constant and can be regarded as a proxy server.
The access times and the access times of an IP in a certain period of time are consistent, and meanwhile, the target IP is regular and limited in number, so that the load balancing server can be considered.
The request initiated by a certain IP within a certain period of time is directed to common websites such as Baidu, Google, and big (a search service platform from Microsoft corporation), and meanwhile, the request has no other server features, and can be regarded as a user terminal.
In this embodiment, the access statistical information may be compared with the matching conditions respectively corresponding to each rule in the preset rules at the same time, and then the target rule meeting the matching conditions is found. It should be noted that, generally, the access statistic information is only matched with one target rule, and if the access statistic information is matched with a plurality of target rules, it indicates that the matching condition of the target rules is not representative, and the exception prompt information may be output.
Of course, the access statistical information may be sequentially compared with the matching conditions corresponding to each rule in the preset rules until the target rule is found. If the matched target rule cannot be found, the target equipment is possibly of the equipment type which has no corresponding preset rule temporarily, and abnormal prompt information can be output at the moment so as to increase the preset rule of the equipment type to which the target equipment belongs in the following process.
After the target rule matching the access statistical information of the target device is found, the type of the target device to which the target rule belongs can be obtained. Since the access statistics of the target device match the target rule, that is, the target device has the corresponding access characteristics/attributes as the device type to which the target rule belongs, it can be determined that the target device belongs to the target device type to which the target rule belongs. That is, the type of the target device is identified.
In a specific embodiment of the present application, the preset rule includes a custom rule and a default rule, and correspondingly, the step one of comparing the access statistic information with the matching condition corresponding to each rule in the preset rule, where the target rule matching the access statistic information is searched from the preset rule specifically includes:
step one, comparing the access statistical information with the matching conditions corresponding to each rule in the user-defined rules;
and step two, comparing the access statistical information with the matching conditions corresponding to each rule in the default rules.
For convenience of description, the above two steps will be described in combination.
In this embodiment, default rules may be preset, and a user interface for customizing the rules may be provided to the user. Thus, the user can modify or supplement the default rule, thereby obtaining the self-defined rule.
For example, the following steps are carried out: if the default rules specify: in the time period A, an HTTP port of an IP is accessed by different users more than N times and is defined as a web server; accordingly, in the user-defined rule, the length of the time period a can be reset to B, or the number of access times N can be reset to M, so as to meet the actual user requirements.
When the access statistical information is compared with the matching conditions corresponding to each rule in the preset rules, the access statistical information may be compared based on the default rules or the user-defined rules according to default settings or user settings, or may be compared based on the user-defined rules, or may be compared only by combining the default rules and the user-defined rules.
Specifically, the target user-defined rule matching the access statistical information may be preferentially searched from the user-defined rules. Therefore, the matched target user-defined rule is found, and the target user-defined rule can be directly determined as the target rule. If the target user self-defined rule matched with the access statistical information is not found in the self-defined rules, searching the target default rule matched with the access statistical information from the default preset rules, and after the target default rule is found, determining the target default rule to be the target rule. If the rule matched with the access statistical information is not found in the user-defined preset rule and the default preset rule, prompt information of failed equipment identification can be output to the outside.
That is to say, in the practical application, the default preset rule and the user-defined preset rule are combined, so that different user requirements in the practical application scene can be met.
In a specific embodiment of the present application, after the step S103 is performed to determine the type of the target device based on the access statistic information, the asset table may be further updated based on the identified type. In this manner, the asset table is updated, thereby allowing for better maintenance and management of the system based on the asset table.
By applying the method provided by the embodiment of the application, all access relations of the target equipment are obtained; counting access statistical information of the target device based on the access relation; the type of the target device is determined based on the access statistics.
Considering that different devices correspond to different access features, the device type corresponding to the device may be determined based on the access statistics of the device in the present application. Specifically, only all access relationships of the target device need to be acquired, access statistical information of the target device is counted based on the access relationships, and the type of the target device can be determined based on the access statistical information. Therefore, in the application, the equipment identification can be completed without active participation of the identified target equipment or acquisition of related information from the target equipment and by acquiring and counting all access relations of the target equipment.
It should be noted that, based on the above embodiments, the embodiments of the present application also provide corresponding improvements. In the preferred/improved embodiment, the same steps as those in the above embodiment or corresponding steps may be referred to each other, and corresponding advantageous effects may also be referred to each other, which are not described in detail in the preferred/improved embodiment herein.
In a specific embodiment of the present application, the step S101 of obtaining all access relationships of the target device may specifically include: and querying all access relations of the target device from the device access record.
That is, in this embodiment, the device access record may be stored in advance, and all the access relationships of the target device may be obtained by querying the device access record.
For ease of management and lookup, in this embodiment, the device access records may be stored in a database. Generally, databases can be divided into two types, one type is a database which cannot directly feed back statistical information recorded by equipment access; one type is a database of statistical information that can be directly fed back to the device access records. For different types of databases. That is to say, in the present application, all the access relationships of the target device can be directly obtained by querying from the database, and then statistics is performed on the access relationships to obtain the access statistical information of the target device; and the access statistical information of the target equipment can be directly obtained from the database by directly utilizing the statistical function of the database.
Mode 1: the specific implementation process for acquiring the access relation of the target device and the statistical information of the statistical questions for the database which cannot directly feed back the statistical information of the device access records comprises the following steps:
step one, respectively generating database query statements of which the IP addresses of target equipment are a source IP address and a target IP address;
step two, inquiring a database of the access records of the storage equipment according to the database query statement to obtain all access relations of the target equipment;
thirdly, counting all access relations of the target equipment to obtain access statistical information; the access statistical information comprises access statistical information taking the target device as a source end and access statistical information taking the target device as a destination end.
For convenience of description, the above three steps will be described in combination.
In this embodiment, when the database storing the device access record cannot directly feed back the statistical information about the device access record, the database query statement using the IP address of the target device as the source IP address and the database query statement using the IP address as the destination IP address may be generated respectively. And sending the generated database query statement to a database to obtain the access record of the target equipment corresponding to the IP address. Then, the access records of the target equipment are subjected to statistical processing, and then access statistical information can be obtained. The statistical processing may specifically include counting the number of times and time that the IP address is used as a source IP address, the number of times and time that the IP address is used as a destination IP address, and specific statistical data (such as the number of types of IP addresses) of an accessed destination IP address when the IP address is an original IP address, and statistical data (such as the number of types of IP addresses) of a source IP address when the IP address is a destination address.
That is, when the database does not have the direct feedback statistical information, the access records of the target device are directly obtained from the database, and the access records of the target device are counted, so that the access statistical information is obtained.
Mode 2: for a database which can directly feed back statistical information of equipment access records, all access relations of target equipment and access statistical information of the target equipment are obtained, and the specific implementation process comprises the following steps:
step one, generating class structured aggregation query statements with the IP addresses of target equipment as a source IP address and a target IP address respectively;
and step two, sending the class structured aggregation query statement to a database to obtain access statistical information counted based on all access relations of the target equipment.
For convenience of description, the above two steps will be described in combination.
In this embodiment, for a database of statistical information that can be directly fed back to the device access records, a class structured aggregate query statement can be directly generated. Specifically, class structured aggregation query statements with the IP addresses as source IP addresses and the IP addresses as destination IP addresses can be generated respectively. The class structured aggregated query statement is then sent to the database. When the database executes the structured aggregation query statement, the access statistical information can be fed back. That is, the access statistic information can be obtained quickly by the statistic function of the database, and the step of statistic processing can be omitted.
In the following, taking the database, specifically Clickhouse, as an example, how to obtain access statistics information is described in detail.
Wherein ClickHouse is a true columnar database management system (DBMS). In clickwouse, data is always stored in columns, including processes performed by vectors (vectors or column blocks). Processing operations within the database may be assigned on a vector basis rather than on individual values, referred to as vectorized query execution, which advantageously reduces the actual data processing overhead.
Specifically, the access statistical information of the IP address is queried, that is, the access relationship of the IP is queried. First, a Clickhouse SQL-like aggregate statement is generated for the IP as the source IP, and a Clickhouse SQL-like aggregate statement is generated for the IP as the destination IP. And then the Clickhouse returns the source and destination access relation of the IP according to the query statement. That is, the access statistics are returned with the IP address as the source IP address and with the IP address as the destination IP address.
SQL (Structured Query Language) is a special-purpose programming Language, and is a database Query and programming Language for accessing data and querying, updating, and managing a relational database system; and is also an extension of the database script file.
Of course, in practical applications, there are other databases that can directly feed back access statistics, such as PostgreSQL, which is a very advanced object-relational database management system (ordms). The specific implementation process of acquiring the access statistical information by using PostgreSQL may refer to the specific implementation process of acquiring the access statistical information by using Clickhouse, and is not described in detail herein.
It should be noted that, regardless of whether the device access record is stored in the database or regardless of which type of database is used, the device access record needs to be stored before all access relationships of the target device are queried in the device access record. Specifically, referring to fig. 2, a specific implementation process of collecting and storing device access records includes:
step one, acquiring a flow packet flowing through each device in a target system to which a target device belongs;
step two, screening the flow packets to obtain data packets;
reading access parameters from the data packet;
generating an equipment access record by using the access parameters;
and step five, storing the access records of the equipment.
For convenience of description, the above five steps will be described in combination.
The target system, that is, the system where the target device that needs to perform device identification is located, may specifically refer to a certain cluster or a certain local area network.
First, traffic packets flowing through each device in a target system are acquired. Specifically, in order to avoid affecting the existing functions of the target system, a mirror image manner may be adopted to obtain the traffic packets flowing through each device. Preferably, considering that the traffic packet of the useless connection has no reference value for analyzing the access attribute, when acquiring the traffic packet, the traffic packet can be acquired only by mirroring the connection with successful TCP handshake, and the connection with failed TCP handshake is ignored.
Considering that the scan packets occupy a certain proportion of the traffic packets and have no reference value for analyzing the access attribute, the traffic packets may be screened to leave only the data packets. Specifically, the filtering may be performed according to scanning characteristics, for example, when nmap (Network Mapper, which is a Network scanning and sniffing toolkit under Linux) is used to scan an open Network connection end of a Network computer, determine which services run on which connection ends, and infer which operating system the computer runs on), the scanning is performed with nmap fields, or there is a request payload, and a data packet that does not respond to the payload is a scanning packet; if the packet is a scanning packet, discarding the scanning packet and continuously acquiring a flow packet; if not, it is retained.
After the data packet is obtained, the data packet may be parsed, so as to read the access parameter of the data packet, and generate and store the device access record, for example, store the device access record in a database, by using the access parameter.
Specifically, the access parameter may be information such as an IP address, port information, a protocol, a timestamp, and an access URL (uniform resource locator). Preferably, in order to obtain comprehensive access information content, the access parameter may specifically include six-element group information, and the six-element group information is recorded and stored in the database as a device access record. The hexahydric group information comprises a source IP address, a source port, a destination IP address, a destination port, a protocol and a timestamp. That is, for a device access record, the source IP address, source port, destination IP address, destination port, protocol, and timestamp are recorded therein. Therefore, the access statistical information of each IP address in the log can be counted based on the six-element group information in the access records of the plurality of pieces of equipment, such as the number of times that a certain IP address accesses a certain destination port in a certain time period. Of course, before storage, the information of each six-element group can also be merged according to time periods.
Corresponding to the above method embodiments, the present application further provides an apparatus identification device, and the apparatus identification device described below and the apparatus identification method described above may be referred to correspondingly.
Referring to fig. 3, the apparatus includes the following modules:
an access relationship obtaining module 101, configured to obtain all access relationships of a target device;
an access statistic information statistic module 102, configured to count access statistic information of the target device based on the access relationship;
a device type determination module 103, configured to determine a type of the target device based on the access statistics.
By applying the device provided by the embodiment of the application, all access relations of the target equipment are obtained; counting access statistical information of the target device based on the access relation; the type of the target device is determined based on the access statistics.
Considering that different devices correspond to different access features, the device type corresponding to the device may be determined based on the access statistics of the device in the present application. Specifically, only all access relationships of the target device need to be acquired, access statistical information of the target device is counted based on the access relationships, and the type of the target device can be determined based on the access statistical information. Therefore, in the application, the equipment identification can be completed without active participation of the identified target equipment or acquisition of related information from the target equipment and by acquiring and counting all access relations of the target equipment.
In a specific embodiment of the present application, the device type determining module 103 is specifically configured to match the access statistical information with a preset rule, and determine the type of the target device according to a matching result.
In a specific embodiment of the present application, the device type determining module 103 is specifically configured to compare the access statistical information with a matching condition corresponding to each rule in the preset rules; the matching condition comprises at least one of time period, port, access times, IP address and protocol; according to the comparison result, determining a target rule matched with the access statistical information from the preset rules; and acquiring the type of the target equipment to which the target rule belongs, and determining the type of the target equipment according to the type of the target equipment.
In a specific embodiment of the present application, the preset rule includes a user-defined rule and a default rule, and the comparing the access statistic information with the matching condition corresponding to each rule in the preset rule includes:
comparing the access statistical information with the matching conditions corresponding to each rule in the user-defined rules;
and/or comparing the access statistical information with the matching conditions corresponding to each rule in the default rules.
In a specific embodiment of the present application, the access relationship obtaining module 101 is specifically configured to query all access relationships of the target device from the device access record.
In a specific embodiment of the present application, the access relationship obtaining module 101 is specifically configured to generate database query statements that the IP addresses of the target devices are the source IP address and the destination IP address, respectively; inquiring a database of the access records of the storage equipment according to the database query statement to obtain all access relations of the target equipment;
correspondingly, the access statistical information statistics module 102 is specifically configured to perform statistics on all access relationships of the target device to obtain access statistical information; the access statistical information comprises access statistical information taking the target device as a source end and access statistical information taking the target device as a destination end.
In a specific embodiment of the present application, the access statistics module 102 is specifically configured to generate class structured aggregation query statements that the IP addresses of the target devices are source IP addresses and destination IP addresses, respectively; and sending the class structured aggregation query statement to a database to obtain access statistical information counted based on all access relations of the target equipment.
In one embodiment of the present application, the method further includes:
the device access record storage module is used for acquiring a flow packet flowing through each device in a target system to which the target device belongs before inquiring all access relations of the target device in the slave device access record; screening the flow packets to obtain data packets; reading access parameters from the data packet; generating a device access record by using the access parameters; the storage device accesses the record.
In one embodiment of the present application, the method further includes:
an asset table update module to update the asset table based on the identified type after determining the type of the target device based on the access statistics.
Corresponding to the above method embodiment, the present application further provides an electronic device, and the electronic device described below and the device identification method described above may be referred to in correspondence with each other.
Referring to fig. 4, the electronic device includes:
a memory 332 for storing a computer program;
a processor 322 for implementing the steps of the device identification method of the above-described method embodiments when executing the computer program.
Specifically, referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device provided in this embodiment, which may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, where the memory 332 stores one or more computer applications 342 or data 344. Memory 332 may be, among other things, transient or persistent storage. The program stored in memory 332 may include one or more modules (not shown), each of which may include a sequence of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the memory 332 to execute a series of instruction operations in the memory 332 on the electronic device 301.
The electronic device 301 may also include one or more power sources 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341.
The steps in the above-described device identification method may be implemented by the structure of the electronic device.
Corresponding to the above method embodiment, the present application further provides a readable storage medium, and a readable storage medium described below and an apparatus identification method described above may be referred to correspondingly.
A readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the device identification method of the above-mentioned method embodiment.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
Claims (12)
1. A device identification method, comprising:
acquiring all access relations of target equipment;
counting access statistical information of the target device based on the access relation;
determining a type of the target device based on the access statistics.
2. The device identification method of claim 1, wherein determining the type of the target device based on the access statistics comprises:
and matching the access statistical information with a preset rule, and determining the type of the target equipment according to the matching result.
3. The device identification method according to claim 2, wherein matching the access statistics with a preset rule, and determining the type of the target device according to the matching result comprises:
comparing the access statistical information with matching conditions corresponding to each rule in the preset rules; the matching condition comprises at least one of a time period, a port, access times, an IP address and a protocol;
according to the comparison result, determining a target rule matched with the access statistical information from the preset rules;
and acquiring the type of the target equipment to which the target rule belongs, and determining the type of the target equipment according to the type of the target equipment.
4. The device identification method according to claim 3, wherein the preset rules include a custom rule and a default rule, and the comparing the access statistical information with the matching condition corresponding to each rule in the preset rules includes:
comparing the access statistical information with the matching conditions corresponding to each rule in the user-defined rules;
and/or comparing the access statistical information with the matching conditions corresponding to each rule in the default rules.
5. The device identification method according to claim 1, wherein the obtaining all access relationships of the target device comprises:
and inquiring all access relations of the target equipment from the equipment access record.
6. The device identification method according to claim 5, wherein the querying all access relationships of the target device from the device access record comprises:
respectively generating database query statements of which the IP addresses of the target equipment are a source IP address and a target IP address;
inquiring a database storing the equipment access records according to the database query statement to obtain all access relations of the target equipment;
correspondingly, the access statistic information of the target device is counted based on the access relation, and the access statistic information comprises:
counting all access relations of the target equipment to obtain access statistical information; the access statistical information includes access statistical information using the target device as a source end and access statistical information using the target device as a destination end.
7. The device identification method according to claim 5, wherein querying a database storing the device access records according to the database query statement to obtain all access relationships of the target device, and counting access statistics information of the target device based on the access relationships comprises:
respectively generating class structured aggregation query statements of which the IP addresses of the target equipment are a source IP address and a target IP address;
and sending the class structured aggregation query statement to the database to obtain the access statistical information counted based on all the access relations of the target equipment.
8. The device identification method according to claim 5, wherein before querying all access relationships of the target device in the slave device access record, the method comprises:
acquiring a flow packet flowing through each device in a target system to which the target device belongs;
screening the flow packets to obtain data packets;
reading access parameters from the data packet;
generating the equipment access record by using the access parameter;
storing the device access record.
9. The device identification method according to any one of claims 1 to 8, further comprising, after said determining the type of the target device based on the access statistical information:
updating an asset table based on the identified type.
10. An apparatus for identifying a device, comprising:
the access relation acquisition module is used for acquiring all access relations of the target equipment;
the access statistical information statistical module is used for counting the access statistical information of the target equipment based on the access relation;
a device type determination module to determine a type of the target device based on the access statistics.
11. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the device identification method according to any one of claims 1 to 9 when executing the computer program.
12. A readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the device identification method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110662989.2A CN113297253A (en) | 2021-06-15 | 2021-06-15 | Equipment identification method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110662989.2A CN113297253A (en) | 2021-06-15 | 2021-06-15 | Equipment identification method, device, equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113297253A true CN113297253A (en) | 2021-08-24 |
Family
ID=77328332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110662989.2A Pending CN113297253A (en) | 2021-06-15 | 2021-06-15 | Equipment identification method, device, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113297253A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500261A (en) * | 2022-01-24 | 2022-05-13 | 深信服科技股份有限公司 | Network asset identification method and device, electronic equipment and storage medium |
| CN115442327A (en) * | 2022-08-05 | 2022-12-06 | 深圳市酷开软件技术有限公司 | Method and device for identifying device type, electronic device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090178123A1 (en) * | 2008-01-09 | 2009-07-09 | Microsoft Corporation | Trusted internet identity |
| US20170357709A1 (en) * | 2016-06-09 | 2017-12-14 | Canon Kabushiki Kaisha | Data management system, control method, and storage medium |
| US20180124084A1 (en) * | 2016-10-31 | 2018-05-03 | Fujitsu Limited | Network monitoring device and method |
| CN111143644A (en) * | 2018-11-05 | 2020-05-12 | ***通信集团广东有限公司 | Identification method and device of Internet of things equipment |
| CN112929216A (en) * | 2021-02-05 | 2021-06-08 | 深信服科技股份有限公司 | Asset management method, device, equipment and readable storage medium |
-
2021
- 2021-06-15 CN CN202110662989.2A patent/CN113297253A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090178123A1 (en) * | 2008-01-09 | 2009-07-09 | Microsoft Corporation | Trusted internet identity |
| US20170357709A1 (en) * | 2016-06-09 | 2017-12-14 | Canon Kabushiki Kaisha | Data management system, control method, and storage medium |
| US20180124084A1 (en) * | 2016-10-31 | 2018-05-03 | Fujitsu Limited | Network monitoring device and method |
| CN111143644A (en) * | 2018-11-05 | 2020-05-12 | ***通信集团广东有限公司 | Identification method and device of Internet of things equipment |
| CN112929216A (en) * | 2021-02-05 | 2021-06-08 | 深信服科技股份有限公司 | Asset management method, device, equipment and readable storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500261A (en) * | 2022-01-24 | 2022-05-13 | 深信服科技股份有限公司 | Network asset identification method and device, electronic equipment and storage medium |
| CN114500261B (en) * | 2022-01-24 | 2024-01-02 | 深信服科技股份有限公司 | Network asset identification method and device, electronic equipment and storage medium |
| CN115442327A (en) * | 2022-08-05 | 2022-12-06 | 深圳市酷开软件技术有限公司 | Method and device for identifying device type, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108009236B (en) | Big data query method, system, computer and storage medium | |
| US11277312B2 (en) | Behavioral based device clustering | |
| US11775501B2 (en) | Trace and span sampling and analysis for instrumented software | |
| CN101902505B (en) | Distributed DNS inquiry log real-time statistic device and method thereof | |
| US10984013B1 (en) | Tokenized event collector | |
| CN107451149B (en) | Monitoring method and device for flow data query task | |
| US11386113B2 (en) | Data source tokens | |
| CN108228322B (en) | Distributed link tracking and analyzing method, server and global scheduler | |
| US11436116B1 (en) | Recovering pre-indexed data from a shared storage system following a failed indexer | |
| CN112765282B (en) | Data online analysis processing method, device, equipment and storage medium | |
| US20130185429A1 (en) | Processing Store Visiting Data | |
| CN111740884A (en) | Log processing method, electronic equipment, server and storage medium | |
| CN112929216A (en) | Asset management method, device, equipment and readable storage medium | |
| US11681707B1 (en) | Analytics query response transmission | |
| CN112347501A (en) | Data processing method, device, equipment and storage medium | |
| CN111740868A (en) | Alarm data processing method and device and storage medium | |
| CN112134719A (en) | Method and system for analyzing base station security log | |
| CN112052134A (en) | Service data monitoring method and device | |
| CN111338888B (en) | Data statistics method and device, electronic equipment and storage medium | |
| CN106326280B (en) | Data processing method, device and system | |
| CN113297253A (en) | Equipment identification method, device, equipment and readable storage medium | |
| CN117251414B (en) | Data storage and processing method based on heterogeneous technology | |
| CN113778810A (en) | Log collection method, device and system | |
| CN116820874A (en) | Enterprise-level big data component and method for monitoring and alarming application | |
| US11829415B1 (en) | Mapping buckets and search peers to a bucket map identifier for searching |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210824 |