CN114363206B - Terminal asset identification method, device, computing equipment and computer storage medium - Google Patents
Terminal asset identification method, device, computing equipment and computer storage medium Download PDFInfo
- Publication number
- CN114363206B CN114363206B CN202111629025.4A CN202111629025A CN114363206B CN 114363206 B CN114363206 B CN 114363206B CN 202111629025 A CN202111629025 A CN 202111629025A CN 114363206 B CN114363206 B CN 114363206B
- Authority
- CN
- China
- Prior art keywords
- terminal
- asset
- asset information
- preset
- confidence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000005540 biological transmission Effects 0.000 claims abstract description 33
- 238000000605 extraction Methods 0.000 claims abstract description 27
- 230000006854 communication Effects 0.000 claims description 34
- 238000004891 communication Methods 0.000 claims description 16
- 238000004458 analytical method Methods 0.000 claims description 8
- 230000009191 jumping Effects 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 6
- 230000011664 signaling Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000012937 correction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000010924 continuous production Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Landscapes
- Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a terminal asset identification method, a terminal asset identification device, computing equipment and a computer storage medium. The method comprises the following steps: acquiring terminal flow transmitted by a terminal to be identified based on a preset transmission protocol; analyzing the terminal flow by using a preset character template to obtain 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template; calculating a1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight; if the 1 st asset confidence value is greater than or equal to a preset confidence threshold value, determining the 1 st terminal asset information as terminal asset information of the terminal to be identified; if the 1 st asset confidence value is smaller than the preset confidence threshold value, the step of obtaining the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol is skipped, so that the asset information of the terminal can be accurately identified, and the identified terminal asset information is more complete.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for identifying a terminal asset, a computing device, and a computer storage medium.
Background
With the continuous upgrading of network technology and continuous improvement of network bandwidth, terminal devices such as network cameras and network video recorders gradually become an indispensable tool in human life. In general, there are often thousands of terminal devices distributed in different areas in a video network, and how to accurately and completely identify terminal assets becomes an important problem.
Common terminal asset identification methods based on network traffic mainly focus on technologies such as ports, protocols and equipment fingerprints, which need to extract session information from captured terminal traffic and perform Deep Packet Inspection (DPI), however, the identification accuracy is poor, and the asset information identification is incomplete.
Disclosure of Invention
The present invention has been made in view of the above problems, and provides a terminal asset identification method, apparatus, computing device and computer storage medium that overcome or at least partially solve the above problems.
According to an aspect of the present invention, there is provided a terminal asset identification method, including:
Acquiring terminal flow transmitted by a terminal to be identified based on a preset transmission protocol;
Analyzing the terminal flow by using a preset character template to obtain 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template;
calculating a1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
If the 1 st asset confidence value is greater than or equal to a preset confidence threshold value, determining the 1 st terminal asset information as terminal asset information of the terminal to be identified; if the 1 st asset confidence value is smaller than the preset confidence threshold value, the step of obtaining the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol is skipped.
According to another aspect of the present invention, there is provided a terminal asset identification device including:
the acquisition module is suitable for acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol;
The analysis module is suitable for analyzing the terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template;
The computing module is suitable for computing the 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
The determining module is suitable for determining the 1 st terminal asset information as the terminal asset information of the terminal to be identified if the 1 st asset confidence value is larger than or equal to a preset confidence threshold value; and if the 1 st asset confidence value is smaller than the preset confidence threshold value, triggering the acquisition module to execute.
According to yet another aspect of the present invention, there is provided a computing device comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface are communicated with each other through the communication bus;
The memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the terminal asset identification method.
According to still another aspect of the present invention, there is provided a computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the above-described terminal asset identification method.
The invention can accurately identify the asset information of the terminal based on the terminal flow, and the identified terminal asset information is more complete.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 shows a flow diagram of a method of terminal asset identification according to one embodiment of the invention;
FIG. 2 shows a flow diagram of a method of terminal asset identification according to another embodiment of the invention;
FIG. 3 illustrates a schematic structure of a terminal asset identification device according to one embodiment of the present invention;
FIG. 4 illustrates a schematic diagram of a computing device, according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a flow diagram of a terminal asset identification method according to an embodiment of the invention.
As shown in fig. 1, the method comprises the steps of:
step S101, obtaining terminal flow transmitted by a terminal to be identified based on a preset transmission protocol.
Specifically, the embodiment is mainly used for identifying assets corresponding to industrial terminals, for example, terminals such as a network camera IPC and a network video recorder NVR which are commonly used in a video monitoring network, where the terminal assets mainly include: terminal manufacturer information, terminal model information, and the like, are not specifically mentioned here.
When an asset corresponding to a certain terminal needs to be identified, the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol can be obtained, wherein the terminal flow comprises an audio/video stream and a control signaling stream, and the embodiment mainly analyzes the control signaling stream.
Step S102, analyzing the terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template.
In this embodiment, a character template is preset, in which an extraction field corresponding to terminal asset information is defined, after terminal traffic is acquired, the preset character template may be used to analyze the terminal traffic, and the 1 st terminal asset information corresponding to each extraction field may be obtained through analysis, where the terminal asset information is terminal-related asset information, for example, terminal manufacturer information, model information, and the like.
Step S103, calculating the 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight.
In this step, each 1 st terminal asset information is assigned a confidence weight, for example, 30%, 20%, 15% or the like, and then the 1 st asset confidence value is calculated by combining the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, for example, by a weighted summation method.
Step S104, if the 1 st asset confidence value is greater than or equal to a preset confidence threshold, determining the 1 st terminal asset information as terminal asset information of the terminal to be identified; if the 1 st asset confidence value is less than the preset confidence threshold, step S101 is skipped.
Specifically, after the 1 st asset confidence value is obtained by calculation, comparing the 1 st asset confidence value with a preset confidence threshold, for example, setting the preset confidence threshold to be 85%, and if the 1 st asset confidence value is greater than or equal to the preset confidence threshold, determining the 1 st terminal asset information as a terminal asset of the terminal to be identified; if the 1 st asset confidence value is less than the preset confidence threshold, step S101 is skipped.
The invention can accurately identify the asset information of the terminal based on the terminal flow, and the identified terminal asset information is more complete.
Fig. 2 shows a flow diagram of a method of identifying a terminal asset according to an embodiment of the invention.
As shown in fig. 2, the method comprises the steps of:
step S201, according to terminal metadata and call identification, the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol is associated, and the associated terminal flow is obtained.
Specifically, the terminal traffic of the terminal to be identified may be decentralized, so as to improve accuracy of terminal asset identification, the decentralized terminal traffic may be associated, for example, according to terminal metadata and call identification, the terminal traffic of the terminal to be identified transmitted based on a preset transmission protocol, where the terminal metadata includes: source IP address (SIP), destination IP address (DIP), source port number (port), destination port number (DPORT).
SIP, DIP, SPORT, DPORT is called a network quadruple, and the terminal traffic comprises an audio/video stream and a control signaling stream, wherein the control signaling stream comprises terminal metadata and a call identifier (sip_callid), so that the terminal traffic of the terminal to be identified can be tracked through the terminal metadata (SIP, DIP, SPORT, DPORT) and the sip_callid, and the association of the terminal traffic is realized. The present embodiment mainly analyzes the control signaling flow to identify and determine the terminal asset.
The embodiment is mainly used for identifying assets corresponding to industrial terminals, such as a common network camera IPC and a network video recorder NVR, in a video monitoring network, where the terminal assets mainly include: terminal manufacturer information, terminal model information, and the like, are not specifically mentioned here.
Step S202, a protocol communication process is identified and determined from a protocol header of a transmission protocol corresponding to the terminal flow.
The terminal traffic in this embodiment is transmitted based on a preset transmission protocol, for example, GB28181 protocol, where the GB28181 protocol has the following protocol communication procedures: the protocol communication process is usually encapsulated in the protocol header of the transmission protocol corresponding to the terminal flow, so that the protocol communication process can be identified and determined from the protocol header of the transmission protocol corresponding to the terminal flow. For example, the key word REGISTER is encapsulated in the protocol header of the transmission protocol, and by analyzing the protocol header, it is determined that the protocol header carries the REGISTER, which may be determined to be a REGISTER registration procedure, which is only illustrated herein and not used in any limiting sense.
And step S203, analyzing the terminal flow by utilizing a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
In this embodiment, a character template is set for each protocol communication process, so after the protocol communication process is determined according to step S202, the terminal traffic can be analyzed by using the character template matched with the protocol communication process, to obtain the 1 st terminal asset information corresponding to each extracted field. The character template is specifically a regular expression.
Specifically, after obtaining the terminal traffic of at least one protocol communication process, the information of the 1 st terminal asset can be extracted from the extraction field of the terminal traffic of at least one protocol communication process, for example, the information of the 1 st terminal asset is extracted from a User Agent field (UA field for short) carried in a MESSAGE HEADER-section (message header) of a REGISTER registration message, and the specific vendor and model information of the terminal asset are extracted from a Media Dec field etc. carried in a Session Description Protocol-section (session description protocol section) of a preview message. For example, the UA field may extract Hikvision or other information, the Media Dec field may extract codec number information supported by IPC such as RTP/AVP 96 97 98, and the specific vendor or the like may be determined from the codec number information.
Step S204, according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, the 1 st asset confidence value is calculated.
In this step, each 1 st terminal asset information is assigned a confidence weight, for example, 30%, 20%, 15% or the like, and then the 1 st asset confidence value is calculated by combining the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, for example, by a weighted summation method.
Step S205, if the 1 st asset confidence value is greater than or equal to a preset confidence threshold, determining the 1 st terminal asset information as initial terminal asset information of the terminal to be identified; if the 1 st asset confidence value is less than the preset confidence threshold, step S201 is skipped.
Specifically, after the 1 st asset confidence value is obtained by calculation, comparing the 1 st asset confidence value with a preset confidence threshold, for example, setting the preset confidence threshold to be 85%, and if the 1 st asset confidence value is greater than or equal to the preset confidence threshold, determining the 1 st terminal asset information as an initial terminal asset of the terminal to be identified, namely, a first conclusion is made on terminal asset identification; if the 1 st asset confidence value is less than the preset confidence threshold, step S201 is skipped.
And step S206, the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol is associated again according to the terminal metadata and the call identification, and the associated terminal flow is obtained.
In this embodiment, the terminal flow is a continuous process, so that whether the initial terminal asset is accurate or not can be continuously verified according to the subsequent terminal flow, that is, self-correction is performed according to the subsequent terminal flow. This step is similar to the step S201, and will not be described here again.
And S207, analyzing the terminal flow by using a preset character template to obtain the i-th terminal asset information corresponding to each extraction field, wherein i is more than or equal to 2, and i is an integer.
The step is similar to the step S203, and will not be described in detail herein, and it should be noted that the i-th terminal asset information obtained in the step may be new terminal asset information re-extracted, or may be a combination of a part of the new terminal asset information extracted and a part of the terminal asset information obtained before, for example, when the terminal is an OEM terminal, there may be a case that the i-th terminal asset information determined by the extraction field is not unique.
Step S208, according to the i-th terminal asset information corresponding to each extracted field and the corresponding confidence weight, calculating an i-th asset confidence value.
This step is similar to the step S204, and will not be described in detail here.
In step S209, if the i-th asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, the i-th terminal asset information is determined as the terminal asset information of the terminal to be identified.
After the ith asset confidence value is obtained through calculation, comparing the ith asset confidence value with the 1 st asset confidence value to the i-1 st asset confidence value, and if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified, and finally completing the whole asset identification process.
Optionally, in this embodiment, whether the terminal traffic is transmitted based on the preset transmission protocol may be identified by the port number corresponding to the transmission protocol and whether the preset keyword is included, for example, the port number is 5060, if yes, the terminal traffic transmitted by the terminal to be identified based on the preset transmission protocol is obtained, and if not, the terminal traffic is ignored.
The invention can accurately identify the asset information of the terminal based on the terminal flow, the identified terminal asset information is more complete, and continuous deviation correction can be carried out according to the subsequent terminal flow, thereby obtaining more accurate terminal asset information.
Fig. 3 illustrates a schematic structure of a terminal asset identification device according to an embodiment of the present invention. As shown in fig. 3, the apparatus includes: an acquisition module 301, an analysis module 302, a calculation module 303, a determination module 304.
The acquisition module 301 is adapted to acquire a terminal traffic transmitted by a terminal to be identified based on a preset transmission protocol;
the analysis module 302 is adapted to analyze the terminal traffic by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template;
A calculating module 303, adapted to calculate a1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
A determining module 304, adapted to determine the 1 st terminal asset information as the terminal asset information of the terminal to be identified if the 1 st asset confidence value is greater than or equal to a preset confidence threshold; and if the 1 st asset confidence value is smaller than the preset confidence threshold value, triggering the acquisition module to execute.
Optionally, the analysis module is further adapted to: analyzing the terminal flow by using a preset character template to obtain the i-th terminal asset information corresponding to each extraction field;
the computing module is further adapted to: calculating an ith asset confidence value according to the ith terminal asset information corresponding to each extracted field and the corresponding confidence weight, wherein i is more than or equal to 2, and i is an integer;
The determination module is further adapted to: and if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified.
Optionally, the analysis module is further adapted to: identifying and determining a protocol communication process from a protocol header of a transmission protocol corresponding to the terminal flow;
and analyzing the terminal flow by using a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
Optionally, the protocol communication process includes: registration process, heartbeat process, catalog retrieval process, preview process, video playback process, device information inquiry process, logout process.
Optionally, the acquisition module is further adapted to: according to the terminal metadata and the call identification, the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol is associated;
Analyzing the terminal flow by using a preset character template, and obtaining the 1 st terminal asset information corresponding to each extraction field further comprises:
And analyzing the associated terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field.
Optionally, the terminal metadata includes: source IP address, destination IP address, source port number, destination port number.
Optionally, the transmission protocol is: GB28181 protocol.
The invention can accurately identify the asset information of the terminal based on the terminal flow, the identified terminal asset information is more complete, and continuous deviation correction can be carried out according to the subsequent terminal flow, thereby obtaining more accurate terminal asset information.
The embodiment of the application also provides a non-volatile computer storage medium, which stores at least one executable instruction, and the computer executable instruction can execute the terminal asset identification method in any of the above method embodiments.
FIG. 4 illustrates a schematic diagram of a computing device, according to one embodiment of the invention, the particular embodiment of the invention not being limited to a particular implementation of the computing device.
As shown in fig. 4, the computing device may include: a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein:
Processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
Processor 402 is configured to execute program 410, and may specifically perform relevant steps in the above-described terminal asset identification method embodiment.
In particular, program 410 may include program code including computer-operating instructions.
The processor 402 may be a central processing unit CPU, or an Application-specific integrated Circuit ASIC (Application SPECIFIC INTEGRATED Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included by the computing device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically operative to cause processor 402 to perform the terminal asset identification method of any of the method embodiments described above. The specific implementation of each step in the procedure 410 may refer to the corresponding step and corresponding description in the unit in the above terminal asset identification embodiment, which is not repeated herein. It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and modules described above may refer to corresponding procedure descriptions in the foregoing method embodiments, which are not repeated herein.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components according to embodiments of the present invention may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). The present invention can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.
Claims (8)
1. A terminal asset identification method, comprising:
Acquiring terminal flow transmitted by a terminal to be identified based on a preset transmission protocol;
Analyzing the terminal flow by using a preset character template to obtain 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template;
calculating a1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
If the 1st asset confidence value is greater than or equal to a preset confidence threshold value, determining the 1st terminal asset information as terminal asset information of the terminal to be identified; if the 1st asset confidence value is smaller than a preset confidence threshold value, jumping to a step of acquiring terminal flow transmitted by a terminal to be identified based on a preset transmission protocol so as to reacquire the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol;
The step of analyzing the terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field further comprises the following steps:
identifying and determining a protocol communication process from a protocol header of a transmission protocol corresponding to the terminal flow, wherein the protocol communication process comprises one or more of the following processes: registration process, heartbeat process, catalog retrieval process, preview process, video playback process, equipment information inquiry process, and logout process;
and analyzing the terminal flow by using a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extraction field.
2. The method of claim 1, wherein the method further comprises: the step of updating the terminal asset information specifically comprises the following steps:
re-acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol;
Analyzing the terminal flow by using the preset character template to obtain the i-th terminal asset information corresponding to each extraction field, wherein i is more than or equal to 2, and i is an integer;
calculating an ith asset confidence value according to the ith terminal asset information corresponding to each extracted field and the corresponding confidence weight;
And if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified.
3. The method according to claim 1 or 2, wherein the obtaining the terminal traffic transmitted by the terminal to be identified based on the preset transmission protocol further comprises:
According to the terminal metadata and the call identification, the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol is associated;
Analyzing the terminal flow by using a preset character template, and obtaining the 1 st terminal asset information corresponding to each extraction field further comprises:
And analyzing the associated terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field.
4. A method according to claim 3, wherein the terminal metadata comprises: source IP address, destination IP address, source port number, destination port number.
5. The method according to claim 1 or 2, wherein the transmission protocol is: GB28181 protocol.
6. A terminal asset identification device comprising:
the acquisition module is suitable for acquiring the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol;
The analysis module is suitable for analyzing the terminal flow by using a preset character template to obtain 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template;
The computing module is suitable for computing the 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
The determining module is suitable for determining the 1 st terminal asset information as the terminal asset of the terminal to be identified if the 1 st asset confidence value is greater than or equal to a preset confidence threshold value; if the 1 st asset confidence value is smaller than a preset confidence threshold value, triggering an acquisition module to execute so as to reacquire the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol;
Wherein the analysis module is further adapted to: identifying and determining a protocol communication process from a protocol header of a transmission protocol corresponding to the terminal flow, wherein the protocol communication process comprises one or more of the following processes: registration process, heartbeat process, catalog retrieval process, preview process, video playback process, equipment information inquiry process, and logout process;
and analyzing the terminal flow by using a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
7. A computing device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
The memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to the terminal asset identification method according to any one of claims 1 to 5.
8. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the terminal asset identification method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111629025.4A CN114363206B (en) | 2021-12-28 | 2021-12-28 | Terminal asset identification method, device, computing equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111629025.4A CN114363206B (en) | 2021-12-28 | 2021-12-28 | Terminal asset identification method, device, computing equipment and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363206A CN114363206A (en) | 2022-04-15 |
| CN114363206B true CN114363206B (en) | 2024-07-02 |
Family
ID=81103456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111629025.4A Active CN114363206B (en) | 2021-12-28 | 2021-12-28 | Terminal asset identification method, device, computing equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363206B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112087744A (en) * | 2020-08-21 | 2020-12-15 | 宜通世纪科技股份有限公司 | Method, system, device and storage medium for identifying terminal model |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100091873A (en) * | 2009-02-11 | 2010-08-19 | 엘지전자 주식회사 | Method for recognizing ue capability |
| CA2933669A1 (en) * | 2015-06-23 | 2016-12-23 | Above Security Inc. | Method and system for detecting and identifying assets on a computer network |
| CN105095919A (en) * | 2015-09-08 | 2015-11-25 | 北京百度网讯科技有限公司 | Image recognition method and image recognition device |
| CN109961080B (en) * | 2017-12-26 | 2022-09-23 | 腾讯科技(深圳)有限公司 | Terminal identification method and device |
| CN108833541A (en) * | 2018-06-15 | 2018-11-16 | 北京奇安信科技有限公司 | A kind of method and device of identification terminal information |
| CN109688183B (en) * | 2018-08-20 | 2022-08-19 | 深圳壹账通智能科技有限公司 | Group control equipment identification method, device, equipment and computer readable storage medium |
| WO2020113477A1 (en) * | 2018-12-05 | 2020-06-11 | 深圳市欢太科技有限公司 | Pseudo base station recognition method and apparatus, and electronic device and computer-readable storage medium |
| CN109978170B (en) * | 2019-03-05 | 2020-04-28 | 浙江邦盛科技有限公司 | Mobile equipment identification method based on multiple elements |
| CN111177483A (en) * | 2019-12-04 | 2020-05-19 | 北京奇虎科技有限公司 | Terminal device identification method, device and computer readable storage medium |
| CN111460803B (en) * | 2020-03-18 | 2023-11-10 | 北京邮电大学 | Equipment identification method based on Web management page of industrial Internet of things equipment |
| CN112039853B (en) * | 2020-08-11 | 2022-09-30 | 深信服科技股份有限公司 | Asset identification method and device for local area network, equipment and readable storage medium |
| CN113660663A (en) * | 2021-07-27 | 2021-11-16 | 杭州安恒信息技术股份有限公司 | Internet of things equipment identification method and device, computer equipment and storage medium |
| CN113706100B (en) * | 2021-08-24 | 2023-12-05 | 国网辽宁省电力有限公司电力科学研究院 | Real-time detection and identification method and system for Internet of things terminal equipment of power distribution network |
-
2021
- 2021-12-28 CN CN202111629025.4A patent/CN114363206B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112087744A (en) * | 2020-08-21 | 2020-12-15 | 宜通世纪科技股份有限公司 | Method, system, device and storage medium for identifying terminal model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363206A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11451566B2 (en) | Network traffic anomaly detection method and apparatus | |
| CN111045952B (en) | Software testing method, flow playback device, terminal equipment and readable storage medium | |
| CN112272179B (en) | Network security processing method, device, equipment and machine readable storage medium | |
| CN106656998B (en) | server communication method and device | |
| CN110417801B (en) | Server side identification method and device, equipment and storage medium | |
| CN113825129A (en) | Industrial internet asset mapping method under 5G network environment | |
| CN112580730A (en) | Terminal type identification method and device | |
| CN114363206B (en) | Terminal asset identification method, device, computing equipment and computer storage medium | |
| CN113038523B (en) | Terminal identification method and device | |
| CN112769635B (en) | Service identification method and device for multi-granularity feature analysis | |
| CN113110965B (en) | Monitoring method and device for abnormal information, computer storage medium and terminal | |
| CN112637223B (en) | Application protocol identification method and device, computer equipment and storage medium | |
| CN105207829B (en) | Intrusion detection data processing method, device and system | |
| CN112699000A (en) | Data processing method and device, readable storage medium and electronic equipment | |
| CN113395367A (en) | HTTPS service identification method and device, storage medium and electronic equipment | |
| CN109284833B (en) | Method, apparatus and storage medium for obtaining feature data for machine learning model | |
| CN113965629A (en) | UDP application layer protocol identification method, device, storage medium and equipment | |
| CN105610800A (en) | Abnormal data processing method and abnormal data processing apparatus | |
| CN115022366A (en) | Asset identification method and device, electronic equipment and storage medium | |
| CN111159509B (en) | Data processing method and related product | |
| CN113852551A (en) | Message processing method and device | |
| CN110995700A (en) | Malformed IP message detection method, equipment and storage medium | |
| CN112417022B (en) | Method, device, terminal and storage medium for acquiring data | |
| CN111625807A (en) | Equipment type identification method and device | |
| CN116208374B (en) | Industrial protocol identification method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: QAX Technology Group Inc. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: QAX Technology Group Inc. Country or region before: China Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant |