Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a flow diagram of a terminal asset identification method according to an embodiment of the invention.
As shown in fig. 1, the method comprises the steps of:
step S101, obtaining terminal flow transmitted by a terminal to be identified based on a preset transmission protocol.
Specifically, the embodiment is mainly used for identifying assets corresponding to industrial terminals, for example, terminals such as a network camera IPC and a network video recorder NVR which are commonly used in a video monitoring network, where the terminal assets mainly include: terminal manufacturer information, terminal model information, and the like, are not specifically mentioned here.
When an asset corresponding to a certain terminal needs to be identified, the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol can be obtained, wherein the terminal flow comprises an audio/video stream and a control signaling stream, and the embodiment mainly analyzes the control signaling stream.
Step S102, analyzing the terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template.
In this embodiment, a character template is preset, in which an extraction field corresponding to terminal asset information is defined, after terminal traffic is acquired, the preset character template may be used to analyze the terminal traffic, and the 1 st terminal asset information corresponding to each extraction field may be obtained through analysis, where the terminal asset information is terminal-related asset information, for example, terminal manufacturer information, model information, and the like.
Step S103, calculating the 1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight.
In this step, each 1 st terminal asset information is assigned a confidence weight, for example, 30%, 20%, 15% or the like, and then the 1 st asset confidence value is calculated by combining the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, for example, by a weighted summation method.
Step S104, if the 1 st asset confidence value is greater than or equal to a preset confidence threshold, determining the 1 st terminal asset information as terminal asset information of the terminal to be identified; if the 1 st asset confidence value is less than the preset confidence threshold, step S101 is skipped.
Specifically, after the 1 st asset confidence value is obtained by calculation, comparing the 1 st asset confidence value with a preset confidence threshold, for example, setting the preset confidence threshold to be 85%, and if the 1 st asset confidence value is greater than or equal to the preset confidence threshold, determining the 1 st terminal asset information as a terminal asset of the terminal to be identified; if the 1 st asset confidence value is less than the preset confidence threshold, step S101 is skipped.
The invention can accurately identify the asset information of the terminal based on the terminal flow, and the identified terminal asset information is more complete.
Fig. 2 shows a flow diagram of a method of identifying a terminal asset according to an embodiment of the invention.
As shown in fig. 2, the method comprises the steps of:
step S201, according to terminal metadata and call identification, the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol is associated, and the associated terminal flow is obtained.
Specifically, the terminal traffic of the terminal to be identified may be decentralized, so as to improve accuracy of terminal asset identification, the decentralized terminal traffic may be associated, for example, according to terminal metadata and call identification, the terminal traffic of the terminal to be identified transmitted based on a preset transmission protocol, where the terminal metadata includes: source IP address (SIP), destination IP address (DIP), source port number (port), destination port number (DPORT).
SIP, DIP, SPORT, DPORT is called a network quadruple, and the terminal traffic comprises an audio/video stream and a control signaling stream, wherein the control signaling stream comprises terminal metadata and a call identifier (sip_callid), so that the terminal traffic of the terminal to be identified can be tracked through the terminal metadata (SIP, DIP, SPORT, DPORT) and the sip_callid, and the association of the terminal traffic is realized. The present embodiment mainly analyzes the control signaling flow to identify and determine the terminal asset.
The embodiment is mainly used for identifying assets corresponding to industrial terminals, such as a common network camera IPC and a network video recorder NVR, in a video monitoring network, where the terminal assets mainly include: terminal manufacturer information, terminal model information, and the like, are not specifically mentioned here.
Step S202, a protocol communication process is identified and determined from a protocol header of a transmission protocol corresponding to the terminal flow.
The terminal traffic in this embodiment is transmitted based on a preset transmission protocol, for example, GB28181 protocol, where the GB28181 protocol has the following protocol communication procedures: the protocol communication process is usually encapsulated in the protocol header of the transmission protocol corresponding to the terminal flow, so that the protocol communication process can be identified and determined from the protocol header of the transmission protocol corresponding to the terminal flow. For example, the key word REGISTER is encapsulated in the protocol header of the transmission protocol, and by analyzing the protocol header, it is determined that the protocol header carries the REGISTER, which may be determined to be a REGISTER registration procedure, which is only illustrated herein and not used in any limiting sense.
And step S203, analyzing the terminal flow by utilizing a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
In this embodiment, a character template is set for each protocol communication process, so after the protocol communication process is determined according to step S202, the terminal traffic can be analyzed by using the character template matched with the protocol communication process, to obtain the 1 st terminal asset information corresponding to each extracted field. The character template is specifically a regular expression.
Specifically, after obtaining the terminal traffic of at least one protocol communication process, the information of the 1 st terminal asset can be extracted from the extraction field of the terminal traffic of at least one protocol communication process, for example, the information of the 1 st terminal asset is extracted from a User Agent field (UA field for short) carried in a MESSAGE HEADER-section (message header) of a REGISTER registration message, and the specific vendor and model information of the terminal asset are extracted from a Media Dec field etc. carried in a Session Description Protocol-section (session description protocol section) of a preview message. For example, the UA field may extract Hikvision or other information, the Media Dec field may extract codec number information supported by IPC such as RTP/AVP 96 97 98, and the specific vendor or the like may be determined from the codec number information.
Step S204, according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, the 1 st asset confidence value is calculated.
In this step, each 1 st terminal asset information is assigned a confidence weight, for example, 30%, 20%, 15% or the like, and then the 1 st asset confidence value is calculated by combining the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight, for example, by a weighted summation method.
Step S205, if the 1 st asset confidence value is greater than or equal to a preset confidence threshold, determining the 1 st terminal asset information as initial terminal asset information of the terminal to be identified; if the 1 st asset confidence value is less than the preset confidence threshold, step S201 is skipped.
Specifically, after the 1 st asset confidence value is obtained by calculation, comparing the 1 st asset confidence value with a preset confidence threshold, for example, setting the preset confidence threshold to be 85%, and if the 1 st asset confidence value is greater than or equal to the preset confidence threshold, determining the 1 st terminal asset information as an initial terminal asset of the terminal to be identified, namely, a first conclusion is made on terminal asset identification; if the 1 st asset confidence value is less than the preset confidence threshold, step S201 is skipped.
And step S206, the terminal flow transmitted by the terminal to be identified based on the preset transmission protocol is associated again according to the terminal metadata and the call identification, and the associated terminal flow is obtained.
In this embodiment, the terminal flow is a continuous process, so that whether the initial terminal asset is accurate or not can be continuously verified according to the subsequent terminal flow, that is, self-correction is performed according to the subsequent terminal flow. This step is similar to the step S201, and will not be described here again.
And S207, analyzing the terminal flow by using a preset character template to obtain the i-th terminal asset information corresponding to each extraction field, wherein i is more than or equal to 2, and i is an integer.
The step is similar to the step S203, and will not be described in detail herein, and it should be noted that the i-th terminal asset information obtained in the step may be new terminal asset information re-extracted, or may be a combination of a part of the new terminal asset information extracted and a part of the terminal asset information obtained before, for example, when the terminal is an OEM terminal, there may be a case that the i-th terminal asset information determined by the extraction field is not unique.
Step S208, according to the i-th terminal asset information corresponding to each extracted field and the corresponding confidence weight, calculating an i-th asset confidence value.
This step is similar to the step S204, and will not be described in detail here.
In step S209, if the i-th asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, the i-th terminal asset information is determined as the terminal asset information of the terminal to be identified.
After the ith asset confidence value is obtained through calculation, comparing the ith asset confidence value with the 1 st asset confidence value to the i-1 st asset confidence value, and if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified, and finally completing the whole asset identification process.
Optionally, in this embodiment, whether the terminal traffic is transmitted based on the preset transmission protocol may be identified by the port number corresponding to the transmission protocol and whether the preset keyword is included, for example, the port number is 5060, if yes, the terminal traffic transmitted by the terminal to be identified based on the preset transmission protocol is obtained, and if not, the terminal traffic is ignored.
The invention can accurately identify the asset information of the terminal based on the terminal flow, the identified terminal asset information is more complete, and continuous deviation correction can be carried out according to the subsequent terminal flow, thereby obtaining more accurate terminal asset information.
Fig. 3 illustrates a schematic structure of a terminal asset identification device according to an embodiment of the present invention. As shown in fig. 3, the apparatus includes: an acquisition module 301, an analysis module 302, a calculation module 303, a determination module 304.
The acquisition module 301 is adapted to acquire a terminal traffic transmitted by a terminal to be identified based on a preset transmission protocol;
the analysis module 302 is adapted to analyze the terminal traffic by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field, wherein the extraction field corresponding to the terminal asset information is defined in the preset character template;
A calculating module 303, adapted to calculate a1 st asset confidence value according to the 1 st terminal asset information corresponding to each extracted field and the corresponding confidence weight;
A determining module 304, adapted to determine the 1 st terminal asset information as the terminal asset information of the terminal to be identified if the 1 st asset confidence value is greater than or equal to a preset confidence threshold; and if the 1 st asset confidence value is smaller than the preset confidence threshold value, triggering the acquisition module to execute.
Optionally, the analysis module is further adapted to: analyzing the terminal flow by using a preset character template to obtain the i-th terminal asset information corresponding to each extraction field;
the computing module is further adapted to: calculating an ith asset confidence value according to the ith terminal asset information corresponding to each extracted field and the corresponding confidence weight, wherein i is more than or equal to 2, and i is an integer;
The determination module is further adapted to: and if the ith asset confidence value is greater than or equal to the maximum value from the 1 st asset confidence value to the i-1 st asset confidence value, determining the ith terminal asset information as the terminal asset information of the terminal to be identified.
Optionally, the analysis module is further adapted to: identifying and determining a protocol communication process from a protocol header of a transmission protocol corresponding to the terminal flow;
and analyzing the terminal flow by using a character template matched with the protocol communication process to obtain the 1 st terminal asset information corresponding to each extracted field.
Optionally, the protocol communication process includes: registration process, heartbeat process, catalog retrieval process, preview process, video playback process, device information inquiry process, logout process.
Optionally, the acquisition module is further adapted to: according to the terminal metadata and the call identification, the terminal flow transmitted by the terminal to be identified based on a preset transmission protocol is associated;
Analyzing the terminal flow by using a preset character template, and obtaining the 1 st terminal asset information corresponding to each extraction field further comprises:
And analyzing the associated terminal flow by using a preset character template to obtain the 1 st terminal asset information corresponding to each extraction field.
Optionally, the terminal metadata includes: source IP address, destination IP address, source port number, destination port number.
Optionally, the transmission protocol is: GB28181 protocol.
The invention can accurately identify the asset information of the terminal based on the terminal flow, the identified terminal asset information is more complete, and continuous deviation correction can be carried out according to the subsequent terminal flow, thereby obtaining more accurate terminal asset information.
The embodiment of the application also provides a non-volatile computer storage medium, which stores at least one executable instruction, and the computer executable instruction can execute the terminal asset identification method in any of the above method embodiments.
FIG. 4 illustrates a schematic diagram of a computing device, according to one embodiment of the invention, the particular embodiment of the invention not being limited to a particular implementation of the computing device.
As shown in fig. 4, the computing device may include: a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein:
Processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
Processor 402 is configured to execute program 410, and may specifically perform relevant steps in the above-described terminal asset identification method embodiment.
In particular, program 410 may include program code including computer-operating instructions.
The processor 402 may be a central processing unit CPU, or an Application-specific integrated Circuit ASIC (Application SPECIFIC INTEGRATED Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included by the computing device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically operative to cause processor 402 to perform the terminal asset identification method of any of the method embodiments described above. The specific implementation of each step in the procedure 410 may refer to the corresponding step and corresponding description in the unit in the above terminal asset identification embodiment, which is not repeated herein. It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and modules described above may refer to corresponding procedure descriptions in the foregoing method embodiments, which are not repeated herein.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components according to embodiments of the present invention may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). The present invention can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.