CN116346395A - Industrial control network asset identification method, system, equipment and storage medium - Google Patents
Industrial control network asset identification method, system, equipment and storage medium Download PDFInfo
- Publication number
- CN116346395A CN116346395A CN202211610013.1A CN202211610013A CN116346395A CN 116346395 A CN116346395 A CN 116346395A CN 202211610013 A CN202211610013 A CN 202211610013A CN 116346395 A CN116346395 A CN 116346395A
- Authority
- CN
- China
- Prior art keywords
- industrial control
- control network
- asset identification
- equipment
- network asset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000013507 mapping Methods 0.000 claims abstract description 19
- 230000015654 memory Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 9
- 238000013515 script Methods 0.000 claims description 9
- 230000003993 interaction Effects 0.000 claims description 5
- 230000006854 communication Effects 0.000 claims description 4
- 230000000875 corresponding effect Effects 0.000 description 35
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000036314 physical performance Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an industrial control network asset identification method, an industrial control network asset identification system, industrial control network asset identification equipment and a storage medium, wherein the industrial control network asset identification method comprises the following steps: detecting an open port of the equipment, and predicting all services corresponding to the detected port; traversing the mapping of the port and the service, and identifying the service corresponding to the port; iteratively identifying the mapping from the service corresponding to the port to the fingerprint to analyze the equipment attribute; according to the analyzed equipment attributes, corresponding loopholes are obtained by matching from a loophole expert library, and a loophole corresponding loophole repairing scheme obtained by matching is obtained, so that industrial control network asset identification is completed.
Description
Technical Field
The invention belongs to the technical field of industrial control safety, and relates to an industrial control network asset identification method, an industrial control network asset identification system, industrial control network asset identification equipment and an industrial control network asset identification storage medium.
Background
With the advent of the internet of things, the industrial control is gradually changed from the traditional single machine mode and the local area network mode to the internet mode, and the system is also opened and intelligent from the closed mode. Meanwhile, operations such as control, debugging and upgrading of the equipment are also gradually changed from off-line to on-line. All the changes are convenient for monitoring and operating the equipment, but the risk of network attack on the industrial control equipment is increased, and as the industrial control asset identification and the security problem derived from the industrial control asset identification are the basis for ensuring the security of an industrial control system, a scheme capable of stably, accurately and rapidly identifying the industrial control equipment in the network is necessarily designed, and meanwhile, a vulnerability corresponding vulnerability repairing scheme is required to be matched.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an industrial control network asset identification method, an industrial control network asset identification system, industrial control network asset identification equipment and an industrial control network asset identification storage medium.
In order to achieve the above purpose, the invention adopts the following technical scheme:
in one aspect of the present invention, the present invention provides an industrial control network asset identification method comprising the following steps:
detecting an open port of the equipment, and predicting all services corresponding to the detected port;
traversing the mapping of the port and the service, and identifying the service corresponding to the port;
iteratively identifying the mapping from the service corresponding to the port to the fingerprint to analyze the equipment attribute;
and matching the corresponding loopholes from the loophole expert library according to the analyzed equipment attributes, and acquiring a loophole corresponding loophole repairing scheme obtained by matching to complete industrial control network asset identification.
The open port of the device is probed with a scanning tool.
Further comprises: and associating the acquired equipment attribute with the geographic position, and storing the acquired equipment attribute in a full-text index database in a document form.
The specific process of traversing the mapping of the port and the service and identifying the service corresponding to the port is as follows:
and sequentially running all possible service scripts corresponding to the ports until the service corresponding to the ports is identified according to the running result of the service scripts, and running web analysis by using an http protocol and an https protocol when the service corresponding to the ports is not identified after all the service scripts are run.
The specific process of iteratively identifying the mapping from the service corresponding to the port to the fingerprint to resolve the device attribute is as follows:
constructing a request packet according to the definition of the protocol packet, simulating the communication process with the equipment according to the protocol interaction rule, collecting a reply packet of the equipment, and acquiring fingerprint characteristic information from the reply packet so as to analyze the equipment attribute.
The device attributes include device vendor, type, and firmware version.
The text index database is an elastic search database.
In a second aspect of the present invention, the present invention provides an industrial control network asset identification system, including:
the port scanning module is used for detecting the open port of the equipment and predicting all services corresponding to the detected port;
the service identification module is used for traversing the mapping between the ports and the services and identifying the services corresponding to the ports;
the fingerprint identification module is used for iteratively identifying the mapping from the service corresponding to the port to the fingerprint so as to analyze the equipment attribute;
and the vulnerability matching module is used for matching and obtaining corresponding vulnerabilities from a vulnerability expert database according to the analyzed equipment attributes, and obtaining a vulnerability corresponding vulnerability repairing scheme obtained by matching so as to complete industrial control network asset identification.
In a third aspect of the invention, a computer device is provided, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the industrial control network asset identification method when executing the computer program.
In a fourth aspect, the present invention provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of the industrial control network asset identification method.
The invention has the following beneficial effects:
when the industrial control network asset identification method, the system, the equipment and the storage medium are specifically operated, the mapping from the service corresponding to the port to the fingerprint is identified by iteration to analyze the equipment attribute, and then corresponding loopholes are matched from the loopholes expert database according to the analyzed equipment attribute to acquire the loopholes repairing scheme corresponding to each loophole, so that the industrial control equipment in the network is identified stably, accurately and quickly, a user can conveniently inquire and retrieve, and the loopholes repairing scheme corresponding to the equipment loopholes in the network is matched.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
FIG. 1 is a schematic flow chart of the method of the present invention;
fig. 2 is a schematic diagram of a system structure according to the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The invention is described in further detail below with reference to the attached drawing figures:
example 1
The industrial control network asset identification method comprises the following steps:
1) Detecting the port opened by the equipment by using a scanning tool, and predicting all services corresponding to the detected port;
2) Traversing the mapping of the port and the service, and identifying the service corresponding to the port;
3) Iteratively identifying the mapping from the service corresponding to the port to the fingerprint to analyze the equipment attribute;
4) According to the analyzed equipment attributes, matching to obtain corresponding loopholes from a loophole expert library, and obtaining a loophole corresponding loophole repairing scheme obtained by matching;
5) And correlating the acquired equipment related data with the geographic position, and storing the acquired equipment related data in a full-text index database in a document form.
And 2) sequentially running all possible service scripts corresponding to the ports until the service corresponding to the ports is identified according to the running result of the service scripts, and further, when the service corresponding to the ports is not identified after all the service scripts are run, running web analysis by using an http protocol and an https protocol.
In step 3), a request packet is constructed according to the definition of the protocol packet, the communication process with the equipment is simulated according to the protocol interaction rule, meanwhile, a reply packet of the equipment is collected, fingerprint characteristic information is obtained from the reply packet, and therefore the attribute of the equipment is analyzed, wherein the attribute of the equipment at least comprises equipment manufacturer, type and firmware version.
The text index database is an elastic search database.
Example two
The invention relates to an industrial control network asset identification system, which comprises:
the port scanning module is used for detecting the open port of the equipment and predicting all services corresponding to the detected port;
the service identification module is used for traversing the mapping between the ports and the services and identifying the services corresponding to the ports;
the fingerprint identification module is used for iteratively identifying the mapping from the service corresponding to the port to the fingerprint so as to analyze the equipment attribute;
and the vulnerability matching module is used for matching and obtaining corresponding vulnerabilities from a vulnerability expert database according to the analyzed equipment attributes, and obtaining a vulnerability corresponding vulnerability repairing scheme obtained by matching so as to complete industrial control network asset identification.
In one embodiment of the invention, to expedite the scanning detection of mass device nodes, each module in an industrial control network asset identification system is distributed to a plurality of servers. However, how many nodes each module is allocated to, needs to refer to classical empirical values, and is determined after comprehensively evaluating the physical performance and network bandwidth of the scanning device. In a word, to ensure that the balance of message production and message consumption can be achieved between the modules, long-time message accumulation on a certain module is avoided. When messages are piled up, the configuration of the node number of the scanning system is unreasonable, and performance improvement caused by insufficient pipeline is caused, so that some modules are excessively busy, and some modules are excessively idle.
In this embodiment, port scanning, service detection, etc. may generate certain side effects, so as to reduce irrelevant traffic in the network, and to affect devices in the network as little as possible, a traffic monitoring manner may be adopted to assist in asset identification in the controlled network. The normal network communication can monitor the flow packet by tcpdump, the mac information involved in the data link layer, the ip information is acquired in the network layer, the port information is acquired in the transmission layer, and the transmitted information can be used for analyzing the industrial control protocol.
tcpdump is a relatively simple passive identification manner, but the Xu Duogong control protocol often involves multiple network interaction processes, that is, multiple data packets are integrated to identify an industrial control device, and then a professional flow monitoring tool is needed to intervene, which is similar to an IPS or IDS tool (such as surica), and the tool can process the specific characteristics in a programmed manner and execute corresponding actions.
Likewise, the passively identified industrial control fingerprint features also need to be added into a fingerprint library in time, so that the system can continuously evolve itself, and industrial control asset equipment can be identified more quickly and accurately.
Therefore, in order to reduce the flow in the network, the equipment in the network is affected as little as possible, and the industrial control asset identification can be reasonably performed by adopting a scanning mode of which the main part is combined. Firstly, monitoring traffic in a network in a passive mode without influence, judging a surviving host, and taking the identified mac as a candidate basis for judging by a subsequent manufacturer. If the monitored flow has the corresponding industrial control interaction packet exactly and can be matched in the existing fingerprint database, the discovered equipment is recorded. For devices that remain unidentified, proactively identified approaches may be used. Because the active recognition is divided into a plurality of steps, if a certain step has obtained a result in the passive recognition stage, the active recognition stage can skip the execution of the stage and continue the processing of the subsequent stage.
Example III
A computer device comprising a memory, a processor and a computer program stored in and executable on the memory, the processor implementing the steps of the industrial control network asset identification method when executing the computer program, wherein the memory may comprise a memory, such as a high-speed random access memory, and may also comprise a non-volatile memory, such as at least one disk memory or the like; the processors, network interfaces, memories are interconnected by an internal bus, which may be an industry standard architecture bus, a peripheral component interconnect standard bus, an extended industry standard architecture bus, etc., and the buses may be divided into address buses, data buses, control buses, etc. The memory is used for storing programs, which may include program code including computer operation instructions, in particular. The memory may include memory and non-volatile storage and provide instructions and data to the processor.
Example IV
A computer readable storage medium storing a computer program which when executed by a processor performs the steps of the industrial control network asset identification method, in particular, the computer readable storage medium including, but not limited to, for example, volatile memory and/or non-volatile memory. The volatile memory may include Random Access Memory (RAM) and/or cache memory (cache), among others. The non-volatile memory may include Read Only Memory (ROM), hard disk, flash memory, optical disk, magnetic disk, and the like.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (10)
1. An industrial control network asset identification method is characterized by comprising the following steps:
detecting an open port of the equipment, and predicting all services corresponding to the detected port;
traversing the mapping of the port and the service, and identifying the service corresponding to the port;
iteratively identifying the mapping from the service corresponding to the port to the fingerprint to analyze the equipment attribute;
and matching the corresponding loopholes from the loophole expert library according to the analyzed equipment attributes, and acquiring a loophole corresponding loophole repairing scheme obtained by matching to complete industrial control network asset identification.
2. The industrial control network asset identification method of claim 1, wherein the open port of the device is probed with a scanning tool.
3. The industrial control network asset identification method of claim 1, further comprising: and associating the acquired equipment attribute with the geographic position, and storing the acquired equipment attribute in a full-text index database in a document form.
4. The industrial control network asset identification method according to claim 1, wherein the specific process of traversing the mapping between ports and services and identifying the service corresponding to the ports is as follows:
and sequentially running all possible service scripts corresponding to the ports until the service corresponding to the ports is identified according to the running result of the service scripts, and running web analysis by using an http protocol and an https protocol when the service corresponding to the ports is not identified after all the service scripts are run.
5. The industrial control network asset identification method according to claim 1, wherein the specific process of iteratively identifying the mapping from the service corresponding to the port to the fingerprint to resolve the device attribute is:
constructing a request packet according to the definition of the protocol packet, simulating the communication process with the equipment according to the protocol interaction rule, collecting a reply packet of the equipment, and acquiring fingerprint characteristic information from the reply packet so as to analyze the equipment attribute.
6. The industrial control network asset identification method of claim 5, wherein the device attributes include device vendor, type and firmware version.
7. The industrial control network asset identification method of claim 2, wherein the text index database is an elastic search database.
8. An industrial control network asset identification system, comprising:
the port scanning module is used for detecting the open port of the equipment and predicting all services corresponding to the detected port;
the service identification module is used for traversing the mapping between the ports and the services and identifying the services corresponding to the ports;
the fingerprint identification module is used for iteratively identifying the mapping from the service corresponding to the port to the fingerprint so as to analyze the equipment attribute;
and the vulnerability matching module is used for matching and obtaining corresponding vulnerabilities from a vulnerability expert database according to the analyzed equipment attributes, and obtaining a vulnerability corresponding vulnerability repairing scheme obtained by matching so as to complete industrial control network asset identification.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the industrial control network asset identification method according to any of claims 1-7 when the computer program is executed.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the industrial control network asset identification method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211610013.1A CN116346395A (en) | 2022-12-14 | 2022-12-14 | Industrial control network asset identification method, system, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211610013.1A CN116346395A (en) | 2022-12-14 | 2022-12-14 | Industrial control network asset identification method, system, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116346395A true CN116346395A (en) | 2023-06-27 |
Family
ID=86893597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211610013.1A Pending CN116346395A (en) | 2022-12-14 | 2022-12-14 | Industrial control network asset identification method, system, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116346395A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116975007A (en) * | 2023-07-29 | 2023-10-31 | 上海螣龙科技有限公司 | Method, system, equipment and medium for storing and displaying network assets |
-
2022
- 2022-12-14 CN CN202211610013.1A patent/CN116346395A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116975007A (en) * | 2023-07-29 | 2023-10-31 | 上海螣龙科技有限公司 | Method, system, equipment and medium for storing and displaying network assets |
| CN116975007B (en) * | 2023-07-29 | 2024-03-22 | 上海螣龙科技有限公司 | Method, system, equipment and medium for storing and displaying network assets |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10977154B2 (en) | Method and system for automatic real-time causality analysis of end user impacting system anomalies using causality rules and topological understanding of the system to effectively filter relevant monitoring data | |
| US11657309B2 (en) | Behavior analysis and visualization for a computer infrastructure | |
| US20220014556A1 (en) | Cybersecurity profiling and rating using active and passive external reconnaissance | |
| US20220014560A1 (en) | Correlating network event anomalies using active and passive external reconnaissance to identify attack information | |
| US11115428B2 (en) | Systems and methods for determining network data quality and identifying anomalous network behavior | |
| US20210092160A1 (en) | Data set creation with crowd-based reinforcement | |
| US9122784B2 (en) | Isolation of problems in a virtual environment | |
| WO2017114152A1 (en) | Service dial testing method, apparatus and system | |
| US8797876B2 (en) | Identification of underutilized network devices | |
| US20210360032A1 (en) | Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance | |
| CN107220121B (en) | Sandbox environment testing method and system under NUMA architecture | |
| US20170034001A1 (en) | Isolation of problems in a virtual environment | |
| US20210136120A1 (en) | Universal computing asset registry | |
| CN110766329B (en) | Risk analysis method, device, equipment and medium for information assets | |
| US20130254524A1 (en) | Automated configuration change authorization | |
| WO2017094377A1 (en) | Classification method, classification device, and classification program | |
| CN107392020A (en) | Database manipulation analysis method, device, computing device and computer-readable storage medium | |
| CN116346395A (en) | Industrial control network asset identification method, system, equipment and storage medium | |
| JP4504346B2 (en) | Trouble factor detection program, trouble factor detection method, and trouble factor detection device | |
| JP5834701B2 (en) | Method, apparatus, and program for resource discovery in a computing environment | |
| CN113918438A (en) | Method and device for detecting server abnormality, server and storage medium | |
| CN108667740A (en) | The method, apparatus and system of flow control | |
| CN117220957A (en) | Attack behavior response method and system based on threat information | |
| CN106612213B (en) | Equipment testing method and device | |
| CN111752819A (en) | Abnormity monitoring method, device, system, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |