CN116633814A - Intelligent asset identification system based on flow - Google Patents
Intelligent asset identification system based on flow Download PDFInfo
- Publication number
- CN116633814A CN116633814A CN202310829986.2A CN202310829986A CN116633814A CN 116633814 A CN116633814 A CN 116633814A CN 202310829986 A CN202310829986 A CN 202310829986A CN 116633814 A CN116633814 A CN 116633814A
- Authority
- CN
- China
- Prior art keywords
- asset
- module
- learning
- flow
- identification system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000605 extraction Methods 0.000 claims abstract description 50
- 238000004458 analytical method Methods 0.000 claims abstract description 22
- 238000005206 flow analysis Methods 0.000 claims abstract description 20
- 238000004891 communication Methods 0.000 claims abstract description 12
- 230000000694 effects Effects 0.000 claims abstract description 11
- 238000011160 research Methods 0.000 claims abstract description 10
- 238000013135 deep learning Methods 0.000 claims description 14
- 238000013500 data storage Methods 0.000 claims description 11
- 238000013075 data extraction Methods 0.000 claims description 6
- 238000000034 method Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 4
- 235000008694 Humulus lupulus Nutrition 0.000 claims 1
- 230000006870 function Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 2
- 206010019233 Headaches Diseases 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000009960 carding Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 231100000869 headache Toxicity 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an intelligent asset identification system based on flow, belongs to the technical field of network asset identification, and solves the problems of small flow analysis range, poor extraction effect, lack of research and judgment learning function and the like of the conventional asset identification system. The system comprises a flow analysis system, an asset identification system, an asset display system and a learning and studying and judging system, wherein the flow analysis system is in communication connection with the asset identification system, and the asset identification system is in communication connection with the asset display system and the learning and studying and judging system. According to the invention, through analyzing and analyzing the fine granularity of the flow, the fingerprint characteristics are flexibly used for extracting the property of the asset, accurately identifying the asset, taking TTL characteristics as a main part, and combining multiple characteristic modes for research and judgment; the asset display module displays various asset information and transmits the asset information to the mobile intelligent terminal in real time, achieves the effect of studying and judging by combining machine statistics learning, judges the asset as an asset IP after a certain threshold value is reached, learns the flow characteristic analysis result of the set data packet and updates the flow characteristic analysis result in real time.
Description
Technical Field
The invention belongs to the technical field of network asset identification, and relates to an asset identification system, in particular to an intelligent asset identification system based on flow.
Background
With the rapid development of the internet, network digital assets are spread over corners, and the problem of carding enterprise assets and asset attributes is always a headache problem of large enterprises. Asset combing may be performed in three ways: the method comprises the steps of manual recording, active detection information and passive flow identification, wherein the three modes are complementary, and each dimension of the asset can be accurately combed, and the feature identification based on the passive flow is realized by a certain technical means, including technologies related to flow decoding, restoration, feature extraction matching and machine learning statistics, so that the final automatic asset identification is finished.
The technology of identifying and extracting assets from the traffic is blank, especially the identification of enterprise assets and private assets of public networks is judged by the characteristics of the traffic, most of the technology is based on active scanning or collecting assets by installing agent ends on a PC, and the identification of the traffic is limited to IP of an intranet section or according to a destination port, and potential characteristics of traffic interacting in the network are not grasped.
At present, most of the prior art is based on the IP of the internal network section, or is based on the destination port, the accuracy is limited, the identification effect is not ideal, and the enterprise asset network architecture cannot be completely described. The flow passing through the core switch of the enterprise contains all business data of the enterprise, wherein the whole process of access from inside to outside, from outside to inside and from inside to inside is contained, and the access to open business and different services is not presented in the flow at any time.
Based on the above, we propose an intelligent asset identification system based on flow, through analyzing the fine granularity of flow, flexibly using fingerprint features to extract asset attributes, accurately identifying assets, taking TTL features as the main, and combining multiple feature modes for research and judgment; the asset display module displays various asset information and transmits the asset information to the mobile intelligent terminal in real time, achieves the effect of studying and judging by combining machine statistics learning, judges the asset as an asset IP after a certain threshold value is reached, learns the flow characteristic analysis result of the set data packet and updates the flow characteristic analysis result in real time.
Disclosure of Invention
The invention aims to solve the problems in the prior art, and provides an intelligent asset identification system based on flow, which aims to solve the technical problems that: how to analyze the fine granularity of the flow, flexibly use fingerprint features to extract asset attributes, accurately identify assets, display various asset information and transmit the asset information to the mobile intelligent terminal in real time, and meanwhile, realize the effect of studying and judging by combining machine statistics learning, and judge that the asset is the asset IP after a certain threshold is reached, and learn and update the flow feature analysis result of a set data packet in real time.
The aim of the invention can be achieved by the following technical scheme:
the intelligent asset identification system based on the flow comprises a flow analysis system, an asset identification system, an asset display system and a learning and studying and judging system, wherein the flow analysis system is in communication connection with the asset identification system, and the asset identification system is in communication connection with the asset display system and the learning and studying and judging system;
the flow analysis system comprises a flow analysis module, a preset asset segment module and a data storage module;
the asset identification system comprises an asset identification module and an asset extraction module, wherein the asset extraction module consists of an asset attribute definition module and an asset attribute extraction module;
the asset display system comprises an asset display module, a real-time updating module and a cloud backup module;
the learning and studying judgment system comprises a preliminary learning module, a deep learning module and a learning updating module.
The flow analysis module analyzes and processes the collected flow data information, and sends the analyzed and processed information to the data storage module, and the data storage module stores the related data information.
The preset asset segment module is configured to preset an asset segment threshold, and the IP hitting the asset segment can be directly determined as an asset.
The asset identification module is used for comparing and processing the network asset data, accurately identifying the asset through the flow characteristics, taking TTL characteristics as the main, and combining multiple characteristic modes for research and judgment.
The asset extraction module is used for extracting data of the asset, the data extraction of the asset depends on fingerprint matching, a fingerprint matching model is built in an engine, meanwhile, association definition/extraction actions are used as recognition results, and the extraction part is divided into two types: a definition section and an extraction section.
The asset attribute definition module determines content, such as defining that the secondary session is an ftp protocol, the application is an nginx, etc.
The asset attribute extraction module extracts attribute data of different dimensions of the asset from a certain part of the data packet, for example, from the beginning of a certain character to the end of a certain field as an extraction result.
The extraction class rules use: start & end strings, offset number of characters & length, regular matching section.
The asset display module displays, but is not limited to including, asset IP, asset MAC, open port, application, protocol, service, operating system, device type, and hostname information.
And the real-time updating module is used for sorting the network asset analysis results and sending the network asset analysis results to the cloud backup module in real time to store and backup the network asset information.
The system also comprises a wireless connection module and a mobile intelligent terminal; the asset display system is in communication connection with the wireless connection module, the wireless connection module is in wireless connection with the mobile intelligent terminal, the notification module receives the network asset information sent by the asset display system and transmits the network asset information to the mobile intelligent terminal in real time, and the mobile intelligent terminal displays the network asset information.
The initial asset identification of the asset identification module is realized by adopting a TTL value in a data packet, at least one of two source and destination IPs in one session is an asset in the internal data flow of an enterprise, which party is more likely to be an asset party can be initially judged to be more local according to the TTL value in the data packet, and the statistical learning of the machine initial learning module is combined to achieve the effect of research and judgment.
The deep asset identification of the asset identification module, TTL is the maximum hop count that the IP data packet can be forwarded in the computer network, the TTL field is set by the sender of the IP data packet, on the whole forwarding path of the IP data packet from the source to the destination, each time a router passes, the router can modify the TTL field value, specifically, the TTL value is subtracted by 1, and then the IP data packet is forwarded. Therefore, in the flow passing through the core switch, the party with smaller jump number of the TTL value is more likely to be the class asset, the machine deep learning module is combined to carry out statistic learning on the data, if the same IP appears as the class asset in different sessions, the party can judge that the IP is the asset IP after reaching a certain threshold value.
The preliminary learning module is used for learning TTL values in the set data packets to preliminarily judge which party is closer to the local, namely the party can be regarded as the more probable asset party.
The deep learning module is used for learning a party with smaller jump number of the TTL value deep judgment TTL value in the set data packet, and the party is more likely to be a class asset.
The learning updating module is used for learning the flow characteristic analysis result of the set data packet and updating and sending the flow characteristic analysis result to the preliminary learning module and the deep learning module in real time.
Compared with the prior art, the intelligent asset identification system based on the flow has the following advantages:
according to the invention, through analyzing and analyzing the fine granularity of the flow, the asset is accurately identified, and the TTL characteristics are taken as the main materials, and a plurality of characteristic modes are combined for research and judgment; the asset segment is preset, and the IP hitting the asset segment can be directly determined as the asset.
The data extraction of the asset depends on the matching of fingerprints, a fingerprint matching model is built in an engine, and meanwhile, the association definition/extraction action is taken as a recognition result, and the extraction part is divided into two types: the definition part and the extraction part flexibly use the fingerprint characteristics to extract the property.
Extraction class rules use: start & end strings, offset number of characters & length, regular matching section;
the asset display module is matched with the wireless connection module and the mobile intelligent terminal to display information including asset IP, asset MAC, open port, application, protocol, service, operating system, equipment type and host name, and transmits the information to the mobile intelligent terminal in real time;
the learning and judging system is matched with the asset identification module to realize the effect of learning and judging by combining machine statistics, the asset IP can be judged after a certain threshold value is reached, and the flow characteristic analysis result of the set data packet is learned and updated in real time.
Drawings
Fig. 1 is a system block diagram of the present invention.
Fig. 2 is a flow chart of the present invention.
FIG. 3 is an identification block diagram of an asset identification module in the present invention.
FIG. 4 is an extraction block diagram of an asset attribute extraction module in the present invention.
Fig. 5 is a model diagram of asset IP in the present invention.
FIG. 6 is a model diagram of an asset property definition module in the present invention.
FIG. 7 is a model diagram of an asset attribute extraction module in the present invention.
FIG. 8 is a schematic diagram of a preliminary outcome output of asset identification in the present invention.
FIG. 9 is a schematic diagram II of a preliminary outcome output of asset identification in the present invention.
FIG. 10 is a schematic diagram of an asset data presentation in accordance with the present invention.
FIG. 11 is a second diagram of asset data presentation in accordance with the present invention.
Detailed Description
The following are specific embodiments of the present invention and the technical solutions of the present invention will be further described with reference to the accompanying drawings, but the present invention is not limited to these embodiments.
1-11, the intelligent asset identification system based on flow comprises a flow analysis system, an asset identification system, an asset display system and a learning and studying and judging system, wherein the flow analysis system is in communication connection with the asset identification system, and the asset identification system is in communication connection with the asset display system and the learning and studying and judging system;
the flow analysis system comprises a flow analysis module, a preset asset segment module and a data storage module;
the asset identification system comprises an asset identification module and an asset extraction module, and the asset extraction module consists of an asset attribute definition module and an asset attribute extraction module;
the asset display system comprises an asset display module, a real-time updating module and a cloud backup module;
the learning and studying judgment system comprises a preliminary learning module, a deep learning module and a learning updating module.
The flow analysis module is used for analyzing and processing the collected flow data information and sending the analyzed and processed information to the data storage module, and the data storage module is used for storing the related data information.
The preset asset segment module is used for presetting an asset segment threshold value, and the IP hitting the asset segment can be directly judged as the asset.
And the asset identification module is used for comparing the network asset data, accurately identifying the asset through the flow characteristics, and combining multiple characteristic modes with TTL characteristics as a main mode for research and judgment.
The asset extraction module is used for extracting data of the asset, the data extraction of the asset depends on fingerprint matching, a fingerprint matching model is built in an engine, meanwhile, association definition/extraction actions are used as recognition results, and the extraction part is divided into two types: a definition section and an extraction section.
The asset attribute definition module determines content, such as defining that the secondary session is an ftp protocol, the application is an nginx, etc.
The asset attribute extraction module extracts attribute data of different dimensions of the asset from a certain part of the data packet, for example, from the beginning of a certain character to the end of a certain field as an extraction result.
The extraction class rules use: start & end strings, offset number of characters & length, regular matching section.
An asset display module that displays, but is not limited to including, asset IP, asset MAC, open port, application, protocol, service, operating system, device type, and hostname information.
And the real-time updating module is used for sorting the network asset analysis results and sending the network asset analysis results to the cloud backup module in real time to store and backup the network asset information.
The initial asset identification of the asset identification module is realized by adopting TTL values in data packets, at least one of two source and destination IPs in one session is an asset in the internal data flow of an enterprise, which party is more likely to be an asset party can be initially judged to be more local according to the TTL values in the data packets, and the statistical learning of the machine initial learning module is combined to achieve the effect of research and judgment.
The deep asset identification of the asset identification module, TTL is the maximum hop count that the IP data packet can be forwarded in the computer network, TTL field is set by sender of the IP data packet, on the whole forwarding path of the IP data packet from source to destination, every time through a router, the router will modify this TTL field value, the specific practice is to subtract 1 from this TTL value, then forward the IP packet out. Therefore, in the flow passing through the core switch, the party with smaller jump number of the TTL value is more likely to be the class asset, the machine deep learning module is combined to carry out statistic learning on the data, if the same IP appears as the class asset in different sessions, the party can judge that the IP is the asset IP after reaching a certain threshold value.
The preliminary learning module is used for learning TTL values in the set data packets to preliminarily judge which party is closer to the local, namely the party can be regarded as more likely to be the asset party.
The deep learning module is used for learning a party with smaller jump number of the TTL value in the set data packet, and the party is more likely to be a class asset.
The learning updating module is used for learning the flow characteristic analysis result of the set data packet and updating and sending the flow characteristic analysis result to the preliminary learning module and the deep learning module in real time.
The intelligent asset identification system based on the flow also comprises a wireless connection module and a mobile intelligent terminal; the asset display system is in communication connection with the wireless connection module, the wireless connection module is in wireless connection with the mobile intelligent terminal, the notification module receives the network asset information sent by the asset display system and transmits the network asset information to the mobile intelligent terminal in real time, and the mobile intelligent terminal displays the network asset information.
The working principle of the invention is as follows:
the flow analysis module analyzes and processes the collected flow data information, and sends the analyzed and processed information to the data storage module, and the data storage module stores the related data information.
And the information data analyzed by the flow analysis module is transmitted to a preset asset segment module, and if the information data is positioned in an asset segment threshold value, the IP hitting the asset segment can be directly judged as the asset.
The asset identification module is used for comparing and processing the network asset data, accurately identifying the asset through the flow characteristics, taking TTL characteristics as main, and combining multiple characteristic modes for studying and judging:
the initial asset identification of the asset identification module is realized by adopting a TTL value in a data packet, at least one of two source and destination IPs in one session is an asset in the internal data flow of an enterprise, which party is more likely to be an asset party can be initially judged to be more local according to the TTL value in the data packet, and the statistical learning of the machine initial learning module is combined to achieve the effect of research and judgment;
the deep asset identification of the asset identification module, TTL is the maximum hop count that the IP data packet can be forwarded in the computer network, TTL field is set by sender of the IP data packet, on the whole forwarding path of the IP data packet from source to destination, every time through a router, the router will modify this TTL field value, the specific practice is to subtract 1 from this TTL value, then forward the IP packet out. Therefore, in the flow passing through the core switch, the party with smaller jump number of the TTL value is more likely to be the asset class, the machine deep learning module is combined to carry out statistic learning on the data, if the same IP is used as the asset class in different sessions, the asset IP can be judged after a certain threshold value is reached;
the learning updating module is used for learning the flow characteristic analysis result of the set data packet and updating and sending the flow characteristic analysis result to the preliminary learning module and the deep learning module in real time
The asset extraction module is used for extracting data of the asset, the data extraction of the asset depends on fingerprint matching, a fingerprint matching model is built in an engine, meanwhile, association definition/extraction actions are used as recognition results, and the extraction part is divided into two types: a definition section and an extraction section.
The asset attribute definition module determines content, such as defining that the secondary session is an ftp protocol, the application is an nginx, etc.
The asset attribute extraction module extracts attribute data of different dimensions of the asset from a certain part of the data packet, for example, from the beginning of a certain character to the end of a certain field as an extraction result.
Extraction class rules use: start & end strings, offset number of characters & length, regular matching section.
The asset display module displays, but is not limited to, asset IP, asset MAC, open port, application, protocol, service, operating system, equipment type and hostname information, so that monitoring personnel can conveniently know asset dynamics.
The real-time updating module sorts the network asset analysis results and sends the network asset analysis results to the cloud backup module in real time, and the network asset information is stored and backed up.
The asset display system is in communication connection with the wireless connection module, the wireless connection module is in wireless connection with the mobile intelligent terminal, the notification module receives network asset information sent by the asset display system and transmits the network asset information to the mobile intelligent terminal in real time, and the mobile intelligent terminal displays the network asset information and displays the asset information, so that monitoring staff can know asset dynamics conveniently.
In conclusion, the method accurately identifies the asset through analyzing the fine granularity of the flow, and combines multiple characteristic modes with TTL characteristics as the main characteristic; the asset segment is preset, and the IP hitting the asset segment can be directly determined as the asset.
The data extraction of the asset depends on the matching of fingerprints, a fingerprint matching model is built in an engine, and meanwhile, the association definition/extraction action is taken as a recognition result, and the extraction part is divided into two types: the definition part and the extraction part flexibly use the fingerprint characteristics to extract the property.
Extraction class rules use: start & end strings, offset number of characters & length, regular matching section;
the asset display module is matched with the wireless connection module and the mobile intelligent terminal to display information including asset IP, asset MAC, open port, application, protocol, service, operating system, equipment type and host name, and transmits the information to the mobile intelligent terminal in real time;
the learning and judging system is matched with the asset identification module to realize the effect of learning and judging by combining machine statistics, the asset IP can be judged after a certain threshold value is reached, and the flow characteristic analysis result of the set data packet is learned and updated in real time.
The specific embodiments described herein are offered by way of example only to illustrate the spirit of the invention. Those skilled in the art may make various modifications or additions to the described embodiments or substitutions thereof without departing from the spirit of the invention or exceeding the scope of the invention as defined in the accompanying claims.
Claims (10)
1. The intelligent asset identification system based on the flow is characterized by comprising a flow analysis system, an asset identification system, an asset display system and a learning and studying and judging system, wherein the flow analysis system is in communication connection with the asset identification system, and the asset identification system is in communication connection with the asset display system and the learning and studying and judging system;
the flow analysis system comprises a flow analysis module, a preset asset segment module and a data storage module;
the asset identification system comprises an asset identification module and an asset extraction module, wherein the asset extraction module consists of an asset attribute definition module and an asset attribute extraction module;
the asset display system comprises an asset display module, a real-time updating module and a cloud backup module;
the learning and studying judgment system comprises a preliminary learning module, a deep learning module and a learning updating module.
2. The intelligent asset identification system based on flow according to claim 1, wherein the flow analysis module analyzes and processes the collected flow data information and sends the analyzed and processed information to the data storage module, and the data storage module stores the related data information.
The preset asset segment module is configured to preset an asset segment threshold, and the IP hitting the asset segment can be directly determined as an asset.
3. The intelligent asset identification system based on flow according to claim 1, wherein the asset identification module is configured to compare network asset data, accurately identify assets through flow characteristics, and perform research and judgment based on TTL characteristics and multiple characteristic modes.
The asset extraction module is used for extracting data of the asset, the data extraction of the asset depends on fingerprint matching, a fingerprint matching model is built in an engine, meanwhile, association definition/extraction actions are used as recognition results, and the extraction part is divided into two types: a definition section and an extraction section.
The asset attribute definition module determines content, such as defining that the secondary session is an ftp protocol and the application is an nginx.
The asset attribute extraction module extracts attribute data of different dimensions of the asset from a certain part of the data packet, for example, from the beginning of a certain character to the end of a certain field as an extraction result.
The extraction class rules use: start & end strings, offset number of characters & length, regular matching section.
4. The traffic-based intelligent asset identification system of claim 1, wherein the asset display module displays, but is not limited to, asset IP, asset MAC, open port, applications, protocols, services, operating system, device type, and hostname information.
And the real-time updating module is used for sorting the network asset analysis results and sending the network asset analysis results to the cloud backup module in real time to store and backup the network asset information.
5. The intelligent asset identification system based on traffic of claim 1, further comprising a wireless connection module and a mobile intelligent terminal; the asset display system is in communication connection with the wireless connection module, the wireless connection module is in wireless connection with the mobile intelligent terminal, the notification module receives the network asset information sent by the asset display system and transmits the network asset information to the mobile intelligent terminal in real time, and the mobile intelligent terminal displays the network asset information.
6. The intelligent asset identification system based on traffic of claim 1, wherein the initial asset identification of the asset identification module uses the TTL value in the data packet to determine whether the party is more local or more likely to be the party of the asset according to the initial determination of at least one of the two IPs of the source and destination in a session in the internal data traffic of the enterprise, and the statistical learning of the machine initial learning module is combined to achieve the effect of studying and judging.
7. The intelligent asset identification system according to claim 6, wherein the asset identification module has a deep asset identification, a TTL is a maximum hop count for forwarding an IP packet in a computer network, a TTL field is set by a sender of the IP packet, and the router modifies a value of the TTL field every time the IP packet passes through a router on an entire forwarding path from a source to a destination, by subtracting 1 from the value of the TTL, and forwarding the IP packet. Therefore, in the flow passing through the core switch, the party with smaller jump number of the TTL value is more likely to be the class asset, the machine deep learning module is combined to carry out statistic learning on the data, if the same IP appears as the class asset in different sessions, the party can judge that the IP is the asset IP after reaching a certain threshold value.
8. The intelligent asset identification system according to claim 7, wherein the preliminary learning module is configured to learn a TTL value in the set data packet to preliminarily determine which party is more local, i.e. more likely to be the asset party.
9. The intelligent asset identification system according to claim 8, wherein the deep learning module is configured to learn that the smaller the number of hops the TTL value deep decision TTL value passes in the set data packet, the more likely it is to be an asset-like.
10. The intelligent asset identification system based on flow of claim 9, wherein the learning update module is configured to learn the flow characteristic analysis result of the set data packet and update and send the learning result to the preliminary learning module and the deep learning module in real time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310829986.2A CN116633814A (en) | 2023-07-07 | 2023-07-07 | Intelligent asset identification system based on flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310829986.2A CN116633814A (en) | 2023-07-07 | 2023-07-07 | Intelligent asset identification system based on flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116633814A true CN116633814A (en) | 2023-08-22 |
Family
ID=87610128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310829986.2A Pending CN116633814A (en) | 2023-07-07 | 2023-07-07 | Intelligent asset identification system based on flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116633814A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118138380A (en) * | 2024-05-08 | 2024-06-04 | 华信咨询设计研究院有限公司 | Intelligent identification and classification method, system and medium based on IP protocol TTL value |
-
2023
- 2023-07-07 CN CN202310829986.2A patent/CN116633814A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118138380A (en) * | 2024-05-08 | 2024-06-04 | 华信咨询设计研究院有限公司 | Intelligent identification and classification method, system and medium based on IP protocol TTL value |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106815112B (en) | Massive data monitoring system and method based on deep packet inspection | |
| CN102315974B (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
| CN111683097B (en) | Cloud network flow monitoring system based on two-stage architecture | |
| CN102164049B (en) | Universal identification method for encrypted flow | |
| CN101414939B (en) | Internet application recognition method based on dynamical depth package detection | |
| CN110113345A (en) | A method of the assets based on Internet of Things flow are found automatically | |
| CN106789242B (en) | Intelligent identification application analysis method based on mobile phone client software dynamic feature library | |
| CN106921637A (en) | The recognition methods of the application message in network traffics and device | |
| CN116633814A (en) | Intelligent asset identification system based on flow | |
| CN104468252A (en) | Intelligent network service identification method based on positive transfer learning | |
| CN101184000A (en) | Packet sampling and application signature based internet application flux identifying method | |
| CN112769623A (en) | Internet of things equipment identification method under edge environment | |
| CN110034966B (en) | Data flow classification method and system based on machine learning | |
| CN109450733B (en) | Network terminal equipment identification method and system based on machine learning | |
| CN115473850B (en) | AI-based real-time data filtering method, system and storage medium | |
| CN111147394A (en) | Multi-stage classification detection method for remote desktop protocol traffic behavior | |
| CN111953552A (en) | Data flow classification method and message forwarding equipment | |
| CN117955745B (en) | Network attack homology analysis method integrating network flow characteristics and threat information | |
| CN114070800B (en) | SECS2 flow quick identification method combining deep packet inspection and deep flow inspection | |
| CN101321097A (en) | Tencent network living broadcast business recognition method based on payload depth detection | |
| CN112787848A (en) | Active scanning system based on network flow analysis | |
| CN111200543A (en) | Encryption protocol identification method based on active service detection engine technology | |
| KR100621996B1 (en) | Method and system of analyzing internet service traffic | |
| Do et al. | Real time VoIP traffic classification | |
| KR100429542B1 (en) | Method for analyzing real-time multimedia packets in an internet network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |