Research On Active Perception Technology Of Distributed Network Information

With the rapid development of network information technology,the situation of network security has become increasingly severe.Malicious acts such as stealing government confidential documents and divulging important information of users by using cyber-attack and penetration technologies have seriously damaged the interests of the country and the people,so it is imperative to develop cyber security technologies.Network information active perception technology is an important type of network security technology,mainly for the active acquisition of network environment information(including host,system,service,topology,vulnerability and other information).Based on the obtained network environment information,network administrators can gain in-depth understanding of the detailed information of the networks and information systems they manage and make corresponding and effective defenses.With the rapid development of computer networks,the network topology is becoming larger and larger,and the types of network equipment,operating systems,and network services are becoming more and more diverse.How to effectively,quickly and accurately obtain network environment information is the key issue facing us.In view of the current network information perception technology has problems such as low perception accuracy and low network information acquisition efficiency,this paper studies distributed network information active perception technology.Specifically,the main research contents of this article include:1.An operating system awareness method based on Gaussian kernel function SVM is proposed to solve the problems of low recognition accuracy of operating system and inability to recognize unknown fingerprints.The main idea of this method is to combine the classification ideas in machine learning,convert the fingerprint data of the operating system into a feature vector,and then use the SVM algorithm to classify the feature vector.Effect,verify the accuracy of Gaussian nuclear classification is higher.2.Based on the researching content of 1,a multi-point joint distributed active sensing technology is further proposed.This method uses distributed perception as the basic architecture,and improves the perception efficiency through the coordination and jointness of multiple sensing nodes.On the one hand,the use of message middleware as the basic support for communication to achieve information synchronization,task management and real-time scanning results of distributed active sensing nodes;on the other hand,a task scheduling for distributed network information awareness is designed.The model uses the historical scan time as the weight to schedule the sensing tasks of each distributed active sensing node.Experimental verification shows that under the premise of ensuring the accuracy of scanning,it can reduce the CPU resource occupancy rate,reduce the average scanning time,and effectively improve the scanning efficiency.3.Based on the researching contents of 1 and 2,a distributed network information active sensing technology system is designed and implemented.The system includes unit modules such as sensing node management unit and service unit,including host discovery,port service scanning,and operating system Identification,network topology drawing and other functions.By designing and deploying tests for typical network information proactive sensing scenarios,it is verified that the system has the function of local network awareness.