| With the development of the Internet,devices are rapidly developing in the direction of intelligence,but these devices may face certain security threats after they are connected to the Internet.Networked device identification is often the first step in launching a network attack.If vulnerable devices can be discovered in advance and the source of the attack can be cut off,security threats can be effectively avoided and the stable operation of the Internet can be ensured.With the arrival of the fifth-generation mobile communication technology,the recognition technology of space networking equipment is of great significance to the future network.In this paper,two methods of rule matching and machine learning are used to study the identification of networked devices in cyberspace.Existing equipment recognition rule matching methods have problems such as relying on experience and low scalability.Machine learning methods have problems such as lack of training data sets,fixed recognition models,and low adaptability.Aiming at the problems of existing equipment identification methods,this paper proposes an integrated networked equipment identification method for rule matching,machine learning and rule mining.The main contents are as follows:Aiming at the problem that the rule matching device identification method relies on experience,this paper proposes a method of integrating network data collection and rule matching,constructing a rule library through the network data collection method,and then identifying the type of networked devices through single and multi-protocol rule matching methods.Experiments show that compared with the device identification method of the Network Mapper tool,the identification rate of the network data collection and rule matching fusion method is improved.In view of the lack of training data set in the machine learning equipment identification method,this study selects the training and test data sets of the machine learning model from the data set with successful rule matching identification through random sampling of the machine learning model for machine learning equipment identification.First,perform data conversion and feature dimensionality reduction on the data set through data preprocessing;then compare and analyze the device recognition effects of the COP-Kmeans algorithm and the constrained seed K-means algorithm according to the accuracy rate,recall rate,and F1 value evaluation criteria,and select the best The classifier is used as a single classifier;finally,the recognition results of multiple single classifiers are merged through integrated learning Adaboost and Bagging to obtain the final device type result,and the Adaboost and Bagging methods are compared and analyzed according to the evaluation criteria,and multiple single classifiers are found to be aggregated The best strategy of the model is to obtain a multi-classifier suitable for the identification of networked devices in cyberspace.Experiments show that with the increase in the number of iterations,the use of principal component analysis and Adaboost fusion method,the evaluation effect of the test data set has been significantly enhanced.Aiming at the problem of device identification rule matching and low scalability of machine learning methods,this paper integrates rule matching,machine learning and rule mining to form an integrated networked device identification system.Use the identification results of networked devices to evaluate the equipment risk level.Firstly,the factors related to the equipment risk level assessment are obtained through the analytic hierarchy process,and then the risk level score of the networked equipment is calculated through the qualitative and quantitative comprehensive evaluation method,the equipment risk level is divided,and the equipment vulnerabilities are finally calculated.The data uploaded to the platform of the National Vulnerability Center proves that this research has a certain significance in the field of network security. |
PDF Full Text Request