Research And Application Of Automatic Identification Method Of Network Assets

Network assets refer to the types and versions of network devices,security devices,middleware,servers,personal computers and other devices connected to the Internet,there are also operating system types,IP addresses,open ports,port services,and other information for these devices.The detection and management of network assets can not only help enterprise network asset managers to have a clear understanding of the network assets owned within the enterprise,but also serve as a penetration tester or hacker to collect information before starting to work.So,It is essential to effectively detect the information of various network assets.Among them,the operating system is the basis for the operation of various devices.There are many types of operating systems on the market.However,the number of operating system characteristic fingerprints in the fingerprint database maintained by the existing operating system type identification tools is limited,so it is difficult to effectively identify the operating system of "unknown fingerprint" devices.Correctly detecting and identifying the network asset information of various devices,and actively preventing the loopholes of these network assets in advance can prevent many unnecessary problems.This paper studies various detection methods and principles of detecting network assets,analyzes the advantages and disadvantages of each detection method,and comprehensively applies a variety of detection technologies to detect and identify network assets.After that,the method of operating system type recognition is studied,and convolution neural network algorithm is applied to operating system type recognition.The main works of this paper are as follows:(1)This paper proposes a multi-technology fusion method for network asset detection,which combines active,passive and cyberspace search engine detection to improve the accuracy and comprehensiveness of detection and identification of asset information such as equipment type and name,operating system type,IP address,open port and port service,equipment manufacturer and so on.Among them,the active detection obtains the specific information of the target by sending the construction packet to the target machine actively,and the detection result is more accurate.Passive detection is to deploy detection points at the inlet and outlet of the network and passively collect network traffic flowing through the detection point.The network asset information of the target can be determined by analyzing the collected network traffic without affecting the normal work of the target object.Search engine detection in cyberspace can realize the detection of external network assets quickly,which makes up for the shortcoming that the active detection speed is slow and the passive detection cannot detect the external network assets.(2)The convolutional neural network algorithm is applied in the recognition of operating system types,and used to automatically select the fingerprint features of operating system,which eliminates the step of manually selecting the feature extraction method and simplifies the recognition process.The data set is obtained from the traffic data collected in the p0 f fingerprint database and the network asset detection stage.After preprocessing data,the data is input into the network model designed in this paper for training.Then the method in this paper is compared with the traditional machine learning algorithm used for operating system type recognition.The experimental results show that this method has a certain improvement in the recognition accuracy of the operating system.(3)In this paper,an automatic network asset identification system is designed and implemented based on the network asset detection method and the operating system type recognition algorithm.The system uses three detection methods to detect the network assets in the intranet and Internet,and shows the experimental results of using the convolutional neural network model designed in this paper to identify the operating system of "unknown fingerprint" devices.In addition,the system also integrates a certain vulnerability discovery function to help enterprise network asset management personnel to effectively count and maintain enterprise assets.