阅读说明：本技术 一种设备资产探测方法及装置 (Equipment asset detection method and device ) 是由 徐国爱 张淼 于新铭 王浩宇 郭燕慧 徐国胜 于 2020-05-14 设计创作，主要内容包括：本说明书一个或多个实施例提供一种设备资产探测方法及装置,该方法包括由设备IP数据库确定目标设备IP及目标设备IP的端口开放信息；基于目标设备IP的端口开放信息,与目标设备IP建立通信连接,进行资产探测以使目标设备IP反馈设备资产信息数据包；解析目标设备IP反馈的设备资产信息数据包,获得目标设备IP对应的目标设备及目标设备的资产信息；基于目标设备的资产信息,确定是否对目标设备IP进行增量探测。通过对目标设备IP进行资产探测,获得目标设备IP对应的目标设备及该目标设备的资产信息,并通过对目标设备的资产信息进行分析判断,确定是否对目标设备IP进行增量探测,能够提高目标设备的资产信息的准确率,并获得更深入的资产信息。(One or more embodiments of the present specification provide a device asset detection method and apparatus, the method includes determining, by a device IP database, a target device IP and port opening information of the target device IP; establishing communication connection with the IP of the target equipment based on the port opening information of the IP of the target equipment, and performing asset detection to enable the IP of the target equipment to feed back an equipment asset information data packet; analyzing the equipment asset information data packet fed back by the IP of the target equipment to obtain the target equipment corresponding to the IP of the target equipment and asset information of the target equipment; and determining whether to carry out incremental detection on the IP of the target equipment or not based on the asset information of the target equipment. By carrying out asset detection on the IP of the target device, the target device corresponding to the IP of the target device and the asset information of the target device are obtained, and whether incremental detection is carried out on the IP of the target device is determined by analyzing and judging the asset information of the target device, so that the accuracy of the asset information of the target device can be improved, and deeper asset information can be obtained.)

1. A method for device asset detection, the method comprising:

determining a target equipment IP and port opening information of the target equipment IP by an equipment IP database;

establishing communication connection with the target equipment IP based on the port opening information of the target equipment IP, and performing asset detection to enable the target equipment IP to feed back an equipment asset information data packet;

analyzing the equipment asset information data packet fed back by the IP of the target equipment to obtain the target equipment corresponding to the IP of the target equipment and asset information of the target equipment;

and determining whether to carry out incremental detection on the IP of the target equipment or not based on the asset information of the target equipment.

2. The device asset detection method according to claim 1, wherein the determining whether to incrementally detect the target device IP based on the asset information of the target device comprises:

classifying the asset information of the target device;

judging whether the asset information of the target equipment is complete or not;

if not, reestablishing the communication connection with the target equipment IP so that the target equipment IP feeds back the equipment asset information data packet again;

and analyzing the equipment asset information data packet fed back again by the IP of the target equipment, re-acquiring the asset information of the target equipment, and executing the step of classifying the asset information of the target equipment according to the re-acquired asset information of the target equipment.

3. The device asset detection method of claim 2, wherein said classifying the asset information of the target device comprises:

and performing asset object field matching on the asset information of the target equipment by using regular matching so as to classify the asset information of the target equipment.

4. The device asset detection method of claim 2, wherein said reestablishing the communication connection with the target device IP comprises:

and re-sending the asset information request data packet with the reset load to the target device IP.

5. The device asset detection method of claim 1, further comprising building a device IP database; the device IP database comprises a plurality of device IPs and port opening information of each device IP;

the method for constructing the IP database of the equipment comprises the following steps:

performing port detection and activation on equipment IP in the whole network range for many times in an automatic script mode;

and (4) removing the duplicate of the activity detection results and combining the activity detection results to obtain an equipment IP database with successful activity detection.

6. The device asset detection method according to claim 5, wherein the performing port detection to the device IPs in the whole network by means of the automation script for a plurality of times comprises:

and sending a protocol port information data packet to the equipment IP within the whole network range for many times in an automatic script mode so as to determine the port opening information of the equipment IP within the whole network range.

7. The device asset detection method according to claim 1, wherein the establishing a communication connection with the target device IP based on the port opening information of the target device IP, performing asset detection so that the target device IP feeds back a device asset information packet, comprises:

determining an industrial control protocol adopted by the IP of the target equipment based on the port opening information of the IP of the target equipment;

and sending a corresponding asset information request data packet to the target equipment IP based on an industrial control protocol adopted by the target equipment IP so that the target equipment IP feeds back an equipment asset information data packet according to the received asset information request data packet.

8. The device asset detection method of claim 7, further comprising:

and setting the stop-wait time length and the stop-wait time window when the target equipment IP is subjected to asset detection.

9. The device asset detection method according to claim 1, wherein the analyzing the device asset information packet fed back by the target device IP to obtain the target device corresponding to the target device IP and the asset information of the target device includes:

extracting key fields in the equipment asset information data packet fed back by the IP of the target equipment;

and identifying the key field to obtain target equipment corresponding to the IP of the target equipment and asset information of the target equipment.

10. An apparatus for equipment asset detection, the apparatus comprising:

the target equipment IP determining module is used for determining a target equipment IP and port opening information of the target equipment IP by an equipment IP database;

the asset detection module is used for establishing communication connection with the IP of the target equipment based on the port opening information of the IP of the target equipment and carrying out asset detection so that the IP of the target equipment feeds back an equipment asset information data packet;

the analysis module is used for analyzing the equipment asset information data packet fed back by the target equipment IP to obtain target equipment corresponding to the target equipment IP and asset information of the target equipment;

and the incremental detection determining module is used for determining whether to carry out incremental detection on the IP of the target equipment or not based on the asset information of the target equipment.

Technical Field

One or more embodiments of the present disclosure relate to the field of industrial internet security technologies, and in particular, to a device asset detection method and apparatus.

Background

In recent years, according to the latest analysis report of the industrial network space security situation, the network attack frequency of industrial control equipment is constant, the attack means is continuously improved, the attack result is more and more serious, the industrial control system has the important attribute of real-time performance, and the real-time monitoring of the equipment state information in the industrial control system is an important basis for timely finding out the security problem of a leak, so the equipment in the industrial control system needs to be detected.

The traditional detection method adopts the same path method to detect the equipment, sends the same type of function codes, and does not carry out deeper and more detailed analysis on the function codes and the response data messages of the industrial control protocol, so that the accuracy of the obtained equipment asset information is low.

Disclosure of Invention

In view of the above, one or more embodiments of the present disclosure are directed to a device asset detecting method for obtaining device asset information with higher accuracy.

In view of the above, a first aspect of one or more embodiments of the present specification provides a device asset detection method and apparatus, where the method includes:

determining a target equipment IP and port opening information of the target equipment IP by an equipment IP database;

establishing communication connection with the target equipment IP based on the port opening information of the target equipment IP, and performing asset detection to enable the target equipment IP to feed back an equipment asset information data packet;

analyzing the equipment asset information data packet fed back by the IP of the target equipment to obtain the target equipment corresponding to the IP of the target equipment and asset information of the target equipment;

and determining whether to carry out incremental detection on the IP of the target equipment or not based on the asset information of the target equipment.

Optionally, the determining whether to perform incremental probing on the IP of the target device based on the asset information of the target device includes:

classifying the asset information of the target device;

judging whether the asset information of the target equipment is complete or not;

if not, reestablishing the communication connection with the target equipment IP so that the target equipment IP feeds back the equipment asset information data packet again;

and analyzing the equipment asset information data packet fed back again by the IP of the target equipment, re-acquiring the asset information of the target equipment, and executing the step of classifying the asset information of the target equipment according to the re-acquired asset information of the target equipment.

Optionally, the classifying the asset information of the target device includes:

and performing asset object field matching on the asset information of the target equipment by using regular matching so as to classify the asset information of the target equipment.

Optionally, the reestablishing the communication connection with the target device IP includes:

and re-sending the asset information request data packet with the reset load to the target device IP.

Optionally, the method further comprises building an equipment IP database; the device IP database comprises a plurality of device IPs and port opening information of each device IP;

the method for constructing the IP database of the equipment comprises the following steps:

performing port detection and activation on equipment IP in the whole network range for many times in an automatic script mode;

and (4) removing the duplicate of the activity detection results and combining the activity detection results to obtain an equipment IP database with successful activity detection.

Optionally, the performing port discovery to the device IP in the whole network range multiple times in an automated script manner includes:

and sending a protocol port information data packet to the equipment IP within the whole network range for many times in an automatic script mode so as to determine the port opening information of the equipment IP within the whole network range.

Optionally, the establishing a communication connection with the target device IP based on the port opening information of the target device IP, and performing asset detection to enable the target device IP to feed back a device asset information data packet includes:

determining an industrial control protocol adopted by the IP of the target equipment based on the port opening information of the IP of the target equipment;

and sending a corresponding asset information request data packet to the target equipment IP based on an industrial control protocol adopted by the target equipment IP so that the target equipment IP feeds back an equipment asset information data packet according to the received asset information request data packet.

Optionally, the method further comprises:

and setting the stop-wait time length and the stop-wait time window when the target equipment IP is subjected to asset detection.

Optionally, the analyzing the device asset information data packet fed back by the target device IP to obtain the target device corresponding to the target device IP and the asset information of the target device includes:

extracting key fields in the equipment asset information data packet fed back by the IP of the target equipment;

and identifying the key field to obtain target equipment corresponding to the IP of the target equipment and asset information of the target equipment.

In accordance with the same object, a second aspect of one or more embodiments of the present specification provides an apparatus for asset detection, the apparatus comprising:

the target equipment IP determining module is used for determining a target equipment IP and port opening information of the target equipment IP by an equipment IP database;

the asset detection module is used for establishing communication connection with the IP of the target equipment based on the port opening information of the IP of the target equipment and carrying out asset detection so that the IP of the target equipment feeds back an equipment asset information data packet;

the analysis module is used for analyzing the equipment asset information data packet fed back by the target equipment IP to obtain target equipment corresponding to the target equipment IP and asset information of the target equipment;

and the incremental detection determining module is used for determining whether to carry out incremental detection on the IP of the target equipment or not based on the asset information of the target equipment.

Optionally, the incremental detection determining module includes:

the classification unit is used for classifying the asset information of the target equipment;

the judging unit is used for judging whether the asset information of the target equipment is complete or not; if the judgment unit judges that the asset information of the target equipment is incomplete, the asset detection module reestablishes communication connection with the IP of the target equipment so that the IP of the target equipment feeds back the asset information data packet of the equipment again, the analysis module analyzes the asset information data packet fed back by the IP of the target equipment again to obtain the asset information of the target equipment again, and the classification unit classifies the asset information of the target equipment according to the obtained asset information of the target equipment.

Optionally, the classification unit is specifically configured to:

and performing asset object field matching on the asset information of the target equipment by using regular matching so as to classify the asset information of the target equipment.

Optionally, the asset detection module is further configured to resend the asset information request packet with the reset load to the target device IP.

Optionally, the apparatus further comprises a device IP database construction module; the device IP database comprises a plurality of device IPs and port opening information of each device IP;

the device IP database building module comprises:

the port detection unit is used for detecting the port of the equipment IP in the whole network range for many times in an automatic script mode;

and the de-coincidence unit is used for de-coincidence and merging the activity detection results to obtain an equipment IP database with successful activity detection.

Optionally, the port activation unit is specifically configured to send a protocol port information packet to the device IP in the entire network range multiple times in an automated script manner, so as to determine port opening information of the device IP in the entire network range.

Optionally, the asset detection module comprises:

the industrial control protocol determining unit is used for determining an industrial control protocol adopted by the IP of the target equipment based on the port opening information of the IP of the target equipment;

and the asset information request data packet sending unit is used for sending a corresponding asset information request data packet to the target equipment IP based on an industrial control protocol adopted by the target equipment IP so as to enable the target equipment IP to feed back the equipment asset information data packet according to the received asset information request data packet.

Optionally, the apparatus further includes a stop-wait time setting module, configured to set a stop-wait time length and a stop-wait time window when performing asset detection on the target device IP.

Optionally, the parsing module is specifically configured to:

extracting key fields in the equipment asset information data packet fed back by the IP of the target equipment;

and identifying the key field to obtain target equipment corresponding to the IP of the target equipment and asset information of the target equipment.

As can be seen from the above, the device asset detection method and apparatus provided in one or more embodiments of the present disclosure perform asset detection on a target device IP by using port opening information of the target device IP to obtain a target device corresponding to the target device IP and asset information of the target device, and determine whether to perform incremental detection on the target device IP by analyzing and judging the asset information of the target device, so as to improve accuracy of the asset information of the target device and obtain deeper asset information.

Drawings

In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, and it is obvious that the drawings in the following description are only one or more embodiments of the present specification, and that other drawings may be obtained by those skilled in the art without inventive effort from these drawings.

FIG. 1 is a schematic flow diagram of a method for device asset detection provided in one or more embodiments of the present disclosure;

fig. 2 is an explanation of step S14;

fig. 3 is a schematic structural diagram of an apparatus asset detection device according to one or more embodiments of the present disclosure.

Detailed Description

For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.

It is to be noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present specification should have the ordinary meaning as understood by those of ordinary skill in the art to which this disclosure belongs. The use of "first," "second," and similar terms in one or more embodiments of the specification is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect.

In recent years, according to the latest analysis report of the industrial network space security situation, the network attack frequency of industrial control equipment is constant, the attack means is continuously improved, the attack result is more and more serious, the industrial control system has the important attribute of real-time performance, and the real-time monitoring of the equipment state information in the industrial control system is an important basis for timely finding out the security problem of a leak, so the equipment in the industrial control system needs to be detected.

The detection strategies adopted by the traditional network detection tools are generally periodic, when the automatic scripts are used for running, the detection of the tools on equipment has certain limitations, and the current research is based on the optimization of the traditional detection mode tool level and lacks of the improvement on the detection depth. The traditional detection method adopts the same path method to detect the equipment, sends the same type of function codes, does not carry out deeper and more detailed analysis on the function codes and the response data messages of the industrial control protocol, does not consider that different detection strategies are set under various complex conditions, so the accuracy rate of the obtained equipment asset information is low, and the depth of the detection of the industrial control equipment is not enough.

In order to solve the above problems, the present specification provides a device asset detection method and apparatus, in which a device IP database including a plurality of device IPs and port opening information of each device IP is obtained, and then a target device IP and port opening information of the target device IP are determined based on the device IP database; further establishing communication connection with a target device IP according to port opening information of the target device IP to perform asset detection, feeding back a device asset information data packet by the target device IP, analyzing the device asset information data packet and acquiring target device corresponding to the target device IP and asset information of the target device; and determining whether incremental detection is carried out on the IP of the target equipment or not according to the asset information of the target equipment obtained by analysis. The method and the device can be applied to computers, tablet computers, smart phones, cloud servers, cloud ends and the like, and are not limited specifically.

For the sake of understanding, the equipment asset detection method is described in detail below with reference to the accompanying drawings.

FIG. 1 is a schematic flow diagram of a method for device asset detection provided herein; as shown in fig. 1, the method includes:

s11, determining the target device IP and the port opening information of the target device IP by the device IP database;

s12, establishing communication connection with the IP of the target device based on the port opening information of the IP of the target device, and performing asset detection to enable the IP of the target device to feed back the asset information data packet of the device;

s13, analyzing the equipment asset information data packet fed back by the IP of the target equipment to obtain the target equipment corresponding to the IP of the target equipment and asset information of the target equipment;

and S14, determining whether to carry out incremental detection on the IP of the target device or not based on the asset information of the target device.

In this embodiment, the device refers to an industrial control device; the port opening information indicates whether the device IP opens a port supported by the industrial control protocol, and which industrial control protocol corresponds to the opened port. In practical applications, the industrial control protocol may refer to one or more of modbus protocol, s7 protocol, dnp3 protocol, and bacnet protocol, and is not limited specifically.

In order to perform asset detection on industrial control equipment in the whole network, the electronic equipment (hereinafter referred to as the electronic equipment) executing the method can firstly acquire equipment IP with open ports in the whole network and port opening information of each equipment IP, and establish an equipment IP database, wherein the equipment IP database comprises a plurality of set IPs and port opening information of each equipment IP; in practical application, the device IP database includes a plurality of device IPs, which means that the device IP database includes at least two device IPs, and is not limited specifically.

After the device IP database is obtained, further determining a target device IP which is required to perform asset detection on the device IP in the device IP database and port opening information corresponding to the target device IP; and establishing communication connection with the target equipment IP according to the port opening information of the target equipment IP, carrying out asset detection on the target equipment IP, and feeding back an equipment asset information data packet to the electronic equipment by the target equipment IP.

And after the equipment asset information data packet is obtained, analyzing the equipment asset information data packet fed back by the IP of the target equipment, and determining the target equipment corresponding to the IP of the target equipment and the asset information of the target equipment based on the analysis result.

In practical application, in order to obtain more accurate asset information of the target device with sufficient detection depth, after the asset information of the target device is obtained, deep analysis and judgment can be performed on the asset information of the target device, whether the obtained asset information of the target device is complete or not is judged, and whether incremental detection needs to be performed on the IP of the target device is determined based on a judgment result.

The method for constructing the device IP database, the method for detecting the asset of the target device IP, the method for analyzing the device asset information data packet, and the method for determining whether to perform incremental detection will be described in detail later, and will not be described herein again.

It can be understood that, by performing asset detection on the target device IP based on the port opening information of the target device IP, the target device corresponding to the target device IP and the asset information of the target device are obtained, and by analyzing and judging the asset information of the target device, whether incremental detection is performed on the target device IP is determined, which can improve the accuracy of the asset information of the target device and obtain deeper asset information.

In practical application, in order to improve the accuracy of the obtained asset information of the target device, whether incremental detection is required or not can be determined according to the obtained asset information of the target device; if the asset information of the target device is not complete, incremental probing is required.

Then, fig. 2 is an explanation for step S14; as illustrated in fig. 2, in some possible embodiments, determining whether to incrementally probe the IP of the target device based on the asset information of the target device includes:

s21, classifying the asset information of the target equipment;

s22, judging whether the asset information of the target equipment is complete;

s23, if not, reestablishing the communication connection with the IP of the target device so that the IP of the target device feeds back the asset information data packet again;

and S24, analyzing the device asset information data packet fed back again by the IP of the target device, re-acquiring the asset information of the target device, and executing the step of classifying the asset information of the target device according to the re-acquired asset information of the target device.

In practical application, in order to determine whether incremental detection needs to be performed on the IP of the target device, firstly, the asset information of the target device may be classified; in practical application, regular matching can be adopted to perform asset object field matching on the asset information of the target equipment so as to classify the asset information of the target equipment; that is, the asset object fields may be matched using a canonical match to classify the asset information of the target device.

When the classification result of the asset information of the target device has incomplete information of part of asset objects, namely the obtained asset information of the target device is incomplete, the communication connection with the IP of the target device needs to be reestablished, and after the communication connection is established, the IP of the target device feeds back the asset information data packet of the device to the electronic device again. In practical application, because each industrial control device has difference, and the industrial control device usually waits for load, when the industrial control device is in communication connection with the target device IP again, in order to improve communication efficiency and obtain more comprehensive and accurate device asset information, the industrial control device may send an asset information request packet with the load reset again to the target device IP, so as to establish communication connection with the target device IP again. It should be noted that the payload refers to a packet containing information of the requested asset.

After the equipment asset information data packet fed back by the IP of the target equipment is obtained again, analyzing the equipment asset information data packet, and obtaining asset information of the target equipment again; secondly, classifying the asset information of the target equipment obtained again, judging whether the asset information of the target equipment obtained again is complete or not, and if the asset information of the target equipment obtained again is incomplete, performing communication connection with the IP of the target equipment again; the process is repeated until complete target device asset information is obtained.

It can be understood that incremental detection is performed on the IP of the target device, the collected asset information is continuously perfected and updated in a progressive method, the detection depth and the integrity of the asset information are increased, meanwhile, devices which cannot obtain any feedback are screened out, and the functional performance optimization of the traditional tool is realized.

In practical application, in order to perform equipment asset detection, an equipment IP database can be constructed based on equipment IPs in the whole network range; then, in some possible embodiments, the method further comprises building a device IP database; the device IP database comprises a plurality of device IPs and port opening information of each device IP;

the method for constructing the IP database of the equipment comprises the following steps:

and carrying out port detection on the equipment IP within the whole network range for many times in an automatic script mode, and obtaining an equipment IP database with successful detection after de-duplication and combination.

In order to perform asset detection on industrial control equipment in the whole network, electronic equipment (hereinafter referred to as electronic equipment) executing the method can firstly acquire equipment IP with open ports in the whole network and port opening information of each equipment IP, and establish an equipment IP database; that is, port detection can be performed on equipment IPs in the whole network range for multiple times in an automatic script mode, detection results obtained by multiple port detection are subjected to de-coincidence and processing, and then an equipment IP database with successful detection is obtained; therefore, the device IP database includes a plurality of device IPs and port opening information of each device IP.

In practical application, in order to perform port detection on the device IP within the entire network range, a protocol port information data packet may be sent to the device IP within the entire network range many times in an automatic script manner, and port opening information of the device IP within the entire network range is determined, that is, whether the device IP opens a port supported by an industrial control protocol or not is determined, and the opened port is a port corresponding to which industrial control protocol, so that the port detection on the device IP within the entire network range is realized. In practical applications, the industrial control protocol may refer to one or more of modbus protocol, s7 protocol, dnp3 protocol, and bacnet protocol, and is not limited specifically. For example, whether a 502 port supported by the modbus protocol is open may be detected, which is not limited in particular.

In practical application, after determining a target device IP and obtaining port opening information of the target device IP, in order to detect the target device IP, a communication connection needs to be further established with the target device IP; then, in some possible embodiments, establishing a communication connection with the IP of the target device based on the port opening information of the IP of the target device, and performing asset detection to enable the IP of the target device to feed back the asset information data packet of the device includes:

determining an industrial control protocol adopted by the IP of the target equipment based on the port opening information of the IP of the target equipment;

and based on an industrial control protocol adopted by the target equipment IP, sending a corresponding asset information request data packet to the target equipment IP so that the target equipment IP feeds back the equipment asset information data packet according to the received asset information request data packet.

The asset information request data packet is a data packet which is constructed by combining a communication mode and a data message mode of an analysis industrial control protocol and is suitable for the industrial control protocol; in practical application, the industrial control protocol may be one or more of modbus protocol, s7 protocol, dnp3 protocol and bacnet protocol; correspondingly, communication request data packets of several industrial control protocols can be respectively constructed by analyzing the communication modes and data message forms of the four industrial control protocols of modbus, s7, dnp3 and bacnet.

In order to realize communication connection with the target device IP, after port opening information of the target device IP is obtained, namely after ports opened by the target device IP are obtained, an industrial control protocol adopted by the target device IP can be further determined according to the ports opened by the target device IP and based on the corresponding relation between the industrial control protocol and the ports; further, according to the industrial control protocol adopted by the target equipment IP, determining that an asset information request data packet corresponding to the industrial control protocol adopted by the target equipment IP needs to be sent to the target equipment IP; and after receiving the asset information request data office packet, the target equipment IP feeds back the equipment asset information data packet to the electronic equipment.

In practical application, when the asset information request data packets need to be sent to a plurality of target devices at the same time, the asset information request data packets can be sent to the plurality of target devices in batches in an automatic script mode.

In order to ensure that the detection of the target device IP is carried out smoothly, the communication time between the device and the target device IP is required; that is, the waiting time length and the waiting time window when asset detection is performed on the target device IP may be set; the waiting time duration refers to a time duration for performing communication connection with the target device IP, and may be, for example, 60 minutes, 20 minutes, or 40 minutes, and is not limited specifically; the waiting time window refers to a time period for performing communication connection with the target device IP, and may be, for example, 9:00 to 10:00, 12:00 to 12:30, and the like, which is not limited specifically.

It can be understood that, based on the port opening information of the target device IP, the industrial control protocol adopted by the target device IP is determined, and the asset information request data packet sent to the target device IP is sent, so as to implement the communication connection with the target device IP, and set the communication connection duration and time window with the target device IP, thereby improving the efficiency and accuracy of asset detection.

In practical application, after the equipment asset information data packet is obtained, the equipment asset information data packet needs to be analyzed; then, in some possible embodiments, parsing the device asset information data packet fed back by the target device IP to obtain the target device corresponding to the target device IP and the asset information of the target device includes:

extracting key fields in the equipment asset information data packet fed back by the IP of the target equipment;

and identifying the key field to obtain target equipment corresponding to the IP of the target equipment and asset information of the target equipment.

In order to analyze the equipment asset information data packet, firstly determining key fields of the equipment asset information data packet, wherein the key fields can be product types, product names and the like, and are not limited specifically; then, asset identification is carried out on the key field, so that target equipment corresponding to the IP of the target equipment and asset information of the target equipment can be obtained; for example, the criteria for determining the asset information can be set, and the related asset keywords of the building set are translated into the specific asset information which is needed by us. In practical applications, the asset information may be a manufacturer, a product name, and the like, and is not limited specifically.

It can be understood that the asset information of the target device and the target device corresponding to the target device IP is obtained by analyzing the device asset information data packet, and the asset detection efficiency is improved.

In practical application, in the process of establishing communication with a target device IP, determining whether incremental detection is required to be performed on the target device IP and analyzing a device asset information data packet, abnormal conditions such as connection failure, response timeout or acquisition of error data may occur, and in order to reduce the influence of the abnormal conditions on the whole asset detection process and not to influence the asset detection result, an abnormal handling mechanism can be adopted to handle the abnormal conditions; for example, a task wait queue may be set in the event of a power outage and network outage.

In practical application, after the asset information of the target device is obtained, the asset information can be stored in an Elasticsearch database, so that the acquired asset information of the device can be conveniently inquired and managed.

It should be noted that the method of one or more embodiments of the present disclosure may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may perform only one or more steps of the method of one or more embodiments of the present disclosure, and the devices may interact with each other to complete the method.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

Fig. 3 is a schematic structural diagram of an apparatus asset detection device provided in the present specification, and as shown in fig. 3, the device includes:

a target device IP determining module 31, configured to determine a target device IP and port opening information of the target device IP from the device IP database;

the asset detection module 32 is configured to establish communication connection with the target device IP based on port opening information of the target device IP, and perform asset detection so that the target device IP feeds back a device asset information data packet;

the analysis module 33 is configured to analyze the device asset information data packet fed back by the target device IP, and obtain the target device corresponding to the target device IP and asset information of the target device;

and the incremental detection determining module 34 is used for determining whether to carry out incremental detection on the IP of the target device based on the asset information of the target device.

In some possible embodiments, the incremental detection determination module 34 includes:

the classification unit is used for classifying the asset information of the target equipment;

the judging unit is used for judging whether the asset information of the target equipment is complete or not; if the judgment unit judges that the asset information of the target equipment is incomplete, the asset detection module reestablishes communication connection with the IP of the target equipment so that the IP of the target equipment feeds back the asset information data packet of the equipment again, the analysis module analyzes the asset information data packet fed back by the IP of the target equipment again to obtain the asset information of the target equipment again, and the classification unit classifies the asset information of the target equipment according to the obtained asset information of the target equipment.

In some possible embodiments, the classification unit is specifically configured to: and performing asset object field matching on the asset information of the target equipment by using regular matching so as to classify the asset information of the target equipment.

In some possible embodiments, the asset detection module 32 is further configured to resend the asset information request packet with the reset load to the target device IP.

In some possible embodiments, the apparatus further comprises a device IP database construction module (not shown in the figures); the device IP database comprises a plurality of device IPs and port opening information of each device IP;

the device IP database building module comprises:

the port detection unit is used for detecting the port of the equipment IP in the whole network range for many times in an automatic script mode;

and the de-coincidence unit is used for de-coincidence and merging the activity detection results to obtain an equipment IP database with successful activity detection.

In some possible embodiments, the port activation unit is specifically configured to send a protocol port information packet to the device IPs in the whole network range multiple times in an automated script manner, so as to determine port opening information of the device IPs in the whole network range.

In some possible embodiments, an asset detection module includes:

the industrial control protocol determining unit is used for determining an industrial control protocol adopted by the IP of the target equipment based on the port opening information of the IP of the target equipment;

and the asset information request data packet sending unit is used for sending a corresponding asset information request data packet to the target equipment IP based on an industrial control protocol adopted by the target equipment IP so that the target equipment IP feeds back the equipment asset information data packet according to the received asset information request data packet.

In some possible embodiments, the apparatus further comprises a stop-wait time setting module (not shown in the figure) for setting a stop-wait time length and a stop-wait time window when asset detection is performed on the target device IP.

In some possible embodiments, the parsing module 33 is specifically configured to:

extracting key fields in the equipment asset information data packet fed back by the IP of the target equipment;

and identifying the key field to obtain target equipment corresponding to the IP of the target equipment and asset information of the target equipment.

For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the modules may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.

The apparatus of the foregoing embodiment is used to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.

Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the spirit of the present disclosure, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of different aspects of one or more embodiments of the present description as described above, which are not provided in detail for the sake of brevity.

In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures, for simplicity of illustration and discussion, and so as not to obscure one or more embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the understanding of one or more embodiments of the present description, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the one or more embodiments of the present description are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that one or more embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.

While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.

It is intended that the one or more embodiments of the present specification embrace all such alternatives, modifications and variations as fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of one or more embodiments of the present disclosure are intended to be included within the scope of the present disclosure.