Internet of things equipment identification method and device, computer equipment and storage medium

文档序号：1850114 发布日期：2021-11-16 浏览：18次中文

阅读说明：本技术 物联网设备识别方法、装置、计算机设备、存储介质 (Internet of things equipment identification method and device, computer equipment and storage medium ) 是由殷中宏范渊黄进于 2021-07-27 设计创作，主要内容包括：本申请涉及一种物联网设备识别方法、装置、计算机设备和计算机存储介质,通过获取待识别的物联网设备的镜像流量,对镜像流量进行解析,提取至少两个指定采样协议的指定字段内容,并基于协议可信度,为提取到的指定采样协议分配对应的权重,对指定采样协议的指定字段内容中携带的各维度静态信息进行加权计算,根据计算结果确定物联网设备的身份信息。本申请不需要提前编写任何规则,能够完全实现自动化识别；其次在多个同一维度信息发生冲突时,用基于可信度进行加权计算得到最终识别结果,解决了多个同一维度信息发生冲突时无法进行最终判定的问题。(The application relates to an Internet of things equipment identification method and device, computer equipment and a computer storage medium. The method and the device do not need to write any rule in advance, and can completely realize automatic identification; secondly, when a plurality of pieces of same-dimension information conflict, a final recognition result is obtained by carrying out weighting calculation based on the credibility, and the problem that final judgment cannot be carried out when a plurality of pieces of same-dimension information conflict is solved.)

1. An internet of things equipment identification method is used for identifying identity information of internet of things equipment connected to a switch, and is characterized by comprising the following steps:

acquiring mirror image flow of the Internet of things equipment;

analyzing the sampled data in the mirror flow, and extracting specified field contents of at least two specified sampling protocols from an analysis result, wherein the specified field contents of the at least two specified sampling protocols carry the static information of each dimension of the Internet of things equipment;

based on the protocol credibility of the at least two specified sampling protocols, corresponding weights are distributed for the at least two specified sampling protocols, weighted calculation is carried out on the static information of each dimension carried in the specified field contents of the at least two specified sampling protocols according to the weights corresponding to the at least two specified sampling protocols, and the identity information of the equipment of the Internet of things is determined according to the calculation result.

2. The internet of things equipment identification method according to claim 1, wherein the at least two specified sampling protocols include a protocol directly solidified in a program through programmer coding and a user self-configuration protocol, and the at least two specified sampling protocols are assigned with corresponding weights based on protocol credibility of the at least two specified sampling protocols, including the following steps:

configuring the weight of the protocol directly solidified in sequence by programmer coding to be higher than the weight of the user self-configured protocol.

3. The internet of things equipment identification method of claim 1, wherein the at least two specified sampling protocols comprise an HTTP protocol, an SNMP protocol, a NetBIOS protocol, an MDNS protocol, and a DHCP protocol; the weights of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol and the DHCP protocol are ordered from large to small in sequence as follows: HTTP protocol, SNMP protocol, NetBIOS protocol, MDNS protocol, DHCP protocol.

4. The method for identifying internet of things equipment according to claim 1, wherein after acquiring the mirror traffic of the internet of things equipment and before analyzing the sample data in the mirror traffic, the method further comprises:

and filtering non-sampled data in the mirror flow.

5. The internet-of-things device identification method of claim 1, wherein the at least two specified sampling protocols comprise two or more of an HTTP protocol, an SNMP protocol, a NetBIOS protocol, an MDNS protocol, and a DHCP protocol.

6. The method for identifying internet of things equipment according to claim 1, wherein the obtaining of the mirror traffic of the internet of things equipment comprises:

copying the original flow of the Internet of things equipment by configuring a mirror image port on the switch to obtain the mirror image flow of the Internet of things equipment;

or copying the original flow of the Internet of things equipment through light splitting of a light splitter to obtain the mirror image flow of the Internet of things equipment.

7. The method for identifying the internet of things equipment according to claim 1, wherein the static information of each dimension of the internet of things equipment comprises one or more of a manufacturer, a type and a model.

8. The utility model provides a thing networking device identification apparatus, its characterized in that, the device is including obtaining module, analysis module, extraction module and result module:

the obtaining module is used for obtaining the mirror flow of the Internet of things equipment;

the extraction module is used for analyzing the sampling data in the mirror flow and extracting the specified field contents of at least two specified sampling protocols from the analysis result, wherein the specified field contents of the at least two specified sampling protocols carry the static information of each dimension of the Internet of things equipment;

the result module is used for distributing corresponding weights for the at least two designated sampling protocols based on the protocol credibility of the at least two designated sampling protocols, performing weighted calculation on each dimension static information carried in the designated field contents of the at least two designated sampling protocols according to the respective corresponding weights of the at least two designated sampling protocols, and determining the identity information of the internet of things equipment according to the calculation result.

9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 7 are implemented when the computer program is executed by the processor.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.

Technical Field

The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for identifying internet of things devices, a computer device, and a computer-readable storage medium.

Background

With the gradual popularization of 5G, the human society gradually starts to enter the world of everything interconnection, and more intelligent devices appear in life and work of people. With the advance of the degree of social intelligence and the continuous improvement of the permeability of intelligent equipment, how to manage intelligent equipment with a plurality of manufacturers, types and models becomes a troublesome problem.

The first step of management, namely, to be able to clearly know the information of the device manufacturer, type and model, is the basis of subsequent progressive management. The existing scheme for analyzing and finally determining the information of the equipment of the Internet of things according to the Banner data of the collected application layer protocol needs to compile rules in advance, and the recognition effect depends on the abundance degree of a rule base.

Aiming at the problems that in the related art, the automatic degree of the equipment identification of the Internet of things is low and the final judgment cannot be carried out when a plurality of pieces of same-dimension information conflict with each other, an effective solution is not provided at present.

Disclosure of Invention

Based on this, it is necessary to provide an internet of things device identification method, an internet of things device identification apparatus, a computer device and a computer readable storage medium for solving the problems in the related art that the degree of automation of internet of things device identification is low and final judgment cannot be performed when multiple pieces of same-dimension information conflict.

In a first aspect, an embodiment of the present application provides an internet of things device identification method, including the following steps:

acquiring mirror image flow of the Internet of things equipment;

In some embodiments, the at least two designated sampling protocols include a protocol directly solidified in a program through programmer coding and a user self-configuration protocol, and the at least two designated sampling protocols are assigned with corresponding weights based on the protocol credibility of the at least two designated sampling protocols, including the following steps:

configuring the weight of the protocol directly solidified in sequence by programmer coding to be higher than the weight of the user self-configured protocol.

In some of these embodiments, the at least two specified sampling protocols include the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol; the weights of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol and the DHCP protocol are ordered from large to small in sequence as follows: HTTP protocol, SNMP protocol, NetBIOS protocol, MDNS protocol, DHCP protocol.

In some embodiments, after obtaining the mirror traffic of the internet of things device and before analyzing the sample data in the mirror traffic, the method further includes:

and filtering non-sampled data in the mirror flow.

In some of these embodiments, the at least two specified sampling protocols include two or more of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol.

In some embodiments, the obtaining the mirror traffic of the internet of things device includes:

copying the original flow of the Internet of things equipment by configuring a mirror image port on the switch to obtain the mirror image flow of the Internet of things equipment;

or copying the original flow of the Internet of things equipment through light splitting of a light splitter to obtain the mirror image flow of the Internet of things equipment.

In some embodiments, the dimensional static information of the internet of things device includes one or more of a vendor, a type, and a model.

In a second aspect, in this embodiment, an internet of things device identification apparatus is provided, where the apparatus includes: the device comprises an acquisition module, an analysis module, an extraction module and a result module:

the obtaining module is used for obtaining the mirror flow of the Internet of things equipment;

In a third aspect, there is provided in this embodiment a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method according to the first aspect when executing the computer program.

In a fourth aspect, in the present embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method according to the first aspect as described above.

According to the method, the device, the computer equipment and the computer storage medium for identifying the Internet of things equipment, the mirror flow of the Internet of things equipment to be identified is obtained, the mirror flow is analyzed, the specified field contents of at least two specified sampling protocols are extracted, corresponding weights are distributed to the extracted specified sampling protocols based on the protocol reliability, weighted calculation is carried out on each dimension static information carried in the specified field contents of the specified sampling protocols, and the identity information of the Internet of things equipment is determined according to the calculation result. The method and the device do not need to write any rule in advance, and can completely realize automatic identification; secondly, when a plurality of pieces of same-dimension information conflict, a final recognition result is obtained by carrying out weighting calculation based on the credibility, and the problem that final judgment cannot be carried out when a plurality of pieces of same-dimension information conflict is solved. The method and the device for identifying the Internet of things equipment realize the full automation of the identification of the Internet of things equipment, and the dimension information can be finally and accurately judged under the condition that the same dimension information of the Internet of things equipment conflicts.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

fig. 1 is an application scenario diagram of an internet of things device identification method provided in an embodiment of the present application;

fig. 2 is a first flowchart of an internet of things device identification method provided in an embodiment of the present application;

fig. 3 is a second flowchart of an internet of things device identification method provided in an embodiment of the present application;

fig. 4 is a schematic structural diagram of an internet of things device identification apparatus provided according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a computer device provided according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.

It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.

Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.

Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.

Fig. 1 is an application scenario diagram of an internet of things device identification method in an embodiment. As shown in fig. 1, both the server 101 and the internet of things device 102 may perform data transmission through a network. The server 101 is configured to obtain a mirror flow of the internet of things device 101, analyze sample data in the mirror flow after the server 101 receives the mirror flow of the internet of things device 102, extract specified field contents of a specified sampling protocol from an analysis result, allocate corresponding weights to the specified sampling protocol based on protocol reliability of the specified sampling protocol, perform weighted calculation on each dimension static information carried in the specified field contents of the specified sampling protocol according to the respective corresponding weights of the specified sampling protocol, and determine identity information of the internet of things device according to a calculation result. The server 101 may be implemented by an independent server or a server cluster composed of a plurality of servers, and the internet of things device 102 may be any one of the internet of things devices.

The embodiment of the application provides an internet of things equipment method, which can be used for identifying identity information of internet of things equipment connected to a switch, and as shown in fig. 2, the method comprises the following steps:

step S210, obtaining the mirror flow of the Internet of things equipment.

The flow generated in the process of data interaction after the equipment is accessed to the switch is called as original flow, the original flow comprises an original data packet of a service system, and the original flow can be normally forwarded according to the existing configuration of the network. The mirror flow is a flow obtained by copying an original flow, and the content of the mirror flow is the same as that of the original flow. The purpose of obtaining the mirror traffic is to operate the mirror traffic containing the same data as the original traffic without destroying the content of the original traffic. The original traffic can be copied to obtain the mirror traffic in a manner of configuring a mirror port on the switch.

Step S230, analyzing the sampling data in the mirror image flow, and extracting the specified field contents of at least two specified sampling protocols from the analysis result, wherein the specified field contents of the at least two specified sampling protocols carry the static information of each dimension of the Internet of things equipment.

The mirror flow has contents of various protocols, the protocol to be sampled is designated in advance, and the message content corresponding to the protocol to be sampled is sampling data. And analyzing the sampled data by a protocol analysis plug-in written in advance, wherein different protocols use different protocol analysis plug-ins for analysis. Different protocols possibly describe the static information of the same dimension of the Internet of things equipment differently, and specified field contents of at least two specified sampling protocols are extracted from an analysis result, wherein the specified field contents carry the static information of each dimension of the Internet of things equipment.

For example, a User-Agent field in a HyperText Transfer Protocol (HTTP) Protocol reuqest message and a Domain Name field in a Multicast Domain Name Server (MDNS) Protocol response message contain static information of each dimension of the internet of things device, and the HTTP Protocol and the MDNS Protocol are used as specified sampling protocols. And taking the content of a User-Agent field in the HTTP protocol reuqest message and the content of a Domain Name field in the MDNS protocol response message as the content of the specified field. Each dimension of the static information of the equipment of the internet of things comprises information such as a manufacturer, a type, a model, a software name and a version number of the equipment of the internet of things.

Step S250, distributing corresponding weights for the at least two specified sampling protocols based on the protocol credibility of the at least two specified sampling protocols, performing weighted calculation on each dimension static information carried in the specified field contents of the at least two specified sampling protocols according to the respective corresponding weights of the at least two specified sampling protocols, and determining the identity information of the equipment of the Internet of things according to the calculation result.

The credibility of the protocol refers to the authenticity degree of the protocol information source, and is judged according to an algorithm. For example, based on the credibility of the HTTP protocol and the SNMP protocol, 60% of weight is allocated to the HTTP protocol, 40% of weight is given to the MDNS protocol, weighted calculation is performed on a User-Agent field in a reuqest message of the HTTP protocol and a Domain Name field in a response message of the MDNS protocol, and identity information of the internet of things device is determined according to a calculation result.

In the related art, any rule needs to be written in advance for the identification of the internet of things equipment, and when multiple pieces of same-dimension information conflict, the identity information of the internet of things equipment cannot be finally judged. Through the steps S210 to S250, firstly, the mirror flow is directly analyzed without compiling any rule in advance in the Internet of things equipment identification, and the problem of low automation degree of the Internet of things equipment identification is solved. Secondly, when a plurality of pieces of same-dimension information conflict, a final identification result is obtained by calculation through a weight-based reliability algorithm, and the problem that final judgment cannot be carried out when a plurality of pieces of same-dimension information conflict is solved. The full automation of the identification of the equipment of the Internet of things is realized, and then the dimension information can be finally and accurately judged under the condition that the same dimension information of the equipment of the Internet of things conflicts.

Further, in one embodiment, the at least two designated sampling protocols include a protocol directly solidified in the program through programmer coding and a user self-configuration protocol, and the at least two designated sampling protocols are assigned with corresponding weights based on the protocol credibility of the at least two designated sampling protocols, including the following steps:

step S251, configuring the weight of the protocol directly solidified in the sequence by programmer coding, which is higher than the weight of the protocol self-configured by the user.

In this embodiment, the protocols are divided into two types, one is a protocol directly fixed in the program by programmer codes, and the other is a user self-configuration protocol. For the source of the user self-configuration protocol, certain confusion possibility exists, for example, for a certain protection consideration, the user may specially modify some fields which can expose static information of the internet of things device, thereby causing confusion effect to the outside and hiding the real static information of the user. For example, the DHCP (Dynamic Host Configuration Protocol) Protocol belongs to the user self-Configuration Protocol because the content of the Host Name field of the DHCP Protocol may be modified by the user. For the protocol directly solidified in the program through programmer coding, the protocol is unlikely to be modified manually, for example, the HTTP protocol, the content of the User-Agent field of the HTTP protocol is solidified in the program, and the authenticity of the static information is ensured, so the embodiment gives the highest weight; while for user-self-configured protocols, the present embodiment gives relatively low weight.

By distinguishing the protocol directly solidified in the program through the programmer codes and the user self-configuration protocol and giving weights of different degrees to the two types of protocols, the problem that final judgment cannot be carried out under the condition that a plurality of pieces of same-dimension information conflict between the protocol directly solidified in the program through the programmer codes and the user self-configuration protocol is solved, and the accuracy of a final calculation result is ensured to a certain extent.

In one embodiment, the at least two specified sampling protocols include the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol; the weights of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol and the DHCP protocol are ordered from large to small in sequence as follows: HTTP protocol, SNMP protocol, NetBIOS protocol, MDNS protocol, DHCP protocol.

The sorting mode is sorted according to the size of the information quantity of the internet of things equipment which can be carried by each protocol. For example, taking the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol as the specified protocol sampling protocols, the weights of the protocols are assigned as follows: the HTTP weight is 35%, the SNMP weight is 20%, the NetBIOS weight is 15%, the MDNS weight is 15%, and the DHCP weight is 15%, and specific weight values may be determined according to an actual application scenario, as long as it is ensured that the weights are ordered from large to small: HTTP protocol, SNMP protocol, NetBIOS protocol, MDNS protocol, and DHCP protocol.

The weights are distributed according to the sequence of the information quantity of the networking equipment which can be carried by each protocol, the problem that final judgment cannot be carried out under the condition that multiple protocols have multiple same dimension information conflicts is solved, and the accuracy of a final calculation result is guaranteed to a certain extent.

As shown in fig. 3, in one embodiment, on the basis of the above embodiment, after acquiring the mirror traffic of the internet of things device in step S210 and before analyzing the sampling data in the mirror traffic, the method further includes the following steps:

step S220, filtering the non-sampled data in the mirror flow.

The mirror image flow is analyzed through the protocol analysis plug-in, non-sampling data corresponding to the non-sampling protocol in the mirror image flow is filtered, and the processing speed of the message of the sampling data can be increased through the step S220.

In one embodiment, the at least two specified sampling protocols include two or more of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol.

The User-Agent field in the HTTP request message contains all dimension static information of the Internet of things equipment, some public mib nodes in the OID field in the SNMP protocol message contain all dimension static information of the Internet of things equipment, the Computer Name in the NetBIOS protocol message contains all dimension static information of the Internet of things equipment, the Domain Name field in the MDNS protocol response message contains all dimension static information of the Internet of things equipment, the Host Name Option field in the DHCP protocol request message contains all dimension static information of the Internet of things equipment, and any two or more protocols can be used as sampling protocols.

For example, the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol are taken as the specified sampling protocols, and the weight ratios assigned to the weights of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol are as follows: the method comprises the following steps that the HTTP weight is 35%, the SNMP weight is 20%, the NetBIOS weight is 15%, the MDNS weight is 15%, and the DHCP weight is 15%, a calculation formula (x, y) ═ f (a, b, c, d, e) is given through an algorithm to finally determine the identity information of the equipment of the Internet of things, and the specific calculation formula can be determined according to actual conditions. The method comprises the steps that a represents the content of a key field extracted through an HTTP (hyper text transport protocol), b represents the content of a key field extracted through an SNMP (simple network management protocol), c represents the content of the key field extracted through a NetBIOS (basic input output System) protocol, d represents the content of the key field extracted through an MDNS (minimization drive System) protocol, e represents the content of the key field extracted through a DHCP (dynamic host configuration protocol), x represents the identity information of the finally output Internet of things equipment, y represents the credibility of a final result, and when the credibility of the final result is lower than a certain threshold value, the output value of x is unknown, and the specific threshold value can be determined according to requirements.

Any two or more protocols of an HTTP protocol, an SNMP protocol, a NetBIOS protocol, an MDNS protocol and a DHCP protocol are used as sampling protocols, corresponding weights are distributed for the sampling protocols based on the credibility of the protocols, weighting calculation is carried out on each dimension static information carried in the specified field content of the sampling protocols, and the identity information of the equipment of the Internet of things can be finally determined according to the calculation result.

In one embodiment, the step S210 of obtaining the mirror flow of the internet of things device may be implemented in the following manner:

copying the original flow of the Internet of things equipment by configuring a mirror image port on the switch to obtain the mirror image flow of the Internet of things equipment;

or, the original flow of the internet of things equipment is copied through light splitting of the light splitter, and the mirror image flow of the internet of things equipment is obtained.

No matter which way to duplicate the original traffic, the mirror traffic of the internet of things equipment can be obtained quickly and efficiently.

In one embodiment, the dimensional static information of the internet of things device comprises one or more of a manufacturer, a type and a model.

No matter one or more dimension information of the manufacturer, the type and the model of the Internet of things equipment is extracted from a specified field in a specified sampling protocol, the identity information of the Internet of things equipment can be finally determined in a certain range. The more information dimensions of the extracted internet of things equipment, the more accurate the identity information of the internet of things equipment can be determined.

The embodiment also provides an internet of things device identification apparatus, which is used for implementing the foregoing embodiments and preferred embodiments, and the description of the apparatus is omitted. All or part of each module in the internet of things equipment identification device can be realized through software, hardware and a combination thereof. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware or a combination of software and hardware is also conceivable.

Fig. 4 is a schematic diagram of an internet of things device identification apparatus according to an embodiment of the present invention, and as shown in fig. 4, there is provided an internet of things device identification apparatus 30, which includes an obtaining module 31, an extracting module 32, and a result module 33, where:

the obtaining module 31 is configured to obtain a mirror flow of the internet of things device;

the extraction module 32 is configured to analyze the sampled data in the mirror flow, and extract specified field contents of at least two specified sampling protocols from an analysis result, where the specified field contents of the at least two specified sampling protocols carry the static information of each dimension of the internet of things device;

the result module 33 is configured to allocate corresponding weights to the at least two specified sampling protocols based on the protocol reliability of the at least two specified sampling protocols, perform weighted calculation on each dimension static information carried in the specified field content of the at least two specified sampling protocols according to the respective corresponding weights of the at least two specified sampling protocols, and determine the identity information of the internet of things device according to the calculation result.

The internet of things equipment recognition device 30 is used for recognizing the identity of the internet of things equipment, any rule does not need to be written in advance, mirror flow is directly analyzed, and the problem of low automation degree of internet of things equipment recognition is solved. Secondly, when a plurality of pieces of same-dimension information conflict, a final identification result is obtained by calculation through a weight-based reliability algorithm, and the problem that final judgment cannot be carried out when a plurality of pieces of same-dimension information conflict is solved. The full automation of the identification of the equipment of the Internet of things is realized, and then the dimension information can be finally and accurately judged under the condition that the same dimension information of the equipment of the Internet of things conflicts.

In one embodiment, the at least two designated sampling protocols include a protocol directly solidified in the program by the programmer's code and a user self-configuration protocol, and the result module 33 is configured to assign corresponding weights to the at least two designated sampling protocols based on the protocol credibility of the at least two designated sampling protocols, and the weight of the protocol directly solidified in the sequence by the programmer's code is higher than the weight of the protocol self-configured by the user.

In one embodiment, the at least two specified sampling protocols include an HTTP protocol, an SNMP protocol, an NetBIOS protocol, an MDNS protocol, and a DHCP protocol, the result module 33 is configured to assign corresponding weights to the at least two specified sampling protocols, and the weights of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol are sequentially ordered from large to small: HTTP protocol, SNMP protocol, NetBIOS protocol, MDNS protocol, DHCP protocol.

In one embodiment, the internet of things device identification apparatus 30 further includes a filtering module 34, and the filtering module 34 is configured to filter non-sampled data in the mirror traffic.

In one embodiment, the extraction module 32 is configured to extract the contents of specified fields of two or more of the HTTP protocol, the SNMP protocol, the NetBIOS protocol, the MDNS protocol, and the DHCP protocol.

In one embodiment, the obtaining module 31 is implemented by configuring a mirror port on a switch to copy an original traffic of the internet of things device, so as to obtain a mirror traffic of the internet of things device; or the original flow of the equipment of the Internet of things is copied through light splitting of the light splitter, so that the mirror image flow of the equipment of the Internet of things is obtained.

In one embodiment, the extracting module 32 is configured to extract specified field contents of a specified sampling protocol, where the specified field contents carry static information of each dimension of the internet of things device, and the static information includes one or more of a manufacturer, a type, and a model.

The above modules may be functional modules or program modules, and may be implemented by software or hardware. The modules can be embedded in a hardware form or independent from a device in the computer equipment, and can also be stored in a memory in the computer equipment in a software form, so that the processor can call and execute operations corresponding to the modules.

In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing a preset configuration information set. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to realize the Internet of things equipment identification method.

In one embodiment, a computer device is provided, which may be a terminal. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an internet of things device identification method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.

Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:

acquiring mirror image flow of the Internet of things equipment;

analyzing the sampling data in the mirror image flow, and extracting appointed field contents of at least two appointed sampling protocols from an analysis result, wherein the appointed field contents of the at least two appointed sampling protocols carry all-dimensional static information of the Internet of things equipment;

based on the protocol credibility of at least two specified sampling protocols, corresponding weights are distributed for the at least two specified sampling protocols, weighted calculation is carried out on each dimension static information carried in the specified field content of the at least two specified sampling protocols according to the weights corresponding to the at least two specified sampling protocols, and the identity information of the Internet of things equipment is determined according to the calculation result.