信息安全研究 ›› 2020, Vol. 6 ›› Issue (6): 0-0.

• 检测预警与态势感知专题 •    下一篇

基于流量感知的动态网络资产监测研究

李憧,刘鹏,蔡国庆   

  1. 北京市政务信息安全应急处置中心
  • 收稿日期:2020-06-08 出版日期:2020-06-05 发布日期:2020-06-09
  • 通讯作者: 李憧

Research on dynamic network asset monitoring based on traffic perception

  • Received:2020-06-08 Online:2020-06-05 Published:2020-06-09

摘要: 随着网络技术的快速发展,安全问题也随着网络空间的资产数量变多和种类越发复杂变得越来越严峻,这对网络安全主管部门提出了新的挑战。精确对处于动态变化的网络资产进行识别,并全方位实时对其动态监测是实现网络资产有效管理的前提,同时也为威胁关联分析打下基础。基于实时流量采集处理、指纹特征建立、网络资产识别技术,提出网络资产动态监测思想。利用流量数据提取特征字段,采用多指纹角度的匹配方式实现对网络资产的有效识别,在此基础上通过服务器、信息系统、资产内部关联三个方面对网络资产进行动态监测,为网络资产管理和安全评估提供了有力支撑。

关键词: 流量分析, 资产识别, 指纹特征, 网络资产监测, 网络安全

Abstract: With the rapid development of network technology, the security problem has become more and more serious as the number and types of assets in cyberspace have become more and more complex, which poses a new challenge to the management department of network security. It is the premise to realize the effective management of network assets to accurately identify the large network whose asset status is changing dynamically and to carry out real-time dynamic monitoring in an all-round way. It also lays a foundation for threat correlation analysis. Based on real-time traffic, to establish fingerprint characteristic, collection and processing network assets identification technology, proposed the idea to the dynamic monitoring network assets. Using flow field data extraction characteristics, adopts many the angles of the fingerprint matching method to realize the effective identification network assets, on this basis, through three aspects of the server, information systems and asset internal to the dynamic monitoring of network assets, which provides a strong support for asset management and safety assessment for network.

Key words: traffic perception, asset identification, fingerprint characteristics, network asset monitoring, cyber security