CN114492376B - Application fingerprint detection method and device and electronic equipment - Google Patents
Application fingerprint detection method and device and electronic equipment Download PDFInfo
- Publication number
- CN114492376B CN114492376B CN202111619007.8A CN202111619007A CN114492376B CN 114492376 B CN114492376 B CN 114492376B CN 202111619007 A CN202111619007 A CN 202111619007A CN 114492376 B CN114492376 B CN 114492376B
- Authority
- CN
- China
- Prior art keywords
- field
- network protocol
- rule
- boolean logic
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 68
- 238000000034 method Methods 0.000 claims abstract description 23
- 230000004044 response Effects 0.000 claims description 86
- 238000004590 computer program Methods 0.000 claims description 16
- 238000004891 communication Methods 0.000 description 4
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 2
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 2
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 2
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 2
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Communication Control (AREA)
Abstract
Description
技术领域Technical Field
本发明涉及计算机技术领域,尤其涉及一种应用指纹的检测方法、装置和电子设备。The present invention relates to the field of computer technology, and in particular to a fingerprint detection method, device and electronic equipment.
背景技术Background technique
现有指纹识别应用,在指纹格式设计上有其局限性,有的规则格式设计得极其复杂,导致兼容性不好,检测逻辑简单低效;有的对于字段解析很粗糙,对于流量的字段解析,难以对于特定字段进行细分,规则精确度受到影响,效率也更低。Existing fingerprint recognition applications have limitations in fingerprint format design. Some rule formats are extremely complex, resulting in poor compatibility and simple and inefficient detection logic. Some are very rough in field parsing and find it difficult to segment specific fields in traffic field parsing, which affects rule accuracy and reduces efficiency.
因此,实现高效的应用指纹检测是亟待解决的问题。Therefore, achieving efficient application fingerprint detection is an urgent problem to be solved.
发明内容Summary of the invention
本发明提供一种应用指纹的检测方法、装置和电子设备,用以解决现有技术中指纹检测效率低的缺陷,实现高效的应用指纹检测。The present invention provides a method, device and electronic device for detecting an application fingerprint, so as to solve the defect of low fingerprint detection efficiency in the prior art and realize efficient application fingerprint detection.
本发明提供一种应用指纹的检测方法,包括:The present invention provides a detection method for application fingerprints, comprising:
获取网络流量数据;Get network traffic data;
将所述网络流量数据输入解码器,获得通过布尔逻辑连接的多个网络协议字段,其中,所述网络协议字段包括字段名称和字段内容;Inputting the network traffic data into a decoder to obtain a plurality of network protocol fields connected by Boolean logic, wherein the network protocol fields include field names and field contents;
根据所述多个网络协议字段的所述字段名称和所述字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,所述第一规则文件为存储在本地的文件,所述第一规则文件中预存有布尔逻辑规则和所述布尔逻辑规则对应的应用标识,所述布尔逻辑规则具有通过布尔逻辑字符连接的至少一个逻辑节点,所述逻辑节点包括第一字段名称和第一字段内容;According to the field names and the field contents of the multiple network protocol fields, matching is performed based on Boolean logic rules in a first rule file to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores Boolean logic rules and application identifiers corresponding to the Boolean logic rules, and the Boolean logic rules have at least one logical node connected by Boolean logic characters, and the logical node includes a first field name and a first field content;
根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,所述第二规则文件为存储在本地的文件,所述第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。The corresponding target application fingerprint information is matched in the second rule file according to the target application identifier, wherein the second rule file is a file stored locally and the application identifier and the application fingerprint information corresponding to the application identifier are pre-stored in the second rule file.
根据本发明提供的一种应用指纹检测方法,所述网络协议字段包括请求头网络协议字段、请求体网络协议字段、响应头网络协议字段和响应体网络协议字段;According to an application fingerprint detection method provided by the present invention, the network protocol field includes a request header network protocol field, a request body network protocol field, a response header network protocol field and a response body network protocol field;
所述将所述网络流量数据输入解码器,获得通过布尔逻辑连接的多个网络协议字段的步骤,包括:The step of inputting the network traffic data into a decoder to obtain a plurality of network protocol fields connected by Boolean logic comprises:
将所述网络流量数据输入解码器,按照预设解码规则解码获得请求头、请求体、响应头和响应体;Input the network traffic data into a decoder, and decode it according to a preset decoding rule to obtain a request header, a request body, a response header, and a response body;
将所述请求头、所述请求体、所述响应头和所述响应体按照预设解码规则解码获得所述请求头对应的请求头字段集合、所述请求体对应的请求体字段集合、所述响应头对应的响应头字段集合和所述响应体对应的响应体字段集合;Decode the request header, the request body, the response header, and the response body according to a preset decoding rule to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header, and a response body field set corresponding to the response body;
其中,所述请求头字段集合包括至少一个请求头网络协议字段的字段名称和字段内容,所述请求体字段集合包括至少一个请求体网络协议字段的字段名称和字段内容,所述响应头字段集合包括至少一个响应头网络协议字段的字段名称和字段内容,所述响应体字段集合包括至少一个响应体网络协议字段的字段名称和字段内容。Among them, the request header field set includes the field name and field content of at least one request header network protocol field, the request body field set includes the field name and field content of at least one request body network protocol field, the response header field set includes the field name and field content of at least one response header network protocol field, and the response body field set includes the field name and field content of at least one response body network protocol field.
根据本发明提供的一种应用指纹检测方法,所述根据所述多个网络协议字段的字段名称和字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识的步骤,包括:According to an application fingerprint detection method provided by the present invention, the step of performing matching based on Boolean logic rules in a first rule file according to the field names and field contents of the multiple network protocol fields to obtain a corresponding target application identifier includes:
根据不同类型的所述字段集合以及对应的预设顺序,在第一规则文件中依次匹配每个所述字段集合中所述网络协议字段的字段名称和字段内容符合的布尔逻辑规则对应的目标应用标识。According to the different types of field sets and the corresponding preset order, the field name and field content of the network protocol field in each field set are matched in turn in the first rule file to the target application identifier corresponding to the Boolean logic rule.
根据本发明提供的一种应用指纹检测方法,所述在第一规则文件中依次匹配每个所述字段集合中所述网络协议字段的所述字段名称和所述字段内容符合的布尔逻辑规则对应的目标应用标识的步骤,包括:According to an application fingerprint detection method provided by the present invention, the step of sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the Boolean logic rule that the field content complies with in the first rule file comprises:
对于每个字段集合,根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识;For each field set, matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field;
其中,所述符合的布尔逻辑规则为具有与所述字段名称和所述字段内容一致的逻辑节点并满足所述布尔逻辑字符对应条件的布尔逻辑规则。The conforming Boolean logic rule is a Boolean logic rule having a logic node consistent with the field name and the field content and satisfying the Boolean logic character corresponding condition.
根据本发明提供的一种应用指纹检测方法,所述字段集合中含有多个网络协议字段的所述字段名称和所述字段内容;所述布尔逻辑规则中含有多个逻辑节点,所述布尔逻辑字符为与逻辑字符;According to an application fingerprint detection method provided by the present invention, the field set contains the field names and field contents of multiple network protocol fields; the Boolean logic rule contains multiple logic nodes, and the Boolean logic character is an AND logic character;
所述根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识的步骤,包括:The step of matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field comprises:
根据所述多个网络协议字段的所述字段名称和所述字段内容,在第一规则文件中匹配符合第一条件的布尔逻辑规则对应的所述目标应用标识;According to the field names and the field contents of the multiple network protocol fields, matching the target application identifier corresponding to the Boolean logic rule that meets the first condition in the first rule file;
其中,所述第一条件为所述多个网络协议字段的所述字段名称同时满足与所述多个逻辑节点中的所述第一字段名称一致,并且,所述多个网络协议字段中与所述字段名称对应的所述字段内容同时满足与所述多个逻辑节点中的所述第一字段内容一致。Among them, the first condition is that the field names of the multiple network protocol fields are simultaneously consistent with the first field names in the multiple logical nodes, and the field contents corresponding to the field names in the multiple network protocol fields are simultaneously consistent with the first field contents in the multiple logical nodes.
根据本发明提供的一种应用指纹检测方法,所述字段集合中含有多个网络协议字段的所述字段名称和所述字段内容;所述布尔逻辑规则中含有多个逻辑节点,所述布尔逻辑字符为或逻辑字符;According to an application fingerprint detection method provided by the present invention, the field set contains the field names and field contents of multiple network protocol fields; the Boolean logic rule contains multiple logic nodes, and the Boolean logic character is an OR logic character;
所述根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识的步骤,包括:The step of matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field comprises:
根据所述多个网络协议字段的所述字段名称和所述字段内容,在第一规则文件中匹配符合第二条件的布尔逻辑规则对应的所述目标应用标识;According to the field names and the field contents of the multiple network protocol fields, matching the target application identifier corresponding to the Boolean logic rule that meets the second condition in the first rule file;
其中,所述第二条件为所述多个网络协议字段的所述字段名称满足与所述多个逻辑节点中任意一个逻辑节点的所述第一字段名称一致,并且,所述多个网络协议字段中与所述字段名称对应的所述字段内容与确定的逻辑节点的所述第一字段内容一致,所述确定的逻辑节点为所述字段名称与所述第一字段名称一致的逻辑节点。The second condition is that the field names of the multiple network protocol fields are consistent with the first field name of any one of the multiple logical nodes, and the field content corresponding to the field name in the multiple network protocol fields is consistent with the first field content of the determined logical node, and the determined logical node is the logical node whose field name is consistent with the first field name.
根据本发明提供的一种应用指纹检测方法,所述根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识的步骤,之后还包括:According to an application fingerprint detection method provided by the present invention, the step of matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field, further includes:
当根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中成功匹配到符合的布尔逻辑规则对应的所述目标应用标识时,停止后续匹配。When the target application identifier corresponding to the matching Boolean logic rule is successfully matched in the first rule file according to the field name and the field content of the network protocol field, subsequent matching is stopped.
根据本发明提供的一种应用指纹检测方法,所述目标应用指纹信息包括应用属性信息和应用来源信息,其中,所述应用属性信息包括应用名称、应用描述和应用版本,所述应用来源信息包括IP地址和端口信息;According to an application fingerprint detection method provided by the present invention, the target application fingerprint information includes application attribute information and application source information, wherein the application attribute information includes application name, application description and application version, and the application source information includes IP address and port information;
所述根据所述目标应用标识在第二规则文件中匹配目标应用指纹信息的步骤,包括:The step of matching the target application fingerprint information in the second rule file according to the target application identifier includes:
根据所述目标应用标识在所述第二规则文件中匹配所述应用描述、所述应用版本、所述IP地址和所述端口信息,将所述目标应用名称、所述应用描述和所述应用版本作为所述应用属性信息,将所述IP地址和所述端口信息作为所述应用来源信息;Match the application description, the application version, the IP address and the port information in the second rule file according to the target application identifier, use the target application name, the application description and the application version as the application attribute information, and use the IP address and the port information as the application source information;
根据所述应用属性信息和所述应用来源信息生成所述目标应用指纹信息。The target application fingerprint information is generated according to the application attribute information and the application source information.
本发明还提供一种应用指纹的检测装置,包括:The present invention also provides a detection device using fingerprints, comprising:
获取单元,用于获取网络流量数据;An acquisition unit, used for acquiring network traffic data;
解析单元,用于将所述网络流量数据输入解码器,获得多个网络协议字段,其中,所述网络协议字段包括字段名称和字段内容;A parsing unit, used for inputting the network traffic data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields include field names and field contents;
第一匹配单元,用于根据所述多个网络协议字段的所述字段名称和所述字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,所述第一规则文件为存储在本地的文件,所述第一规则文件中预存有布尔逻辑规则和所述布尔逻辑规则对应的应用标识,所述布尔逻辑规则具有布尔逻辑字符和至少一个逻辑节点,所述逻辑节点包括第一字段名称和第一字段内容;a first matching unit, configured to perform matching based on Boolean logic rules in a first rule file according to the field names and the field contents of the multiple network protocol fields, to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores Boolean logic rules and application identifiers corresponding to the Boolean logic rules, the Boolean logic rules have Boolean logic characters and at least one logic node, and the logic node includes a first field name and a first field content;
第二匹配单元,用于根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,所述第二规则文件为存储在本地的文件,所述第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。The second matching unit is used to match the corresponding target application fingerprint information in the second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the application identifier and the application fingerprint information corresponding to the application identifier are pre-stored in the second rule file.
本发明还提供一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上述任一种所述应用指纹的检测方法的步骤。The present invention also provides an electronic device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the program, the steps of any of the above-mentioned application fingerprint detection methods are implemented.
本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如上述任一种所述应用指纹的检测方法的步骤。The present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, the steps of any of the above-mentioned application fingerprint detection methods are implemented.
本发明还提供一种计算机程序产品,包括计算机程序,所述计算机程序被处理器执行时实现如上述任一种所述应用指纹的检测方法的步骤。The present invention also provides a computer program product, comprising a computer program, wherein when the computer program is executed by a processor, the steps of any of the above-mentioned application fingerprint detection methods are implemented.
本发明提供的应用指纹的检测方法、装置和电子设备,通过获取网络流量数据;将所述网络流量数据输入解码器,获得多个网络协议字段,其中,所述网络协议字段包括字段名称和字段内容;根据所述多个网络协议字段的所述字段名称和所述字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,所述第一规则文件为存储在本地的文件,所述第一规则文件中预存有布尔逻辑规则和所述布尔逻辑规则对应的应用标识,所述布尔逻辑规则具有通过布尔逻辑字符连接的至少一个逻辑节点,所述逻辑节点包括第一字段名称和第一字段内容;根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,所述第二规则文件为存储在本地的文件,所述第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。本发明在第一规则文件中通过基于布尔逻辑规则的匹配,实现基于多个网络协议字段的并行应用指纹检测,进而实现高效的应用指纹检测。The detection method, device and electronic device of application fingerprint provided by the present invention obtain network traffic data; input the network traffic data into a decoder to obtain multiple network protocol fields, wherein the network protocol field includes a field name and a field content; perform matching based on Boolean logic rules in a first rule file according to the field names and the field contents of the multiple network protocol fields to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, the first rule file pre-stores a Boolean logic rule and an application identifier corresponding to the Boolean logic rule, the Boolean logic rule has at least one logical node connected by Boolean logic characters, and the logical node includes a first field name and a first field content; match the corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the second rule file pre-stores an application identifier and an application fingerprint information corresponding to the application identifier. The present invention realizes parallel application fingerprint detection based on multiple network protocol fields through matching based on Boolean logic rules in the first rule file, thereby realizing efficient application fingerprint detection.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本发明或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the present invention or the prior art, the following briefly introduces the drawings required for use in the embodiments or the description of the prior art. Obviously, the drawings described below are some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.
图1是本发明提供的应用指纹的检测方法的流程示意图;FIG1 is a schematic flow chart of a method for detecting application fingerprints provided by the present invention;
图2是本发明提供的应用指纹的检测的流程图;FIG2 is a flow chart of the detection of application fingerprints provided by the present invention;
图3是本发明提供的应用指纹的检测装置的结构示意图;FIG3 is a schematic diagram of the structure of a detection device for applying fingerprints provided by the present invention;
图4是本发明提供的电子设备的结构示意图。FIG. 4 is a schematic diagram of the structure of an electronic device provided by the present invention.
具体实施方式Detailed ways
为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明中的附图,对本发明中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be clearly and completely described below in conjunction with the drawings of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.
应用指纹信息是指应用程序的相关特征,包括应用名称、应用相关描述、应用程序所在的服务器操作系统、应用程序的服务器、开发框架、开发语言、数据库、应用版本信息等属性。Application fingerprint information refers to the relevant features of the application, including the application name, application-related description, the server operating system where the application is located, the application server, development framework, development language, database, application version information and other attributes.
现有指纹识别应用,在指纹格式设计上有其局限性,有的规则格式设计得极其复杂,导致兼容性不好,检测逻辑简单低效;有的对于字段解析很粗糙,对于流量的字段解析,难以对于特定字段进行细分,规则精确度受到影响,效率也更低。Existing fingerprint recognition applications have limitations in fingerprint format design. Some rule formats are extremely complex, resulting in poor compatibility and simple and inefficient detection logic. Some are very rough in field parsing and find it difficult to segment specific fields in traffic field parsing, which affects rule accuracy and reduces efficiency.
因此,实现高效的应用指纹检测是亟待解决的问题。Therefore, achieving efficient application fingerprint detection is an urgent problem to be solved.
为解决上述问题,本发明提供一种应用指纹的检测方法,如图1所示,包括如下步骤:To solve the above problems, the present invention provides a detection method for application fingerprints, as shown in FIG1 , comprising the following steps:
S11、获取网络流量数据。S11. Obtain network traffic data.
具体地,为方便理解,接下来以电子设备为执行主体进行解释说明,并不起限定作用。Specifically, for ease of understanding, the following explanation is given using an electronic device as the execution subject, which does not serve as a limitation.
电子设备可以获取网络流量数据,网络流量数据包括各个网络应用在运行时产生的数据。The electronic device can obtain network traffic data, which includes data generated by various network applications during operation.
S12、将所述网络流量数据输入解码器,获得多个网络协议字段。S12. Input the network traffic data into a decoder to obtain a plurality of network protocol fields.
具体地,电子设备可以将网络流量数据输入解码器,获得网络流量数据中网络应用内的多个网络协议字段,其中,所述网络协议字段包括字段名称和字段内容。Specifically, the electronic device may input the network traffic data into a decoder to obtain a plurality of network protocol fields within a network application in the network traffic data, wherein the network protocol field includes a field name and field content.
S13、根据所述多个网络协议字段的所述字段名称和所述字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识。S13. Perform matching based on Boolean logic rules in the first rule file according to the field names and the field contents of the multiple network protocol fields to obtain a corresponding target application identifier.
具体地,电子设备可以根据网络协议字段的字段名称和字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,第一规则文件为存储在本地的文件,第一规则文件中预存有布尔逻辑规则和所述布尔逻辑规则对应的应用标识,所述布尔逻辑规则具有通过布尔逻辑字符连接的至少一个逻辑节点,所述逻辑节点包括第一字段名称和第一字段内容。Specifically, the electronic device can perform a match based on Boolean logic rules in the first rule file according to the field name and field content of the network protocol field to obtain the corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores Boolean logic rules and application identifiers corresponding to the Boolean logic rules, and the Boolean logic rules have at least one logical node connected by Boolean logic characters, and the logical node includes a first field name and a first field content.
为方便规则跨平台使用,第一规则文件可以为XML格式的文件。To facilitate cross-platform use of rules, the first rule file may be a file in XML format.
S14、根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息。S14. Match corresponding target application fingerprint information in the second rule file according to the target application identifier.
具体地,电子设备可以根据在第一规则文件中匹配到的目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,第二规则文件为存储在本地的文件,第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。Specifically, the electronic device can match the corresponding target application fingerprint information in the second rule file according to the target application identifier matched in the first rule file, wherein the second rule file is a file stored locally, and the second rule file pre-stores the application identifier and the application fingerprint information corresponding to the application identifier.
为方便规则跨平台使用,第一规则文件可以为XML格式的文件。To facilitate cross-platform use of rules, the first rule file may be a file in XML format.
一个示例中,如图2所示,图2为应用指纹的检测的流程图。首先获取网络流量数据,随后将网络流量数据输入解码器,对网络流量数据进行解码获得多个网络协议字段,在第一规则文件中匹配与多个网络协议字段对应的目标应用标识,之后在第二规则文件中匹配与目标应用标识对应的应用指纹信息。In one example, as shown in FIG2 , FIG2 is a flow chart of application fingerprint detection. First, network traffic data is obtained, and then the network traffic data is input into a decoder, the network traffic data is decoded to obtain multiple network protocol fields, and the target application identifiers corresponding to the multiple network protocol fields are matched in the first rule file, and then the application fingerprint information corresponding to the target application identifier is matched in the second rule file.
本发明实施例中,通过获取网络流量数据,将网络流量数据输入解码器,获得多个网络协议字段,其中,网络协议字段包括字段名称和字段内容,根据多个网络协议字段的字段名称和字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,第一规则文件为存储在本地的文件,第一规则文件中预存有布尔逻辑规则和布尔逻辑规则对应的应用标识,布尔逻辑规则具有通过布尔逻辑字符连接的至少一个逻辑节点,逻辑节点包括第一字段名称和第一字段内容,根据目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,第二规则文件为存储在本地的文件,第二规则文件中预存有应用标识以及与应用标识对应的应用指纹信息。本发明在第一规则文件中通过基于布尔逻辑规则的匹配,实现基于多个网络协议字段的并行应用指纹检测,进而实现高效的应用指纹检测。In an embodiment of the present invention, by acquiring network traffic data, the network traffic data is input into a decoder to obtain multiple network protocol fields, wherein the network protocol field includes a field name and a field content, and a Boolean logic rule-based match is performed in a first rule file according to the field name and field content of the multiple network protocol fields to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores a Boolean logic rule and an application identifier corresponding to the Boolean logic rule, and the Boolean logic rule has at least one logical node connected by a Boolean logic character, and the logical node includes a first field name and a first field content, and the corresponding target application fingerprint information is matched in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the second rule file pre-stores an application identifier and an application fingerprint information corresponding to the application identifier. The present invention realizes parallel application fingerprint detection based on multiple network protocol fields through matching based on Boolean logic rules in the first rule file, thereby realizing efficient application fingerprint detection.
根据本发明提供的一种应用指纹的检测方法,所述网络协议字段包括请求头网络协议字段、请求体网络协议字段、响应头网络协议字段和响应体网络协议字段;步骤S12包括如下步骤:According to a method for detecting application fingerprints provided by the present invention, the network protocol field includes a request header network protocol field, a request body network protocol field, a response header network protocol field, and a response body network protocol field; step S12 includes the following steps:
S121、将所述网络流量数据输入解码器,按照预设解码规则解码获得请求头、请求体、响应头和响应体。S121. Input the network traffic data into a decoder, and decode it according to a preset decoding rule to obtain a request header, a request body, a response header, and a response body.
具体地,电子设备可以将网络流量数据输入解码器,解码器中预存有预设的解码规则,以使解码器按照预设解码规则对网络流量数据进行解码,获得请求头、请求体、响应头和响应体。Specifically, the electronic device can input the network traffic data into a decoder, which has preset decoding rules pre-stored therein, so that the decoder decodes the network traffic data according to the preset decoding rules to obtain a request header, a request body, a response header and a response body.
S122、将所述请求头、所述请求体、所述响应头和所述响应体按照预设解码规则解码获得所述请求头对应的请求头字段集合、所述请求体对应的请求体字段集合、所述响应头对应的响应头字段集合和所述响应体对应的响应体字段集合。S122. Decode the request header, the request body, the response header and the response body according to a preset decoding rule to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header and a response body field set corresponding to the response body.
具体地,进一步地可以将请求头、请求体、响应头和响应体按照预设的解码规则进一步解码获得请求头对应的请求头字段集合、请求体对应的请求体字段集合、响应头对应的响应头字段集合和响应体对应的响应体字段集合。Specifically, the request header, request body, response header and response body can be further decoded according to preset decoding rules to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header, and a response body field set corresponding to the response body.
其中,请求头字段集合包括至少一个请求头网络协议字段的字段名称和字段内容,请求体字段集合包括至少一个请求体网络协议字段的字段名称和字段内容,响应头字段集合包括至少一个响应头网络协议字段的字段名称和字段内容,响应体字段集合包括至少一个响应体网络协议字段的字段名称和字段内容。Among them, the request header field set includes the field name and field content of at least one request header network protocol field, the request body field set includes the field name and field content of at least one request body network protocol field, the response header field set includes the field name and field content of at least one response header network protocol field, and the response body field set includes the field name and field content of at least one response body network protocol field.
本发明实施例中,网络协议字段包括请求头网络协议字段、请求体网络协议字段、响应头网络协议字段和响应体网络协议字段,详细描述了将网络流量数据输入解码器,获得通过多个网络协议字段的步骤。通过上述步骤可以简便快速的获得多个网络协议字段,方便后续根据网络协议字段的字段名称和字段内容在第一规则文件中基于布尔逻辑规则的匹配得到对应的目标应用标识,进而根据目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,进而实现基于多个网络协议字段的并行应用指纹检测,进而实现高效的应用指纹检测。In an embodiment of the present invention, the network protocol field includes a request header network protocol field, a request body network protocol field, a response header network protocol field, and a response body network protocol field, and describes in detail the steps of inputting network traffic data into a decoder to obtain multiple network protocol fields. Through the above steps, multiple network protocol fields can be obtained simply and quickly, which facilitates the subsequent matching of the field name and field content of the network protocol field in the first rule file based on Boolean logic rules to obtain the corresponding target application identifier, and then match the corresponding target application fingerprint information in the second rule file according to the target application identifier, thereby realizing parallel application fingerprint detection based on multiple network protocol fields, and then realizing efficient application fingerprint detection.
根据本发明实施例提供的一种应用指纹的检测方法,步骤S13具体为:According to an application fingerprint detection method provided by an embodiment of the present invention, step S13 is specifically as follows:
根据不同类型的所述字段集合以及对应的预设顺序,在第一规则文件中依次匹配每个所述字段集合中所述网络协议字段的字段名称和字段内容符合的布尔逻辑规则对应的目标应用标识。According to the different types of field sets and the corresponding preset order, the field name and field content of the network protocol field in each field set are matched in turn in the first rule file to the target application identifier corresponding to the Boolean logic rule.
具体地,请求头字段集合、请求体字段集合、响应头字段集合和响应体字段集合之间按照预设顺序排序。Specifically, the request header field set, the request body field set, the response header field set, and the response body field set are sorted in a preset order.
电子设备可以在第一规则文件中按照不同类型的字段集合的预设顺序,依次从不同类型的字段集合中匹配每个字段集合中的网络协议字段的字段名称和字段内容符合的布尔逻辑规则对应的目标应用标识。The electronic device can match the target application identifier corresponding to the Boolean logic rule that the field name and field content of the network protocol field in each field set conform to from different types of field sets in the first rule file in accordance with the preset order of different types of field sets.
一个示例中,预设顺序为请求头字段集合、请求体字段集合、响应头字段集合和响应体字段集合。电子设备先在第一规则文件中匹配与请求头字段集合中的请求头网络协议字段的字段名称和字段内容符合的布尔逻辑规则对应的目标应用标识,在匹配请求头字段集合中的请求头网络协议字段之后,继续在第一规则文件中匹配与请求体字段集合中的请求体网络协议字段的字段名称和字段内容符合的布尔逻辑规则对应的目标应用标识,之后按照同样的步骤依次在第一规则文件中继续匹配响应头字段集合和响应体字段集合中的网络协议字段的字段名称和字段内容符合的布尔逻辑规则。In one example, the preset order is a request header field set, a request body field set, a response header field set, and a response body field set. The electronic device first matches the target application identifier corresponding to the Boolean logic rule that the field name and field content of the request header network protocol field in the request header field set conform to in the first rule file, and after matching the request header network protocol field in the request header field set, continues to match the target application identifier corresponding to the Boolean logic rule that the field name and field content of the request body network protocol field in the request body field set conform to in the first rule file, and then continues to match the Boolean logic rule that the field name and field content of the network protocol field in the response header field set and the response body field set conform to in the first rule file in the same steps.
本发明实施例中,请求头字段集合、请求体字段集合、响应头字段集合和响应体字段集合之间按照预设顺序排序,根据不同类型的字段集合以及对应的预设顺序,在第一规则文件中依次匹配每个字段集合中网络协议字段的字段名称和字段内容符合的布尔逻辑规则对应的目标应用标识。实现了在保持数据属性的前提下按照预设顺序进行匹配,减少匹配的随机性,同时提升匹配的效率,方便后续根据目标应用标识在第二规则文件中匹配目标应用指纹信息,进而实现高效的应用指纹检测。In an embodiment of the present invention, the request header field set, the request body field set, the response header field set, and the response body field set are arranged in a preset order, and according to different types of field sets and corresponding preset orders, the field names and field contents of the network protocol fields in each field set are matched in turn in the first rule file to the target application identifier corresponding to the Boolean logic rule. This achieves matching in a preset order while maintaining data attributes, reduces the randomness of matching, and improves matching efficiency, making it convenient to subsequently match the target application fingerprint information in the second rule file according to the target application identifier, thereby achieving efficient application fingerprint detection.
根据本发明实施例提供的一种应用指纹的检测方法,所述在第一规则文件中依次匹配每个所述字段集合中所述网络协议字段的所述字段名称和所述字段内容符合的布尔逻辑规则对应的目标应用标识的步骤,具体为:According to an application fingerprint detection method provided by an embodiment of the present invention, the step of sequentially matching the field name of the network protocol field in each field set and the target application identifier corresponding to the Boolean logic rule that the field content complies with in the first rule file is specifically:
对于每个字段集合,根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识。For each field set, a target application identifier corresponding to a Boolean logic rule that meets the requirements is matched in the first rule file according to the field name and the field content of the network protocol field.
具体地,电子设备可以对于每个字段集合,根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识。Specifically, for each field set, the electronic device may match the target application identifier corresponding to the Boolean logic rule that meets the requirements in the first rule file according to the field name and the field content of the network protocol field.
其中,符合的布尔逻辑规则为具有与字段名称和字段内容一致的逻辑节点并满足布尔逻辑字符对应条件的布尔逻辑规则。The conforming Boolean logic rule is a Boolean logic rule that has a logic node consistent with the field name and the field content and satisfies the Boolean logic character correspondence condition.
本发明实施例中,对于每个字段集合,根据网络协议字段的字段名称和字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识。在字段集合中对多个网络协议字段进行同时匹配,提高了匹配效率,方便快速获得目标应用标识,进而实现高效的应用指纹检测。In the embodiment of the present invention, for each field set, the target application identifier corresponding to the Boolean logic rule that meets the match is matched in the first rule file according to the field name and field content of the network protocol field. Simultaneous matching of multiple network protocol fields in the field set improves the matching efficiency, facilitates and quickly obtains the target application identifier, and thus realizes efficient application fingerprint detection.
根据本发明实施例提供的一种应用指纹的检测方法,所述字段集合中含有多个网络协议字段的所述字段名称和所述字段内容;所述布尔逻辑规则中含有多个逻辑节点,所述布尔逻辑字符为与逻辑字符;According to an application fingerprint detection method provided by an embodiment of the present invention, the field set contains the field names and field contents of multiple network protocol fields; the Boolean logic rule contains multiple logic nodes, and the Boolean logic character is an AND logic character;
所述根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识的步骤,具体为:The step of matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field is specifically:
根据所述多个网络协议字段的所述字段名称和所述字段内容,在第一规则文件中匹配符合第一条件的布尔逻辑规则对应的所述目标应用标识。According to the field names and the field contents of the multiple network protocol fields, the target application identifier corresponding to the Boolean logic rule that meets the first condition is matched in the first rule file.
具体地,字段集合中含有多个网络协议字段的字段名称和字段内容,布尔逻辑规则中含有多个逻辑节点,布尔逻辑字符为与逻辑字符。Specifically, the field set contains field names and field contents of multiple network protocol fields, the Boolean logic rule contains multiple logic nodes, and the Boolean logic characters are AND logic characters.
电子设备可以根据多个网络协议字段的字段名称和字段内容,在第一规则文件中匹配符合第一条件的布尔逻辑规则对应的目标应用标识。The electronic device may match the target application identifier corresponding to the Boolean logic rule that meets the first condition in the first rule file according to the field names and field contents of the plurality of network protocol fields.
其中,第一条件为多个网络协议字段的字段名称同时满足与多个逻辑节点中的第一字段名称一致,并且,多个网络协议字段中与字段名称对应的字段内容同时满足与多个逻辑节点中的第一字段内容一致。Among them, the first condition is that the field names of multiple network protocol fields are simultaneously consistent with the first field names in multiple logical nodes, and the field contents corresponding to the field names in the multiple network protocol fields are simultaneously consistent with the first field contents in the multiple logical nodes.
一个示例中,请求头字段集合中包括请求头网络协议字段X的字段名称x1和字段内容x2以及请求头网络协议字段Y的字段名称y1和字段内容y2。第一规则文件中包括布尔逻辑规则A和与布尔逻辑规则A对应的应用标识M,布尔逻辑规则A中包括A1和A2两个逻辑节点,以及一个与逻辑的布尔逻辑字符,逻辑节点A1在逻辑节点A2前,逻辑节点A1包括第一字段名称x1和字段内容x2,逻辑节点A2包括第一字段名称y1和字段内容y2。电子设备根据请求头网络协议字段X的字段名称x1和字段内容x2和请求头网络协议字段Y的字段名称y1和字段内容y2,在第一规则文件中进行基于布尔逻辑规则的匹配。请求头网络协议字段X的字段名称x1和字段内容x2与布尔逻辑规则A中的逻辑节点A1的字段名称x1和字段内容x2一致,此时因为布尔逻辑字符为与逻辑字符,所以需要同时满足两个逻辑节点的匹配,电子设备继续后续操作,请求头网络协议字段Y的字段名称y1和字段内容y2与布尔逻辑规则A中的逻辑节点A2的字段名称y1和字段内容y2一致,此时基于布尔逻辑规则的匹配成功,电子设备在第一规则文件中匹配到与布尔逻辑规则A对应的目标应用标识M。In one example, the request header field set includes the field name x1 and field content x2 of the request header network protocol field X and the field name y1 and field content y2 of the request header network protocol field Y. The first rule file includes a Boolean logic rule A and an application identifier M corresponding to the Boolean logic rule A. The Boolean logic rule A includes two logic nodes A1 and A2, and a Boolean logic character of AND logic. The logic node A1 is before the logic node A2. The logic node A1 includes the first field name x1 and field content x2. The logic node A2 includes the first field name y1 and field content y2. The electronic device performs matching based on the Boolean logic rule in the first rule file according to the field name x1 and field content x2 of the request header network protocol field X and the field name y1 and field content y2 of the request header network protocol field Y. The field name x1 and field content x2 of the request header network protocol field X are consistent with the field name x1 and field content x2 of the logical node A1 in the Boolean logic rule A. At this time, because the Boolean logic character is an AND logic character, the matching of the two logical nodes needs to be satisfied at the same time. The electronic device continues the subsequent operation. The field name y1 and field content y2 of the request header network protocol field Y are consistent with the field name y1 and field content y2 of the logical node A2 in the Boolean logic rule A. At this time, the matching based on the Boolean logic rule is successful, and the electronic device matches the target application identifier M corresponding to the Boolean logic rule A in the first rule file.
另一个示例中,与上述示例不同的是,电子设备可以由布尔逻辑规则A中的随机一个逻辑节点开始进行匹配,无需按照先匹配逻辑节点A1后匹配逻辑节点A2的顺序进行匹配。In another example, different from the above example, the electronic device may start matching from a random logic node in the Boolean logic rule A, without matching in the order of first matching the logic node A1 and then matching the logic node A2.
本发明实施例中,字段集合中含有多个网络协议字段的字段名称和字段内容,布尔逻辑规则中含有多个逻辑节点,布尔逻辑字符为与逻辑字符。详细描述了根据多个网络协议字段的字段名称和字段内容,在第一规则文件中匹配符合第一条件的布尔逻辑规则对应的目标应用标识,其中,第一条件为多个网络协议字段的字段名称同时满足与多个逻辑节点中的第一字段名称一致,并且,多个网络协议字段中与字段名称对应的字段内容同时满足与多个逻辑节点中的第一字段内容一致。从而实现在第一规则文件中通过基于布尔逻辑规则的匹配,实现基于多个网络协议字段的并行应用指纹检测,进而实现高效的应用指纹检测。In an embodiment of the present invention, the field set contains field names and field contents of multiple network protocol fields, the Boolean logic rule contains multiple logical nodes, and the Boolean logic character is an AND logic character. A detailed description is given of matching the target application identifier corresponding to the Boolean logic rule that meets the first condition in the first rule file according to the field names and field contents of multiple network protocol fields, wherein the first condition is that the field names of multiple network protocol fields are simultaneously consistent with the first field names in multiple logical nodes, and the field contents corresponding to the field names in multiple network protocol fields are simultaneously consistent with the first field contents in multiple logical nodes. Thus, parallel application fingerprint detection based on multiple network protocol fields is achieved through matching based on Boolean logic rules in the first rule file, thereby achieving efficient application fingerprint detection.
根据本发明实施例提供的一种应用指纹的检测方法,所述字段集合中含有多个网络协议字段的所述字段名称和所述字段内容;所述布尔逻辑规则中含有多个逻辑节点,所述布尔逻辑字符为或逻辑字符;According to an application fingerprint detection method provided by an embodiment of the present invention, the field set contains the field names and field contents of multiple network protocol fields; the Boolean logic rule contains multiple logic nodes, and the Boolean logic character is an OR logic character;
所述根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识的步骤,具体为:The step of matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field is specifically:
根据所述多个网络协议字段的所述字段名称和所述字段内容,在第一规则文件中匹配符合第二条件的布尔逻辑规则对应的所述目标应用标识。According to the field names and the field contents of the multiple network protocol fields, the target application identifier corresponding to the Boolean logic rule that meets the second condition is matched in the first rule file.
具体地,字段集合中含有多个网络协议字段的字段名称和字段内容,布尔逻辑规则中含有多个逻辑节点,布尔逻辑字符为与逻辑字符。Specifically, the field set contains field names and field contents of multiple network protocol fields, the Boolean logic rule contains multiple logic nodes, and the Boolean logic characters are AND logic characters.
电子设备可以根据多个网络协议字段的字段名称和字段内容,在第一规则文件中匹配符合第二条件的布尔逻辑规则对应的目标应用标识。The electronic device may match the target application identifier corresponding to the Boolean logic rule that meets the second condition in the first rule file according to the field names and field contents of the plurality of network protocol fields.
其中,第二条件为多个网络协议字段的字段名称满足与多个逻辑节点中任意一个逻辑节点的第一字段名称一致,并且,多个网络协议字段中与字段名称对应的字段内容与确定的逻辑节点的第一字段内容一致,确定的逻辑节点为字段名称与第一字段名称一致的逻辑节点。Among them, the second condition is that the field names of multiple network protocol fields are consistent with the first field name of any one of the multiple logical nodes, and the field contents corresponding to the field names in the multiple network protocol fields are consistent with the first field content of the determined logical node, and the determined logical node is a logical node whose field name is consistent with the first field name.
一个示例中,请求头字段集合中包括请求头网络协议字段X的字段名称x1和字段内容x2以及请求头网络协议字段Y的字段名称y1和字段内容y2。第一规则文件中包括布尔逻辑规则B和与布尔逻辑规则B对应的应用标识N,布尔逻辑规则B中包括B1和B2两个逻辑节点,以及一个或逻辑的布尔逻辑字符,逻辑节点B1包括第一字段名称z1和字段内容z2,逻辑节点B2包括第一字段名称y1和字段内容y2。电子设备根据请求头网络协议字段X的字段名称x1和字段内容x2和请求头网络协议字段Y的字段名称y1和字段内容y2,在第一规则文件中进行基于布尔逻辑规则的匹配。请求头网络协议字段X的字段名称x1和字段内容x2以及请求头网络协议字段Y的字段名称y1和字段内容y2与布尔逻辑规则B中的逻辑节点B1的字段名称z1和字段内容z2均不一致,此时因为布尔逻辑字符为或逻辑字符,所以只需要满足两个逻辑节点中的一个即可,电子设备继续后续操作,请求头网络协议字段Y的字段名称y1和字段内容y2与布尔逻辑规则B中的逻辑节点B2的字段名称y1和字段内容y2一致,此时基于布尔逻辑规则的匹配成功,电子设备在第一规则文件中匹配到与布尔逻辑规则B对应的目标应用标识N。In one example, the request header field set includes the field name x1 and field content x2 of the request header network protocol field X and the field name y1 and field content y2 of the request header network protocol field Y. The first rule file includes a Boolean logic rule B and an application identifier N corresponding to the Boolean logic rule B. The Boolean logic rule B includes two logic nodes B1 and B2, and a Boolean logic character of an OR logic. The logic node B1 includes a first field name z1 and field content z2, and the logic node B2 includes a first field name y1 and field content y2. The electronic device performs a match based on the Boolean logic rule in the first rule file according to the field name x1 and field content x2 of the request header network protocol field X and the field name y1 and field content y2 of the request header network protocol field Y. The field name x1 and field content x2 of the request header network protocol field X and the field name y1 and field content y2 of the request header network protocol field Y are inconsistent with the field name z1 and field content z2 of the logical node B1 in the Boolean logic rule B. At this time, because the Boolean logic character is an OR logic character, only one of the two logical nodes needs to be satisfied. The electronic device continues the subsequent operation. The field name y1 and field content y2 of the request header network protocol field Y are consistent with the field name y1 and field content y2 of the logical node B2 in the Boolean logic rule B. At this time, the match based on the Boolean logic rule is successful, and the electronic device matches the target application identifier N corresponding to the Boolean logic rule B in the first rule file.
本发明实施例中,字段集合中含有多个网络协议字段的字段名称和字段内容,布尔逻辑规则中含有多个逻辑节点,布尔逻辑字符为或逻辑字符。详细描述了根据多个网络协议字段的字段名称和字段内容,在第一规则文件中匹配符合第二条件的布尔逻辑规则对应的目标应用标识,其中,第二条件为多个网络协议字段的字段名称满足与多个逻辑节点中任意一个逻辑节点的第一字段名称一致,并且,多个网络协议字段中与字段名称对应的字段内容与确定的逻辑节点的第一字段内容一致,确定的逻辑节点为字段名称与第一字段名称一致的逻辑节点。从而实现在第一规则文件中通过基于布尔逻辑规则的匹配,实现基于多个网络协议字段的并行应用指纹检测,进而实现高效的应用指纹检测。In an embodiment of the present invention, the field set contains field names and field contents of multiple network protocol fields, the Boolean logic rule contains multiple logical nodes, and the Boolean logic character is an OR logical character. A detailed description is given of matching the target application identifier corresponding to the Boolean logic rule that meets the second condition in the first rule file according to the field names and field contents of multiple network protocol fields, wherein the second condition is that the field names of the multiple network protocol fields are consistent with the first field name of any one of the multiple logical nodes, and the field contents corresponding to the field names in the multiple network protocol fields are consistent with the first field content of the determined logical node, and the determined logical node is a logical node whose field name is consistent with the first field name. Thus, parallel application fingerprint detection based on multiple network protocol fields is achieved through matching based on Boolean logic rules in the first rule file, thereby achieving efficient application fingerprint detection.
根据本发明实施例提供的一种应用指纹的检测方法,所述根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识的步骤,之后还包括:According to an application fingerprint detection method provided by an embodiment of the present invention, the step of matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field, further includes:
当在第一规则文件中成功匹配到所述网络协议字段对应的所述目标应用标识时,停止后续匹配。When the target application identifier corresponding to the network protocol field is successfully matched in the first rule file, subsequent matching is stopped.
具体地,当根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中成功匹配到符合的布尔逻辑规则对应的所述目标应用标识时,电子设备可以停止后续匹配。Specifically, when the target application identifier corresponding to the matching Boolean logic rule is successfully matched in the first rule file according to the field name and the field content of the network protocol field, the electronic device may stop subsequent matching.
一个示例中,第一规则文件中具有布尔逻辑规则A和B,当根据网络协议字段的字段名称和字段内容同时匹配布尔逻辑规则A和B,当成功匹配到布尔逻辑规则A对应的目标应用标识时,停止布尔逻辑规则B的匹配。In one example, the first rule file contains Boolean logic rules A and B. When Boolean logic rules A and B are matched simultaneously according to the field name and field content of the network protocol field, when the target application identifier corresponding to Boolean logic rule A is successfully matched, the matching of Boolean logic rule B is stopped.
本发明实施例中,当根据网络协议字段的字段名称和字段内容在第一规则文件中成功匹配到符合的布尔逻辑规则对应的目标应用标识时,停止后续匹配。实现在匹配成功时,停止后续匹配,节省资源,进而利用节省的资源实现高效的应用指纹检测。In the embodiment of the present invention, when the target application identifier corresponding to the Boolean logic rule that matches the field name and field content of the network protocol field is successfully matched in the first rule file, the subsequent matching is stopped. When the match is successful, the subsequent matching is stopped to save resources, and then the saved resources are used to achieve efficient application fingerprint detection.
根据本发明实施例提供的一种应用指纹的检测方法,所述目标应用指纹信息包括应用属性信息和应用来源信息,其中,所述应用属性信息包括应用名称、应用描述和应用版本,所述应用来源信息包括IP地址和端口信息;步骤S14具体包括如下步骤:According to an application fingerprint detection method provided by an embodiment of the present invention, the target application fingerprint information includes application attribute information and application source information, wherein the application attribute information includes application name, application description and application version, and the application source information includes IP address and port information; step S14 specifically includes the following steps:
S131、根据所述目标应用标识在所述第二规则文件中匹配所述应用描述、所述应用版本、所述IP地址和所述端口信息,将所述目标应用名称、所述应用描述和所述应用版本作为所述应用属性信息,将所述IP地址和所述端口信息作为所述应用来源信息。S131. Match the application description, the application version, the IP address and the port information in the second rule file according to the target application identifier, use the target application name, the application description and the application version as the application attribute information, and use the IP address and the port information as the application source information.
具体地,电子设备可以根据目标应用标识在第二规则文件中匹配应用描述、应用版本、IP地址和端口信息。将应用名称、应用描述和应用版本作为应用属性信息,将IP地址和端口信息作为应用来源信息。Specifically, the electronic device can match the application description, application version, IP address and port information in the second rule file according to the target application identifier, using the application name, application description and application version as application attribute information and the IP address and port information as application source information.
S132、根据所述应用属性信息和所述应用来源信息生成所述目标应用指纹信息。S132: Generate the target application fingerprint information according to the application attribute information and the application source information.
具体地,电子设备可以根据应用属性信息和应用来源信息生成所述目标应用指纹信息。Specifically, the electronic device may generate the target application fingerprint information according to the application attribute information and the application source information.
本发明实施例中,根据所述目标应用标识在所述第二规则文件中匹配所述应用描述、所述应用版本、所述IP地址和所述端口信息,将所述目标应用名称、所述应用描述和所述应用版本作为所述应用属性信息,将所述IP地址和所述端口信息作为所述应用来源信息,根据所述应用属性信息和所述应用来源信息生成所述目标应用指纹信息。实现基于多个网络协议字段的并行应用指纹检测,进而实现了高效的应用指纹检测。In the embodiment of the present invention, the application description, the application version, the IP address and the port information are matched in the second rule file according to the target application identifier, the target application name, the application description and the application version are used as the application attribute information, the IP address and the port information are used as the application source information, and the target application fingerprint information is generated according to the application attribute information and the application source information. Parallel application fingerprint detection based on multiple network protocol fields is achieved, thereby achieving efficient application fingerprint detection.
下面对本发明提供的应用指纹的检测装置进行描述,下文描述的应用指纹的检测装置与上文描述的应用指纹的检测方法可相互对应参照。The following is a description of an application fingerprint detection device provided by the present invention. The application fingerprint detection device described below and the application fingerprint detection method described above can be referred to each other.
本发明还提供了一种应用指纹的检测装置,如图3所示,包括:The present invention also provides a detection device using fingerprints, as shown in FIG3, comprising:
获取单元31,用于获取网络流量数据。The acquisition unit 31 is used to acquire network traffic data.
解析单元32,用于将所述网络流量数据输入解码器,获得多个网络协议字段,其中,所述网络协议字段包括字段名称和字段内容。The parsing unit 32 is used to input the network traffic data into a decoder to obtain a plurality of network protocol fields, wherein the network protocol fields include field names and field contents.
第一匹配单元33,用于根据所述多个网络协议字段的所述字段名称和所述字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,所述第一规则文件为存储在本地的文件,所述第一规则文件中预存有布尔逻辑规则和所述布尔逻辑规则对应的应用标识,所述布尔逻辑规则具有布尔逻辑字符和至少一个逻辑节点,所述逻辑节点包括第一字段名称和第一字段内容。The first matching unit 33 is used to perform matching based on Boolean logic rules in the first rule file according to the field names and the field contents of the multiple network protocol fields to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores Boolean logic rules and application identifiers corresponding to the Boolean logic rules, and the Boolean logic rules have Boolean logic characters and at least one logical node, and the logical node includes a first field name and a first field content.
第二匹配单元34,用于根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,所述第二规则文件为存储在本地的文件,所述第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。The second matching unit 34 is used to match the corresponding target application fingerprint information in the second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the second rule file pre-stores the application identifier and the application fingerprint information corresponding to the application identifier.
本发明实施例中,通过获取网络流量数据,将网络流量数据输入解码器,获得多个网络协议字段,其中,网络协议字段包括字段名称和字段内容,根据多个网络协议字段的字段名称和字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,第一规则文件为存储在本地的文件,第一规则文件中预存有布尔逻辑规则和布尔逻辑规则对应的应用标识,布尔逻辑规则具有通过布尔逻辑字符连接的至少一个逻辑节点,逻辑节点包括第一字段名称和第一字段内容,根据目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,第二规则文件为存储在本地的文件,第二规则文件中预存有应用标识以及与应用标识对应的应用指纹信息。本发明在第一规则文件中通过基于布尔逻辑规则的匹配,实现基于多个网络协议字段的并行应用指纹检测,进而实现高效的应用指纹检测。In an embodiment of the present invention, by acquiring network traffic data, the network traffic data is input into a decoder to obtain multiple network protocol fields, wherein the network protocol field includes a field name and a field content, and a Boolean logic rule-based match is performed in a first rule file according to the field name and field content of the multiple network protocol fields to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores a Boolean logic rule and an application identifier corresponding to the Boolean logic rule, and the Boolean logic rule has at least one logical node connected by a Boolean logic character, and the logical node includes a first field name and a first field content, and the corresponding target application fingerprint information is matched in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the second rule file pre-stores an application identifier and an application fingerprint information corresponding to the application identifier. The present invention realizes parallel application fingerprint detection based on multiple network protocol fields through matching based on Boolean logic rules in the first rule file, thereby realizing efficient application fingerprint detection.
根据本发明提供的一种应用指纹的检测装置,所述网络协议字段包括请求头网络协议字段、请求体网络协议字段、响应头网络协议字段和响应体网络协议字段;According to an application fingerprint detection device provided by the present invention, the network protocol field includes a request header network protocol field, a request body network protocol field, a response header network protocol field and a response body network protocol field;
所述解析单元32,具体用于将所述网络流量数据输入解码器,按照预设解码规则解码获得请求头、请求体、响应头和响应体;The parsing unit 32 is specifically used to input the network traffic data into a decoder, and decode according to a preset decoding rule to obtain a request header, a request body, a response header and a response body;
将所述请求头、所述请求体、所述响应头和所述响应体按照预设解码规则解码获得所述请求头对应的请求头字段集合、所述请求体对应的请求体字段集合、所述响应头对应的响应头字段集合和所述响应体对应的响应体字段集合;Decode the request header, the request body, the response header, and the response body according to a preset decoding rule to obtain a request header field set corresponding to the request header, a request body field set corresponding to the request body, a response header field set corresponding to the response header, and a response body field set corresponding to the response body;
其中,所述请求头字段集合包括至少一个请求头网络协议字段的字段名称和字段内容,所述请求体字段集合包括至少一个请求体网络协议字段的字段名称和字段内容,所述响应头字段集合包括至少一个响应头网络协议字段的字段名称和字段内容,所述响应体字段集合包括至少一个响应体网络协议字段的字段名称和字段内容。Among them, the request header field set includes the field name and field content of at least one request header network protocol field, the request body field set includes the field name and field content of at least one request body network protocol field, the response header field set includes the field name and field content of at least one response header network protocol field, and the response body field set includes the field name and field content of at least one response body network protocol field.
根据本发明提供的一种应用指纹的检测装置,所述第一匹配单元33,具体用于根据不同类型的所述字段集合以及对应的预设顺序,在第一规则文件中依次匹配每个所述字段集合中所述网络协议字段的字段名称和字段内容符合的布尔逻辑规则对应的目标应用标识。According to an application fingerprint detection device provided by the present invention, the first matching unit 33 is specifically used to match the target application identifier corresponding to the Boolean logic rule that the field name and field content of the network protocol field in each field set conform to in the first rule file in turn according to the different types of field sets and the corresponding preset order.
根据本发明提供的一种应用指纹的检测装置,所述第一匹配单元33,具体用于对于每个字段集合,根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识;According to an application fingerprint detection device provided by the present invention, the first matching unit 33 is specifically used to match the target application identifier corresponding to the Boolean logic rule that meets the requirements in the first rule file for each field set according to the field name and the field content of the network protocol field;
其中,所述符合的布尔逻辑规则为具有与所述字段名称和所述字段内容一致的逻辑节点并满足所述布尔逻辑字符对应条件的布尔逻辑规则。The conforming Boolean logic rule is a Boolean logic rule having a logic node consistent with the field name and the field content and satisfying the Boolean logic character corresponding condition.
根据本发明提供的一种应用指纹的检测装置,所述字段集合中含有多个网络协议字段的所述字段名称和所述字段内容;所述布尔逻辑规则中含有多个逻辑节点,所述布尔逻辑字符为与逻辑字符;According to a detection device for application fingerprint provided by the present invention, the field set contains the field names and field contents of multiple network protocol fields; the Boolean logic rule contains multiple logic nodes, and the Boolean logic character is an AND logic character;
所述第一匹配单元33,具体用于根据所述多个网络协议字段的所述字段名称和所述字段内容,在第一规则文件中匹配符合第一条件的布尔逻辑规则对应的所述目标应用标识;The first matching unit 33 is specifically configured to match the target application identifier corresponding to the Boolean logic rule that meets the first condition in the first rule file according to the field names and the field contents of the multiple network protocol fields;
其中,所述第一条件为所述多个网络协议字段的所述字段名称同时满足与所述多个逻辑节点中的所述第一字段名称一致,并且,所述多个网络协议字段中与所述字段名称对应的所述字段内容同时满足与所述多个逻辑节点中的所述第一字段内容一致。Among them, the first condition is that the field names of the multiple network protocol fields are simultaneously consistent with the first field names in the multiple logical nodes, and the field contents corresponding to the field names in the multiple network protocol fields are simultaneously consistent with the first field contents in the multiple logical nodes.
根据本发明提供的一种应用指纹的检测装置,所述字段集合中含有多个网络协议字段的所述字段名称和所述字段内容;所述布尔逻辑规则中含有多个逻辑节点,所述布尔逻辑字符为或逻辑字符;According to a detection device for application fingerprint provided by the present invention, the field set contains the field names and field contents of multiple network protocol fields; the Boolean logic rule contains multiple logic nodes, and the Boolean logic character is an OR logic character;
所述根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中匹配符合的布尔逻辑规则对应的目标应用标识的步骤,包括:The step of matching the target application identifier corresponding to the Boolean logic rule in the first rule file according to the field name and the field content of the network protocol field comprises:
根据所述多个网络协议字段的所述字段名称和所述字段内容,在第一规则文件中匹配符合第二条件的布尔逻辑规则对应的所述目标应用标识;According to the field names and the field contents of the multiple network protocol fields, matching the target application identifier corresponding to the Boolean logic rule that meets the second condition in the first rule file;
其中,所述第二条件为所述多个网络协议字段的所述字段名称满足与所述多个逻辑节点中任意一个逻辑节点的所述第一字段名称一致,并且,所述多个网络协议字段中与所述字段名称对应的所述字段内容与确定的逻辑节点的所述第一字段内容一致,所述确定的逻辑节点为所述字段名称与所述第一字段名称一致的逻辑节点。The second condition is that the field names of the multiple network protocol fields are consistent with the first field name of any one of the multiple logical nodes, and the field content corresponding to the field name in the multiple network protocol fields is consistent with the first field content of the determined logical node, and the determined logical node is the logical node whose field name is consistent with the first field name.
根据本发明提供的一种应用指纹的检测装置,所述第一匹配单元33,具体用于当根据所述网络协议字段的所述字段名称和所述字段内容在第一规则文件中成功匹配到符合的布尔逻辑规则对应的所述目标应用标识时,停止后续匹配。According to an application fingerprint detection device provided by the present invention, the first matching unit 33 is specifically used to stop subsequent matching when the target application identifier corresponding to the Boolean logic rule that meets the requirements is successfully matched in the first rule file according to the field name and the field content of the network protocol field.
根据本发明提供的一种应用指纹的检测装置,所述目标应用指纹信息包括应用属性信息和应用来源信息,其中,所述应用属性信息包括应用名称、应用描述和应用版本,所述应用来源信息包括IP地址和端口信息;According to an application fingerprint detection device provided by the present invention, the target application fingerprint information includes application attribute information and application source information, wherein the application attribute information includes application name, application description and application version, and the application source information includes IP address and port information;
所述第二匹配单元34,具体用于根据所述目标应用标识在所述第二规则文件中匹配所述应用描述、所述应用版本、所述IP地址和所述端口信息,将所述目标应用名称、所述应用描述和所述应用版本作为所述应用属性信息,将所述IP地址和所述端口信息作为所述应用来源信息;The second matching unit 34 is specifically configured to match the application description, the application version, the IP address and the port information in the second rule file according to the target application identifier, use the target application name, the application description and the application version as the application attribute information, and use the IP address and the port information as the application source information;
根据所述应用属性信息和所述应用来源信息生成所述目标应用指纹信息。The target application fingerprint information is generated according to the application attribute information and the application source information.
图4示例了一种电子设备的实体结构示意图,如图4所示,该电子设备可以包括:处理器(processor)410、通信接口(Communications Interface)420、存储器(memory)430和通信总线440,其中,处理器410,通信接口420,存储器430通过通信总线440完成相互间的通信。处理器410可以调用存储器430中的逻辑指令,以执行应用指纹的检测方法,该方法包括:获取网络流量数据;将所述网络流量数据输入解码器,获得通过布尔逻辑连接的多个网络协议字段;根据所述多个网络协议字段在第一规则文件中匹配对应的目标应用标识,其中,所述第一规则文件为存储在本地的文件,所述第一规则文件中预存有字段、与所述字段对应的应用标识;根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,所述第二规则文件为存储在本地的文件,所述第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。FIG4 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG4, the electronic device may include: a processor 410, a communication interface 420, a memory 430 and a communication bus 440, wherein the processor 410, the communication interface 420 and the memory 430 communicate with each other through the communication bus 440. The processor 410 may call the logic instructions in the memory 430 to execute the detection method of the application fingerprint, which method includes: obtaining network traffic data; inputting the network traffic data into a decoder to obtain a plurality of network protocol fields connected by Boolean logic; matching the corresponding target application identifier in the first rule file according to the plurality of network protocol fields, wherein the first rule file is a file stored locally, and the first rule file pre-stores the field and the application identifier corresponding to the field; matching the corresponding target application fingerprint information in the second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the second rule file pre-stores the application identifier and the application fingerprint information corresponding to the application identifier.
此外,上述的存储器430中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the logic instructions in the above-mentioned memory 430 can be implemented in the form of a software functional unit and can be stored in a computer-readable storage medium when it is sold or used as an independent product. Based on such an understanding, the technical solution of the present invention can be essentially or partly embodied in the form of a software product that contributes to the prior art. The computer software product is stored in a storage medium, including several instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), disk or optical disk, etc. Various media that can store program codes.
另一方面,本发明还提供一种计算机程序产品,所述计算机程序产品包括计算机程序,计算机程序可存储在非暂态计算机可读存储介质上,所述计算机程序被处理器执行时,计算机能够执行上述各方法所提供的应用指纹的检测方法,该方法包括:获取网络流量数据;将所述网络流量数据输入解码器,获得多个网络协议字段,其中,所述网络协议字段包括字段名称和字段内容;根据所述多个网络协议字段的所述字段名称和所述字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,所述第一规则文件为存储在本地的文件,所述第一规则文件中预存有布尔逻辑规则和所述布尔逻辑规则对应的应用标识,所述布尔逻辑规则具有通过布尔逻辑字符连接的至少一个逻辑节点,所述逻辑节点包括第一字段名称和第一字段内容;根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,所述第二规则文件为存储在本地的文件,所述第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。On the other hand, the present invention also provides a computer program product, which includes a computer program. The computer program can be stored on a non-transitory computer-readable storage medium. When the computer program is executed by a processor, the computer can execute the application fingerprint detection method provided by the above methods, the method including: obtaining network traffic data; inputting the network traffic data into a decoder to obtain multiple network protocol fields, wherein the network protocol field includes a field name and a field content; performing matching based on Boolean logic rules in a first rule file according to the field names and the field contents of the multiple network protocol fields to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores a Boolean logic rule and an application identifier corresponding to the Boolean logic rule, and the Boolean logic rule has at least one logical node connected by Boolean logic characters, and the logical node includes a first field name and a first field content; matching the corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the second rule file pre-stores an application identifier and an application fingerprint information corresponding to the application identifier.
又一方面,本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各方法提供的应用指纹的检测方法,该方法包括:获取网络流量数据;将所述网络流量数据输入解码器,获得多个网络协议字段,其中,所述网络协议字段包括字段名称和字段内容;根据所述多个网络协议字段的所述字段名称和所述字段内容在第一规则文件中进行基于布尔逻辑规则的匹配,得到对应的目标应用标识,其中,所述第一规则文件为存储在本地的文件,所述第一规则文件中预存有布尔逻辑规则和所述布尔逻辑规则对应的应用标识,所述布尔逻辑规则具有通过布尔逻辑字符连接的至少一个逻辑节点,所述逻辑节点包括第一字段名称和第一字段内容;根据所述目标应用标识在第二规则文件中匹配对应的目标应用指纹信息,其中,所述第二规则文件为存储在本地的文件,所述第二规则文件中预存有应用标识以及与所述应用标识对应的应用指纹信息。On the other hand, the present invention also provides a non-transitory computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, is implemented to execute the application fingerprint detection method provided by the above-mentioned methods, the method comprising: obtaining network traffic data; inputting the network traffic data into a decoder to obtain multiple network protocol fields, wherein the network protocol field includes a field name and a field content; performing matching based on Boolean logic rules in a first rule file according to the field names and the field contents of the multiple network protocol fields to obtain a corresponding target application identifier, wherein the first rule file is a file stored locally, and the first rule file pre-stores Boolean logic rules and application identifiers corresponding to the Boolean logic rules, and the Boolean logic rules have at least one logical node connected by Boolean logic characters, and the logical node includes a first field name and a first field content; matching the corresponding target application fingerprint information in a second rule file according to the target application identifier, wherein the second rule file is a file stored locally, and the second rule file pre-stores an application identifier and application fingerprint information corresponding to the application identifier.
以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the scheme of this embodiment. Those of ordinary skill in the art may understand and implement it without creative effort.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that each implementation method can be implemented by means of software plus a necessary general hardware platform, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solution is essentially or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, a disk, an optical disk, etc., including a number of instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods described in each embodiment or some parts of the embodiments.
最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit it. Although the present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (11)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111619007.8A CN114492376B (en) | 2021-12-27 | 2021-12-27 | Application fingerprint detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111619007.8A CN114492376B (en) | 2021-12-27 | 2021-12-27 | Application fingerprint detection method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114492376A CN114492376A (en) | 2022-05-13 |
| CN114492376B true CN114492376B (en) | 2024-06-28 |
Family
ID=81496029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111619007.8A Active CN114492376B (en) | 2021-12-27 | 2021-12-27 | Application fingerprint detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114492376B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105678188A (en) * | 2016-01-07 | 2016-06-15 | 杨龙频 | Anti-leakage protocol identification method and device for database |
| CN112261645A (en) * | 2020-10-16 | 2021-01-22 | 北京锐驰信安技术有限公司 | Mobile application fingerprint automatic extraction method and system based on grouping and domain division |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090126020A1 (en) * | 2007-11-09 | 2009-05-14 | Norton Richard Elliott | Engine for rule based content filtering |
| US10693874B2 (en) * | 2013-04-19 | 2020-06-23 | Pearson Education, Inc. | Authentication integrity protection |
| US10079854B1 (en) * | 2015-12-18 | 2018-09-18 | Amazon Technologies, Inc. | Client-side protective script to mitigate server loading |
| EP3605353B1 (en) * | 2018-08-03 | 2021-09-29 | Sap Se | Method and system for data transfer between databases |
| US11436366B2 (en) * | 2019-01-21 | 2022-09-06 | Bitdefender IPR Management Ltd. | Parental control systems and methods for detecting an exposure of confidential information |
| CN112468360A (en) * | 2020-11-13 | 2021-03-09 | 北京安信天行科技有限公司 | Asset discovery identification and detection method and system based on fingerprint |
| CN113177021B (en) * | 2021-04-28 | 2024-05-10 | 中国工商银行股份有限公司 | Data export method and device for different data sources |
-
2021
- 2021-12-27 CN CN202111619007.8A patent/CN114492376B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105678188A (en) * | 2016-01-07 | 2016-06-15 | 杨龙频 | Anti-leakage protocol identification method and device for database |
| CN112261645A (en) * | 2020-10-16 | 2021-01-22 | 北京锐驰信安技术有限公司 | Mobile application fingerprint automatic extraction method and system based on grouping and domain division |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114492376A (en) | 2022-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8869111B2 (en) | Method and system for generating test cases for a software application | |
| CN108040040A (en) | A kind of automation analysis method and device of application protocol message | |
| CN109558525B (en) | Test data set generation method, device, equipment and storage medium | |
| CN114035827B (en) | Application program updating method, device, equipment and storage medium | |
| CN115208835B (en) | API classification method, device, electronic equipment, medium and product | |
| CN112084179A (en) | Data processing method, device, equipment and storage medium | |
| CN106572074B (en) | Verification method and device for a verification code | |
| CN106776785A (en) | A kind of method for writing data and device and data handling system | |
| CN111680303A (en) | Vulnerability scanning method and device, storage medium and electronic equipment | |
| CN115794872A (en) | Statement transformation method and device based on heterogeneous database, storage medium and equipment | |
| CN114492376B (en) | Application fingerprint detection method and device and electronic equipment | |
| CN111008220A (en) | Method and device for dynamic identification of data source, storage medium and electronic device | |
| CN114238295A (en) | Data sorting method and device based on grouping | |
| CN112241621A (en) | A method and apparatus for identifying client environment by user agent | |
| CN111858864A (en) | Method and device for realizing slot filling, electronic equipment and readable medium | |
| CN115544132A (en) | Data import method and system and electronic equipment | |
| CN116382640A (en) | Method, device, equipment and storage medium for managing micro-service | |
| CN114297637A (en) | A method and apparatus for forensic analysis of application program | |
| CN114817276A (en) | Method, system, equipment and storage medium for updating file | |
| CN112860713A (en) | Method for acquiring layer data, electronic device and storage medium | |
| CN112579250A (en) | Middleware management method and device and repair engine system | |
| CN118612090A (en) | Method and device for identifying assets of Internet of Things | |
| CN110083626B (en) | Streaming event sequence matching method and device | |
| CN118890343A (en) | Application program interface processing method, device, electronic device and readable storage medium | |
| CN118839712A (en) | Two-dimensional code generation and application method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: QAX Technology Group Inc. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: QAX Technology Group Inc. Country or region before: China Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |