计算机科学 ›› 2018, Vol. 45 ›› Issue (12): 24-31.doi: 10.11896/j.issn.1002-137X.2018.12.004
王宸东, 郭渊博, 甄帅辉, 杨威超
WANG Chen-dong, GUO Yuan-bo, ZHEN Shuai-hui, YANG Wei-chao
摘要: 随着网络技术的迅速普及,大量多样化的网络资产为人们的生产、生活提供了极大便利,同时也对其自身的安全管理提出了挑战。准确、全面地进行网络资产探测是实现网络资产有效管理的前提,也是进行威胁分析的基础。首先回顾了网络资产探测的起源与发展历程;然后全面分析了当前常见的3种新型网络资产探测方法(主动、被动和基于搜索引擎)及其关键技术,归纳了它们各自的特点;最后,探讨了该技术未来可能的研究方向。
中图分类号:
| [1]International Organization for Standardization.ISO/IEC 13335-1:2004 .https://www.iso.org/standard/39066.html. [2]SANDERS C,SMITH J.Applied Network Security Monitoring:Collection,Detection,and Analysis.Syngress Publishing,2013:3-5. [3]HAUKELI J.False positive reduction through IDS networkawareness.Oslo:University of OSLO,2012. [4]YE Z Y,GUO Y B,WANG C D,et al.Survey on application of attack graph technology.Journal on Communications,2017,38(11):121-132.(in Chinese) 叶子维,郭渊博,王宸东,等.攻击图应用研究综述.通信学报,2017,38(11):121-132. [5]吴灏.网络攻防技术.北京:机械工业出版社,2009:10-14. [6]SCOTT A,JAY H,GREG K,et al.Spiceworks homepage.https://www.spiceworks.com. [7]BORANBAYEV A S.Defining methodologies for developingJ2EE web-based information systems.Nonlinear Analysis Theory Methods & Applications,2009,71(12):e1633-e1637. [8]LAUFER K.A Hike through Post-EJB J2EE Web Application Architecture.Computing in Science & Engineering,2005,7(5):80-88. [9]LYON G F.Nmap Network Scanning:The Official Nmap Project Guide to Network Discovery and Security Scanning.Insecure,2009. [10]YAROCHKIN F V,ARKIN O,KYDYRALIEV M,et al.Xprobe2++:Low volume remote network information gathering tool∥IEEE/IFIP International Conference on Dependable Systems & Networks.IEEE,2009:205-210. [11]SHAMSI Z,NANDWANI A,LEONARD D,et al.Hershel:Single-Packet OS Fingerprinting.IEEE/ACM Transactions on Networking,2016,24(4):2196-2209. [12]SHAMSI Z,LOGUINOV D.Unsupervised Clustering UnderTemporal Feature Volatility in Network Stack Fingerprinting.IEEE/ACM Transactions on Networking,2016,PP(99):1-14. [13]GARCIA S.DNmap:the distributed nmap.http://mateslab.weebly.com/dnmap-the-distributed-nmap.html. [14]DURUMERIC Z,WUSTROW E,HALDERMAN J A.ZMap:fast internet-wide scanning and its security applications∥Usenix Conference on Security.San Jose:USENIX Association,2013:605-620. [15]GRAHAM R D.Masscan:the entire Internet in 3 minutes .http://blog.errat asec.com/2013/09/masscanentire-internet-in-3-minutes.html?utm_source=tuicool&utm_medium=referral#.V9AqVLG8rzI. [16]ADRIAN D,DURUMERIC Z,SINGH G,et al.Zippier ZMap:internet-wide scanning at 10 Gbps∥8th USENIX Workshop on Offensive Technologies (WOOT 14).2014. [17]ZALEWSKI M.p0f v3:Passive fingerprinter .http://lcamtuf.coredump.cx/p0f3. [18]BARNES J,CROWLEY P.k-p0f:a high-throughput kernelpassive os fingerprinter∥Proceedings of the Ninth ACM/IEEE Symposium on Architectures for Networking and Communications Systems.IEEE Press,2013:113-114. [19]CHEN J,WAN Y P,CHEN H,et al.Research on High-Performance Operating System Detection Method.Journal of University of South China (Science and Technology),2016,30(1):66-70.(in Chinese) 陈军,万亚平,陈虹,等.高性能操作系统检测方法研究.南华大学学报(自然科学版),2016,30(1):66-70. [20]FJELLSKAL E.Passive real-time asset detection system.http://gamelinux.github.io/pr ads. [21]SHELTON M.Passive asset detection system.ht-tp://passive.sourceforge.net/about.php. [22]FALCH P B.Investigating passive operating system detection.University of OSLO Department of Informatics,2011. [23]KOLLMANN E.Chatter on the Wire:How Excessive Network Traffic Gives Away Too Much! .http://chatteronthewire org. [24]HJELMVIK.Networkminer homepage.http://net-workminer.sourceforge.net. [25]WANG C D,GUO Y B,HUANG W.Non-intrusive Network Security Scanning Technology.Information Security and Communications Privacy,2016(9):67-72.(in Chinese) 王宸东,郭渊博,黄伟.非入侵式网络安全扫描技术研究.信息安全与通信保密,2016(9):67-72. [26]HUANG C.Research and Practice of Vulnerability ScanningTechnology Based on GHDB .Beijing:Beijing Jiaotong University,2012.(in Chinese) 黄超.基于GHDB的漏洞扫描技术的研究与实践.北京:北京交通大学,2012. [27]MATHERLY J.Shodan tool.https://www.shodan.io. [28]DURUMERIC Z,ADRIAN D,MIRIAN A,et al.A Search Engine Backed by Internet-Wide Scanning∥ACM Sigsac Conference on Computer and Communications Security.Colorado:ACM,2015:542-553. [29]404 Team from Knownsec.ZoomEye search engine.https://www.zoomeye.org. [30]DUGGAN D P.Penetration Testing of Industrial Control Systems.Sandia National Lab,2005:5-7. [31]GENGE B,GRAUR F,ENÂCHESCU C.Non-intrusive Techniques for Vulnerability Assessment of Services in Distributed Systems.Procedia Technology,2015,19:12-19. [32]MATHERLY J.Complete Guide to Shodan.http://leanpub.com. [33]LAB B.Report on the Organizational Behavior of Key Infra-structure Information Collection in Cyberspace.(2016-05-03) .http://plcscan.org/blog/wpcontent/uploads/2016/06/ics-security-research-report-2016-05.pdf. [34]李瑞民.网络扫描技术揭秘.北京:机械工业出版社,2012:1-18. [35]MYERS D,FOO E,RADKE K.Internet-wide scanning taxonomy and framework∥Proceedings of Australasian Information Security Conference (ACSW-AISC).Australian Computer Society,Inc,2015. [36]周涛.网络安全中的数据挖掘技术.北京:清华大学出版社,2017:162-167. [37]PHILIP C S.IDS-based Passive Asset Detection:Using and extending an IDS for asset detection .University of OSLO Department of Informatics,2014. [38]Cisco.Introduction to cisco ios netflow .http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html. [39]KLEPSLAND M E.Passive Asset Detection using NetFlow.University of OSLO Department of Informatics,2012. [40]PAXSON V.Bro:a system for detecting network intruders in real-time.Computer Networks,1999,31(23-24):2435-2463. [41]AUFFRET P,SINF P.Unification of active and passive opera-ting system fingerprinting.Journal of Computer Virology and Hacking Techniques,2010,6(3):197-205. [42]BEVERLY R.A Robust Classifier for Passive TCP/IP Fingerprinting∥Passive and Active Network Measurement,International Workshop.DBLP,2004:158-167. [43]SARRAUTE C,BURRONI J.Using Neural Networks to improve classical Operating System Fingerprinting techniques.Computer Science,2008,8(1):35-47. [44]AL-SHEHARI T,SHAHZAD F.Improving Operating System Fingerprinting using Machine Learning Techniques.International Journal of Computer Theory & Engineering,2014,6(1):57-62. [45]TYAGI R,PAUL T,MANOJ B S,et al.Packet Inspection for Unauthorized OS Detection in Enterprises.IEEE Security & Privacy Magazine,2015,13(4):60-65. [46]ZOU T Z,LI Y,ZHANG B F,et al.Operating system recognition based on support vector machines .Journal of Tsinghua University (Natural Science Edition),2009(s2):2164-2168.(in Chinese) 邹铁铮,李渊,张博锋,等.基于支持向量机的操作系统识别方法.清华大学学报(自然科学版),2009(s2):2164-2168. [47]CHEN S B,HU Y.Operating System Recognition based on Singular Value Decomposition and DAG_SVMS.Information Security and Communications Privacy,2013(9):66-67.(in Chinese) 程书宝,胡勇.基于奇异值分和DAG_SVMS的操作系统类型识别.信息安全与通信保密,2013(9):66-67. [48]YI Y H,LIU H F,ZHU Z X.Research of Passive OS Recognition Based on Decision Tree .Computer Science,2016,43(8):79-83.(in Chinese) 易运晖,刘海峰,朱振显.基于决策树的被动操作系统识别技术研究.计算机科学,2016,43(8):79-83. [49]SIMON K,MOUCHA C,KELLER J.Contactless Vulnerability Analysis using Google and Shodan .Journal of Universal Computer Science,2017,23(4):404-430. [50]GENGE B,HALLER P,ENÂCHESCU C.Beyond InternetScanning:Banner Processing for Passive Software Vulnerability Assessment.International Journal of Information Security Science,2015,4(3):81-91. |
| [1] | 李少辉, 张国敏, 宋丽华, 王秀磊. 基于不完全信息博弈的反指纹识别分析 Incomplete Information Game Theoretic Analysis to Defend Fingerprinting 计算机科学, 2021, 48(8): 291-299. https://doi.org/10.11896/jsjkx.210100148 |
| [2] | 陈浩,陶传奇,文万志. 网购平台搜索功能的质量评估方法研究 Research on Quality Evaluation Approaches for Search Function of Online Shopping Platforms 计算机科学, 2017, 44(11): 125-133. https://doi.org/10.11896/j.issn.1002-137X.2017.11.020 |
| [3] | 梅园,赵波,朱之丹. 基于直线曲线混合Gabor滤波器的指纹增强算法 Fingerprint Enhancement Based on Straight-curved Line Gabor Filter 计算机科学, 2016, 43(Z6): 149-151. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.035 |
| [4] | 朱之丹,马廷淮,梅园. 基于大尺度方向场描述子的指纹分类算法 Fingerprint Classification Approach Based on Orientation Descriptor 计算机科学, 2016, 43(Z11): 179-182. https://doi.org/10.11896/j.issn.1002-137X.2016.11A.039 |
| [5] | 依不拉音·乌斯曼,王悦. 面向维吾尔跨文字搜索引擎的统一转换机制设计 Uniform Converting Mechanism for Cross-characters Search Engine of Uyghur 计算机科学, 2016, 43(Z11): 77-82. https://doi.org/10.11896/j.issn.1002-137X.2016.11A.017 |
| [6] | 杨霞,刘志伟,雷航. 基于TrustZone的指纹识别安全技术研究与实现 Research and Implementation of Fingerprint Identification Security Technology Based on ARM TrustZone 计算机科学, 2016, 43(7): 147-152. https://doi.org/10.11896/j.issn.1002-137X.2016.07.026 |
| [7] | 白亮,于天元,刘湜,老松杨,杨征. 基于改进谱聚类方法的搜索引擎排序算法 Ranking Algorithm of Search Engine Using Improved Spectral Clustering 计算机科学, 2016, 43(10): 220-224. https://doi.org/10.11896/j.issn.1002-137X.2016.10.042 |
| [8] | 陈立辉,苏伟,蔡川,陈晓云. 基于LaTex的Web数学公式提取方法研究 Research of Extraction Method of Web Mathematical Formula Based on LaTex 计算机科学, 2014, 41(6): 148-154. https://doi.org/10.11896/j.issn.1002-137X.2014.06.029 |
| [9] | 徐曜,赵政文,陈群,刘海龙,杜晶,胡嘉琪,李战怀. 一种基于图结构的Web实体排序方法 Graph-based Web Entity Ranking Method 计算机科学, 2014, 41(5): 219-222. https://doi.org/10.11896/j.issn.1002-137X.2014.05.045 |
| [10] | 刘胜久, 李天瑞, 贾真, 景运革. 基于搜索引擎的相似度研究与应用 Research and Application of Similarity Based on Search Engine 计算机科学, 2014, 41(4): 211-214. |
| [11] | 邱云飞,鲍莉,邵良杉. 基于分类的term重要性识别方法 Term Importance Identification Method Based on Classification 计算机科学, 2013, 40(11): 242-247. |
| [12] | 梅园. 基于多层次验证的指纹细节点对获取算法 Acquisition of Fingerprints’ Minutiae Pairs Based on Multi-layers Validation 计算机科学, 2013, 40(11): 312-315. |
| [13] | 刘胜久,李天瑞,贾 真,尹红风. 元搜索引擎排序方法建模与算法研究 Research on Modeling and Algorithms for Ranking Approaches of Meta Search Engine 计算机科学, 2012, 39(Z11): 197-199. |
| [14] | 赖相旭,韩立新,曾晓勤,王敏,吴胜利. 基于信息量与信息嫡的元搜索引擎排序算法研究 Research of Ranking Algorithm Based on Information Quantity and Entropy in Meta Search Engine 计算机科学, 2012, 39(3): 157-159. |
| [15] | 官群健,祝恩,殷建平,梁小龙,赵建民. 一种基于形态学运算的指纹方向场计算方法 Fingerprint Orientation Estimation Based on Morphological Operation 计算机科学, 2012, 39(11): 246-248. |
|
||
首页