基于主动探测的Web容器探测识别方法  

作　　者：张帆[1] 王振宇 王红梅 万月亮 宁焕生[1,4] 李莎 ZHANG Fan;WANG Zhenyu;WANG Hongmei;WAN Yueliang;NING Huansheng;LI Sha(School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083,China;College of Information Engineering,Xinjiang Institute of Engineering,Urumqi 830023,China;Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security),Shanghai 201204,China;Beijing Engineering Research Center for Cyberspace Data Analysis and Application,Beijing 100192,China;Run Technologies Co.Ltd.,Beijing 100192,China)

机构地区：[1]北京科技大学计算机与通信工程学院,北京100083 [2]新疆工程学院信息工程学院,乌鲁木齐830023 [3]信息网络安全公安部重点实验室(公安部第三研究所),上海201204 [4]北京市网络空间数据分析与应用工程技术研究中心,北京100192 [5]北京锐安科技有限公司,北京100192

出　　处：《工程科学学报》2024年第8期1446-1457,共12页Chinese Journal of Engineering

基　　金：信息网络安全公安部重点实验室开放课题资助项目(C22600-08)。

摘　　要：随着工业互联网的飞速发展,各类Web容器的广泛使用呈现不断增长的趋势,然而,这也使得Web容器资产管理的问题变得更加复杂.随之而来的是诸多网络安全风险和潜在隐患,对于这些挑战,提升网络安全防御水平显得尤为迫切.为了解决这一问题,本文引入了一种新的基于主动探测的Web容器探测识别方法.在探测阶段,采用了一种先进的Web容器探针构建方法,通过此方法构建了Web容器探针.这个探针在识别阶段发挥关键作用,借助一种基于负载内容的Web容器识别方法,通过协议解码技术,实现了对Web容器的高度准确的识别.通过结合这两种先进的识别方法,成功识别了4种不同类型的Web容器,并且提升了精度,能够精确地区分这些Web容器的各个版本,总计实现了10个版本的准确识别.通过这种先进的主动探测方法,企业可以更好地了解和管理其Web容器资产,降低网络安全风险,并确保网络系统的稳定性和安全性.As the Industrial Internet of Things rapidly evolves,enterprises are increasingly using a wide variety of web containers.However,this growing usage also magnifies the complexities associated with managing these assets,leading to a rise in network security risks and vulnerabilities.This trend not only highlights a shift in industrial practices but also underscores the urgent need for proactive measures to strengthen network security.In response to this complex challenge,this paper presents a cutting-edge approach for detecting and identifying web containers through proactive probing.During the detection phase,we meticulously construct web container probes,laying the groundwork for their central role in the identification process.During this stage,the probe leverages a payload-based identification method for web containers,achieving an exceptional level of accuracy by implementing advanced protocol decoding t echniques.The integration of these innovative techniques not only enhances the precision of web container identification but also demonstrates our commitment to providing a comprehensive solution to the challenges posed by web container management.This pioneering methodology reflects the ongoing evolution of detection strategies and our dedication to pushing technological boundaries for an improved understanding of web containers.By seamlessly integrating these two advanced identification methods,we have successfully identified four different types of web containers.Importantly,we have made significant progress in precision and accurately differentiating between various versions of these web containers,with a total of ten versions correctly identified.This groundbreaking method is not only crucial for addressing the current complexities in web container asset management but also provides enterprises with a more effective means of network security defense.Through the use of this advanced proactive probing method,enterprises can better understand and manage their web container assets,reducing network security ri

关 键 词：主动探测 设备识别 Web容器识别 容器探针 安全 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]