摘要：【中文】本申请实施例提供了一种NAT设备的识别方法、装置、系统及存储介质。通过在网络的每个子网中部署检测设备，一方面，由于部署在每个子网的检测设备必然拥有该检测设备所在子网的访问权限，故克服了探测时的权限问题；另一方面，由于每个检测设备仅采集其所在的一个子网中各设备的信息，而无需跨越各子网间的防火墙采集其它子网中各设备的信息，故克服了防火墙的阻隔。从而实现了在克服防火墙的阻隔以及网络权限的情况下，准确的发现网络中的NAT设备。 【EN】The embodiment of the application provides a method, a device and a system for identifying NAT equipment and a storage medium. By deploying the detection equipment in each subnet of the network, on one hand, the detection equipment deployed in each subnet inevitably has the access authority of the subnet in which the detection equipment is located, so that the authority problem during detection is solved; on the other hand, each detection device only collects the information of each device in one subnet where the detection device is located, and the firewall between the subnets does not need to collect the information of each device in other subnets, so that the blocking of the firewall is overcome. Therefore, the NAT equipment in the network can be accurately found under the condition of overcoming the obstruction of the firewall and the network authority.

摘要：【中文】本申请提供了一种加密方法、装置、主机端及加密芯片，其中，该加密方法包括：向主机端发送第一加密密钥；接收主机端发送的第一加密数据，第一加密数据为主机端根据第一加密密钥对一待加密数据进行加密后得到的数据；对第一加密数据进行解密处理，得到原文数据；对原文数据使用第二加密密钥进行加密，得到目标加密数据；将目标加密数据发送给主机端。 【EN】The application provides an encryption method, an encryption device, a host terminal and an encryption chip, wherein the encryption method comprises the following steps: sending a first encryption key to a host end; receiving first encrypted data sent by a host end, wherein the first encrypted data is data obtained by encrypting data to be encrypted by the host end according to a first encryption key; decrypting the first encrypted data to obtain original text data; encrypting the original text data by using a second encryption key to obtain target encrypted data; and sending the target encrypted data to the host side.

摘要：【中文】本申请提供一种暴力破解行为识别方法、装置、电子设备及可读存储介质，涉及互联网技术领域。该方法包括：获取预设协议类型的数据包，所述数据包为第一主机尝试接入第二主机时向所述第二主机发送的；根据所述数据包确定所述第一主机尝试接入所述第二主机的尝试接入次数；根据所述尝试接入次数确定所述第一主机是否存在暴力破解行为。该方案通过自动获取第二主机中预设协议类型的数据包，然后基于数据包确定第一主机尝试接入第二主机的接入次数，从而可直接根据尝试接入次数来确定第一主机是否存在暴力破解行为，而无需直接获取第一主机的日志信息来分析，通过本申请提供的方案即可更加容易识别出主机的暴力破解行为。 【EN】The application provides a brute force cracking behavior identification method and device, electronic equipment and a readable storage medium, and relates to the technical field of internet. The method comprises the following steps: acquiring a data packet of a preset protocol type, wherein the data packet is sent to a second host when a first host tries to access the second host; determining the number of access attempts of the first host to access the second host according to the data packet; and determining whether the first host has brute force cracking behavior according to the access attempt times. According to the scheme, the data packet of the preset protocol type in the second host is automatically acquired, and then the access times of the first host trying to access the second host are determined based on the data packet, so that whether violent cracking behaviors exist in the first host can be directly determined according to the access times trying, the log information of the first host is not required to be directly acquired for analysis, and the violent cracking behaviors of the host can be more easily identified through the scheme provided by the application.

摘要：【中文】本申请提供一种系统信息采集方法及装置。该方法包括：通过不可屏蔽中断NMI定时器开始计时；当不可屏蔽中断NMI根据预设周期被触发后，通过NMI中断处理函数和系统软中断处理函数统计一个周期内的系统信息；其中，所述系统信息包括网卡收发包数据、CPU使用率和内存使用率。本申请实施例通过利用NMI终端处理函数和系统软中断处理函数周期性采集系统信息，上述两个函数不会受到操作系统故障的影响，因此，可以准确的获取系统信息。 【EN】The application provides a system information acquisition method and device. The method comprises the following steps: starting timing by a non-maskable interrupt NMI timer; when the non-maskable interrupt NMI is triggered according to a preset period, counting system information in one period through an NMI interrupt processing function and a system soft interrupt processing function; the system information comprises network card receiving and sending packet data, CPU utilization rate and memory utilization rate. According to the embodiment of the application, the NMI terminal processing function and the system soft interrupt processing function are used for periodically collecting the system information, the two functions cannot be influenced by faults of the operating system, and therefore the system information can be accurately obtained.

摘要：【中文】本申请提供一种操作系统识别方法、装置、电子设备及存储介质。该方法包括：获取第一预设时间段内设备间通信产生的多条通信报文；从所述多条通信报文中提取目标设备对应的特征参数，并根据所述特征参数获得特征向量；利用识别模型对所述特征向量进行分析，获得所述目标设备对应的操作系统类型；其中，所述识别模型为利用多个已知操作系统类型的设备对应的特征向量进行聚类训练获得。本申请实施例通过聚类训练获得的识别模型对设备的操作类型进行识别，提高了识别的准确性。 【EN】The application provides an operating system identification method, an operating system identification device, electronic equipment and a storage medium. The method comprises the following steps: acquiring a plurality of communication messages generated by communication between devices in a first preset time period; extracting characteristic parameters corresponding to the target equipment from the plurality of communication messages, and obtaining characteristic vectors according to the characteristic parameters; analyzing the characteristic vector by using an identification model to obtain an operating system type corresponding to the target equipment; the identification model is obtained by performing clustering training by using feature vectors corresponding to a plurality of devices with known operating system types. According to the embodiment of the application, the operation type of the equipment is identified through the identification model obtained through clustering training, and the identification accuracy is improved.

摘要：【中文】本申请公开了一种用于检索的调整方法及装置，方法包括：以主节点、数据节点、协调节点、资源、索引、待存储数据、用于存储数据的存储分片中至少一种类型，确定检索系统中的待调整对象；针对不同类型的待调整对象配置调整策略，以通过调整该待调整对象启动检索系统的海量数据存储和查询。采用本申请提供的方案，能够针对不同类型的待调整对象配置调整策略，以通过调整该待调整对象启动检索系统的海量数据存储和查询，从而实现对检索系统的调整。 【EN】The application discloses an adjusting method and device for retrieval, wherein the method comprises the following steps: determining an object to be adjusted in a retrieval system by at least one type of a main node, a data node, a coordination node, a resource, an index, data to be stored and a storage fragment for storing the data; and configuring an adjusting strategy aiming at different types of objects to be adjusted so as to start mass data storage and query of a retrieval system by adjusting the objects to be adjusted. By adopting the scheme provided by the application, the adjustment strategy can be configured for different types of objects to be adjusted, so that mass data storage and query of the retrieval system are started by adjusting the objects to be adjusted, and adjustment of the retrieval system is realized.

摘要：【中文】本申请提供一种数据传输方法、装置、电子设备及存储介质，该方法应用于发送设备，包括：将获得的原始数据拆分为多个数据块；使用获得的多个传输通道向接收设备发送多个数据块，以使多个数据块被接收设备还原为原始数据。在上述的实现过程中，通过将获得的原始数据拆分为多个数据块；使用获得的多个传输通道向接收设备发送多个数据块，以使多个数据块被接收设备还原为原始数据；从而有效地减小了窃听者通过中间者攻击获得传输中的全部原始数据的风险。 【EN】The application provides a data transmission method, a data transmission device, an electronic device and a storage medium, wherein the method is applied to a sending device and comprises the following steps: splitting the obtained original data into a plurality of data blocks; and transmitting the plurality of data blocks to the receiving device by using the obtained plurality of transmission channels so that the plurality of data blocks are restored to the original data by the receiving device. In the implementation process, the obtained original data is split into a plurality of data blocks; transmitting a plurality of data blocks to the receiving device by using the obtained plurality of transmission channels, so that the plurality of data blocks are restored to original data by the receiving device; thereby effectively reducing the risk of an eavesdropper obtaining all the original data in transmission through a middleman attack.

摘要：【中文】本申请涉及网络安全技术领域，提供一种异常检测方法、装置、存储介质及电子设备。其中，异常检测方法包括：对安全警告数据集中的记录进行采样，获得样本数据集；对样本数据集的每条记录进行预处理，将记录的多项属性中不可进行大小比较的属性的值转化为可进行大小比较的值；基于预处理后的样本数据集构建孤立森林，并利用孤立森林确定安全警告数据集中的记录是否存在异常。即使安全警告数据集中具有海量、高维度的记录，采用该方法依然能够快速、有效地完成异常检测，且检测精度较高、适用范围较广。 【EN】The application relates to the technical field of network security, and provides an abnormality detection method, an abnormality detection device, a storage medium and electronic equipment. The abnormality detection method includes: sampling records in the safety warning data set to obtain a sample data set; preprocessing each record of the sample data set, and converting the value of the attribute which cannot be subjected to size comparison in the plurality of recorded attributes into a value which can be subjected to size comparison; and constructing an isolated forest based on the preprocessed sample data set, and determining whether the record in the safety warning data set is abnormal or not by using the isolated forest. Even if the safety warning data set has massive and high-dimensional records, the method can still quickly and effectively complete the abnormal detection, and has high detection precision and wide application range.

摘要：【中文】本申请提供一种基于标签的策略配置方法及装置。方法包括：获取网络中各终端分别对应的初始策略，以及各终端当前所使用的标签；初始策略包括多个策略模块，每一策略模块定义终端执行一项或多项操作的规则；标签用于表征对应终端的属性信息；获取动态策略，动态策略包括至少一个子动态策略，每一子动态策略包括至少一个动态策略模块；针对每个终端，根据其当前所使用的标签，从动态策略中选择目标子动态策略，并利用目标子动态策略对应的动态策略模块更新终端的所述初始策略中对应的策略模块获得目标策略。本申请既能够实现不同标签终端策略的灵活配置，又能够实现相同标签的终端策略的批量配置，提高了策略配置的灵活性。 【EN】The application provides a policy configuration method and device based on a label. The method comprises the following steps: acquiring initial strategies corresponding to all terminals in a network respectively and tags used by all terminals currently; the initial strategy comprises a plurality of strategy modules, and each strategy module defines a rule for the terminal to execute one or more operations; the label is used for representing attribute information of the corresponding terminal; acquiring a dynamic policy, wherein the dynamic policy comprises at least one sub dynamic policy, and each sub dynamic policy comprises at least one dynamic policy module; and aiming at each terminal, selecting a target sub-dynamic strategy from the dynamic strategies according to the label currently used by the terminal, and updating the corresponding strategy module in the initial strategy of the terminal by using the dynamic strategy module corresponding to the target sub-dynamic strategy to obtain the target strategy. The method and the device can realize flexible configuration of different label terminal strategies, can also realize batch configuration of terminal strategies of the same label, and improve flexibility of strategy configuration.

摘要：【中文】本申请提供一种报文传输方法、装置及安全网络系统。该方法包括：在与所述第一用户终端建立第一隧道后，确定在所述第一用户终端的访问策略中已成功添加所述第二用户终端的虚地址网段；在与所述第二用户终端建立第二隧道后，确定在所述第二用户终端的访问策略中已成功添加所述第一用户终端的虚地址网段；向所述第一用户终端发送所述第二用户终端的虚地址；接收所述第一用户终端通过所述第一隧道发送的第一加密报文，并对所述第一加密报文进行解密；其中所述第一加密报文中包括所述第二用户终端的虚地址；将解密后得到的第一报文通过所述第二隧道发送至所述第二用户终端。 【EN】The application provides a message transmission method, a message transmission device and a secure network system. The method comprises the following steps: after a first tunnel is established with the first user terminal, determining that the virtual address network segment of the second user terminal is successfully added in the access strategy of the first user terminal; after a second tunnel is established with the second user terminal, determining that the virtual address network segment of the first user terminal is successfully added in the access strategy of the second user terminal; sending the virtual address of the second user terminal to the first user terminal; receiving a first encrypted message sent by the first user terminal through the first tunnel, and decrypting the first encrypted message; wherein the first encrypted message includes a virtual address of the second user terminal; and sending the decrypted first message to the second user terminal through the second tunnel.