基于图神经网络的网络资产主动识别技术研究

doi:10.3969/j.issn.1671-1122.2025.10.012

信息网络安全 ›› 2025, Vol. 25 ›› Issue (10): 1615-1626.doi: 10.3969/j.issn.1671-1122.2025.10.012

基于图神经网络的网络资产主动识别技术研究

李涛¹^,²^,³(), 程柏丰¹

1.东南大学网络空间安全学院，南京 211189
2.网络通信与安全紫金山实验室，南京 211189
3.东南大学移动信息通信与安全前沿科学中心，南京 211189

收稿日期:2024-12-30 出版日期:2025-10-10 发布日期:2025-11-07
通讯作者: 李涛 E-mail:lit@seu.edu.cn
作者简介:李涛（1984—），男，江苏，副教授，博士，主要研究方向为信息系统安全、可信计算、内生安全|程柏丰（1997—），男，黑龙江，硕士研究生，主要研究方向为网络空间安全
基金资助:
国家自然科学基金(61601113)

Research on Network Asset Identification Technology Based on Graph Neural Network

LI Tao¹^,²^,³(), CHENG Baifeng¹

1. School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China
2. Network Communication and Security of Purple Mountain Laboratories, Nanjing 211189, China
3. Frontiers Science Center for Mobile Information Communication and Security, Southeast University, Nanjing 211189, China

Received:2024-12-30 Online:2025-10-10 Published:2025-11-07
Contact: LI Tao E-mail:lit@seu.edu.cn

摘要/Abstract

摘要：

网络资产是网络空间中某机构所拥有的一切可能被潜在攻击者利用的设备、信息、应用等数字资产的总和，因此对网络资产进行识别至关重要。为提高网络资产识别的效率和准确率，文章设计了一种基于图神经网络的识别模型，通过将资产响应报文转化为图结构，直观呈现各元素间的复杂关联性，并利用节点连接关系保留全局图信息。该模型包含3个组成部分，首先基于资产响应报文构建了包含3类节点和5类边的异质图，然后引入双级注意力机制训练两层图卷积神经网络，最后计算两类损失函数并得出最终识别结果。实验使用包含3000个网络资产响应报文的样本集进行训练，模型最终识别准确率达92.38%，较现有方法提升约5%，验证了该模型在资产识别任务中的有效性。

关键词: 响应报文, 异质图, 图神经网络, 网络资产识别

Abstract:

Network assets are the sum of all digital assets such as equipment, information and applications owned by an organization in cyberspace that can be used by potential attackers. It is very important to identify network assets. In order to improve the efficiency and accuracy of network asset recognition, this paper designed a network asset recognition model based on graph neural network, which representd the asset response message in the form of a graph. The model could intuitively express the relationship between various elements in the text, and could use the connection relationship between nodes to retain the global graph information. The model consisted of three parts. Firstly, a heterogeneous graph containing three types of nodes and five types of edges was constructed based on the asset response message, then a two-level attention mechanism was introduced to train the two-layer convolutional neural network, and finally two types of loss functions were calculated and the final recognition results were obtained. Experiments using a sample set of 3000 network asset response messages achieves an identification accuracy of 92.38% after training, representing approximately 5% improvement over existing methods, which demonstrates the model’s effectiveness in asset recognition.

Key words: response message, heterogeneous graph, graph neural network, network asset identification

中图分类号:

TP309

李涛, 程柏丰. 基于图神经网络的网络资产主动识别技术研究[J]. 信息网络安全, 2025, 25(10): 1615-1626.

LI Tao, CHENG Baifeng. Research on Network Asset Identification Technology Based on Graph Neural Network[J]. Netinfo Security, 2025, 25(10): 1615-1626.

图/表 13

表1

图1

图2

图3

图4

图5

表2

图6

图7

图8

图9

图10

图11

参考文献 15

[1]	LYON G F. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning[M]. La Vergne: Nmap, 2009.
[2]	GARCIA S. DNmap: The Distributed Nmap[EB/OL]. (2022-10-21)[2024-11-01]. https://github.com/Seabreg/dnmap.
[3]	DURUMERIC Z, WUSTROW E, HALDERMAN J A. ZMap: Fast Internet-Wide Scanning and Its Security Applications[C]// USENIX.22nd USENIX Security Symposium. Berkeley: USENIX, 2013: 47-53.
[4]	SUN Yifei, ZHU Qi, YANG Yang, et al. Fine-Tuning Graph Neural Networks by Preserving Graph Generative Patterns[EB/OL]. (2023-12-21)[2024-11-01]. https://Fine-tuning Graph Neural Networks by Preserving Graph Generative Patterns.
[5]	WANG Chendong, GUO Yuanbo, ZHEN Shuaihui, et al. Research on Network Asset Detection Technology[J]. Computer Science, 2018, 45 (12): 24-31. doi: 10.11896／j.issn.1002-137X.2018.12.004
	王宸东, 郭渊博, 甄帅辉, 等. 网络资产探测技术研究[J]. 计算机科学, 2018, 45 (12): 24-31. doi: 10.11896／j.issn.1002-137X.2018.12.004
[6]	ZHANG Shuaishuai, HUANG Jie, QI Chunyang, et al. Online IoT Device Identification Method Based on SOINN[J]. Journal of Southeast University (Natural Science Edition), 2021, 51(4): 715-723.
	张帅帅, 黄杰, 祁春阳, 等. 基于SOINN的在线物联网设备识别方法[J]. 东南大学学报(自然科学版), 2021, 51(4): 715-723.
[7]	DU Boyuan, WANG Meiqing, CHEN Changfu, et al. Tags Extraction for Web Information Based on Structure Consistency and Feature Learning[J]. Computer Engineering and Applications, 2017, 53(7): 74-78. doi: 10.3778/j.issn.1002-8331.1509-0226
	杜博远, 王美清, 陈长福, 等. 基于结构一致和特征学习的网页信息标签提取[J]. 计算机工程与应用, 2017, 53(7): 74-78. doi: 10.3778/j.issn.1002-8331.1509-0226
[8]	SONG Yubo, QI Xinyu, HUANG Qiang, et al. Two-Stage Multiclassification Algorithm for Internet of Things Equipment Identification[J]. Journal of Tsinghua University (Science and Technology), 2020, 60(5): 365-370.
[9]	YU Lingling, LUO Bo, MA Jun, et al. You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi[C]// USENIX. 29th USENIX Security Symposium. Berkeley: USENIX, 2020: 55-72.
[10]	CAO Laicheng, ZHAO Jianjun, CUI Xiang, et al. Identification of Terminal Devices in Cyberspace Based on K-means under Cosine Measure[J]. Journal of Chinese Academy of Sciences, 2016(4): 562-569.
	曹来成, 赵建军, 崔翔, 等. 基于余弦测度下K-means的网络空间终端设备识别[J]. 中国科学院大学学报, 2016(4): 562-569. doi: 10.7523/j.issn.2095-6134.2016.04.019
[11]	REN Chunlin, GU Yu, CUI Jie, et al. A Specific Type of IoT Terminal Identification Method Based on WEB Information[J]. Communications Technology, 2017, 50(5): 1003-1009.
	任春林, 谷雨, 崔杰, 等. 基于WEB信息的特定类型物联网终端识别方法[J]. 通信技术, 2017, 50(5): 1003-1009.
[12]	KOSTAS K, JUST M, LONES M A. IoT DevID: A Behavior-Based Device Identification Method for the IoT[J]. IEEE Internet of Things Journal, 2022, 9(23): 23741-23749. doi: 10.1109/JIOT.2022.3191951 URL
[13]	YANG Tianchi, HU Linmei, SHI Chuan, et al. HGAT: Heterogeneous Graph Attention Networks for Semi Supervised Short Text Classification[J]. Transactions on Information Systems, 2021, 39(3): 1-29.
[14]	ZHANG Yufeng, YU Xueli, CUI Zeyu, et al. Every Document Owns Its Structure: Inductive Text Classification via Graph Neural Networks[EB/OL]. (2020-04-22)[2024-11-01]. https://arxiv.org/abs/2004.13826.
[15]	FAN Mengzhen, CHENG Dawei, YANG Fangzhou, et al. Fusing Global Domain Information and Local Semantic Information to Classify Financial Documents[EB/OL]. (2020-07-02)[2024-11-01]. http://www.semanticscholar.org/paper/c1ceb13856858711e0866fab6335d353ba24cf6d.

识别方法	优点	缺点
正则匹配	识别范围广，准确率高	规则库的建立依赖人工，匹配速度慢
机器学习	无需人工建立规则库	识别范围窄，准确率较低

	CPU负载	GPU负载	识别耗时/ms
循环正则匹配	32.8%	3.6%	952.6
图神经识别模型	9.1%	46.2%	27.8

基于图神经网络的网络资产主动识别技术研究

Research on Network Asset Identification Technology Based on Graph Neural Network

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献 15

相关文章 15

编辑推荐

Metrics

本文评价

[1]	李骁, 宋晓, 李勇. 基于知识蒸馏的医疗诊断差分隐私方法研究[J]. 信息网络安全, 2025, 25(4): 524-535.
[2]	刘晨飞, 万良. 基于时空图神经网络的CAN总线入侵检测方法[J]. 信息网络安全, 2025, 25(3): 478-493.
[3]	张璐, 贾鹏, 刘嘉勇. 基于多元语义图的二进制代码相似性检测方法[J]. 信息网络安全, 2025, 25(10): 1589-1603.
[4]	刘强, 王坚, 王亚男, 王珊. 基于集成学习的恶意代码动态检测方法[J]. 信息网络安全, 2025, 25(1): 159-172.
[5]	王健, 陈琳, 王凯崙, 刘吉强. 基于时空图神经网络的应用层DDoS攻击检测方法[J]. 信息网络安全, 2024, 24(4): 509-519.
[6]	张新有, 孙峰, 冯力, 邢焕来. 基于多视图表征的虚假新闻检测[J]. 信息网络安全, 2024, 24(3): 438-448.
[7]	余尚戎, 肖景博, 殷琪林, 卢伟. 关注社交异配性的社交机器人检测框架[J]. 信息网络安全, 2024, 24(2): 319-327.
[8]	李奕轩, 贾鹏, 范希明, 陈尘. 基于控制流变换的恶意程序检测GNN模型对抗样本生成方法[J]. 信息网络安全, 2024, 24(12): 1896-1910.
[9]	张选, 万良, 罗恒, 杨阳. 基于两阶段图学习的僵尸网络自动化检测方法[J]. 信息网络安全, 2024, 24(12): 1933-1947.
[10]	李鹏超, 张全涛, 胡源. 基于双注意力机制图神经网络的智能合约漏洞检测方法[J]. 信息网络安全, 2024, 24(11): 1624-1631.
[11]	芦效峰, 程天泽, 龙承念. 基于随机游走的图神经网络黑盒对抗攻击[J]. 信息网络安全, 2024, 24(10): 1570-1577.
[12]	秦中元, 马楠, 余亚聪, 陈立全. 基于双重图神经网络和自编码器的网络异常检测[J]. 信息网络安全, 2023, 23(9): 1-11.
[13]	仝鑫, 金波, 王靖亚, 杨莹. 一种面向Android恶意软件的多视角多任务学习检测方法[J]. 信息网络安全, 2022, 22(10): 1-7.
[14]	朱丽娜, 马铭芮, 朱东昭. 基于图神经网络和通用漏洞分析框架的C类语言漏洞检测方法[J]. 信息网络安全, 2022, 22(10): 59-68.
[15]	秦中元, 胡宁, 方兰婷. 基于免疫仿生机理和图神经网络的网络异常检测方法[J]. 信息网络安全, 2021, 21(8): 10-16.