Research On Distributed Port Detection And Web Fingerprint Recognition Technology

With the widespread popularity of the Internet,network devices have become ubiquitous in people’s daily lives,resulting in an increasing number of security incidents such as network attacks and information leaks.Comprehensive and accurate detection of network assets is the foundation for network threat analysis and the prerequisite for effective security management of network assets.Despite the functionality of current network asset detection tools,there are still several shortcomings:(1)High deployment cost of distributed network asset detection systems;(2)Lack of stealthiness in mainstream port scanning tools such as Nmap and Masscan,which can easily be detected by security devices,leading to inaccurate port scanning results and triggering actions such as IP blocking and discarding of scan packets;(3)Low efficiency in web fingerprint recognition when dealing with a large number of targets.To address the issue of high deployment cost of distributed network asset detection systems,thesis proposes a method where users can self-organize and build a distributed network asset detection system,and each user only needs to contribute one node while being able to utilize resources from other nodes.In the distributed asset detection system built using this method,there is no centralized management node,and all nodes are in equal status,with any node being able to assign asset detection tasks to other nodes.This method effectively solves the problem of high deployment cost in building distributed network asset detection systems.To address the issue of lack of stealthiness in mainstream port scanning tools such as Nmap and Masscan,which can easily be detected by security devices,resulting in inaccurate port scanning results,thesis proposes a method to modify stateless port scanning packets.This method adjusts the TCP and IP header fields of the SYN scanning packets,making the constructed SYN scanning packets nearly indistinguishable from normal SYN handshake packets in terms of TCP and IP header features,thus reducing the probability of being detected by security devices based on characteristic detection.In addition,thesis uses distributed technology to distribute scanning tasks to nodes with different IP addresses,reducing the number of scanning packets sent to the target from a single IP while ensuring a certain scanning speed.A random polling scanning method is also proposed during the port scanning process,so that nodes will not send a large number of scanning packets to the same target at the same time,further alleviating the issue of inaccurate scanning results due to being detected by security devices.To address the issue of low efficiency in web fingerprint recognition when dealing with a large number of targets,thesis deploys Wappalyzer to distributed nodes and uses a distributed approach for web fingerprint recognition,thereby improving the speed and efficiency of web fingerprint recognition for large-scale targets.Finally,thesis designs and implements a distributed network asset detection system that includes distributed stateless port scanning and distributed web fingerprint recognition as two asset detection functionalities.A test and experimental environment is set up,and through testing and experiments,the usability of the system’s functionalities,the security of the system,and the effectiveness of the proposed method are verified.