[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02

opsawg                                                    WJL. Wang, Ed.
Internet-Draft                                            MCC. Miao, Ed.
Intended status: Informational                          ZSY. Zhuang, Ed.
Expires: April 16, 2020                                  ZQL. Zhang, Ed.
                                                     Tsinghua University
                                                          CJF. Chen, Ed.
                                                                    CETC
                                                        October 14, 2019


             Framework for Network Resources Categorization
                     draft-jilongwang-opsawg-crc-02

Abstract

   This memo presents the definition of cyberspace resource, and then
   discusses a classification framework for cyberspace resources.
   Cyberspace is widely applied in people's daily life and it is
   regarded as a new space, paralleled to the geographic space.  There
   are various resources in cyberspace.  However, they have not been
   systematically defined and classified.  The objective of this draft
   is to present the deifinition of cyberspace resource and a standard
   classification framework, thus, supporting the unified resource
   storage and shares.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 16, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.





Wang, et al.             Expires April 16, 2020                 [Page 1]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Use cases . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Network Management  . . . . . . . . . . . . . . . . . . .   4
     3.2.  Network Search  . . . . . . . . . . . . . . . . . . . . .   4
     3.3.  Network Security  . . . . . . . . . . . . . . . . . . . .   5
   4.  Methodology for Network Resources Categorization  . . . . . .   5
     4.1.  Basic Principles  . . . . . . . . . . . . . . . . . . . .   5
       4.1.1.  Scientific principle  . . . . . . . . . . . . . . . .   5
       4.1.2.  Systematic principle  . . . . . . . . . . . . . . . .   6
       4.1.3.  Orthogonality principle . . . . . . . . . . . . . . .   6
       4.1.4.  Consistency principle . . . . . . . . . . . . . . . .   6
       4.1.5.  Scalable principle  . . . . . . . . . . . . . . . . .   6
     4.2.  Requirements on categorization  . . . . . . . . . . . . .   6
   5.  Framework for Network Resources Categorization  . . . . . . .   7
     5.1.  Class-I . . . . . . . . . . . . . . . . . . . . . . . . .   7
     5.2.  Class-II  . . . . . . . . . . . . . . . . . . . . . . . .   8
       5.2.1.  Network Infrastructure  . . . . . . . . . . . . . . .   9
       5.2.2.  Network application service . . . . . . . . . . . . .  10
       5.2.3.  Network data source . . . . . . . . . . . . . . . . .  10
       5.2.4.  Network virtual subject . . . . . . . . . . . . . . .  12
     5.3.  Class-III  and Class-IV . . . . . . . . . . . . . . . . .  12
       5.3.1.  Autonomous domain . . . . . . . . . . . . . . . . . .  12
       5.3.2.  Network . . . . . . . . . . . . . . . . . . . . . . .  13
       5.3.3.  Intermediate node . . . . . . . . . . . . . . . . . .  16
       5.3.4.  Terminal node . . . . . . . . . . . . . . . . . . . .  18
       5.3.5.  Link  . . . . . . . . . . . . . . . . . . . . . . . .  19
       5.3.6.  Inorganic service . . . . . . . . . . . . . . . . . .  21
       5.3.7.  Organic service . . . . . . . . . . . . . . . . . . .  24
       5.3.8.  Code  . . . . . . . . . . . . . . . . . . . . . . . .  25
       5.3.9.  Text resource . . . . . . . . . . . . . . . . . . . .  25
       5.3.10. Picture resource  . . . . . . . . . . . . . . . . . .  26
       5.3.11. Audio resource  . . . . . . . . . . . . . . . . . . .  26
       5.3.12. Video resource  . . . . . . . . . . . . . . . . . . .  27
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  27



Wang, et al.             Expires April 16, 2020                 [Page 2]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  27
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  27
   9.  Normative References  . . . . . . . . . . . . . . . . . . . .  27
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  28

1.  Introduction

   Cyberspace, created by communication technologies especially the
   Internet, is a virtual space where people can easily communicate with
   others regardless of geographic distance.  Due to its convenience,
   cyberspace has been widely applied in people' daily life and it is
   regarded as a new space, paralleled to the geographic space.  The
   widely adoption of cyberspace has promote the rapid growth of
   cyberspace resources.

   Since the resources in cyberspace have exsited objectively, such as
   traditional network facilities, access devices, network applications
   and network datas, it is even not defined up to now.  Furthermore,
   there are not any systematical classification frameworks for
   cyberspace resources.  Most of them are given corresponding names
   depending on their purpose or vendor, but they seem to be in a
   "divine" state.  Therefore, the resources in cyberspace are not able
   to stored and shared unifiedly.

   In order to provide a unified description of cyberspace resources,
   this draft firstly gives the definition of resources in cyberspace.
   Then it designs a standard classification framework to classify the
   resource in cyberspace.  This standard framework helps to establish a
   unified cyberspace resources database, which can be used as the basis
   for network information storage and sharing in both academia and
   industry field.

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

2.  Terminology

   Methods of linear classification: The classification objects are
   divided into several levels according to specific forms and
   attributes, and each level is divided into several categories.  The
   same level category constitutes a parallel relationship, and
   different level categories form a affiliation relationship.






Wang, et al.             Expires April 16, 2020                 [Page 3]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   category in higher level: In the methods of linear classification , a
   category is called category in higher level relative to the next-
   level category directly divided by it.

   category in lower level: In the methods of linear classification, a
   category is called category in lower level relative to the upper-
   level category that classifies the category.

   category in same level: In the methods of linear classification, a
   number of lower-level categories directly classified by a category
   are called category in same level.

3.  Use cases

   The following sections highlight some of the most common framework
   for network resources categorization use case scenarios and are in no
   way exhaustive.

3.1.  Network Management

   Network management is the process of administering and managing
   computer networks.  Services provided by this discipline include
   fault analysis, performance management, provisioning of networks and
   maintaining the quality of service.  Now The variety of resources
   lead to confusion in network.  Network resources as the object of
   network management need to be paid more attention.  But for network
   managers, there is a lack of uniform identification, location and
   management of resources.

   The framework for network resources categorization offers a way for
   network managers to divide the managed resources.  It provides unique
   identities for each resource, that is, all resources can find the
   appropriate location in the resources framework tree.  Then the
   corresponding code, name and attributes are added into the database
   to facilitate unified management.  At the same time, for resources
   with abnormal properties ,it can be located and fixed vulnerabilities
   in time.

3.2.  Network Search

   Now many platforms(Shodan, Censys etc.) detect network from the
   network layer to the application layer based on multiple detection
   technologies.  The main goal is to identify network resources,
   including websites, network hardware, etc and provide network
   identifiable resources search and classification, establish
   corresponding database to support user full-text search, regular
   expression, boolean logic and digital range search.  But the lack of




Wang, et al.             Expires April 16, 2020                 [Page 4]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   a unified standardized model will lead to inaccurate and incomplete
   retrieval of resources.

   This framework classifies the resources of the whole network.  It can
   be used to fill the resources search database, and cover the
   resources that have not been covered before.  At the same time,
   standardize the storage of network resources and improve the search
   efficiency.

3.3.  Network Security

   Network viruses and worms themselves are also a kind of network
   resources.  With the deepening of network opening and complexity,
   network viruses and worms are evolving constantly, and the
   characteristics of diversity and spatial discretization are
   increasing, resulting in a great hidden danger of network security.

   The framework for network resources categorization can locate the
   network resources more accurately and distinguish the benign or
   malignant network resources, study the process of virus evolution and
   the possible effects according to the attached attributes , and
   provide a clearer way to safeguard the operation of network space
   security, such as anti virus, antivirus and so on.

4.  Methodology for Network Resources Categorization

4.1.  Basic Principles

   The network resources categorization rules SHOULD follow the
   following principles to meet the completeness, measurability,
   scalability and relative orthogonality of resources categorization.

4.1.1.  Scientific principle

   Categorization rules SHOULD be consistent with the basic.
   organizational rules of network resources.

   The resources categorization perspective SHOULD meet the traditional
   internet resources integration requirements, and meet the mapping
   entity integration requirements of the multi-sources mapping
   platform.

   The resources categorization system SHOULD start from the traditional
   network resources system and cover resource elements and have certain
   compatibility.






Wang, et al.             Expires April 16, 2020                 [Page 5]


Internet-Draft     Cyberspace Resources Categorization      October 2019


4.1.2.  Systematic principle

   The network resources categorization architecture can sort and
   systemize all network resources according to their characteristics,
   correctly reflect the vertical and horizontal architecture, and form
   a reasonable categorization system.

   Each resource in the system occupies a position.  And it SHALL
   reflect the certain relationship between resources, and profoundly
   reveal the network relationship and the whole picture between
   resources.

4.1.3.  Orthogonality principle

   Each taxonomic unit of each categorization level in the resources
   categorization system SHOULD be mutually incompatible, so that any
   network resource cannot belong to two groups at the same time.  That
   is, the unique encoding allows the network resources to be uniquely
   identified and described.

4.1.4.  Consistency principle

   Categorization design SHOULD be consistent with other national
   standards in related fields, and at the same time meets the original
   information concept and semantic consistency when resources coding
   and code expansion, addition and deletion.

4.1.5.  Scalable principle

   It SHALL meet the needs of the development and change of network
   resources to a great extent.  It can increase the categorization of
   different levels and can also be extended for expansion of unknown
   resources.

4.2.  Requirements on categorization

   This section describes the requirements for categorization of network
   resources . The network resources categorization SHOULD meet these
   requirements to make sure it is orthogonal and accurate.  Note that
   the requirements listed in this section have been separated from the
   context in which they may appear.

   The following template is used for the definition of the
   Requirements:

   Req-ID: An ID composed of a unique two-digit number.

   Description: The rationale and description of the requirement.



Wang, et al.             Expires April 16, 2020                 [Page 6]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   The detail requirements on categorization are listed as following:

   Req-ID: 01

   Description: The total range of categories in lower level classified
   by categories in higher level SHOULD be the same as the range of
   categories in higher level.

   Req-ID: 02

   Description: When dividing category in higher level, SHOULD choose
   the same classification perspective to get the categories in lower
   level.

   Req-ID: 03

   Description: The categories in same level SHALL do not intersect, do
   not repeat, and only correspond to a category in higher level.

   Req-ID: 04

   Description: Categorization SHOULD be carried out from high to low,
   and there MUST be no jump.

5.  Framework for Network Resources Categorization

   This framework for network resources categorization uses methods of
   linear classification to classify them into five categories:
   category, sub-category, large, medium and small-category based on the
   above principles and requirements.  It specifies the classification
   names of the categories, Class-I, Class-II, Class-III, Class-IV,
   Class-V, and the small-categories are subdivided and named according
   to the application requirements.

5.1.  Class-I

   Firstly, The categories of network resources are divided into four
   categories: the network infrastructure, the network application
   service, the network data resource and the network virtual body based
   on the sources, applications and activities of network resources.
   Then the 4 categories are further subdivided into 12 sub-categories.

   The following template is used for the definition of the
   categorization of network resources:

   Class-I: The name of network resources category in highest level





Wang, et al.             Expires April 16, 2020                 [Page 7]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   EnCode-q: An ID organized in OID format to identify network
   resources.  It can be added to 1.3.6.1.2 mgmt RFC3232 [RFC3232].

   Upper-Class: The name of its category in higher level.

   Attribute:The characteristics of this network resource category from
   different levels of internet.

   Class-I: Network Infrastructure

   EnCode-q:1

   Upper-Class: None

   Attribute:MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\

   Class-I: Network application service

   EnCode-q:2

   Upper-Class: None

   Attribute:MAC Address\IP Address\Port\Service\ Protocol\Performance\

   Class-I: Network data source

   EnCode-q:3

   Upper-Class: None

   Attribute:IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

   Class-I: Network virtual subject

   EnCode-q:4

   Upper-Class: None

   Attribute:IP Address\Port\Service\ Protocol\Account Name\ Landing
   Time\

5.2.  Class-II

   The following template is used for the definition of the
   categorization of network resources category in second category
   level:



Wang, et al.             Expires April 16, 2020                 [Page 8]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Class-II: The name of network resources category in second level

   EnCode-q: An ID organized in OID format to identify network
   resources.  It can be added to 1.3.6.1.2 mgmt RFC3232 [RFC3232].

   Upper-Class: The name of its category in higher level.

   Attribute: The characteristics of this network resource category from
   different levels of internet.

5.2.1.  Network Infrastructure

   The Network infrastructure is the physical part of the network
   resources which provides basic support, including various hardware
   devices.  It is the material basis of all network services and is
   divided into the following 5 sub-category based on the internet
   architecture and its network functions, device roles and network
   levels .

   Class-II: Autonomous domain

   EnCode-q:1.1

   Upper-Class: Network Infrastructure (EnCode-q:1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating
   System\ASN\ISP\Institutions\Organizations\Operators\

   Class-II: Network

   EnCode-q:1.2

   Upper-Class: Network Infrastructure (EnCode-q:1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network

   Class-II: Intermediate node

   EnCode-q:1.3

   Upper-Class: Network Infrastructure (EnCode-q:1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code

   Class-II: Terminal node



Wang, et al.             Expires April 16, 2020                 [Page 9]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   EnCode-q:1.4

   Upper-Class: Network Infrastructure (EnCode-q:1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\

   Class-II: Link

   EnCode-q:1.5

   Upper-Class: Network Infrastructure (EnCode-q:1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Transmission medium\Protocol\

5.2.2.  Network application service

   Network application service is an application running on top of the
   network application layer and provide data storage, manipulation,
   rendering, communication, or other capabilities.  These capabilities
   typically use an application layer network protocol.  It is
   classified into inorganic services and organic services based on the
   internet architecture and the unity of a network application service.

   Class-II: Inorganic service

   EnCode-q:2.1

   Upper-Class: Network application service (EnCode-q:2)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-II: Organic service

   EnCode-q:2.2

   Upper-Class: Network application service (EnCode-q:2)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

5.2.3.  Network data source

   Network data is defined as a resource that is stored on the Internet
   and is not running.  We divide it into five categories based on
   resource content.



Wang, et al.             Expires April 16, 2020                [Page 10]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Class-II: Code

   EnCode-q:3.1

   Upper-Class: Network data source(EnCode-q:3)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\ Programming Language\

   Class-II: Text resource

   EnCode-q:3.2

   Upper-Class: Network data source(EnCode-q:3)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

   Class-II: Picture resource

   EnCode-q:3.3

   Upper-Class: Network data source(EnCode-q:3)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

   Class-II: Audio resource

   EnCode-q:3.4

   Upper-Class: Network data source(EnCode-q:3)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

   Class-II: Video resource

   EnCode-q:3.5

   Upper-Class: Network data source(EnCode-q:3)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\







Wang, et al.             Expires April 16, 2020                [Page 11]


Internet-Draft     Cyberspace Resources Categorization      October 2019


5.2.4.  Network virtual subject

   The virtual subject of network refers to the account behavior of the
   network virtual feature stored on the Internet.  The carrier of the
   user in network is a virtual account, So The network virtual subject
   is divided into the following sub- category.

   Class-II: Network account

   EnCode-q:4.1

   Upper-Class: Network virtual subject (EnCode-q:4)

   Attribution: IP Address\Port\Service\ Protocol\Account Name\ Landing
   Time\

5.3.  Class-III and Class-IV

   Note that Network infrastructure, the categorization of the large-
   categories are organized from the hierarchical location of the
   network infrastructure in the network architecture and the role
   played by it.

   Note that Network application service, first organize the
   categorization of large-category from the perspective of whether the
   application is based on ports, and then classify these categories
   according to the types of services provided by the application.

   Note that Network data source, firstly the categorization of large-
   categories are organized from whether the data resources need to be
   compiled, the storage mode , structure of the data resources and the
   functions of the data resources are completed.  And then classify
   these categories according to the application scenarios of the data
   and the data are performed.

   On the basis of category and sub-category, the resources are further
   classified and named according to methods of linear classification.
   On the basis of 4 Class-I and 13 Class-II, there are 22 categories,
   of which there are 10 network infrastructure categories,5 network
   application services categories and 7 network data resources
   categories.

5.3.1.  Autonomous domain

   We continue "Autonomous domain" sub-category categorization.

   Class-III: Autonomous domain.




Wang, et al.             Expires April 16, 2020                [Page 12]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   EnCode-q:1.1.1

   Upper-Class: Autonomous domain (EnCode-q:1.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating
   System\ASN\ISP\Institutions\Organizations\Operators\

   According to the division of the number of digits of the autonomous
   system number ASN which is owned by each autonomous region.  This
   large-category is divided into 16 autonomous regions and 32
   autonomous regions, with a total of 2 categories.

   Class-IV:Autonomous domain(16 bits)

   EnCode-q:1.1.1.1

   Upper-Class: Autonomous domain (EnCode-q:1.1.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating
   System\ASN\ISP\Institutions\Organizations\Operators\

   Class-IV:Autonomous domain(32 bits)

   EnCode-q:1.1.1.2

   Upper-Class: Autonomous domain (EnCode-q:1.1.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating
   System\ASN\ISP\Institutions\Organizations\Operators\

5.3.2.  Network

   The subcategories of "network" are organized in accordance with the
   characteristics of whether the application layer is only oriented to
   the application layer or the main application layer.

   Class-III: physical network

   EnCode-q:1.2.1

   Upper-Class: Network (EnCode-q:1.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\




Wang, et al.             Expires April 16, 2020                [Page 13]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Class-III: overlay network

   EnCode-q:1.2.2

   Upper-Class: Network (EnCode-q:1.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\

   The physical network is divided into categories: the backbone
   network, the access network, the Internet of things, the industrial
   network and the other network according to the hierarchical position
   of the network ,the deployed area, and the production and life tasks
   undertaken in the entire network architecture.

   Class-IV: backbone network

   EnCode-q:1.2.1.1

   Upper-Class: physical network (EnCode-q:1.2.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\ Organization\

   Class-IV: access network

   EnCode-q:1.2.1.2

   Upper-Class: physical network (EnCode-q:1.2.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\ Organization\

   Class-IV: Internet of things

   EnCode-q:1.2.1.3

   Upper-Class: physical network (EnCode-q:1.2.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\

   Class-IV: industrial network

   EnCode-q:1.2.1.4

   Upper-Class: physical network (EnCode-q:1.2.1)




Wang, et al.             Expires April 16, 2020                [Page 14]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\Protocol\

   Class-IV: other network

   EnCode-q:1.2.1.5

   Upper-Class: physical network (EnCode-q:1.2.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\

   The overlay network is divided into 4 categories:Content Delivery
   Network, peer-to-peer network, virtual private network and the other
   network.

   Class-IV:Content Delivery Network

   EnCode-q:1.2.2.1

   Upper-Class: overlay network (EnCode-q:1.2.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\

   Class-IV:peer-to-peer network

   EnCode-q:1.2.2.2

   Upper-Class: overlay network (EnCode-q:1.2.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\

   Class-IV:virtual private network RFC2764 [RFC2764]

   EnCode-q:1.2.2.3

   Upper-Class: overlay network (EnCode-q:1.2.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\

   Class-IV:other network

   EnCode-q:1.2.2.4

   Upper-Class: overlay network (EnCode-q:1.2.2)



Wang, et al.             Expires April 16, 2020                [Page 15]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Network\

5.3.3.  Intermediate node

   The "intermediate node" sub-category organizes a large-category
   according to the functions that nodes play in the network
   architecture.  It is divided into routing node, switching node, and
   controlling node.

   Class-III: routing node

   EnCode-q:1.3.1

   Upper-Class: Intermediate node(EnCode-q:1.3)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\ Routing Protocol\

   Class-III: switching node

   EnCode-q:1.3.2

   Upper-Class: Intermediate node(EnCode-q:1.3)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\

   Class-III: controlling node

   EnCode-q:1.3.3

   Upper-Class: Intermediate node(EnCode-q:1.3)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\

   The routing node is classified into categories inter-domain routing
   node and intra-domain routing node according to the working level of
   the routing.

   Class-IV: inter-domain routing node RFC904 [RFC904]

   EnCode-q:1.3.1.1

   Upper-Class: routing node (EnCode-q:1.3.1)





Wang, et al.             Expires April 16, 2020                [Page 16]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\Operating System\Model Number Code\ Routing Protocol\

   Class-IV: intra-domain routing node

   EnCode-q:1.3.1.2

   Upper-Class: routing node (EnCode-q:1.3.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\Operating System\Model Number Code\ Routing Protocol\ASN\ISP\

   The switching node is organized into different categories according
   to different network segments where the node is located.

   Class-IV: hub

   EnCode-q:1.3.2.1

   Upper-Class: switching node (EnCode-q:1.3.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\

   Class-IV: bridge RFC1242 [RFC1242]

   EnCode-q:1.3.2.2

   Upper-Class: switching node (EnCode-q:1.3.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\

   Class-IV: switch

   EnCode-q:1.3.2.3

   Upper-Class: switching node (EnCode-q:1.3.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\

   Class-IV: gateway

   EnCode-q:1.3.2.4

   Upper-Class: switching node (EnCode-q:1.3.2)




Wang, et al.             Expires April 16, 2020                [Page 17]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\

   Class-IV: other

   EnCode-q:1.3.2.5

   Upper-Class: switching node (EnCode-q:1.3.2)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\Model Number Code\

   The controlling node is no longer to be classified here.

5.3.4.  Terminal node

   The "Terminal node" sub-category organizes a large-category according
   to the functions played by the terminal in actual production and
   life.  It is divided into client, site, hybrid node, and a total of
   three major categories.

   Class-III: client

   EnCode-q:1.4.1

   Upper-Class: Terminal node (EnCode-q:1.4)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\

   Class-III: server

   EnCode-q:1.4.2

   Upper-Class: Terminal node (EnCode-q:1.4)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\Performance\

   Class-III: hybrid node

   EnCode-q:1.4.3

   Upper-Class: Terminal node (EnCode-q:1.4)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\




Wang, et al.             Expires April 16, 2020                [Page 18]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   The client category is subdivided into desktop device, mobile device,
   sensor device, and other according to the physical device types of
   the nodes.

   Class-IV: desktop device

   EnCode-q:1.4.1.1

   Upper-Class: client (EnCode-q:1.4.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\

   Class-IV: mobile device

   EnCode-q:1.4.1.2

   Upper-Class: client (EnCode-q:1.4.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\

   Class-IV: sensor device

   EnCode-q:1.4.1.3

   Upper-Class: client (EnCode-q:1.4.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\ Detection information\

   Class-IV: other

   EnCode-q:1.4.1.4

   Upper-Class: client (EnCode-q:1.4.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Model Number Code\

   The server and hybrid node continue the division of their sub-
   category

5.3.5.  Link

   The "Link" sub-category is organized into a large-category of
   transmission links according to the transmission medium used by the




Wang, et al.             Expires April 16, 2020                [Page 19]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   network, and is divided into two categories: wired link and wireless
   link.

   Class-III: wired link

   EnCode-q:1.5.1

   Upper-Class: Link (EnCode-q:1.5)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Transmission medium\Protocol\

   Class-III: wireless link

   EnCode-q:1.5.2

   Upper-Class: Link (EnCode-q:1.5)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   addre

   The wired link category is organized according to the material of the
   transmission medium and the winding mode of the transmission medium.
   It is divided into twisted pair, coaxial cable, digital subscriber
   line ,optical fiber and other.

   Class-IV: twisted pair

   EnCode-q:1.5.1.1

   Upper-Class: wired link (EnCode-q:1.5.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Transmission medium\Protocol\

   Class-IV: coaxial cable

   EnCode-q:1.5.1.2

   Upper-Class: wired link (EnCode-q:1.5.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Transmission medium\Protocol\

   Class-IV: digital subscriber line

   EnCode-q:1.5.1.3




Wang, et al.             Expires April 16, 2020                [Page 20]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Upper-Class: wired link (EnCode-q:1.5.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Transmission medium\Protocol\

   Class-IV: optical fiber

   EnCode-q:1.5.1.4

   Upper-Class: wired link (EnCode-q:1.5.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Transmission medium\Protocol\

   Class-IV: other

   EnCode-q:1.5.1.5

   Upper-Class: wired link (EnCode-q:1.5.1)

   Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway
   address\ Operating System\ Transmission medium\Protocol\

   The wireless is no longer to be classified here.

5.3.6.  Inorganic service

   The "Inorganic Service" sub-category, according to the port type used
   by the application, the tight program bound to the application and
   the port RFC6346 [RFC6346], organizes a large-category.  which is
   divided into generic port service , registered port service , and
   dynamic/private port service.

   Class-III: generic port service

   EnCode-q:2.1.1

   Upper-Class: Inorganic service (EnCode-q:2.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-III: registered port service

   EnCode-q:2.1.2

   Upper-Class: Inorganic service (EnCode-q:2.1)




Wang, et al.             Expires April 16, 2020                [Page 21]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-III: dynamic/private port service

   EnCode-q:2.1.3

   Upper-Class: Inorganic service (EnCode-q:2.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   According to the port used and the type of service provided, the
   generic port service is divided into website service (HTTP, HTTPS),
   file transfer service (FTP, TFTP), mail service (SMTP, POP3, IMAP),
   network management service (SNMP) RFC1157 [RFC1157], domain name
   service (DNS) and other.

   Class-IV: website service

   EnCode-q:2.1.1.1

   Upper-Class: generic port service (EnCode-q:2.1.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\URL\

   Class-IV: file transfer service

   EnCode-q:2.1.1.2

   Upper-Class: generic port service (EnCode-q:2.1.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: mail service

   EnCode-q:2.1.1.3

   Upper-Class: generic port service (EnCode-q:2.1.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: network management service

   EnCode-q:2.1.1.4



Wang, et al.             Expires April 16, 2020                [Page 22]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Upper-Class: generic port service (EnCode-q:2.1.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: domain name service

   EnCode-q:2.1.1.5

   Upper-Class: generic port service (EnCode-q:2.1.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: other

   EnCode-q:2.1.1.6

   Upper-Class: generic port service (EnCode-q:2.1.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   The registered port service is no longer to be classified here.
   According to the type of services provided by the application, the
   dynamic/private port service is divided into search query service,
   audio and video service, shopping service, social service and other.

   Class-IV: search query service

   EnCode-q:2.1.3.1

   Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: audio and video service

   EnCode-q:2.1.3.2

   Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: shopping service




Wang, et al.             Expires April 16, 2020                [Page 23]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   EnCode-q:2.1.3.3

   Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: social service

   EnCode-q:2.1.3.4

   Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: other

   EnCode-q:2.1.3.5

   Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

5.3.7.  Organic service

   The "organic service" continues the sub-category classification.

   Class-III: Organic service

   EnCode-q:2.2.1

   Upper-Class: Organic service (EnCode-q:2.2)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   The organic service categories are classified into P2P service , CDN
   service and other according to the scenario where the application is
   located and the network service function.

   Class-IV: P2P service

   EnCode-q:2.2.1.1

   Upper-Class: Organic service (EnCode-q:2.2.1)




Wang, et al.             Expires April 16, 2020                [Page 24]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: CDN service

   EnCode-q:2.2.1.2

   Upper-Class: Organic service (EnCode-q:2.2.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

   Class-IV: other

   EnCode-q:2.2.1.3

   Upper-Class: Organic service (EnCode-q:2.2.1)

   Attribution: MAC Address\IP Address\Port\Service\
   Protocol\Performance\

5.3.8.  Code

   The "Code" continues the sub-category classification and is no longer
   subdivided.

   Class-III: Code

   EnCode-q:3.1.1

   Upper-Class: Code (EnCode-q:3.1)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\ Programming Language\

5.3.9.  Text resource

   The "Text resource" sub-category, according to the storage form of
   text, whether the text can be represented by unified data or format
   to organize large categories, is divided into structured text, semi-
   structured text, unstructured text.

   Class-III: structured text

   EnCode-q:3.2.1

   Upper-Class: Text resource (EnCode-q:3.2)




Wang, et al.             Expires April 16, 2020                [Page 25]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

   Class-III: semi-structured text

   EnCode-q:3.2.2

   Upper-Class: Text resource (EnCode-q:3.2)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

   Class-III: unstructured text

   EnCode-q:3.2.3

   Upper-Class: Text resource (EnCode-q:3.2)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

   The " structured text", "semi-structured text" and " structured text
   "continues the large-category classification and is no longer
   subdivided.

5.3.10.  Picture resource

   The "picture resource" continues the sub-category classification and
   is no longer subdivided.

   Class-III: Picture resource

   EnCode-q:3.3.1

   Upper-Class: Picture resource (EnCode-q:3.3)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

5.3.11.  Audio resource

   The Audio resource continues the sub-category classification and is
   no longer subdivided.

   Class-III: Audio resource

   EnCode-q:3.4.1




Wang, et al.             Expires April 16, 2020                [Page 26]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Upper-Class: Audio resource (EnCode-q:3.4)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

5.3.12.  Video resource

   The " Video resource" continues the sub-category classification. and
   is no longer subdivided.

   Class-III: Video resource

   EnCode-q:3.5.1

   Upper-Class: Video resource (EnCode-q:3.5)

   Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data
   size\Data Permission\

6.  Acknowledgements

   The authors would like to thank the support of Tsinghua.  University
   and China Electronic Technology Group Corporation thirtieth Research
   Institute.  We also thank the following persons for their suggestions
   on earlier versions of this work: Zhi Sun, Jianfeng Chen, Da He, Rui
   Xu, Zhihong Rao, etc, for their. discussion, comments and
   suggestions.

7.  IANA Considerations

   This memo includes no request to IANA.

8.  Security Considerations

   This document only defines a framework for network resources
   categorization.  This document itself does not directly introduce
   security issues.

9.  Normative References

   [RFC1157]  Case, J., "A Simple Network Management Protocol (SNMP)",
              RFC 1157, May 1990.

   [RFC1242]  Bradner, S., "Benchmarking Terminology for Network
              Interconnection Devices", RFC 1242, July 1991.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", RFC 2119, March 1997.



Wang, et al.             Expires April 16, 2020                [Page 27]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   [RFC2764]  Gleeson, B., "A Framework for IP Based Virtual Private
              Networks", RFC 2764, February 2000.

   [RFC3232]  Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by
              an On-line Database", RFC 3232, January 2002.

   [RFC6346]  Bush, R., "The Address plus Port (A+P) Approach to the
              IPv4 Address Shortage", RFC 6346, August 2011.

   [RFC904]   Mills, D., "A Framework for IP Based Virtual Private
              Networks", RFC 904, April 1984.

Authors' Addresses

   Jilong Wang (editor)
   Tsinghua University
   Beijing  100084
   China

   Email: wjl@tsinghua.edu.cn


   Congcong Miao (editor)
   Tsinghua University
   Beijing  100084
   China

   Email: mccmiao@163.com


   Shuying Zhuang (editor)
   Tsinghua University
   Beijing  100084
   China

   Email: 17751034616@163.com


   Qianli Zhang (editor)
   Tsinghua University
   Beijing  100084
   China

   Email: zhang@cernet.edu.cn







Wang, et al.             Expires April 16, 2020                [Page 28]


Internet-Draft     Cyberspace Resources Categorization      October 2019


   Jianfeng Chen (editor)
   CETC
   Chengdu  610000
   China

   Email: atrix@163.com













































Wang, et al.             Expires April 16, 2020                [Page 29]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/