CN106815229A - Database virtual patch means of defence - Google Patents
Database virtual patch means of defence Download PDFInfo
- Publication number
- CN106815229A CN106815229A CN201510852161.8A CN201510852161A CN106815229A CN 106815229 A CN106815229 A CN 106815229A CN 201510852161 A CN201510852161 A CN 201510852161A CN 106815229 A CN106815229 A CN 106815229A
- Authority
- CN
- China
- Prior art keywords
- function
- database
- patch
- condition
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of database virtual patch means of defence, including:Receive the patch information of database manufacturer issue;Machine instruction conversed analysis are carried out to the database before and after patch installing, by the binary machine instruction in executable file, by being inversely reduced to assembler language code;Assembler language code is analyzed, it is expressed as mutual call relation between different function and functions, one binary file is converted to a digraph, call relation and control flow graph after analysis obtains binary file dis-assembling, by calculating basic number of blocks in controlling stream graph, redirecting side number and calling other function numbers, and generate the signature of the function;Function, according to pairing function and non-matching function, is checked as pairing by non-matching function according to function signature, positioning triggers the code of security breaches;The code of the initiation security breaches based on vulnerability information and positioning produces effective attack graph, carries out virtual patch protection rule and builds.
Description
Technical field
It is a kind of database virtual patch means of defence the invention belongs to database security field.
Background technology
Database Systems are the basic platforms in information system, many government organs, military service,
In the key service system of enterprise-like corporation all data storage storehouses, if database security cannot be protected
Card, application system thereon also can be by unauthorized access or destruction.Although current ripe commercial number
All there is the security functions such as authentication, access control, audit according to library management system, be number
Certain safety guarantee is safely provided according to storehouse, but has also been existed in terms of database security following
Problem:
1. database leak is presented and is on the increase situation.As user is to data base management system work(
The lifting of energy demand, the scale of data base management system becomes more and more huger, data base administration
The risk that security breaches occurs in system is being continuously increased, and such as these leaks are ignored, data
Storehouse faces the risk that core data is compromised.
2. careless upgrade database may cause using abnormal.Database upgrade, patch installing need
The multi-party cooperations such as DBA, application system keeper, if not taking into full account database
Possible caused system change during upgrading, patch installing, then having after Database Systems upgrading can
Can cause to apply normally to use.
3. database patch cannot prevent default back door." prism door " event exposes foreign countries
The severe compromise that commercial database system is present, foreign database manufacturer, intelligence department can
Using the back door of data base management system itself, the data in database are monitored and stolen
Take, back door is prefixed during design of database system, attached security mechanism thereon is just
Perform practically no function.
Therefore, DBA is faced with such predicament:Database leak benefit,
The risk of influence application is plugged a hole and faced, but all cannot fundamentally take precautions against data in any case
The helpless situation at storehouse back door.
The content of the invention
It is an object of the invention to provide a kind of database virtual patch means of defence, for solving
Above-mentioned problem of the prior art.
Database virtual patch means of defence of the invention, wherein, including:Receive database factory
The patch information of business's issue;Machine instruction conversed analysis are carried out to the database before and after patch installing,
By the binary machine instruction in executable file, by being inversely reduced to assembler language code;
Assembler language code is analyzed, is between different function and functions by whole program representation
Mutual call relation, is converted to a digraph, by analyzing by a binary file
Call relation and control flow graph after to binary file dis-assembling, by calculating controlling stream
Basic number of blocks in figure, redirect side number and call other function numbers, and generate the function
Signature, the signature of the function corresponds to basic number of blocks, redirects side number and calls other functions
Number;According to function signature to function as pairing, according to pairing function and non-matching function, lead to
Cross and non-matching function is checked, positioning triggers the code of security breaches;Based on vulnerability information
And the code of the initiation security breaches of positioning produces effective attack graph, carry out virtual patch and prevent
Shield rule builds.
One embodiment of database virtual patch means of defence of the invention, wherein, according to
Function signature chooses same or analogous function to be included as the condition of pairing:Meet condition (1),
Meet condition (2) or condition (3) simultaneously:Enter carrying out two before and after database patch installing respectively
After system is reverse, then piecemeal, n function is formed, the piecemeal result before patch installing is function set,
Piecemeal result after patch installing is function set;Condition (1):There is first function and belong to dozen benefit
, there is the function set after second function belongs to patch installing, and the first letter in the function set before fourth
Number is identical with second function signature;Condition (2):Collection of functions in condition (1) before patch installing
It is identical with second function signature in the absence of other function signatures outside first function in conjunction;Condition
(3):In function set in condition (1) after patch installing, in the absence of its outside second function
His function signature is identical with first function signature;;Condition (1) is met, while meeting condition (2)
Or the function of condition (3) is pairing function, is checked by non-matching function, position
Trigger the code of security breaches.
One embodiment of database virtual patch means of defence of the invention, wherein, it is based on
Vulnerability information produces effective attack graph, and carrying out virtual patch protection rule structure includes:To open
Put vulnerability scan and the vulnerability information obtained according to the code of the initiation security breaches of positioning
Based on set up leak knowledge base;The target environment information of database is pre-processed, by ring
Environment information is classified according to predicate title, attribute, forms multiple sub-goal context terms;By mesh
Mark environment storage is in a tree form data structure;According to target environment by leak knowledge base
Attack mode is instantiated as attack graph.
One embodiment of database virtual patch means of defence of the invention, wherein, the tree
Graphic data structure includes 4 node layers:Root node, host address node, predicate name node with
And attribute node.
To sum up, what the Vulnerability Management repair process during the present invention is protected for solution database was faced
Various problems, it is proposed that a kind of database virtual patch means of defence has advantages below:
1. the official's patch that can be issued with the database leak of CVE issues, database manufacturer is believed
Breath is foundation, analyzes the mechanism of production of leak, grasps vulnerability exploit mechanism and reduces corresponding attacking
Blow mode;
2. attack path can be modeled, and realized database access behavior pattern
With the Rapid matching of model;
3. specific behavior pattern can be blocked according to preset rules, reaching prevents number
The effect attacked according to storehouse.
Brief description of the drawings
Fig. 1 show database virtual patch protection module figure of the present invention;
Fig. 2 show database virtual patch protection module workflow diagram;
Fig. 3 show the comparative analysis flow chart of the database before and after patch installing;
Fig. 4 show the function structure figure of database;
Fig. 5 show the subfunction controlling stream graph of function;
Fig. 6 show the flow chart of attacking analysis;
Fig. 7 show the data structure diagram of target environment information.
Specific embodiment
It is below in conjunction with the accompanying drawings and real to make the purpose of the present invention, content and advantage clearer
Example is applied, specific embodiment of the invention is described in further detail.
Fig. 1 show database virtual patch protection module figure of the present invention, as shown in figure 1, data
Storehouse virtual patch protection module includes:Protocol resolution module 1, access behavior filtering module 2, please
Ask forwarding module 3, rule base 4, attack analysis module 5, regular typing module 6, attack point
Analysis module 7, Patches analysis module 8 and Configuration Manager 9.
With reference to Fig. 1, protocol resolution module 1 is used to carry out database server mapping and database
Protocol analysis etc..Access behavior filtering module 2 is used to carry out to the SQL statement in access request
Reduction, and rule-based storehouse characterization rules, database access request is filtered, shield
Attack and user-defined exception and misuse behavior for database leak.Request forwarding
Module 3 is used for the functions such as request restructuring and forwarding that conduct interviews.Patches analysis module 8 is used for number
The patch information issued according to storehouse manufacturer is input, the corresponding database defect code of positioning patch.
Attack analysis module 7 is used for the knot of vulnerability information or Patches analysis based on authoritative vulnerability database issue
Really, the Land use systems of analyzing defect code, obtain corresponding attack mode, and be abstracted into access
The regular typing rule base 4 of control.Regular typing module 6 is used for according to demand, by User Defined
Access regular typing rule base 4.Configuration Manager 9 is used to protect mould to database virtual patch
The operational factor of block is configured, recording equipment running log and audit log information.Rule base
4 are used to deposit the Rule Informations such as all kinds of vulnerability exploit patterns, attack mode and abnormal patterns.
Fig. 2 show database virtual patch protection module workflow diagram, with reference to Fig. 1 and figure
2, database virtual patch means of defence mainly includes:
1. patch information input database virtual patch protection module database manufacturer issued;
2. by patch comparative analysis method, patch information is analyzed, positioning patch correspondence
Leak mechanism;
3. attacked according to the leak mechanism that obtains of analysis or by the leak reduction of the direct issue such as CVE
Mode is hit, and carries out attacking analysis;
4. database protection rule is generated according to attack path model, target database is prevented
Shield.
Fig. 3 show the comparative analysis flow chart of the database before and after patch installing, and Fig. 4 show number
According to the function structure figure in storehouse, Fig. 5 show the subfunction controlling stream graph of function, for the present invention
Database virtual patch means of defence specifically implements profit, including:
Receive the patch information 11 of database manufacturer issue;
Machine instruction conversed analysis are carried out to the database 14 before and after patch installing, by executable file
In binary machine instruction, by being inversely reduced to assembler language code;
Assembly code is analyzed, is between different function and functions by whole program representation
Mutual call relation, is converted to a digraph, as shown in Figure 3 by a binary file;
Call relation and control flow graph after analysis obtains binary file dis-assembling, such as scheme
Shown in 4;By calculating basic number of blocks in controlling stream graph, each basic block is the son of a function
The quantity of the basic block a-g in function such as function A is 6, as shown in Figure 4;Side number is redirected,
7 are co-existed between call relation sum between i.e. each subfunction, such as basic block a-g call pass
System, as shown in Figure 4;And call other function numbers, such as called not in function A
Belong to the quantity of the function of function A.And generate the signature of the function.A three-dimensional can be used
Vectorial S (i)=(α i, β i, γ i) as function signature, wherein, α i, represent correspondence controlling stream graph in base
This block number;β i represent correspondence controlling stream graph in side number, single function call and be called time
Number;γ i represent that this calls other function numbers.
Possible same or analogous function is chosen as pairing according to function signature, successively to each
The basic block that the function pair matched somebody with somebody carries out inside is compared, and determines function similarity.Judge in the present invention
It refers to while meeting condition (1), and meet condition (2) that function ai, bj have unique same signature
Or condition (3):
To respectively be carried out before and after database patch installing binary system it is reverse after, then piecemeal forms n
Function, the piecemeal result before patch installing is function set (a1 ... .an), the piecemeal after patch installing
Result is function set (b1 ... ..bn).
Condition (1):Existence function ai and bj belong to 2 function sets before and after patch respectively, and
Both signatures are identical;
Condition (2):In function set where existence function ai, in the absence of other function signatures
It is identical with bj signatures;
Condition (3):In function set where existence function bj, in the absence of other function signatures
It is identical with ai signatures.
Binary executable before and after patch can be divided into two classes after comparison:With only
One same signature pairing function and non-matching function, check, i.e., by non-matching function
The code for triggering security breaches can be positioned, and fragility table note is carried out to non-matching function.
Patch comparison method be by contrasting the difference before and after patch installing between executable file, it is fast
Speed positioning defect code, reduces in order to leak mechanism analysis and attack path.Due to being compiled
The influence of the various aspects such as device optimization, logical address is translated, byte comparison is carried out to database patch,
Or simple text comparison is carried out to dis-assembling assembly code out, cannot all obtain well
Effect.To solve the problem, using structuring way of contrast, by extracting dis-assembling code in
Function signature, with Compilation function be basic research unit carry out comparison work.
Patch correlation technique basic ideas of the invention are:Extracting before and after patch can letter in database
Several symbolic characteristic information are compared as function signature to function signature;With only
The function of one same signature is after pairing, it is considered to be identical.
Method is substantially that whole database is considered as into a figure, using function as binary file
One " subgraph ", a structure chart, two binary system texts are translated into by whole binary file
The comparison of part also translates into the comparing between two figures, compares the signature between two functions.
The structural comparison method of binary file considers file content, two sections of identical generations from structural level
In the case of the possible difference of content of text, its structure would generally keep one to the file of code generation
Cause.
Fig. 6 show the flow chart of attacking analysis, with reference to Fig. 1 and Fig. 6, is obtained according to analysis
Leak mechanism or the leak directly issued by CVE etc. reduce attack pattern, and carry out attack and build
Mould, including:
Effective attack graph, and then the regular structure of virtual patch protection are produced based on vulnerability information 12
Build, leak can be modeled by the way of logic-based and analyze and generate attack graph,
And then acquisition of the realization to attack mode.
Using attacking drawing method and carry out vulnerability exploit pattern analysis and can clearly describe attacker's
Track is attacked, is readily appreciated and correlative protection Rulemaking, but because database is related to attack
Hit face widely, general attack graph construction method is easily trapped into the problem of state explosion.It is solution
Certainly the problem, target environment preconditioning technique is increased in the attack map analysis that can be used, and is subtracted
It is few to it is non-should not, the search of unreachable target of attack environment attribute, greatly improve attack graph point
Analysis performance.Attack graph engine, with reference to attack database, enters to target environment information data structure
Row traversal, searching illegally reaches another node with a starting point.
Fig. 7 show target environment information data structure figure, with reference to Fig. 7, target environment Information Number
Include according to structural attacks modeling:
1. knowledge base is built.With the authoritative institutions such as CVE issue open vulnerability scan and by
Leak is set up based on the vulnerability information that the patch information analysis of database manufacturer issue is obtained to know
Know storehouse, leak knowledge base provides inference rule for attack graph generation.
2. target environment pretreatment.By database related host information, information on services, configuration
The target environment information such as information is pre-processed, by environmental information according to predicate title (offer
COS), attribute classified, form some sub-goal context terms.What the present invention was used
Target environment Preprocessing Algorithm stores in a tree form data structure target environment, such as Fig. 7
The shown tree includes 4 node layers:Root node, host address node, predicate name node, category
Property node.
Target environment is described as follows in Preprocessing Algorithm:
Input:The Tree of attribute in storage target environment;Initial category in target environment set
Property f
Output:Tree after insertion attribute f
I=IPValue (f);
P=PredicateName (f);
If Node(I)S-Nodes(Tree.Root)Then
S-Nodes (Tree.Root)=S-Nodes (Tree.Root) ∪ { Node (I) };
S-Nodes (Node (I))=S-Nodes (Node (I)) ∪ { Node (P) };
S-Nodes (Node (P))={ Node (f) };
Else If Node(P)S-Nodes(Node(I))Then
S-Nodes (Node (I))=S-Nodes (Node (I)) ∪ { Node (P) };
S-Nodes (Node (P))={ Node (f) };
Else If Node(f)S-Nodes(Node(P))Then
S-Nodes (Node (P))=S-Nodes (Node (P)) ∪ { Node (f) };
Return Tree
During the input of the algorithm in the Tree and target environment set of storage target environment attribute
Initial attribute f, is output as inserting the Tree after attribute f, and the effect of the algorithm is to close by attribute f
In suitable position insertion tree Tree.Algorithm first determines whether the parameter value of the HostID types of attribute f
Whether mark (the i.e. mark of second node layer of certain descendant node of the root node of Tree is equal to
Know), do not exist such as, then the section of the parameter value mark of HostID type of the generation with attribute f
Point i, used as the descendant node of root node, then generation has the predicate name identification of attribute f
Node j, as the descendant node of node i, then using attribute f as node j descendant node;
If the parameter of the HostID types of attribute f is equal to certain descendant node of the root node of Tree
The mark of k, then whether be equal to certain follow-up section of node k in the predicate title for judging attribute f
The mark of point, if it does not exist, then the node m of predicate name identification of the generation with attribute f,
As the descendant node of node k, if there is such descendant node n, then just by the attribute
F as node n descendant node.
3. attack graph is constructed.By target environment and leak knowledge base input attack graph construction engine,
Attack mode in leak knowledge base is instantiated as by attack graph according to target environment.
To sum up, database virtual patch means of defence of the invention, can be with issues such as CVE
Official's database vulnerability information and the patch information of database manufacturer issue are virtual according to generation
Patch, virtual patch in database side without being disposed, it is only necessary to is deployed in a transparent way
Fly on database virtual patch protection module before being serially connected in database server to be protected, i.e.,
The monitoring to database access behavior is capable of achieving, is found and is blocked using database leak, back door
Or the behavior of database information is illegally obtained using supervisor privilege, realization is changed to database zero
Under the conditions of to database leak, the closure at back door.
The main effect realized of the invention includes:
1. the official's patch that can be issued with the database leak of CVE issues, database manufacturer is believed
Breath is foundation, analyzes the mechanism of production of leak, grasps vulnerability exploit mechanism and reduces corresponding attacking
Blow mode;
2. attack path can be modeled, and realized database access behavior pattern
With the Rapid matching of model;
3. specific behavior pattern can be blocked according to preset rules, reaching prevents number
The effect attacked according to storehouse.
The above is only the preferred embodiment of the present invention, it is noted that led for this technology
For the those of ordinary skill in domain, on the premise of the technology of the present invention principle is not departed from, can be with
Some improvement and deformation are made, these are improved and deformation also should be regarded as protection scope of the present invention.
Claims (4)
1. a kind of database virtual patch means of defence, it is characterised in that including:
Receive the patch information of database manufacturer issue;
Machine instruction conversed analysis are carried out to the database before and after patch installing, by executable file
Binary machine instruction, by being inversely reduced to assembler language code;
Assembler language code is analyzed, is different functions and function by whole program representation
Between mutually call relation, a binary file is converted to a digraph, by point
Analysis obtains call relation and control flow graph after binary file dis-assembling, is controlled by calculating
Basic number of blocks in flow graph processed, redirect side number and call other function numbers, and generate the letter
Several signatures, the signature of the function corresponds to basic number of blocks, redirects side number and call other letters
Several numbers;
According to function signature to function as pairing, according to pairing function and non-matching function, lead to
Cross and non-matching function is checked, positioning triggers the code of security breaches;
The code of the initiation security breaches based on vulnerability information and positioning produces effective attack
Figure, carries out virtual patch protection rule and builds.
2. database virtual patch means of defence as claimed in claim 1, it is characterised in that
Choose same or analogous function according to function signature includes as the condition of pairing:Meet condition
(1), while meeting condition (2) or condition (3):
To respectively be carried out before and after database patch installing binary system it is reverse after, then piecemeal forms n
Function, the piecemeal result before patch installing is function set, and the piecemeal result after patch installing is function
Set;
Condition (1):There is the function set before first function belongs to patch installing, there is the second letter
Number belongs to the function set after patch installing, and first function is identical with second function signature;
Condition (2):In function set in condition (1) before patch installing, in the absence of the first letter
Other function signatures outside number are identical with second function signature;
Condition (3):In function set in condition (1) after patch installing, in the absence of the second letter
Other function signatures outside number are identical with first function signature;;
Condition (1) is met, while it is pairing letter to meet the function of condition (2) or condition (3)
Number, checks by non-matching function, and positioning triggers the code of security breaches.
3. database virtual patch means of defence as claimed in claim 1, it is characterised in that
Effective attack graph is produced based on vulnerability information, carrying out virtual patch protection rule structure includes:
To open vulnerability scan and be obtained according to the code of the initiation security breaches of positioning
Leak knowledge base is set up based on vulnerability information;
The target environment information of database is pre-processed, by environmental information according to predicate name
Claim, attribute is classified, form multiple sub-goal context terms;
By target environment storage in a tree form data structure;
Attack mode in leak knowledge base is instantiated as by attack graph according to target environment.
4. database virtual patch means of defence as claimed in claim 1, it is characterised in that
The tree form data structure includes 4 node layers:Root node, host address node, predicate title section
Point and attribute node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510852161.8A CN106815229A (en) | 2015-11-30 | 2015-11-30 | Database virtual patch means of defence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510852161.8A CN106815229A (en) | 2015-11-30 | 2015-11-30 | Database virtual patch means of defence |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106815229A true CN106815229A (en) | 2017-06-09 |
Family
ID=59155496
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510852161.8A Pending CN106815229A (en) | 2015-11-30 | 2015-11-30 | Database virtual patch means of defence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106815229A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107967427A (en) * | 2017-12-11 | 2018-04-27 | 北京奇虎科技有限公司 | Monitor the method, apparatus and terminal device of loophole attack |
| CN109145601A (en) * | 2017-06-27 | 2019-01-04 | 英特尔公司 | Malware detection system attack prevents |
| CN109241737A (en) * | 2018-07-03 | 2019-01-18 | 中国科学院信息工程研究所 | A kind of difference linear-elsatic buckling method and system towards a variety of patch modes |
| CN109359468A (en) * | 2018-08-23 | 2019-02-19 | 阿里巴巴集团控股有限公司 | Leak detection method, device and equipment |
| CN109460641A (en) * | 2018-11-15 | 2019-03-12 | 成都网域复兴科技有限公司 | A kind of loophole positioning excavation system and method for binary file |
| CN111859405A (en) * | 2020-07-31 | 2020-10-30 | 深信服科技股份有限公司 | Threat immunization framework, method, equipment and readable storage medium |
| CN114065227A (en) * | 2022-01-18 | 2022-02-18 | 思探明信息科技(南京)有限公司 | Vulnerability positioning analysis system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060156032A1 (en) * | 2005-01-03 | 2006-07-13 | Panjwani Dileep K | Network-based patching machine |
| CN101814053A (en) * | 2010-03-29 | 2010-08-25 | 中国人民解放军信息工程大学 | Method for discovering binary code vulnerability based on function model |
| CN102156650A (en) * | 2011-03-02 | 2011-08-17 | 奇智软件(北京)有限公司 | Method and device capable of implementing automatic analysis of patch |
| CN103745158A (en) * | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
| CN104468563A (en) * | 2014-12-03 | 2015-03-25 | 北京奇虎科技有限公司 | Website bug protection method, device and system |
-
2015
- 2015-11-30 CN CN201510852161.8A patent/CN106815229A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060156032A1 (en) * | 2005-01-03 | 2006-07-13 | Panjwani Dileep K | Network-based patching machine |
| CN101814053A (en) * | 2010-03-29 | 2010-08-25 | 中国人民解放军信息工程大学 | Method for discovering binary code vulnerability based on function model |
| CN102156650A (en) * | 2011-03-02 | 2011-08-17 | 奇智软件(北京)有限公司 | Method and device capable of implementing automatic analysis of patch |
| CN103745158A (en) * | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
| CN104468563A (en) * | 2014-12-03 | 2015-03-25 | 北京奇虎科技有限公司 | Website bug protection method, device and system |
Non-Patent Citations (2)
| Title |
|---|
| YANGSONG等: "Automatic vulnerability locating in binary patches", 《2009 INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY 》 * |
| 叶云: "基于攻击图的网络安全风险计算研究", 《中国博士学位论文数据库 信息科技辑》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145601A (en) * | 2017-06-27 | 2019-01-04 | 英特尔公司 | Malware detection system attack prevents |
| CN107967427A (en) * | 2017-12-11 | 2018-04-27 | 北京奇虎科技有限公司 | Monitor the method, apparatus and terminal device of loophole attack |
| CN109241737A (en) * | 2018-07-03 | 2019-01-18 | 中国科学院信息工程研究所 | A kind of difference linear-elsatic buckling method and system towards a variety of patch modes |
| CN109359468A (en) * | 2018-08-23 | 2019-02-19 | 阿里巴巴集团控股有限公司 | Leak detection method, device and equipment |
| CN109359468B (en) * | 2018-08-23 | 2021-12-14 | 创新先进技术有限公司 | Vulnerability detection method, device and equipment |
| CN109460641A (en) * | 2018-11-15 | 2019-03-12 | 成都网域复兴科技有限公司 | A kind of loophole positioning excavation system and method for binary file |
| CN111859405A (en) * | 2020-07-31 | 2020-10-30 | 深信服科技股份有限公司 | Threat immunization framework, method, equipment and readable storage medium |
| CN114065227A (en) * | 2022-01-18 | 2022-02-18 | 思探明信息科技(南京)有限公司 | Vulnerability positioning analysis system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106815229A (en) | Database virtual patch means of defence | |
| US8225402B1 (en) | Anomaly-based detection of SQL injection attacks | |
| Manoharan et al. | Revolutionizing Cybersecurity: Unleashing the Power of Artificial Intelligence and Machine Learning for Next-Generation Threat Detection | |
| CN109922075A (en) | Network security knowledge map construction method and apparatus, computer equipment | |
| Tajpour et al. | SQL injection detection and prevention tools assessment | |
| CN1291569C (en) | Abnormal detection method for user access activity in attached net storage device | |
| RU2018136768A (en) | PROTECTIVE CYBER PROTECTION | |
| CN110213226B (en) | Network attack scene reconstruction method and system based on risk full-factor identification association | |
| CN106357618A (en) | Web abnormality detection method and device | |
| Desai et al. | Real time hybrid intrusion detection system using signature matching algorithm and fuzzy-GA | |
| CN115296924A (en) | Network attack prediction method and device based on knowledge graph | |
| CN111935193B (en) | Automatic safety protection method based on correlation of camouflage agent and dynamic technology | |
| CN109450882A (en) | A kind of security management and control system and method for the internet behavior merging artificial intelligence and big data | |
| CN111669354A (en) | Threat information industrial firewall based on machine learning | |
| CN108881316B (en) | Attack backtracking method under heaven and earth integrated information network | |
| CN112953918A (en) | Network attack protection method combined with big data server and big data protection equipment | |
| CN106850675A (en) | A kind of determination method and device of attack | |
| Jindal et al. | A survey on database intrusion detection: approaches, challenges and application | |
| Gnatyuk et al. | Studies on Cloud-based Cyber Incidents Detection and Identification in Critical Infrastructure. | |
| Makarova | Determining the choice of attack methods approach | |
| Zakaria et al. | Feature extraction and selection method of cyber-attack and threat profiling in cybersecurity audit | |
| Chaki et al. | A Survey on SQL Injection Prevention Methods | |
| Jana et al. | Code-based analysis approach to detect and prevent SQL injection attacks | |
| Ali et al. | Review of the defensive approaches for structured query language injection attacks and their countermeasures | |
| KR102562671B1 (en) | Threat hunting system and method for against social issue-based advanced persistent threat using genetic algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170609 |