CN107609179A - A kind of data processing method and equipment - Google Patents

A kind of data processing method and equipment Download PDF

Info

Publication number
CN107609179A
CN107609179A CN201710910062.XA CN201710910062A CN107609179A CN 107609179 A CN107609179 A CN 107609179A CN 201710910062 A CN201710910062 A CN 201710910062A CN 107609179 A CN107609179 A CN 107609179A
Authority
CN
China
Prior art keywords
leak
record
attributive character
type
sememe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710910062.XA
Other languages
Chinese (zh)
Other versions
CN107609179B (en
Inventor
顾杜娟
叶晓虎
范敦球
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
NSFOCUS Information Technology Co Ltd
Beijing NSFocus Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NSFOCUS Information Technology Co Ltd, Beijing NSFocus Information Security Technology Co Ltd filed Critical NSFOCUS Information Technology Co Ltd
Priority to CN201710910062.XA priority Critical patent/CN107609179B/en
Publication of CN107609179A publication Critical patent/CN107609179A/en
Application granted granted Critical
Publication of CN107609179B publication Critical patent/CN107609179B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present invention provides a kind of data processing method and equipment, and shared technical problem can not be merged for solving leak record in each vulnerability scan in the prior art.This method includes:Obtain at least two leaks record from least two vulnerability scans;Wherein, leak records the data content of the leak for describing system corresponding to different institutions;The attributive character of each leak record carries out sememe analysis in being recorded at least two leaks;Wherein, different hierarchical types is corresponded in the leak record of different attribute feature, the type that hierarchical type records characterized data content to leak is related;The leak record of existing common sememe is associated with the first hierarchical type between attributive character during at least two leaks are recorded, and generates the standard vulnerability scan for including at least one first hierarchical type;Wherein, the leak record under the first hierarchical type has at least one identical attributive character.

Description

A kind of data processing method and equipment
Technical field
The present invention relates to information security field, more particularly to a kind of data processing method and equipment.
Background technology
With the development of science and technology, people increasingly pay attention to information security.Security breaches refer to information system in life Each stage in cycle is ordered, such as during design, realization, O&M etc., caused corresponding problem, these problems can be to system Safety have an impact.At present, countries in the world in order to preferably carry out the management of information security leak and control work, it will usually Known and some unknown security breaches are included, and establish the national security database of oneself, are also commonly referred to as leaked Cave depot.
But in existing vulnerability database, because each vulnerability database is under the jurisdiction of different mechanisms, do not exchange each other, cause to leak Hole records not comprehensive enough.Simultaneously as vulnerability database does not defer to unified standard, existing Security Vulnerability Database is using different Mark, classification and ranking method so that same leak after different institutions are issued, its leak record difference it is larger, to leak The shared of record is impacted with exchanging.
In addition, larger difference be present in the text type of leak, the expression way of field, for the noun of same implication, When appearing in different vulnerability databases, software is difficult to its homogeneity.Therefore data fusion is caused to be difficult to automate, batch The progress of change, and if completed one by one by the way of artificial, workload will be very huge, and inevitable subjectivity.
In summary, leak record can not realize shared fusion in each vulnerability scan in the prior art.
The content of the invention
The embodiment of the present invention provides a kind of data processing method and device, for solving each vulnerability scan in the prior art Middle leak record can not merge shared technical problem.
In a first aspect, the embodiment of the present invention provides a kind of data processing method, comprise the following steps:
Obtain at least two leaks record from least two vulnerability scans;Wherein, at least two leaks number Belong to different institutions according to each vulnerability scan in storehouse, the leak is recorded for describing system corresponding to the different institutions The data content of leak;
The attributive character of each leak record carries out sememe analysis in being recorded at least two leak;Wherein, not Leak record with attributive character corresponds to different hierarchical types, and the hierarchical type records characterized number with the leak It is related according to the type of content;
The leak of existing common sememe records and first point between attributive character during at least two leak is recorded Level type is associated, and generates the standard vulnerability scan for including at least one first hierarchical type;Wherein, described first point Leak record under level type has at least one identical attributive character.
Optionally, in being recorded at least two leak attributive character of each leak record carry out sememe analysis it Afterwards, methods described also includes:
The leak record of distinct sememe between attributive character at least two leaks record is determined, wherein, tool Have any different sememe leak record attributive character between there is at least one discriminative attributes feature;
The leak record and first of existing common sememe between attributive character during at least two leak is recorded While hierarchical type is associated or afterwards, methods described also includes:
It is determined that in the leak record associated with first hierarchical type between attributive character distinct sememe leak Record;
The attributive character recorded according to the leak of determination determines the second hierarchical type, and at least two leak is recorded The leak record of distinct sememe is associated with second hierarchical type between middle attributive character.
Optionally, the attributive character includes data origin information, leak type information and field information.
Optionally, at least two leak is recorded between attributive character the leak record of distinct sememe with After second hierarchical type is associated, methods described also includes:
According to the incidence relation between leak record and hierarchical type, determine each to leak at least two leaks record Store path corresponding to the data of hole, the store path are used to indicate the storage that leak is recorded in the standard vulnerability scan Address;
Each leak record is stored according to corresponding store path during at least two leak is recorded.
Optionally, methods described also includes:
Leak record retrieval information is received, the leak record retrieval information includes at least one search key;
According at least one search key, at least one attribute corresponding to the leak record retrieval information is determined Feature;
Target hierarchical type according to corresponding at least one attributive character determines the leak record retrieval information, The target hierarchical type includes first hierarchical type and/or second hierarchical type;
Export at least one leak record associated by the target hierarchical categories.
Second aspect, the present invention implement to provide a kind of data processing equipment, including:
Acquisition module, for obtaining at least two leaks record from least two vulnerability scans;Wherein, it is described extremely Each vulnerability scan belongs to different institutions in few two vulnerability scans, and the leak is recorded for describing the different institutions The data content of the leak of corresponding system;
Analysis module, the attributive character for each leak record in being recorded at least two leak carry out sememe point Analysis;Wherein, different hierarchical types is corresponded in the leak record of different attribute feature, the hierarchical type is remembered with the leak The type of the characterized data content of record is related;
Processing module, the leak for existing common sememe between attributive character during at least two leak is recorded Record is associated with the first hierarchical type, and generates the standard vulnerability scan for including at least one first hierarchical type;Its In, the leak record under first hierarchical type has at least one identical attributive character.
Optionally, the analysis module is additionally operable to:
After the attributive character of each leak record in being recorded at least two leak carries out sememe analysis, it is determined that The leak of distinct sememe records between attributive character at least two leaks record, wherein, there is difference sememe There is at least one discriminative attributes feature between the attributive character of leak record;
The processing module is additionally operable to:
The leak record and first of existing common sememe between attributive character during at least two leak is recorded While hierarchical type is associated or afterwards, it is determined that associated with first hierarchical type leak record in attributive character it Between distinct sememe leak record;
The attributive character recorded according to the leak of determination determines the second hierarchical type, and at least two leak is recorded The leak record of distinct sememe is associated with second hierarchical type between middle attributive character.
Optionally, the attributive character includes data origin information, leak type information and field information.
Optionally, the data processing equipment also includes:
First determining module, for the distinct sememe between attributive character during at least two leak is recorded After leak record is associated with second hierarchical type, the incidence relation between hierarchical type is recorded according to leak, Determine that store path corresponding to each leak data, the store path are used to indicate leak at least two leaks record The storage address being recorded in the standard vulnerability scan;
Memory module, enter for each leak record during at least two leak is recorded according to corresponding store path Row storage.
Optionally, the data processing equipment also includes:
Receiving module, for receiving leak record retrieval information, the leak record retrieval information includes at least one Search key;
Second determining module, for according at least one search key, determining the leak record retrieval information Corresponding at least one attributive character;
3rd determining module, for determining that the leak record retrieval information institute is right according at least one attributive character The target hierarchical type answered, the target hierarchical type include first hierarchical type and/or second hierarchical type;
Output module, for exporting at least one leak record associated by the target hierarchical categories.
The third aspect, the embodiment of the present invention provide a kind of computer installation, and the computer installation includes processor, described Processor realizes method as described in relation to the first aspect when being used to perform the computer program stored in memory.
Fourth aspect, the embodiment of the present invention provide a kind of computer-readable recording medium, the computer-readable storage medium Matter is stored with computer instruction, when the instruction is run on computers so that computer performs as described in relation to the first aspect Method.
In the embodiment of the present invention, sememe is carried out by the attributive character recorded to the leak in different vulnerability scans Analysis, the leak record that attributive character can be had to common sememe are associated with same hierarchical type, will had so as to realize The leak record of predicable feature is associated with a hierarchical type and stored, and contributes to the later stage based in standard database Incidence relation finds leak record related in same hierarchical type, improves search efficiency, while be advantageously implemented to leak The unified management of record.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of data processing method in the embodiment of the present invention;
Fig. 2 is the structural model schematic diagram one that leak records in the embodiment of the present invention;
Fig. 3 is the structural model schematic diagram two that leak records in the embodiment of the present invention;
Fig. 4 is data processing equipment structure chart in the embodiment of the present invention;
Fig. 5 is the structural representation of Computer device of the embodiment of the present invention.
Embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, the present invention is made below in conjunction with accompanying drawing into One step it is described in detail, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole implementation Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made All other embodiment, belongs to the scope of protection of the invention.
First, the part term in the embodiment of the present invention is explained, in order to skilled artisan understands that.
1) vulnerability scan, for collecting and managing domestic and international network security defect and leak data.
2) leak records, and refers to the field information for being used to describe leak included in the vulnerability scan of each mechanism, its The leak of multiple systems, such as Windows (a kind of operating system), Linux, WebApp, Android, Symbian can be covered Deng platform.In a vulnerability scan, each leak record can be corresponding with unique leak number, and a leak record can To record leak according to corresponding form, such as phase can be recorded according to forms such as " data source, leak type, field informations " The leak answered.
3) data processing equipment, can be the electronic equipment with data-handling capacity, such as terminal device or server. Wherein, server can be connected with multiple terminal devices, it might even be possible to be attached and communicate with other servers, server can To be recorded by obtaining corresponding leak in the terminal device of connection or other servers, and leak record is handled.
4) in the embodiment of the present invention, " multiple " refer to two or more."and/or", the association of affiliated partner is described Relation, expression may have three kinds of relations, for example, A and/or B, can be represented:Individualism A, while A and B be present, individually deposit In these three situations of B.In addition, character "/", unless otherwise specified, it is a kind of relation of "or" to typically represent forward-backward correlation object.
The embodiment of the present invention is described in further detail with reference to Figure of description.
Embodiment one
As shown in figure 1, the embodiment of the present invention provides a kind of data processing method, this method can apply to data processing and set In standby, this method can be described as follows:
S11:Obtain at least two leaks record from least two vulnerability scans;Wherein, at least two leak number Belong to different institutions according to each vulnerability scan in storehouse, leak records the number of the leak for describing system corresponding to different institutions According to content.
In the embodiment of the present invention, at least two vulnerability scans can be the local database of data processing equipment, also may be used With the database being stored in the terminal device being connected with data processing equipment or server (such as Cloud Server).Generally come Say, being under the jurisdiction of the vulnerability scan of different mechanisms can be stored in each mechanism management equipment of oneself.Data processing is set It is standby at least two leaks record to be obtained from existing vulnerability scan by sending request of data.
S12:The attributive character of each leak record carries out sememe analysis in being recorded at least two leaks;Wherein, not Leak record with attributive character corresponds to different hierarchical types, and hierarchical type records characterized data content with leak Type is related.
In the vulnerability scan application environment of reality, each leak record has unique numbering, and each leak note Description of the record with a standardization.And each mechanism is when establishing the vulnerability scan of oneself, the different mark of generally use Knowledge, classification and ranking method, so that same leak record, after different institutions are issued, its leak record difference is larger.
In the embodiment of the present invention, before S12, data processing equipment can be in existing leak standard base, to not Leak record with standard carries out structuring, to establish more standard, the recording mode of specification, make it that leak record can be Shared and circulated between different vulnerability scans and security tool.
In the embodiment of the present invention, data processing equipment used structural model when recording progress structuring to leak As shown in Fig. 2 the model includes multiple classifications corresponding with leak record, each classification includes the attribute with leak record The related classification of feature and corresponding sub- level.The structural model can compatible multiple leak standards both at home and abroad, to it is original not Improved with the scattered cutting state between vulnerability scan, help to be subordinate to different between the leak of different institutions and various criterion The fusion of structure data.In the embodiment of the present invention, the data with the structural model can be referred to as standard vulnerability scan.
In actual applications, data processing equipment can use multiclass classification when recording progress structuring to leak Mode is realized.For example, data processing equipment, which can record multidimensional leak, carries out multiclass classification, for example, can be divided first Into corresponding first-level class, first-level class can be one or more set for associating close attributive character in leak record, Each leak can include multiple first-level class, and each first-level class records comprising multiple leaks.Phase between each first-level class Mutually independent, the attribute inside first-level class is interrelated.
That is, the attribute that after the leak record in obtaining various criterion, each leak is recorded for data processing equipment Feature is compared, and polymerization associates close attributive character, and these, which associate close attributive character, can correspond to same language Multiple attributive character of adopted field, then can according to the plurality of attributive character set corresponding to hierarchical type.For example, if polymerization is more Information based on individual attributive character, then the first hierarchical type set can be " one-level, Back ground Information classes ".
In this way, data processing equipment can record according to attributive character to leak carries out multiclass classification, wherein first-level class can So that including multiple types, each type corresponds to identical attributive character, and can also include corresponding sub- level under each type, Such as the second hierarchical type, or even the 3rd hierarchical type.
For example, in the first hierarchical type " Back ground Information " next stage, i.e. the second hierarchical type can bag leak number, leakage Hole title, issuing time, renewal time, reference link etc..Wherein, " leak number " can wrap further below in the second hierarchical type Include the 3rd hierarchical type, the different number informations of such as cve, cnnvd.
In the embodiment of the present invention, data processing equipment is based on existing national and foreign standards, a kind of defined standard leak The structural model of database is as shown in figure 3, the structural model characterizes the classification that data processing equipment records to leak.In Fig. 3, Default first-level class can include 6 types, i.e. Back ground Information, classification grading, influence, solution party in data processing equipment Case, attack utilize information and source.Wherein, it is close to can correspond to multiple associations that leak records for this one kind of Back ground Information Attributive character, such as leak title, leak description, renewal time etc. can be included.Sub- level is additionally provided with each one-level type Type.Such as one or more secondary classifications are set under " one-level, Back ground Information ", can such as it include " leak number ", " leak Description ", " issuing time " etc..
Then in S12, data processing equipment, can be with when the attributive character to the leak of acquisition record carries out sememe analysis Sememe analysis is carried out to the attributive character of each leak record, such as sememe analysis is carried out to the field information in attributive character, The source of attributive character characterize data is determined, or characterizes the solution of leak, or characterizes numbering, etc..
S13:The leak of existing common sememe records and first point between attributive character during at least two leaks are recorded Level type is associated, and generates the standard vulnerability scan for including at least one first hierarchical type;Wherein, the first classification class Leak record under type has at least one identical attributive character.
In the embodiment of the present invention, data processing equipment carries out sememe analysis in the attributive character recorded at least two leaks When, it may be determined that the leak for having common sememe between attributive character corresponding to each leak record records.As a rule, if not There is common sememe between multiple attributive character with leak record, you can show have between the attributive character of each leak record Same alike result feature.Now, data processing equipment can be determined corresponding to leak record based on the attributive character with common sememe Hierarchical type, the hierarchical type may indicate that the corresponding classification of leak record and type.
For example, leak record 1 includes 2 attributive character, wherein attributive character 1 is that (such as producer numbers number 1 BH1025xx799xx), attributive character 2 is leak title;Corresponding 2 attributive character of leak record B, wherein attributive character 1 are number 2 (such as No. CVE) of code, attributive character 2 is renewal time, and attributive character 3 is reference link, then it is considered that leak record A and leakage Same characteristic features between hole record B attributive character belong to " Back ground Information ", therefore can return leak record A and leak record B In same type for same one-level, such as " one-level, Back ground Information class ", and leak is recorded into A and leak record B and first classification Type is associated.
In actual applications, data processing equipment to the leak of acquisition record carry out sememe analysis after, can be according to The structural model of default leak record carries out classification storage, realizes automatic classification and storage to leak record, helps In improving the treatment effeciency to leak record, it is easy to the management and use in later stage.
For example, data processing equipment is after the attributive character recorded to multiple leaks carries out sememe analysis, it may be determined that multiple The leak in leak record with same alike result feature records, such as identical attributive character characterizes leak and is recorded as solution Record, then this multiple leaks record can be automatically associated to such as " solution " in default first hierarchical type in Fig. 3 This is a kind of.
In the embodiment of the present invention, data processing equipment determines common sememe between the attributive character that leak records in S13 While or afterwards, the difference sememe between the attributive character of these leaks record can also be determined, these difference sememes can be with The difference between the attributive character for the leak record for belonging to same hierarchical type is characterized, that is, determines the difference belonged under same classification The distinguishing characteristics between leak record in type, and then the sub- fraction after the first hierarchical type can be determined according to the difference Class.
For example, data processing equipment further determines that the leakage that " one-level, Back ground Information (type) " includes by sememe analysis Difference sememe in the attributive character of hole record, it may be determined that the secondary classification bag in the second hierarchical type under " Back ground Information " Include " leak Unified number ", " leak number ", " leak title ", " leak description ", " issuing time ", " renewal time " and " ginseng Examine link " etc. type.
Or data processing equipment further determines that the leak note that " one-level, influenceing (type) " includes by sememe analysis Difference sememe in the attributive character of record, it may be determined that the secondary classification in the second hierarchical type under " influence " includes " system (leak for influenceing system) " and " software (leak for influenceing software) ", you can leak record is associated with the second classification class Corresponding type in type.
Certainly, data processing equipment, can also be further according to area after it is determined that distinguishing sememe corresponding to leak record Other sememe is supplemented on the basis of the second hierarchical type, such as determines that leak is recorded in the 3rd point under the second hierarchical type Multiple three-levels classification that level type includes, such as specific leak number, the system and/or the title of software influenceed, version With manufacturer, etc., to cause parsing to leak record and classification more perfect, fine, it is easy to improve the later stage and searches leak note The accuracy and efficiency of record.
In the embodiment of the present invention, it is determined that corresponding to leak record after hierarchical type, such as the first hierarchical type and second point Level type, then leak can be recorded and be associated with corresponding hierarchical type, so as to by any one associated by leak record Individual hierarchical type can find leak record.
Further, data processing equipment can record the incidence relation between hierarchical type according to leak, it is determined that at least Each leak data corresponding store path in standard vulnerability scan in two leak records, the store path can be used for Indicate that leak is recorded in the storage address in standard vulnerability scan.
The standard vulnerability scan can be that leak record is classified and deposited according to the structural model shown in Fig. 3 Storage, standard database can be the local database of data processing equipment, or can also be cloud database etc..Criterion numeral According to storage address table corresponding with each hierarchical type in structural model can be provided with storehouse, then it is determined that at least two leaks After each leak records corresponding store path in record, leak can be recorded and be stored in the standard according to corresponding store path Vulnerability scan, the standard vulnerability scan are a database for being capable of compatible leak standard both domestic and external.
Data processing equipment arrives by the leak record from different vulnerability scans according to corresponding hierarchical type storage After standard vulnerability scan, leak record retrieval information can be received, leak record retrieval information includes at least one retrieval Keyword, then, data processing equipment can be determined corresponding to leak record retrieval information according at least one search key At least one attributive character, such as " Back ground Information " or " influence " class etc..
Data processing equipment can determine the target corresponding to leak record retrieval information according at least one attributive character Hierarchical type, the target hierarchical type can include the first hierarchical type and/or the second hierarchical type, or even can also include the Sub- level type under two hierarchical types etc..Then data processing equipment can remember at least one leak associated by target hierarchical categories Record is defined as the lookup result of leak record retrieval information, and exports the lookup result.Such as export a certain hierarchical type Leak data, multiple leak records such as influential on system.
Therefore, the mode for being employed structuring in the embodiment of the present invention due to standard vulnerability scan is recorded to different leaks Storage is classified, and the leak record of the independent vulnerability scan of existing multiple mechanisms is merged, is enriched Leak record shared quantity and rank, therefore work as user and searched accordingly in the standard vulnerability scan by data processing equipment Leak record when, can be found based on the standard vulnerability scan of structuring with retrieving related same type of more of information Individual leak record, the related leak record that retrieval result is included are more complete.
Embodiment two
Based on same inventive concept, the embodiment of the present invention provides a kind of data processing equipment, and its structure is as shown in Figure 4.Should Data processing equipment includes acquisition module 21, analysis module 22 and processing module 23, and the data processing equipment can be used for performing Data processing method described in Fig. 1.
Acquisition module 21 is used to obtain at least two leaks record from least two vulnerability scans;Wherein, it is described Each vulnerability scan belongs to different institutions at least two vulnerability scans, and the leak is recorded for describing the different machines The data content of the leak of system corresponding to structure.
The attributive character that analysis module 22 is used for each leak record in being recorded at least two leak carries out sememe Analysis;Wherein, different hierarchical types, the hierarchical type and the leak are corresponded in the leak record of different attribute feature The type of the characterized data content of record is related.
Processing module 23 is used for during at least two leak is recorded the leakage of existing common sememe between attributive character Hole record is associated with the first hierarchical type, and generates the standard vulnerability scan for including at least one first hierarchical type; Wherein, the leak record under first hierarchical type has at least one identical attributive character.
Optionally, the analysis module 22 is additionally operable to:
After the attributive character of each leak record in being recorded at least two leak carries out sememe analysis, it is determined that The leak of distinct sememe records between attributive character at least two leaks record, wherein, there is difference sememe There is at least one discriminative attributes feature between the attributive character of leak record;
Then the processing module 23 is additionally operable to:
The leak record and first of existing common sememe between attributive character during at least two leak is recorded While hierarchical type is associated or afterwards, it is determined that associated with first hierarchical type leak record in attributive character it Between distinct sememe leak record;
The attributive character recorded according to the leak of determination determines the second hierarchical type, and at least two leak is recorded The leak record of distinct sememe is associated with second hierarchical type between middle attributive character.
In the embodiment of the present invention, the attributive character includes data origin information, leak type information and field information.
Optionally, the data processing equipment can also include:
First determining module, for the distinct sememe between attributive character during at least two leak is recorded After leak record is associated with second hierarchical type, the incidence relation between hierarchical type is recorded according to leak, Determine that store path corresponding to each leak data, the store path are used to indicate leak at least two leaks record The storage address being recorded in the standard vulnerability scan;
Memory module, enter for each leak record during at least two leak is recorded according to corresponding store path Row storage.
Optionally, the data processing equipment also includes:
Receiving module, for receiving leak record retrieval information, the leak record retrieval information includes at least one Search key;
Second determining module, for according at least one search key, determining the leak record retrieval information Corresponding at least one attributive character;
3rd determining module, for determining that the leak record retrieval information institute is right according at least one attributive character The target hierarchical type answered, the target hierarchical type include first hierarchical type and/or second hierarchical type;
Output module, for exporting at least one leak record associated by the target hierarchical categories.
Embodiment three
A kind of computer installation is also provided in the embodiment of the present invention, its structure is as shown in figure 5, the computer installation includes place Device 31 and memory 32 are managed, wherein, processor 31 realizes the present invention when being used to perform the computer program stored in memory 32 The step of data processing method provided in embodiment one.
Optionally, processor 31 can be specifically central processing unit, ASIC (Application Specific Integrated Circuit, ASIC), can be one or more integrated circuits for being used for control program and performing, Can be the hardware circuit developed using field programmable gate array (Field Programmable Gate Array, FPGA), It can be BBP.
Optionally, processor 31 can include at least one process cores.
Optionally, electronic equipment also includes memory 32, and memory 32 can include read-only storage (Read Only Memory, ROM), random access memory (Random Access Memory, RAM) and magnetic disk storage.Memory 32 is used for Store data required when processor 31 is run.The quantity of memory 32 is one or more.
Example IV
A kind of computer-readable recording medium is also provided in the embodiment of the present invention, the computer-readable recording medium storage has Computer instruction, it can realize that the present invention such as implements the data of an offer when computer instruction instruction is run on computers The step of processing method.
In embodiments of the present invention, it should be understood that disclosed data processing method and data processing equipment, can pass through Other modes are realized.For example, apparatus embodiments described above are only schematical, for example, the division of unit, only For a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component can combine Or another system is desirably integrated into, or some features can be ignored, or do not perform.Another, shown or discussed phase Coupling or direct-coupling or communication connection between mutually can be by some interfaces, the INDIRECT COUPLING or communication of equipment or unit Connection, can be electrical or other forms.
Each functional unit in embodiments of the present invention can be integrated in a processing unit, or unit also may be used To be independent physical module.
If integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can To be stored in a computer read/write memory medium.Based on such understanding, the technical scheme of the embodiment of the present invention it is complete Portion or part can be embodied in the form of software product, and the computer software product is stored in a storage medium, bag Some instructions are included to cause a computer equipment, such as can be personal computer, server, or network equipment etc., Or processor (Processor) performs all or part of step of the method for each embodiment of the present invention.And foregoing storage is situated between Matter includes:It is general serial bus USB (Universal Serial Bus flash drive, USB), mobile hard disk, read-only Memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or Person's CD etc. is various can be with the medium of store program codes.
Above example is only used for that technical scheme is described in detail, but the explanation of above example is only It is the method for being used to help understand the embodiment of the present invention, should not be construed as the limitation to the embodiment of the present invention.The art The change or replacement that technical staff can readily occur in, it should all cover within the protection domain of the embodiment of the present invention.

Claims (12)

  1. A kind of 1. data processing method, it is characterised in that including:
    Obtain at least two leaks record from least two vulnerability scans;Wherein, at least two vulnerability scan In each vulnerability scan belong to different institutions, the leak records the leak for describing system corresponding to the different institutions Data content;
    The attributive character of each leak record carries out sememe analysis in being recorded at least two leak;Wherein, do not belonging to together Property feature leak record correspond to different hierarchical types, in the hierarchical type data characterized with leak record The type of appearance is related;
    The leak record of existing common sememe is classified class with first between attributive character during at least two leak is recorded Type is associated, and generates the standard vulnerability scan for including at least one first hierarchical type;Wherein, the first classification class Leak record under type has at least one identical attributive character.
  2. 2. the method as described in claim 1, it is characterised in that each leak record in being recorded at least two leak Attributive character carry out sememe analysis after, methods described also includes:
    The leak record of distinct sememe between attributive character at least two leaks record is determined, wherein, there is area There is at least one discriminative attributes feature between the attributive character of the leak record of other sememe;
    The leak record of existing common sememe and the first classification between attributive character during at least two leak is recorded While type is associated or afterwards, methods described also includes:
    It is determined that the leak of distinct sememe records between attributive character in the leak record associated with first hierarchical type;
    The attributive character recorded according to the leak of determination determines the second hierarchical type, and belongs to during at least two leak is recorded Property feature between distinct sememe leak record be associated with second hierarchical type.
  3. 3. method as claimed in claim 2, it is characterised in that the attributive character includes data origin information, leak type Information and field information.
  4. 4. method as claimed in claim 2 or claim 3, it is characterised in that the attributive character at least two leak is recorded Between distinct sememe leak record be associated with second hierarchical type after, methods described also includes:
    According to the incidence relation between leak record and hierarchical type, each leak number at least two leaks record is determined According to corresponding store path, the store path is used to indicate the storage that leak is recorded in the standard vulnerability scan Location;
    Each leak record is stored according to corresponding store path during at least two leak is recorded.
  5. 5. method as claimed in claim 4, it is characterised in that methods described also includes:
    Leak record retrieval information is received, the leak record retrieval information includes at least one search key;
    According at least one search key, determine that at least one attribute corresponding to the leak record retrieval information is special Sign;
    Target hierarchical type according to corresponding at least one attributive character determines the leak record retrieval information, it is described Target hierarchical type includes first hierarchical type and/or second hierarchical type;
    Export at least one leak record associated by the target hierarchical categories.
  6. A kind of 6. data processing equipment, it is characterised in that including:
    Acquisition module, for obtaining at least two leaks record from least two vulnerability scans;Wherein, described at least two Each vulnerability scan belongs to different institutions in individual vulnerability scan, and the leak records right for describing the different institutions Answer the data content of the leak of system;
    Analysis module, the attributive character for each leak record in being recorded at least two leak carry out sememe analysis; Wherein, different hierarchical types is corresponded in the leak record of different attribute feature, the hierarchical type records with the leak The type of the data content characterized is related;
    Processing module, the leak for existing common sememe between attributive character during at least two leak is recorded record It is associated with the first hierarchical type, and generates the standard vulnerability scan for including at least one first hierarchical type;Wherein, institute Stating the record of the leak under the first hierarchical type has at least one identical attributive character.
  7. 7. equipment as claimed in claim 6, it is characterised in that the analysis module is additionally operable to:
    After the attributive character of each leak record in being recorded at least two leak carries out sememe analysis, it is determined that described The leak of distinct sememe records between attributive character at least two leaks record, wherein, there is the leak for distinguishing sememe There is at least one discriminative attributes feature between the attributive character of record;
    The processing module is additionally operable to:
    The leak record of existing common sememe and the first classification between attributive character during at least two leak is recorded While type is associated or afterwards, it is determined that being deposited in the leak record associated with first hierarchical type between attributive character In the leak record of difference sememe;
    The attributive character recorded according to the leak of determination determines the second hierarchical type, and belongs to during at least two leak is recorded Property feature between distinct sememe leak record be associated with second hierarchical type.
  8. 8. equipment as claimed in claim 6, it is characterised in that the attributive character includes data origin information, leak type Information and field information.
  9. 9. equipment as claimed in claim 7 or 8, it is characterised in that the data processing equipment also includes:
    First determining module, the leak for the distinct sememe between attributive character during at least two leak is recorded After record is associated with second hierarchical type, according to the incidence relation between leak record and hierarchical type, it is determined that Store path corresponding to each leak data at least two leaks record, the store path are used to indicate that leak records Storage address in the standard vulnerability scan;
    Memory module, deposited for each leak record during at least two leak is recorded according to corresponding store path Storage.
  10. 10. equipment as claimed in claim 9, it is characterised in that the data processing equipment also includes:
    Receiving module, for receiving leak record retrieval information, the leak record retrieval information includes at least one retrieval Keyword;
    Second determining module, for according at least one search key, determining that the leak record retrieval information is corresponding At least one attributive character;
    3rd determining module, corresponding to determining the leak record retrieval information according at least one attributive character Target hierarchical type, the target hierarchical type include first hierarchical type and/or second hierarchical type;
    Output module, for exporting at least one leak record associated by the target hierarchical categories.
  11. 11. a kind of computer installation, it is characterised in that the computer installation includes processor, and the processor is used to perform Realized during the computer program stored in memory such as any claim methods described in claim 1-5.
  12. 12. a kind of computer-readable recording medium, it is characterised in that the computer-readable recording medium storage has computer to refer to Order, when the instruction is run on computers so that computer performs the side as described in any claim in claim 1-5 Method.
CN201710910062.XA 2017-09-29 2017-09-29 Data processing method and equipment Active CN107609179B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710910062.XA CN107609179B (en) 2017-09-29 2017-09-29 Data processing method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710910062.XA CN107609179B (en) 2017-09-29 2017-09-29 Data processing method and equipment

Publications (2)

Publication Number Publication Date
CN107609179A true CN107609179A (en) 2018-01-19
CN107609179B CN107609179B (en) 2020-02-07

Family

ID=61067164

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710910062.XA Active CN107609179B (en) 2017-09-29 2017-09-29 Data processing method and equipment

Country Status (1)

Country Link
CN (1) CN107609179B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965254A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being used for government website security protection scheme
CN110502902A (en) * 2019-08-07 2019-11-26 杭州海康威视数字技术股份有限公司 A kind of vulnerability classification method, device and equipment
CN111310195A (en) * 2020-03-27 2020-06-19 北京双湃智安科技有限公司 Security vulnerability management method, device, system, equipment and storage medium
CN114860797A (en) * 2022-03-16 2022-08-05 电子科技大学 Data derivation processing method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101334787A (en) * 2008-07-22 2008-12-31 深圳钱袋商务有限公司 Objects evaluation information enquiry system and method
WO2010115065A3 (en) * 2009-04-03 2011-01-20 Tyratech, Inc. Methods for pest control employing microemulsion-based enhanced pest control formulations
CN105530243A (en) * 2015-12-03 2016-04-27 中国南方电网有限责任公司信息中心 Realizing method of network attack event quantitative hierarchical algorithm
CN105635112A (en) * 2015-12-18 2016-06-01 国家电网公司 Information system security performance assessment method
CN106682527A (en) * 2016-12-25 2017-05-17 北京明朝万达科技股份有限公司 Data security control method and system based on data classification and grading

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101334787A (en) * 2008-07-22 2008-12-31 深圳钱袋商务有限公司 Objects evaluation information enquiry system and method
WO2010115065A3 (en) * 2009-04-03 2011-01-20 Tyratech, Inc. Methods for pest control employing microemulsion-based enhanced pest control formulations
CN105530243A (en) * 2015-12-03 2016-04-27 中国南方电网有限责任公司信息中心 Realizing method of network attack event quantitative hierarchical algorithm
CN105635112A (en) * 2015-12-18 2016-06-01 国家电网公司 Information system security performance assessment method
CN106682527A (en) * 2016-12-25 2017-05-17 北京明朝万达科技股份有限公司 Data security control method and system based on data classification and grading

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
于成丽: "我国漏洞披露平台安全问题分析及对策建议", 《保密科学技术》 *
韦加宁 等: "专网安全保护策略研究", 《信息网络安全》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965254A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being used for government website security protection scheme
CN110502902A (en) * 2019-08-07 2019-11-26 杭州海康威视数字技术股份有限公司 A kind of vulnerability classification method, device and equipment
CN111310195A (en) * 2020-03-27 2020-06-19 北京双湃智安科技有限公司 Security vulnerability management method, device, system, equipment and storage medium
CN114860797A (en) * 2022-03-16 2022-08-05 电子科技大学 Data derivation processing method
CN114860797B (en) * 2022-03-16 2023-05-26 电子科技大学 Data derivatization processing method

Also Published As

Publication number Publication date
CN107609179B (en) 2020-02-07

Similar Documents

Publication Publication Date Title
Stvilia et al. A framework for information quality assessment
CN107609179A (en) A kind of data processing method and equipment
CN106778253A (en) Threat context aware information security Initiative Defense model based on big data
WO2017165018A1 (en) Automated event id field analysis on heterogeneous logs
CN107547262A (en) Generation method, device and the Network Management Equipment of alarm level
CN110659282B (en) Data route construction method, device, computer equipment and storage medium
CN101651576A (en) Alarm information processing method and system
CN109086413A (en) For searching for the method, equipment and readable storage medium storing program for executing of block chain data
CN108319661A (en) A kind of structured storage method and device of spare part information
CN106528828A (en) Multi-dimensional checking rule-based data quality detection method
CN110201393A (en) Configuration data storage method and device and electronic equipment
CN106294128B (en) A kind of automated testing method and device exporting report data
CN115617776A (en) Data management system and method
Paraschiv et al. A unified graph-based approach to disinformation detection using contextual and semantic relations
CN112579558A (en) Method, device, storage medium and equipment for displaying topological graph
CN112363996B (en) Method, system and medium for establishing physical model of power grid knowledge graph
CN113849702A (en) Method and device for determining target data, electronic equipment and storage medium
Sriliasta et al. Overview of Life Cycle Assessment of Current Emerging Technologies
WO2023272862A1 (en) Risk control recognition method and apparatus based on network behavior data, and electronic device and medium
CN105824279A (en) Method for establishing flexible and effective CMDB (Configuration Management Database) of machine room monitoring system
CN113434542A (en) Data relation identification method and device, electronic equipment and storage medium
CN113849520B (en) Intelligent recognition method and device for abnormal SQL, electronic equipment and storage medium
CN117093556A (en) Log classification method, device, computer equipment and computer readable storage medium
CN105721586A (en) Information intelligent distribution device, method and system
CN115567316A (en) Method and device for detecting abnormality of access data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee after: NSFOCUS Technologies Group Co.,Ltd.

Patentee after: NSFOCUS TECHNOLOGIES Inc.

Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd.

Patentee before: NSFOCUS TECHNOLOGIES Inc.