CN107766732A - Vulnerability Management method based on adaptive framework - Google Patents
Vulnerability Management method based on adaptive framework Download PDFInfo
- Publication number
- CN107766732A CN107766732A CN201610687022.9A CN201610687022A CN107766732A CN 107766732 A CN107766732 A CN 107766732A CN 201610687022 A CN201610687022 A CN 201610687022A CN 107766732 A CN107766732 A CN 107766732A
- Authority
- CN
- China
- Prior art keywords
- leak
- vulnerability
- terms
- software
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of Vulnerability Management method based on adaptive framework, it is related to technical field of software security.It is managed by possessing the adaptive framework of defence, detection, the continual analysis of four kinds of abilities of response and prediction and monitoring to software vulnerability:Defence mainly can be accomplished to prevent to perform to known leak;Detection is mainly verified being contrasted to existing vulnerability scan, to three kinds of modes by way of local POC verification modes, external scanner;Response according to leak may caused by endanger and is analyzed, corresponding solution is proposed, and to the corresponding mending option of known leak proposition, on whether influenceing the patch of business and kernel and reminding;Prediction:Newest threat information is accessed, sensed in advance leak is present, and accomplishes that leak is on the defensive before breaking out extensively.The present invention includes the leak complete period, and the complete period of leak is managed, more efficient to position leak exactly, allows leak to cause less injury to corresponding user.
Description
Technical field
The present invention relates to technical field of software security, and in particular to the Vulnerability Management method based on adaptive framework.
Background technology
Leak be in defect present on hardware, software, the specific implementation of agreement or System Security Policy, so as to so that
Attacker can access or destroy system in the case of unauthorized.Software vulnerability is divided into two kinds according to the time:0day (zero day)
Leak, it is that manufacturer does not issue the leak for repairing patch, and Nday is then the leak of manufacturer's issued patch, because the time, practising
The reasons such as used, awareness of safety also have many people not have patch installing, and this also just hides a kind of danger:As security study person or love
Good person, if having grasped the code that utilizes of 0day leaks in hand, vast majority of people still has consciousness not go to disclose this utilization
Code, then this leak is also limited for the safety hazard of masses;But Nday is then entirely different, leak is repaired
Afterwards, much it can be disclosed or analyze and, disclosed vulnerability exploit code or Application way can be found on the net, once repairing is not
In time, although vulnerability exploit code at this moment is no longer secret leak as during 0day, becoming can make on a large scale
Into the leak of injury.
Software vulnerability has a life cycle:It was found that-confirmation-utilization-defence-patch is, it is necessary to leak each cycle
Feature is managed, rather than just scanning leak.Vulnerability-scanning technology commercially is primarily directed to existing leakage at present
The leak result of acquisition is compared in hole database or POC databases:(1) comprehensive mode is lacked to the detection mode of leak
Verified;(2) also lack the means for persistently finding leak, be all disposable behavior;(3) it is now most leading without access
Threaten intelligence technology can not find newest leak;(4) the no detailed suggestion of repairing to patch, can not know whether to influence
Business and the problem of kernel on line;(5) to the complete period not row management well of leak, only certain with a portion of
Some are attempted.
In order to solve the above problems, a kind of new software vulnerability management method based on adaptive framework is designed still very
It is necessary.
The content of the invention
In view of the shortcomings of the prior art, the present invention seeks to be to provide a kind of leak based on adaptive framework
Management method, the complete period of leak can be included, the complete period of leak is managed, it is more efficient, position leak exactly, allow
Leak causes less injury, use easy to spread to corresponding user.
To achieve these goals, the present invention is to realize by the following technical solutions:Leakage based on adaptive framework
Hole management method, it is by possessing defence, detection, the continual analysis of four kinds of abilities of response and prediction and the adaptive framework of monitoring
Software vulnerability is managed:(1) in terms of defence, known leak can be accomplished to prevent to perform;
(2) in context of detection, three kinds of detection modes are mainly passed through:1. by being contrasted to existing vulnerability scan;
2. by local POC verification modes;3. verified by way of external scanner;These three modes scan the leakage come
Hole can generate form;
(3) in terms of response, endanger and analyzed according to caused by leak is possible, propose corresponding solution, and it is right
Whether known leak proposes corresponding mending option, can be according to excellent on influenceing the patch of business and kernel and reminding
First level and time are repaired;
(4) in terms of prediction, newest threat information is accessed, the presence of sensed in advance leak, accomplishes that leak breaks out extensively
Before be on the defensive;
It is the process for continuing to carry out in terms of aforementioned four, is not disposably to work.
Preferably, in three kinds of scan modes that the context of detection uses, it is to own that software scans, which compare CVEDB,
All scanning is reported to service end to the software installed in rpm-base and debian-based linux servers with software kit,
The leak situation drawn is compared by software version of the server in CVEDB;For important leak, it is necessary to
Local POC checkings;Also some leaks are web ranks either cgi modes, so needing to enter from the mode of external scan
Row checking.
Preferably, the repairing in terms of the response for leak can be analyzed service impact, and determine this leakage
Whether hole needs to restart system or the service of restarting again after repairing or what need not do;Operation maintenance personnel can be according to the excellent of leak
First level carries out waiting and carries out leak repair, and reparation order can be drawn according to product, and suggests according to repairing, and carries out
Certain operations after reparation, for example restart system or the service of restarting etc..
Preferably, utilizing newest threat intelligence technology in terms of the prediction, depositing for some leaks can be predicted in advance
By the framework of micro services, some unknown leaks can detected in advance by API Calls.
Beneficial effects of the present invention:Leak, which is managed, according to adaptive framework can include the complete period of leak,
Allow leak to cause less injury to corresponding user, pass through the corresponding skill for defending, detect, responding, predicting this four aspects
Art solves the problems, such as traditional Vulnerability Management.
(1) there are three kinds of modes to the detection mode of leak and comprehensive mode is verified;
(2) there are the means of lasting discovery leak;
(3) access now most leading threat intelligence technology it can be found that newest leak;
(4) repairing to patch has detailed suggestion, the problem of can knowing whether to influence business on line and restart;
(5) management carried out to the complete period of leak.
Brief description of the drawings
Describe the present invention in detail with reference to the accompanying drawings and detailed description;
Fig. 1 is the structural representation of the present invention;
Fig. 2 is the structural representation of three kinds of scan modes of the invention;
Fig. 3 is operational flowchart after leak of the present invention is repaired.
Embodiment
To be easy to understand the technical means, the inventive features, the objects and the advantages of the present invention, with reference to
Embodiment, the present invention is expanded on further.
Reference picture 1-3, present embodiment use following technical scheme:Vulnerability Management side based on adaptive framework
Method, it is leaked by possessing the adaptive framework of defence, detection, the continual analysis of four kinds of abilities of response and prediction and monitoring to software
Hole is managed:(1) in terms of defence, known leak can be accomplished to prevent to perform;
(2) in context of detection, three kinds of detection modes are mainly passed through:1. by being contrasted to existing vulnerability scan;
2. by local POC verification modes;3. verified by way of external scanner;These three modes scan the leakage come
Hole can generate form;
(3) in terms of response, endanger and analyzed according to caused by leak is possible, propose corresponding solution, and it is right
Whether known leak proposes corresponding mending option, can be according to excellent on influenceing the patch of business and kernel and reminding
First level and time are repaired;
(4) in terms of prediction, newest threat information is accessed, the presence of sensed in advance leak, accomplishes that leak breaks out extensively
Before be on the defensive;
It is the process for continuing to carry out in terms of aforementioned four, is not disposably to work.
It is worth noting that, the context of detection uses the scan mode of three kinds of original creation, depth can be carried out in all its bearings
Degree scanning, scan mode such as Fig. 2:(1) it is by all rpm-base and debian-based that software scans, which compare CVEDB,
All scanning is reported to service end to the software installed in linux servers with software kit, by software of the server in CVEDB
The leak situation drawn is compared in version;
(2) for important leak, it is necessary to be verified with the POC of local;
(3) it is web ranks either cgi mode to also have some leaks, so needing to carry out from the mode of external scan
Checking.
It is worth noting that, the repairing in terms of the response for leak can be analyzed service impact, and determine
Whether need to restart system or the service of restarting again after this leak reparation or what need not do, flow such as Fig. 3;Operation maintenance personnel can
Leak repair is carried out to carry out waiting according to the priority of leak, and reparation order can be drawn according to product, and root
Suggest according to repairing, the certain operations after being repaired, for example restart system or the service of restarting etc..
In addition, utilizing newest threat intelligence technology in terms of the prediction, the presence of some leaks can be predicted in advance, led to
The framework of micro services is crossed, some unknown leaks can be detected in advance by API Calls.
Present embodiment carries out software vulnerability management according to adaptive framework, and adaptive framework is that possess defence, inspection
The framework of survey, a kind of continual analysis of four kinds of abilities of response and prediction and monitoring, this Vulnerability Management method is by this four
A kind of scheme that aspect is managed to software vulnerability, compared to the Vulnerability-scanning technology of in the market, this method has following excellent
Point:Have three kinds of modes to the detection mode of leak and comprehensive mode verified, the means that have lasting discovery leak, access it is existing
In most leading threat intelligence technology it can be found that newest leak, the repairing to patch have detailed suggestion, can learn is
Business and the management carried out the problem of restart, to complete period of leak on no influence line.
Present embodiment uses this framework in terms of vulnerability scanning, more efficiently and more accurate than other method
Ground positions leak, and the suggestion to operation maintenance personnel patching bugs more has operability, the reparation leakage that guiding user can be promptly and accurately
Hole, and also walked in the processing of unknown leak and in the forward position in epoch, make use of newest threat intelligence technology, and by real
Stage and dummy run phase are tested, is proved in client's actual environment authentic and valid, there is wide market application foreground.
The general principle and principal character and advantages of the present invention of the present invention has been shown and described above.The technology of the industry
Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the simply explanation described in above-described embodiment and specification is originally
The principle of invention, without departing from the spirit and scope of the present invention, various changes and modifications of the present invention are possible, these changes
Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its
Equivalent thereof.
Claims (4)
1. the Vulnerability Management method based on adaptive framework, it is characterised in that it is by possessing defence, detection, response and prediction
The continual analysis of four kinds of abilities and the adaptive framework of monitoring are managed to software vulnerability:(1) in terms of defence, to known
Leak can be accomplished to prevent to perform;
(2) in context of detection, three kinds of detection modes are mainly passed through:1. by being contrasted to existing vulnerability scan;2. lead to
Cross to local POC verification modes;3. verified by way of external scanner;These three modes scan the leak meeting come
Generate form;
(3) in terms of response, endanger and analyzed according to caused by leak is possible, propose corresponding solution, and to known
Leak propose corresponding mending option, can be according to priority on whether influenceing the patch of business and kernel and reminding
Repaired with the time;
(4) in terms of prediction, access newest threat information, the presence of sensed in advance leak, accomplish that leak breaks out advance extensively
Row defence;
It is the process for continuing to carry out in terms of aforementioned four, is not disposably to work.
2. the Vulnerability Management method according to claim 1 based on adaptive framework, it is characterised in that the context of detection
In the three kinds of scan modes used, it is by all rpm-base and debian-based linux clothes that software scans, which compare CVEDB,
All scanning is reported to service end to the software installed in business device with software kit, is entered by software version of the server in CVEDB
Row compares the leak situation drawn;For important leak, it is necessary to be verified with the POC of local;Also some leaks are web
Rank either cgi mode, so needing to be verified from the mode of external scan.
3. the Vulnerability Management method according to claim 1 based on adaptive framework, it is characterised in that in terms of the response
In repairing for leak service impact can be analyzed, and determine whether to need after this leak reparation to restart system or again
The service of opening is again or what need not do;Operation maintenance personnel can carry out waiting according to the priority of leak and carry out leak repair,
And reparation order can be drawn according to product, and suggest according to repairing, the certain operations after being repaired, for example restart system
Or service of restarting etc..
4. the Vulnerability Management method according to claim 1 based on adaptive framework, it is characterised in that in terms of the prediction
Using newest threat intelligence technology, the presence of some leaks can be predicted in advance, by the framework of micro services, is adjusted by API
With can be detected in advance to some unknown leaks.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610687022.9A CN107766732A (en) | 2016-08-19 | 2016-08-19 | Vulnerability Management method based on adaptive framework |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610687022.9A CN107766732A (en) | 2016-08-19 | 2016-08-19 | Vulnerability Management method based on adaptive framework |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107766732A true CN107766732A (en) | 2018-03-06 |
Family
ID=61261609
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610687022.9A Pending CN107766732A (en) | 2016-08-19 | 2016-08-19 | Vulnerability Management method based on adaptive framework |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107766732A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
US20140090071A1 (en) * | 2012-09-21 | 2014-03-27 | University Of Limerick | Systems and Methods for Runtime Adaptive Security to Protect Variable Assets |
CN104836855A (en) * | 2015-04-30 | 2015-08-12 | 国网四川省电力公司电力科学研究院 | Web application safety situation assessment system based on multi-source data fusion |
CN106453386A (en) * | 2016-11-09 | 2017-02-22 | 深圳市魔方安全科技有限公司 | Automatic internet asset monitoring and risk detecting method based on distributed technology |
-
2016
- 2016-08-19 CN CN201610687022.9A patent/CN107766732A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
US20140090071A1 (en) * | 2012-09-21 | 2014-03-27 | University Of Limerick | Systems and Methods for Runtime Adaptive Security to Protect Variable Assets |
CN104836855A (en) * | 2015-04-30 | 2015-08-12 | 国网四川省电力公司电力科学研究院 | Web application safety situation assessment system based on multi-source data fusion |
CN106453386A (en) * | 2016-11-09 | 2017-02-22 | 深圳市魔方安全科技有限公司 | Automatic internet asset monitoring and risk detecting method based on distributed technology |
Non-Patent Citations (2)
Title |
---|
郝东林: "自适应安全与智慧安全", 《金融电子化》 * |
青藤智库: "Gartner:用自适应安全架构来应对高级定向攻击", 《CSDN,HTTPS://WWW.CSDN.NET/ARTICLE/2015-06-24/2825035》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104077531B (en) | System vulnerability appraisal procedure, device and system based on open vulnerability assessment language | |
CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
Fonseca et al. | Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks | |
Rathnayaka et al. | An efficient approach for advanced malware analysis using memory forensic technique | |
CN104301302B (en) | Go beyond one's commission attack detection method and device | |
CN106934274B (en) | Weak password detection method, device and system | |
US20160232351A1 (en) | Method and device for identifying computer virus variants | |
CN110266669A (en) | A kind of Java Web frame loophole attacks the method and system of general detection and positioning | |
CN107368417A (en) | A kind of bug excavation technical testing model and method of testing | |
CN112182588A (en) | Operating system vulnerability analysis and detection method and system based on threat intelligence | |
CN103699844B (en) | Safety protection system and method | |
CN101950338A (en) | Bug repair method based on hierarchical bug threat assessment | |
CN102104601A (en) | Web vulnerability scanning method and device based on infiltration technology | |
CN106611126A (en) | Loophole severity assessment and repair method | |
CN104462962B (en) | A kind of method for detecting unknown malicious code and binary vulnerability | |
CN104520871A (en) | Vulnerability vector information analysis | |
CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
CN110290114A (en) | A kind of loophole automation means of defence and system based on warning information | |
CN110929264A (en) | Vulnerability detection method and device, electronic equipment and readable storage medium | |
CN110232279A (en) | A kind of leak detection method and device | |
CN104468459B (en) | A kind of leak detection method and device | |
CN113392784A (en) | Application security detection task automatic arrangement method based on vulnerability fingerprint identification | |
CN115827610A (en) | Method and device for detecting effective load | |
CN111611590A (en) | Method and device for data security related to application program | |
CN109542778A (en) | A kind of method and device of resource leak detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180306 |