CN107766732A - Vulnerability Management method based on adaptive framework - Google Patents

Vulnerability Management method based on adaptive framework Download PDF

Info

Publication number
CN107766732A
CN107766732A CN201610687022.9A CN201610687022A CN107766732A CN 107766732 A CN107766732 A CN 107766732A CN 201610687022 A CN201610687022 A CN 201610687022A CN 107766732 A CN107766732 A CN 107766732A
Authority
CN
China
Prior art keywords
leak
vulnerability
terms
software
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610687022.9A
Other languages
Chinese (zh)
Inventor
程度
张福
董燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xin Sheng Network Technology Co Ltd
Original Assignee
Beijing Xin Sheng Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xin Sheng Network Technology Co Ltd filed Critical Beijing Xin Sheng Network Technology Co Ltd
Priority to CN201610687022.9A priority Critical patent/CN107766732A/en
Publication of CN107766732A publication Critical patent/CN107766732A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of Vulnerability Management method based on adaptive framework, it is related to technical field of software security.It is managed by possessing the adaptive framework of defence, detection, the continual analysis of four kinds of abilities of response and prediction and monitoring to software vulnerability:Defence mainly can be accomplished to prevent to perform to known leak;Detection is mainly verified being contrasted to existing vulnerability scan, to three kinds of modes by way of local POC verification modes, external scanner;Response according to leak may caused by endanger and is analyzed, corresponding solution is proposed, and to the corresponding mending option of known leak proposition, on whether influenceing the patch of business and kernel and reminding;Prediction:Newest threat information is accessed, sensed in advance leak is present, and accomplishes that leak is on the defensive before breaking out extensively.The present invention includes the leak complete period, and the complete period of leak is managed, more efficient to position leak exactly, allows leak to cause less injury to corresponding user.

Description

Vulnerability Management method based on adaptive framework
Technical field
The present invention relates to technical field of software security, and in particular to the Vulnerability Management method based on adaptive framework.
Background technology
Leak be in defect present on hardware, software, the specific implementation of agreement or System Security Policy, so as to so that Attacker can access or destroy system in the case of unauthorized.Software vulnerability is divided into two kinds according to the time:0day (zero day) Leak, it is that manufacturer does not issue the leak for repairing patch, and Nday is then the leak of manufacturer's issued patch, because the time, practising The reasons such as used, awareness of safety also have many people not have patch installing, and this also just hides a kind of danger:As security study person or love Good person, if having grasped the code that utilizes of 0day leaks in hand, vast majority of people still has consciousness not go to disclose this utilization Code, then this leak is also limited for the safety hazard of masses;But Nday is then entirely different, leak is repaired Afterwards, much it can be disclosed or analyze and, disclosed vulnerability exploit code or Application way can be found on the net, once repairing is not In time, although vulnerability exploit code at this moment is no longer secret leak as during 0day, becoming can make on a large scale Into the leak of injury.
Software vulnerability has a life cycle:It was found that-confirmation-utilization-defence-patch is, it is necessary to leak each cycle Feature is managed, rather than just scanning leak.Vulnerability-scanning technology commercially is primarily directed to existing leakage at present The leak result of acquisition is compared in hole database or POC databases:(1) comprehensive mode is lacked to the detection mode of leak Verified;(2) also lack the means for persistently finding leak, be all disposable behavior;(3) it is now most leading without access Threaten intelligence technology can not find newest leak;(4) the no detailed suggestion of repairing to patch, can not know whether to influence Business and the problem of kernel on line;(5) to the complete period not row management well of leak, only certain with a portion of Some are attempted.
In order to solve the above problems, a kind of new software vulnerability management method based on adaptive framework is designed still very It is necessary.
The content of the invention
In view of the shortcomings of the prior art, the present invention seeks to be to provide a kind of leak based on adaptive framework Management method, the complete period of leak can be included, the complete period of leak is managed, it is more efficient, position leak exactly, allow Leak causes less injury, use easy to spread to corresponding user.
To achieve these goals, the present invention is to realize by the following technical solutions:Leakage based on adaptive framework Hole management method, it is by possessing defence, detection, the continual analysis of four kinds of abilities of response and prediction and the adaptive framework of monitoring Software vulnerability is managed:(1) in terms of defence, known leak can be accomplished to prevent to perform;
(2) in context of detection, three kinds of detection modes are mainly passed through:1. by being contrasted to existing vulnerability scan; 2. by local POC verification modes;3. verified by way of external scanner;These three modes scan the leakage come Hole can generate form;
(3) in terms of response, endanger and analyzed according to caused by leak is possible, propose corresponding solution, and it is right Whether known leak proposes corresponding mending option, can be according to excellent on influenceing the patch of business and kernel and reminding First level and time are repaired;
(4) in terms of prediction, newest threat information is accessed, the presence of sensed in advance leak, accomplishes that leak breaks out extensively Before be on the defensive;
It is the process for continuing to carry out in terms of aforementioned four, is not disposably to work.
Preferably, in three kinds of scan modes that the context of detection uses, it is to own that software scans, which compare CVEDB, All scanning is reported to service end to the software installed in rpm-base and debian-based linux servers with software kit, The leak situation drawn is compared by software version of the server in CVEDB;For important leak, it is necessary to Local POC checkings;Also some leaks are web ranks either cgi modes, so needing to enter from the mode of external scan Row checking.
Preferably, the repairing in terms of the response for leak can be analyzed service impact, and determine this leakage Whether hole needs to restart system or the service of restarting again after repairing or what need not do;Operation maintenance personnel can be according to the excellent of leak First level carries out waiting and carries out leak repair, and reparation order can be drawn according to product, and suggests according to repairing, and carries out Certain operations after reparation, for example restart system or the service of restarting etc..
Preferably, utilizing newest threat intelligence technology in terms of the prediction, depositing for some leaks can be predicted in advance By the framework of micro services, some unknown leaks can detected in advance by API Calls.
Beneficial effects of the present invention:Leak, which is managed, according to adaptive framework can include the complete period of leak, Allow leak to cause less injury to corresponding user, pass through the corresponding skill for defending, detect, responding, predicting this four aspects Art solves the problems, such as traditional Vulnerability Management.
(1) there are three kinds of modes to the detection mode of leak and comprehensive mode is verified;
(2) there are the means of lasting discovery leak;
(3) access now most leading threat intelligence technology it can be found that newest leak;
(4) repairing to patch has detailed suggestion, the problem of can knowing whether to influence business on line and restart;
(5) management carried out to the complete period of leak.
Brief description of the drawings
Describe the present invention in detail with reference to the accompanying drawings and detailed description;
Fig. 1 is the structural representation of the present invention;
Fig. 2 is the structural representation of three kinds of scan modes of the invention;
Fig. 3 is operational flowchart after leak of the present invention is repaired.
Embodiment
To be easy to understand the technical means, the inventive features, the objects and the advantages of the present invention, with reference to Embodiment, the present invention is expanded on further.
Reference picture 1-3, present embodiment use following technical scheme:Vulnerability Management side based on adaptive framework Method, it is leaked by possessing the adaptive framework of defence, detection, the continual analysis of four kinds of abilities of response and prediction and monitoring to software Hole is managed:(1) in terms of defence, known leak can be accomplished to prevent to perform;
(2) in context of detection, three kinds of detection modes are mainly passed through:1. by being contrasted to existing vulnerability scan; 2. by local POC verification modes;3. verified by way of external scanner;These three modes scan the leakage come Hole can generate form;
(3) in terms of response, endanger and analyzed according to caused by leak is possible, propose corresponding solution, and it is right Whether known leak proposes corresponding mending option, can be according to excellent on influenceing the patch of business and kernel and reminding First level and time are repaired;
(4) in terms of prediction, newest threat information is accessed, the presence of sensed in advance leak, accomplishes that leak breaks out extensively Before be on the defensive;
It is the process for continuing to carry out in terms of aforementioned four, is not disposably to work.
It is worth noting that, the context of detection uses the scan mode of three kinds of original creation, depth can be carried out in all its bearings Degree scanning, scan mode such as Fig. 2:(1) it is by all rpm-base and debian-based that software scans, which compare CVEDB, All scanning is reported to service end to the software installed in linux servers with software kit, by software of the server in CVEDB The leak situation drawn is compared in version;
(2) for important leak, it is necessary to be verified with the POC of local;
(3) it is web ranks either cgi mode to also have some leaks, so needing to carry out from the mode of external scan Checking.
It is worth noting that, the repairing in terms of the response for leak can be analyzed service impact, and determine Whether need to restart system or the service of restarting again after this leak reparation or what need not do, flow such as Fig. 3;Operation maintenance personnel can Leak repair is carried out to carry out waiting according to the priority of leak, and reparation order can be drawn according to product, and root Suggest according to repairing, the certain operations after being repaired, for example restart system or the service of restarting etc..
In addition, utilizing newest threat intelligence technology in terms of the prediction, the presence of some leaks can be predicted in advance, led to The framework of micro services is crossed, some unknown leaks can be detected in advance by API Calls.
Present embodiment carries out software vulnerability management according to adaptive framework, and adaptive framework is that possess defence, inspection The framework of survey, a kind of continual analysis of four kinds of abilities of response and prediction and monitoring, this Vulnerability Management method is by this four A kind of scheme that aspect is managed to software vulnerability, compared to the Vulnerability-scanning technology of in the market, this method has following excellent Point:Have three kinds of modes to the detection mode of leak and comprehensive mode verified, the means that have lasting discovery leak, access it is existing In most leading threat intelligence technology it can be found that newest leak, the repairing to patch have detailed suggestion, can learn is Business and the management carried out the problem of restart, to complete period of leak on no influence line.
Present embodiment uses this framework in terms of vulnerability scanning, more efficiently and more accurate than other method Ground positions leak, and the suggestion to operation maintenance personnel patching bugs more has operability, the reparation leakage that guiding user can be promptly and accurately Hole, and also walked in the processing of unknown leak and in the forward position in epoch, make use of newest threat intelligence technology, and by real Stage and dummy run phase are tested, is proved in client's actual environment authentic and valid, there is wide market application foreground.
The general principle and principal character and advantages of the present invention of the present invention has been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the simply explanation described in above-described embodiment and specification is originally The principle of invention, without departing from the spirit and scope of the present invention, various changes and modifications of the present invention are possible, these changes Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its Equivalent thereof.

Claims (4)

1. the Vulnerability Management method based on adaptive framework, it is characterised in that it is by possessing defence, detection, response and prediction The continual analysis of four kinds of abilities and the adaptive framework of monitoring are managed to software vulnerability:(1) in terms of defence, to known Leak can be accomplished to prevent to perform;
(2) in context of detection, three kinds of detection modes are mainly passed through:1. by being contrasted to existing vulnerability scan;2. lead to Cross to local POC verification modes;3. verified by way of external scanner;These three modes scan the leak meeting come Generate form;
(3) in terms of response, endanger and analyzed according to caused by leak is possible, propose corresponding solution, and to known Leak propose corresponding mending option, can be according to priority on whether influenceing the patch of business and kernel and reminding Repaired with the time;
(4) in terms of prediction, access newest threat information, the presence of sensed in advance leak, accomplish that leak breaks out advance extensively Row defence;
It is the process for continuing to carry out in terms of aforementioned four, is not disposably to work.
2. the Vulnerability Management method according to claim 1 based on adaptive framework, it is characterised in that the context of detection In the three kinds of scan modes used, it is by all rpm-base and debian-based linux clothes that software scans, which compare CVEDB, All scanning is reported to service end to the software installed in business device with software kit, is entered by software version of the server in CVEDB Row compares the leak situation drawn;For important leak, it is necessary to be verified with the POC of local;Also some leaks are web Rank either cgi mode, so needing to be verified from the mode of external scan.
3. the Vulnerability Management method according to claim 1 based on adaptive framework, it is characterised in that in terms of the response In repairing for leak service impact can be analyzed, and determine whether to need after this leak reparation to restart system or again The service of opening is again or what need not do;Operation maintenance personnel can carry out waiting according to the priority of leak and carry out leak repair, And reparation order can be drawn according to product, and suggest according to repairing, the certain operations after being repaired, for example restart system Or service of restarting etc..
4. the Vulnerability Management method according to claim 1 based on adaptive framework, it is characterised in that in terms of the prediction Using newest threat intelligence technology, the presence of some leaks can be predicted in advance, by the framework of micro services, is adjusted by API With can be detected in advance to some unknown leaks.
CN201610687022.9A 2016-08-19 2016-08-19 Vulnerability Management method based on adaptive framework Pending CN107766732A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610687022.9A CN107766732A (en) 2016-08-19 2016-08-19 Vulnerability Management method based on adaptive framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610687022.9A CN107766732A (en) 2016-08-19 2016-08-19 Vulnerability Management method based on adaptive framework

Publications (1)

Publication Number Publication Date
CN107766732A true CN107766732A (en) 2018-03-06

Family

ID=61261609

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610687022.9A Pending CN107766732A (en) 2016-08-19 2016-08-19 Vulnerability Management method based on adaptive framework

Country Status (1)

Country Link
CN (1) CN107766732A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
US20140090071A1 (en) * 2012-09-21 2014-03-27 University Of Limerick Systems and Methods for Runtime Adaptive Security to Protect Variable Assets
CN104836855A (en) * 2015-04-30 2015-08-12 国网四川省电力公司电力科学研究院 Web application safety situation assessment system based on multi-source data fusion
CN106453386A (en) * 2016-11-09 2017-02-22 深圳市魔方安全科技有限公司 Automatic internet asset monitoring and risk detecting method based on distributed technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
US20140090071A1 (en) * 2012-09-21 2014-03-27 University Of Limerick Systems and Methods for Runtime Adaptive Security to Protect Variable Assets
CN104836855A (en) * 2015-04-30 2015-08-12 国网四川省电力公司电力科学研究院 Web application safety situation assessment system based on multi-source data fusion
CN106453386A (en) * 2016-11-09 2017-02-22 深圳市魔方安全科技有限公司 Automatic internet asset monitoring and risk detecting method based on distributed technology

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
郝东林: "自适应安全与智慧安全", 《金融电子化》 *
青藤智库: "Gartner:用自适应安全架构来应对高级定向攻击", 《CSDN,HTTPS://WWW.CSDN.NET/ARTICLE/2015-06-24/2825035》 *

Similar Documents

Publication Publication Date Title
CN104077531B (en) System vulnerability appraisal procedure, device and system based on open vulnerability assessment language
CN104767757B (en) Various dimensions safety monitoring method and system based on WEB service
Fonseca et al. Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks
Rathnayaka et al. An efficient approach for advanced malware analysis using memory forensic technique
CN104301302B (en) Go beyond one's commission attack detection method and device
CN106934274B (en) Weak password detection method, device and system
US20160232351A1 (en) Method and device for identifying computer virus variants
CN110266669A (en) A kind of Java Web frame loophole attacks the method and system of general detection and positioning
CN107368417A (en) A kind of bug excavation technical testing model and method of testing
CN112182588A (en) Operating system vulnerability analysis and detection method and system based on threat intelligence
CN103699844B (en) Safety protection system and method
CN101950338A (en) Bug repair method based on hierarchical bug threat assessment
CN102104601A (en) Web vulnerability scanning method and device based on infiltration technology
CN106611126A (en) Loophole severity assessment and repair method
CN104462962B (en) A kind of method for detecting unknown malicious code and binary vulnerability
CN104520871A (en) Vulnerability vector information analysis
CN113158197B (en) SQL injection vulnerability detection method and system based on active IAST
CN110290114A (en) A kind of loophole automation means of defence and system based on warning information
CN110929264A (en) Vulnerability detection method and device, electronic equipment and readable storage medium
CN110232279A (en) A kind of leak detection method and device
CN104468459B (en) A kind of leak detection method and device
CN113392784A (en) Application security detection task automatic arrangement method based on vulnerability fingerprint identification
CN115827610A (en) Method and device for detecting effective load
CN111611590A (en) Method and device for data security related to application program
CN109542778A (en) A kind of method and device of resource leak detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180306