CN110347700A - Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing - Google Patents
Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN110347700A CN110347700A CN201910575795.1A CN201910575795A CN110347700A CN 110347700 A CN110347700 A CN 110347700A CN 201910575795 A CN201910575795 A CN 201910575795A CN 110347700 A CN110347700 A CN 110347700A
- Authority
- CN
- China
- Prior art keywords
- detected
- assets
- loophole
- version
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing, this method comprises: extracting the assets information in each assets loophole record in static vulnerability database, form first set;First set includes the alphabet of the assets information in corresponding assets loophole record;The assets information of assets to be detected is extracted, the first set to be detected is formed;First set to be detected includes the alphabet of the assets information of assets to be detected;Each first set is successively compared with the first set to be detected, and is gathered the first set comprising the first set to be detected as the first centre;It extracts assets loophole corresponding with set among first in static vulnerability database to record, obtains the loophole matching result of assets to be detected.By implementing the invention, it can be realized the extraction to the assets loophole record that assets information in vulnerability database is identical with the assets information of assets to be detected and is substantially the same, improve the comprehensive of the Hole Detection of assets to be detected.
Description
Technical field
The present invention relates to industrial information security technology area more particularly to a kind of static vulnerability database matching process, device,
Electronic equipment and readable storage medium storing program for executing.
Background technique
The technical of industrial control system development in China is more rapid, and industrial production also gradually develops from traditional manual patrol inspection
For the industrial control system of automation, industrial control system is widely applied to petroleum and petrochemical industry, hydraulic and electric engineering, food processing and dirt
The every field such as water process.Meanwhile industrial expansion brings the extensive use of industrial equipment, the work of access industrial control system
Industry number of devices sharply increases.According to the characteristic of industrial equipment, producer and model very complicated, miscellaneous equipment safety leakage
Hole is also more and more, brings biggish potential threat to industrial system.Based on the above issues, industrial equipment Safety Industry is continuous
The vulnerability information of development, all types of industries control system or equipment is issued by the collect of some professions and is put down in relevant information
Platform, and by the known bugs library of study and accumulation is scanned to equipment and control system is controlled in industrial control network
Matching the method to detect known bugs becomes the common method of current industrial control system known bugs inspection.
Currently, generally by by the assets information of the measurement equipment to be detected (assets i.e. to be detected) of access industrial control system
It is compared with the assets information in each assets loophole record in known leakage copper library, and in the assets information of assets to be detected
When matching with the assets information in assets loophole record, using the vulnerability information in assets loophole record as assets to be detected
The mode of vulnerability information realizes the inspection to industrial control system known bugs.But due to record habit or record regulation
Difference, the reasons such as error, belong to the assets information of same assets by different mechanism (known bugs libraries even in recording process
In assets loophole record recording mechanism and assets to be detected assets information recording mechanism) record after result may
There can be difference to a certain extent, cause may substantially belong to the assets of same assets when carrying out information matches
Regard as different assets, so as to cause by the matched mode of assets information to assets to be detected carry out Hole Detection when,
The assets loophole record for belonging to assets to be detected possibly can not be matched out, and the known bugs detection of assets to be detected is not comprehensive.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of static vulnerability database matching process, device, electronic equipments and readable
Storage medium, to solve the problems, such as that existing static vulnerability database matching method matches are incomplete.
According in a first aspect, including the following steps: to mention the embodiment of the invention provides a kind of static vulnerability database matching process
The assets information in each assets loophole record in static vulnerability database is taken, first set is formed;First set includes corresponding
The alphabet of assets information in assets loophole record;The assets information of assets to be detected is extracted, the first collection to be detected is formed
It closes;First set to be detected includes the alphabet of the assets information of assets to be detected;By each first set successively with first
Set to be detected is compared, and is gathered the first set comprising the first set to be detected as the first centre;It extracts static
Assets loophole corresponding with set among first records in vulnerability database, obtains the loophole matching result of assets to be detected.
It include the first set of the alphabet of the assets information in assets loophole record by formation, and including to be checked
The first set to be detected for surveying the alphabet of the assets information of assets is realized in a manner of character set and is remembered to assets loophole
The extraction of all information content of the assets information of record and assets to be detected;By will include the first set to be detected first
Set is extracted assets loophole corresponding with set among first and is recorded as the first centre set, obtains assets to be detected
Loophole matching result, realize it is identical with the assets information of assets to be detected to assets information in static vulnerability database, and
With the assets information of assets to be detected be substantially the same (than assets to be detected assets information more than one or more character) money
Produce loophole record extraction, can reduce due to the assets information for belonging to same assets with assets to be detected be registered as with it is to be checked
The assets information for surveying assets is caused the reason of there are certain different information in character level, belongs in static vulnerability database
A possibility that the problem of part assets loophole record of assets to be detected can not be matched out generates, improves assets to be detected
Hole Detection it is comprehensive.
With reference to first aspect, in first aspect first embodiment, static vulnerability database matching process further include: extract leakage
The assets feature information in each assets loophole record in the matching result of hole, forms second set;Second set includes corresponding to
Assets loophole record in assets feature information alphabet;It extracts the assets feature information of assets to be detected, forms the
Two set to be detected;Second set to be detected includes the alphabet of the assets feature information of assets to be detected;It successively calculates each
The similarity of a second set and the second set to be detected, and similarity is reached into the second set of predetermined matching degree as assets
Loophole set;The corresponding assets loophole record of withdrawal of assets loophole set, obtains the Hole Detection result of assets to be detected.
Since there is only the assets informations for belonging to same assets with assets to be detected to be registered as and assets to be detected
There is the case where certain different information in assets information, exist there is also the assets information with assets to be detected in character level
There are certain different assets informations in character level, corresponding assets are the feelings of different assets from assets to be detected
Therefore condition may pass through and be formed comprising some assets loophole records for being not belonging to assets to be detected in loophole matching result
The second set of alphabet including the assets feature information in the assets loophole record in corresponding loophole matching result, with
And the second set to be detected of the alphabet of the assets feature information including assets to be detected, it is realized in a manner of character set
To all information content of the assets feature information of the assets loophole record in loophole matching result and assets to be detected
It extracts;By successively calculating the similarity of each second set Yu the second set to be detected, and extracts similarity and reach predetermined
The corresponding assets loophole record of second set (assets loophole set) with degree, obtain the Hole Detection of assets to be detected as a result,
Can be realized and choosing deleted to the assets loophole record in loophole matching result, in removal loophole matching result with assets to be detected
The biggish part of a possibility that assets feature information gap is larger, is not belonging to the assets loophole record of assets to be detected, so as to
It is enough guarantee the Hole Detection result of assets to be detected it is comprehensive on the basis of, further increase the accuracy of testing result.
First embodiment with reference to first aspect successively calculates each second collection in first aspect second embodiment
The similarity with the second set to be detected is closed, and similarity is reached into the second set of predetermined matching degree as assets loophole set
The step of, comprising: successively calculate the actual range between each second set and the second set to be detected;Actual range is to make the
The two corresponding character strings of set with second it is to be detected gather corresponding character string it is equal when minimal step number;It successively calculates each
Maximum distance between second set and the second set to be detected;Maximum distance be the corresponding character string of second set length and
The larger value in second length to be detected for gathering corresponding character string;The difference between actual range and maximum distance is calculated,
Relative to the ratio of maximum distance, similarity is obtained;Similarity is reached into the second set of predetermined matching degree as assets loophole
Set.
First embodiment or first aspect second embodiment with reference to first aspect, in first aspect third embodiment party
In formula, assets feature information includes trade name, product type and product version, and second set includes in assets loophole record
The alphabet of trade name, product type and product version, second it is to be detected set include assets to be detected trade name,
The alphabet of product type and product version.
With reference to first aspect or first aspect first embodiment, in the 4th embodiment of first aspect, assets letter
Breath includes trade name, product type and product version, and first set includes the first name set, the first model set and first
Version set, the first set to be detected include that the first name set to be detected, the first model set to be detected and first are to be detected
Version set;Each first set is successively compared with the first set to be detected, and the first set to be detected will be included
First set is as among first the step of set, comprising: by each first name set successively with the first title collection to be detected
Conjunction is compared, and using the first name set comprising the first name set to be detected as the first intermediate name set;It will be each
A first model set is successively compared with the first model set to be detected, and by comprising the first model set to be detected
One model set is as the first intermediate model set;Each first version set is successively carried out with the first version set to be detected
Compare, and using the first version set comprising the first version set to be detected as the first intermediate releases set;Collection among first
Close includes the first intermediate name set, the first intermediate model set and the first intermediate releases set.
By the way that assets information to be set as including trade name, product type and product version, and it is correspondingly formed first place
Claim set, the first model set, first version set, the first name set to be detected, the first model set to be detected and first
Version set to be detected, to form the first intermediate name set, the first intermediate model set and the after gathering relatively
One intermediate releases set, so that finally obtained loophole matching result includes the corresponding assets loophole note of the first intermediate name set
Record, the corresponding assets loophole record of the first intermediate model set and the corresponding assets loophole record three of the first intermediate releases set
Part further improves the comprehensive of the Hole Detection of assets to be detected.
With reference to first aspect or first aspect first embodiment, in the 5th embodiment of first aspect, assets letter
Breath includes OS name and operating system version, and first set includes the first system name set and the first system version sets
It closes, the first set to be detected includes the first systematic name set to be detected and the first system version set to be detected;By each
One set is successively compared with the first set to be detected, and using the first set comprising the first set to be detected as in first
Between the step of gathering, comprising: each the first system name set is successively compared with the first systematic name set to be detected,
And using the first system name set comprising the first systematic name set to be detected as the first intermediate system name set;It will be each
A the first system version set is successively compared with the first system version set to be detected, and will include the first examining system to be checked
The first system version sets cooperation of version set is the first intermediate system version set;Set includes system among first among first
System name set and the first intermediate system version set.
By the way that assets information to be set as including OS name and operating system version, and it is correspondingly formed the first system
Name set, the first system version set, the first systematic name set to be detected and the first system version set to be detected, thus
The first intermediate system name set and the first intermediate system version set are formed after gathering relatively, so that finally obtained
Loophole matching result further comprises the corresponding assets loophole record of the first intermediate system name set and the first intermediate system
The corresponding assets loophole record of version set, further improves the comprehensive of the Hole Detection of assets to be detected.
5th embodiment with reference to first aspect is extracted in static vulnerability database in six embodiment of first aspect with the
The step of gathering corresponding assets loophole record among one, obtaining the loophole matching result of assets to be detected, comprising: extract to be checked
Survey the operating system patch number of assets;It extracts assets loophole corresponding with set among first in static vulnerability database to record, and mistake
Wherein identical assets loophole records operating system patch number with the operating system patch number of assets to be detected for filter, obtains to be detected
The loophole matching result of assets.
Since the operating system when assets to be detected has operating system patch number, and the operating system patch number and a money
When operating system patch number in production loophole record is identical, then it represents that assets to be detected have been completed repairing for corresponding loophole
It is multiple, therefore, among filtering first gather the operation of operating system patch number and assets to be detected in corresponding assets loophole record
The identical assets loophole record of system mend number, obtains the loophole matching result of assets to be detected, can reject loophole matching knot
The assets loophole record being repaired in fruit, improves the Hole Detection accuracy of assets to be detected.
With reference to first aspect or first aspect first embodiment, in the 7th embodiment of first aspect, assets letter
Breath include dbase and software version, first set include the first dbase set and the first software version set, first
Set to be detected includes the first dbase set to be detected and the first software version set to be detected;By each first set according to
It is secondary to be compared with the first set to be detected, and the first set comprising the first set to be detected is gathered as the first centre
Step, comprising: each first dbase set is successively compared with the first dbase set to be detected, and will include
First dbase set of the first dbase set to be detected is as the first middleware software name set;It is soft by each first
Part version set is successively compared with the first software version set to be detected, and will include the first software version set to be detected
The first software version set as the first middleware software version set;Set includes the first middleware software title collection among first
Conjunction and the first middleware software version set.
By the way that assets information to be set as including dbase and software version, and it is correspondingly formed the first dbase collection
Conjunction, the first software version set, the first dbase set to be detected and the first software version set to be detected, thus by collection
The first middleware software name set and the first middleware software version set are formed after composition and division in a proportion, so that finally obtained loophole
It further comprise the corresponding assets loophole record of the first middleware software name set and the first middleware software version sets with result
Corresponding assets loophole record is closed, the comprehensive of the Hole Detection of assets to be detected is further improved.
According to second aspect, the embodiment of the invention provides a kind of static vulnerability database coalignments, comprising: the first information mentions
Modulus block forms first set for extracting the assets information in the record of each assets loophole in static vulnerability database;First collection
Close the alphabet including the assets information in corresponding assets loophole record;Second information extraction modules, it is to be checked for extracting
The assets information of assets is surveyed, the first set to be detected is formed;First set to be detected includes the assets information of assets to be detected
Alphabet;Information comparison module and will include for each first set to be successively compared with the first set to be detected
The first set of first set to be detected is as the first centre set;Third information extraction modules, for extracting static vulnerability database
In with set corresponding assets loophole record among first, obtain the loophole matching result of assets to be detected.
According to the third aspect, the embodiment of the invention provides a kind of electronic equipment, comprising: memory and processor, it is described
Connection is communicated with each other between memory and the processor, computer instruction is stored in the memory, and the processor is logical
It crosses and executes the computer instruction, thereby executing quiet described in any one of first aspect or first aspect embodiment
State vulnerability database matching process.
It is described computer-readable the embodiment of the invention provides a kind of computer readable storage medium according to fourth aspect
Storage medium stores computer instruction, and the computer instruction is for making the computer execute first aspect or first aspect
Any one embodiment described in static vulnerability database matching process.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of a kind of method flow diagram of static vulnerability database matching process provided in an embodiment of the present invention;
Fig. 2 is a kind of specific embodiment flow chart of step S107 in Fig. 1;
Fig. 3 is a kind of specific embodiment flow chart of step S103 in Fig. 1;
Fig. 4 is another specific embodiment flow chart of step S103 in Fig. 1;
Fig. 5 is a kind of another method flow diagram of static vulnerability database matching process provided in an embodiment of the present invention;
Fig. 6 is a kind of functional block diagram of static vulnerability database coalignment provided in an embodiment of the present invention;
Fig. 7 is the hardware structural diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those skilled in the art are not having
Every other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that term " first ", " second ", " third " are used for description purposes only,
It is not understood to indicate or imply relative importance.
It should be noted that static state vulnerability database matching process provided in an embodiment of the present invention, can be applied to assets control
In system, access has multiple assets in the assets control system.Specifically, when being accessed new assets in assets control system
When (assets to be detected), then by industry internet radar (ISAS) the scanning discovery assets in the assets control system, and
The assets information of the assets is obtained, or in such a way that the administrator of assets control system adds assets manually, obtains the money
The assets information of production;Then, the assets information in each assets loophole record in known static vulnerability database is obtained, and is based on
The assets information of assets information and assets to be detected in assets loophole record, obtains the loophole matching result of assets to be detected.
Embodiment 1
Fig. 1 shows the flow chart of the static vulnerability database matching process of the embodiment of the present invention, as shown in Figure 1, this method can
To include the following steps:
S101: the assets information in each assets loophole record in static vulnerability database is extracted, first set is formed.At this
In, first set includes the alphabet of the assets information in corresponding assets loophole record.
Herein, the information recorded in each assets loophole record may include trade name, product type, product version
The assets informations such as sheet, OS name, operating system version, operating system patch number, dbase, software version, furthermore
Also record has corresponding vulnerability information in assets loophole record.Herein, the assets information in the assets loophole record of extraction is
At least one of above-mentioned assets information.
Herein, when the assets information of extraction is a kind of, assets information in assets loophole record corresponding the
One collection is combined into a set;When the assets information of extraction is a variety of, the assets information in an assets loophole record is corresponding
First set is one group of set, for example, when the assets information of extraction includes trade name, product type and product version, phase
Ying Di, first set include the first name set, the first model set and first version set.
Herein, first set can also be set to only including removing in the assets information in corresponding assets loophole record
Alphabet other than spcial character, that is, first set includes in assets information in corresponding assets loopholes record
English, Chinese and numerical character.
S102: extracting the assets information of assets to be detected, forms the first set to be detected.Herein, the first collection to be detected
Close the alphabet of the assets information including assets to be detected.
Herein, similarly, the assets information of assets to be detected includes trade name, product type, product version, operation
Systematic name, operating system version, operating system patch number, dbase, software version etc., specifically, extract herein to
The assets information detected in the assets loophole record extracted in the assets information and above-mentioned steps S101 of assets is corresponding.At this
In, when the assets information of extraction is a kind of, corresponding first collection to be detected of the assets information of assets to be detected is combined into a set;
When the assets information of extraction is a variety of, corresponding first collection to be detected of the assets information of assets to be detected is combined into one group of set.
It uses the example above, when the assets information in the assets loophole record of extraction includes trade name, product type and product
When version, the assets information of the assets to be detected of extraction equally includes trade name, product type and product version, accordingly,
First set to be detected includes the first name set, the first model set to be detected and the first version set to be detected to be detected.
Herein, when first set is arranged to only include in the assets information in corresponding assets loophole record in addition to spy
When alphabet other than different character, the first set to be detected is also only in the assets information including assets to be detected in addition to special word
Alphabet other than symbol.
S103: each first set is successively compared with the first set to be detected, and will include the first collection to be detected
The first set of conjunction is as the first centre set.
Herein, first set includes that the first set to be detected refers to that all characters in the first set to be detected belong to
In first set.
Herein, when first set and the first set to be detected include one group of set, then compare first set one by one
Corresponding set in the first set to be detected, uses the example above, when first set includes the first name set, the first model collection
It closes and first version set, the first set to be detected includes the first name set to be detected, the first model set to be detected and the
One version set to be detected then needs to compare the first name set and the first name set to be detected, and will be to be checked comprising first
The first name set of name set is surveyed as the first intermediate name set;Compare the first model set and the first model to be detected
Set, and using the first model set comprising the first model set to be detected as the first intermediate model set;Compare the first edition
This set and the first version set to be detected, and using the first version set comprising the first version set to be detected as in first
Between version set.
S104: it extracts assets loophole corresponding with set among first in static vulnerability database and records, obtain assets to be detected
Loophole matching result.
Herein, when first set and the first set to be detected include one group of set, correspondingly, collection among first
Closing also is one group of set, then when extracting in static vulnerability database with the first centre set corresponding assets loophole record, needs successively
Extract the corresponding assets loophole record of each set among first in set.It uses the example above, set includes the among first
When one intermediate name set, the first intermediate model set and the first intermediate releases set, then need successively to extract among first
Name set corresponding assets loophole record, the corresponding assets loophole record of the first intermediate model set and the first intermediate releases
Gather corresponding assets loophole record, finally obtains the loophole matching result of assets to be detected.
In embodiments of the present invention, by forming first of the alphabet including the assets information in assets loophole record
Set, and the assets information including assets to be detected alphabet the first set to be detected, in a manner of character set
Realize the extraction of all information content of the assets information to assets loophole record and assets to be detected;By that will include
The first set of one set to be detected is extracted assets loophole corresponding with set among first and is remembered as the first centre set
Record, obtains the loophole matching result of assets to be detected, realizes the money to assets information and assets to be detected in static vulnerability database
Produce that information is identical, and with the assets informations of assets to be detected be substantially the same (than assets to be detected assets information more than one
A or multiple characters) assets loophole record extraction, the money due to belonging to same assets with assets to be detected can be reduced
Information is produced to be registered as leading the reason of there are certain different information in character level from the assets information of assets to be detected
It causes, the possibility that part assets loophole record the problem of can not being matched out of assets to be detected generates is belonged in static vulnerability database
Property, improve the comprehensive of the Hole Detection of assets to be detected.
As a kind of optional embodiment of the embodiment of the present invention, as shown in Figure 1, static vulnerability database matching process can be with
Include the following steps:
S105: the assets feature information in each assets loophole record in loophole matching result is extracted, the second collection is formed
It closes.Herein, second set includes the alphabet of the assets feature information in corresponding assets loophole record.
Herein, the assets feature information in assets loophole record refers to, the assets information recorded in assets loophole record
(may include trade name, product type, product version, OS name, operating system version, operating system patch number,
Dbase and software version etc.) in, an assets can be different to the information of another assets, specifically, the assets are special
Reference breath may include trade name, product type and product version.
Herein, it should be noted that different from first set, no matter assets feature information includes several in assets information
Information is planted, the second set that the assets feature information in an assets loophole record is formed is a set, it uses the example above, when
When assets feature information includes trade name, product type and product version, second set be include trade name, product type
And a set of the alphabet in product version, that is, second set is equivalent to the first title collection in step S101
Conjunction, the first model set and first version union of sets collection.
S106: extracting the assets feature information of assets to be detected, forms the second set to be detected.Herein, second is to be checked
Survey the alphabet that set includes the assets feature information of assets to be detected.
Herein, the assets loophole extracted in the assets feature information of the assets to be detected of extraction and above-mentioned steps S105 is remembered
Assets feature information in record is corresponding, specifically, the assets feature letter in the assets loophole record extracted in step S105
When breath includes trade name, product type and product version, correspondingly, the assets feature for the assets to be detected extracted herein is believed
Breath also includes trade name, product type and the product version of assets to be detected.Similarly, no matter assets feature information includes
Several information in assets information, the second set to be detected that the assets feature information of an assets to be detected is formed is one
Set.
S107: the similarity of each second set Yu the second set to be detected is successively calculated, and similarity is reached predetermined
The second set of matching degree is as assets loophole set.
Herein, can by calculating the quantity of identical character in second set and the second set to be detected, relative to
The mode of the ratio of the number of characters of the more set of number of characters in second set and the second set to be detected, obtain second set with
The similarity of second set to be detected;Alternatively, making the corresponding character string of second set and the second set pair to be detected by calculating
Minimal step number when the character string answered is equal, then obtain the length and the second set to be detected of the corresponding character string of second set
The larger value in the length of corresponding character string, and calculate the side of ratio of the above-mentioned minimal step number relative to above-mentioned maximum value
Formula obtains the similarity of second set Yu the second set to be detected.
Herein, predetermined matching degree can be any value in section (0,1), and specific value can be according to actually answering
It is configured with the needs of scene, specifically, for the accuracy of the Hole Detection result of the assets to be detected improved, in advance
Determining matching degree can be any value in section (0.5,1), e.g., 0.7,0.8 or 0.9 etc..
S108: the corresponding assets loophole record of withdrawal of assets loophole set obtains the Hole Detection result of assets to be detected.
Since there is only the assets informations for belonging to same assets with assets to be detected to be registered as and assets to be detected
There is the case where certain different information in assets information, exist there is also the assets information with assets to be detected in character level
There are certain different assets informations in character level, corresponding assets are the feelings of different assets from assets to be detected
Therefore condition may include some assets loophole records for being not belonging to assets to be detected in loophole matching result.Of the invention real
It applies in example, by forming whole words including the assets feature information in the assets loophole record in corresponding loophole matching result
The second set of symbol, and the assets feature information including assets to be detected alphabet the second set to be detected, with word
The mode of symbol set realizes the assets feature information to the assets loophole record in loophole matching result and assets to be detected
All information content extraction;By successively calculating the similarity of each second set Yu the second set to be detected, and extract
Similarity reaches the corresponding assets loophole record of second set (assets loophole set) of predetermined matching degree, obtains assets to be detected
Hole Detection choosing deleted to the assets loophole record in loophole matching result as a result, it is possible to realize, removal loophole matching result
In it is larger with the assets feature information gap of assets to be detected, be not belonging to assets to be detected assets loophole record a possibility that compared with
Big part, so as to guarantee the Hole Detection result of assets to be detected it is comprehensive on the basis of, further increase inspection
Survey the accuracy of result.
As a kind of optional embodiment of the present embodiment, as shown in Fig. 2, step S107 may include steps of:
S201: the actual range between each second set and the second set to be detected is successively calculated.Herein, it is practical away from
Minimal step number when to keep the corresponding character string of second set equal with the second corresponding character string of set to be detected.
It is assumed herein that the corresponding character string of second set is LAI, the second corresponding character string of set to be detected is AI,
Following algorithm then can be used and calculate above-mentioned minimal step number:
It should be noted that above-mentioned realization algorithm is only for convenience those skilled in the art understand that the technology of the embodiment of the present invention
The specific example that scheme is lifted should not constitute any restrictions to the embodiment of the present invention.
S202: the maximum distance between each second set and the second set to be detected is successively calculated.Herein, it is maximum away from
From the larger value in the length and the second length to be detected for gathering corresponding character string for the corresponding character string of second set.
Herein, it uses the example above, following algorithm can be used and calculate maximum distance: Math.max (len1, len2).
S203: the difference calculated between actual range and maximum distance obtains similar relative to the ratio of maximum distance
Degree.
Herein, following formula can be used and calculate similarity:
Similarity=1-dif [len1] [len2]/Math.max (len1, len2),
Wherein, similarity refers to similarity, and dif [len1] [len2] refers to actual range, Math.max (len1,
Len2) refer to maximum distance.
S204: similarity is reached into the second set of predetermined matching degree as assets loophole set.
It include trade name, product type with assets information as a kind of optional embodiment of the embodiment of the present invention
With the static vulnerability database matching process for describing the embodiment of the present invention for product version.As shown in figure 3, step S103 can wrap
Include following steps:
S301: each first name set is successively compared with the first name set to be detected, and will include first
First name set of name set to be detected is as the first intermediate name set.
Herein, the first name set refers to the alphabet including the trade name in corresponding assets loophole record
Set, the first name set to be detected refer to the set of the alphabet of the trade name including assets to be detected.Herein, also
Can set the first name set to only include corresponding assets loophole record in trade name in addition to spcial character with
The set of outer alphabet, by the first name set to be detected be set as only including assets to be detected trade name in addition to
The set of alphabet other than spcial character.
S302: each first model set is successively compared with the first model set to be detected, and will include first
First model set of model set to be detected is as the first intermediate model set.Herein, the first model set and first to
The first name set and the first name set to be detected that detection model set is referred in above-mentioned steps S301 are configured,
Details are not described herein.
S303: each first version set is successively compared with the first version set to be detected, and will include first
The first version set of version set to be detected is as the first intermediate releases set.Herein, the first centre set includes first
Intermediate name set, the first intermediate model set and the first intermediate releases set.
Herein, first version set and the first version set to be detected are referred to the first place in above-mentioned steps S301
Set and the first name set to be detected is claimed to be configured, details are not described herein.
In embodiments of the present invention, by the way that assets information to be set as including trade name, product type and product version,
And it is correspondingly formed the first name set, the first model set, first version set, the first name set to be detected, first to be checked
Model set and the first version set to be detected are surveyed, to form the first intermediate name set after gathering relatively, in first
Between model set and the first intermediate releases set so that finally obtained loophole matching result include the first intermediate name set
Corresponding assets loophole record, the corresponding assets loophole record of the first intermediate model set and the first intermediate releases set are corresponding
Assets loophole record three parts, further improve the comprehensive of the Hole Detection of assets to be detected.
It include dbase and software version with assets information as a kind of optional embodiment of the embodiment of the present invention
For the static vulnerability database matching process of the embodiment of the present invention described.As shown in figure 4, step S103 may include walking as follows
It is rapid:
S401: each first dbase set is successively compared with the first dbase set to be detected, and will
The first dbase set comprising the first dbase set to be detected is as the first middleware software name set.
Herein, the first dbase set refers to whole words including the dbase in corresponding assets loophole record
The set of symbol, the first name set to be detected refer to the set of the alphabet of the dbase including assets to be detected.At this
In, can also claim first place software set to be set as only includes in the dbase in corresponding assets loophole record in addition to spy
The set of alphabet other than different character sets only soft including assets to be detected for the first dbase set to be detected
The set of alphabet in part title other than spcial character.
S402: each first software version set is successively compared with the first software version set to be detected, and will
The first software version set comprising the first software version set to be detected is as the first middleware software version set.Herein,
Set includes the first middleware software name set and the first middleware software version set among first.
Herein, the first software version set and the first software version set to be detected are referred in above-mentioned steps S401
The first dbase set and the first dbase set to be detected be configured, details are not described herein.
In embodiments of the present invention, by the way that assets information to be set as including dbase and software version, and shape is corresponded to
At the first dbase set, the first software version set, the first dbase set to be detected and the first software version to be detected
This set makes to form the first middleware software name set and the first middleware software version set after gathering relatively
Finally obtained loophole matching result further comprise the first middleware software name set corresponding assets loophole record and
The corresponding assets loophole record of first middleware software version set, further improves the comprehensive of the Hole Detection of assets to be detected
Property.
It include OS name and operation with assets information as a kind of optional embodiment of the embodiment of the present invention
The static vulnerability database matching process of the embodiment of the present invention is described for system version.As shown in figure 5, this method may include as
Lower step:
S501: the OS name and operating system version in each assets loophole record in static vulnerability database are extracted
This, is respectively formed the first system name set and the first system version set.
Herein, the first system name set includes whole words of the OS name in corresponding assets loophole record
Symbol, or the alphabet including the OS name in corresponding assets loophole record other than spcial character;The
One system version set includes the alphabet of the operating system version in corresponding assets loophole record, or including corresponding
Alphabet of the operating system version other than spcial character in assets loophole record.
S502: extracting the OS name and operating system version of assets to be detected, is respectively formed the first system to be detected
System name set and the first system version set to be detected.Herein, the first systematic name set to be detected includes money to be detected
The alphabet of the OS name of production, or the OS name including assets to be detected is other than spcial character
Alphabet;First system version set to be detected includes the alphabet of the operating system version of assets to be detected, or
Alphabet of the operating system version including assets to be detected other than spcial character.Herein, it should be noted that
First systematic name set to be detected and the first system name set are correspondingly arranged, the first system version collection to be detected and the first system
System version set is correspondingly arranged.
S503: each the first system name set is successively compared with the first systematic name set to be detected, and will
The first system name set comprising the first systematic name set to be detected is as the first intermediate system name set.
S504: each the first system version set is successively compared with the first system version set to be detected, and will
The first system version sets cooperation comprising the first system version set to be detected is the first intermediate system version set.Herein,
Set includes the first intermediate system name set and the first intermediate system version set among first.
S505: the operating system patch number of assets to be detected is extracted.
S506: it extracts assets loophole corresponding with set among first in static vulnerability database and records, and filter and wherein operate
System mend number identical assets loophole record with the operating system patch number of assets to be detected, obtains the loophole of assets to be detected
Matching result.
Since the operating system when assets to be detected has operating system patch number, and the operating system patch number and a money
The operating system patch number produced in loophole record is identical, then it represents that and assets to be detected have been completed the reparation of corresponding loophole,
Therefore, in embodiments of the present invention, gather among filtering first in corresponding assets loophole record operating system patch number with to
The identical assets loophole record of operating system patch number for detecting assets, obtains the loophole matching result of assets to be detected, can
The assets loophole record being repaired in loophole matching result is rejected, the Hole Detection accuracy of assets to be detected is improved.
As a kind of optional embodiment of this hair embodiment, assets information can also include trade name, product type,
Product version, OS name and operating system version, or including trade name, product type, product version, software name
Title and software version, perhaps including OS name, operating system version, dbase and software version or including factory
Quotient's title, product type, product version, OS name, operating system version, dbase and software version.Herein,
The particular content of the method for the embodiment of the present invention can be described with reference to the correspondence of front to understand, details are not described herein.
Embodiment 2
Fig. 6 shows a kind of functional block diagram of static vulnerability database coalignment of the embodiment of the present invention, which can use
The static vulnerability database matching process described in realization embodiment 1 or its any optional embodiment.As shown in fig. 6, the device
It include: first information extraction module 10, the second information extraction modules 20, information comparison module 30 and third information extraction modules
40。
First information extraction module 10 is used to extract the assets information in each assets loophole record in static vulnerability database,
Form first set.Herein, first set includes the alphabet of the assets information in corresponding assets loophole record.
Second information extraction modules 20 are used to extract the assets information of assets to be detected, form the first set to be detected.?
Here, the first set to be detected includes the alphabet of the assets information of assets to be detected.
Information comparison module 30 is used to for each first set being successively compared with the first set to be detected, and will include
The first set of first set to be detected is as the first centre set.
Third information extraction modules 40 are remembered for extracting assets loophole corresponding with set among first in static vulnerability database
Record, obtains the loophole matching result of assets to be detected.
The static vulnerability database coalignment of the embodiment of the present invention, can be realized to assets information in vulnerability database and money to be detected
The assets information of production is identical, and is substantially the same with the assets information of assets to be detected (than the assets letter of assets to be detected
Cease one or more more character) assets loophole record extraction, can reduce due to belonging to same money with assets to be detected
The assets information of production is registered as there are certain different information in character level from the assets information of assets to be detected
Caused by reason, the part assets loophole that assets to be detected are belonged in static vulnerability database records the problem of can not being matched out generation
A possibility that, improve the comprehensive of the Hole Detection of assets to be detected.
The embodiment of the invention also provides a kind of electronic equipment, as shown in fig. 7, the electronic equipment may include processor 71
With memory 72, wherein processor 71 can be connected with memory 72 by bus or other modes, to pass through bus in Fig. 7
For connection.
Processor 71 can be central processing unit (Central Processing Unit, CPU).Processor 71 can be with
For other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
The combination of the chips such as discrete hardware components or above-mentioned all kinds of chips.
Memory 72 is used as a kind of non-transient computer readable storage medium, can be used for storing non-transient software program, non-
Transient computer executable program and module, as the corresponding program of static vulnerability database matching process in the embodiment of the present invention refers to
Order/module.Non-transient software program, instruction and the module that processor 71 is stored in memory 72 by operation, to hold
The various function application and data processing of row processor, i.e. static vulnerability database match party in realization above method embodiment
Method.
Memory 72 may include storing program area and storage data area, wherein storing program area can storage program area,
Application program required at least one function;It storage data area can the data etc. that are created of storage processor 71.In addition, storage
Device 72 may include high-speed random access memory, can also include non-transient memory, for example, at least a magnetic disk storage
Part, flush memory device or other non-transient solid-state memories.In some embodiments, it includes relative to place that memory 72 is optional
The remotely located memory of device 71 is managed, these remote memories can pass through network connection to processor 71.The reality of above-mentioned network
Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
One or more of modules are stored in the memory 72, when being executed by the processor 71, are executed
Static vulnerability database matching process in embodiment as shown in Figs. 1-5.
Above-mentioned electronic equipment detail can correspond to corresponding associated description in embodiment referring to FIG. 1 to 5
Understood with effect, details are not described herein again.
It is that can lead to it will be understood by those skilled in the art that realizing all or part of the process in above-described embodiment method
Computer program is crossed to instruct relevant hardware and complete, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can for magnetic disk,
CD, read-only memory (Read-Only Memory, ROM), random access memory (Random Access
Memory, RAM), flash memory (Flash Memory), hard disk (Hard Disk Drive, abbreviation: HDD) or solid state hard disk
(Solid-State Drive, SSD) etc.;The storage medium can also include the combination of the memory of mentioned kind.
Obviously, the above embodiments are merely examples for clarifying the description, and does not limit the embodiments.It is right
For those of ordinary skill in the art, can also make on the basis of the above description it is other it is various forms of variation or
It changes.There is no necessity and possibility to exhaust all the enbodiments.And it is extended from this it is obvious variation or
It changes still within the protection scope of the invention.
Claims (11)
1. a kind of static state vulnerability database matching process, which comprises the steps of:
The assets information in each assets loophole record in the static vulnerability database is extracted, first set is formed;Described first
Set includes the alphabet of the assets information in corresponding assets loophole record;
The assets information of assets to be detected is extracted, the first set to be detected is formed;First set to be detected include it is described to
Detect the alphabet of the assets information of assets;
Each first set is successively compared with the described first set to be detected, and will be to be detected comprising described first
The first set of set is as the first centre set;
It extracts assets loophole corresponding with set among described first in the static vulnerability database to record, obtains the money to be detected
The loophole matching result of production.
2. static state vulnerability database matching process according to claim 1, which is characterized in that further include:
The assets feature information in each assets loophole record in the loophole matching result is extracted, second set is formed;Institute
State the alphabet that second set includes the assets feature information in corresponding assets loophole record;
The assets feature information of the assets to be detected is extracted, the second set to be detected is formed;The second set packet to be detected
Include the alphabet of the assets feature information of the assets to be detected;
The similarity of each second set Yu the described second set to be detected is successively calculated, and the similarity is reached pre-
The second set of matching degree is determined as assets loophole set;
The corresponding assets loophole record of the assets loophole set is extracted, the Hole Detection result of the assets to be detected is obtained.
3. static state vulnerability database matching process according to claim 2, which is characterized in that described successively to calculate each described the
Two set and the similarity of the described second set to be detected, and using the similarity reach the second set of predetermined matching degree as
The step of assets loophole set, comprising:
Successively calculate the actual range between each second set and second set to be detected;The actual range is
Minimal step number when keeping the corresponding character string of the second set equal with the described second corresponding character string of set to be detected;
Successively calculate the maximum distance between each second set and second set to be detected;The maximum distance is
It is larger in the length of the length of the corresponding character string of the second set and the corresponding character string of second set to be detected
Value;
The difference between the actual range and the maximum distance is calculated, relative to the ratio of the maximum distance, obtains institute
State similarity;
The similarity is reached into the second set of the predetermined matching degree as the assets loophole set.
4. static state vulnerability database matching process according to claim 2 or 3, which is characterized in that the assets feature packet
Include trade name, product type and product version, the second set includes trade name in the assets loophole record, produces
The alphabet of product model and product version, second set to be detected include the trade name of the assets to be detected, produce
The alphabet of product model and product version.
5. static state vulnerability database matching process according to claim 1 or 2, which is characterized in that the assets information includes factory
Quotient's title, product type and product version, the first set include the first name set, the first model set and first version
Set, first set to be detected includes that the first name set to be detected, the first model set to be detected and first are to be detected
Version set;It is described to be successively compared each first set with the described first set to be detected, and will be comprising described
The step of first set of first set to be detected is as the first centre set, comprising:
Each first name set is successively compared with the described first name set to be detected, and described the will be included
First name set of one name set to be detected is as the first intermediate name set;
Each first model set is successively compared with the described first model set to be detected, and described the will be included
First model set of one model set to be detected is as the first intermediate model set;
Each first version set is successively compared with the described first version set to be detected, and described the will be included
The first version set of one version set to be detected is as the first intermediate releases set;The set among first includes described the
One intermediate name set, the first intermediate model set and the first intermediate releases set.
6. static state vulnerability database matching process according to claim 1 or 2, which is characterized in that the assets information includes behaviour
Make systematic name and operating system version, the first set includes the first system name set and the first system version set,
First set to be detected includes the first systematic name set to be detected and the first system version set to be detected;It is described will be each
A first set is successively compared with the described first set to be detected, and by the comprising the described first set to be detected
The step of one set is as the first centre set, comprising:
Each the first system name set is successively compared with the described first systematic name set to be detected, and will packet
The first system name set containing the described first systematic name set to be detected is as the first intermediate system name set;
Each the first system version set is successively compared with the described first system version set to be detected, and will packet
The first system version sets cooperation containing the described first system version set to be detected is the first intermediate system version set;Described
Set includes the first intermediate system name set and the first intermediate system version set among one.
7. static state vulnerability database matching process according to claim 6, which is characterized in that described to extract the static vulnerability database
In assets loophole record corresponding with the set among first, obtain the step of the loophole matching result of the assets to be detected
Suddenly, comprising:
Extract the operating system patch number of the assets to be detected;
It extracts assets loophole corresponding with set among described first in the static vulnerability database to record, and filters wherein operation system
The identical assets loophole of the operating system patch number of system patch number and the assets to be detected records, and obtains the assets to be detected
Loophole matching result.
8. static state vulnerability database matching process according to claim 1 or 2, which is characterized in that the assets information includes soft
Part title and software version, the first set include the first dbase set and the first software version set, described first
Set to be detected includes the first dbase set to be detected and the first software version set to be detected;It is described by each described
One set is successively compared with the described first set to be detected, and will be made comprising the first set of the described first set to be detected
The step of gathering for the first centre, comprising:
Each first dbase set is successively compared with the described first dbase set to be detected, and will packet
The first dbase set containing the described first dbase set to be detected is as the first middleware software name set;
Each first software version set is successively compared with the described first software version set to be detected, and will packet
The first software version set containing the described first software version set to be detected is as the first middleware software version set;Described
Set includes the first middleware software name set and the first middleware software version set among one.
9. a kind of static state vulnerability database coalignment characterized by comprising
First information extraction module, for extracting the assets information in each assets loophole record in the static vulnerability database,
Form first set;The first set includes the alphabet of the assets information in corresponding assets loophole record;
Second information extraction modules form the first set to be detected for extracting the assets information of assets to be detected;Described first
Set to be detected includes the alphabet of the assets information of the assets to be detected;
Information comparison module, for each first set to be successively compared with the described first set to be detected, and will
First set comprising the described first set to be detected is as the first centre set;
Third information extraction modules, for extracting assets loophole corresponding with set among described first in the static vulnerability database
Record, obtains the loophole matching result of the assets to be detected.
10. a kind of electronic equipment characterized by comprising memory and processor, between the memory and the processor
Connection is communicated with each other, computer instruction is stored in the memory, the processor, which passes through, executes the computer instruction, from
And perform claim requires the described in any item static vulnerability database matching process of 1-8.
11. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to
It enables, the computer instruction is for making the computer perform claim require the described in any item static vulnerability database match parties of 1-8
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910575795.1A CN110347700A (en) | 2019-06-28 | 2019-06-28 | Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910575795.1A CN110347700A (en) | 2019-06-28 | 2019-06-28 | Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110347700A true CN110347700A (en) | 2019-10-18 |
Family
ID=68177163
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910575795.1A Pending CN110347700A (en) | 2019-06-28 | 2019-06-28 | Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110347700A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111008380A (en) * | 2019-11-25 | 2020-04-14 | 杭州安恒信息技术股份有限公司 | Method and device for detecting industrial control system bugs and electronic equipment |
CN111104677A (en) * | 2019-12-18 | 2020-05-05 | 哈尔滨安天科技集团股份有限公司 | Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification |
CN111695120A (en) * | 2020-06-12 | 2020-09-22 | 公安部第三研究所 | Information system safety deep threat early warning system and method |
CN112751830A (en) * | 2020-12-15 | 2021-05-04 | 广东华兴银行股份有限公司 | Method, device and medium for improving network attack detection accuracy |
CN112800432A (en) * | 2021-02-05 | 2021-05-14 | 绿盟科技集团股份有限公司 | Vulnerability description and asset matching method, device, equipment and medium |
CN113067829A (en) * | 2021-03-25 | 2021-07-02 | 北京天融信网络安全技术有限公司 | Threat information processing method and device |
CN114372272A (en) * | 2022-01-11 | 2022-04-19 | 浙江齐安信息科技有限公司 | Non-verification type vulnerability matching method |
CN116561768A (en) * | 2023-05-19 | 2023-08-08 | 国家计算机网络与信息安全管理中心 | Device firmware vulnerability detection method, device and storage medium |
CN117708834A (en) * | 2024-02-06 | 2024-03-15 | 长扬科技(北京)股份有限公司 | Asset vulnerability detection method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104732968A (en) * | 2013-12-20 | 2015-06-24 | 携程计算机技术(上海)有限公司 | Voice control system evaluation system and method |
CN107220639A (en) * | 2017-04-14 | 2017-09-29 | 北京捷通华声科技股份有限公司 | The correcting method and device of OCR recognition results |
CN107239705A (en) * | 2017-05-25 | 2017-10-10 | 中国东方电气集团有限公司 | A kind of contactless industrial control system or the static leakage location of equipment and detection method |
-
2019
- 2019-06-28 CN CN201910575795.1A patent/CN110347700A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104732968A (en) * | 2013-12-20 | 2015-06-24 | 携程计算机技术(上海)有限公司 | Voice control system evaluation system and method |
CN107220639A (en) * | 2017-04-14 | 2017-09-29 | 北京捷通华声科技股份有限公司 | The correcting method and device of OCR recognition results |
CN107239705A (en) * | 2017-05-25 | 2017-10-10 | 中国东方电气集团有限公司 | A kind of contactless industrial control system or the static leakage location of equipment and detection method |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111008380B (en) * | 2019-11-25 | 2022-05-31 | 杭州安恒信息技术股份有限公司 | Method and device for detecting industrial control system bugs and electronic equipment |
CN111008380A (en) * | 2019-11-25 | 2020-04-14 | 杭州安恒信息技术股份有限公司 | Method and device for detecting industrial control system bugs and electronic equipment |
CN111104677A (en) * | 2019-12-18 | 2020-05-05 | 哈尔滨安天科技集团股份有限公司 | Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification |
CN111104677B (en) * | 2019-12-18 | 2023-12-26 | 安天科技集团股份有限公司 | Vulnerability patch detection method and device based on CPE specification |
CN111695120A (en) * | 2020-06-12 | 2020-09-22 | 公安部第三研究所 | Information system safety deep threat early warning system and method |
CN112751830A (en) * | 2020-12-15 | 2021-05-04 | 广东华兴银行股份有限公司 | Method, device and medium for improving network attack detection accuracy |
CN112751830B (en) * | 2020-12-15 | 2024-01-23 | 广东华兴银行股份有限公司 | Method, equipment and medium for improving network attack detection accuracy |
CN112800432A (en) * | 2021-02-05 | 2021-05-14 | 绿盟科技集团股份有限公司 | Vulnerability description and asset matching method, device, equipment and medium |
CN113067829A (en) * | 2021-03-25 | 2021-07-02 | 北京天融信网络安全技术有限公司 | Threat information processing method and device |
CN114372272A (en) * | 2022-01-11 | 2022-04-19 | 浙江齐安信息科技有限公司 | Non-verification type vulnerability matching method |
CN116561768A (en) * | 2023-05-19 | 2023-08-08 | 国家计算机网络与信息安全管理中心 | Device firmware vulnerability detection method, device and storage medium |
CN116561768B (en) * | 2023-05-19 | 2024-05-28 | 国家计算机网络与信息安全管理中心 | Device firmware vulnerability detection method, device and storage medium |
CN117708834A (en) * | 2024-02-06 | 2024-03-15 | 长扬科技(北京)股份有限公司 | Asset vulnerability detection method and device |
CN117708834B (en) * | 2024-02-06 | 2024-04-23 | 长扬科技(北京)股份有限公司 | Asset vulnerability detection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110347700A (en) | Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing | |
CN105072089A (en) | WEB malicious scanning behavior abnormity detection method and system | |
WO2016022720A2 (en) | Method and apparatus of identifying a transaction risk | |
US11449604B2 (en) | Computer security | |
CN111310759B (en) | Target detection inhibition optimization method and device for dual-mode cooperation | |
CN110519264A (en) | Tracking source tracing method, device and the equipment of attack | |
GB2583892A (en) | Adaptive computer security | |
CN106294886A (en) | A kind of method and system of full dose extracted data from HBase | |
US11477225B2 (en) | Pre-emptive computer security | |
US11436320B2 (en) | Adaptive computer security | |
CN109710628B (en) | Information processing method, information processing device, information processing system, computer and readable storage medium | |
GB2582609A (en) | Pre-emptive computer security | |
CN106547658A (en) | A kind of automated testing method and device | |
CN114329455B (en) | User abnormal behavior detection method and device based on heterogeneous graph embedding | |
CN115827436A (en) | Data processing method, device, equipment and storage medium | |
WO2022156720A1 (en) | Method and apparatus for group control account excavation, device, and storage medium | |
CN103164335A (en) | Method and system for detecting unit test quality | |
CN110532772A (en) | File test method, model, equipment and computer readable storage medium | |
CN109189803A (en) | Question and answer are to construction method, device and computer readable storage medium | |
CN111444362A (en) | Malicious picture intercepting method, device, equipment and storage medium | |
CN115834231A (en) | Honeypot system identification method and device, terminal equipment and storage medium | |
CN116167327A (en) | Tool and method for checking length of PCB signal line length and via stub length | |
CN111901137A (en) | Method for mining multi-step attack scene by using honeypot alarm log | |
CN115470489A (en) | Detection model training method, detection method, device and computer readable medium | |
Patri et al. | Data mining with shapelets for predicting valve failures in gas compressors |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191018 |
|
RJ01 | Rejection of invention patent application after publication |