CN110347700A - Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing - Google Patents

Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing Download PDF

Info

Publication number
CN110347700A
CN110347700A CN201910575795.1A CN201910575795A CN110347700A CN 110347700 A CN110347700 A CN 110347700A CN 201910575795 A CN201910575795 A CN 201910575795A CN 110347700 A CN110347700 A CN 110347700A
Authority
CN
China
Prior art keywords
detected
assets
loophole
version
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910575795.1A
Other languages
Chinese (zh)
Inventor
张明远
黄彪
李飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wei Nu Trick Co Ltd
Original Assignee
Beijing Wei Nu Trick Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wei Nu Trick Co Ltd filed Critical Beijing Wei Nu Trick Co Ltd
Priority to CN201910575795.1A priority Critical patent/CN110347700A/en
Publication of CN110347700A publication Critical patent/CN110347700A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing, this method comprises: extracting the assets information in each assets loophole record in static vulnerability database, form first set;First set includes the alphabet of the assets information in corresponding assets loophole record;The assets information of assets to be detected is extracted, the first set to be detected is formed;First set to be detected includes the alphabet of the assets information of assets to be detected;Each first set is successively compared with the first set to be detected, and is gathered the first set comprising the first set to be detected as the first centre;It extracts assets loophole corresponding with set among first in static vulnerability database to record, obtains the loophole matching result of assets to be detected.By implementing the invention, it can be realized the extraction to the assets loophole record that assets information in vulnerability database is identical with the assets information of assets to be detected and is substantially the same, improve the comprehensive of the Hole Detection of assets to be detected.

Description

Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing
Technical field
The present invention relates to industrial information security technology area more particularly to a kind of static vulnerability database matching process, device, Electronic equipment and readable storage medium storing program for executing.
Background technique
The technical of industrial control system development in China is more rapid, and industrial production also gradually develops from traditional manual patrol inspection For the industrial control system of automation, industrial control system is widely applied to petroleum and petrochemical industry, hydraulic and electric engineering, food processing and dirt The every field such as water process.Meanwhile industrial expansion brings the extensive use of industrial equipment, the work of access industrial control system Industry number of devices sharply increases.According to the characteristic of industrial equipment, producer and model very complicated, miscellaneous equipment safety leakage Hole is also more and more, brings biggish potential threat to industrial system.Based on the above issues, industrial equipment Safety Industry is continuous The vulnerability information of development, all types of industries control system or equipment is issued by the collect of some professions and is put down in relevant information Platform, and by the known bugs library of study and accumulation is scanned to equipment and control system is controlled in industrial control network Matching the method to detect known bugs becomes the common method of current industrial control system known bugs inspection.
Currently, generally by by the assets information of the measurement equipment to be detected (assets i.e. to be detected) of access industrial control system It is compared with the assets information in each assets loophole record in known leakage copper library, and in the assets information of assets to be detected When matching with the assets information in assets loophole record, using the vulnerability information in assets loophole record as assets to be detected The mode of vulnerability information realizes the inspection to industrial control system known bugs.But due to record habit or record regulation Difference, the reasons such as error, belong to the assets information of same assets by different mechanism (known bugs libraries even in recording process In assets loophole record recording mechanism and assets to be detected assets information recording mechanism) record after result may There can be difference to a certain extent, cause may substantially belong to the assets of same assets when carrying out information matches Regard as different assets, so as to cause by the matched mode of assets information to assets to be detected carry out Hole Detection when, The assets loophole record for belonging to assets to be detected possibly can not be matched out, and the known bugs detection of assets to be detected is not comprehensive.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of static vulnerability database matching process, device, electronic equipments and readable Storage medium, to solve the problems, such as that existing static vulnerability database matching method matches are incomplete.
According in a first aspect, including the following steps: to mention the embodiment of the invention provides a kind of static vulnerability database matching process The assets information in each assets loophole record in static vulnerability database is taken, first set is formed;First set includes corresponding The alphabet of assets information in assets loophole record;The assets information of assets to be detected is extracted, the first collection to be detected is formed It closes;First set to be detected includes the alphabet of the assets information of assets to be detected;By each first set successively with first Set to be detected is compared, and is gathered the first set comprising the first set to be detected as the first centre;It extracts static Assets loophole corresponding with set among first records in vulnerability database, obtains the loophole matching result of assets to be detected.
It include the first set of the alphabet of the assets information in assets loophole record by formation, and including to be checked The first set to be detected for surveying the alphabet of the assets information of assets is realized in a manner of character set and is remembered to assets loophole The extraction of all information content of the assets information of record and assets to be detected;By will include the first set to be detected first Set is extracted assets loophole corresponding with set among first and is recorded as the first centre set, obtains assets to be detected Loophole matching result, realize it is identical with the assets information of assets to be detected to assets information in static vulnerability database, and With the assets information of assets to be detected be substantially the same (than assets to be detected assets information more than one or more character) money Produce loophole record extraction, can reduce due to the assets information for belonging to same assets with assets to be detected be registered as with it is to be checked The assets information for surveying assets is caused the reason of there are certain different information in character level, belongs in static vulnerability database A possibility that the problem of part assets loophole record of assets to be detected can not be matched out generates, improves assets to be detected Hole Detection it is comprehensive.
With reference to first aspect, in first aspect first embodiment, static vulnerability database matching process further include: extract leakage The assets feature information in each assets loophole record in the matching result of hole, forms second set;Second set includes corresponding to Assets loophole record in assets feature information alphabet;It extracts the assets feature information of assets to be detected, forms the Two set to be detected;Second set to be detected includes the alphabet of the assets feature information of assets to be detected;It successively calculates each The similarity of a second set and the second set to be detected, and similarity is reached into the second set of predetermined matching degree as assets Loophole set;The corresponding assets loophole record of withdrawal of assets loophole set, obtains the Hole Detection result of assets to be detected.
Since there is only the assets informations for belonging to same assets with assets to be detected to be registered as and assets to be detected There is the case where certain different information in assets information, exist there is also the assets information with assets to be detected in character level There are certain different assets informations in character level, corresponding assets are the feelings of different assets from assets to be detected Therefore condition may pass through and be formed comprising some assets loophole records for being not belonging to assets to be detected in loophole matching result The second set of alphabet including the assets feature information in the assets loophole record in corresponding loophole matching result, with And the second set to be detected of the alphabet of the assets feature information including assets to be detected, it is realized in a manner of character set To all information content of the assets feature information of the assets loophole record in loophole matching result and assets to be detected It extracts;By successively calculating the similarity of each second set Yu the second set to be detected, and extracts similarity and reach predetermined The corresponding assets loophole record of second set (assets loophole set) with degree, obtain the Hole Detection of assets to be detected as a result, Can be realized and choosing deleted to the assets loophole record in loophole matching result, in removal loophole matching result with assets to be detected The biggish part of a possibility that assets feature information gap is larger, is not belonging to the assets loophole record of assets to be detected, so as to It is enough guarantee the Hole Detection result of assets to be detected it is comprehensive on the basis of, further increase the accuracy of testing result.
First embodiment with reference to first aspect successively calculates each second collection in first aspect second embodiment The similarity with the second set to be detected is closed, and similarity is reached into the second set of predetermined matching degree as assets loophole set The step of, comprising: successively calculate the actual range between each second set and the second set to be detected;Actual range is to make the The two corresponding character strings of set with second it is to be detected gather corresponding character string it is equal when minimal step number;It successively calculates each Maximum distance between second set and the second set to be detected;Maximum distance be the corresponding character string of second set length and The larger value in second length to be detected for gathering corresponding character string;The difference between actual range and maximum distance is calculated, Relative to the ratio of maximum distance, similarity is obtained;Similarity is reached into the second set of predetermined matching degree as assets loophole Set.
First embodiment or first aspect second embodiment with reference to first aspect, in first aspect third embodiment party In formula, assets feature information includes trade name, product type and product version, and second set includes in assets loophole record The alphabet of trade name, product type and product version, second it is to be detected set include assets to be detected trade name, The alphabet of product type and product version.
With reference to first aspect or first aspect first embodiment, in the 4th embodiment of first aspect, assets letter Breath includes trade name, product type and product version, and first set includes the first name set, the first model set and first Version set, the first set to be detected include that the first name set to be detected, the first model set to be detected and first are to be detected Version set;Each first set is successively compared with the first set to be detected, and the first set to be detected will be included First set is as among first the step of set, comprising: by each first name set successively with the first title collection to be detected Conjunction is compared, and using the first name set comprising the first name set to be detected as the first intermediate name set;It will be each A first model set is successively compared with the first model set to be detected, and by comprising the first model set to be detected One model set is as the first intermediate model set;Each first version set is successively carried out with the first version set to be detected Compare, and using the first version set comprising the first version set to be detected as the first intermediate releases set;Collection among first Close includes the first intermediate name set, the first intermediate model set and the first intermediate releases set.
By the way that assets information to be set as including trade name, product type and product version, and it is correspondingly formed first place Claim set, the first model set, first version set, the first name set to be detected, the first model set to be detected and first Version set to be detected, to form the first intermediate name set, the first intermediate model set and the after gathering relatively One intermediate releases set, so that finally obtained loophole matching result includes the corresponding assets loophole note of the first intermediate name set Record, the corresponding assets loophole record of the first intermediate model set and the corresponding assets loophole record three of the first intermediate releases set Part further improves the comprehensive of the Hole Detection of assets to be detected.
With reference to first aspect or first aspect first embodiment, in the 5th embodiment of first aspect, assets letter Breath includes OS name and operating system version, and first set includes the first system name set and the first system version sets It closes, the first set to be detected includes the first systematic name set to be detected and the first system version set to be detected;By each One set is successively compared with the first set to be detected, and using the first set comprising the first set to be detected as in first Between the step of gathering, comprising: each the first system name set is successively compared with the first systematic name set to be detected, And using the first system name set comprising the first systematic name set to be detected as the first intermediate system name set;It will be each A the first system version set is successively compared with the first system version set to be detected, and will include the first examining system to be checked The first system version sets cooperation of version set is the first intermediate system version set;Set includes system among first among first System name set and the first intermediate system version set.
By the way that assets information to be set as including OS name and operating system version, and it is correspondingly formed the first system Name set, the first system version set, the first systematic name set to be detected and the first system version set to be detected, thus The first intermediate system name set and the first intermediate system version set are formed after gathering relatively, so that finally obtained Loophole matching result further comprises the corresponding assets loophole record of the first intermediate system name set and the first intermediate system The corresponding assets loophole record of version set, further improves the comprehensive of the Hole Detection of assets to be detected.
5th embodiment with reference to first aspect is extracted in static vulnerability database in six embodiment of first aspect with the The step of gathering corresponding assets loophole record among one, obtaining the loophole matching result of assets to be detected, comprising: extract to be checked Survey the operating system patch number of assets;It extracts assets loophole corresponding with set among first in static vulnerability database to record, and mistake Wherein identical assets loophole records operating system patch number with the operating system patch number of assets to be detected for filter, obtains to be detected The loophole matching result of assets.
Since the operating system when assets to be detected has operating system patch number, and the operating system patch number and a money When operating system patch number in production loophole record is identical, then it represents that assets to be detected have been completed repairing for corresponding loophole It is multiple, therefore, among filtering first gather the operation of operating system patch number and assets to be detected in corresponding assets loophole record The identical assets loophole record of system mend number, obtains the loophole matching result of assets to be detected, can reject loophole matching knot The assets loophole record being repaired in fruit, improves the Hole Detection accuracy of assets to be detected.
With reference to first aspect or first aspect first embodiment, in the 7th embodiment of first aspect, assets letter Breath include dbase and software version, first set include the first dbase set and the first software version set, first Set to be detected includes the first dbase set to be detected and the first software version set to be detected;By each first set according to It is secondary to be compared with the first set to be detected, and the first set comprising the first set to be detected is gathered as the first centre Step, comprising: each first dbase set is successively compared with the first dbase set to be detected, and will include First dbase set of the first dbase set to be detected is as the first middleware software name set;It is soft by each first Part version set is successively compared with the first software version set to be detected, and will include the first software version set to be detected The first software version set as the first middleware software version set;Set includes the first middleware software title collection among first Conjunction and the first middleware software version set.
By the way that assets information to be set as including dbase and software version, and it is correspondingly formed the first dbase collection Conjunction, the first software version set, the first dbase set to be detected and the first software version set to be detected, thus by collection The first middleware software name set and the first middleware software version set are formed after composition and division in a proportion, so that finally obtained loophole It further comprise the corresponding assets loophole record of the first middleware software name set and the first middleware software version sets with result Corresponding assets loophole record is closed, the comprehensive of the Hole Detection of assets to be detected is further improved.
According to second aspect, the embodiment of the invention provides a kind of static vulnerability database coalignments, comprising: the first information mentions Modulus block forms first set for extracting the assets information in the record of each assets loophole in static vulnerability database;First collection Close the alphabet including the assets information in corresponding assets loophole record;Second information extraction modules, it is to be checked for extracting The assets information of assets is surveyed, the first set to be detected is formed;First set to be detected includes the assets information of assets to be detected Alphabet;Information comparison module and will include for each first set to be successively compared with the first set to be detected The first set of first set to be detected is as the first centre set;Third information extraction modules, for extracting static vulnerability database In with set corresponding assets loophole record among first, obtain the loophole matching result of assets to be detected.
According to the third aspect, the embodiment of the invention provides a kind of electronic equipment, comprising: memory and processor, it is described Connection is communicated with each other between memory and the processor, computer instruction is stored in the memory, and the processor is logical It crosses and executes the computer instruction, thereby executing quiet described in any one of first aspect or first aspect embodiment State vulnerability database matching process.
It is described computer-readable the embodiment of the invention provides a kind of computer readable storage medium according to fourth aspect Storage medium stores computer instruction, and the computer instruction is for making the computer execute first aspect or first aspect Any one embodiment described in static vulnerability database matching process.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of a kind of method flow diagram of static vulnerability database matching process provided in an embodiment of the present invention;
Fig. 2 is a kind of specific embodiment flow chart of step S107 in Fig. 1;
Fig. 3 is a kind of specific embodiment flow chart of step S103 in Fig. 1;
Fig. 4 is another specific embodiment flow chart of step S103 in Fig. 1;
Fig. 5 is a kind of another method flow diagram of static vulnerability database matching process provided in an embodiment of the present invention;
Fig. 6 is a kind of functional block diagram of static vulnerability database coalignment provided in an embodiment of the present invention;
Fig. 7 is the hardware structural diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those skilled in the art are not having Every other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that term " first ", " second ", " third " are used for description purposes only, It is not understood to indicate or imply relative importance.
It should be noted that static state vulnerability database matching process provided in an embodiment of the present invention, can be applied to assets control In system, access has multiple assets in the assets control system.Specifically, when being accessed new assets in assets control system When (assets to be detected), then by industry internet radar (ISAS) the scanning discovery assets in the assets control system, and The assets information of the assets is obtained, or in such a way that the administrator of assets control system adds assets manually, obtains the money The assets information of production;Then, the assets information in each assets loophole record in known static vulnerability database is obtained, and is based on The assets information of assets information and assets to be detected in assets loophole record, obtains the loophole matching result of assets to be detected.
Embodiment 1
Fig. 1 shows the flow chart of the static vulnerability database matching process of the embodiment of the present invention, as shown in Figure 1, this method can To include the following steps:
S101: the assets information in each assets loophole record in static vulnerability database is extracted, first set is formed.At this In, first set includes the alphabet of the assets information in corresponding assets loophole record.
Herein, the information recorded in each assets loophole record may include trade name, product type, product version The assets informations such as sheet, OS name, operating system version, operating system patch number, dbase, software version, furthermore Also record has corresponding vulnerability information in assets loophole record.Herein, the assets information in the assets loophole record of extraction is At least one of above-mentioned assets information.
Herein, when the assets information of extraction is a kind of, assets information in assets loophole record corresponding the One collection is combined into a set;When the assets information of extraction is a variety of, the assets information in an assets loophole record is corresponding First set is one group of set, for example, when the assets information of extraction includes trade name, product type and product version, phase Ying Di, first set include the first name set, the first model set and first version set.
Herein, first set can also be set to only including removing in the assets information in corresponding assets loophole record Alphabet other than spcial character, that is, first set includes in assets information in corresponding assets loopholes record English, Chinese and numerical character.
S102: extracting the assets information of assets to be detected, forms the first set to be detected.Herein, the first collection to be detected Close the alphabet of the assets information including assets to be detected.
Herein, similarly, the assets information of assets to be detected includes trade name, product type, product version, operation Systematic name, operating system version, operating system patch number, dbase, software version etc., specifically, extract herein to The assets information detected in the assets loophole record extracted in the assets information and above-mentioned steps S101 of assets is corresponding.At this In, when the assets information of extraction is a kind of, corresponding first collection to be detected of the assets information of assets to be detected is combined into a set; When the assets information of extraction is a variety of, corresponding first collection to be detected of the assets information of assets to be detected is combined into one group of set.
It uses the example above, when the assets information in the assets loophole record of extraction includes trade name, product type and product When version, the assets information of the assets to be detected of extraction equally includes trade name, product type and product version, accordingly, First set to be detected includes the first name set, the first model set to be detected and the first version set to be detected to be detected.
Herein, when first set is arranged to only include in the assets information in corresponding assets loophole record in addition to spy When alphabet other than different character, the first set to be detected is also only in the assets information including assets to be detected in addition to special word Alphabet other than symbol.
S103: each first set is successively compared with the first set to be detected, and will include the first collection to be detected The first set of conjunction is as the first centre set.
Herein, first set includes that the first set to be detected refers to that all characters in the first set to be detected belong to In first set.
Herein, when first set and the first set to be detected include one group of set, then compare first set one by one Corresponding set in the first set to be detected, uses the example above, when first set includes the first name set, the first model collection It closes and first version set, the first set to be detected includes the first name set to be detected, the first model set to be detected and the One version set to be detected then needs to compare the first name set and the first name set to be detected, and will be to be checked comprising first The first name set of name set is surveyed as the first intermediate name set;Compare the first model set and the first model to be detected Set, and using the first model set comprising the first model set to be detected as the first intermediate model set;Compare the first edition This set and the first version set to be detected, and using the first version set comprising the first version set to be detected as in first Between version set.
S104: it extracts assets loophole corresponding with set among first in static vulnerability database and records, obtain assets to be detected Loophole matching result.
Herein, when first set and the first set to be detected include one group of set, correspondingly, collection among first Closing also is one group of set, then when extracting in static vulnerability database with the first centre set corresponding assets loophole record, needs successively Extract the corresponding assets loophole record of each set among first in set.It uses the example above, set includes the among first When one intermediate name set, the first intermediate model set and the first intermediate releases set, then need successively to extract among first Name set corresponding assets loophole record, the corresponding assets loophole record of the first intermediate model set and the first intermediate releases Gather corresponding assets loophole record, finally obtains the loophole matching result of assets to be detected.
In embodiments of the present invention, by forming first of the alphabet including the assets information in assets loophole record Set, and the assets information including assets to be detected alphabet the first set to be detected, in a manner of character set Realize the extraction of all information content of the assets information to assets loophole record and assets to be detected;By that will include The first set of one set to be detected is extracted assets loophole corresponding with set among first and is remembered as the first centre set Record, obtains the loophole matching result of assets to be detected, realizes the money to assets information and assets to be detected in static vulnerability database Produce that information is identical, and with the assets informations of assets to be detected be substantially the same (than assets to be detected assets information more than one A or multiple characters) assets loophole record extraction, the money due to belonging to same assets with assets to be detected can be reduced Information is produced to be registered as leading the reason of there are certain different information in character level from the assets information of assets to be detected It causes, the possibility that part assets loophole record the problem of can not being matched out of assets to be detected generates is belonged in static vulnerability database Property, improve the comprehensive of the Hole Detection of assets to be detected.
As a kind of optional embodiment of the embodiment of the present invention, as shown in Figure 1, static vulnerability database matching process can be with Include the following steps:
S105: the assets feature information in each assets loophole record in loophole matching result is extracted, the second collection is formed It closes.Herein, second set includes the alphabet of the assets feature information in corresponding assets loophole record.
Herein, the assets feature information in assets loophole record refers to, the assets information recorded in assets loophole record (may include trade name, product type, product version, OS name, operating system version, operating system patch number, Dbase and software version etc.) in, an assets can be different to the information of another assets, specifically, the assets are special Reference breath may include trade name, product type and product version.
Herein, it should be noted that different from first set, no matter assets feature information includes several in assets information Information is planted, the second set that the assets feature information in an assets loophole record is formed is a set, it uses the example above, when When assets feature information includes trade name, product type and product version, second set be include trade name, product type And a set of the alphabet in product version, that is, second set is equivalent to the first title collection in step S101 Conjunction, the first model set and first version union of sets collection.
S106: extracting the assets feature information of assets to be detected, forms the second set to be detected.Herein, second is to be checked Survey the alphabet that set includes the assets feature information of assets to be detected.
Herein, the assets loophole extracted in the assets feature information of the assets to be detected of extraction and above-mentioned steps S105 is remembered Assets feature information in record is corresponding, specifically, the assets feature letter in the assets loophole record extracted in step S105 When breath includes trade name, product type and product version, correspondingly, the assets feature for the assets to be detected extracted herein is believed Breath also includes trade name, product type and the product version of assets to be detected.Similarly, no matter assets feature information includes Several information in assets information, the second set to be detected that the assets feature information of an assets to be detected is formed is one Set.
S107: the similarity of each second set Yu the second set to be detected is successively calculated, and similarity is reached predetermined The second set of matching degree is as assets loophole set.
Herein, can by calculating the quantity of identical character in second set and the second set to be detected, relative to The mode of the ratio of the number of characters of the more set of number of characters in second set and the second set to be detected, obtain second set with The similarity of second set to be detected;Alternatively, making the corresponding character string of second set and the second set pair to be detected by calculating Minimal step number when the character string answered is equal, then obtain the length and the second set to be detected of the corresponding character string of second set The larger value in the length of corresponding character string, and calculate the side of ratio of the above-mentioned minimal step number relative to above-mentioned maximum value Formula obtains the similarity of second set Yu the second set to be detected.
Herein, predetermined matching degree can be any value in section (0,1), and specific value can be according to actually answering It is configured with the needs of scene, specifically, for the accuracy of the Hole Detection result of the assets to be detected improved, in advance Determining matching degree can be any value in section (0.5,1), e.g., 0.7,0.8 or 0.9 etc..
S108: the corresponding assets loophole record of withdrawal of assets loophole set obtains the Hole Detection result of assets to be detected.
Since there is only the assets informations for belonging to same assets with assets to be detected to be registered as and assets to be detected There is the case where certain different information in assets information, exist there is also the assets information with assets to be detected in character level There are certain different assets informations in character level, corresponding assets are the feelings of different assets from assets to be detected Therefore condition may include some assets loophole records for being not belonging to assets to be detected in loophole matching result.Of the invention real It applies in example, by forming whole words including the assets feature information in the assets loophole record in corresponding loophole matching result The second set of symbol, and the assets feature information including assets to be detected alphabet the second set to be detected, with word The mode of symbol set realizes the assets feature information to the assets loophole record in loophole matching result and assets to be detected All information content extraction;By successively calculating the similarity of each second set Yu the second set to be detected, and extract Similarity reaches the corresponding assets loophole record of second set (assets loophole set) of predetermined matching degree, obtains assets to be detected Hole Detection choosing deleted to the assets loophole record in loophole matching result as a result, it is possible to realize, removal loophole matching result In it is larger with the assets feature information gap of assets to be detected, be not belonging to assets to be detected assets loophole record a possibility that compared with Big part, so as to guarantee the Hole Detection result of assets to be detected it is comprehensive on the basis of, further increase inspection Survey the accuracy of result.
As a kind of optional embodiment of the present embodiment, as shown in Fig. 2, step S107 may include steps of:
S201: the actual range between each second set and the second set to be detected is successively calculated.Herein, it is practical away from Minimal step number when to keep the corresponding character string of second set equal with the second corresponding character string of set to be detected.
It is assumed herein that the corresponding character string of second set is LAI, the second corresponding character string of set to be detected is AI, Following algorithm then can be used and calculate above-mentioned minimal step number:
It should be noted that above-mentioned realization algorithm is only for convenience those skilled in the art understand that the technology of the embodiment of the present invention The specific example that scheme is lifted should not constitute any restrictions to the embodiment of the present invention.
S202: the maximum distance between each second set and the second set to be detected is successively calculated.Herein, it is maximum away from From the larger value in the length and the second length to be detected for gathering corresponding character string for the corresponding character string of second set.
Herein, it uses the example above, following algorithm can be used and calculate maximum distance: Math.max (len1, len2).
S203: the difference calculated between actual range and maximum distance obtains similar relative to the ratio of maximum distance Degree.
Herein, following formula can be used and calculate similarity:
Similarity=1-dif [len1] [len2]/Math.max (len1, len2),
Wherein, similarity refers to similarity, and dif [len1] [len2] refers to actual range, Math.max (len1, Len2) refer to maximum distance.
S204: similarity is reached into the second set of predetermined matching degree as assets loophole set.
It include trade name, product type with assets information as a kind of optional embodiment of the embodiment of the present invention With the static vulnerability database matching process for describing the embodiment of the present invention for product version.As shown in figure 3, step S103 can wrap Include following steps:
S301: each first name set is successively compared with the first name set to be detected, and will include first First name set of name set to be detected is as the first intermediate name set.
Herein, the first name set refers to the alphabet including the trade name in corresponding assets loophole record Set, the first name set to be detected refer to the set of the alphabet of the trade name including assets to be detected.Herein, also Can set the first name set to only include corresponding assets loophole record in trade name in addition to spcial character with The set of outer alphabet, by the first name set to be detected be set as only including assets to be detected trade name in addition to The set of alphabet other than spcial character.
S302: each first model set is successively compared with the first model set to be detected, and will include first First model set of model set to be detected is as the first intermediate model set.Herein, the first model set and first to The first name set and the first name set to be detected that detection model set is referred in above-mentioned steps S301 are configured, Details are not described herein.
S303: each first version set is successively compared with the first version set to be detected, and will include first The first version set of version set to be detected is as the first intermediate releases set.Herein, the first centre set includes first Intermediate name set, the first intermediate model set and the first intermediate releases set.
Herein, first version set and the first version set to be detected are referred to the first place in above-mentioned steps S301 Set and the first name set to be detected is claimed to be configured, details are not described herein.
In embodiments of the present invention, by the way that assets information to be set as including trade name, product type and product version, And it is correspondingly formed the first name set, the first model set, first version set, the first name set to be detected, first to be checked Model set and the first version set to be detected are surveyed, to form the first intermediate name set after gathering relatively, in first Between model set and the first intermediate releases set so that finally obtained loophole matching result include the first intermediate name set Corresponding assets loophole record, the corresponding assets loophole record of the first intermediate model set and the first intermediate releases set are corresponding Assets loophole record three parts, further improve the comprehensive of the Hole Detection of assets to be detected.
It include dbase and software version with assets information as a kind of optional embodiment of the embodiment of the present invention For the static vulnerability database matching process of the embodiment of the present invention described.As shown in figure 4, step S103 may include walking as follows It is rapid:
S401: each first dbase set is successively compared with the first dbase set to be detected, and will The first dbase set comprising the first dbase set to be detected is as the first middleware software name set.
Herein, the first dbase set refers to whole words including the dbase in corresponding assets loophole record The set of symbol, the first name set to be detected refer to the set of the alphabet of the dbase including assets to be detected.At this In, can also claim first place software set to be set as only includes in the dbase in corresponding assets loophole record in addition to spy The set of alphabet other than different character sets only soft including assets to be detected for the first dbase set to be detected The set of alphabet in part title other than spcial character.
S402: each first software version set is successively compared with the first software version set to be detected, and will The first software version set comprising the first software version set to be detected is as the first middleware software version set.Herein, Set includes the first middleware software name set and the first middleware software version set among first.
Herein, the first software version set and the first software version set to be detected are referred in above-mentioned steps S401 The first dbase set and the first dbase set to be detected be configured, details are not described herein.
In embodiments of the present invention, by the way that assets information to be set as including dbase and software version, and shape is corresponded to At the first dbase set, the first software version set, the first dbase set to be detected and the first software version to be detected This set makes to form the first middleware software name set and the first middleware software version set after gathering relatively Finally obtained loophole matching result further comprise the first middleware software name set corresponding assets loophole record and The corresponding assets loophole record of first middleware software version set, further improves the comprehensive of the Hole Detection of assets to be detected Property.
It include OS name and operation with assets information as a kind of optional embodiment of the embodiment of the present invention The static vulnerability database matching process of the embodiment of the present invention is described for system version.As shown in figure 5, this method may include as Lower step:
S501: the OS name and operating system version in each assets loophole record in static vulnerability database are extracted This, is respectively formed the first system name set and the first system version set.
Herein, the first system name set includes whole words of the OS name in corresponding assets loophole record Symbol, or the alphabet including the OS name in corresponding assets loophole record other than spcial character;The One system version set includes the alphabet of the operating system version in corresponding assets loophole record, or including corresponding Alphabet of the operating system version other than spcial character in assets loophole record.
S502: extracting the OS name and operating system version of assets to be detected, is respectively formed the first system to be detected System name set and the first system version set to be detected.Herein, the first systematic name set to be detected includes money to be detected The alphabet of the OS name of production, or the OS name including assets to be detected is other than spcial character Alphabet;First system version set to be detected includes the alphabet of the operating system version of assets to be detected, or Alphabet of the operating system version including assets to be detected other than spcial character.Herein, it should be noted that First systematic name set to be detected and the first system name set are correspondingly arranged, the first system version collection to be detected and the first system System version set is correspondingly arranged.
S503: each the first system name set is successively compared with the first systematic name set to be detected, and will The first system name set comprising the first systematic name set to be detected is as the first intermediate system name set.
S504: each the first system version set is successively compared with the first system version set to be detected, and will The first system version sets cooperation comprising the first system version set to be detected is the first intermediate system version set.Herein, Set includes the first intermediate system name set and the first intermediate system version set among first.
S505: the operating system patch number of assets to be detected is extracted.
S506: it extracts assets loophole corresponding with set among first in static vulnerability database and records, and filter and wherein operate System mend number identical assets loophole record with the operating system patch number of assets to be detected, obtains the loophole of assets to be detected Matching result.
Since the operating system when assets to be detected has operating system patch number, and the operating system patch number and a money The operating system patch number produced in loophole record is identical, then it represents that and assets to be detected have been completed the reparation of corresponding loophole, Therefore, in embodiments of the present invention, gather among filtering first in corresponding assets loophole record operating system patch number with to The identical assets loophole record of operating system patch number for detecting assets, obtains the loophole matching result of assets to be detected, can The assets loophole record being repaired in loophole matching result is rejected, the Hole Detection accuracy of assets to be detected is improved.
As a kind of optional embodiment of this hair embodiment, assets information can also include trade name, product type, Product version, OS name and operating system version, or including trade name, product type, product version, software name Title and software version, perhaps including OS name, operating system version, dbase and software version or including factory Quotient's title, product type, product version, OS name, operating system version, dbase and software version.Herein, The particular content of the method for the embodiment of the present invention can be described with reference to the correspondence of front to understand, details are not described herein.
Embodiment 2
Fig. 6 shows a kind of functional block diagram of static vulnerability database coalignment of the embodiment of the present invention, which can use The static vulnerability database matching process described in realization embodiment 1 or its any optional embodiment.As shown in fig. 6, the device It include: first information extraction module 10, the second information extraction modules 20, information comparison module 30 and third information extraction modules 40。
First information extraction module 10 is used to extract the assets information in each assets loophole record in static vulnerability database, Form first set.Herein, first set includes the alphabet of the assets information in corresponding assets loophole record.
Second information extraction modules 20 are used to extract the assets information of assets to be detected, form the first set to be detected.? Here, the first set to be detected includes the alphabet of the assets information of assets to be detected.
Information comparison module 30 is used to for each first set being successively compared with the first set to be detected, and will include The first set of first set to be detected is as the first centre set.
Third information extraction modules 40 are remembered for extracting assets loophole corresponding with set among first in static vulnerability database Record, obtains the loophole matching result of assets to be detected.
The static vulnerability database coalignment of the embodiment of the present invention, can be realized to assets information in vulnerability database and money to be detected The assets information of production is identical, and is substantially the same with the assets information of assets to be detected (than the assets letter of assets to be detected Cease one or more more character) assets loophole record extraction, can reduce due to belonging to same money with assets to be detected The assets information of production is registered as there are certain different information in character level from the assets information of assets to be detected Caused by reason, the part assets loophole that assets to be detected are belonged in static vulnerability database records the problem of can not being matched out generation A possibility that, improve the comprehensive of the Hole Detection of assets to be detected.
The embodiment of the invention also provides a kind of electronic equipment, as shown in fig. 7, the electronic equipment may include processor 71 With memory 72, wherein processor 71 can be connected with memory 72 by bus or other modes, to pass through bus in Fig. 7 For connection.
Processor 71 can be central processing unit (Central Processing Unit, CPU).Processor 71 can be with For other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, The combination of the chips such as discrete hardware components or above-mentioned all kinds of chips.
Memory 72 is used as a kind of non-transient computer readable storage medium, can be used for storing non-transient software program, non- Transient computer executable program and module, as the corresponding program of static vulnerability database matching process in the embodiment of the present invention refers to Order/module.Non-transient software program, instruction and the module that processor 71 is stored in memory 72 by operation, to hold The various function application and data processing of row processor, i.e. static vulnerability database match party in realization above method embodiment Method.
Memory 72 may include storing program area and storage data area, wherein storing program area can storage program area, Application program required at least one function;It storage data area can the data etc. that are created of storage processor 71.In addition, storage Device 72 may include high-speed random access memory, can also include non-transient memory, for example, at least a magnetic disk storage Part, flush memory device or other non-transient solid-state memories.In some embodiments, it includes relative to place that memory 72 is optional The remotely located memory of device 71 is managed, these remote memories can pass through network connection to processor 71.The reality of above-mentioned network Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
One or more of modules are stored in the memory 72, when being executed by the processor 71, are executed Static vulnerability database matching process in embodiment as shown in Figs. 1-5.
Above-mentioned electronic equipment detail can correspond to corresponding associated description in embodiment referring to FIG. 1 to 5 Understood with effect, details are not described herein again.
It is that can lead to it will be understood by those skilled in the art that realizing all or part of the process in above-described embodiment method Computer program is crossed to instruct relevant hardware and complete, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can for magnetic disk, CD, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), flash memory (Flash Memory), hard disk (Hard Disk Drive, abbreviation: HDD) or solid state hard disk (Solid-State Drive, SSD) etc.;The storage medium can also include the combination of the memory of mentioned kind.
Obviously, the above embodiments are merely examples for clarifying the description, and does not limit the embodiments.It is right For those of ordinary skill in the art, can also make on the basis of the above description it is other it is various forms of variation or It changes.There is no necessity and possibility to exhaust all the enbodiments.And it is extended from this it is obvious variation or It changes still within the protection scope of the invention.

Claims (11)

1. a kind of static state vulnerability database matching process, which comprises the steps of:
The assets information in each assets loophole record in the static vulnerability database is extracted, first set is formed;Described first Set includes the alphabet of the assets information in corresponding assets loophole record;
The assets information of assets to be detected is extracted, the first set to be detected is formed;First set to be detected include it is described to Detect the alphabet of the assets information of assets;
Each first set is successively compared with the described first set to be detected, and will be to be detected comprising described first The first set of set is as the first centre set;
It extracts assets loophole corresponding with set among described first in the static vulnerability database to record, obtains the money to be detected The loophole matching result of production.
2. static state vulnerability database matching process according to claim 1, which is characterized in that further include:
The assets feature information in each assets loophole record in the loophole matching result is extracted, second set is formed;Institute State the alphabet that second set includes the assets feature information in corresponding assets loophole record;
The assets feature information of the assets to be detected is extracted, the second set to be detected is formed;The second set packet to be detected Include the alphabet of the assets feature information of the assets to be detected;
The similarity of each second set Yu the described second set to be detected is successively calculated, and the similarity is reached pre- The second set of matching degree is determined as assets loophole set;
The corresponding assets loophole record of the assets loophole set is extracted, the Hole Detection result of the assets to be detected is obtained.
3. static state vulnerability database matching process according to claim 2, which is characterized in that described successively to calculate each described the Two set and the similarity of the described second set to be detected, and using the similarity reach the second set of predetermined matching degree as The step of assets loophole set, comprising:
Successively calculate the actual range between each second set and second set to be detected;The actual range is Minimal step number when keeping the corresponding character string of the second set equal with the described second corresponding character string of set to be detected;
Successively calculate the maximum distance between each second set and second set to be detected;The maximum distance is It is larger in the length of the length of the corresponding character string of the second set and the corresponding character string of second set to be detected Value;
The difference between the actual range and the maximum distance is calculated, relative to the ratio of the maximum distance, obtains institute State similarity;
The similarity is reached into the second set of the predetermined matching degree as the assets loophole set.
4. static state vulnerability database matching process according to claim 2 or 3, which is characterized in that the assets feature packet Include trade name, product type and product version, the second set includes trade name in the assets loophole record, produces The alphabet of product model and product version, second set to be detected include the trade name of the assets to be detected, produce The alphabet of product model and product version.
5. static state vulnerability database matching process according to claim 1 or 2, which is characterized in that the assets information includes factory Quotient's title, product type and product version, the first set include the first name set, the first model set and first version Set, first set to be detected includes that the first name set to be detected, the first model set to be detected and first are to be detected Version set;It is described to be successively compared each first set with the described first set to be detected, and will be comprising described The step of first set of first set to be detected is as the first centre set, comprising:
Each first name set is successively compared with the described first name set to be detected, and described the will be included First name set of one name set to be detected is as the first intermediate name set;
Each first model set is successively compared with the described first model set to be detected, and described the will be included First model set of one model set to be detected is as the first intermediate model set;
Each first version set is successively compared with the described first version set to be detected, and described the will be included The first version set of one version set to be detected is as the first intermediate releases set;The set among first includes described the One intermediate name set, the first intermediate model set and the first intermediate releases set.
6. static state vulnerability database matching process according to claim 1 or 2, which is characterized in that the assets information includes behaviour Make systematic name and operating system version, the first set includes the first system name set and the first system version set, First set to be detected includes the first systematic name set to be detected and the first system version set to be detected;It is described will be each A first set is successively compared with the described first set to be detected, and by the comprising the described first set to be detected The step of one set is as the first centre set, comprising:
Each the first system name set is successively compared with the described first systematic name set to be detected, and will packet The first system name set containing the described first systematic name set to be detected is as the first intermediate system name set;
Each the first system version set is successively compared with the described first system version set to be detected, and will packet The first system version sets cooperation containing the described first system version set to be detected is the first intermediate system version set;Described Set includes the first intermediate system name set and the first intermediate system version set among one.
7. static state vulnerability database matching process according to claim 6, which is characterized in that described to extract the static vulnerability database In assets loophole record corresponding with the set among first, obtain the step of the loophole matching result of the assets to be detected Suddenly, comprising:
Extract the operating system patch number of the assets to be detected;
It extracts assets loophole corresponding with set among described first in the static vulnerability database to record, and filters wherein operation system The identical assets loophole of the operating system patch number of system patch number and the assets to be detected records, and obtains the assets to be detected Loophole matching result.
8. static state vulnerability database matching process according to claim 1 or 2, which is characterized in that the assets information includes soft Part title and software version, the first set include the first dbase set and the first software version set, described first Set to be detected includes the first dbase set to be detected and the first software version set to be detected;It is described by each described One set is successively compared with the described first set to be detected, and will be made comprising the first set of the described first set to be detected The step of gathering for the first centre, comprising:
Each first dbase set is successively compared with the described first dbase set to be detected, and will packet The first dbase set containing the described first dbase set to be detected is as the first middleware software name set;
Each first software version set is successively compared with the described first software version set to be detected, and will packet The first software version set containing the described first software version set to be detected is as the first middleware software version set;Described Set includes the first middleware software name set and the first middleware software version set among one.
9. a kind of static state vulnerability database coalignment characterized by comprising
First information extraction module, for extracting the assets information in each assets loophole record in the static vulnerability database, Form first set;The first set includes the alphabet of the assets information in corresponding assets loophole record;
Second information extraction modules form the first set to be detected for extracting the assets information of assets to be detected;Described first Set to be detected includes the alphabet of the assets information of the assets to be detected;
Information comparison module, for each first set to be successively compared with the described first set to be detected, and will First set comprising the described first set to be detected is as the first centre set;
Third information extraction modules, for extracting assets loophole corresponding with set among described first in the static vulnerability database Record, obtains the loophole matching result of the assets to be detected.
10. a kind of electronic equipment characterized by comprising memory and processor, between the memory and the processor Connection is communicated with each other, computer instruction is stored in the memory, the processor, which passes through, executes the computer instruction, from And perform claim requires the described in any item static vulnerability database matching process of 1-8.
11. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to It enables, the computer instruction is for making the computer perform claim require the described in any item static vulnerability database match parties of 1-8 Method.
CN201910575795.1A 2019-06-28 2019-06-28 Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing Pending CN110347700A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910575795.1A CN110347700A (en) 2019-06-28 2019-06-28 Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910575795.1A CN110347700A (en) 2019-06-28 2019-06-28 Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing

Publications (1)

Publication Number Publication Date
CN110347700A true CN110347700A (en) 2019-10-18

Family

ID=68177163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910575795.1A Pending CN110347700A (en) 2019-06-28 2019-06-28 Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing

Country Status (1)

Country Link
CN (1) CN110347700A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111008380A (en) * 2019-11-25 2020-04-14 杭州安恒信息技术股份有限公司 Method and device for detecting industrial control system bugs and electronic equipment
CN111104677A (en) * 2019-12-18 2020-05-05 哈尔滨安天科技集团股份有限公司 Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification
CN111695120A (en) * 2020-06-12 2020-09-22 公安部第三研究所 Information system safety deep threat early warning system and method
CN112751830A (en) * 2020-12-15 2021-05-04 广东华兴银行股份有限公司 Method, device and medium for improving network attack detection accuracy
CN112800432A (en) * 2021-02-05 2021-05-14 绿盟科技集团股份有限公司 Vulnerability description and asset matching method, device, equipment and medium
CN113067829A (en) * 2021-03-25 2021-07-02 北京天融信网络安全技术有限公司 Threat information processing method and device
CN114372272A (en) * 2022-01-11 2022-04-19 浙江齐安信息科技有限公司 Non-verification type vulnerability matching method
CN116561768A (en) * 2023-05-19 2023-08-08 国家计算机网络与信息安全管理中心 Device firmware vulnerability detection method, device and storage medium
CN117708834A (en) * 2024-02-06 2024-03-15 长扬科技(北京)股份有限公司 Asset vulnerability detection method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104732968A (en) * 2013-12-20 2015-06-24 携程计算机技术(上海)有限公司 Voice control system evaluation system and method
CN107220639A (en) * 2017-04-14 2017-09-29 北京捷通华声科技股份有限公司 The correcting method and device of OCR recognition results
CN107239705A (en) * 2017-05-25 2017-10-10 中国东方电气集团有限公司 A kind of contactless industrial control system or the static leakage location of equipment and detection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104732968A (en) * 2013-12-20 2015-06-24 携程计算机技术(上海)有限公司 Voice control system evaluation system and method
CN107220639A (en) * 2017-04-14 2017-09-29 北京捷通华声科技股份有限公司 The correcting method and device of OCR recognition results
CN107239705A (en) * 2017-05-25 2017-10-10 中国东方电气集团有限公司 A kind of contactless industrial control system or the static leakage location of equipment and detection method

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111008380B (en) * 2019-11-25 2022-05-31 杭州安恒信息技术股份有限公司 Method and device for detecting industrial control system bugs and electronic equipment
CN111008380A (en) * 2019-11-25 2020-04-14 杭州安恒信息技术股份有限公司 Method and device for detecting industrial control system bugs and electronic equipment
CN111104677A (en) * 2019-12-18 2020-05-05 哈尔滨安天科技集团股份有限公司 Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification
CN111104677B (en) * 2019-12-18 2023-12-26 安天科技集团股份有限公司 Vulnerability patch detection method and device based on CPE specification
CN111695120A (en) * 2020-06-12 2020-09-22 公安部第三研究所 Information system safety deep threat early warning system and method
CN112751830A (en) * 2020-12-15 2021-05-04 广东华兴银行股份有限公司 Method, device and medium for improving network attack detection accuracy
CN112751830B (en) * 2020-12-15 2024-01-23 广东华兴银行股份有限公司 Method, equipment and medium for improving network attack detection accuracy
CN112800432A (en) * 2021-02-05 2021-05-14 绿盟科技集团股份有限公司 Vulnerability description and asset matching method, device, equipment and medium
CN113067829A (en) * 2021-03-25 2021-07-02 北京天融信网络安全技术有限公司 Threat information processing method and device
CN114372272A (en) * 2022-01-11 2022-04-19 浙江齐安信息科技有限公司 Non-verification type vulnerability matching method
CN116561768A (en) * 2023-05-19 2023-08-08 国家计算机网络与信息安全管理中心 Device firmware vulnerability detection method, device and storage medium
CN116561768B (en) * 2023-05-19 2024-05-28 国家计算机网络与信息安全管理中心 Device firmware vulnerability detection method, device and storage medium
CN117708834A (en) * 2024-02-06 2024-03-15 长扬科技(北京)股份有限公司 Asset vulnerability detection method and device
CN117708834B (en) * 2024-02-06 2024-04-23 长扬科技(北京)股份有限公司 Asset vulnerability detection method and device

Similar Documents

Publication Publication Date Title
CN110347700A (en) Static vulnerability database matching process, device, electronic equipment and readable storage medium storing program for executing
CN105072089A (en) WEB malicious scanning behavior abnormity detection method and system
WO2016022720A2 (en) Method and apparatus of identifying a transaction risk
US11449604B2 (en) Computer security
CN111310759B (en) Target detection inhibition optimization method and device for dual-mode cooperation
CN110519264A (en) Tracking source tracing method, device and the equipment of attack
GB2583892A (en) Adaptive computer security
CN106294886A (en) A kind of method and system of full dose extracted data from HBase
US11477225B2 (en) Pre-emptive computer security
US11436320B2 (en) Adaptive computer security
CN109710628B (en) Information processing method, information processing device, information processing system, computer and readable storage medium
GB2582609A (en) Pre-emptive computer security
CN106547658A (en) A kind of automated testing method and device
CN114329455B (en) User abnormal behavior detection method and device based on heterogeneous graph embedding
CN115827436A (en) Data processing method, device, equipment and storage medium
WO2022156720A1 (en) Method and apparatus for group control account excavation, device, and storage medium
CN103164335A (en) Method and system for detecting unit test quality
CN110532772A (en) File test method, model, equipment and computer readable storage medium
CN109189803A (en) Question and answer are to construction method, device and computer readable storage medium
CN111444362A (en) Malicious picture intercepting method, device, equipment and storage medium
CN115834231A (en) Honeypot system identification method and device, terminal equipment and storage medium
CN116167327A (en) Tool and method for checking length of PCB signal line length and via stub length
CN111901137A (en) Method for mining multi-step attack scene by using honeypot alarm log
CN115470489A (en) Detection model training method, detection method, device and computer readable medium
Patri et al. Data mining with shapelets for predicting valve failures in gas compressors

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191018

RJ01 Rejection of invention patent application after publication