CN114021156A - Method, device and equipment for organizing vulnerability automatic aggregation and storage medium - Google Patents
Method, device and equipment for organizing vulnerability automatic aggregation and storage medium Download PDFInfo
- Publication number
- CN114021156A CN114021156A CN202210005955.0A CN202210005955A CN114021156A CN 114021156 A CN114021156 A CN 114021156A CN 202210005955 A CN202210005955 A CN 202210005955A CN 114021156 A CN114021156 A CN 114021156A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- information
- vulnerability information
- target
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/151—Transformation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the disclosure provides a method, a device, equipment and a storage medium for organizing vulnerability automatic aggregation. The method comprises the steps of collecting vulnerability information of a plurality of source country vulnerability databases; based on vulnerability information in a target national vulnerability database, duplicate checking and merging vulnerability information of a plurality of source national vulnerability databases to obtain warehouse-in vulnerability information; converting the warehouse-in vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database; and generating the sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to the preset security vulnerability description specification. In this way, the vulnerability information of a plurality of countries can be efficiently sorted, and the sorted presentation effect is good.
Description
Technical Field
The present disclosure relates to the field of data aggregation, and more particularly, to the field of collating vulnerability automated aggregations.
Background
With the continuous occurrence and increasing threat of security events in recent years, the harm range of network security is so small that the privacy of individuals is so large that the security problems of the network space at government and country level conflict, and the security events are said to be increasingly serious. The essence of the network security problem is that available vulnerabilities exist, so management and analysis of vulnerabilities are very important for network management personnel, and a complete and comprehensive vulnerability library is constructed on the premise of well-done vulnerability management.
At present, a cave depot is often organized and constructed manually, so that time and labor are wasted, and the efficiency is low.
Disclosure of Invention
The disclosure provides a method, a device, equipment and a storage medium for organizing vulnerability automatic aggregation.
According to a first aspect of the present disclosure, there is provided a method for organizing vulnerability automated aggregation, the method including:
collecting vulnerability information of a plurality of source country vulnerability databases;
based on vulnerability information in a target national vulnerability database, duplicate checking and merging vulnerability information of a plurality of source national vulnerability databases to obtain warehouse-in vulnerability information;
converting the warehouse-in vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database;
and generating the sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to the preset security vulnerability description specification.
In some implementations of the first aspect, the method further comprises: identifying characters of vulnerability information of non-target countries in vulnerability information of a plurality of source country vulnerability databases based on preset character conversion rules, and correspondingly replacing the characters with characters of the target countries to obtain vulnerability information of replaced characters;
converting the warehouse-in vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database, comprising the following steps:
and identifying the character information in the vulnerability information of the replacement characters and replacing the character information with the corresponding target country characters to obtain the vulnerability information meeting the format requirement of the target country vulnerability database.
In some implementation manners of the first aspect, based on vulnerability information in the target vulnerability database, duplicate checking and merging vulnerability information of multiple source country vulnerability databases to obtain warehouse-in vulnerability information, including:
according to the updating time of the vulnerability information, duplicate removal is carried out on the vulnerability information with the same unique identifier in the vulnerability databases of a plurality of source countries;
using the bug information with different unique identifiers in the target country bug database in the bug information of the multiple source country bug databases after duplication removal as first warehouse-in bug information;
merging the bug information with the same unique identifier as that in the target country bug database in the bug information of the multiple source country bug databases after duplication removal according to the priority of the data sources corresponding to the fields of the bug information to obtain second warehouse-in bug information;
and determining the warehousing vulnerability information according to the first warehousing vulnerability information and the second warehousing vulnerability information.
In some implementation manners of the first aspect, merging vulnerability information that is identical to a unique identifier in a target country vulnerability database in the vulnerability information of a plurality of source country vulnerability databases after duplication removal according to priorities of data sources corresponding to fields of the vulnerability information to obtain second warehouse-in vulnerability information, including:
the method comprises the steps that a data source with high priority corresponding to each field of vulnerability information with the same unique identifier in vulnerability information of a plurality of source country vulnerability databases and vulnerability information of a target country vulnerability database after duplication removal is used as a target data source of a field corresponding to the vulnerability information with the same unique identifier in the vulnerability information of the target country vulnerability database;
and determining second warehousing vulnerability information based on the target data source of the corresponding field of the vulnerability information with the same unique identifier in the vulnerability information of the target national vulnerability database.
In some implementation manners of the first aspect, generating, according to a preset security vulnerability description specification, sorted vulnerability information based on vulnerability information meeting a target national vulnerability database format requirement, including:
extracting fields in the vulnerability information of the database to be sorted based on a preset natural language processing algorithm;
and generating the extracted vulnerability information based on a preset security vulnerability description standard.
In some implementations of the first aspect, the collated vulnerability information includes a vulnerability name, a hazard level, a vulnerability type, a vulnerability description, an affected product, and a system;
the vulnerability name is determined according to the vulnerability type, vulnerability influence manufacturers and/or products;
the hazard grade is determined based on a classification algorithm corresponding to a preset classification and classification guideline for the network security vulnerability according to the vulnerability risk assessment score in the extracted field;
the vulnerability type is determined based on a classification algorithm corresponding to a preset classification and classification guideline for the network security vulnerability according to vulnerability numbers in the extracted fields;
the vulnerability description is determined according to the influence products and manufacturers in the extracted fields;
the affected products and systems are determined by the product and vendor in the extracted field.
In some implementations of the first aspect, the method further comprises:
and generating a vulnerability portrait corresponding to the unique identifier of the collated vulnerability information based on the collated vulnerability information and the vulnerability information in the target national vulnerability database according to a preset knowledge graph analysis algorithm.
According to a second aspect of the present disclosure, there is provided a collating device for automatic vulnerability aggregation, the device comprising:
the acquisition device is used for acquiring vulnerability information of a plurality of source country vulnerability databases;
the warehouse-in vulnerability information generation module is used for carrying out duplication checking and merging on the vulnerability information of the source national vulnerability databases based on the vulnerability information in the target national vulnerability database to obtain warehouse-in vulnerability information;
the format conversion module is used for converting the warehouse-in vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database;
and the generating module is used for generating the sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to the preset security vulnerability description specification.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory having a computer program stored thereon, and a processor that, when executing the program, implements a method for organizing automated aggregation of vulnerabilities as described above in connection with the first aspect, and in some implementations of the first aspect.
According to a fourth aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of orchestration of automated aggregation of vulnerabilities as described above in the first aspect, and in some implementations of the first aspect.
According to the automatic vulnerability aggregation sorting method, device, equipment and storage medium provided by the disclosure, vulnerability information from a plurality of source country vulnerability databases is collected, then the collected vulnerability information is searched, overlapped and converted in format, finally vulnerability information meeting the format requirement of a target country vulnerability database is generated according to the security vulnerability description specification, and the process of finishing vulnerability information sorting is finished according to preset processing logic through a processor, so that the efficiency is high, and sorted data generated according to the description specification is good in presentation effect of the sorted data.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. The accompanying drawings are included to provide a further understanding of the present disclosure, and are not intended to limit the disclosure thereto, and the same or similar reference numerals will be used to indicate the same or similar elements, where:
fig. 1 is a schematic flowchart of a method for organizing vulnerability automated aggregation according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of another method for organizing vulnerability automated aggregation according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a vulnerability representation provided by an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a collating device for automatic vulnerability aggregation according to an embodiment of the present disclosure;
FIG. 5 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
With the continuous occurrence and increasing threat of security events in recent years, the harm range of network security is so small that the privacy of individuals is so large that the security problems of the network space at government and country level conflict, and the security events are said to be increasingly serious. The essence of the network security problem is that available vulnerabilities exist, so management and analysis of vulnerabilities are very important for network management personnel, and a complete and comprehensive vulnerability library is constructed on the premise of well-done vulnerability management.
As is known, a large number of vulnerabilities are revealed every day, and data acquisition, cleaning, merging, duplication removal and sorting of vulnerabilities of a global mainstream vulnerability information base in a manual mode are time-consuming and labor-consuming things, and the following points mainly exist:
1. the efficiency is low: the data of the global mainstream vulnerability information base is acquired and analyzed in a full and incremental mode in a manual mode, and the efficiency problem is self-evident;
2. difficult cleaning: batch cleaning is difficult to achieve manually, such as: filtering and removing duplication, which results in that a lot of information is repeatedly acquired, and a lot of dirty data exists in a leak library;
3. difficult finishing: manually, the fields are difficult to be displayed according to the requirements of information security technology-network security vulnerability identification and description specification;
4. difficult to present: the manual mode is difficult to present the leak library in a visual mode, and the arrangement and the operation of the leak library are not convenient to drive;
in conclusion, the prior art that the cave depot is organized and constructed manually, so that time and labor are wasted, the efficiency is low, and the organizing effect is poor.
The method comprises the steps of collecting vulnerability information of vulnerability databases of a plurality of source countries; based on vulnerability information in a target national vulnerability database, duplicate checking and merging vulnerability information of a plurality of source national vulnerability databases to obtain warehouse-in vulnerability information; converting the warehouse-in vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database; and generating the sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to the preset security vulnerability description specification. According to the method and the device, the vulnerability information from the vulnerability databases of the source countries is collected, then the collected vulnerability information is checked, overlapped and converted in format, finally the vulnerability information meeting the format requirement of the vulnerability database of the target country is generated according to the security vulnerability description specification, and the process of finishing the vulnerability information finishing is finished through the processor according to the preset processing logic, so that the efficiency is high, and the finished data is generated according to the description specification, so that the finished data presentation effect is good.
The technical solutions provided by the embodiments of the present disclosure are described below with reference to the accompanying drawings.
Fig. 1 is a schematic flow diagram of a method for organizing a vulnerability automation aggregate provided in an embodiment of the present disclosure, and as shown in fig. 1, the method for organizing a vulnerability automation aggregate may specifically include:
s101: and collecting vulnerability information of a plurality of source country vulnerability databases.
The source country vulnerability databases may specifically refer to a global mainstream vulnerability database.
In one embodiment, for the characteristics of the vulnerability databases of the source countries, different acquisition programs can be written according to vulnerability intelligence sources, namely the vulnerability databases of the source countries, and acquisition tasks including incremental acquisition and full acquisition are set according to vulnerability disclosure time of the data sources, and single acquisition and periodic acquisition are performed according to acquisition frequency.
S102: and based on the vulnerability information in the target national vulnerability database, duplicate checking and merging the vulnerability information of the source national vulnerability databases to obtain the warehouse-in vulnerability information.
S103: and converting the warehouse-in vulnerability information into vulnerability information meeting the format requirement of the target national vulnerability database.
S104: and generating the sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to the preset security vulnerability description specification.
In the arrangement process shown in fig. 1, collected vulnerability information comes from a plurality of source country vulnerability databases, then the collected vulnerability information is searched, overlapped and converted in format, finally vulnerability information meeting the format requirement of a target country vulnerability database is generated according to a security vulnerability description specification, and vulnerability information arrangement is completed.
Fig. 2 shows another flow diagram of the method for organizing vulnerability automated aggregation, and the method for organizing vulnerability automated aggregation is further described with reference to fig. 2.
Because the vulnerability information of the vulnerability databases of multiple source countries is collected in S101, it is considered that a phenomenon of messy codes of a part of the collected vulnerability data occurs in a previous cleaning stage, for example, a russian or japanese punctuation mark often generates messy codes in a translation process, which causes subsequent format conversion, and an error occurs in a process of generating the sorted vulnerability information. Therefore, as shown in fig. 2, in an embodiment, automatic vulnerability data cleaning may be performed first, that is, the target character is replaced with an original character according to a preset cleaning rule, so as to implement cleaning, where the original character may refer to a punctuation mark in vulnerability information of a vulnerability database of each source country, and the target character may refer to a punctuation mark of a target country corresponding to the punctuation mark, so as to avoid a phenomenon of messy codes occurring in subsequent punctuation mark translations. Specifically, the characters of the vulnerability information of the non-target countries in the vulnerability information of the source country vulnerability databases can be identified based on preset character conversion rules, and are correspondingly replaced by the characters of the target countries, so that vulnerability information of the replaced characters is obtained, and vulnerability data cleaning is completed, wherein the characters comprise punctuation marks.
In S102, the automatic vulnerability data checking, repeating and merging process may specifically include three processes of vulnerability database external duplication checking, vulnerability database internal duplication checking and data merging.
The vulnerability database external check duplication specifically includes before warehousing, removing duplication of vulnerability information with the same unique identifier in a plurality of source country vulnerability databases according to the update time of the vulnerability information, wherein the unique identifier may be a unique ID. Specifically, in vulnerability information with the same unique identifier in a plurality of source country vulnerability databases, the latest vulnerability information with the latest update time is reserved as the duplicate-removed vulnerability information corresponding to the unique identifier; and uniquely identifying different vulnerability information, and reserving the vulnerability information to obtain the vulnerability information of the multiple source country vulnerability databases after duplication removal.
The duplicate checking in the vulnerability database can be specifically that vulnerability information which is different from the unique identifier in the target national vulnerability database in the vulnerability information of the multiple source national vulnerability databases after duplicate removal is used as first warehouse-in vulnerability information, and the first warehouse-in vulnerability information and the target national vulnerability database are not repeated, so that the vulnerability information can be directly warehoused.
The data merging may specifically be to merge vulnerability information, which is the same as the unique identifier in the target country vulnerability database, in the vulnerability information of the multiple source country vulnerability databases after duplication removal according to the priority of the data source corresponding to the field of the vulnerability information, to obtain second warehouse-in vulnerability information, that is, the duplicate portions of the vulnerability information of the multiple source country vulnerability databases after duplication removal and the target country vulnerability database need to be merged, and the portions can be warehoused after merging is completed.
In a specific embodiment, the process of merging the vulnerability information with the same unique identifier in the target country vulnerability database to obtain second warehouse-in vulnerability information may specifically include using the high-priority data source corresponding to each field of the vulnerability information with the same unique identifier in the vulnerability information of the target country vulnerability database and the vulnerability information of the multiple source country vulnerability databases after duplication removal as the target data source of the field corresponding to the vulnerability information with the same unique identifier in the vulnerability information of the target country vulnerability database; and determining second warehousing vulnerability information based on the target data source of the corresponding field of the vulnerability information with the same unique identifier in the vulnerability information of the target national vulnerability database.
It can be seen that, in the data merging process, merging is performed according to the priority of the data sources of each field of the vulnerability information, so as to obtain second warehouse-in vulnerability information. Such as: the same data is collected from the data source A and the data source B, if [ vulnerability hazard level ] in the vulnerability information is higher in priority than the data source B, the [ vulnerability hazard level ] field adopts the data source A, and if [ vulnerability description ] in the vulnerability information is higher in priority than the data source, the [ vulnerability description ] field adopts the data source B.
After the three processes of external duplicate checking of the vulnerability database, internal duplicate checking of the vulnerability database and data merging are performed, the warehousing vulnerability information can be determined according to the obtained first warehousing vulnerability information and the second warehousing vulnerability information, and then automatic translation and automatic arrangement processes can be performed as shown in fig. 2.
The automatic translation process, that is, the process of converting the warehouse-in vulnerability information into vulnerability information meeting the target national vulnerability database format requirement, may specifically include identifying and replacing the character information in the vulnerability information of the replacement character with the corresponding target national character to obtain the vulnerability information meeting the target national vulnerability database format requirement. It should be noted that, after the translation process is placed in the automatic vulnerability data checking, overlapping and merging process of S102, because translation is performed after the overlapping is checked and the warehousing vulnerability information is obtained, the part which is not warehoused is not required to be translated, and thus, the computing resources can be reduced, the resource expenditure can be saved, and the computing efficiency can be improved.
An automatic sorting process, namely a process of generating sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to a preset security vulnerability description specification, specifically, the automatic sorting process can be based on a preset natural language processing algorithm, namely NLP semantic analysis, and extracting fields in the vulnerability information of the database to be sorted; the extracted vulnerability information is based on a preset security vulnerability description standard, namely, the vulnerability information can be automatically output and displayed according to the requirements of information security technology-network security vulnerability identification and description standard, and the organized vulnerability information is generated.
Because the organized vulnerability information is generated according to the description specification in the process of generating the organized vulnerability information, the organized data presentation effect is more standard than the manual organization.
It is further noted that the organized vulnerability information includes vulnerability name, hazard level, vulnerability type, vulnerability description, affected products and system;
the vulnerability name is determined according to the vulnerability type, vulnerability influencing manufacturers and/or products, and can be automatically generated according to the vulnerability influencing manufacturers/product names + vulnerability type + [ security vulnerability ];
the damage level is determined based on a classification algorithm corresponding to a preset network security vulnerability classification guideline according to the extracted vulnerability risk assessment score in the field, and the vulnerability damage level can be automatically mapped according to the acquired field vulnerability risk assessment score according to the information security technology-network security vulnerability classification guideline, wherein the mapping relation is as follows: risk assessment is low risk of 0 to 3.9, intermediate risk of 4.0 to 7.0, high risk of 7.1 to 9.0 and super risk of 9.1 to 10.0;
the vulnerability type is determined based on a classification algorithm corresponding to a preset network security vulnerability classification guideline according to the vulnerability number in the extracted field, and the vulnerability type can be automatically mapped according to the acquired field vulnerability number in the information security technology-network security vulnerability classification guideline;
the vulnerability description is determined according to the influence products and manufacturers in the extracted fields, and specifically, the vulnerability description can be automatically translated according to the acquired information, and the influence products and manufacturers are extracted by adopting an NLP semantic analysis technology;
the affected product and the system are determined according to the product and the manufacturer in the extracted field, and the affected product or the system can be automatically translated according to the acquired loophole product and the manufacturer field.
In order to visually present the vulnerability information, in an embodiment, a vulnerability sketch corresponding to the unique identifier of the collated vulnerability information may be generated based on the collated vulnerability information and the vulnerability information in the target country vulnerability database according to a preset knowledge graph analysis algorithm, and the vulnerability sketch may be specifically as shown in fig. 3, where the central node may include the unique identifier of the vulnerability information.
In addition, it should be noted that after the warehousing vulnerability information is determined and the determined warehousing vulnerability information is added to the target national vulnerability database, vulnerability information in the target national vulnerability database, which is the same as the unique identifier of the warehousing vulnerability information, is deleted, so that the phenomenon that one unique identifier in the vulnerability database to which the warehousing vulnerability information is added corresponds to two different vulnerability information is avoided.
According to the automatic bug aggregation arranging method, automatic creation and arranging processes of the bug database are achieved through the processor, automatic bug collection, automatic cleaning, automatic duplicate checking and combination are achieved, automatic building, namely daily updating and maintenance of the bug database are finally achieved, efficiency is high, the arranging effect is good, and various bottlenecks and defects caused by manual arrangement are overcome.
And the generated organized vulnerability information is automatically output and displayed according to the requirements of information security technology-network security vulnerability identification and description standard, the organized data has better presentation effect, and the organized data is more standard.
Corresponding to the method for arranging the automatic polymerization of the vulnerabilities shown in fig. 1, the disclosure also provides an arrangement device for the automatic polymerization of the vulnerabilities.
As shown in fig. 4, the organizing device for automatically aggregating vulnerabilities may include:
the acquisition module 401 may be configured to acquire vulnerability information of a plurality of source country vulnerability databases;
the storage vulnerability information generating module 402 may be configured to duplicate and merge vulnerability information of multiple source country vulnerability databases based on vulnerability information in the target country vulnerability database to obtain storage vulnerability information;
the format conversion module 403 may be configured to convert the warehouse-in vulnerability information into vulnerability information meeting the format requirement of the target national vulnerability database;
the generating module 404 may be configured to generate the sorted vulnerability information based on vulnerability information meeting the format requirement of the target national vulnerability database according to a preset security vulnerability description specification.
In one embodiment, the apparatus may further include a character replacement module, which is configured to identify a character of the vulnerability information of a non-target country in the vulnerability information of the source country vulnerability databases based on a preset character conversion rule, and replace the character with a character of the target country to obtain vulnerability information of the replacement character;
the format conversion module 403 may also be configured to identify text information in the vulnerability information of the replacement characters and replace the text information with corresponding target country text, so as to obtain vulnerability information meeting the format requirement of the target country vulnerability database.
The warehouse-in vulnerability information generating module 402 may be further configured to duplicate vulnerability information with the same unique identifier in the source national vulnerability databases according to the update time of the vulnerability information; using the bug information with different unique identifiers in the target country bug database in the bug information of the multiple source country bug databases after duplication removal as first warehouse-in bug information; merging the bug information with the same unique identifier as that in the target country bug database in the bug information of the multiple source country bug databases after duplication removal according to the priority of the data sources corresponding to the fields of the bug information to obtain second warehouse-in bug information; and determining the warehousing vulnerability information according to the first warehousing vulnerability information and the second warehousing vulnerability information.
The storage vulnerability information generating module 402 may be further configured to use a data source with a high priority corresponding to each field of vulnerability information with the same unique identifier in the vulnerability information of the target national vulnerability database and the vulnerability information of the multiple source national vulnerability databases after duplication removal as a target data source of a field corresponding to vulnerability information with the same unique identifier in the vulnerability information of the target national vulnerability database; and determining second warehousing vulnerability information based on the target data source of the corresponding field of the vulnerability information with the same unique identifier in the vulnerability information of the target national vulnerability database.
The generating module 404 may be further configured to extract, based on a preset natural language processing algorithm, a field in the vulnerability information of the database to be sorted; and generating the extracted vulnerability information based on a preset security vulnerability description standard.
In one embodiment, the collated vulnerability information includes vulnerability name, hazard level, vulnerability type, vulnerability description, affected products, and system;
the vulnerability name is determined according to the vulnerability type, vulnerability influence manufacturers and/or products;
the hazard grade is determined based on a classification algorithm corresponding to a preset classification and classification guideline for the network security vulnerability according to the vulnerability risk assessment score in the extracted field;
the vulnerability type is determined based on a classification algorithm corresponding to a preset classification and classification guideline for the network security vulnerability according to vulnerability numbers in the extracted fields;
the vulnerability description is determined according to the influence products and manufacturers in the extracted fields;
the affected products and systems are determined by the product and vendor in the extracted field.
In an embodiment, the apparatus may further include a vulnerability representation generation module, configured to generate a vulnerability representation corresponding to the unique identifier of the collated vulnerability information based on the collated vulnerability information and the vulnerability information in the target country vulnerability database according to a preset knowledge graph analysis algorithm.
In the automatic collating device that gathers of leak that this disclosure provides, can realize automatic establishment of leak storehouse, the collating process through the treater, through automatic collection of leak, automatic washing, automatic duplicate checking, amalgamation, finally realize the automatic construction of leak storehouse promptly and update the maintenance daily, efficiency is higher and the effect of presenting after the collation is better, solves each item bottleneck and the shortcoming that brings because of manual collation.
It can be understood that each module in the finishing device for automatically aggregating vulnerabilities shown in fig. 4 has a function of implementing each step in fig. 1, and can achieve the corresponding technical effect, and for brevity, the details are not described herein again.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 5 shows a schematic block diagram of an electronic device 500 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The device 500 comprises a computing unit 501 which may perform various suitable actions and processes in accordance with a computer program stored in a Read Only Memory (ROM) 502 or a computer program loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data required for the operation of the device 500 can also be stored. The calculation unit 501, the ROM502, and the RAM503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
A number of components in the device 500 are connected to the I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, or the like; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508, such as a magnetic disk, optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the device 500 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general-purpose and/or special-purpose processing components having processing and computing capabilities. Some examples of the computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 501 performs the various methods and processes described above, such as the collation method of the vulnerability automation aggregation in fig. 1. For example, in some embodiments, the collation method of vulnerability automated aggregation in fig. 1 may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 500 via the ROM502 and/or the communication unit 509. When loaded into RAM503 and executed by the computing unit 501, the computer program may perform one or more steps of the above-described collation method of vulnerability automation aggregation. Alternatively, in other embodiments, the computing unit 501 may be configured by any other suitable means (e.g., by means of firmware) to perform the collation method of the vulnerability automation aggregation in fig. 1.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (10)
1. A method for organizing vulnerability automated aggregation is characterized by comprising the following steps:
collecting vulnerability information of a plurality of source country vulnerability databases;
based on vulnerability information in a target national vulnerability database, duplicate checking and merging the vulnerability information of the source national vulnerability databases to obtain warehouse-in vulnerability information;
converting the warehousing vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database;
and generating the sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to the preset security vulnerability description specification.
2. The method of claim 1, further comprising: identifying characters of vulnerability information of non-target countries in the vulnerability information of the source country vulnerability databases based on preset character conversion rules, and correspondingly replacing the characters with characters of the target countries to obtain vulnerability information of the replaced characters;
the step of converting the warehousing vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database comprises the following steps:
and identifying the character information in the vulnerability information of the replacement characters and replacing the character information with the corresponding target country characters to obtain the vulnerability information meeting the format requirement of the target country vulnerability database.
3. The method according to claim 1, wherein the retrieving and combining vulnerability information of the source country vulnerability databases based on vulnerability information in a target vulnerability database to obtain warehouse-in vulnerability information comprises:
according to the updating time of the vulnerability information, duplicate removal is carried out on the vulnerability information with the same unique identifier in the source country vulnerability databases;
using the bug information with different unique identifiers in the target country bug database in the bug information of the multiple source country bug databases after duplication removal as first warehouse-in bug information;
merging the bug information with the same unique identifier as that in the target country bug database in the bug information of the multiple source country bug databases after duplication removal according to the priority of the data sources corresponding to the fields of the bug information to obtain second warehouse-in bug information;
and determining the warehousing vulnerability information according to the first warehousing vulnerability information and the second warehousing vulnerability information.
4. The method according to claim 3, wherein merging the duplicate-removed vulnerability information of the multiple source country vulnerability databases with the vulnerability information with the same unique identifier in the target country vulnerability database according to the priority of the data source corresponding to the field of the vulnerability information to obtain second warehouse-in vulnerability information comprises:
the method comprises the steps that a data source with high priority corresponding to each field of vulnerability information with the same unique identifier in vulnerability information of a plurality of source country vulnerability databases and vulnerability information of a target country vulnerability database after duplication removal is used as a target data source of a field corresponding to the vulnerability information with the same unique identifier in the vulnerability information of the target country vulnerability database;
and determining the second warehousing vulnerability information based on the target data source of the corresponding field of the vulnerability information with the same unique identifier in the vulnerability information of the target national vulnerability database.
5. The method according to claim 1, wherein the generating of the sorted vulnerability information based on the vulnerability information meeting the target national vulnerability database format requirement according to a preset security vulnerability description specification comprises:
extracting fields in the vulnerability information meeting the format requirement of the target national vulnerability database based on a preset natural language processing algorithm;
and generating the extracted vulnerability information based on a preset security vulnerability description standard.
6. The method of claim 5, wherein the collated vulnerability information includes vulnerability name, hazard level, vulnerability type, vulnerability description, affected products, and system;
the vulnerability name is determined according to a vulnerability type, a vulnerability influence manufacturer and/or a product;
the hazard grade is determined based on a classification algorithm corresponding to a preset classification and classification guideline for the network security vulnerability according to the vulnerability risk assessment score in the extracted field;
the vulnerability type is determined based on a classification algorithm corresponding to a preset classification guideline for the network security vulnerability according to vulnerability numbers in the extracted fields;
the vulnerability description is determined according to the influence products and manufacturers in the extracted fields;
the affected products and systems are determined by the product and vendor in the extracted field.
7. The method of claim 1, further comprising:
and generating a vulnerability portrait corresponding to the unique identifier of the collated vulnerability information based on the collated vulnerability information and the vulnerability information in the target national vulnerability database according to a preset knowledge graph analysis algorithm.
8. An automated vulnerability aggregation finishing device, the device comprising:
the acquisition device is used for acquiring vulnerability information of a plurality of source country vulnerability databases;
the warehouse-in vulnerability information generation module is used for carrying out duplication checking and merging on the vulnerability information of the source country vulnerability databases based on the vulnerability information in the target country vulnerability database to obtain warehouse-in vulnerability information;
the format conversion module is used for converting the warehousing vulnerability information into vulnerability information meeting the format requirement of a target national vulnerability database;
and the generating module is used for generating the sorted vulnerability information based on the vulnerability information meeting the format requirement of the target national vulnerability database according to the preset security vulnerability description specification.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210005955.0A CN114021156A (en) | 2022-01-05 | 2022-01-05 | Method, device and equipment for organizing vulnerability automatic aggregation and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210005955.0A CN114021156A (en) | 2022-01-05 | 2022-01-05 | Method, device and equipment for organizing vulnerability automatic aggregation and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114021156A true CN114021156A (en) | 2022-02-08 |
Family
ID=80069591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210005955.0A Pending CN114021156A (en) | 2022-01-05 | 2022-01-05 | Method, device and equipment for organizing vulnerability automatic aggregation and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114021156A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115455475A (en) * | 2022-09-16 | 2022-12-09 | 武汉思普崚技术有限公司 | Method for establishing leak library and related equipment |
| CN115828270A (en) * | 2023-02-20 | 2023-03-21 | 南京治煜信息科技有限公司 | Vulnerability verification construction system and method based on NLP |
| CN116894229A (en) * | 2023-09-06 | 2023-10-17 | 北京华云安软件有限公司 | Method, device, equipment and storage medium for fusing multiple data sources of same type |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN106407813A (en) * | 2016-05-17 | 2017-02-15 | 北京智言金信信息技术有限公司 | Data normalization processing apparatus and method for heterogeneous vulnerability scanner |
| CN110688456A (en) * | 2019-09-25 | 2020-01-14 | 北京计算机技术及应用研究所 | Vulnerability knowledge base construction method based on knowledge graph |
| US20200106793A1 (en) * | 2018-10-02 | 2020-04-02 | Olympus Infotech, LLC | Methods, systems, and computer program products for continuous cyber risk monitoring |
| CN111310195A (en) * | 2020-03-27 | 2020-06-19 | 北京双湃智安科技有限公司 | Security vulnerability management method, device, system, equipment and storage medium |
| US20210110319A1 (en) * | 2019-10-09 | 2021-04-15 | Battelle Memorial Institute | Framework to quantify cybersecurity risks and consequences for critical infrastructure |
| CN113656807A (en) * | 2021-08-23 | 2021-11-16 | 杭州安恒信息技术股份有限公司 | Vulnerability management method, device, equipment and storage medium |
-
2022
- 2022-01-05 CN CN202210005955.0A patent/CN114021156A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN106407813A (en) * | 2016-05-17 | 2017-02-15 | 北京智言金信信息技术有限公司 | Data normalization processing apparatus and method for heterogeneous vulnerability scanner |
| US20200106793A1 (en) * | 2018-10-02 | 2020-04-02 | Olympus Infotech, LLC | Methods, systems, and computer program products for continuous cyber risk monitoring |
| CN110688456A (en) * | 2019-09-25 | 2020-01-14 | 北京计算机技术及应用研究所 | Vulnerability knowledge base construction method based on knowledge graph |
| US20210110319A1 (en) * | 2019-10-09 | 2021-04-15 | Battelle Memorial Institute | Framework to quantify cybersecurity risks and consequences for critical infrastructure |
| CN111310195A (en) * | 2020-03-27 | 2020-06-19 | 北京双湃智安科技有限公司 | Security vulnerability management method, device, system, equipment and storage medium |
| CN113656807A (en) * | 2021-08-23 | 2021-11-16 | 杭州安恒信息技术股份有限公司 | Vulnerability management method, device, equipment and storage medium |
Non-Patent Citations (5)
| Title |
|---|
| BAHADOR KHALEGHI: "Multisensor data fusion: A review of the state-of-the-art", 《INFORMATION FUSION》 * |
| 唐和平: "漏洞数据库的文本聚类分析", 《计算机应用研究》 * |
| 淮甲刚等: "网络化条件下漏洞信息的获取及处理方法研究", 《微型机与应用》 * |
| 温涛: "安全漏洞危害评估研究暨标准漏洞库的设计与实现", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 * |
| 温涛等: "UVDA:自动化融合异构安全漏洞库框架的设计与实现", 《通信学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115455475A (en) * | 2022-09-16 | 2022-12-09 | 武汉思普崚技术有限公司 | Method for establishing leak library and related equipment |
| CN115455475B (en) * | 2022-09-16 | 2023-07-18 | 武汉思普崚技术有限公司 | Vulnerability library establishment method and related equipment |
| CN115828270A (en) * | 2023-02-20 | 2023-03-21 | 南京治煜信息科技有限公司 | Vulnerability verification construction system and method based on NLP |
| CN116894229A (en) * | 2023-09-06 | 2023-10-17 | 北京华云安软件有限公司 | Method, device, equipment and storage medium for fusing multiple data sources of same type |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114021156A (en) | Method, device and equipment for organizing vulnerability automatic aggregation and storage medium | |
| EP3916584A1 (en) | Information processing method and apparatus, electronic device and storage medium | |
| CN114461644A (en) | Data acquisition method and device, electronic equipment and storage medium | |
| CN114064925A (en) | Knowledge graph construction method, data query method, device, equipment and medium | |
| CN113609100A (en) | Data storage method, data query method, data storage device, data query device and electronic equipment | |
| CN113360918A (en) | Vulnerability rapid scanning method, device, equipment and storage medium | |
| CN110795456B (en) | Map query method and device, computer equipment and storage medium | |
| CN115048352B (en) | Log field extraction method, device, equipment and storage medium | |
| US11782923B2 (en) | Optimizing breakeven points for enhancing system performance | |
| CN114896418A (en) | Knowledge graph construction method and device, electronic equipment and storage medium | |
| CN116414814A (en) | Data checking method, device, equipment, storage medium and program product | |
| CN115455091A (en) | Data generation method and device, electronic equipment and storage medium | |
| CN115422275A (en) | Data processing method, device, equipment and storage medium | |
| CN115329150A (en) | Method and device for generating search condition tree, electronic equipment and storage medium | |
| CN115203281A (en) | Information searching method and device, electronic equipment and storage medium | |
| CN110019547B (en) | Method, device, equipment and medium for acquiring association relation between clients | |
| CN112381167A (en) | Method for training task classification model, and task classification method and device | |
| CN113254993B (en) | Data protection method, apparatus, device, storage medium, and program product | |
| CN112988507B (en) | Service monitoring method, device, equipment, storage medium and computer program product | |
| CN116431698B (en) | Data extraction method, device, equipment and storage medium | |
| CN115357271A (en) | Information processing method and device | |
| CN115329999A (en) | Operation and maintenance task processing method, device, platform and storage medium | |
| CN115630068A (en) | Abnormal data table determining method, device, equipment and storage medium | |
| CN113407745A (en) | Data annotation method and device, electronic equipment and computer readable storage medium | |
| CN115600037A (en) | Data acquisition method, device and equipment based on front-end buried point and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220208 |
|
| RJ01 | Rejection of invention patent application after publication |