CN116055102A - Method for updating necessary repair loopholes, method for scanning necessary repair loopholes and related equipment - Google Patents
Method for updating necessary repair loopholes, method for scanning necessary repair loopholes and related equipment Download PDFInfo
- Publication number
- CN116055102A CN116055102A CN202211570852.5A CN202211570852A CN116055102A CN 116055102 A CN116055102 A CN 116055102A CN 202211570852 A CN202211570852 A CN 202211570852A CN 116055102 A CN116055102 A CN 116055102A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- target
- network
- vulnerabilities
- repair
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The application provides a method for updating a necessary repair vulnerability, a method for scanning the necessary repair vulnerability and related equipment, and relates to the technical field of network vulnerability scanning. According to the method, the device and the system, the respective vulnerability matching rules of the plurality of network vulnerabilities to be identified are acquired, the content distribution network platform is called to acquire historical network traffic data in a target time period, the acquired vulnerability matching rules are respectively subjected to vulnerability matching with the historical network traffic data, a plurality of target necessary repair vulnerabilities with high probability of being utilized are screened out from the plurality of network vulnerabilities to be identified according to the vulnerability matching results of the plurality of vulnerability matching rules at the historical network traffic data, and finally the vulnerability information of the screened plurality of target necessary repair vulnerabilities is automatically updated into the target vulnerability scanner, so that operation and maintenance personnel can directly utilize the target vulnerability scanner to effectively identify which necessary repair vulnerabilities exist in the informatization system, and therefore the system safety operation and maintenance efficiency is effectively improved, and the accurate positioning effect of necessary repair is achieved.
Description
Technical Field
The application relates to the technical field of network vulnerability scanning, in particular to a vulnerability repairing updating method, a vulnerability repairing scanning method and related equipment.
Background
With the continuous development of science and technology, the popularity of information technology is higher and higher, various informatization systems are more and more, the possibility that the informatization system is attacked by network is gradually increased, and the available network loopholes of the informatization system are more and more. However, it is worth noting that each network vulnerability has own utilization difficulty, and the network vulnerabilities scanned by the existing network vulnerability scanners aiming at the informationized system often need to be manually judged by network security specialists to determine which network vulnerabilities belong to necessary repair vulnerabilities which have to be repaired and can affect the system security. The whole essential repair vulnerability identification scheme is generally influenced by the level conditions of network security specialists, so that the system security operation and maintenance efficiency is low, and the problem of error in essential repair vulnerability identification exists.
Disclosure of Invention
In view of this, an object of the present application is to provide a method and apparatus for updating a persistent vulnerability, a method and apparatus for scanning a persistent vulnerability, a computer device, and a readable storage medium, which can automatically record specific vulnerability conditions of a persistent vulnerability existing in a current network in a vulnerability scanner by using a big data analysis technology, so that an operation and maintenance person can directly use the corresponding vulnerability scanner to effectively identify which persistent vulnerabilities exist in an informatization system, thereby improving the security operation and maintenance efficiency of the system and realizing the accurate positioning effect of the persistent vulnerability.
In order to achieve the above purpose, the technical solution adopted in the embodiment of the present application is as follows:
in a first aspect, the present application provides a method for updating a requisite repair vulnerability, where the method includes:
acquiring respective vulnerability matching rules of a plurality of network vulnerabilities to be identified;
invoking a content distribution network platform to acquire historical network flow data in a target time period;
performing vulnerability matching on the obtained vulnerability matching rules and the historical network traffic data respectively to obtain vulnerability matching results of the vulnerability matching rules at the historical network traffic data respectively;
screening a plurality of target necessary repair holes with high utilization probability from the plurality of network holes to be identified according to respective hole matching results of the plurality of hole matching rules;
and updating the vulnerability information of the screened target necessary-to-repair vulnerabilities to a target vulnerability scanner.
In an optional embodiment, when the vulnerability matching result is represented by a number of vulnerability occurrences corresponding to the network vulnerability to be identified at the historical network traffic data, the step of screening a plurality of target necessary repair vulnerabilities with a larger probability of being utilized from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules includes:
Performing descending order arrangement processing on the vulnerability occurrence times of the plurality of network vulnerabilities to be identified at the historical network traffic data respectively to obtain corresponding occurrence times ranking results;
extracting a plurality of target network vulnerabilities which are ranked the most top in the ranking result of the occurrence number from the plurality of network vulnerabilities to be identified according to the preset vulnerability number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
In an optional embodiment, when the vulnerability matching result is represented by a vulnerability user number corresponding to a network vulnerability to be identified at the historical network traffic data, the step of screening a plurality of target necessary repair vulnerabilities with a larger utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules includes:
performing descending order arrangement processing on the vulnerability use personnel numbers of the plurality of network vulnerabilities to be identified at the historical network traffic data respectively to obtain corresponding use times ranking results;
extracting a plurality of target network vulnerabilities which are ranked the most in the ranking result of the using times from the plurality of network vulnerabilities to be identified according to the preset vulnerability number;
And taking each extracted target network vulnerability as a target necessary repair vulnerability.
In an optional embodiment, in a case where the vulnerability matching result is represented by a vulnerability threat level corresponding to a network vulnerability to be identified when the network vulnerability exists in the historical network traffic data, the step of screening a plurality of target necessary repair vulnerabilities with a larger utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules includes:
screening a plurality of network vulnerabilities to be extracted existing at the historical network traffic data from the plurality of network vulnerabilities to be identified;
performing descending order arrangement treatment on the vulnerability threat levels of the network vulnerabilities to be extracted respectively to obtain corresponding threat level ranking results;
extracting a plurality of target network vulnerabilities which are ranked the most top in the threat level ranking result from the plurality of network vulnerabilities to be extracted according to a preset number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
In a second aspect, the present application provides a method for scanning a requisite repair vulnerability, where the method includes:
obtaining respective vulnerability information of a plurality of target vulnerability to be repaired recorded by a target vulnerability scanner, wherein the target vulnerability scanner is obtained by updating the vulnerability to be repaired by adopting the vulnerability to be repaired updating method described in any one of the previous embodiments;
Aiming at each target necessary repair vulnerability, calling the target vulnerability scanner to detect the network vulnerability of the target informatization system according to the vulnerability information of the target necessary repair vulnerability.
In an optional embodiment, the step of calling the target vulnerability scanner to perform network vulnerability detection on the target informatization system according to the vulnerability information of the target requisite vulnerability includes:
according to the vulnerability information of the target necessary-repair vulnerability, determining a system part to be detected corresponding to the target necessary-repair vulnerability in the target informatization system;
invoking the target vulnerability scanner to perform vulnerability feature matching on the system part to be detected according to a vulnerability matching rule of the target necessary vulnerability;
and when the vulnerability characteristics are successfully matched, judging that the target information system has the target necessary-repair vulnerability.
In a third aspect, the present application provides a device for updating a requisite repair vulnerability, where the device includes:
the matching rule acquisition module is used for acquiring respective vulnerability matching rules of a plurality of network vulnerabilities to be identified;
the historical flow acquisition module is used for calling the content distribution network platform to acquire historical network flow data in a target time period;
the vulnerability rule matching module is used for performing vulnerability matching on the obtained vulnerability matching rules and the historical network traffic data respectively to obtain vulnerability matching results of the vulnerability matching rules at the historical network traffic data respectively;
The essential repair vulnerability screening module is used for screening a plurality of target essential repair vulnerabilities with high utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules;
and the necessary repair vulnerability recording module is used for updating the vulnerability information of the screened multiple target necessary repair vulnerabilities to the target vulnerability scanner.
In a fourth aspect, the present application provides a device for scanning a must-repair vulnerability, the device comprising:
the vulnerability information acquisition module is used for acquiring the vulnerability information of each of a plurality of target vulnerability to be repaired recorded by the target vulnerability scanner, wherein the target vulnerability scanner is obtained by updating the vulnerability to be repaired by adopting the vulnerability to be repaired updating method in any one of the previous embodiments;
the essential repair vulnerability detection module is used for aiming at each target essential repair vulnerability, and calling the target vulnerability scanner to detect network vulnerabilities of the target informatization system according to vulnerability information of the target essential repair vulnerability.
In a fifth aspect, the present application provides a computer device, including a processor and a memory, where the memory stores a computer program capable of being executed by the processor, where the processor may execute the computer program to implement the method for updating a requisite repair vulnerability according to any one of the foregoing embodiments, or implement the method for scanning a requisite repair vulnerability according to any one of the foregoing embodiments.
In a sixth aspect, the present application provides a readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements the method for updating a requisite repair bug according to any one of the foregoing embodiments, or implements the method for scanning a requisite repair bug according to any one of the foregoing embodiments.
In this case, the beneficial effects of the embodiments of the present application may include the following:
according to the method, the device and the system, the respective vulnerability matching rules of the plurality of network vulnerabilities to be identified are acquired, the content distribution network platform is called to acquire historical network traffic data in a target time period, the acquired vulnerability matching rules are respectively matched with the historical network traffic data, a plurality of target necessary repair vulnerabilities with high probability of being utilized are screened out from the plurality of network vulnerabilities to be identified according to the vulnerability matching results of the plurality of vulnerability matching rules at the historical network traffic data, and finally the vulnerability information of the screened plurality of target necessary repair vulnerabilities is updated to the target vulnerability scanner, so that the specific vulnerability conditions of the necessary repair vulnerabilities existing in the current network can be automatically input in the vulnerability scanner by utilizing a big data analysis technology, and an operation and maintenance person can effectively identify which necessary repair vulnerabilities exist in an informatization system by directly utilizing the corresponding vulnerability scanner, so that the security operation and maintenance efficiency of the system are effectively improved, and the accurate positioning effect of necessary repair is achieved.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a computer device according to an embodiment of the present disclosure;
FIG. 2 is a flowchart of a method for updating a required vulnerability in an embodiment of the present application;
FIG. 3 is a schematic flow chart of a method for scanning a necessary repair bug according to an embodiment of the present application;
fig. 4 is a schematic diagram of a device for updating a necessary repair hole according to an embodiment of the present application;
fig. 5 is a schematic diagram of the composition of the device for scanning a necessary repair hole according to the embodiment of the present application.
Icon: 10-a computer device; 11-memory; 12-a processor; 13-a communication unit; 100-repairing the vulnerability updating device; 110-a matching rule acquisition module; 120-a historical flow acquisition module; 130-a vulnerability rule matching module; 140-a necessary repair vulnerability screening module; 150-a necessary repair hole recording module; 200-repairing the vulnerability scanning device; 210-a vulnerability information acquisition module; 220-a necessary repair vulnerability detection module.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the present application, it should be understood that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art in a specific context.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The embodiments described below and features of the embodiments may be combined with each other without conflict.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating a composition of a computer device 10 according to an embodiment of the present application. In this embodiment of the present application, the computer device 10 may be communicatively connected to at least one vulnerability scanner, so as to automatically identify a plurality of necessary repair vulnerabilities with a large probability of being utilized in the present network by using a big data analysis technology, and input, to the connected vulnerability scanner, specific vulnerability conditions of the necessary repair vulnerabilities existing in the present network, so that an operation and maintenance person may directly utilize the corresponding vulnerability scanner to effectively identify which necessary repair vulnerabilities specifically exist in the informationized system, thereby effectively improving the security operation and maintenance efficiency of the system, and realizing the accurate positioning effect of the necessary repair vulnerabilities. The computer device 10 may be, but is not limited to, a personal computer, a notebook computer, a tablet computer, a server, etc.
In the embodiment of the present application, the computer device 10 may be included in the embodiment of the present application, and the computer device 10 may include a memory 11, a processor 12, and a communication unit 13. The memory 11, the processor 12, and the communication unit 13 are electrically connected directly or indirectly to each other, so as to realize data transmission or interaction. For example, the memory 11, the processor 12 and the communication unit 13 may be electrically connected to each other through one or more communication buses or signal lines.
In the embodiment of the present application, the Memory 11 may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc. Wherein the memory 11 is configured to store a computer program, and the processor 12, upon receiving an execution instruction, can execute the computer program accordingly.
In this embodiment, the processor 12 may be an integrated circuit chip with signal processing capabilities. The processor 12 may be a general purpose processor including at least one of a central processing unit (Central Processing Unit, CPU), a graphics processor (Graphics Processing Unit, GPU) and a network processor (Network Processor, NP), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like that may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application.
In this embodiment, the communication unit 13 is configured to establish a communication connection between the computer device 10 and other electronic devices through a network, and send and receive data through the network, where the network includes a wired communication network and a wireless communication network. For example, the computer device 10 may be communicatively connected to a server operating a content delivery network (Content Delivery Network, CDN) platform through the communication unit 13, so as to obtain, through the content delivery network platform, historical network traffic data of the present network within a preset time period, where the preset time period may be a time period of day where a traffic data obtaining time point is located, or may be a time period of at least one day before the traffic data obtaining time point, and specific distribution of the preset time period may be configured differently by a user of the computer device 10 as required.
Optionally, in the embodiment of the present application, the computer device 10 may further include a device for updating a bug 100, where the device for updating a bug 100 may include at least one software functional module capable of being stored in the memory 11 or being cured in an operating system of the computer device 10 in a form of software or firmware. The processor 12 may be configured to execute executable modules stored in the memory 11, such as software functional modules and computer programs included in the device 100. The computer device 10 may automatically enter the specific bug situation of the bug with repair existing in the current network in the bug scanner by using the big data analysis technology through the bug update device with repair device 100, so as to achieve the automatic update effect of the bug situation with repair for the bug scanner, so that the operation and maintenance personnel can directly use the corresponding bug scanner to effectively identify which bug with repair exists in the informatization system, thereby improving the security operation and maintenance efficiency of the system, and achieving the accurate positioning effect of the bug with repair.
Optionally, in this embodiment, the computer device 10 may further include a device for scanning a hole for repair 200, where the device for scanning a hole for repair 200 may include at least one software functional module that can be stored in the memory 11 or cured in an operating system of the computer device 10 in a form of software or firmware. The processor 12 may be configured to execute executable modules stored in the memory 11, such as software functional modules and computer programs included in the requisite vulnerability scanning device 200. The computer device 10 may call the vulnerability scanner with the vulnerability status input through the vulnerability scanning device 200 to preferentially locate and identify the possible vulnerability to be repaired for the informationized system, so as to improve the security operation and maintenance efficiency of the system and realize the accurate positioning effect of the vulnerability to be repaired.
It will be appreciated that the block diagram shown in fig. 1 is merely a schematic diagram of one component of the computer device 10, and that the computer device 10 may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
In the present application, in order to ensure that the computer device 10 can automatically enter the specific bug situation of the bug with the repair in the current network in the bug scanner by using the big data analysis technology, so as to achieve the automatic updating effect of the bug with the repair in the bug scanner, so that the operation and maintenance personnel can directly use the corresponding bug scanner to effectively identify which bug with the repair exists in the informatization system, thereby improving the security operation and maintenance efficiency of the system and achieving the accurate positioning effect of the bug with the repair. The method for updating the necessary repair holes provided by the application is described in detail below.
Referring to fig. 2, fig. 2 is a flowchart of a method for updating a necessary bug according to an embodiment of the present application. In the embodiment of the present application, the method for updating the requisite repair bug may include steps S310 to S350.
Step S310, obtaining respective vulnerability matching rules of a plurality of network vulnerabilities to be identified.
In this embodiment, the network vulnerability to be identified is a network vulnerability to be detected whether the network vulnerability belongs to a requisite vulnerability, and each vulnerability matching rule corresponds to one network vulnerability to be identified independently. The vulnerability matching rules may consist of vulnerability names, vulnerability threat levels (e.g., high, medium, low) and vulnerability localization rules corresponding to network vulnerabilities. Taking the example of the execution vulnerability of the Apache Log4j2 remote code, the vulnerability name in the vulnerability matching rule of the network vulnerability is "CVE-2021-44228", the vulnerability threat level is "high", and the vulnerability localization rule is "url-/" (? "|%3a)"/user_agent "/" (.
Step S320, the content distribution network platform is called to acquire historical network flow data in a target time period.
In one implementation of this embodiment, the target time period may be a current day period before the current traffic data obtaining time point, and the computer device 10 may control the content distribution network platform to collect historical network traffic data of the entire internet within the target time period by sending a traffic data obtaining request to a server operating the content distribution network platform.
Step S330, performing vulnerability matching on the obtained vulnerability matching rules and the historical network traffic data respectively to obtain vulnerability matching results of the vulnerability matching rules at the historical network traffic data respectively.
In this embodiment, the computer device 10 may determine the specific occurrence number, the specific number of users (for example, the total number of the used IP addresses of the loopholes), and the specific threat level of the certain or some to-be-identified network loopholes in the historical network traffic data by performing the loopholes matching on the respective loopholes matching rules of the plurality of to-be-identified network loopholes and the obtained historical network traffic data, so as to obtain the loophole matching result of the respective loopholes on the historical network traffic data, where the loophole matching result may be represented by any one of the number of loopholes occurrence times, the number of loopholes used, and the threat level of the loopholes.
Step S340, a plurality of target necessary repair holes with larger utilization probability are screened from a plurality of network holes to be identified according to respective hole matching results of a plurality of hole matching rules.
In this embodiment, after obtaining the vulnerability matching results of the plurality of vulnerability matching rules for the historical network traffic data, the computer device 10 may sort the plurality of network vulnerabilities to be identified according to the vulnerability matching results of the respective vulnerability matching rules, so as to screen out the plurality of network vulnerabilities with the highest ranking from the plurality of network vulnerabilities to be identified, and use the plurality of network vulnerabilities as a plurality of target repair vulnerabilities with high utilization probability existing in the current network.
Optionally, in the case that the vulnerability matching result of each vulnerability matching rule is represented by a vulnerability occurrence number of a corresponding network vulnerability to be identified at the historical network traffic data, the step of screening a plurality of target necessary repair vulnerabilities with a larger utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules may include:
performing descending order arrangement processing on the vulnerability occurrence times of the plurality of network vulnerabilities to be identified at the historical network traffic data respectively to obtain corresponding occurrence times ranking results;
Extracting a plurality of target network vulnerabilities which are ranked the most top in the ranking result of the occurrence number from the plurality of network vulnerabilities to be identified according to the preset vulnerability number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
Therefore, the present application may select, by executing the first specific step flow included in the step S340, a plurality of network vulnerabilities with a larger number of times of use from the current network, as a plurality of target repair vulnerabilities with a larger probability of use existing in the current network. The preset vulnerability number may be 20, 10, or 15, where specific values of the preset vulnerability number may be configured differently by a user of the computer device 10 according to the requirement of accuracy in identifying the required vulnerability; the smaller the preset loopholes are, the higher the accuracy of the identified necessary loopholes is.
Optionally, in the case that the vulnerability matching result of each vulnerability matching rule is represented by using the number of vulnerability users corresponding to the network vulnerability to be identified at the historical network traffic data, the step of screening the multiple target necessary repair vulnerabilities with a large utilization probability from the multiple network vulnerabilities to be identified according to the respective vulnerability matching results of the multiple vulnerability matching rules may include:
Performing descending order arrangement processing on the vulnerability use personnel numbers of the plurality of network vulnerabilities to be identified at the historical network traffic data respectively to obtain corresponding use times ranking results;
extracting a plurality of target network vulnerabilities which are ranked the most in the ranking result of the using times from the plurality of network vulnerabilities to be identified according to the preset vulnerability number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
Therefore, the present application may select a plurality of network vulnerabilities with a large number of users from the current network by executing the second specific step flow included in the step S340, which is used as a plurality of target repair vulnerabilities with a large utilization probability existing in the current network.
Optionally, in the case that the vulnerability matching result of each vulnerability matching rule is represented by a vulnerability threat level corresponding to the network vulnerability to be identified when the network vulnerability exists in the historical network traffic data, the step of screening a plurality of target necessary repair vulnerabilities with a larger utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules may include:
screening a plurality of network vulnerabilities to be extracted existing at the historical network traffic data from the plurality of network vulnerabilities to be identified;
Performing descending order arrangement treatment on the vulnerability threat levels of the network vulnerabilities to be extracted respectively to obtain corresponding threat level ranking results;
extracting a plurality of target network vulnerabilities which are ranked the most top in the threat level ranking result from the plurality of network vulnerabilities to be extracted according to a preset number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
Therefore, the third specific step flow included in the step S340 may be executed to select a plurality of network vulnerabilities with high threat level, which are substantially present, from the current network, so as to serve as a plurality of target necessary repair vulnerabilities with high utilization probability existing in the current network.
Step S350, updating the vulnerability information of the screened multiple target necessary-to-be-repaired vulnerabilities to the target vulnerability scanner.
In this embodiment, the vulnerability information of the target requisite-repair vulnerability may include a vulnerability name corresponding to the target requisite-repair vulnerability and a vulnerability matching rule corresponding to the target requisite-repair vulnerability.
Therefore, the specific bug conditions of the necessary bug existing in the current network can be automatically input into the bug scanner by utilizing the big data analysis technology by executing the steps S310-S350, so that the automatic updating effect of the necessary bug conditions is realized for the bug scanner, and an operation and maintenance person can directly utilize the corresponding bug scanner to effectively identify which necessary bug exists in the informatization system, thereby improving the safety operation and maintenance efficiency of the system and realizing the accurate positioning effect of the necessary bug.
In this application, to ensure that the computer device 10 is able to invoke a vulnerability scanner entering a requisite vulnerability status, to preferentially locate and identify a potential requisite vulnerability for an informationized system, the embodiment of the application provides a method for scanning the necessary repair holes to achieve the purposes. The method for scanning the necessary repair holes provided by the application is described in detail below.
Referring to fig. 3, fig. 3 is a flow chart of a method for scanning a necessary bug according to an embodiment of the present application. In the embodiment of the present application, the method for scanning the requisite repair holes may include steps S410 to S420.
Step S410, obtaining respective vulnerability information of a plurality of target necessary-repair vulnerabilities recorded by a target vulnerability scanner.
In this embodiment, the target vulnerability scanner performs the vulnerability update by using any one of the vulnerability update methods, and the vulnerability information of each target vulnerability recorded by the target vulnerability scanner may include a vulnerability name and a vulnerability matching rule corresponding to the target vulnerability.
Step S420, aiming at each target impersonation hole, a target hole scanner is called according to the hole information of the target impersonation hole to detect the network hole of the target informatization system.
In this embodiment, the target informatization system is the informatization system that needs to perform vulnerability detection currently. The computer device 10 may perform preferential positioning and identification on the necessary repair holes possibly existing in the target informatization system by calling the target hole scanner, so as to improve the safe operation and maintenance efficiency of the system and achieve the accurate positioning effect of the necessary repair holes.
Optionally, for each target requisite repair hole recorded by the target hole scanner, the step of calling the target hole scanner to perform network hole detection on the target informatization system according to the hole information of the target requisite repair hole may include:
according to the vulnerability information of the target necessary-repair vulnerability, determining a system part to be detected corresponding to the target necessary-repair vulnerability in the target informatization system;
invoking the target vulnerability scanner to perform vulnerability feature matching on the system part to be detected according to a vulnerability matching rule of the target necessary vulnerability;
and when the vulnerability characteristics are successfully matched, judging that the target information system has the target necessary-repair vulnerability.
Therefore, the present application can implement the effect of automatic detection of the necessary repair holes of the target informatization system by executing the specific step flow of the step S420.
According to the method and the device, the step S410 to the step S420 can be executed, the loophole scanner which inputs the condition of the loophole to be repaired is called to preferentially locate and identify the possible loopholes to be repaired aiming at the informatization system, so that the safety operation and maintenance efficiency of the system is improved, and the accurate locating effect of the loopholes to be repaired is achieved.
In this application, to ensure that the computer device 10 can effectively execute the above-mentioned method for updating the bug, the present application implements the foregoing functions by dividing functional modules of the bug update apparatus 100 stored in the computer device 10. The following describes the specific composition of the device 100 for updating a vulnerability of a computer 10 according to the present application.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating a device 100 for updating a bug for repairing according to an embodiment of the present application. In this embodiment of the present application, the device for updating a requisite repair vulnerability 100 may include a matching rule obtaining module 110, a historical flow obtaining module 120, a vulnerability rule matching module 130, a requisite repair vulnerability screening module 140 and a requisite repair vulnerability recording module 150.
The matching rule obtaining module 110 is configured to obtain vulnerability matching rules of each of the plurality of network vulnerabilities to be identified.
The historical flow obtaining module 120 is configured to invoke the content distribution network platform to obtain historical network flow data in a target time period.
And the vulnerability rule matching module 130 is configured to perform vulnerability matching on the obtained plurality of vulnerability matching rules and the historical network traffic data, so as to obtain vulnerability matching results of the plurality of vulnerability matching rules at the historical network traffic data.
And the required repair vulnerability screening module 140 is configured to screen a plurality of target required repair vulnerabilities with a larger utilization probability from a plurality of network vulnerabilities to be identified according to respective vulnerability matching results of a plurality of vulnerability matching rules.
And the vulnerability registration module 150 is configured to update vulnerability information of the screened multiple target vulnerability to the target vulnerability scanner.
It should be noted that, the basic principle and the technical effects of the device 100 for updating the necessary repair holes provided in the embodiment of the present application are the same as the foregoing method for updating the necessary repair holes. For a brief description, reference is made to the description of the method for updating the necessary bug above, where the description of the embodiment is not mentioned.
In this application, to ensure that the computer device 10 can effectively execute the above-mentioned method for scanning a bug with a repair, the present application implements the foregoing function by dividing a functional module of the bug with a repair scanning device 200 stored in the computer device 10. The following describes the specific components of the device 200 for scanning a vulnerability of the computer 10.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating a configuration of a device 200 for scanning a vulnerability in accordance with an embodiment of the present application. In this embodiment of the present application, the device 200 for scanning a vulnerability may include a vulnerability information obtaining module 210 and a vulnerability detection module 220.
The vulnerability information obtaining module 210 is configured to obtain respective vulnerability information of a plurality of target necessary vulnerabilities recorded by the target vulnerability scanner. The target vulnerability scanner is obtained by updating the vulnerability to be repaired by adopting any one of the vulnerability updating methods.
The essential repair vulnerability detection module 220 is configured to call a target vulnerability scanner to detect network vulnerabilities of the target informatization system according to vulnerability information of each target essential repair vulnerability.
It should be noted that, the basic principle and the technical effects of the device 200 for scanning the necessary repair holes provided in the embodiment of the present application are the same as the method for scanning the necessary repair holes described above. For a brief description, reference is made to the description of the method for scanning the requisite fix holes described above, where the description of the method is omitted.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part. Various functions provided herein may be stored in a storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or a part of the technical solution, or in the form of a software product stored in a readable storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned readable storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In summary, in the method and apparatus for updating a necessary repair vulnerability, the method and apparatus for scanning a necessary repair vulnerability, the computer device and the readable storage medium provided in the embodiments of the present invention, the present invention obtains respective vulnerability matching rules of a plurality of network vulnerabilities to be identified, and invokes a content distribution network platform to obtain historical network traffic data in a target period, and then performs vulnerability matching on the obtained plurality of vulnerability matching rules and the historical network traffic data, and according to the vulnerability matching results of the plurality of vulnerability matching rules at the historical network traffic data, a plurality of target necessary repair vulnerabilities with a larger probability of being utilized are selected from the plurality of network vulnerabilities to be identified, and finally, by updating the vulnerability information of the selected plurality of target necessary repair vulnerabilities to a target vulnerability scanner, the specific conditions of the necessary repair vulnerabilities existing in the current network are automatically entered in the vulnerability scanner by utilizing a big data analysis technology, so that operation and maintenance personnel can directly utilize the corresponding scanner to effectively identify which necessary repair vulnerabilities exist in the informatization system, thereby effectively improving the security and operation and maintenance efficiency of the system, and realizing accurate positioning of the necessary repair vulnerabilities.
The foregoing is merely various embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for updating a must-repair vulnerability, the method comprising:
acquiring respective vulnerability matching rules of a plurality of network vulnerabilities to be identified;
invoking a content distribution network platform to acquire historical network flow data in a target time period;
performing vulnerability matching on the obtained vulnerability matching rules and the historical network traffic data respectively to obtain vulnerability matching results of the vulnerability matching rules at the historical network traffic data respectively;
screening a plurality of target necessary repair holes with high utilization probability from the plurality of network holes to be identified according to respective hole matching results of the plurality of hole matching rules;
and updating the vulnerability information of the screened target necessary-to-repair vulnerabilities to a target vulnerability scanner.
2. The method of claim 1, wherein, in the case where the vulnerability matching result is represented by a number of vulnerability occurrences at the historical network traffic data corresponding to the network vulnerability to be identified, the step of screening a plurality of target necessary repair vulnerabilities with a larger utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules includes:
performing descending order arrangement processing on the vulnerability occurrence times of the plurality of network vulnerabilities to be identified at the historical network traffic data respectively to obtain corresponding occurrence times ranking results;
extracting a plurality of target network vulnerabilities which are ranked the most top in the ranking result of the occurrence number from the plurality of network vulnerabilities to be identified according to the preset vulnerability number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
3. The method of claim 1, wherein, in the case where the vulnerability matching result is represented by a vulnerability user number at the historical network traffic data corresponding to the network vulnerability to be identified, the step of screening a plurality of target necessary repair vulnerabilities with a larger utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules comprises:
Performing descending order arrangement processing on the vulnerability use personnel numbers of the plurality of network vulnerabilities to be identified at the historical network traffic data respectively to obtain corresponding use times ranking results;
extracting a plurality of target network vulnerabilities which are ranked the most in the ranking result of the using times from the plurality of network vulnerabilities to be identified according to the preset vulnerability number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
4. The method of claim 1, wherein, in the case where the vulnerability matching result is represented by a vulnerability threat level corresponding to a network vulnerability to be identified when the network vulnerability exists in the historical network traffic data, the step of screening a plurality of target necessary repair vulnerabilities with a larger utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules comprises:
screening a plurality of network vulnerabilities to be extracted existing at the historical network traffic data from the plurality of network vulnerabilities to be identified;
performing descending order arrangement treatment on the vulnerability threat levels of the network vulnerabilities to be extracted respectively to obtain corresponding threat level ranking results;
Extracting a plurality of target network vulnerabilities which are ranked the most top in the threat level ranking result from the plurality of network vulnerabilities to be extracted according to a preset number;
and taking each extracted target network vulnerability as a target necessary repair vulnerability.
5. A method for scanning a must-repair vulnerability, the method comprising:
obtaining respective vulnerability information of a plurality of target vulnerability to be repaired recorded by a target vulnerability scanner, wherein the target vulnerability scanner is obtained by updating the vulnerability to be repaired by adopting the vulnerability updating method of any one of claims 1-4;
aiming at each target necessary repair vulnerability, calling the target vulnerability scanner to detect the network vulnerability of the target informatization system according to the vulnerability information of the target necessary repair vulnerability.
6. The method of claim 5, wherein the step of invoking the target vulnerability scanner to perform network vulnerability detection on the target informationized system according to vulnerability information of the target requisite vulnerability comprises:
according to the vulnerability information of the target necessary-repair vulnerability, determining a system part to be detected corresponding to the target necessary-repair vulnerability in the target informatization system;
Invoking the target vulnerability scanner to perform vulnerability feature matching on the system part to be detected according to a vulnerability matching rule of the target necessary vulnerability;
and when the vulnerability characteristics are successfully matched, judging that the target information system has the target necessary-repair vulnerability.
7. A must repair vulnerability updating apparatus, the apparatus comprising:
the matching rule acquisition module is used for acquiring respective vulnerability matching rules of a plurality of network vulnerabilities to be identified;
the historical flow acquisition module is used for calling the content distribution network platform to acquire historical network flow data in a target time period;
the vulnerability rule matching module is used for performing vulnerability matching on the obtained vulnerability matching rules and the historical network traffic data respectively to obtain vulnerability matching results of the vulnerability matching rules at the historical network traffic data respectively;
the essential repair vulnerability screening module is used for screening a plurality of target essential repair vulnerabilities with high utilization probability from the plurality of network vulnerabilities to be identified according to respective vulnerability matching results of the plurality of vulnerability matching rules;
and the necessary repair vulnerability recording module is used for updating the vulnerability information of the screened multiple target necessary repair vulnerabilities to the target vulnerability scanner.
8. A must repair vulnerability scanning device, the device comprising:
the vulnerability information acquisition module is used for acquiring the vulnerability information of each of a plurality of target vulnerability requirements recorded by the target vulnerability scanner, wherein the target vulnerability scanner is obtained by updating the vulnerability requirements by adopting the vulnerability requirements updating method according to any one of claims 1-4;
the essential repair vulnerability detection module is used for aiming at each target essential repair vulnerability, and calling the target vulnerability scanner to detect network vulnerabilities of the target informatization system according to vulnerability information of the target essential repair vulnerability.
9. A computer device comprising a processor and a memory, the memory storing a computer program executable by the processor, the processor being operable to implement the must-fix vulnerability updating method of any one of claims 1-4 or the must-fix vulnerability scanning method of any one of claims 5-6.
10. A readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of updating a must-fix vulnerability of any one of claims 1-4 or the method of scanning a must-fix vulnerability of any one of claims 5-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211570852.5A CN116055102A (en) | 2022-12-08 | 2022-12-08 | Method for updating necessary repair loopholes, method for scanning necessary repair loopholes and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211570852.5A CN116055102A (en) | 2022-12-08 | 2022-12-08 | Method for updating necessary repair loopholes, method for scanning necessary repair loopholes and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116055102A true CN116055102A (en) | 2023-05-02 |
Family
ID=86124539
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211570852.5A Pending CN116055102A (en) | 2022-12-08 | 2022-12-08 | Method for updating necessary repair loopholes, method for scanning necessary repair loopholes and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116055102A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116401679A (en) * | 2023-06-08 | 2023-07-07 | 张家港金典软件有限公司 | Security management method and system based on enterprise software vulnerability recognition |
| CN116776338A (en) * | 2023-07-28 | 2023-09-19 | 上海螣龙科技有限公司 | Multilayer filtering high-precision vulnerability detection method, device, equipment and medium |
| CN116776338B (en) * | 2023-07-28 | 2024-05-10 | 上海螣龙科技有限公司 | Multilayer filtering high-precision vulnerability detection method, device, equipment and medium |
-
2022
- 2022-12-08 CN CN202211570852.5A patent/CN116055102A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116401679A (en) * | 2023-06-08 | 2023-07-07 | 张家港金典软件有限公司 | Security management method and system based on enterprise software vulnerability recognition |
| CN116401679B (en) * | 2023-06-08 | 2023-09-05 | 张家港金典软件有限公司 | Security management method and system based on enterprise software vulnerability recognition |
| CN116776338A (en) * | 2023-07-28 | 2023-09-19 | 上海螣龙科技有限公司 | Multilayer filtering high-precision vulnerability detection method, device, equipment and medium |
| CN116776338B (en) * | 2023-07-28 | 2024-05-10 | 上海螣龙科技有限公司 | Multilayer filtering high-precision vulnerability detection method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11973799B2 (en) | Domain name processing systems and methods | |
| US8612372B2 (en) | Detection rule-generating facility | |
| KR101781450B1 (en) | Method and Apparatus for Calculating Risk of Cyber Attack | |
| US8799465B2 (en) | Fake web addresses and hyperlinks | |
| US20110191854A1 (en) | Methods and systems for testing and analyzing vulnerabilities of computing systems based on exploits of the vulnerabilities | |
| CN110413908A (en) | The method and apparatus classified based on web site contents to uniform resource locator | |
| CN110602135B (en) | Network attack processing method and device and electronic equipment | |
| CN112887341B (en) | External threat monitoring method | |
| CN111884989B (en) | Vulnerability detection method and system for electric power web system | |
| CN108809928B (en) | Network asset risk portrait method and device | |
| CN116055102A (en) | Method for updating necessary repair loopholes, method for scanning necessary repair loopholes and related equipment | |
| CN112784281A (en) | Safety assessment method, device, equipment and storage medium for industrial internet | |
| CN112738094A (en) | Expandable network security vulnerability monitoring method, system, terminal and storage medium | |
| CN114885334A (en) | High-concurrency short message processing method | |
| US11423099B2 (en) | Classification apparatus, classification method, and classification program | |
| CN111131166B (en) | User behavior prejudging method and related equipment | |
| CN115022152B (en) | Method and device for judging threat degree of event and electronic equipment | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN102598008A (en) | Windows kernel alteration searching method | |
| CN113378172B (en) | Method, apparatus, computer system and medium for identifying sensitive web pages | |
| CN112580038A (en) | Anti-virus data processing method, device and equipment | |
| CN113076540B (en) | Attack detection method and device, electronic equipment and storage medium | |
| CN113596051B (en) | Detection method, detection apparatus, electronic device, medium, and computer program | |
| EP4174684A1 (en) | Domain search program, method of searching domain, and information processing apparatus | |
| CN117201193B (en) | Virus detection method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |