WO2021003982A1 - Service system vulnerability processing method and apparatus, computer device, and storage medium - Google Patents

Service system vulnerability processing method and apparatus, computer device, and storage medium Download PDF

Info

Publication number
WO2021003982A1
WO2021003982A1 PCT/CN2019/122898 CN2019122898W WO2021003982A1 WO 2021003982 A1 WO2021003982 A1 WO 2021003982A1 CN 2019122898 W CN2019122898 W CN 2019122898W WO 2021003982 A1 WO2021003982 A1 WO 2021003982A1
Authority
WO
WIPO (PCT)
Prior art keywords
vulnerability
repair
repaired
scanning
plug
Prior art date
Application number
PCT/CN2019/122898
Other languages
French (fr)
Chinese (zh)
Inventor
逯义东
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021003982A1 publication Critical patent/WO2021003982A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Definitions

  • This application relates to a method, device, computer equipment and storage medium for processing loopholes in a business system.
  • Vulnerability scanning is usually through the vulnerability scanner according to the operating system platform of the target system and the network services provided, calling various known vulnerabilities in the vulnerability database to detect one by one, and judging whether there are vulnerabilities by analyzing the detection response data packet.
  • existing network vulnerability scanners mainly use the principle of feature matching to identify various known vulnerabilities.
  • the scanner sends a data packet containing a vulnerability feature detection code, and determines whether there is a vulnerability based on whether the returned data packet contains the response feature code of the vulnerability.
  • Most of the vulnerabilities use database technology, and the vulnerability tools rely on more data. Using a larger database for vulnerability management has a large resource occupancy rate and low vulnerability scanning efficiency and repair efficiency.
  • a method, device, computer equipment, and storage medium for handling business system vulnerabilities are provided.
  • a method for processing loopholes in a business system comprising:
  • the vulnerability scanning plug-in Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
  • a vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
  • a device for processing loopholes in a business system comprising:
  • the vulnerability scanning module is used to obtain the vulnerability scanning plug-in according to the vulnerability scanning instruction sent by the terminal.
  • the vulnerability scanning plug-in includes vulnerability feature codes of multiple vulnerability types; to obtain the module list data of the business system, and the vulnerability scanning plug-in Scan the module list data, and perform matching analysis on the module list data and the vulnerability signature to obtain the scanning result;
  • the vulnerability analysis module is used to obtain a vulnerability repair analysis model when there is a vulnerability to be repaired in the scan result, analyze the scan result through the vulnerability analysis model, and obtain a target repair plan for the vulnerability to be repaired;
  • a data push module configured to push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution;
  • the vulnerability repair module is used to obtain the vulnerability repair plug-in according to the vulnerability repair instruction, and repair the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in.
  • a computer device including a memory and one or more processors, the memory stores computer readable instructions, when the computer readable instructions are executed by the processor, the one or more processors execute The following steps:
  • the vulnerability scanning plug-in Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
  • a vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
  • a non-volatile computer-readable storage medium stores at least one instruction
  • the computer-readable storage medium stores at least one computer-readable instruction
  • the computer-readable instruction is executed by a processor Load and perform the following steps:
  • the vulnerability scanning plug-in Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
  • a vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
  • Fig. 1 is an application scenario diagram of a method for processing a business system vulnerability according to one or more embodiments.
  • Fig. 2 is a schematic flowchart of a method for processing a business system vulnerability according to one or more embodiments.
  • Fig. 3 is a schematic diagram of a process of scanning a vulnerability according to one or more embodiments.
  • Fig. 4 is a schematic diagram of a process of repairing a vulnerability to be repaired according to one or more embodiments.
  • Fig. 5 is a block diagram of a business system vulnerability processing device according to one or more embodiments.
  • Figure 6 is a block diagram of a computer device according to one or more embodiments.
  • the business system vulnerability processing method provided in this application can be applied to the application environment as shown in FIG. 1.
  • the terminal 102 communicates with the server 104 through the network through the network.
  • the terminal 102 may be a terminal corresponding to operation and maintenance personnel.
  • the terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices.
  • the server 104 may be a server corresponding to a business system. 104 can be implemented by an independent server or a server cluster composed of multiple servers.
  • a method for processing vulnerabilities in a business system is provided. Taking the method applied to the server in FIG. 1 as an example for description, the method includes the following steps:
  • Step 202 Obtain a vulnerability scanning plug-in according to the vulnerability scanning instruction sent by the terminal.
  • the vulnerability scanning plug-in includes vulnerability feature codes of multiple vulnerability types.
  • a business system can be a business processing system, or an information system that provides targeted support for business processing, and can provide powerful tool support for the completion of a certain task.
  • the business system may include multiple business modules, each module includes a corresponding module list, and the module list includes status information of the business module.
  • the status information may include the running status information of the service module, and the description information of the module.
  • Vulnerabilities can refer to weaknesses or defects in the business system, and the possibility of threats or dangerous incidents to the business system. Vulnerabilities can include, but are not limited to, defects or errors arising from system design or coding, design defects or unreasonable logical processes during the interactive processing of the business, and defects or errors arising from external attacks. Vulnerability scanning refers to the detection of the security of the business system through scanning and other means to detect the vulnerabilities in the business system.
  • the vulnerability scanning plug-in may be a pre-configured plug-in program for detecting vulnerabilities according to the operating logic of the business system.
  • Step 204 Obtain the module list data of the business system, scan the module list data through the vulnerability scanning plug-in, and perform matching analysis on the module list data and the vulnerability feature code to obtain the scanning result.
  • the server After receiving the specified vulnerability scanning instruction, the server obtains the module list data of the business system according to the vulnerability scanning instruction, and the module list data includes operation status information of multiple business modules. The server then obtains the preset vulnerability scanning plug-in, scans the module list data through the vulnerability scanning plug-in, scans the operating status information in the multiple module list data in the business system, and compares the operating status information with the vulnerability features preset in the vulnerability plugin The vulnerability description information corresponding to the code is matched and analyzed.
  • the vulnerability signature corresponding to the running status information is obtained, and the corresponding scanning result is generated according to the vulnerability signature.
  • Step 206 When there are vulnerabilities to be repaired in the scanning results, a vulnerability repair analysis model is obtained, and the scanning results are analyzed through the vulnerability analysis model to obtain a target repair plan for the vulnerabilities to be repaired.
  • Step 208 Push the target repair plan to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair plan.
  • Vulnerabilities to be fixed include corresponding vulnerability status information.
  • the server obtains a preset vulnerability repair analysis model, where the vulnerability repair analysis model may be a neural network model based on a decision tree, and the vulnerability repair analysis model may include multiple preset vulnerability decision nodes.
  • the vulnerability status information is analyzed through the vulnerability repair analysis model, and the vulnerability characteristics of the vulnerability to be repaired are obtained. According to the vulnerability characteristics of the vulnerability to be repaired, multiple vulnerability decision nodes are traversed until the target node is traversed, and then the target repair plan corresponding to the vulnerability to be repaired is obtained according to the target node.
  • the server After the server obtains the target repair plan through the vulnerability repair analysis model, it pushes the target repair plan to the terminal so that the operation and maintenance personnel can use the target repair plan to develop a corresponding repair package through the corresponding terminal.
  • Step 210 Obtain a vulnerability repair plug-in according to the vulnerability repair instruction, and repair the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in.
  • the server After the operation and maintenance personnel obtain the repair package through the corresponding terminal, they can send a vulnerability repair instruction to the server to repair the vulnerability to be repaired. Specifically, after receiving the vulnerability repair instruction and repair package sent by the terminal, the server obtains the preset vulnerability repair plug-in according to the vulnerability repair instruction, and repairs the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in.
  • the server parses the repair package through the vulnerability repair plug-in, and obtains the repair script code and function interface in the repair package. Obtain the code identifier corresponding to the vulnerability to be repaired, obtain the function call interface according to the code identifier, reset the right corresponding to the vulnerability to be repaired to zero, and modify the function call interface of the vulnerability to be repaired to the function interface of the repair package.
  • the server stores the repair script code in the local location corresponding to the vulnerability to be repaired, and deletes the original script code of the vulnerability to be repaired, thereby updating and repairing the vulnerability to be repaired. Scanning multiple module list data in the business system through the vulnerability scanning plug-in can quickly and effectively scan for vulnerabilities in the business system.
  • the vulnerability repair analysis model is used to analyze the target repair plan for the vulnerability, so that the operation and maintenance personnel can develop the corresponding repair package according to the target repair plan, and use the repair package to repair the vulnerability through the vulnerability repair plug-in. Can effectively repair vulnerabilities.
  • the server obtains the preset vulnerability scanning plug-in sent by the terminal, and obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and compares the module list data with the vulnerability characteristics
  • the code is matched and analyzed to obtain the scanning result, and the vulnerability scanning and analysis are performed through the vulnerability scanning plug-in, so that the vulnerabilities existing in the business system can be scanned effectively in time.
  • the server obtains the preset vulnerability repair analysis model, analyzes the scan results through the vulnerability analysis model, and obtains the target repair plan for the vulnerability to be repaired; pushes the target repair plan to the corresponding terminal and passes
  • the vulnerability repair analysis model analyzes and obtains the target repair plan of the vulnerability, it can effectively enable relevant staff to develop a corresponding repair package according to the target repair plan through the terminal.
  • the server can thus send vulnerability repair instructions and repair packages according to the terminal through the vulnerability repair plug-in, and effectively repair the vulnerabilities to be repaired, so that the vulnerabilities existing in the business system can be repaired in a timely and effective manner.
  • the step of scanning the module list data through the vulnerability scanning plug-in specifically includes the following content:
  • Step 302 traverse the running status information of multiple module lists, and match the running status information with the vulnerability signature.
  • Step 304 When it is detected that there is running status information matching the vulnerability feature code, acquire a vulnerability feature code corresponding to the running status information.
  • Step 306 locate the vulnerability to be repaired with the vulnerability feature code, and obtain the location identifier corresponding to the vulnerability to be repaired.
  • Step 308 Generate a corresponding scan result according to the vulnerability feature code and location identifier of the vulnerability to be repaired.
  • the vulnerability scanning plug-in includes multiple scanning categories and preset components, and the vulnerability scanning plug-in also includes vulnerability signature codes corresponding to multiple business systems.
  • the server After receiving the specified vulnerability scanning instruction, the server performs vulnerability scanning on the module list data in the business system through the vulnerability scanning plug-in, where the module list data includes operation status information of multiple business modules.
  • the server obtains the preset vulnerability scanning plug-in, scans the module list data through the vulnerability scanning plug-in, scans the operating status information in the multiple module list data in the business system, and compares the operating status information with the vulnerability features preset in the vulnerability plugin
  • the vulnerability description information corresponding to the code is matched and analyzed.
  • the server traverses the running status information of multiple module lists, and matches the running status information with the vulnerability signature.
  • the vulnerability signature corresponding to the running status information is obtained.
  • the vulnerability to be repaired with the vulnerability signature is located, and the corresponding location identifier is obtained.
  • the server generates the corresponding scanning result according to the vulnerability signature and the location identifier.
  • the method before obtaining the vulnerability repair analysis model, the method further includes: obtaining a plurality of sample vulnerability data, the sample vulnerability data includes the marked vulnerability data; performing feature extraction on the sample vulnerability data, and extracting the corresponding feature variable; Perform cluster analysis of feature variables to obtain multiple clustering results after multiple clustering; extract multiple feature variables and corresponding attribute information that reach a preset threshold according to the clustering results; use multiple feature variables and corresponding attribute information according to the clustering results
  • the neural network model constructs a vulnerability repair analysis model.
  • the server Before the server receives the vulnerability scanning instruction sent by the terminal, it can also construct a vulnerability repair analysis model in advance.
  • the server can obtain a large amount of sample vulnerability data and perform big data analysis on a large amount of vulnerability data.
  • Vulnerability data may include marked vulnerabilities and corresponding solution information.
  • the server performs feature extraction on a large amount of vulnerability data, extracts the corresponding feature variables, and then uses a clustering algorithm to perform cluster analysis on the feature variables.
  • the server obtains multiple clustering results after clustering the feature variables multiple times. Then, the feature variable and the corresponding attribute information reaching the preset threshold are extracted.
  • the server can obtain a preset neural network model, and then use the extracted feature variables and corresponding attribute information to construct a vulnerability repair analysis model in a preset manner.
  • the scanning results are analyzed through the vulnerability analysis model to obtain the target repair plan for the vulnerability to be repaired.
  • the steps include: analyzing the operating status information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model to obtain the vulnerability to be repaired Vulnerability characteristics: traverse multiple decision nodes in the vulnerability repair analysis model according to the vulnerability characteristics; when traversing to the target decision node, obtain the target repair plan corresponding to the vulnerability to be repaired according to the target decision node.
  • the server After receiving the vulnerability scanning instruction sent by the terminal, the server obtains a preset vulnerability scanning plug-in according to the vulnerability scanning instruction, and the vulnerability scanning plug-in includes vulnerability signatures of multiple vulnerability types.
  • the server obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and performs matching analysis on the module list data with the vulnerability signature to obtain the scanning results.
  • the vulnerability scanning plug-in can effectively detect the existence of the business system Scan for vulnerabilities.
  • Vulnerabilities to be fixed include corresponding vulnerability status information.
  • the server obtains a preset vulnerability repair analysis model, where the vulnerability repair analysis model may be a neural network model based on a decision tree, and the vulnerability repair analysis model may include multiple preset vulnerability decision nodes.
  • the vulnerability status information is analyzed through the vulnerability repair analysis model, and the vulnerability characteristics of the vulnerability to be repaired are obtained. According to the vulnerability characteristics of the vulnerability to be repaired, multiple vulnerability decision nodes are traversed until the target node is traversed, and then the target repair plan corresponding to the vulnerability to be repaired is obtained according to the target node.
  • the target repair plan for the vulnerability to be repaired can be effectively obtained, and the efficiency of repairing the vulnerability can be effectively improved.
  • the server After the server obtains the target repair plan through the vulnerability repair analysis model, it pushes the target repair plan to the terminal, so that the operation and maintenance personnel can use the target repair plan to develop a corresponding repair package through the corresponding terminal.
  • the steps of repairing the vulnerability to be repaired by the vulnerability repair plug-in according to the repair package specifically include the following:
  • Step 402 Analyze the repair package through the vulnerability repair plug-in to obtain the repair script code and function interface in the repair package.
  • Step 404 Obtain the code identifier corresponding to the vulnerability to be fixed, and obtain the function call interface according to the code identifier.
  • Step 406 Reset the right corresponding to the vulnerability to be repaired to zero, and modify the function call interface of the vulnerability to be repaired to the function interface of the repair package.
  • Step 408 Store the repair script code in the local location corresponding to the vulnerability to be repaired, and delete the original script code of the vulnerability to be repaired.
  • the server After receiving the vulnerability scanning instruction sent by the terminal, the server obtains a preset vulnerability scanning plug-in according to the vulnerability scanning instruction, and the vulnerability scanning plug-in includes vulnerability signatures of multiple vulnerability types.
  • the server obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and performs matching analysis on the module list data with the vulnerability signature to obtain the scanning result.
  • the server obtains the preset vulnerability repair analysis model, analyzes the scan results through the vulnerability analysis model, and obtains the target repair plan for the vulnerability to be repaired; pushes the target repair plan to the corresponding terminal, so that The operation and maintenance personnel develop the corresponding repair package according to the target repair plan through the terminal. After the operation and maintenance personnel obtain the repair package through the corresponding terminal, they can send a vulnerability repair instruction to the server to repair the vulnerability to be repaired.
  • the server After receiving the vulnerability repair instruction and repair package sent by the terminal, the server obtains the preset vulnerability repair plug-in according to the vulnerability repair instruction, and repairs the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in. Specifically, the server obtains a preset vulnerability repair plug-in, parses the repair package through the vulnerability repair plug-in, references related class libraries, and uses the parsing engine to parse the repair script code and function interface in the repair package. Obtain the code identifier corresponding to the vulnerability to be repaired, obtain the function call interface according to the code identifier, reset the right corresponding to the vulnerability to be repaired to zero, and modify the function call interface of the vulnerability to be repaired to the function interface of the repair package to be repaired Replace the vulnerable function interface.
  • the server stores the repair script code to the location corresponding to the local vulnerability to be repaired, and deletes the original script code of the vulnerability to be repaired. After the server replaces the call interface, it replaces the original part of the code to be repaired by running the script in the repair package. Repair the loopholes in the business system. Scanning multiple module list data in the business system through the vulnerability scanning plug-in can quickly and effectively scan for vulnerabilities in the business system. After the vulnerability is scanned, the vulnerability repair analysis model is used to analyze the target repair plan for the vulnerability, so that the operation and maintenance personnel can develop the corresponding repair package according to the target repair plan, and use the repair package to repair the vulnerability through the vulnerability repair plug-in. It can effectively repair vulnerabilities and effectively improve the efficiency of vulnerabilities repair of business systems.
  • the server may also call a load balancer, allocate a new process for the repair package and bind a new listening port, and at the same time reset the weight of the original part to be repaired corresponding to the repair package to zero.
  • the old process is shut down, thereby realizing the update of the repair package.
  • the new and old code will not coexist when the application is running, thereby effectively improving the efficiency of vulnerability repair.
  • the method further includes: when the vulnerability to be fixed fails to be repaired, obtaining corresponding repair process information; obtaining a vulnerability repair detection model, and detecting and analyzing the repair process information through the vulnerability repair detection model to obtain an analysis result; Push the analysis results to the terminal so that the operation and maintenance personnel can adjust the repair package through the terminal.
  • the server After receiving the vulnerability scanning instruction sent by the terminal, the server obtains the preset vulnerability scanning plug-in according to the vulnerability scanning instruction, and obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and compares the module list data with the vulnerability characteristics The code is matched and analyzed to obtain the scanning result.
  • the server obtains the preset vulnerability repair analysis model, analyzes the scan results through the vulnerability analysis model, and obtains the target repair plan for the vulnerability to be repaired, and pushes the target repair plan to the corresponding terminal. It enables the operation and maintenance personnel to develop the corresponding repair package according to the target repair plan through the terminal.
  • the server receives the vulnerability repair instruction and repair package sent by the terminal, and repairs the vulnerability to be repaired according to the repair package through a preset vulnerability repair plug-in.
  • the server obtains the repair process information of the vulnerability to be repaired, and analyzes the reason for the failure to repair the vulnerability.
  • the server may obtain a preset vulnerability repair detection model, where the vulnerability repair detection model may be a model based on a decision tree, and the repair process information is analyzed through the vulnerability repair detection model.
  • the repair process information may include repair nodes and corresponding status information. The server can analyze each repair node and corresponding status information in the repair process information through the vulnerability repair detection model, determine the reason for the repair failure, and generate The corresponding analysis results.
  • the server After the server obtains the corresponding analysis result through the vulnerability analysis detection model, it pushes the analysis result to the corresponding terminal of the operation and maintenance personnel. Make the corresponding operation and maintenance terminal improve and adjust the repair package according to the analysis result to repair the vulnerability to be repaired again. Further, after the operation and maintenance personnel adjust and improve the repair package through the terminal, the update repair package is obtained, the update repair package is sent to the server, and the vulnerability repair instruction is sent. After the server receives the vulnerability repair instruction and the update repair package sent by the operation and maintenance terminal, the vulnerability repair plug-in uses the update repair package to repair the vulnerabilities to be repaired again, thereby ensuring that the vulnerabilities are effectively repaired. By using the vulnerability repair detection model to analyze the repair process information, the reason for the repair failure can be effectively analyzed, which can help to further repair the vulnerability, thereby effectively improving the efficiency of the vulnerability repair.
  • a business system vulnerability processing device including: a vulnerability scanning module 502, a vulnerability analysis module 504, a data push module 506, and a vulnerability repair module 508, wherein:
  • the vulnerability scanning module 502 is used to obtain vulnerability scanning plugins according to the vulnerability scanning instructions sent by the terminal.
  • the vulnerability scanning plugins include vulnerability signature codes of multiple vulnerability types; to obtain module list data of the business system, and to scan the module list data through the vulnerability scanning plugin , Perform matching analysis between the module list data and the vulnerability signature to obtain the scan result;
  • the vulnerability analysis module 504 is used to obtain a vulnerability repair analysis model when there is a vulnerability to be repaired in the scan result, analyze the scan result through the vulnerability analysis model, and obtain a target repair plan for the vulnerability to be repaired;
  • the data push module 506 is used to push the target repair plan to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair plan;
  • the vulnerability repair module 508 is used to obtain preset vulnerability repair plugins according to the vulnerability repair instructions, and repair the vulnerabilities to be repaired according to the repair package through the vulnerability repair plugins.
  • the module list data includes operating status information of multiple business modules
  • the vulnerability scanning module 502 is also used to traverse the operating status information of multiple business modules and match the operating status information with the vulnerability signature; When detecting the existence of operating status information matching the vulnerability signature, obtain the vulnerability signature corresponding to the operating status information; locate the vulnerability to be repaired with the vulnerability signature, and obtain the location identifier corresponding to the vulnerability to be repaired; and Generate corresponding scan results according to the vulnerability signature and location identification.
  • the device further includes a model building module for obtaining a plurality of sample vulnerability data, the sample vulnerability data includes the marked vulnerability data; feature extraction is performed on the sample vulnerability data, and the corresponding feature variable is extracted; Perform cluster analysis of feature variables to obtain multiple clustering results after multiple clustering; extract multiple feature variables and corresponding attribute information that reach a preset threshold according to the clustering results; and according to multiple feature variables and corresponding attribute information Use the neural network model to build a vulnerability repair analysis model.
  • a model building module for obtaining a plurality of sample vulnerability data, the sample vulnerability data includes the marked vulnerability data; feature extraction is performed on the sample vulnerability data, and the corresponding feature variable is extracted; Perform cluster analysis of feature variables to obtain multiple clustering results after multiple clustering; extract multiple feature variables and corresponding attribute information that reach a preset threshold according to the clustering results; and according to multiple feature variables and corresponding attribute information Use the neural network model to build a vulnerability repair analysis model.
  • the vulnerability analysis module 504 is also used to analyze the operating status information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model to obtain the vulnerability characteristics of the vulnerability to be repaired; according to the vulnerability characteristics, multiple vulnerability repair analysis models The decision node is traversed; and when the target decision node is traversed, the target repair plan corresponding to the vulnerability to be repaired is obtained according to the target decision node.
  • the vulnerability repair module 508 is also used to parse the repair package through the vulnerability repair plug-in to obtain the repair script code and function interface in the repair package; obtain the code identifier corresponding to the vulnerability to be repaired, and obtain the function according to the code identifier Call interface; reset the right corresponding to the vulnerability to be repaired to zero, modify the function call interface of the vulnerability to be repaired to the function interface of the repair package; and store the repair script code to the location corresponding to the local vulnerability to be repaired, and delete the vulnerability to be repaired The original script code of the vulnerability.
  • the device further includes a vulnerability repair detection module, which is used to obtain corresponding repair process information when the vulnerability to be repaired fails to be repaired; obtain a preset vulnerability repair detection model, and use the vulnerability repair detection model to check the repair process Information is detected and analyzed to obtain analysis results; and the analysis results are pushed to the terminal, so that the operation and maintenance personnel can adjust the repair package through the terminal.
  • a vulnerability repair detection module which is used to obtain corresponding repair process information when the vulnerability to be repaired fails to be repaired; obtain a preset vulnerability repair detection model, and use the vulnerability repair detection model to check the repair process Information is detected and analyzed to obtain analysis results; and the analysis results are pushed to the terminal, so that the operation and maintenance personnel can adjust the repair package through the terminal.
  • Each module in the above-mentioned business system vulnerability processing device can be implemented in whole or in part by software, hardware, and combinations thereof.
  • the foregoing modules may be embedded in the form of hardware or independent of the processor in the computer device, or may be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to the foregoing modules.
  • a computer device is provided.
  • the computer device may be a server, and its internal structure diagram may be as shown in FIG. 6.
  • the computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium and an internal memory.
  • the non-volatile storage medium stores an operating system, computer readable instructions, and a database.
  • the internal memory provides an environment for the operation of the operating system and computer-readable instructions in the non-volatile storage medium.
  • the database of the computer equipment is used to store data such as missing module list data, operating status information, hole scanning plug-ins, and vulnerability repair plug-ins.
  • the network interface of the computer device is used to communicate with an external terminal through a network connection.
  • FIG. 6 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied.
  • the specific computer device may Including more or fewer parts than shown in the figure, or combining some parts, or having a different arrangement of parts.
  • a computer device including a memory and one or more processors, in which computer-readable instructions are stored, and when the computer-readable instructions are executed by the processor, the steps of the business system vulnerability processing method provided in any one of the embodiments of the present application are implemented .
  • One or more non-volatile storage media storing computer-readable instructions.
  • the one or more processors implement the services provided in any embodiment of the present application Steps of system vulnerability processing method.
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • ROM read only memory
  • PROM programmable ROM
  • EPROM electrically programmable ROM
  • EEPROM electrically erasable programmable ROM
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A service system vulnerability processing method, comprising: obtaining a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by a terminal, the vulnerability scanning plug-in comprising multiple vulnerability types of vulnerability feature codes; obtaining module list data of a service system, scanning the module list data by means of the vulnerability scanning plug-in, and performing matching analysis on the module list data and the vulnerability feature codes to obtain a scanning result; if a vulnerability to be repaired exists in the scanning result, obtaining a vulnerability repair analysis model, and analyzing the scanning result by means of the vulnerability analysis model to obtain a target repair scheme of said vulnerability; pushing the target repair scheme to the corresponding terminal to receive a vulnerability repair instruction and a repair packet sent by the terminal according to the target repair scheme; and obtaining a vulnerability repair plug-in according to the vulnerability repair instruction, and repairing said vulnerability according to the repair packet by means of the vulnerability repair plug-in.

Description

业务系统漏洞处理方法、装置、计算机设备和存储介质Business system vulnerability processing method, device, computer equipment and storage medium
相关申请的交叉引用:Cross-references to related applications:
本申请要求于2019年07月05日提交至中国专利局,申请号为2019106034589,申请名称为“业务系统漏洞处理方法、装置、计算机设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed to the Chinese Patent Office on July 5, 2019, with the application number 2019106034589, and the application titled "Business System Vulnerability Handling Methods, Devices, Computer Equipment, and Storage Media", and its entire contents Incorporated in this application by reference.
技术领域Technical field
本申请涉及一种业务系统漏洞处理方法、装置、计算机设备和存储介质。This application relates to a method, device, computer equipment and storage medium for processing loopholes in a business system.
背景技术Background technique
随着互联网技术的不断发展,计算机也容易受到来自多种因素的影响,导致互联网中存在一定的安全漏洞。通常漏洞扫描是通过漏洞扫描器器根据目标系统的操作系统平台和提供的网络服务,调用漏洞资料库中已知的各种漏洞进行逐一检测,通过对探测响应数据包的分析判断是否存在漏洞。With the continuous development of Internet technology, computers are also susceptible to many factors, which lead to certain security loopholes in the Internet. Vulnerability scanning is usually through the vulnerability scanner according to the operating system platform of the target system and the network services provided, calling various known vulnerabilities in the vulnerability database to detect one by one, and judging whether there are vulnerabilities by analyzing the detection response data packet.
然而,现有的网络漏洞扫描器主要是利用特征匹配的原理来识别各种已知的漏洞。扫描器发送含有某一漏洞特征探测码的数据包,根据返回数据包中是否含有该漏洞的响应特征码来判断是否存在漏洞。大多数的漏洞采用数据库技术,漏洞工具依赖的数据比较多,使用较大的数据库进行漏洞管理,资源占用率较大,漏洞的扫描效率和修复效率较低。However, existing network vulnerability scanners mainly use the principle of feature matching to identify various known vulnerabilities. The scanner sends a data packet containing a vulnerability feature detection code, and determines whether there is a vulnerability based on whether the returned data packet contains the response feature code of the vulnerability. Most of the vulnerabilities use database technology, and the vulnerability tools rely on more data. Using a larger database for vulnerability management has a large resource occupancy rate and low vulnerability scanning efficiency and repair efficiency.
发明内容Summary of the invention
根据本申请公开的各种实施例,提供一种业务系统漏洞处理方法、装置、计算机设备和存储介质。According to various embodiments disclosed in the present application, a method, device, computer equipment, and storage medium for handling business system vulnerabilities are provided.
一种业务系统漏洞处理方法,所述方法包括:A method for processing loopholes in a business system, the method comprising:
根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描结果;Acquiring module list data of the business system, scanning the module list data through the vulnerability scanning plug-in, and performing matching analysis on the module list data and the vulnerability feature code to obtain a scanning result;
当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;When there are vulnerabilities to be repaired in the scanning result, obtain a vulnerability repair analysis model, and analyze the scanning result through the vulnerability analysis model to obtain a target repair plan for the vulnerability to be repaired;
将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送的漏洞修复指令和修复包;及Push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
根据所述漏洞修复指令获取漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。A vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
一种业务系统漏洞处理装置,所述装置包括:A device for processing loopholes in a business system, the device comprising:
漏洞扫描模块,用于根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描结果;The vulnerability scanning module is used to obtain the vulnerability scanning plug-in according to the vulnerability scanning instruction sent by the terminal. The vulnerability scanning plug-in includes vulnerability feature codes of multiple vulnerability types; to obtain the module list data of the business system, and the vulnerability scanning plug-in Scan the module list data, and perform matching analysis on the module list data and the vulnerability signature to obtain the scanning result;
漏洞分析模块,用于当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;The vulnerability analysis module is used to obtain a vulnerability repair analysis model when there is a vulnerability to be repaired in the scan result, analyze the scan result through the vulnerability analysis model, and obtain a target repair plan for the vulnerability to be repaired;
数据推送模块,用于将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送的漏洞修复指令和修复包;及A data push module, configured to push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
漏洞修复模块,用于根据所述漏洞修复指令获取漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。The vulnerability repair module is used to obtain the vulnerability repair plug-in according to the vulnerability repair instruction, and repair the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in.
一种计算机设备,包括存储器和一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述一个或多个处理器执行以下步骤:A computer device, including a memory and one or more processors, the memory stores computer readable instructions, when the computer readable instructions are executed by the processor, the one or more processors execute The following steps:
根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描 结果;Acquiring module list data of the business system, scanning the module list data through the vulnerability scanning plug-in, and performing matching analysis on the module list data with the vulnerability feature code to obtain the scanning result;
当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;When there are vulnerabilities to be repaired in the scanning result, obtain a vulnerability repair analysis model, and analyze the scanning result through the vulnerability analysis model to obtain a target repair plan for the vulnerability to be repaired;
将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送的漏洞修复指令和修复包;及Push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
根据所述漏洞修复指令获取漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。A vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
一种非易失性的计算机可读存储介质,所述存储介质中存储有至少一条指令,所述计算机可读存储介质中存储有至少一条计算机可读指令,所述计算机可读指令由处理器加载并执行以下步骤:A non-volatile computer-readable storage medium, the storage medium stores at least one instruction, the computer-readable storage medium stores at least one computer-readable instruction, and the computer-readable instruction is executed by a processor Load and perform the following steps:
根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描结果;Acquiring module list data of the business system, scanning the module list data through the vulnerability scanning plug-in, and performing matching analysis on the module list data and the vulnerability feature code to obtain a scanning result;
当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;When there are vulnerabilities to be repaired in the scanning result, obtain a vulnerability repair analysis model, and analyze the scanning result through the vulnerability analysis model to obtain a target repair plan for the vulnerability to be repaired;
将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送的漏洞修复指令和修复包;及Push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
根据所述漏洞修复指令获取漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。A vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征和优点将从说明书、附图以及权利要求书变得明显。The details of one or more embodiments of the application are set forth in the following drawings and description. Other features and advantages of this application will become apparent from the description, drawings and claims.
附图说明Description of the drawings
图1为根据一个或多个实施例中业务系统漏洞处理方法的应用场景图。Fig. 1 is an application scenario diagram of a method for processing a business system vulnerability according to one or more embodiments.
图2为根据一个或多个实施例中业务系统漏洞处理方法的流程示意图。Fig. 2 is a schematic flowchart of a method for processing a business system vulnerability according to one or more embodiments.
图3为根据一个或多个实施例中对漏洞进行扫描步骤的流程示意图。Fig. 3 is a schematic diagram of a process of scanning a vulnerability according to one or more embodiments.
图4为根据一个或多个实施例中对待修复漏洞进行修复步骤的流程示意图。Fig. 4 is a schematic diagram of a process of repairing a vulnerability to be repaired according to one or more embodiments.
图5为根据一个或多个实施例中业务系统漏洞处理装置的框图。Fig. 5 is a block diagram of a business system vulnerability processing device according to one or more embodiments.
图6为根据一个或多个实施例中计算机设备的框图。Figure 6 is a block diagram of a computer device according to one or more embodiments.
具体实施方式Detailed ways
为了使本申请的技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the technical solutions and advantages of the present application clearer, the following further describes the present application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and not used to limit the application.
本申请提供的业务系统漏洞处理方法,可以应用于如图1所示的应用环境中。终端102通过网络与服务器104通过网络进行通信。其中,终端102可以是运维人员对应的终端,终端102可以但不限于是各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备,服务器104可以是业务系统对应的服务器,服务器104可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The business system vulnerability processing method provided in this application can be applied to the application environment as shown in FIG. 1. The terminal 102 communicates with the server 104 through the network through the network. The terminal 102 may be a terminal corresponding to operation and maintenance personnel. The terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server 104 may be a server corresponding to a business system. 104 can be implemented by an independent server or a server cluster composed of multiple servers.
在其中一个实施例中,如图2所示,提供了一种业务系统漏洞处理方法,以该方法应用于图1中的服务器为例进行说明,包括以下步骤:In one of the embodiments, as shown in FIG. 2, a method for processing vulnerabilities in a business system is provided. Taking the method applied to the server in FIG. 1 as an example for description, the method includes the following steps:
步骤202,根据终端发送的漏洞扫描指令获取漏洞扫描插件,漏洞扫描插件包括多个漏洞类型的漏洞特征码。Step 202: Obtain a vulnerability scanning plug-in according to the vulnerability scanning instruction sent by the terminal. The vulnerability scanning plug-in includes vulnerability feature codes of multiple vulnerability types.
业务系统可以是业务处理系统,可以是对业务处理过程进行针对性支持的信息系统,能够为某项工作的完成提供有力的工具支撑。业务系统中可以包括多个业务模块,每个模块包括对应的模块列表,模块列表中包括了业务模块的状态信息。状态信息可以包括业务模块的运行状态信息、以及模块的描述信息等。A business system can be a business processing system, or an information system that provides targeted support for business processing, and can provide powerful tool support for the completion of a certain task. The business system may include multiple business modules, each module includes a corresponding module list, and the module list includes status information of the business module. The status information may include the running status information of the service module, and the description information of the module.
业务系统在运行的过程中,可能会出现异常或漏洞,因此需要对业务系统进行漏洞扫描和修复。During the operation of the business system, anomalies or vulnerabilities may occur. Therefore, the business system needs to be scanned and repaired for vulnerabilities.
漏洞可以是指业务系统中存在的弱点或缺陷,并且对业务系统存在一定威胁攻击或危险事件的可能性。漏洞可以包括但不限于来自系统设计时的缺陷或编码时产生的错误、来自业务在交互处理过程中的设计缺陷或逻辑流程上的不 合理之处,以及来自外部攻击而产生缺陷或错误。漏洞扫描是指通过扫描等手段对业务系统的安全性进行检测,检测出业务系统中存在的漏洞。漏洞扫描插件可以是根据业务系统的运行逻辑等,预先配置的用于检测漏洞的插件程序。Vulnerabilities can refer to weaknesses or defects in the business system, and the possibility of threats or dangerous incidents to the business system. Vulnerabilities can include, but are not limited to, defects or errors arising from system design or coding, design defects or unreasonable logical processes during the interactive processing of the business, and defects or errors arising from external attacks. Vulnerability scanning refers to the detection of the security of the business system through scanning and other means to detect the vulnerabilities in the business system. The vulnerability scanning plug-in may be a pre-configured plug-in program for detecting vulnerabilities according to the operating logic of the business system.
步骤204,获取业务系统的模块列表数据,通过漏洞扫描插件对模块列表数据进行扫描,将模块列表数据与漏洞特征码进行匹配分析,得到扫描结果。Step 204: Obtain the module list data of the business system, scan the module list data through the vulnerability scanning plug-in, and perform matching analysis on the module list data and the vulnerability feature code to obtain the scanning result.
服务器接收到指定发送的漏洞扫描指令后,根据漏洞扫描指令获取业务系统的模块列表数据,模块列表数据中包括多个业务模块的运行状态信息。服务器进而获取预设的漏洞扫描插件,通过漏洞扫描插件对模块列表数据进行扫描,扫描业务系统中多个模块列表数据中的运行状态信息,并将运行状态信息与漏洞插件中预置的漏洞特征码对应的漏洞描述信息进行匹配分析。After receiving the specified vulnerability scanning instruction, the server obtains the module list data of the business system according to the vulnerability scanning instruction, and the module list data includes operation status information of multiple business modules. The server then obtains the preset vulnerability scanning plug-in, scans the module list data through the vulnerability scanning plug-in, scans the operating status information in the multiple module list data in the business system, and compares the operating status information with the vulnerability features preset in the vulnerability plugin The vulnerability description information corresponding to the code is matched and analyzed.
当检测到存在与漏洞特征码相同的运行状态信息时,获取与运行状态信息相对应的漏洞特征码,并根据漏洞特征码生成对应的扫描结果。通过利用漏洞扫描插件对业务系统进行漏洞扫描,能够及时准确地检测到业务系统的基础架构存在的安全隐患,以保证业务顺利的开展,从而有效地保证了业务系统中信息资产的安全。When it is detected that there is running status information that is the same as the vulnerability signature, the vulnerability signature corresponding to the running status information is obtained, and the corresponding scanning result is generated according to the vulnerability signature. By using the vulnerability scanning plug-in to scan the business system for vulnerabilities, the security risks of the business system infrastructure can be detected timely and accurately to ensure the smooth development of the business, thereby effectively ensuring the security of the information assets in the business system.
步骤206,当扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过漏洞分析模型对扫描结果进行分析,得到待修复漏洞的目标修复方案。Step 206: When there are vulnerabilities to be repaired in the scanning results, a vulnerability repair analysis model is obtained, and the scanning results are analyzed through the vulnerability analysis model to obtain a target repair plan for the vulnerabilities to be repaired.
步骤208,将目标修复方案推送至对应的终端,以接收终端根据目标修复方案发送的漏洞修复指令和修复包。Step 208: Push the target repair plan to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair plan.
当扫描结果中存在待修复漏洞时,表示业务系统中存在漏洞,需要进行修复。待修复漏洞包括对应的漏洞状态信息。具体地,服务器获取预设的漏洞修复分析模型,其中,漏洞修复分析模型可以是基于决策树的神经网络模型,漏洞修复分析模型中可以包括多个预置的漏洞决策节点。通过漏洞修复分析模型对漏洞状态信息进行分析,得到待修复漏洞的漏洞特征。根据待修复漏洞的漏洞特征对多个漏洞决策节点进行遍历,直到遍历至目标节点,则根据目标节点获取该待修复漏洞对应的目标修复方案。When there are vulnerabilities to be fixed in the scan results, it means that there are vulnerabilities in the business system and need to be fixed. Vulnerabilities to be fixed include corresponding vulnerability status information. Specifically, the server obtains a preset vulnerability repair analysis model, where the vulnerability repair analysis model may be a neural network model based on a decision tree, and the vulnerability repair analysis model may include multiple preset vulnerability decision nodes. The vulnerability status information is analyzed through the vulnerability repair analysis model, and the vulnerability characteristics of the vulnerability to be repaired are obtained. According to the vulnerability characteristics of the vulnerability to be repaired, multiple vulnerability decision nodes are traversed until the target node is traversed, and then the target repair plan corresponding to the vulnerability to be repaired is obtained according to the target node.
服务器通过漏洞修复分析模型得到目标修复方案后,则将目标修复方案推送至终端,以使得运维人员通过对应的终端利用目标修复方案研发出对应的修 复包。After the server obtains the target repair plan through the vulnerability repair analysis model, it pushes the target repair plan to the terminal so that the operation and maintenance personnel can use the target repair plan to develop a corresponding repair package through the corresponding terminal.
步骤210,根据漏洞修复指令获取漏洞修复插件,通过漏洞修复插件根据修复包对待修复漏洞进行修复。Step 210: Obtain a vulnerability repair plug-in according to the vulnerability repair instruction, and repair the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in.
运维人员通过对应的终端得到修复包后,可以向服务器发送漏洞修复指令,以对待修复漏洞进行修复。具体地,服务器接收到终端发送的漏洞修复指令和修复包后,根据漏洞修复指令获取预设的漏洞修复插件,并通过漏洞修复插件根据修复包对待修复漏洞进行修复。After the operation and maintenance personnel obtain the repair package through the corresponding terminal, they can send a vulnerability repair instruction to the server to repair the vulnerability to be repaired. Specifically, after receiving the vulnerability repair instruction and repair package sent by the terminal, the server obtains the preset vulnerability repair plug-in according to the vulnerability repair instruction, and repairs the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in.
具体地,服务器通过漏洞修复插件对修复包进行解析,得到修复包中的修复脚本代码和函数接口。获取待修复漏洞对应的代码标识,根据代码标识获取函数调用接口,将待修复漏洞对应的权重置为零,并将待修复漏洞的函数调用接口修改为该修复包的函数接口。服务器则将修复脚本代码存储至本地待修复漏洞对应的位置,并删除待修复漏洞的原始脚本代码,由此对待修复漏洞进行更新修复。通过漏洞扫描插件对业务系统中的多个模块列表数据进行扫描,能够快速有效地扫描出业务系统中存在的漏洞。当扫描出漏洞后,通过漏洞修复分析模型分析得出该漏洞的目标修复方案,以使得运维人员根据目标修复方案研发对应的修复包,并通过漏洞修复插件利用修复包对漏洞进行修复,从而能够有效地对漏洞进行修复。Specifically, the server parses the repair package through the vulnerability repair plug-in, and obtains the repair script code and function interface in the repair package. Obtain the code identifier corresponding to the vulnerability to be repaired, obtain the function call interface according to the code identifier, reset the right corresponding to the vulnerability to be repaired to zero, and modify the function call interface of the vulnerability to be repaired to the function interface of the repair package. The server stores the repair script code in the local location corresponding to the vulnerability to be repaired, and deletes the original script code of the vulnerability to be repaired, thereby updating and repairing the vulnerability to be repaired. Scanning multiple module list data in the business system through the vulnerability scanning plug-in can quickly and effectively scan for vulnerabilities in the business system. After the vulnerability is scanned, the vulnerability repair analysis model is used to analyze the target repair plan for the vulnerability, so that the operation and maintenance personnel can develop the corresponding repair package according to the target repair plan, and use the repair package to repair the vulnerability through the vulnerability repair plug-in. Can effectively repair vulnerabilities.
上述业务系统的漏洞修复方法中,服务器根据终端发送的获取预设的漏洞扫描插件,并获取业务系统的模块列表数据,通过漏洞扫描插件对模块列表数据进行扫描,并将模块列表数据与漏洞特征码进行匹配分析,得到扫描结果,通过漏洞扫描插件进行漏洞扫描和分析,由此能够及时有效地扫描出业务系统中存在的漏洞。当扫描结果中存在待修复漏洞时,服务器获取预设的漏洞修复分析模型,通过漏洞分析模型对扫描结果进行分析,得到待修复漏洞的目标修复方案;将目标修复方案推送至对应的终端,通过漏洞修复分析模型分析得出该漏洞的目标修复方案后,可以有效使得相关工作人员通过终端根据目标修复方案研发出对应的修复包。服务器从而能够通过漏洞修复插件根据终端发送漏洞修复指令和修复包,对待修复漏洞进行有效地修复,从而能够及时有效地对业务系统中存在的漏洞进行修复。In the vulnerability repair method of the business system, the server obtains the preset vulnerability scanning plug-in sent by the terminal, and obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and compares the module list data with the vulnerability characteristics The code is matched and analyzed to obtain the scanning result, and the vulnerability scanning and analysis are performed through the vulnerability scanning plug-in, so that the vulnerabilities existing in the business system can be scanned effectively in time. When there are vulnerabilities to be repaired in the scan results, the server obtains the preset vulnerability repair analysis model, analyzes the scan results through the vulnerability analysis model, and obtains the target repair plan for the vulnerability to be repaired; pushes the target repair plan to the corresponding terminal and passes After the vulnerability repair analysis model analyzes and obtains the target repair plan of the vulnerability, it can effectively enable relevant staff to develop a corresponding repair package according to the target repair plan through the terminal. The server can thus send vulnerability repair instructions and repair packages according to the terminal through the vulnerability repair plug-in, and effectively repair the vulnerabilities to be repaired, so that the vulnerabilities existing in the business system can be repaired in a timely and effective manner.
在其中一个实施例中,如图3所示,通过漏洞扫描插件对模块列表数据进行扫描的步骤,具体包括以下内容:In one of the embodiments, as shown in FIG. 3, the step of scanning the module list data through the vulnerability scanning plug-in specifically includes the following content:
步骤302,对多个模块列表的运行状态信息进行遍历,将运行状态信息与漏洞特征码进行匹配。Step 302: traverse the running status information of multiple module lists, and match the running status information with the vulnerability signature.
步骤304,当检测到存在与漏洞特征码相匹配的运行状态信息时,获取与运行状态信息相对应的漏洞特征码。Step 304: When it is detected that there is running status information matching the vulnerability feature code, acquire a vulnerability feature code corresponding to the running status information.
步骤306,对存在漏洞特征码的待修复漏洞进行定位,获取待修复漏洞对应的位置标识。 Step 306, locate the vulnerability to be repaired with the vulnerability feature code, and obtain the location identifier corresponding to the vulnerability to be repaired.
步骤308,根据待修复漏洞的漏洞特征码和位置标识生成对应的扫描结果。Step 308: Generate a corresponding scan result according to the vulnerability feature code and location identifier of the vulnerability to be repaired.
漏洞扫描插件中包括多个扫描类别以及预设组件,漏洞扫描插件中还包括多个业务系统对应的漏洞特征码。服务器接收到指定发送的漏洞扫描指令后,通过漏洞扫描插件对业务系统中的模块列表数据进行漏洞扫描,其中,模块列表数据中包括多个业务模块的运行状态信息。服务器进而获取预设的漏洞扫描插件,通过漏洞扫描插件对模块列表数据进行扫描,扫描业务系统中多个模块列表数据中的运行状态信息,并将运行状态信息与漏洞插件中预置的漏洞特征码对应的漏洞描述信息进行匹配分析。The vulnerability scanning plug-in includes multiple scanning categories and preset components, and the vulnerability scanning plug-in also includes vulnerability signature codes corresponding to multiple business systems. After receiving the specified vulnerability scanning instruction, the server performs vulnerability scanning on the module list data in the business system through the vulnerability scanning plug-in, where the module list data includes operation status information of multiple business modules. The server then obtains the preset vulnerability scanning plug-in, scans the module list data through the vulnerability scanning plug-in, scans the operating status information in the multiple module list data in the business system, and compares the operating status information with the vulnerability features preset in the vulnerability plugin The vulnerability description information corresponding to the code is matched and analyzed.
具体地,服务器对多个模块列表的运行状态信息进行遍历,并将运行状态信息与漏洞特征码进行匹配。当检测到存在与漏洞特征码相同的运行状态信息时,获取与运行状态信息相对应的漏洞特征码。对存在漏洞特征码的待修复漏洞进行定位,得到对应的位置标识,服务器则根据漏洞特征码和位置标识生成对应的扫描结果。通过利用漏洞扫描插件对业务系统进行漏洞扫描,能够及时准确地检测到业务系统的基础架构存在的安全隐患,以保证业务顺利的开展,从而有效地保证了业务系统中信息资产的安全。Specifically, the server traverses the running status information of multiple module lists, and matches the running status information with the vulnerability signature. When it is detected that the running status information that is the same as the vulnerability signature, the vulnerability signature corresponding to the running status information is obtained. The vulnerability to be repaired with the vulnerability signature is located, and the corresponding location identifier is obtained. The server generates the corresponding scanning result according to the vulnerability signature and the location identifier. By using the vulnerability scanning plug-in to scan the business system for vulnerabilities, the security risks of the business system infrastructure can be detected timely and accurately to ensure the smooth development of the business, thereby effectively ensuring the security of the information assets in the business system.
在其中一个实施例中,获取漏洞修复分析模型之前,还包括:获取多个样本漏洞数据,样本漏洞数据包括已标注的漏洞数据;对样本漏洞数据进行特征提取,提取出对应的特征变量;对特征变量进行聚类分析,得到多次聚类后的多个聚类结果;根据聚类结果提取达到预设阈值多个特征变量和对应的属性信息;根据多个特征变量和对应的属性信息利用神经网络模型构建漏洞修复分析 模型。In one of the embodiments, before obtaining the vulnerability repair analysis model, the method further includes: obtaining a plurality of sample vulnerability data, the sample vulnerability data includes the marked vulnerability data; performing feature extraction on the sample vulnerability data, and extracting the corresponding feature variable; Perform cluster analysis of feature variables to obtain multiple clustering results after multiple clustering; extract multiple feature variables and corresponding attribute information that reach a preset threshold according to the clustering results; use multiple feature variables and corresponding attribute information according to the clustering results The neural network model constructs a vulnerability repair analysis model.
服务器在接收终端发送的漏洞扫描指令之前,还可以预先构建漏洞修复分析模型。例如,服务器可以获取大量的样本漏洞数据,并对大量的漏洞数据进行大数据分析。漏洞数据可以包括已标注的漏洞和对应的解决方案信息。例如服务器对大量的漏洞数据进行特征提取,提取出对应的特征变量,进而采用聚类算法对特征变量进行聚类分析,服务器通过对特征变量进行多次聚类后得到多个聚类结果,服务器则提取出达到预设阈值特征变量和对应的属性信息。服务器可以获取预设的神经网络模型,进而利用提取出的特征变量和对应的属性信息按照预设方式构建出漏洞修复分析模型。Before the server receives the vulnerability scanning instruction sent by the terminal, it can also construct a vulnerability repair analysis model in advance. For example, the server can obtain a large amount of sample vulnerability data and perform big data analysis on a large amount of vulnerability data. Vulnerability data may include marked vulnerabilities and corresponding solution information. For example, the server performs feature extraction on a large amount of vulnerability data, extracts the corresponding feature variables, and then uses a clustering algorithm to perform cluster analysis on the feature variables. The server obtains multiple clustering results after clustering the feature variables multiple times. Then, the feature variable and the corresponding attribute information reaching the preset threshold are extracted. The server can obtain a preset neural network model, and then use the extracted feature variables and corresponding attribute information to construct a vulnerability repair analysis model in a preset manner.
在其中一个实施例中,通过漏洞分析模型对扫描结果进行分析,得到待修复漏洞的目标修复方案的步骤包括:通过漏洞修复分析模型对待修复漏洞对应的运行状态信息进行分析,得到待修复漏洞的漏洞特征;根据漏洞特征对漏洞修复分析模型中的多个决策节点进行遍历;当遍历至目标决策节点时,根据目标决策节点获取待修复漏洞对应的目标修复方案。In one of the embodiments, the scanning results are analyzed through the vulnerability analysis model to obtain the target repair plan for the vulnerability to be repaired. The steps include: analyzing the operating status information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model to obtain the vulnerability to be repaired Vulnerability characteristics: traverse multiple decision nodes in the vulnerability repair analysis model according to the vulnerability characteristics; when traversing to the target decision node, obtain the target repair plan corresponding to the vulnerability to be repaired according to the target decision node.
服务器接收终端发送的漏洞扫描指令后,根据漏洞扫描指令获取预设的漏洞扫描插件,漏洞扫描插件包括多个漏洞类型的漏洞特征码。服务器则获取业务系统的模块列表数据,通过漏洞扫描插件对模块列表数据进行扫描,并将模块列表数据与漏洞特征码进行匹配分析,得到扫描结果,通过漏洞扫描插件能够有效地对业务系统中存在的漏洞进行扫描。After receiving the vulnerability scanning instruction sent by the terminal, the server obtains a preset vulnerability scanning plug-in according to the vulnerability scanning instruction, and the vulnerability scanning plug-in includes vulnerability signatures of multiple vulnerability types. The server obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and performs matching analysis on the module list data with the vulnerability signature to obtain the scanning results. The vulnerability scanning plug-in can effectively detect the existence of the business system Scan for vulnerabilities.
当扫描结果中存在待修复漏洞时,表示业务系统中存在漏洞,需要进行修复。待修复漏洞包括对应的漏洞状态信息。具体地,服务器获取预设的漏洞修复分析模型,其中,漏洞修复分析模型可以是基于决策树的神经网络模型,漏洞修复分析模型中可以包括多个预置的漏洞决策节点。通过漏洞修复分析模型对漏洞状态信息进行分析,得到待修复漏洞的漏洞特征。根据待修复漏洞的漏洞特征对多个漏洞决策节点进行遍历,直到遍历至目标节点,则根据目标节点获取该待修复漏洞对应的目标修复方案。通过漏洞修复分析模型对待修复漏洞进行分析,由此能够有效地得到该待修复漏洞的目标修复方案,进而能够有效提高漏洞的修复效率。When there are vulnerabilities to be fixed in the scan results, it means that there are vulnerabilities in the business system and need to be fixed. Vulnerabilities to be fixed include corresponding vulnerability status information. Specifically, the server obtains a preset vulnerability repair analysis model, where the vulnerability repair analysis model may be a neural network model based on a decision tree, and the vulnerability repair analysis model may include multiple preset vulnerability decision nodes. The vulnerability status information is analyzed through the vulnerability repair analysis model, and the vulnerability characteristics of the vulnerability to be repaired are obtained. According to the vulnerability characteristics of the vulnerability to be repaired, multiple vulnerability decision nodes are traversed until the target node is traversed, and then the target repair plan corresponding to the vulnerability to be repaired is obtained according to the target node. By analyzing the vulnerability to be repaired through the vulnerability repair analysis model, the target repair plan for the vulnerability to be repaired can be effectively obtained, and the efficiency of repairing the vulnerability can be effectively improved.
服务器通过漏洞修复分析模型得到目标修复方案后,则将目标修复方案推送至终端,以使得运维人员通过对应的终端利用目标修复方案研发出对应的修复包。After the server obtains the target repair plan through the vulnerability repair analysis model, it pushes the target repair plan to the terminal, so that the operation and maintenance personnel can use the target repair plan to develop a corresponding repair package through the corresponding terminal.
在其中一个实施例中,如图4所示,通过漏洞修复插件根据修复包对待修复漏洞进行修复的步骤,具体包括以下内容:In one of the embodiments, as shown in FIG. 4, the steps of repairing the vulnerability to be repaired by the vulnerability repair plug-in according to the repair package specifically include the following:
步骤402,通过漏洞修复插件对修复包进行解析,得到修复包中的修复脚本代码和函数接口。Step 402: Analyze the repair package through the vulnerability repair plug-in to obtain the repair script code and function interface in the repair package.
步骤404,获取待修复漏洞对应的代码标识,根据代码标识获取函数调用接口。Step 404: Obtain the code identifier corresponding to the vulnerability to be fixed, and obtain the function call interface according to the code identifier.
步骤406,将待修复漏洞对应的权重置为零,将待修复漏洞的函数调用接口修改为修复包的函数接口。Step 406: Reset the right corresponding to the vulnerability to be repaired to zero, and modify the function call interface of the vulnerability to be repaired to the function interface of the repair package.
步骤408,将修复脚本代码存储至本地待修复漏洞对应的位置,并删除待修复漏洞的原始脚本代码。Step 408: Store the repair script code in the local location corresponding to the vulnerability to be repaired, and delete the original script code of the vulnerability to be repaired.
服务器接收终端发送的漏洞扫描指令后,根据漏洞扫描指令获取预设的漏洞扫描插件,漏洞扫描插件包括多个漏洞类型的漏洞特征码。服务器则获取业务系统的模块列表数据,通过漏洞扫描插件对模块列表数据进行扫描,并将模块列表数据与漏洞特征码进行匹配分析,得到扫描结果。当扫描结果中存在待修复漏洞时,服务器获取预设的漏洞修复分析模型,通过漏洞分析模型对扫描结果进行分析,得到待修复漏洞的目标修复方案;将目标修复方案推送至对应的终端,使得运维人员通过终端根据目标修复方案开发对应的修复包。运维人员通过对应的终端得到修复包后,可以向服务器发送漏洞修复指令,以对待修复漏洞进行修复。After receiving the vulnerability scanning instruction sent by the terminal, the server obtains a preset vulnerability scanning plug-in according to the vulnerability scanning instruction, and the vulnerability scanning plug-in includes vulnerability signatures of multiple vulnerability types. The server obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and performs matching analysis on the module list data with the vulnerability signature to obtain the scanning result. When there are vulnerabilities to be repaired in the scan results, the server obtains the preset vulnerability repair analysis model, analyzes the scan results through the vulnerability analysis model, and obtains the target repair plan for the vulnerability to be repaired; pushes the target repair plan to the corresponding terminal, so that The operation and maintenance personnel develop the corresponding repair package according to the target repair plan through the terminal. After the operation and maintenance personnel obtain the repair package through the corresponding terminal, they can send a vulnerability repair instruction to the server to repair the vulnerability to be repaired.
服务器接收到终端发送的漏洞修复指令和修复包后,根据漏洞修复指令获取预设的漏洞修复插件,并通过漏洞修复插件根据修复包对待修复漏洞进行修复。具体地,服务器获取预设的漏洞修复插件,通过漏洞修复插件对修复包进行解析,并引用相关的类库,利用解析引擎解析得到修复包中的修复脚本代码和函数接口。获取待修复漏洞对应的代码标识,根据代码标识获取函数调用接口,将待修复漏洞对应的权重置为零,并将待修复漏洞的函数调用接口修改为 该修复包的函数接口,以对待修复漏洞的函数接口进行替换。服务器则将修复脚本代码存储至本地待修复漏洞对应的位置,并删除待修复漏洞的原始脚本代码,服务器替换调用接口后,通过运行修复包中的脚本以替换掉原始待修复部分的代码,以对业务系统存在的漏洞进行修复。通过漏洞扫描插件对业务系统中的多个模块列表数据进行扫描,能够快速有效地扫描出业务系统中存在的漏洞。当扫描出漏洞后,通过漏洞修复分析模型分析得出该漏洞的目标修复方案,以使得运维人员根据目标修复方案研发对应的修复包,并通过漏洞修复插件利用修复包对漏洞进行修复,从而能够有效地对漏洞进行修复,并且效地提高了业务系统的漏洞修复效率。After receiving the vulnerability repair instruction and repair package sent by the terminal, the server obtains the preset vulnerability repair plug-in according to the vulnerability repair instruction, and repairs the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in. Specifically, the server obtains a preset vulnerability repair plug-in, parses the repair package through the vulnerability repair plug-in, references related class libraries, and uses the parsing engine to parse the repair script code and function interface in the repair package. Obtain the code identifier corresponding to the vulnerability to be repaired, obtain the function call interface according to the code identifier, reset the right corresponding to the vulnerability to be repaired to zero, and modify the function call interface of the vulnerability to be repaired to the function interface of the repair package to be repaired Replace the vulnerable function interface. The server stores the repair script code to the location corresponding to the local vulnerability to be repaired, and deletes the original script code of the vulnerability to be repaired. After the server replaces the call interface, it replaces the original part of the code to be repaired by running the script in the repair package. Repair the loopholes in the business system. Scanning multiple module list data in the business system through the vulnerability scanning plug-in can quickly and effectively scan for vulnerabilities in the business system. After the vulnerability is scanned, the vulnerability repair analysis model is used to analyze the target repair plan for the vulnerability, so that the operation and maintenance personnel can develop the corresponding repair package according to the target repair plan, and use the repair package to repair the vulnerability through the vulnerability repair plug-in. It can effectively repair vulnerabilities and effectively improve the efficiency of vulnerabilities repair of business systems.
进一步的,服务器还可以调用一个负载均衡器,为该修复包分配一个新的进程并绑定一个新的侦听端口,同时将该修复包对应的原始待修复部分的权重置为零。当待修复部分对应的连接都断开后,则关掉旧进程,由此实现对修复包的更新。通过替换待修复部分的代码,使得在运行应用程序时新旧代码不会共存,由此能够有效提高漏洞修复的效率。Further, the server may also call a load balancer, allocate a new process for the repair package and bind a new listening port, and at the same time reset the weight of the original part to be repaired corresponding to the repair package to zero. When the connections corresponding to the part to be repaired are disconnected, the old process is shut down, thereby realizing the update of the repair package. By replacing the part of the code to be repaired, the new and old code will not coexist when the application is running, thereby effectively improving the efficiency of vulnerability repair.
在其中一个实施例中,该方法还包括:当待修复漏洞修复失败时,获取对应的修复过程信息;获取漏洞修复检测模型,通过漏洞修复检测模型对修复过程信息进行检测分析,得到分析结果;将分析结果推送至终端,使得运维人员通过终端对修复包进行调整。In one of the embodiments, the method further includes: when the vulnerability to be fixed fails to be repaired, obtaining corresponding repair process information; obtaining a vulnerability repair detection model, and detecting and analyzing the repair process information through the vulnerability repair detection model to obtain an analysis result; Push the analysis results to the terminal so that the operation and maintenance personnel can adjust the repair package through the terminal.
服务器接收终端发送的漏洞扫描指令后,根据漏洞扫描指令获取预设的漏洞扫描插件,并获取业务系统的模块列表数据,通过漏洞扫描插件对模块列表数据进行扫描,并将模块列表数据与漏洞特征码进行匹配分析,得到扫描结果。当扫描结果中存在待修复漏洞时,服务器获取预设的漏洞修复分析模型,通过漏洞分析模型对扫描结果进行分析,得到待修复漏洞的目标修复方案,并将目标修复方案推送至对应的终端,使得运维人员通过终端根据目标修复方案开发对应的修复包。服务器接收终端发送漏洞修复指令和修复包,并通过预设的漏洞修复插件根据修复包对待修复漏洞进行修复。After receiving the vulnerability scanning instruction sent by the terminal, the server obtains the preset vulnerability scanning plug-in according to the vulnerability scanning instruction, and obtains the module list data of the business system, scans the module list data through the vulnerability scanning plug-in, and compares the module list data with the vulnerability characteristics The code is matched and analyzed to obtain the scanning result. When there are vulnerabilities to be fixed in the scan results, the server obtains the preset vulnerability repair analysis model, analyzes the scan results through the vulnerability analysis model, and obtains the target repair plan for the vulnerability to be repaired, and pushes the target repair plan to the corresponding terminal. It enables the operation and maintenance personnel to develop the corresponding repair package according to the target repair plan through the terminal. The server receives the vulnerability repair instruction and repair package sent by the terminal, and repairs the vulnerability to be repaired according to the repair package through a preset vulnerability repair plug-in.
在服务器对待修复漏洞进行修复的过程中,当检测到待修复漏洞修复失败时,服务器获取对待修复漏洞进行修复的修复过程信息,并对对漏洞修复失败 的原因进行分析。具体地,服务器可以获取预设的漏洞修复检测模型,其中,漏洞修复检测模型可以是基于决策树的模型,通过漏洞修复检测模型对修复过程信息进行分析。具体地,修复过程信息可以包括修复节点和对应的状态信息,服务器可以通过漏洞修复检测模型对修复过程信息中的每个修复节点和对应的状态信息进行分析,决策出修复失败的原因,并生成对应的分析结果。In the process of repairing the vulnerability to be repaired by the server, when it is detected that the repair of the vulnerability to be repaired fails, the server obtains the repair process information of the vulnerability to be repaired, and analyzes the reason for the failure to repair the vulnerability. Specifically, the server may obtain a preset vulnerability repair detection model, where the vulnerability repair detection model may be a model based on a decision tree, and the repair process information is analyzed through the vulnerability repair detection model. Specifically, the repair process information may include repair nodes and corresponding status information. The server can analyze each repair node and corresponding status information in the repair process information through the vulnerability repair detection model, determine the reason for the repair failure, and generate The corresponding analysis results.
服务器通过漏洞分析检测模型得到对应的分析结果后,则将分析结果推送至运维人员对应终端。使得对应的运维终端根据分析结果对修复包进行改进和调整,以对待修复漏洞进行再次修复。进一步的,运维人员通过终端对修复包进行调整和改进后,得到更新修复包,将更新修复包发送至服务器,并发送漏洞修复指令。服务器接收到运维终端发送的漏洞修复指令和更新修复包后,通过漏洞修复插件根据该更新修复包再次对待修复漏洞进行修复,由此能够保证有效地漏洞进行修复。通过利用漏洞修复检测模型对修复过程信息进行分析,能够有效地分析出修复失败的原因,由此能够有利于进一步对漏洞进行修复,从而能够有效提高漏洞修复的效率。After the server obtains the corresponding analysis result through the vulnerability analysis detection model, it pushes the analysis result to the corresponding terminal of the operation and maintenance personnel. Make the corresponding operation and maintenance terminal improve and adjust the repair package according to the analysis result to repair the vulnerability to be repaired again. Further, after the operation and maintenance personnel adjust and improve the repair package through the terminal, the update repair package is obtained, the update repair package is sent to the server, and the vulnerability repair instruction is sent. After the server receives the vulnerability repair instruction and the update repair package sent by the operation and maintenance terminal, the vulnerability repair plug-in uses the update repair package to repair the vulnerabilities to be repaired again, thereby ensuring that the vulnerabilities are effectively repaired. By using the vulnerability repair detection model to analyze the repair process information, the reason for the repair failure can be effectively analyzed, which can help to further repair the vulnerability, thereby effectively improving the efficiency of the vulnerability repair.
应该理解的是,虽然图2-4的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,图2-4中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the flowcharts of FIGS. 2-4 are displayed in sequence as indicated by the arrows, these steps are not necessarily executed in sequence in the order indicated by the arrows. Unless specifically stated in this article, the execution of these steps is not strictly limited in order, and these steps can be executed in other orders. Moreover, at least some of the steps in Figures 2-4 may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but can be executed at different times. These sub-steps or stages The execution order of is not necessarily performed sequentially, but may be performed alternately or alternately with at least a part of other steps or sub-steps or stages of other steps.
在其中一个实施例中,如图5所示,提供了一种业务系统漏洞处理装置,包括:漏洞扫描模块502、漏洞分析模块504、数据推送模块506和漏洞修复模块508,其中:In one of the embodiments, as shown in FIG. 5, a business system vulnerability processing device is provided, including: a vulnerability scanning module 502, a vulnerability analysis module 504, a data push module 506, and a vulnerability repair module 508, wherein:
漏洞扫描模块502,用于根据终端发送的漏洞扫描指令获取漏洞扫描插件,漏洞扫描插件包括多个漏洞类型的漏洞特征码;获取业务系统的模块列表数据,通过漏洞扫描插件对模块列表数据进行扫描,将模块列表数据与漏洞特征码进行匹配分析,得到扫描结果;The vulnerability scanning module 502 is used to obtain vulnerability scanning plugins according to the vulnerability scanning instructions sent by the terminal. The vulnerability scanning plugins include vulnerability signature codes of multiple vulnerability types; to obtain module list data of the business system, and to scan the module list data through the vulnerability scanning plugin , Perform matching analysis between the module list data and the vulnerability signature to obtain the scan result;
漏洞分析模块504,用于当扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过漏洞分析模型对扫描结果进行分析,得到待修复漏洞的目标修复方案;The vulnerability analysis module 504 is used to obtain a vulnerability repair analysis model when there is a vulnerability to be repaired in the scan result, analyze the scan result through the vulnerability analysis model, and obtain a target repair plan for the vulnerability to be repaired;
数据推送模块506,用于将目标修复方案推送至对应的终端,以接收终端根据目标修复方案发送的漏洞修复指令和修复包;及The data push module 506 is used to push the target repair plan to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair plan; and
漏洞修复模块508,用于根据漏洞修复指令获取预设的漏洞修复插件,通过漏洞修复插件根据修复包对待修复漏洞进行修复。The vulnerability repair module 508 is used to obtain preset vulnerability repair plugins according to the vulnerability repair instructions, and repair the vulnerabilities to be repaired according to the repair package through the vulnerability repair plugins.
在其中一个实施例中,模块列表数据包括多个业务模块的运行状态信息,漏洞扫描模块502还用于对多个业务模块的运行状态信息进行遍历,将运行状态信息与漏洞特征码进行匹配;当检测到存在与漏洞特征码相匹配的运行状态信息时,获取与运行状态信息相对应的漏洞特征码;对存在漏洞特征码的待修复漏洞进行定位,获取待修复漏洞对应的位置标识;及根据漏洞特征码和位置标识生成对应的扫描结果。In one of the embodiments, the module list data includes operating status information of multiple business modules, and the vulnerability scanning module 502 is also used to traverse the operating status information of multiple business modules and match the operating status information with the vulnerability signature; When detecting the existence of operating status information matching the vulnerability signature, obtain the vulnerability signature corresponding to the operating status information; locate the vulnerability to be repaired with the vulnerability signature, and obtain the location identifier corresponding to the vulnerability to be repaired; and Generate corresponding scan results according to the vulnerability signature and location identification.
在其中一个实施例中,该装置还包括模型构建模块,用于获取多个样本漏洞数据,样本漏洞数据包括已标注的漏洞数据;对样本漏洞数据进行特征提取,提取出对应的特征变量;对特征变量进行聚类分析,得到多次聚类后的多个聚类结果;根据聚类结果提取达到预设阈值多个特征变量和对应的属性信息;及根据多个特征变量和对应的属性信息利用神经网络模型构建漏洞修复分析模型。In one of the embodiments, the device further includes a model building module for obtaining a plurality of sample vulnerability data, the sample vulnerability data includes the marked vulnerability data; feature extraction is performed on the sample vulnerability data, and the corresponding feature variable is extracted; Perform cluster analysis of feature variables to obtain multiple clustering results after multiple clustering; extract multiple feature variables and corresponding attribute information that reach a preset threshold according to the clustering results; and according to multiple feature variables and corresponding attribute information Use the neural network model to build a vulnerability repair analysis model.
在其中一个实施例中,漏洞分析模块504还用于通过漏洞修复分析模型对待修复漏洞对应的运行状态信息进行分析,得到待修复漏洞的漏洞特征;根据漏洞特征对漏洞修复分析模型中的多个决策节点进行遍历;及当遍历至目标决策节点时,根据目标决策节点获取所述待修复漏洞对应的目标修复方案。In one of the embodiments, the vulnerability analysis module 504 is also used to analyze the operating status information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model to obtain the vulnerability characteristics of the vulnerability to be repaired; according to the vulnerability characteristics, multiple vulnerability repair analysis models The decision node is traversed; and when the target decision node is traversed, the target repair plan corresponding to the vulnerability to be repaired is obtained according to the target decision node.
在其中一个实施例中,漏洞修复模块508还用于通过漏洞修复插件对修复包进行解析,得到修复包中的修复脚本代码和函数接口;获取待修复漏洞对应的代码标识,根据代码标识获取函数调用接口;将待修复漏洞对应的权重置为零,将待修复漏洞的函数调用接口修改为修复包的函数接口;及将修复脚本代码存储至本地待修复漏洞对应的位置,并删除待修复漏洞的原始脚本代码。In one of the embodiments, the vulnerability repair module 508 is also used to parse the repair package through the vulnerability repair plug-in to obtain the repair script code and function interface in the repair package; obtain the code identifier corresponding to the vulnerability to be repaired, and obtain the function according to the code identifier Call interface; reset the right corresponding to the vulnerability to be repaired to zero, modify the function call interface of the vulnerability to be repaired to the function interface of the repair package; and store the repair script code to the location corresponding to the local vulnerability to be repaired, and delete the vulnerability to be repaired The original script code of the vulnerability.
在其中一个实施例中,该装置还包括漏洞修复检测模块,用于当待修复漏洞修复失败时,获取对应的修复过程信息;获取预设的漏洞修复检测模型,通过漏洞修复检测模型对修复过程信息进行检测分析,得到分析结果;及将分析结果推送至终端,使得运维人员通过终端对修复包进行调整。In one of the embodiments, the device further includes a vulnerability repair detection module, which is used to obtain corresponding repair process information when the vulnerability to be repaired fails to be repaired; obtain a preset vulnerability repair detection model, and use the vulnerability repair detection model to check the repair process Information is detected and analyzed to obtain analysis results; and the analysis results are pushed to the terminal, so that the operation and maintenance personnel can adjust the repair package through the terminal.
关于业务系统漏洞处理装置的具体限定可以参见上文中对于业务系统漏洞处理方法的限定,在此不再赘述。上述业务系统漏洞处理装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitation of the business system vulnerability processing device, please refer to the above limitation on the business system vulnerability processing method, which will not be repeated here. Each module in the above-mentioned business system vulnerability processing device can be implemented in whole or in part by software, hardware, and combinations thereof. The foregoing modules may be embedded in the form of hardware or independent of the processor in the computer device, or may be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to the foregoing modules.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图6所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机可读指令和数据库。该内存储器为非易失性存储介质中的操作系统和计算机可读指令的运行提供环境。该计算机设备的数据库用于存储漏模块列表数据、运行状态信息、洞扫描插件以及漏洞修复插件等数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机可读指令被处理器执行时以实现本申请任意一个实施例中提供的业务系统漏洞处理方法的步骤。In one embodiment, a computer device is provided. The computer device may be a server, and its internal structure diagram may be as shown in FIG. 6. The computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer readable instructions, and a database. The internal memory provides an environment for the operation of the operating system and computer-readable instructions in the non-volatile storage medium. The database of the computer equipment is used to store data such as missing module list data, operating status information, hole scanning plug-ins, and vulnerability repair plug-ins. The network interface of the computer device is used to communicate with an external terminal through a network connection. When the computer-readable instructions are executed by the processor, the steps of the business system vulnerability processing method provided in any embodiment of the present application are implemented.
本领域技术人员可以理解,图6中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structure shown in FIG. 6 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied. The specific computer device may Including more or fewer parts than shown in the figure, or combining some parts, or having a different arrangement of parts.
一种计算机设备,包括存储器和一个或多个处理器,存储器中存储有计算机可读指令,计算机可读指令被处理器执行时实现本申请任意一个实施例中提供的业务系统漏洞处理方法的步骤。A computer device, including a memory and one or more processors, in which computer-readable instructions are stored, and when the computer-readable instructions are executed by the processor, the steps of the business system vulnerability processing method provided in any one of the embodiments of the present application are implemented .
一个或多个存储有计算机可读指令的非易失性存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器实现本申请任意一个实施例中提供的业务系统漏洞处理方法的步骤。One or more non-volatile storage media storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, the one or more processors implement the services provided in any embodiment of the present application Steps of system vulnerability processing method.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一非易失性计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through computer-readable instructions, which can be stored in a non-volatile computer. In a readable storage medium, when the computer-readable instructions are executed, they may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. In order to make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction between the combinations of these technical features, they should It is considered as the range described in this specification.
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only express several implementation manners of the present application, and the description is relatively specific and detailed, but it should not be understood as a limitation on the scope of the invention patent. It should be pointed out that for those of ordinary skill in the art, without departing from the concept of this application, several modifications and improvements can be made, and these all fall within the protection scope of this application. Therefore, the scope of protection of the patent of this application shall be subject to the appended claims.

Claims (20)

  1. 一种业务系统漏洞处理方法,所述方法包括:A method for processing loopholes in a business system, the method comprising:
    根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
    获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描结果;Acquiring module list data of the business system, scanning the module list data through the vulnerability scanning plug-in, and performing matching analysis on the module list data and the vulnerability feature code to obtain a scanning result;
    当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;When there are vulnerabilities to be repaired in the scanning result, obtain a vulnerability repair analysis model, and analyze the scanning result through the vulnerability analysis model to obtain a target repair plan for the vulnerability to be repaired;
    将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送的漏洞修复指令和修复包;及Push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
    根据所述漏洞修复指令获取漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。A vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
  2. 根据权利要求1所述的方法,其特征在于,所述模块列表数据包括多个业务模块的运行状态信息,所述通过所述漏洞扫描插件对所述模块列表数据进行扫描的步骤包括:The method according to claim 1, wherein the module list data includes operating status information of multiple business modules, and the step of scanning the module list data through the vulnerability scanning plug-in comprises:
    对多个业务模块的运行状态信息进行遍历,将所述运行状态信息与所述漏洞特征码进行匹配;Traverse the operating status information of multiple service modules, and match the operating status information with the vulnerability feature code;
    当检测到存在与所述漏洞特征码相匹配的运行状态信息时,获取与所述运行状态信息相对应的漏洞特征码;When it is detected that there is running status information matching the vulnerability signature, acquiring the vulnerability signature corresponding to the running status information;
    对存在所述漏洞特征码的待修复漏洞进行定位,获取所述待修复漏洞对应的位置标识;及Locate the vulnerability to be repaired with the vulnerability feature code, and obtain the location identifier corresponding to the vulnerability to be repaired; and
    根据所述漏洞特征码和位置标识生成对应的扫描结果。A corresponding scan result is generated according to the vulnerability feature code and the location identifier.
  3. 根据权利要求1所述的方法,其特征在于,所述获取漏洞修复分析模型之前,还包括:The method according to claim 1, wherein before said obtaining the vulnerability repair analysis model, it further comprises:
    获取多个样本漏洞数据,所述样本漏洞数据包括已标注的漏洞数据;Acquiring multiple sample vulnerability data, where the sample vulnerability data includes the marked vulnerability data;
    对所述样本漏洞数据进行特征提取,提取出对应的特征变量;Perform feature extraction on the sample vulnerability data, and extract corresponding feature variables;
    对所述特征变量进行聚类分析,得到多次聚类后的多个聚类结果;Performing cluster analysis on the characteristic variables to obtain multiple clustering results after multiple clustering;
    根据聚类结果提取达到预设阈值多个特征变量和对应的属性信息;及Extract multiple feature variables and corresponding attribute information that reach a preset threshold according to the clustering results; and
    根据所述多个特征变量和对应的属性信息利用神经网络模型构建漏洞修复分析模型。The neural network model is used to construct a vulnerability repair analysis model according to the multiple feature variables and corresponding attribute information.
  4. 根据权利要求1所述的方法,其特征在于,所述通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案的步骤包括:The method according to claim 1, wherein the step of analyzing the scanning result through the vulnerability analysis model to obtain the target repair plan of the vulnerability to be repaired comprises:
    通过所述漏洞修复分析模型对待修复漏洞对应的运行状态信息进行分析,得到所述待修复漏洞的漏洞特征;Analyze the operating state information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model to obtain the vulnerability characteristics of the vulnerability to be repaired;
    根据所述漏洞特征对所述漏洞修复分析模型中的多个决策节点进行遍历;及Traverse multiple decision nodes in the vulnerability repair analysis model according to the vulnerability characteristics; and
    当遍历至目标决策节点时,根据所述目标决策节点获取所述待修复漏洞对应的目标修复方案。When traversing to the target decision node, obtain the target repair plan corresponding to the vulnerability to be repaired according to the target decision node.
  5. 根据权利要求1至4任意一项所述的方法,其特征在于,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复的步骤包括:The method according to any one of claims 1 to 4, wherein the step of repairing the vulnerability to be repaired according to the repair package by the vulnerability repair plug-in comprises:
    通过所述漏洞修复插件对所述修复包进行解析,得到所述修复包中的修复脚本代码和函数接口;Parse the repair package through the vulnerability repair plug-in to obtain the repair script code and function interface in the repair package;
    获取所述待修复漏洞对应的代码标识,根据所述代码标识获取函数调用接口;Obtain the code identifier corresponding to the vulnerability to be fixed, and obtain the function call interface according to the code identifier;
    将待修复漏洞对应的权重置为零,将所述待修复漏洞的函数调用接口修改为所述修复包的函数接口;及Reset the right corresponding to the vulnerability to be repaired to zero, and modify the function call interface of the vulnerability to be repaired to the function interface of the repair package; and
    将所述修复脚本代码存储至本地待修复漏洞对应的位置,并删除所述待修复漏洞的原始脚本代码。Store the repair script code in a local location corresponding to the vulnerability to be repaired, and delete the original script code of the vulnerability to be repaired.
  6. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1, wherein the method further comprises:
    当所述待修复漏洞修复失败时,获取对应的修复过程信息;When the repair of the vulnerability to be repaired fails, obtain the corresponding repair process information;
    获取漏洞修复检测模型,通过所述漏洞修复检测模型对所述修复过程信息进行检测分析,得到分析结果;及Obtain a vulnerability repair detection model, detect and analyze the repair process information through the vulnerability repair detection model, and obtain an analysis result; and
    将所述分析结果推送至所述终端,使得运维人员通过所述终端对所述修复包进行调整。The analysis result is pushed to the terminal, so that the operation and maintenance personnel can adjust the repair package through the terminal.
  7. 一种业务系统漏洞处理装置,所述装置包括:A device for processing loopholes in a business system, the device comprising:
    漏洞扫描模块,用于根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描结果;The vulnerability scanning module is used to obtain the vulnerability scanning plug-in according to the vulnerability scanning instruction sent by the terminal. The vulnerability scanning plug-in includes vulnerability feature codes of multiple vulnerability types; to obtain the module list data of the business system, and the vulnerability scanning plug-in Scan the module list data, and perform matching analysis on the module list data and the vulnerability signature to obtain the scanning result;
    漏洞分析模块,用于当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;The vulnerability analysis module is used to obtain a vulnerability repair analysis model when there is a vulnerability to be repaired in the scan result, analyze the scan result through the vulnerability analysis model, and obtain a target repair plan for the vulnerability to be repaired;
    数据推送模块,用于将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送漏洞修复指令和修复包;及The data push module is used to push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
    漏洞修复模块,用于根据所述漏洞修复指令获取预设的漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。The vulnerability repair module is used to obtain a preset vulnerability repair plug-in according to the vulnerability repair instruction, and repair the vulnerability to be repaired according to the repair package through the vulnerability repair plug-in.
  8. 根据权利要求7所述的装置,其特征在于,所述模块列表数据包括多个业务模块的运行状态信息,所述漏洞扫描模块还用于对多个业务模块的运行状态信息进行遍历,将所述运行状态信息与所述漏洞特征码进行匹配;当检测到存在与所述漏洞特征码相匹配的运行状态信息时,获取与所述运行状态信息相对应的漏洞特征码;对存在所述漏洞特征码的待修复漏洞进行定位,获取所述待修复漏洞对应的位置标识;及根据所述漏洞特征码和位置标识生成对应的扫描结果。7. The device according to claim 7, wherein the module list data includes operation status information of multiple business modules, and the vulnerability scanning module is also used to traverse the operation status information of multiple business modules, and The operation status information is matched with the vulnerability signature; when the operation status information matching the vulnerability signature is detected, the vulnerability signature corresponding to the operation status information is obtained; if the vulnerability exists The vulnerability to be repaired of the signature is located, the location identifier corresponding to the vulnerability to be repaired is obtained; and the corresponding scan result is generated according to the vulnerability signature and the location identifier.
  9. 根据权利要求7所述的装置,其特征在于,所述漏洞分析模块还用于通过所述漏洞修复分析模型对待修复漏洞对应的运行状态信息进行分析,得到所述待修复漏洞的漏洞特征;根据所述漏洞特征对所述漏洞修复分析模型中的多个决策节点进行遍历;及当遍历至目标决策节点时,根据所述目标决策节点获取所述待修复漏洞对应的目标修复方案。The device according to claim 7, wherein the vulnerability analysis module is further configured to analyze the operating state information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model to obtain the vulnerability characteristics of the vulnerability to be repaired; The vulnerability feature traverses multiple decision nodes in the vulnerability repair analysis model; and when traversing to a target decision node, obtains a target repair plan corresponding to the vulnerability to be repaired according to the target decision node.
  10. 根据权利要求7所述的装置,其特征在于,所述漏洞修复模块还用于通过所述漏洞修复插件对所述修复包进行解析,得到所述修复包中的修复脚本代码和函数接口;获取所述待修复漏洞对应的代码标识,根据所述代码标识获取函数调用接口;将待修复漏洞对应的权重置为零,将所述待修复漏洞的函数调用接口修改为所述修复包的函数接口;及将所述修复脚本代码存储至本地待 修复漏洞对应的位置,并删除所述待修复漏洞的原始脚本代码。8. The device according to claim 7, wherein the vulnerability repair module is further configured to parse the repair package through the vulnerability repair plug-in to obtain the repair script code and function interface in the repair package; The code identifier corresponding to the vulnerability to be repaired obtains a function call interface according to the code identifier; the right corresponding to the vulnerability to be repaired is reset to zero, and the function call interface of the vulnerability to be repaired is modified to the function of the repair package Interface; and store the repair script code to a location corresponding to the local vulnerability to be repaired, and delete the original script code of the vulnerability to be repaired.
  11. 一种计算机设备,包括存储器及一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:A computer device includes a memory and one or more processors. The memory stores computer-readable instructions. When the computer-readable instructions are executed by the one or more processors, the one or more Each processor performs the following steps:
    根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
    获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描结果;Acquiring module list data of the business system, scanning the module list data through the vulnerability scanning plug-in, and performing matching analysis on the module list data and the vulnerability feature code to obtain a scanning result;
    当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;When there are vulnerabilities to be repaired in the scanning result, obtain a vulnerability repair analysis model, and analyze the scanning result through the vulnerability analysis model to obtain a target repair plan for the vulnerability to be repaired;
    将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送的漏洞修复指令和修复包;及Push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
    根据所述漏洞修复指令获取漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。A vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
  12. 根据权利要求11所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤:对多个业务模块的运行状态信息进行遍历,将所述运行状态信息与所述漏洞特征码进行匹配;当检测到存在与所述漏洞特征码相匹配的运行状态信息时,获取与所述运行状态信息相对应的漏洞特征码;对存在所述漏洞特征码的待修复漏洞进行定位,获取所述待修复漏洞对应的位置标识;及根据所述漏洞特征码和位置标识生成对应的扫描结果。The computer device according to claim 11, wherein the processor further executes the following steps when executing the computer-readable instructions: traversing the operating status information of multiple service modules, and combining the operating status information with The vulnerability feature code is matched; when it is detected that there is running status information matching the vulnerability feature code, the vulnerability feature code corresponding to the running status information is obtained; and the vulnerability feature code that has the vulnerability feature code to be repaired The vulnerability is located, the location identifier corresponding to the vulnerability to be repaired is obtained; and the corresponding scanning result is generated according to the vulnerability feature code and the location identifier.
  13. 根据权利要求11所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤:通过所述漏洞修复分析模型对待修复漏洞对应的运行状态信息进行分析,得到所述待修复漏洞的漏洞特征;根据所述漏洞特征对所述漏洞修复分析模型中的多个决策节点进行遍历;及当遍历至目标决策节点时,根据所述目标决策节点获取所述待修复漏洞对应的目标修复方案。The computer device according to claim 11, wherein the processor further executes the following steps when executing the computer-readable instructions: analyzing the operating state information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model to obtain The vulnerability feature of the vulnerability to be repaired; traverse multiple decision nodes in the vulnerability repair analysis model according to the vulnerability feature; and when traversing to the target decision node, obtain the to be repaired according to the target decision node The target repair plan corresponding to the vulnerability.
  14. 根据权利要求11所述的计算机设备,其特征在于,所述处理器执行所 述计算机可读指令时还执行以下步骤:通过所述漏洞修复插件对所述修复包进行解析,得到所述修复包中的修复脚本代码和函数接口;获取所述待修复漏洞对应的代码标识,根据所述代码标识获取函数调用接口;将待修复漏洞对应的权重置为零,将所述待修复漏洞的函数调用接口修改为所述修复包的函数接口;及将所述修复脚本代码存储至本地待修复漏洞对应的位置,并删除所述待修复漏洞的原始脚本代码。The computer device according to claim 11, wherein the processor further executes the following step when executing the computer-readable instructions: analyzing the repair package through the vulnerability repair plug-in to obtain the repair package The repair script code and function interface in the vulnerabilities; obtain the code identifier corresponding to the vulnerability to be repaired, and obtain the function call interface according to the code identifier; reset the weight corresponding to the vulnerability to be repaired to zero, and reset the function of the vulnerability to be repaired The calling interface is modified to the functional interface of the repair package; and the repair script code is stored in a local location corresponding to the vulnerability to be repaired, and the original script code of the vulnerability to be repaired is deleted.
  15. 根据权利要求11所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤:当所述待修复漏洞修复失败时,获取对应的修复过程信息;获取漏洞修复检测模型,通过所述漏洞修复检测模型对所述修复过程信息进行检测分析,得到分析结果;及将所述分析结果推送至所述终端,使得运维人员通过所述终端对所述修复包进行调整。The computer device according to claim 11, wherein the processor further executes the following steps when executing the computer-readable instructions: when the repair of the vulnerability to be repaired fails, obtain the corresponding repair process information; obtain the vulnerability A repair detection model, which detects and analyzes the repair process information through the vulnerability repair detection model, and obtains an analysis result; and pushes the analysis result to the terminal, so that the operation and maintenance personnel can check the repair package through the terminal Make adjustments.
  16. 一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:One or more non-volatile computer-readable storage media storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, the one or more processors perform the following steps:
    根据终端发送的漏洞扫描指令获取漏洞扫描插件,所述漏洞扫描插件包括多个漏洞类型的漏洞特征码;Acquiring a vulnerability scanning plug-in according to a vulnerability scanning instruction sent by the terminal, the vulnerability scanning plug-in including vulnerability signature codes of multiple vulnerability types;
    获取业务系统的模块列表数据,通过所述漏洞扫描插件对所述模块列表数据进行扫描,将所述模块列表数据与所述漏洞特征码进行匹配分析,得到扫描结果;Acquiring module list data of the business system, scanning the module list data through the vulnerability scanning plug-in, and performing matching analysis on the module list data and the vulnerability feature code to obtain a scanning result;
    当所述扫描结果中存在待修复漏洞时,获取漏洞修复分析模型,通过所述漏洞分析模型对所述扫描结果进行分析,得到所述待修复漏洞的目标修复方案;When there are vulnerabilities to be repaired in the scanning result, obtain a vulnerability repair analysis model, and analyze the scanning result through the vulnerability analysis model to obtain a target repair plan for the vulnerability to be repaired;
    将所述目标修复方案推送至对应的终端,以接收所述终端根据所述目标修复方案发送的漏洞修复指令和修复包;及Push the target repair solution to the corresponding terminal to receive the vulnerability repair instruction and repair package sent by the terminal according to the target repair solution; and
    根据所述漏洞修复指令获取漏洞修复插件,通过所述漏洞修复插件根据所述修复包对所述待修复漏洞进行修复。A vulnerability repair plug-in is obtained according to the vulnerability repair instruction, and the vulnerability to be repaired is repaired by the vulnerability repair plug-in according to the repair package.
  17. 根据权利要求16所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:对多个业务模块的运行状态信息进行遍历,将所述运行状态信息与所述漏洞特征码进行匹配;当检测到存在与所述漏 洞特征码相匹配的运行状态信息时,获取与所述运行状态信息相对应的漏洞特征码;对存在所述漏洞特征码的待修复漏洞进行定位,获取所述待修复漏洞对应的位置标识;及根据所述漏洞特征码和位置标识生成对应的扫描结果。The storage medium according to claim 16, wherein when the computer-readable instructions are executed by the processor, the following steps are further executed: traversing the operating status information of multiple service modules, and converting the operating status information Match with the vulnerability signature; when it is detected that there is running status information matching the vulnerability signature, obtain the vulnerability signature corresponding to the running status information; for waiting for the existence of the vulnerability signature Repair the vulnerability to locate, obtain the location identifier corresponding to the vulnerability to be repaired; and generate the corresponding scanning result according to the vulnerability feature code and the location identifier.
  18. 根据权利要求16所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:通过所述漏洞修复分析模型对待修复漏洞对应的运行状态信息进行分析,得到所述待修复漏洞的漏洞特征;根据所述漏洞特征对所述漏洞修复分析模型中的多个决策节点进行遍历;及当遍历至目标决策节点时,根据所述目标决策节点获取所述待修复漏洞对应的目标修复方案。The storage medium according to claim 16, wherein when the computer-readable instructions are executed by the processor, the following steps are further executed: analyzing the operating state information corresponding to the vulnerability to be repaired through the vulnerability repair analysis model, Obtain the vulnerability characteristics of the vulnerability to be repaired; traverse multiple decision nodes in the vulnerability repair analysis model according to the vulnerability characteristics; and when traversing to the target decision node, obtain the pending vulnerability according to the target decision node Fix the target repair plan corresponding to the vulnerability.
  19. 根据权利要求16所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:通过所述漏洞修复插件对所述修复包进行解析,得到所述修复包中的修复脚本代码和函数接口;获取所述待修复漏洞对应的代码标识,根据所述代码标识获取函数调用接口;将待修复漏洞对应的权重置为零,将所述待修复漏洞的函数调用接口修改为所述修复包的函数接口;及将所述修复脚本代码存储至本地待修复漏洞对应的位置,并删除所述待修复漏洞的原始脚本代码。The storage medium according to claim 16, wherein when the computer-readable instructions are executed by the processor, the following step is further executed: the repair package is parsed by the vulnerability repair plug-in to obtain the repair The repair script code and function interface in the package; obtain the code identifier corresponding to the vulnerability to be repaired, and obtain the function call interface according to the code identifier; reset the right corresponding to the vulnerability to be repaired to zero, and reset the vulnerability to be repaired The function call interface is modified to the function interface of the repair package; and the repair script code is stored in a local location corresponding to the vulnerability to be repaired, and the original script code of the vulnerability to be repaired is deleted.
  20. 根据权利要求16所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:当所述待修复漏洞修复失败时,获取对应的修复过程信息;获取漏洞修复检测模型,通过所述漏洞修复检测模型对所述修复过程信息进行检测分析,得到分析结果;及将所述分析结果推送至所述终端,使得运维人员通过所述终端对所述修复包进行调整。The storage medium according to claim 16, wherein when the computer-readable instructions are executed by the processor, the following steps are further performed: when the repair of the vulnerability to be repaired fails, obtaining corresponding repair process information; A vulnerability repair detection model, which detects and analyzes the repair process information through the vulnerability repair detection model to obtain an analysis result; and pushes the analysis result to the terminal, so that the operation and maintenance personnel can repair the repair through the terminal The package is adjusted.
PCT/CN2019/122898 2019-07-05 2019-12-04 Service system vulnerability processing method and apparatus, computer device, and storage medium WO2021003982A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910603458.9A CN110460571B (en) 2019-07-05 2019-07-05 Business system vulnerability processing method and device, computer equipment and storage medium
CN201910603458.9 2019-07-05

Publications (1)

Publication Number Publication Date
WO2021003982A1 true WO2021003982A1 (en) 2021-01-14

Family

ID=68482264

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/122898 WO2021003982A1 (en) 2019-07-05 2019-12-04 Service system vulnerability processing method and apparatus, computer device, and storage medium

Country Status (2)

Country Link
CN (1) CN110460571B (en)
WO (1) WO2021003982A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113031964A (en) * 2021-03-25 2021-06-25 恒安嘉新(北京)科技股份公司 Management method, device, equipment and storage medium for big data application
CN113672300A (en) * 2021-08-17 2021-11-19 绿盟科技集团股份有限公司 Plug-in scheduling method and device and storage medium
CN113742629A (en) * 2021-09-14 2021-12-03 杭州安恒信息技术股份有限公司 Daily information security check method and device for internet data center
CN114006761A (en) * 2021-11-01 2022-02-01 北京顶象技术有限公司 Vulnerability detection communication method and device and electronic equipment
CN114143110A (en) * 2021-12-08 2022-03-04 湖北天融信网络安全技术有限公司 Vulnerability processing method, device and system of mimicry equipment
CN114422253A (en) * 2022-01-21 2022-04-29 北京知道创宇信息技术股份有限公司 Distributed vulnerability scanning system, method and storage medium
CN114564523A (en) * 2022-03-09 2022-05-31 大庆市诚龙达科技有限公司 Big data vulnerability analysis method and cloud AI system for intelligent virtual scene
CN114692153A (en) * 2022-04-11 2022-07-01 北京中睿天下信息技术有限公司 Malicious code detection method, equipment and storage medium based on JAVA program
CN115314234A (en) * 2022-02-17 2022-11-08 深圳市捷力通信息技术有限公司 Router security configuration automatic repair monitoring method and system
CN115361240A (en) * 2022-10-21 2022-11-18 北京星阑科技有限公司 Vulnerability determination method and device, computer equipment and storage medium
CN115795488A (en) * 2023-02-08 2023-03-14 深圳开源互联网安全技术有限公司 Code detection system and code detection method
CN117235744A (en) * 2023-11-14 2023-12-15 中关村科学城城市大脑股份有限公司 Source file online method, device, electronic equipment and computer readable medium
CN117290851A (en) * 2023-09-21 2023-12-26 广州市动易网络科技有限公司 Vulnerability identification-based reading security enhancement method and system
CN117742897A (en) * 2024-02-20 2024-03-22 国网四川省电力公司信息通信公司 Method for realizing automatic repair of vulnerability based on container mirror image

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110460571B (en) * 2019-07-05 2022-11-04 深圳壹账通智能科技有限公司 Business system vulnerability processing method and device, computer equipment and storage medium
CN111193727A (en) * 2019-12-23 2020-05-22 成都烽创科技有限公司 Operation monitoring system and operation monitoring method
CN111343188A (en) * 2020-03-05 2020-06-26 深信服科技股份有限公司 Vulnerability searching method, device, equipment and storage medium
CN111538994A (en) * 2020-04-20 2020-08-14 中科三清科技有限公司 System security detection and repair method, device, storage medium and terminal
CN111625272A (en) * 2020-06-08 2020-09-04 成都信息工程大学 Automatic source code auditing and developing method
CN112003821B (en) * 2020-07-14 2022-09-09 烽火通信科技股份有限公司 Cloud platform security management method and system and security management server
CN112149128B (en) * 2020-08-21 2024-04-09 杭州安恒信息技术股份有限公司 Vulnerability processing method, device, electronic device and medium of custom process
CN112615848B (en) * 2020-12-14 2023-03-14 北京达佳互联信息技术有限公司 Vulnerability repair state detection method and system
CN113704751B (en) * 2021-08-31 2022-03-29 山东中关创业信息科技股份有限公司 Vulnerability repairing method based on artificial intelligence decision and big data mining system
CN115080977B (en) * 2022-05-06 2023-06-30 北京结慧科技有限公司 Security vulnerability defending method, system, computer equipment and storage medium
CN114996716A (en) * 2022-06-15 2022-09-02 中国电信股份有限公司 Vulnerability processing method and device based on plug-in, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103955647A (en) * 2014-05-12 2014-07-30 国家电网公司 System bug scanning method
WO2017166446A1 (en) * 2016-03-30 2017-10-05 百度在线网络技术(北京)有限公司 Vulnerability-fixing method and device
CN109067789A (en) * 2018-09-25 2018-12-21 郑州云海信息技术有限公司 Web vulnerability scanning method, system based on linux system
CN109871696A (en) * 2018-12-29 2019-06-11 重庆城市管理职业学院 A kind of automatic collection and vulnerability scanning system and method, computer of vulnerability information
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656924A (en) * 2015-10-30 2017-05-10 北京神州泰岳软件股份有限公司 Method and device for processing security vulnerabilities of device
CN106230837A (en) * 2016-08-04 2016-12-14 湖南傻蛋科技有限公司 A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device
CN108400957A (en) * 2017-02-07 2018-08-14 蓝盾信息安全技术有限公司 A method of the intelligence confrontation Web vulnerability scannings based on detecting system simultaneously realize selfreparing
US20180262457A1 (en) * 2017-03-09 2018-09-13 Microsoft Technology Licensing, Llc Self-debugging of electronic message bugs
CN108512859A (en) * 2018-04-16 2018-09-07 贵州大学 A kind of Web applications safety loophole mining method and device
CN109766697A (en) * 2018-12-29 2019-05-17 武汉烽火技术服务有限公司 Vulnerability scanning method, storage medium, equipment and system applied to linux system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103955647A (en) * 2014-05-12 2014-07-30 国家电网公司 System bug scanning method
WO2017166446A1 (en) * 2016-03-30 2017-10-05 百度在线网络技术(北京)有限公司 Vulnerability-fixing method and device
CN109067789A (en) * 2018-09-25 2018-12-21 郑州云海信息技术有限公司 Web vulnerability scanning method, system based on linux system
CN109871696A (en) * 2018-12-29 2019-06-11 重庆城市管理职业学院 A kind of automatic collection and vulnerability scanning system and method, computer of vulnerability information
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113031964A (en) * 2021-03-25 2021-06-25 恒安嘉新(北京)科技股份公司 Management method, device, equipment and storage medium for big data application
CN113031964B (en) * 2021-03-25 2023-12-26 恒安嘉新(北京)科技股份公司 Big data application management method, device, equipment and storage medium
CN113672300A (en) * 2021-08-17 2021-11-19 绿盟科技集团股份有限公司 Plug-in scheduling method and device and storage medium
CN113672300B (en) * 2021-08-17 2023-12-26 绿盟科技集团股份有限公司 Plug-in scheduling method, device and storage medium
CN113742629A (en) * 2021-09-14 2021-12-03 杭州安恒信息技术股份有限公司 Daily information security check method and device for internet data center
CN114006761A (en) * 2021-11-01 2022-02-01 北京顶象技术有限公司 Vulnerability detection communication method and device and electronic equipment
CN114143110A (en) * 2021-12-08 2022-03-04 湖北天融信网络安全技术有限公司 Vulnerability processing method, device and system of mimicry equipment
CN114143110B (en) * 2021-12-08 2024-04-26 湖北天融信网络安全技术有限公司 Vulnerability processing method, device and system of mimicry equipment
CN114422253B (en) * 2022-01-21 2023-11-28 北京知道创宇信息技术股份有限公司 Distributed vulnerability scanning system, method and storage medium
CN114422253A (en) * 2022-01-21 2022-04-29 北京知道创宇信息技术股份有限公司 Distributed vulnerability scanning system, method and storage medium
CN115314234A (en) * 2022-02-17 2022-11-08 深圳市捷力通信息技术有限公司 Router security configuration automatic repair monitoring method and system
CN115314234B (en) * 2022-02-17 2024-05-14 深圳海昽科技有限公司 Automatic repair monitoring method and system for router security configuration
CN114564523B (en) * 2022-03-09 2022-10-14 元盛视光(湖北)生物科技有限公司 Big data vulnerability analysis method and cloud AI system for intelligent virtual scene
CN114564523A (en) * 2022-03-09 2022-05-31 大庆市诚龙达科技有限公司 Big data vulnerability analysis method and cloud AI system for intelligent virtual scene
CN114692153A (en) * 2022-04-11 2022-07-01 北京中睿天下信息技术有限公司 Malicious code detection method, equipment and storage medium based on JAVA program
CN114692153B (en) * 2022-04-11 2024-05-14 北京中睿天下信息技术有限公司 Malicious code detection method, device and storage medium based on JAVA program
CN115361240A (en) * 2022-10-21 2022-11-18 北京星阑科技有限公司 Vulnerability determination method and device, computer equipment and storage medium
CN115361240B (en) * 2022-10-21 2022-12-27 北京星阑科技有限公司 Vulnerability determination method and device, computer equipment and storage medium
CN115795488A (en) * 2023-02-08 2023-03-14 深圳开源互联网安全技术有限公司 Code detection system and code detection method
CN117290851B (en) * 2023-09-21 2024-02-20 广州市动易网络科技有限公司 Vulnerability identification-based reading security enhancement method and system
CN117290851A (en) * 2023-09-21 2023-12-26 广州市动易网络科技有限公司 Vulnerability identification-based reading security enhancement method and system
CN117235744B (en) * 2023-11-14 2024-02-02 中关村科学城城市大脑股份有限公司 Source file online method, device, electronic equipment and computer readable medium
CN117235744A (en) * 2023-11-14 2023-12-15 中关村科学城城市大脑股份有限公司 Source file online method, device, electronic equipment and computer readable medium
CN117742897A (en) * 2024-02-20 2024-03-22 国网四川省电力公司信息通信公司 Method for realizing automatic repair of vulnerability based on container mirror image
CN117742897B (en) * 2024-02-20 2024-04-26 国网四川省电力公司信息通信公司 Method for realizing automatic repair of vulnerability based on container mirror image

Also Published As

Publication number Publication date
CN110460571A (en) 2019-11-15
CN110460571B (en) 2022-11-04

Similar Documents

Publication Publication Date Title
WO2021003982A1 (en) Service system vulnerability processing method and apparatus, computer device, and storage medium
US8966633B2 (en) Method and device for multiple engine virus killing
US7596809B2 (en) System security approaches using multiple processing units
CN111835756B (en) APP privacy compliance detection method and device, computer equipment and storage medium
CN109495520B (en) Integrated network attack evidence obtaining and tracing method, system, equipment and storage medium
US11372974B2 (en) Rule-based system and method for detecting and identifying tampering in security analysis of source code
US11599645B2 (en) Systems and methods for predicting cybersecurity vulnerabilities
CN108268773B (en) Android application upgrade package local storage security detection method
US20180316696A1 (en) Analysis apparatus, analysis method, and analysis program
CN107977576A (en) A kind of host leakage location and method based on employing fingerprint
CN104038488A (en) System network safety protection method and device
CN116346397A (en) Network request abnormality detection method and device, equipment, medium and product thereof
CN114091031A (en) Class loading protection method and device based on white rule
Pandey et al. A framework for producing effective and efficient secure code through malware analysis
KR101625890B1 (en) Test automation system and test automation method for detecting change for signature of internet application traffic protocol
WO2023072002A1 (en) Security detection method and apparatus for open source component package
CN116680699A (en) Vulnerability priority ordering system, vulnerability priority ordering method, computer equipment and storage medium
CN114157439B (en) Vulnerability scanning method, computing device and recording medium
CN107229860A (en) The method and system of safety management desktop application in environment is concentrated
CN111695113A (en) Method and device for detecting installation compliance of terminal software and computer equipment
CN116319083B (en) Data transmission security detection method and system
CN117896186B (en) Vulnerability scanning method, system and storage medium based on log analysis
CN115208593B (en) Security monitoring method, terminal and computer readable storage medium
US11574049B2 (en) Security system and method for software to be input to a closed internal network
US11514162B1 (en) System and method for differential malware scanner

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19936601

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 13.05.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19936601

Country of ref document: EP

Kind code of ref document: A1