CN101695033A - Network fragility analyzing system based on privilege lift - Google Patents
Network fragility analyzing system based on privilege lift Download PDFInfo
- Publication number
- CN101695033A CN101695033A CN200910307680A CN200910307680A CN101695033A CN 101695033 A CN101695033 A CN 101695033A CN 200910307680 A CN200910307680 A CN 200910307680A CN 200910307680 A CN200910307680 A CN 200910307680A CN 101695033 A CN101695033 A CN 101695033A
- Authority
- CN
- China
- Prior art keywords
- information
- module
- network
- attack
- leak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A network fragility analyzing system based on privilege lift in the technical field of network safety is used to analyze the potential safety hazard of network systems from the prospective of whole integrity, and comprises a hole checking module, an attack information knowledge base, a network attack picture generating module and an attack picture visualization module, wherein the hole checking module is connected with the network attack picture generating module and is used to transfer hole information, network communication information and host machine information, the attack information knowledge base is connected with the network attack picture generating module and is used to transfer hole utilization information, and the network attack picture generating module is connected with the attack picture visualization module and is used to transfer the network attack pictures of the whole information system. The system helps managers to recognize the influence of hole combination on system safety and to realize the safety condition of the whole system.
Description
Technical field
What the present invention relates to is the system in a kind of network security technology field, specifically is a kind of network vulnerability analytical system based on privilege-escalation.
Background technology
Along with the continuous development of computer technology, the software that moves on it is complicated day by day, and the continuous enhancing of computer networking technology makes that also remote access is more and more frequent, and these all make the fragility of system occur in a large number.The network vulnerability that has its source in of network security problem has only the clearly tender spots of awareness network self, more the reasonable configuration resource, generate strategy, realize protection to network security.The analysis of network vulnerability has become the important topic of information security research field.
Find that by retrieval people such as Oleg Sheyner describe a kind of model checking method in detail in Automated Generation andAnalysis of Attack Graphs, be used for the analysis of small network security to domestic and foreign literature.It can judge whether dbjective state can reach, and arrives the path if can then provide.But the network attack map that generates exists a lot of redundancies and duplicate paths, and system state space is excessive, and state to be investigated is exponential increase, and it is all bigger to generate network attack map required memory space and time, can't apply on large scale network.In addition, Skybox Security company issued the network attack map Core Generator of a Skybox of being named as View in 2004, but it can only utilize the leak database of our company's exploitation, and is externally compatible bad.
Summary of the invention
The present invention is directed to the prior art above shortcomings, a kind of network vulnerability analytical system based on privilege-escalation is provided, be used for from the potential safety hazard of the whole angle analysis network system of the overall situation, promptly by the leak combination brings between same main frame or the different main frame in the attack graph identifying information system that generates safety problem.Information such as connectedness Network Based, leak, system configuration, the automatic generating network attack graph, promptly potential attack path is gathered in the network system, helps the keeper to discern the influence of leak combination to system safety, understands the safe condition of whole system.
The present invention is achieved by the following technical solutions, the present invention includes: Hole Detection module, attack information knowledge storehouse, network attack map generation module and attack graph visualization model, wherein: the Hole Detection module is connected with the network attack map generation module and transmits leak information, network-in-dialing information and host information, attack the information knowledge storehouse and be connected and transmit leak with the network attack map generation module and utilize information, network attack map generation module and attack graph visualization model are connected and export the network attack map of whole information system.
Described Hole Detection module comprises: the system customization module, the system testing module, data processing module and Socket communication module, wherein: the system customization module of server controls you links to each other with its Socket communication module and transmits the destination server of appointment, listening port information, the Socket communication module of server controls you is to its system customization module input connection state information, data processing module links to each other with the system customization module and transmits the leak information of discerning, the Socket communication module of server controls you links to each other with data processing module and transmits the leak numbering of discerning, the system customization module of customer's representative's detector end links to each other with the system testing module with its Socket communication module, difference transmit port information and leak parameter setting information, the system testing module links to each other with its Socket communication module and exports the leak coding, connect information such as operating state, the communication module of server controls you and customer's representative's detector end is responsible for the information transmission between client detection agency and the server end control desk.
Described system customization module provides the main frame scanning of assigned ip or IP section, the connectivity port is set, show that connection status and error reporting, result gather Presentation Function, detect the parameter that agent side system customization module is used to be provided with listening port, vulnerability scanning, as leak type, definition status.
Described system testing module is used to test the security breaches that exist on the particular system, by system testing, test result and OVAL definition (open weakness assessment definition) are compared, and then the security breaches that exist in definite system, by Socket communication information uploading is arrived the server end control desk then.After data processing, write in the background data base, for the network attack map generation module provides leak information, network-in-dialing information and host information.
Described system testing refers to: through system customization, test event listed in the OVAL defined file of detector according to the particular system correspondence is carried out test to system, and provides formative Hole Detection result.
Described OVAL definition is meant three kinds of information by the XML language description: OVAL vulnerability definitions (determining whether system exists specific system vulnerability), OVAL patch definition (determining whether system exists specific security patch), OVAL are obedient to (Compliance) definition (determining the configuration information of system).Its specific definition the information of state machine, can make system testing realize automation.
Described data processing module as database, supplies the detailed leak information of inquiry with the CVE vulnerability database, and with the leak information after html format and the tree structure demonstration processing.
Described communication module adopts Socket safety noose word multithreading to realize.
Described data processing is meant: according to the system testing result, inquiry CVE vulnerability database obtains detailed leak information.
The storage leak is attacked information in the described attack information knowledge storehouse, and this leak attack information comprises the consequence of utilizing precondition and causing thus of this leak.
The built-in attack graph generating algorithm that combines based on the right breadth First sweep forward of main frame authority and sweep backward in the described network attack map generation module, under the prerequisite of designated assailant's attribute and target of attack, attack information according to leak information, network-in-dialing information and the host information of Hole Detection module output and the leak of attacking in the information knowledge storehouse, utilize the attack graph association algorithm to obtain the network attack map of each network node and be stored in the background data base.
The attack graph visualization model is utilized each network node information of network attack map generation module output, and integrated visualized graphs instrument GraphViz generates whole network of network attack graph and carries out visual output.
The concrete job step of the network vulnerability analytical system based on privilege-escalation of the present invention is as follows:
The first step, carry out Hole Detection at particular system;
Second step, according to the Hole Detection result, utilize information in conjunction with the leak of attacking in the information knowledge storehouse, utilize attack graph association algorithm generation network attack map nodal information;
The 3rd step, visual attack graph.
Compared with prior art, the present invention utilize the attack graph association algorithm to obtain network attack map, and each network node information stores that will generate is in background data base according to the information in Hole Detection module output result and the attack information knowledge storehouse.Utilize visualized graphs instrument Graphviz again, with the network node information generation whole network attack graph of network attack map generation module output, visualization display is on system interface.The present invention adopts the database storage mode, and the method for utilizing forward direction and sweep backward to combine, at example shown in Figure 3, the generation time that attack graph spent was less than 1 second, the number of network node that generates is 7, and model checking method has only in network under the situation of 3 main frames, 4 weakness, and the time that generates attack graph just is 5 seconds, and the number of network node and the network state that generate are exponential increase.
The Back ground Information of the network vulnerability analytical system that the present invention proposes obtains the loophole detector that depends on based on OVAL, this detector does not need to start simulated strike, reach identification security breaches purpose by logic determines to the system configuration information of gathering, can not influence the normal use of objective network, not have destructiveness.Time complexity of the present invention is low: suppose that analyzed network has H main frame, the maximum number that the attack information in the attack information bank relates to P kind agreement and certain protocol-dependent attack information altogether is R.Occur M different new access ability in the generative process of network attack map, then an attack path comprises M attack at most as can be known, and promptly the search depth of analytic process is at most M.See that thus the time that analytic process consumed is at most M*H*P*R.
Description of drawings
Fig. 1 is system framework figure of the present invention.
Fig. 2 is the flow chart of network attack drawing generating method.
Fig. 3 is the example network environment map.
Fig. 4 is the attack graph example that the present invention generates.
Embodiment
Below embodiments of the invention are elaborated.Present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
As shown in Figure 1, present embodiment comprises: Hole Detection module, attack information knowledge storehouse, network attack map generation module and attack graph visualization model, wherein: the Hole Detection module is connected with the network attack map generation module and transmits leak information, network-in-dialing information and host information, attack the information knowledge storehouse and be connected and transmit leak with the network attack map generation module and utilize information, network attack map generation module and attack graph visualization model are connected and export the network attack map of whole information system.
Described Hole Detection module comprises: the system customization module, the system testing module, data processing module and Socket communication module, wherein: the system customization module of server controls you links to each other with its Socket communication module and transmits the destination server of appointment, listening port information, the Socket communication module of server controls you is to its system customization module input connection state information, data processing module links to each other with the system customization module and transmits the leak information of discerning, the Socket communication module of server controls you links to each other with data processing module and transmits the leak numbering of discerning, the system customization module of customer's representative's detector end links to each other with the system testing module with its Socket communication module, difference transmit port information and leak parameter setting information, the system testing module links to each other with its Socket communication module and exports the leak coding, connect information such as operating state, the communication module of server controls you and customer's representative's detector end is responsible for the information transmission between client detection agency and the server end control desk.
Described system customization module provides the main frame scanning of assigned ip or IP section, the connectivity port is set, show that connection status and error reporting, result gather Presentation Function, detect the parameter that agent side system customization module is used to be provided with listening port, vulnerability scanning, as leak type, definition status.
Described system testing module is used to test the security breaches that exist on the particular system, by system testing, test result and OVAL definition are compared, and then the security breaches that exist in definite system, by Socket communication information uploading is arrived the server end control desk then.After data processing, write in the background data base, for the network attack map generation module provides leak information, network-in-dialing information and host information.
Described system testing refers to: through system customization, test event listed in the OVAL defined file of detector according to the particular system correspondence is carried out test to system, and provide format Hole Detection result.Its test program of different system is far from each other, and for example the OVAL defined file of Redhat Linux 9-4.2 has defined 7 kinds of simple test: file_test, permission_test, inetlisteningservers_test, process_test, rpminfo_test, rpmversioncompare_test.
Described OVAL definition is meant three kinds of information by the XML language description: OVAL vulnerability definitions (determining whether system exists specific system vulnerability), OVAL patch definition (determining whether system exists specific security patch), OVAL are obedient to (Compliance) definition (determining the configuration information of system).Its specific definition the information of state machine, can make system testing realize automation.
Described data processing module as database, supplies the detailed leak information of inquiry with the CVE vulnerability database, and with the leak information after html format and the tree structure demonstration processing.
Described communication module adopts Socket safety noose word multithreading to realize.
Described data processing is meant: according to the system testing result, inquiry CVE vulnerability database obtains detailed leak information.
The storage leak is attacked information in the described attack information knowledge storehouse, and this leak attack information comprises the consequence of utilizing precondition and causing thus of this leak; Concrete structure is: { Exploit, SrcPriv, DstPriv, VulID, ConnID, RstPriv}.Wherein Exploit is for attacking title, SrcPriv, DstPriv, VulID and ConnID belong to the set of attack prerequisite, wherein SrcPriv represents the minimum access rights that the invador has on the attack plane, DstPriv represents the minimum access rights of invador on target machine, VulID utilizes the utilizable leak of information for this, ConnID represent to invade main frame and target machine the annexation that should satisfy.RstPriv belongs to the attack consequence, i.e. the authority that the invador increases newly on target machine after the success attack.
The built-in attack graph generating algorithm that combines based on the right breadth First sweep forward of main frame authority and sweep backward in the described network attack map generation module, under the prerequisite of designated assailant's attribute and target of attack, attack information according to leak information, network-in-dialing information and the host information of Hole Detection module output and the leak of attacking in the information knowledge storehouse, utilize the attack graph association algorithm to obtain the network attack map of each network node and be stored in the background data base, particular flow sheet as shown in Figure 2.
At first, utilize the sweep forward algorithm to seek attack path, the invador is provided with authority sequence Hostpriv_list on every attack path, whenever carry out once successful attack, will be by the authority of capturing main frame and on this main frame, obtaining with (host name, authority) expression, and join in the authority sequence in path, place.For example the invador at first captures main frame ip1, and obtains the user authority, launches a offensive once more from ip1 then, and success capture main frame ip2, obtain the root authority, then the authority sequence of invador on this path is Hostpriv_list={ (ip1, user) (ip2, root) }.Then, utilize the sweep backward algorithm to remove all again and do not reach the purpose network node, do not have the redundant network node to guarantee the attack graph that generates.The specific algorithm details is as follows:
1. initialization assailant information joins it in attack formation;
2. from attack formation, take out a host information and initiate main frame, judge whether to simplify according to the authority that has obtained thereon as current attack.Simultaneously, judge whether current search depth has reached maximum attack step number, algorithm finishes if reach then.
Simplify if 3. can carry out the path in previous step, then 2. repeated execution of steps otherwise sets up the main frame formation that links to each other with current main frame;
4. from the main frame formation, obtain a host information as the target of attack machine,, then change and go execution in step 2. if this main frame formation is empty; Utilize information table otherwise search, attempt starting to attack.Can not get a promotion if can not satisfy all preconditions or assailant's authority thereon of an attack, then repeat this step, otherwise, then continue to carry out if success attack and its authority get a promotion;
5. success attack writes the authority sequence in this path with the authority that obtains, and judges whether to reach target.If reach target, the attack information that directly will obtain writes database, otherwise the attack information that will obtain at first adds the attack formation, and then writes in the database, changes and goes execution in step 4..
When each attack on the attack path all depends on previous attack, we claim that this attack path is the attack path of a minimum, when attack is started successfully, judge that the assailant is a minimum attack path at each the bar attack path that has guaranteed generation that whether got a promotion by the authority on the attack main frame in the algorithm flow chart.Simultaneously, carry out BFS, guaranteed to find all attack paths from assailant's angle.Therefore, the algorithm among the present invention can generate all minimum attack paths.
Described attack graph visualization model utilizes visualized graphs instrument Graphviz to make up attack graph according to the attack graph network node information that the attack graph automatically-generating module provides.On the analysis foundation to existing attack graph method for expressing, in conjunction with assailant's greediness, the present invention proposes a kind of new network attack map method for expressing.The residing initial position of assailant is expressed as the initial network node, is minimum in all authorities on other main frames of assailant on the initial position.When the assailant utilizes the authority of starting once attack and improved oneself of certain leak in the current location success, the new ability that then will obtain is as a new network node, this network node is represented once successful attack, if the attack that can start fails to improve assailant's authority, then conclude this time to attack and get nowhere.
As shown in Figure 4, be the attack graph that a network attack map visualization model generates.Example is to generate under network environment situation as shown in Figure 3.For succinct consideration, this paper is not illustrated in these relevant informations in the attack graph, but represent that with the network node code name left side has shown that with tree structure the attack of each network node representative utilizes leak information, attacks and initiate the main frame and the machine etc. of being injured, and makes things convenient for user inquiring and understanding among the figure.
Present embodiment is easy to Project Realization, and utilizes the method that combines based on the right breadth First sweep forward of main frame authority and sweep backward, guarantees to generate minimum attack path.
Claims (6)
1. network vulnerability analytical system based on privilege-escalation, it is characterized in that, comprise: Hole Detection module, attack information knowledge storehouse, network attack map generation module and attack graph visualization model, wherein: the Hole Detection module is connected with the network attack map generation module and transmits leak information, network-in-dialing information and host information, attack the information knowledge storehouse and be connected and transmit leak with the network attack map generation module and utilize information, network attack map generation module and attack graph visualization model are connected and export the network attack map of whole information system.
2. the network vulnerability analytical system based on privilege-escalation according to claim 1, it is characterized in that, described Hole Detection module comprises: the system customization module, the system testing module, data processing module and Socket communication module, wherein: the system customization module of server controls you links to each other with its Socket communication module and transmits the destination server of appointment, listening port information, the Socket communication module of server controls you is to its system customization module input connection state information, data processing module links to each other with the system customization module and transmits the leak information of discerning, the Socket communication module of server controls you links to each other with data processing module and transmits the leak numbering of discerning, the system customization module of customer's representative's detector end links to each other with the system testing module with its Socket communication module, difference transmit port information and leak parameter setting information, the system testing module links to each other with its Socket communication module and exports the leak coding, connect information such as operating state, the communication module of server controls you and customer's representative's detector end is responsible for the information transmission between client detection agency and the server end control desk.
3. the network vulnerability analytical system based on privilege-escalation according to claim 1, it is characterized in that, described system customization module provides the main frame scanning of assigned ip or IP section, the connectivity port is set, show that connection status and error reporting, result gather Presentation Function, detect leak type, definition status parameter that agent side system customization module is used to be provided with listening port, vulnerability scanning.
4. the network vulnerability analytical system based on privilege-escalation according to claim 1, it is characterized in that, described system testing module is used to test the security breaches that exist on the particular system, by system testing, test result and open weakness assessment definition are compared, and then the security breaches that exist in definite system, by Socket communication information uploading is arrived the server end control desk then, after data processing, write in the background data base, for the network attack map generation module provides leak information, network-in-dialing information and host information.
5. the network vulnerability analytical system based on privilege-escalation according to claim 1, it is characterized in that, described system testing refers to: through system customization, detector is carried out test according to listed test event in the open weakness assessment defined file of particular system correspondence to system, and provides formative Hole Detection result.
6. the network vulnerability analytical system based on privilege-escalation according to claim 1, it is characterized in that, the built-in attack graph generating algorithm that combines based on the right breadth First sweep forward of main frame authority and sweep backward in the described network attack map generation module, under the prerequisite of designated assailant's attribute and target of attack, leak information according to the output of Hole Detection module, network-in-dialing information and host information and the leak of attacking in the information knowledge storehouse are attacked information, utilize the attack graph association algorithm to obtain the network attack map of each network node and are stored in the background data base.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910307680A CN101695033A (en) | 2009-09-25 | 2009-09-25 | Network fragility analyzing system based on privilege lift |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910307680A CN101695033A (en) | 2009-09-25 | 2009-09-25 | Network fragility analyzing system based on privilege lift |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101695033A true CN101695033A (en) | 2010-04-14 |
Family
ID=42093974
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910307680A Pending CN101695033A (en) | 2009-09-25 | 2009-09-25 | Network fragility analyzing system based on privilege lift |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101695033A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098306A (en) * | 2011-01-27 | 2011-06-15 | 北京信安天元科技有限公司 | Network attack path analysis method based on incidence matrixes |
| CN102170431A (en) * | 2011-03-25 | 2011-08-31 | 中国电子科技集团公司第三十研究所 | Host risk evaluation method and device |
| CN103023871A (en) * | 2012-11-16 | 2013-04-03 | 华中科技大学 | Android privilege escalation attack detection system and method based on cloud platform |
| CN105991521A (en) * | 2015-01-30 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Network risk assessment method and network risk assessment device |
| CN106453403A (en) * | 2016-11-21 | 2017-02-22 | 国家电网公司 | Vulnerability restructuring sequence determining method and system based on attack links |
| CN106576052A (en) * | 2014-08-13 | 2017-04-19 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in industrial control environment |
| CN106997437A (en) * | 2017-03-02 | 2017-08-01 | 北京理工大学 | A kind of system vulnerability means of defence and device |
| CN107094158A (en) * | 2017-06-27 | 2017-08-25 | 四维创智(北京)科技发展有限公司 | The fragile analysis system of one kind automation intranet security |
| CN107436599A (en) * | 2016-05-26 | 2017-12-05 | 北京空间技术研制试验中心 | The closely quick motion planning method of in-orbit operation spacecraft |
| CN107682889A (en) * | 2017-09-11 | 2018-02-09 | 北京奇安信科技有限公司 | Wireless network performance method of testing, apparatus and system |
| CN108629474A (en) * | 2017-03-24 | 2018-10-09 | 北京航天计量测试技术研究所 | Flow safety evaluation method based on attack graph model |
| CN108959931A (en) * | 2017-05-24 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Leak detection method and device, information interacting method and equipment |
| CN109033844A (en) * | 2018-09-10 | 2018-12-18 | 四川长虹电器股份有限公司 | Automation vulnerability detection system and method based on port identification |
| CN110677404A (en) * | 2019-09-25 | 2020-01-10 | 四川新网银行股份有限公司 | User access control method for Linux host |
| CN111277555A (en) * | 2018-12-05 | 2020-06-12 | 中国移动通信集团河南有限公司 | Vulnerability false alarm screening method and device |
| CN111786947A (en) * | 2020-05-18 | 2020-10-16 | 北京邮电大学 | Attack graph generation method and device, electronic equipment and storage medium |
| CN112256791A (en) * | 2020-10-27 | 2021-01-22 | 北京微步在线科技有限公司 | Network attack event display method and storage medium |
| CN112291275A (en) * | 2020-12-25 | 2021-01-29 | 远江盛邦(北京)网络安全科技股份有限公司 | Command interaction implementation method for CVE vulnerability penetration utilization |
| CN115278681A (en) * | 2022-06-27 | 2022-11-01 | 华中科技大学 | 5G communication network attack graph generation method and system based on regional collaboration |
-
2009
- 2009-09-25 CN CN200910307680A patent/CN101695033A/en active Pending
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098306A (en) * | 2011-01-27 | 2011-06-15 | 北京信安天元科技有限公司 | Network attack path analysis method based on incidence matrixes |
| CN102098306B (en) * | 2011-01-27 | 2013-08-28 | 北京信安天元科技有限公司 | Network attack path analysis method based on incidence matrixes |
| CN102170431A (en) * | 2011-03-25 | 2011-08-31 | 中国电子科技集团公司第三十研究所 | Host risk evaluation method and device |
| CN103023871A (en) * | 2012-11-16 | 2013-04-03 | 华中科技大学 | Android privilege escalation attack detection system and method based on cloud platform |
| CN103023871B (en) * | 2012-11-16 | 2015-05-20 | 华中科技大学 | Android privilege escalation attack detection system and method based on cloud platform |
| CN106576052B (en) * | 2014-08-13 | 2020-09-29 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in an industrial control environment |
| CN106576052A (en) * | 2014-08-13 | 2017-04-19 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in industrial control environment |
| CN105991521A (en) * | 2015-01-30 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Network risk assessment method and network risk assessment device |
| CN105991521B (en) * | 2015-01-30 | 2019-06-21 | 阿里巴巴集团控股有限公司 | Network risk assessment method and device |
| CN107436599A (en) * | 2016-05-26 | 2017-12-05 | 北京空间技术研制试验中心 | The closely quick motion planning method of in-orbit operation spacecraft |
| CN106453403A (en) * | 2016-11-21 | 2017-02-22 | 国家电网公司 | Vulnerability restructuring sequence determining method and system based on attack links |
| CN106453403B (en) * | 2016-11-21 | 2019-10-01 | 国家电网公司 | A kind of determining method and system of loophole rectification sequence based on attack chain |
| CN106997437B (en) * | 2017-03-02 | 2020-09-11 | 北京理工大学 | System vulnerability protection method and device |
| CN106997437A (en) * | 2017-03-02 | 2017-08-01 | 北京理工大学 | A kind of system vulnerability means of defence and device |
| CN108629474A (en) * | 2017-03-24 | 2018-10-09 | 北京航天计量测试技术研究所 | Flow safety evaluation method based on attack graph model |
| CN108629474B (en) * | 2017-03-24 | 2021-11-12 | 北京航天计量测试技术研究所 | Process safety assessment method based on attack graph model |
| CN108959931A (en) * | 2017-05-24 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Leak detection method and device, information interacting method and equipment |
| CN108959931B (en) * | 2017-05-24 | 2022-03-01 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and device, information interaction method and equipment |
| CN107094158A (en) * | 2017-06-27 | 2017-08-25 | 四维创智(北京)科技发展有限公司 | The fragile analysis system of one kind automation intranet security |
| CN107094158B (en) * | 2017-06-27 | 2020-06-19 | 四维创智(北京)科技发展有限公司 | Automatic change intranet security fragile analytic system |
| CN107682889A (en) * | 2017-09-11 | 2018-02-09 | 北京奇安信科技有限公司 | Wireless network performance method of testing, apparatus and system |
| CN109033844A (en) * | 2018-09-10 | 2018-12-18 | 四川长虹电器股份有限公司 | Automation vulnerability detection system and method based on port identification |
| CN111277555A (en) * | 2018-12-05 | 2020-06-12 | 中国移动通信集团河南有限公司 | Vulnerability false alarm screening method and device |
| CN111277555B (en) * | 2018-12-05 | 2022-03-11 | 中国移动通信集团河南有限公司 | Vulnerability false alarm screening method and device |
| CN110677404A (en) * | 2019-09-25 | 2020-01-10 | 四川新网银行股份有限公司 | User access control method for Linux host |
| CN111786947A (en) * | 2020-05-18 | 2020-10-16 | 北京邮电大学 | Attack graph generation method and device, electronic equipment and storage medium |
| CN112256791A (en) * | 2020-10-27 | 2021-01-22 | 北京微步在线科技有限公司 | Network attack event display method and storage medium |
| CN112291275A (en) * | 2020-12-25 | 2021-01-29 | 远江盛邦(北京)网络安全科技股份有限公司 | Command interaction implementation method for CVE vulnerability penetration utilization |
| CN112291275B (en) * | 2020-12-25 | 2021-03-26 | 远江盛邦(北京)网络安全科技股份有限公司 | Command interaction implementation method for CVE vulnerability penetration utilization |
| CN115278681A (en) * | 2022-06-27 | 2022-11-01 | 华中科技大学 | 5G communication network attack graph generation method and system based on regional collaboration |
| CN115278681B (en) * | 2022-06-27 | 2024-04-19 | 华中科技大学 | 5G communication network attack graph generation method and system based on regional collaboration |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101695033A (en) | Network fragility analyzing system based on privilege lift | |
| CN106411578B (en) | A kind of web publishing system and method being adapted to power industry | |
| KR101883400B1 (en) | detecting methods and systems of security vulnerability using agentless | |
| Sommestad et al. | The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures | |
| RU2657170C2 (en) | Automated safety assessment of business-critical computer systems and resources | |
| CN108712396A (en) | Networked asset management and loophole governing system | |
| CN112131882A (en) | Multi-source heterogeneous network security knowledge graph construction method and device | |
| US10540502B1 (en) | Software assurance for heterogeneous distributed computing systems | |
| CN108011893A (en) | A kind of asset management system based on networked asset information gathering | |
| US20060191010A1 (en) | System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning | |
| Buschle et al. | A Tool for automatic Enterprise Architecture modeling | |
| Fonseca et al. | Vulnerability & attack injection for web applications | |
| CN109871696A (en) | A kind of automatic collection and vulnerability scanning system and method, computer of vulnerability information | |
| CN107103239B (en) | Source code based on application system business processing logic is gone beyond one's commission detection method and device | |
| CN105975863A (en) | Method for evaluating and calculating information security risk of power distribution automation terminal equipment | |
| CN110162979A (en) | A kind of safety detecting method, device, electronic equipment and the storage medium of Web API | |
| CN113965497B (en) | Server abnormity identification method and device, computer equipment and readable storage medium | |
| Zamiri-Gourabi et al. | Gas what? I can see your GasPots. Studying the fingerprintability of ICS honeypots in the wild | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| CN113886829B (en) | Method and device for detecting defect host, electronic equipment and storage medium | |
| CN109657462A (en) | Data detection method, system, electronic equipment and storage medium | |
| Shi et al. | Analysis of web security comprehensive evaluation tools | |
| Di Nardo et al. | Augmenting field data for testing systems subject to incremental requirements changes | |
| Refsdal et al. | Security risk analysis of system changes exemplified within the oil and gas domain | |
| Antunes et al. | A monitoring and testing framework for critical off-the-shelf applications and services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100414 |