CN106656924A - Method and device for processing security vulnerabilities of device - Google Patents
Method and device for processing security vulnerabilities of device Download PDFInfo
- Publication number
- CN106656924A CN106656924A CN201510729500.3A CN201510729500A CN106656924A CN 106656924 A CN106656924 A CN 106656924A CN 201510729500 A CN201510729500 A CN 201510729500A CN 106656924 A CN106656924 A CN 106656924A
- Authority
- CN
- China
- Prior art keywords
- leak
- sample
- vulnerability
- merger
- cve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and device for processing security vulnerabilities of a device. The method includes the following steps: performing security scanning on a designated device, and discovering a plurality of security vulnerabilities existing in the designated device; obtaining one or more pieces of vulnerability information corresponding to each vulnerability; and for the discovered plurality of vulnerabilities existing in the designated device, if a certain number of vulnerabilities have the same vulnerability information, the certain number of vulnerabilities are merged into one vulnerability. In the technical scheme provided by the invention, the vulnerabilities having the same vulnerability information are merged into one vulnerability, thereby realizing merging processing of security vulnerabilities of the device. On the premise of not reducing vulnerability detection granularity, repetitive vulnerabilities among the plurality of vulnerabilities obtained by security scanning are screened out, the number of vulnerabilities is effectively reduced, and finally the most concise and efficient vulnerability merging result is obtained; and the result can clearly and explicitly represent real potential safety loopholes existing in the device, so that operation personnel can directly repair with emphasis without a large amount of repetitive work.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of processing method of equipment safety leak
And device.
Background technology
As the sustainable growth of network size, number of devices are sharply increased, the safety problem brought more is shown in prominent
Go out.Therefore, large and medium-sized enterprise starts increasingly attention location system and network security.For a long time, system peace
Full leak is deposited always as modal excessive risk safety problem in various safety inspections, Risk Assessment Report
Becoming the main path of attacker's control system.
Existing vulnerability scanning scheme includes two kinds, and a kind of vulnerability scanning scheme is feature based matching principle
Network Vulnerability Scanner, peripheral detection is carried out using black box mode;The program can only discovering device on a small quantity
The leak of presence, usual quantity is several or more than ten, and with rate of false alarm height, to existing network business shadow
Ring the significant drawback such as big.Another kind of vulnerability scanning scheme adopts whitepack mode logging device, collection existing network to set
It is analyzed for essential information, and the information to collecting, and then judges whether leak.The program
It was found that leak it is large number of, cause the presence of following drawback:1st, leak is large number of, is unfavorable for there is emphasis
Repair system leak.2nd, leak repair amount is huge and comprising a large amount of repeated works.
The content of the invention
In view of the above problems, the invention provides a kind for the treatment of method and apparatus of equipment safety leak, with
Solve the above problems or solve the above problems at least in part.
According to one aspect of the present invention, there is provided a kind of processing method of equipment safety leak, the method
Including:
Security sweep is carried out to designated equipment, multiple leaks present in designated equipment are found;
Obtain corresponding one or more vulnerability informations of each leak;
For multiple leaks present in the designated equipment for being found, if wherein a number of leak tool
There is identical vulnerability information, be then a leak by a number of leak merger.
Alternatively, it is described security sweep is carried out to designated equipment before, the method is further included:
The leak letter that authoritative vulnerability database on the Internet and specialty safety producer issue is crawled using web crawlers
Breath, obtains multiple leak samples and the corresponding vulnerability information of each leak sample;
According to each leak sample and its corresponding vulnerability information that get, leak inquiry table is set up.
Alternatively, each the corresponding vulnerability information of leak sample in the leak inquiry table includes:The leakage
The characteristic equation of hole sample;
It is then described that security sweep is carried out to designated equipment, it is found that multiple leaks present in designated equipment include:
Travel through the leak sample in the leak inquiry table;For each leak sample, according to the leak
The characteristic equation of the leak sample that inquiry table is provided carries out security sweep to designated equipment, if there is
Meet the leak of the characteristic equation, it is determined that find the leak with the leak sample matches;Wherein, phase
Mutually the leak of matching has identical vulnerability information with leak sample;
Then corresponding one or more vulnerability informations of described each leak of acquisition include:
For each leak for finding, the leak sample that acquisition is matched with the leak from leak inquiry table
Whole vulnerability informations.
Alternatively, corresponding one or more vulnerability informations of described each leak include it is following one or more:
The CVE numberings of the leak, the leak title of the leak, the characteristic equation of the leak, the leak are affected
Product, the description information of the leak, the solution of the leak;
Then corresponding one or more vulnerability informations of described each leak of acquisition are further included:
According to the product that each leak is affected, the corresponding official website of product that the leak is affected is obtained,
The corresponding official website's security bulletin of the leak is searched from the official website.
Alternatively, if the wherein a number of leak has identical vulnerability information, by this one
The leak merger of fixed number amount includes for a leak:
If the product that wherein a number of leak is affected is identical, and the solution of a number of leak
Certainly scheme is and the version of the product is upgraded, then be one by a number of leak merger
Leak.
Alternatively, if the wherein a number of leak has identical vulnerability information, by this one
The leak merger of fixed number amount includes for a leak:
If the solution of wherein a number of leak is identical, by a number of leak merger
For a leak.
Alternatively, if the wherein a number of leak has identical vulnerability information, by this one
The leak merger of fixed number amount includes for a leak:
If the corresponding official website's security bulletin of wherein a number of leak is identical, by a fixed number
The leak merger of amount is a leak.
According to another aspect of the present invention, there is provided a kind of processing meanss of equipment safety leak, the dress
Put including:
Security sweep module, for carrying out security sweep to designated equipment, finds present in designated equipment
Multiple leaks;
Data obtaining module, for obtaining corresponding one or more vulnerability informations of each leak;
Merger module, for for multiple leaks present in the designated equipment for being found, if wherein one
The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger.
Alternatively, described information acquisition module, is further used for being crawled on the Internet using web crawlers
The vulnerability information that authoritative vulnerability database and specialty safety producer issue, obtains multiple leak samples and each leak sample
This corresponding vulnerability information;According to each leak sample and its corresponding vulnerability information that get, leakage is set up
Hole inquiry table.
Alternatively, each the corresponding vulnerability information of leak sample in the leak inquiry table includes:The leakage
The characteristic equation of hole sample;
The then security sweep module, for traveling through the leak inquiry table in leak sample;For every
Individual leak sample, the characteristic equation of the leak sample provided according to the leak inquiry table sets to specifying
It is standby to carry out security sweep, if there is the leak for meeting the characteristic equation, it is determined that find and the leak
The leak of sample matches;Wherein, the leak being mutually matched has identical vulnerability information with leak sample;
Then described information acquisition module, for for each leak for finding, obtaining from leak inquiry table
Whole vulnerability informations of the leak sample matched with the leak.
Alternatively, corresponding one or more vulnerability informations of described each leak include it is following one or more:
The CVE numberings of the leak, the leak title of the leak, the characteristic equation of the leak, the leak are affected
Product, the description information of the leak, the solution of the leak;
Then described information acquisition module, for the product for further being affected according to each leak, obtains and is somebody's turn to do
The corresponding official website of product that leak is affected, searches the corresponding official of the leak from the official website
Square web portal security bulletin.
Alternatively, the merger module, for ought the product that affected of wherein a number of leak it is identical,
And the solution of a number of leak is when being the version to the product and upgrading, by this one
The leak merger of fixed number amount is a leak.
Alternatively, the merger module, for when the solution of wherein a number of leak is identical,
It is a leak by a number of leak merger.
Alternatively, the merger module, for ought the corresponding official website's peace of wherein a number of leak
It is a leak by a number of leak merger when announcing identical entirely.
From the foregoing, because identical vulnerability information can reflect equivalent leak feature, with identical
The leak of vulnerability information can be regarded as identical leak;Therefore, in the technical scheme that the present invention is provided,
For a fairly large number of leak that designated equipment finds Jing after security sweep, by believing with identical leak
The leak merger of breath is a leak, realizes the merger to equipment safety leak and processes.The program is not
On the premise of reducing Hole Detection granularity, the repetition leak in multiple leaks that security sweep is obtained is screened out,
Leak quantity is significantly reduced, is finally given and be most concisely and efficiently leak merger result;The result can
Clear and definite ground characterizes the real potential safety hazard that equipment is present so that operation personnel is without the need for substantial amounts of repetition
Sex work can be repaired with directly having emphasis.
Description of the drawings
Fig. 1 shows a kind of stream of the processing method of equipment safety leak according to an embodiment of the invention
Cheng Tu;
Fig. 2 shows a kind of flow process of the processing method of according to embodiments of the present invention one equipment safety leak
Figure;
Fig. 3 shows a kind of flow process of the processing method of according to embodiments of the present invention two equipment safety leak
Figure;
Fig. 4 shows a kind of showing for the processing meanss of equipment safety leak according to an embodiment of the invention
It is intended to.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to this
Bright embodiment is described in further detail.
Fig. 1 shows a kind of stream of the processing method of equipment safety leak according to an embodiment of the invention
Cheng Tu.As shown in figure 1, the method includes:
Step S110, security sweep is carried out to designated equipment, finds multiple leaks present in designated equipment.
Step S120, obtains corresponding one or more vulnerability informations of each leak.
Step S130, for multiple leaks present in the designated equipment for being found, if a wherein fixed number
The leak of amount has identical vulnerability information, then be a leak by a number of leak merger.
It can be seen that, because identical vulnerability information can reflect equivalent leak feature, with identical leak letter
The leak of breath can be regarded as identical leak;Therefore, in the method shown in Fig. 1, set for specifying
The standby a fairly large number of leak found Jing after security sweep, by the way that the leak with identical vulnerability information is returned
And for a leak, realize the merger to equipment safety leak and process.The program is not reducing leak inspection
On the premise of surveying granularity, the repetition leak in multiple leaks that security sweep is obtained is screened out, effectively dropped
Low leak quantity, finally gives and be most concisely and efficiently leak merger result;The result being capable of clear and definite
Ground characterizes the real potential safety hazard that equipment is present so that operation personnel can without the need for substantial amounts of repetitive operation
To be repaired with directly having emphasis.
Illustrate the implementation process of this programme with specific embodiment below:
Embodiment one:
Fig. 2 shows a kind of flow process of the processing method of according to embodiments of the present invention one equipment safety leak
Figure.As shown in Fig. 2 the method includes:
Step S210, authoritative vulnerability database and the specialty safety producer on the Internet is crawled using web crawlers
The vulnerability information of cloth, obtains multiple leak samples and the corresponding vulnerability information of each leak sample;According to acquisition
The each leak sample for arriving and its corresponding vulnerability information, set up leak inquiry table.
Specifically, authority's vulnerability database such as NVD, CNNVD, CNVD is crawled using web crawlers technology
The vulnerability information issued with the specialty safety producer such as SecurityFocus, obtains multiple leak samples and each leakage
The corresponding vulnerability information of hole sample.
Each corresponding vulnerability information of leak sample includes:The title of the leak sample, the leak sample
CVE (Common Vulnerabilities&Exposures, general leak) numbering, the leak sample
Description information, characteristic equation of the leak sample etc.;Wherein, the characteristic equation of each leak sample is logical
Cross the characteristic attribute of analyzing the leak sample and define;The CVE of each leak sample is numbered as the leakage
The unique mark of hole sample, after being climbed out of using network and crawling mass data, can be numbered according to CVE
Duplicate removal is merged to each Data Source, the different corresponding vulnerability informations of multiple leak samples are obtained.
Correspondence saves each leak sample and as above in the leak inquiry table that then this step S210 sets up
The corresponding vulnerability information of each leak sample.
Step S220, travels through the leak sample in leak inquiry table;For each leak sample, according to leakage
The characteristic equation of the leak sample that hole inquiry table is provided carries out security sweep to designated equipment, if deposited
In the leak for meeting the characteristic equation, it is determined that find the leak with the leak sample matches;Traversal knot
Shu Hou, has found multiple leaks present in designated equipment, for each leak for finding, from leak inquiry
Whole vulnerability informations of the leak sample matched with the leak are obtained in table.
In this step, due to providing substantial amounts of leak sample in leak inquiry table, almost cover at present
All information security leaks accepted;The spy of each leak sample that place is provided is inquired about by traveling through leak
Levy formula carries out security sweep to designated equipment, it is established that the leak of discovery and the corresponding relation of leak sample,
Realize the standardization description of the leak found to this programme extensively accepted.
For example, step S220 is carried out after security sweep to designated equipment, finds 6 leaks, with correspondence
CVE numbering do unique mark, as shown in table 1:
Table 1
Leak number | CVE is numbered |
1 | CVE-2015-0209 |
2 | CVE-2015-0286 |
3 | CVE-2015-0287 |
4 | CVE-2015-0288 |
5 | CVE-2015-3516 |
6 | CVE-2015-3517 |
For each leak for finding, the leak sample that acquisition is matched with the leak from leak inquiry table
Whole vulnerability informations, obtain corresponding one or more vulnerability informations of each leak;Wherein, it is described each
Corresponding one or more vulnerability informations of leak include it is following one or more:The leak title of the leak,
The severity level of leak, the product that the leak is affected, the description information of the leak, the solution of the leak
Scheme etc..
Step S230, according to the corresponding vulnerability information of each leak that step S220 is obtained, obtains the leakage
The corresponding official website's security bulletin in hole is used as newly-increased vulnerability information;Then execution step S240.
Specifically, this step searches one by one official website's safety of each type operation system or application software
Bulletin, obtains the corresponding official website's security bulletin of the leak.
Above example is continued to use, the corresponding vulnerability information of each leak obtained in table 1 is as shown in table 2;
Wherein, official website's security bulletin is represented with its URL address;The uncertain or unknown leakage for getting
Information corresponding form in hole indicates "-".
Table 2
Leak number | CVE is numbered | Affect product | Solution | Official website's security bulletin |
1 | CVE-2015-0209 | — | — | URL1 |
2 | CVE-2015-0286 | — | — | URL1 |
3 | CVE-2015-0287 | Product P1 | — | URL1 |
4 | CVE-2015-0288 | Product P1 | — | URL1 |
5 | CVE-2015-3516 | — | Solution S1 | — |
6 | CVE-2015-3517 | — | Solution S1 | — |
Step S240, for multiple leaks present in the designated equipment for being found, if a wherein fixed number
The leak of amount has identical vulnerability information, then be a leak by a number of leak merger;So
Execution step S250 afterwards.
In this step, if the product that wherein a number of leak is affected is identical, and the certain amount
The solution of leak be the version of the product upgraded, then by a number of leak
Merger is a leak;If the solution of wherein a number of leak is identical, by a fixed number
The leak merger of amount is a leak;If the corresponding official website's safety of wherein a number of leak is public
Accuse identical, be then a leak by a number of leak merger.The like, for other types
Vulnerability information it is same as described above.Furthermore, it is desirable to explanation, above-mentioned to be entered according to different vulnerability informations
In no particular order sequentially, can regard practical situation needs and change the process of row merger.
Example above is continued to use, for 6 leaks shown in table 2, it can be seen that CVE-2015-0287
The product affected with CVE-2015-0288 is P1, then be a leak by the two leak merger,
Numbered as mark with CVE maximum in the two, i.e. CVE-2015-0288;The remaining leak for now obtaining:
CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-3516 and
CVE-2015-3517。
Continue to observe table 2, wherein, the solution phase of CVE-2015-3516 and CVE-2015-3517
Together, then by the two leak merger it is a leak, is numbered as mark with CVE maximum in the two, i.e.,
CVE-2015-3517;The remaining leak for now obtaining:CVE-2015-0209、CVE-2015-0286、
CVE-2015-0288 and CVE-2015-3517.
Continue to observe table 2, wherein, CVE-2015-0209, CVE-2015-0286, CVE-2015-0288
The URL of corresponding official website's security bulletin is identical, then be a leak by these three leak merger, with
Maximum CVE numberings are mark in three, i.e. CVE-2015-0288;The remaining leak for finally giving is:
CVE-2015-0288 and CVE-2015-3517, as shown in table 3.
Table 3
Leak number | CVE is numbered | Affect product | Solution | Official website's security bulletin |
1 | CVE-2015-0288 | Product P1 | — | URL1 |
2 | CVE-2015-3517 | — | Solution S1 | — |
Through the process of step S210- step S240,6 shown in table 1 leak is reduced to the institute of table 3
2 leaks for showing.
Step S250, to user the leak result after merger is shown;Terminate flow process.
In this step, full dose leak is verified after terminating, and equipment vulnerability information is represented with three kinds of views.
Representing does not carry out the full dose vulnerability information of leak merger, and average leak quantity is 268 before non-merger;Exhibition
Now product is affected to carry out the vulnerability information after merger according to leak, the leak quantity after merger is average 63,
Represent and carry out merger according to security bulletin or carry out the vulnerability information after merger according to solution, after merger
Leak quantity average out to 15.The sign designated equipment that the leak result for finally representing can become apparent from
Existing potential safety hazard, efficiently launches beneficial to follow-up repair.
Embodiment two:
Fig. 3 shows a kind of flow process of the processing method of according to embodiments of the present invention two equipment safety leak
Figure.As shown in figure 3, the method includes:
Step S310, starts.
Step S320:Leak inquiry table is set up, designated equipment Jing is obtained according to the leak inquiry table and is swept safely
The leak obtained after retouching and its corresponding vulnerability information.
This step obtains altogether equipment leak 11:CVE-2015-0209、CVE-2015-0286、
CVE-2015-0287、CVE-2015-0288、CVE-2009-3516、CVE-2009-3517、
CVE-2015-0291、CVE-2015-0290、CVE-2015-0289、CVE-2015-0288、
CVE-2015-0287.And, the vulnerability information includes:Product that leak is affected, leak are retouched
State the corresponding official website's security bulletin of information, the solution of leak and leak, specific acquisition methods
Describe in detail above, will not be described here.
Step S330:According to the leak and its corresponding vulnerability information of step S320, set up leak and receive
Affect product relation table.
For example, leak CVE-2015-0291, CVE-2015-0290, CVE-2015-0289,
CVE-2015-0288, CVE-2015-0287 affect the 1.0.2 versions of Openssl products;Then leak
It is as shown in Figure 4 with impacted product relation table:
Table 4
CVE is numbered | Affect product |
CVE-2015-0291 | Openssl-1.0.2 |
CVE-2015-0290 | Openssl-1.0.2 |
CVE-2015-0289 | Openssl-1.0.2 |
CVE-2015-0288 | Openssl-1.0.2 |
CVE-2015-0287 | Openssl-1.0.2 |
Step S340:According to the leak and its corresponding vulnerability information of step S320, leak and official are set up
Square web portal security announces relation table.
For example, IBM official websites find leak CVE-2015-0209, CVE-2015-0286,
The corresponding security bulletin chained addresses of CVE-2015-0287 and CVE-2015-0288 and part bulletin content
It is as follows:
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc
1.VULNERABILITY: AIX OpenSSL Denial of Service(memory corruption and
application crash)via a malformed Elliptic Curve(EC)private-key file that is improperly
handled during import
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0209
2.VULNERABILITY: AIX OpenSSL Denial of Service(invalid read operation
and application crash)via a crafted X.509 certificate to an endpoint that uses the
certificate-verification feature
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0286
3.VULNERABILITY: AIX OpenSSL Denial of Service(invalid write operation
and memory corruption)by leveraging an application that relies on ASN.1 structure reuse
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0287
4.VULNERABILITY: AIX OpenSSL Denial of Service(NULL pointer
dereference and application crash)via an invalid certificate key
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0288
Then leak and official website's security bulletin relation table are as shown in table 5:
Table 5
CVE is numbered | Leak title in security bulletin |
CVE-2015-0209 | AIX OpenSSL Denial of Service |
CVE-2015-0286 | AIX OpenSSL Denial of Service |
CVE-2015-0287 | AIX OpenSSL Denial of Service |
CVE-2015-0288 | AIX OpenSSL Denial of Service |
Step S350:According to the leak and its corresponding vulnerability information of step S320, leak is set up with leakage
Hole solution relation table.
For example, leak CVE-2015-3516 is identical with the solution of CVE-2015-3517, then leak
It is as shown in table 6 with leak solution relation table:
Table 6
Step S360:The product affected according to leak carries out merger.
Numbered according to leak CVE, the leak set up in finding step S104 and leak affect the right of product
Answer relation table, find CVE-2015-0291, CVE-2015-0290, CVE-2015-0289,
The product that CVE-2015-0288, CVE-2015-0287 affect is identical, now only needs to this software version
This upgrading, you can while repairing multiple leaks, therefore can be one by its merger, selection represents CVE
The largest number of vulnerability information, will CVE-2015-0291, CVE-2015-0290,
CVE-2015-0289, CVE-2015-0288, CVE-2015-0287 merger is a leak
CVE-2015-0291 is represented.
Step S370:Judge whether include that official website's safety is public in the corresponding vulnerability information of remaining leak
Accuse, be then execution step S380, otherwise execution step S390.
Step S380:Merger is carried out to leak according to official website's security bulletin.
Numbered according to leak CVE, the leak and official website's security bulletin of foundation in finding step S102
Mapping table, find CVE-2015-0209, CVE-2015-0286, CVE-2015-0287,
The corresponding security bulletin contents of CVE-2015-0288 are identical, illustrate from equipment manufacturer's angle to consider, it is believed that
The restorative procedure of four leaks of the above is identical.It can be one by its merger, selection represents CVE and numbers most
Big vulnerability information, will CVE-2015-0209, CVE-2015-0286, CVE-2015-0287,
CVE-2015-0288 merger is represented for a leak CVE-2015-0288.
Step S390:Merger is carried out to leak according to leak solution.
Numbered according to leak CVE, the leak set up in finding step S103 and the correspondence of solution are closed
It is table, it is found that the corresponding solution of CVE-2009-3516, CVE-2009-3517 is identical, illustrates this
The restorative procedure of two leaks is identical, and selection represents wherein the largest number of vulnerability information, will
CVE-2009-3516, CVE-2009-3517 merger is represented for a leak CVE-2009-3517.
Step S400:Represent the leak after merger.
In this step, equipment vulnerability information is represented with three kinds of views.Representing does not carry out leak merger
Full dose vulnerability information;Represent affects product to carry out the vulnerability information after merger according to leak;Represent according to
Security bulletin carries out merger or carries out the vulnerability information after merger according to solution.
Step S410:Terminate.
Fig. 4 shows a kind of showing for the processing meanss of equipment safety leak according to an embodiment of the invention
It is intended to.As shown in figure 4, the processing meanss of the equipment safety leak include:
Security sweep module 410, for carrying out designated equipment security sweep, finds to be deposited in designated equipment
Multiple leaks;
Data obtaining module 420, for obtaining corresponding one or more vulnerability informations of each leak;
Merger module 430, for for multiple leaks present in the designated equipment for being found, if its
In a number of leak there is identical vulnerability information, then by a number of leak merger be one
Leak.
It can be seen that, because identical vulnerability information can reflect equivalent leak feature, with identical leak letter
The leak of breath can be regarded as identical leak;Therefore, the device shown in Fig. 4 is for designated equipment Jing peaces
The a fairly large number of leak found after full scan, by being one by the leak merger with identical vulnerability information
Individual leak, realizes the merger to equipment safety leak and processes.The program is not reducing Hole Detection granularity
On the premise of, the repetition leak in multiple leaks that security sweep is obtained has been screened out, significantly reduce Lou
Hole quantity, finally gives and be most concisely and efficiently leak merger result;The result being capable of clear and definite ground sign
The real potential safety hazard that equipment is present so that operation personnel can be direct without the need for substantial amounts of repetitive operation
Repaired with having emphasis.
In one embodiment of the invention, described information acquisition module 420, is further used for utilizing net
Network reptile crawls the vulnerability information that the authoritative vulnerability database on the Internet and specialty safety producer issue, and obtains many
Individual leak sample and the corresponding vulnerability information of each leak sample;According to each leak sample for getting and its right
The vulnerability information answered, sets up leak inquiry table.
In one embodiment of the invention, each corresponding leakage of leak sample in the leak inquiry table
Hole information includes:The characteristic equation of the leak sample;The then security sweep module 410, for traveling through
Leak sample in the leak inquiry table;For each leak sample, according to the leak inquiry table institute
The characteristic equation of the leak sample for providing carries out security sweep to designated equipment, described if there is meeting
The leak of characteristic equation, it is determined that find the leak with the leak sample matches;Wherein, it is mutually matched
Leak has identical vulnerability information with leak sample;Then described information acquisition module 420, for for
It was found that each leak, the whole leaks of leak sample matched with the leak are obtained from leak inquiry table
Information.
In one embodiment of the invention, corresponding one or more vulnerability information bags of described each leak
Include it is following one or more:The CVE numberings of the leak, the leak title of the leak, the feature of the leak
Formula, the product that the leak is affected, the description information of the leak, solution of the leak etc.;Then
Data obtaining module 420, is further used for the product affected according to each leak, obtains the leak institute
The corresponding official website of product of impact, searches the corresponding official website of the leak from the official website
Security bulletin.
In one embodiment of the invention, if the product that affected of wherein a number of leak is identical,
And the solution of a number of leak is and the version of the product is upgraded, merger module
The a number of leak merger is a leak by 430.If the solution of wherein a number of leak
Certainly scheme is identical, and a number of leak merger is then a leak by merger module 430.If its
In the corresponding official website's security bulletin of a number of leak it is identical, merger module 430 is then certain by this
The leak merger of quantity is a leak.
The embodiment of the device shown in Fig. 4 is corresponding identical with each embodiment shown in Fig. 1-Fig. 3, above
It is discussed in detail, will not be described here.
In sum, the technical scheme that the present invention is provided can reflect equivalent based on identical vulnerability information
Leak feature, the leak with identical vulnerability information can be regarded as the principle of identical leak, for finger
A fairly large number of leak that locking equipment finds Jing after security sweep, by by the leakage with identical vulnerability information
Hole merger is a leak, realizes the merger to equipment safety leak and processes.The program is not being reduced Lou
On the premise of hole detection granularity, the repetition leak in multiple leaks that security sweep is obtained is screened out, effectively
Reduce leak quantity, finally give and be most concisely and efficiently leak merger result;The result can be clear
Clearly characterize the real potential safety hazard that equipment is present so that operation personnel is without the need for substantial amounts of repeated work
Work can be repaired with directly having emphasis, can actively improve leak security sweep and the efficiency repaired,
For the development of leak security sweep has great importance.
Presently preferred embodiments of the present invention is the foregoing is only, the protection model of the present invention is not intended to limit
Enclose.All any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc.,
Comprising within the scope of the present invention.
Claims (10)
1. a kind of processing method of equipment safety leak, it is characterised in that the method includes:
Security sweep is carried out to designated equipment, multiple leaks present in designated equipment are found;
Obtain corresponding one or more vulnerability informations of each leak;
For multiple leaks present in the designated equipment for being found, if wherein a number of leak tool
There is identical vulnerability information, be then a leak by a number of leak merger.
2. the method for claim 1, it is characterised in that safety is carried out to designated equipment described
Before scanning, the method is further included:
The leak letter that authoritative vulnerability database on the Internet and specialty safety producer issue is crawled using web crawlers
Breath, obtains multiple leak samples and the corresponding vulnerability information of each leak sample;
According to each leak sample and its corresponding vulnerability information that get, leak inquiry table is set up.
3. method as claimed in claim 2, it is characterised in that each leakage in the leak inquiry table
Sample corresponding vulnerability information in hole includes:The characteristic equation of the leak sample;
It is then described that security sweep is carried out to designated equipment, it is found that multiple leaks present in designated equipment include:
Travel through the leak sample in the leak inquiry table;For each leak sample, according to the leak
The characteristic equation of the leak sample that inquiry table is provided carries out security sweep to designated equipment, if there is
Meet the leak of the characteristic equation, it is determined that find the leak with the leak sample matches;Wherein, phase
Mutually the leak of matching has identical vulnerability information with leak sample;
Then corresponding one or more vulnerability informations of described each leak of acquisition include:
For each leak for finding, the leak sample that acquisition is matched with the leak from leak inquiry table
Whole vulnerability informations.
4. method as claimed in claim 3, it is characterised in that described each leak it is corresponding one or
Multiple vulnerability informations include it is following one or more:The CVE numberings of the leak, the leak title of the leak,
The characteristic equation of the leak, the product that the leak is affected, the description information of the leak, the solution of the leak
Certainly scheme;
Then corresponding one or more vulnerability informations of described each leak of acquisition are further included:
According to the product that each leak is affected, the corresponding official website of product that the leak is affected is obtained,
The corresponding official website's security bulletin of the leak is searched from the official website.
5. the method as any one of claim 1-4, it is characterised in that if described wherein one
The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger
Including:
If the product that wherein a number of leak is affected is identical, and the solution of a number of leak
Certainly scheme is and the version of the product is upgraded, then be one by a number of leak merger
Leak.
6. the method as any one of claim 1-4, it is characterised in that if described wherein one
The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger
Including:
If the solution of wherein a number of leak is identical, by a number of leak merger
For a leak.
7. the method as any one of claim 1-4, it is characterised in that if described wherein one
The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger
Including:
If the corresponding official website's security bulletin of wherein a number of leak is identical, by a fixed number
The leak merger of amount is a leak.
8. a kind of processing meanss of equipment safety leak, it is characterised in that the device includes:
Security sweep module, for carrying out security sweep to designated equipment, finds present in designated equipment
Multiple leaks;
Data obtaining module, for obtaining corresponding one or more vulnerability informations of each leak;
Merger module, for for multiple leaks present in the designated equipment for being found, if wherein one
The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger.
9. device as claimed in claim 8, it is characterised in that
Described information acquisition module, is further used for crawling the authoritative leak on the Internet using web crawlers
The vulnerability information that storehouse and specialty safety producer issue, obtains multiple leak samples and each leak sample is corresponding
Vulnerability information;According to each leak sample and its corresponding vulnerability information that get, leak inquiry table is set up.
10. device as claimed in claim 9, it is characterised in that each in the leak inquiry table
The corresponding vulnerability information of leak sample includes:The characteristic equation of the leak sample;
The then security sweep module, for traveling through the leak inquiry table in leak sample;For every
Individual leak sample, the characteristic equation of the leak sample provided according to the leak inquiry table sets to specifying
It is standby to carry out security sweep, if there is the leak for meeting the characteristic equation, it is determined that find and the leak
The leak of sample matches;Wherein, the leak being mutually matched has identical vulnerability information with leak sample;
Then described information acquisition module, for for each leak for finding, obtaining from leak inquiry table
Whole vulnerability informations of the leak sample matched with the leak.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510729500.3A CN106656924A (en) | 2015-10-30 | 2015-10-30 | Method and device for processing security vulnerabilities of device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510729500.3A CN106656924A (en) | 2015-10-30 | 2015-10-30 | Method and device for processing security vulnerabilities of device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106656924A true CN106656924A (en) | 2017-05-10 |
Family
ID=58809575
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510729500.3A Pending CN106656924A (en) | 2015-10-30 | 2015-10-30 | Method and device for processing security vulnerabilities of device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106656924A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107609402A (en) * | 2017-09-05 | 2018-01-19 | 中国科学院计算机网络信息中心 | A kind of processing method of security breaches, device and storage medium |
CN108830084A (en) * | 2018-06-12 | 2018-11-16 | 国网江苏省电力有限公司无锡供电分公司 | Realize the handheld terminal and means of defence of computer information safe protection vulnerability scanning and protective reinforcing |
CN109413050A (en) * | 2018-10-05 | 2019-03-01 | 国网湖南省电力有限公司 | A kind of internet vulnerability information acquisition method that access rate is adaptive and system |
CN109542785A (en) * | 2018-11-19 | 2019-03-29 | 北京云测网络科技有限公司 | A kind of invalid bug determines method and apparatus |
CN109977677A (en) * | 2017-12-28 | 2019-07-05 | 平安科技(深圳)有限公司 | Vulnerability information collection method, device, equipment and readable storage medium storing program for executing |
CN110334513A (en) * | 2019-06-25 | 2019-10-15 | 广州嘉为科技有限公司 | A kind of restorative procedure based on (SuSE) Linux OS loophole |
CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
CN111865902A (en) * | 2020-06-03 | 2020-10-30 | 国网浙江省电力有限公司丽水供电公司 | Network information vulnerability analysis method and readable storage medium |
CN113742721A (en) * | 2021-08-30 | 2021-12-03 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning processing method, device and system, electronic device and storage medium |
CN113934511A (en) * | 2021-10-19 | 2022-01-14 | 苏州棱镜七彩信息科技有限公司 | Container method based on self-built knowledge base |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103562923A (en) * | 2011-05-31 | 2014-02-05 | 惠普发展公司,有限责任合伙企业 | Application security testing |
US9015847B1 (en) * | 2014-05-06 | 2015-04-21 | Synack, Inc. | Computer system for distributed discovery of vulnerabilities in applications |
CN104615542A (en) * | 2015-02-11 | 2015-05-13 | 中国科学院软件研究所 | Vulnerability correlation analysis assisted vulnerability mining method based on function calling |
-
2015
- 2015-10-30 CN CN201510729500.3A patent/CN106656924A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103562923A (en) * | 2011-05-31 | 2014-02-05 | 惠普发展公司,有限责任合伙企业 | Application security testing |
US9015847B1 (en) * | 2014-05-06 | 2015-04-21 | Synack, Inc. | Computer system for distributed discovery of vulnerabilities in applications |
CN104615542A (en) * | 2015-02-11 | 2015-05-13 | 中国科学院软件研究所 | Vulnerability correlation analysis assisted vulnerability mining method based on function calling |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107609402B (en) * | 2017-09-05 | 2020-05-12 | 中国科学院计算机网络信息中心 | Security vulnerability processing method and device and storage medium |
CN107609402A (en) * | 2017-09-05 | 2018-01-19 | 中国科学院计算机网络信息中心 | A kind of processing method of security breaches, device and storage medium |
CN109977677A (en) * | 2017-12-28 | 2019-07-05 | 平安科技(深圳)有限公司 | Vulnerability information collection method, device, equipment and readable storage medium storing program for executing |
CN108830084A (en) * | 2018-06-12 | 2018-11-16 | 国网江苏省电力有限公司无锡供电分公司 | Realize the handheld terminal and means of defence of computer information safe protection vulnerability scanning and protective reinforcing |
CN108830084B (en) * | 2018-06-12 | 2021-10-01 | 国网江苏省电力有限公司无锡供电分公司 | Handheld terminal for realizing vulnerability scanning and protection reinforcement and protection method |
CN109413050A (en) * | 2018-10-05 | 2019-03-01 | 国网湖南省电力有限公司 | A kind of internet vulnerability information acquisition method that access rate is adaptive and system |
CN109413050B (en) * | 2018-10-05 | 2020-11-24 | 国网湖南省电力有限公司 | Access rate self-adaptive internet vulnerability information acquisition method and system |
CN109542785A (en) * | 2018-11-19 | 2019-03-29 | 北京云测网络科技有限公司 | A kind of invalid bug determines method and apparatus |
CN109542785B (en) * | 2018-11-19 | 2021-07-27 | 北京云测网络科技有限公司 | Invalid bug determination method and device |
CN110334513A (en) * | 2019-06-25 | 2019-10-15 | 广州嘉为科技有限公司 | A kind of restorative procedure based on (SuSE) Linux OS loophole |
CN110460571B (en) * | 2019-07-05 | 2022-11-04 | 深圳壹账通智能科技有限公司 | Business system vulnerability processing method and device, computer equipment and storage medium |
CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
CN111865902A (en) * | 2020-06-03 | 2020-10-30 | 国网浙江省电力有限公司丽水供电公司 | Network information vulnerability analysis method and readable storage medium |
CN113742721A (en) * | 2021-08-30 | 2021-12-03 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning processing method, device and system, electronic device and storage medium |
CN113742721B (en) * | 2021-08-30 | 2024-03-26 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning processing method, device, system, electronic device and storage medium |
CN113934511A (en) * | 2021-10-19 | 2022-01-14 | 苏州棱镜七彩信息科技有限公司 | Container method based on self-built knowledge base |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106656924A (en) | Method and device for processing security vulnerabilities of device | |
CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
CN104077531B (en) | System vulnerability appraisal procedure, device and system based on open vulnerability assessment language | |
CN102739675B (en) | Website security detection method and device | |
Tu et al. | Webshell detection techniques in web applications | |
CN108446559B (en) | APT organization identification method and device | |
CN106789939A (en) | A kind of detection method for phishing site and device | |
CN111104579A (en) | Identification method and device for public network assets and storage medium | |
CN111600850A (en) | Method, equipment and storage medium for detecting mine digging virtual currency | |
CN110221977A (en) | Website penetration test method based on ai | |
EP3531329B1 (en) | Anomaly-based-malicious-behavior detection | |
CN105095769A (en) | Information service software vulnerability detection method | |
CN112182587A (en) | Web vulnerability scanning method, system, device, storage medium and computer equipment | |
CN104618177A (en) | Website bug examination method and device | |
CN113190838A (en) | Web attack behavior detection method and system based on expression | |
CN113190839A (en) | Web attack protection method and system based on SQL injection | |
CN113158197A (en) | SQL injection vulnerability detection method and system based on active IAST | |
CN114499939A (en) | Optimal path selection method and system based on knowledge graph, storable medium and electronic equipment | |
Li et al. | Large-scale third-party library detection in android markets | |
CN106650454A (en) | SQL injection attack detection method and apparatus | |
CN107229867B (en) | Kernel vulnerability mining method and device, computing equipment and computer storage medium | |
CN116932381A (en) | Automatic evaluation method for security risk of applet and related equipment | |
WO2021047004A1 (en) | Ip proxy pool management method and device, and storage medium | |
CN101901183B (en) | Method and device of test case for filtering | |
Fathurrahmad et al. | Automatic Scanner Tools Analysis As A Website Penetration Testing: Automatic Scanner Tools Analysis As A Website Penetration Testing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170510 |
|
RJ01 | Rejection of invention patent application after publication |