CN106656924A - Method and device for processing security vulnerabilities of device - Google Patents

Method and device for processing security vulnerabilities of device Download PDF

Info

Publication number
CN106656924A
CN106656924A CN201510729500.3A CN201510729500A CN106656924A CN 106656924 A CN106656924 A CN 106656924A CN 201510729500 A CN201510729500 A CN 201510729500A CN 106656924 A CN106656924 A CN 106656924A
Authority
CN
China
Prior art keywords
leak
sample
vulnerability
merger
cve
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510729500.3A
Other languages
Chinese (zh)
Inventor
王金国
高峰
张建军
苏砫
王星亮
张威
肖勇军
霍会潮
訾荣
袁二利
王柯蘅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shenzhou Taiyue Software Co Ltd
Original Assignee
Beijing Shenzhou Taiyue Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shenzhou Taiyue Software Co Ltd filed Critical Beijing Shenzhou Taiyue Software Co Ltd
Priority to CN201510729500.3A priority Critical patent/CN106656924A/en
Publication of CN106656924A publication Critical patent/CN106656924A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and device for processing security vulnerabilities of a device. The method includes the following steps: performing security scanning on a designated device, and discovering a plurality of security vulnerabilities existing in the designated device; obtaining one or more pieces of vulnerability information corresponding to each vulnerability; and for the discovered plurality of vulnerabilities existing in the designated device, if a certain number of vulnerabilities have the same vulnerability information, the certain number of vulnerabilities are merged into one vulnerability. In the technical scheme provided by the invention, the vulnerabilities having the same vulnerability information are merged into one vulnerability, thereby realizing merging processing of security vulnerabilities of the device. On the premise of not reducing vulnerability detection granularity, repetitive vulnerabilities among the plurality of vulnerabilities obtained by security scanning are screened out, the number of vulnerabilities is effectively reduced, and finally the most concise and efficient vulnerability merging result is obtained; and the result can clearly and explicitly represent real potential safety loopholes existing in the device, so that operation personnel can directly repair with emphasis without a large amount of repetitive work.

Description

A kind for the treatment of method and apparatus of equipment safety leak
Technical field
The present invention relates to field of information security technology, more particularly to a kind of processing method of equipment safety leak And device.
Background technology
As the sustainable growth of network size, number of devices are sharply increased, the safety problem brought more is shown in prominent Go out.Therefore, large and medium-sized enterprise starts increasingly attention location system and network security.For a long time, system peace Full leak is deposited always as modal excessive risk safety problem in various safety inspections, Risk Assessment Report Becoming the main path of attacker's control system.
Existing vulnerability scanning scheme includes two kinds, and a kind of vulnerability scanning scheme is feature based matching principle Network Vulnerability Scanner, peripheral detection is carried out using black box mode;The program can only discovering device on a small quantity The leak of presence, usual quantity is several or more than ten, and with rate of false alarm height, to existing network business shadow Ring the significant drawback such as big.Another kind of vulnerability scanning scheme adopts whitepack mode logging device, collection existing network to set It is analyzed for essential information, and the information to collecting, and then judges whether leak.The program It was found that leak it is large number of, cause the presence of following drawback:1st, leak is large number of, is unfavorable for there is emphasis Repair system leak.2nd, leak repair amount is huge and comprising a large amount of repeated works.
The content of the invention
In view of the above problems, the invention provides a kind for the treatment of method and apparatus of equipment safety leak, with Solve the above problems or solve the above problems at least in part.
According to one aspect of the present invention, there is provided a kind of processing method of equipment safety leak, the method Including:
Security sweep is carried out to designated equipment, multiple leaks present in designated equipment are found;
Obtain corresponding one or more vulnerability informations of each leak;
For multiple leaks present in the designated equipment for being found, if wherein a number of leak tool There is identical vulnerability information, be then a leak by a number of leak merger.
Alternatively, it is described security sweep is carried out to designated equipment before, the method is further included:
The leak letter that authoritative vulnerability database on the Internet and specialty safety producer issue is crawled using web crawlers Breath, obtains multiple leak samples and the corresponding vulnerability information of each leak sample;
According to each leak sample and its corresponding vulnerability information that get, leak inquiry table is set up.
Alternatively, each the corresponding vulnerability information of leak sample in the leak inquiry table includes:The leakage The characteristic equation of hole sample;
It is then described that security sweep is carried out to designated equipment, it is found that multiple leaks present in designated equipment include:
Travel through the leak sample in the leak inquiry table;For each leak sample, according to the leak The characteristic equation of the leak sample that inquiry table is provided carries out security sweep to designated equipment, if there is Meet the leak of the characteristic equation, it is determined that find the leak with the leak sample matches;Wherein, phase Mutually the leak of matching has identical vulnerability information with leak sample;
Then corresponding one or more vulnerability informations of described each leak of acquisition include:
For each leak for finding, the leak sample that acquisition is matched with the leak from leak inquiry table Whole vulnerability informations.
Alternatively, corresponding one or more vulnerability informations of described each leak include it is following one or more: The CVE numberings of the leak, the leak title of the leak, the characteristic equation of the leak, the leak are affected Product, the description information of the leak, the solution of the leak;
Then corresponding one or more vulnerability informations of described each leak of acquisition are further included:
According to the product that each leak is affected, the corresponding official website of product that the leak is affected is obtained, The corresponding official website's security bulletin of the leak is searched from the official website.
Alternatively, if the wherein a number of leak has identical vulnerability information, by this one The leak merger of fixed number amount includes for a leak:
If the product that wherein a number of leak is affected is identical, and the solution of a number of leak Certainly scheme is and the version of the product is upgraded, then be one by a number of leak merger Leak.
Alternatively, if the wherein a number of leak has identical vulnerability information, by this one The leak merger of fixed number amount includes for a leak:
If the solution of wherein a number of leak is identical, by a number of leak merger For a leak.
Alternatively, if the wherein a number of leak has identical vulnerability information, by this one The leak merger of fixed number amount includes for a leak:
If the corresponding official website's security bulletin of wherein a number of leak is identical, by a fixed number The leak merger of amount is a leak.
According to another aspect of the present invention, there is provided a kind of processing meanss of equipment safety leak, the dress Put including:
Security sweep module, for carrying out security sweep to designated equipment, finds present in designated equipment Multiple leaks;
Data obtaining module, for obtaining corresponding one or more vulnerability informations of each leak;
Merger module, for for multiple leaks present in the designated equipment for being found, if wherein one The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger.
Alternatively, described information acquisition module, is further used for being crawled on the Internet using web crawlers The vulnerability information that authoritative vulnerability database and specialty safety producer issue, obtains multiple leak samples and each leak sample This corresponding vulnerability information;According to each leak sample and its corresponding vulnerability information that get, leakage is set up Hole inquiry table.
Alternatively, each the corresponding vulnerability information of leak sample in the leak inquiry table includes:The leakage The characteristic equation of hole sample;
The then security sweep module, for traveling through the leak inquiry table in leak sample;For every Individual leak sample, the characteristic equation of the leak sample provided according to the leak inquiry table sets to specifying It is standby to carry out security sweep, if there is the leak for meeting the characteristic equation, it is determined that find and the leak The leak of sample matches;Wherein, the leak being mutually matched has identical vulnerability information with leak sample;
Then described information acquisition module, for for each leak for finding, obtaining from leak inquiry table Whole vulnerability informations of the leak sample matched with the leak.
Alternatively, corresponding one or more vulnerability informations of described each leak include it is following one or more: The CVE numberings of the leak, the leak title of the leak, the characteristic equation of the leak, the leak are affected Product, the description information of the leak, the solution of the leak;
Then described information acquisition module, for the product for further being affected according to each leak, obtains and is somebody's turn to do The corresponding official website of product that leak is affected, searches the corresponding official of the leak from the official website Square web portal security bulletin.
Alternatively, the merger module, for ought the product that affected of wherein a number of leak it is identical, And the solution of a number of leak is when being the version to the product and upgrading, by this one The leak merger of fixed number amount is a leak.
Alternatively, the merger module, for when the solution of wherein a number of leak is identical, It is a leak by a number of leak merger.
Alternatively, the merger module, for ought the corresponding official website's peace of wherein a number of leak It is a leak by a number of leak merger when announcing identical entirely.
From the foregoing, because identical vulnerability information can reflect equivalent leak feature, with identical The leak of vulnerability information can be regarded as identical leak;Therefore, in the technical scheme that the present invention is provided, For a fairly large number of leak that designated equipment finds Jing after security sweep, by believing with identical leak The leak merger of breath is a leak, realizes the merger to equipment safety leak and processes.The program is not On the premise of reducing Hole Detection granularity, the repetition leak in multiple leaks that security sweep is obtained is screened out, Leak quantity is significantly reduced, is finally given and be most concisely and efficiently leak merger result;The result can Clear and definite ground characterizes the real potential safety hazard that equipment is present so that operation personnel is without the need for substantial amounts of repetition Sex work can be repaired with directly having emphasis.
Description of the drawings
Fig. 1 shows a kind of stream of the processing method of equipment safety leak according to an embodiment of the invention Cheng Tu;
Fig. 2 shows a kind of flow process of the processing method of according to embodiments of the present invention one equipment safety leak Figure;
Fig. 3 shows a kind of flow process of the processing method of according to embodiments of the present invention two equipment safety leak Figure;
Fig. 4 shows a kind of showing for the processing meanss of equipment safety leak according to an embodiment of the invention It is intended to.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to this Bright embodiment is described in further detail.
Fig. 1 shows a kind of stream of the processing method of equipment safety leak according to an embodiment of the invention Cheng Tu.As shown in figure 1, the method includes:
Step S110, security sweep is carried out to designated equipment, finds multiple leaks present in designated equipment.
Step S120, obtains corresponding one or more vulnerability informations of each leak.
Step S130, for multiple leaks present in the designated equipment for being found, if a wherein fixed number The leak of amount has identical vulnerability information, then be a leak by a number of leak merger.
It can be seen that, because identical vulnerability information can reflect equivalent leak feature, with identical leak letter The leak of breath can be regarded as identical leak;Therefore, in the method shown in Fig. 1, set for specifying The standby a fairly large number of leak found Jing after security sweep, by the way that the leak with identical vulnerability information is returned And for a leak, realize the merger to equipment safety leak and process.The program is not reducing leak inspection On the premise of surveying granularity, the repetition leak in multiple leaks that security sweep is obtained is screened out, effectively dropped Low leak quantity, finally gives and be most concisely and efficiently leak merger result;The result being capable of clear and definite Ground characterizes the real potential safety hazard that equipment is present so that operation personnel can without the need for substantial amounts of repetitive operation To be repaired with directly having emphasis.
Illustrate the implementation process of this programme with specific embodiment below:
Embodiment one:
Fig. 2 shows a kind of flow process of the processing method of according to embodiments of the present invention one equipment safety leak Figure.As shown in Fig. 2 the method includes:
Step S210, authoritative vulnerability database and the specialty safety producer on the Internet is crawled using web crawlers The vulnerability information of cloth, obtains multiple leak samples and the corresponding vulnerability information of each leak sample;According to acquisition The each leak sample for arriving and its corresponding vulnerability information, set up leak inquiry table.
Specifically, authority's vulnerability database such as NVD, CNNVD, CNVD is crawled using web crawlers technology The vulnerability information issued with the specialty safety producer such as SecurityFocus, obtains multiple leak samples and each leakage The corresponding vulnerability information of hole sample.
Each corresponding vulnerability information of leak sample includes:The title of the leak sample, the leak sample CVE (Common Vulnerabilities&Exposures, general leak) numbering, the leak sample Description information, characteristic equation of the leak sample etc.;Wherein, the characteristic equation of each leak sample is logical Cross the characteristic attribute of analyzing the leak sample and define;The CVE of each leak sample is numbered as the leakage The unique mark of hole sample, after being climbed out of using network and crawling mass data, can be numbered according to CVE Duplicate removal is merged to each Data Source, the different corresponding vulnerability informations of multiple leak samples are obtained. Correspondence saves each leak sample and as above in the leak inquiry table that then this step S210 sets up The corresponding vulnerability information of each leak sample.
Step S220, travels through the leak sample in leak inquiry table;For each leak sample, according to leakage The characteristic equation of the leak sample that hole inquiry table is provided carries out security sweep to designated equipment, if deposited In the leak for meeting the characteristic equation, it is determined that find the leak with the leak sample matches;Traversal knot Shu Hou, has found multiple leaks present in designated equipment, for each leak for finding, from leak inquiry Whole vulnerability informations of the leak sample matched with the leak are obtained in table.
In this step, due to providing substantial amounts of leak sample in leak inquiry table, almost cover at present All information security leaks accepted;The spy of each leak sample that place is provided is inquired about by traveling through leak Levy formula carries out security sweep to designated equipment, it is established that the leak of discovery and the corresponding relation of leak sample, Realize the standardization description of the leak found to this programme extensively accepted.
For example, step S220 is carried out after security sweep to designated equipment, finds 6 leaks, with correspondence CVE numbering do unique mark, as shown in table 1:
Table 1
Leak number CVE is numbered
1 CVE-2015-0209
2 CVE-2015-0286
3 CVE-2015-0287
4 CVE-2015-0288
5 CVE-2015-3516
6 CVE-2015-3517
For each leak for finding, the leak sample that acquisition is matched with the leak from leak inquiry table Whole vulnerability informations, obtain corresponding one or more vulnerability informations of each leak;Wherein, it is described each Corresponding one or more vulnerability informations of leak include it is following one or more:The leak title of the leak, The severity level of leak, the product that the leak is affected, the description information of the leak, the solution of the leak Scheme etc..
Step S230, according to the corresponding vulnerability information of each leak that step S220 is obtained, obtains the leakage The corresponding official website's security bulletin in hole is used as newly-increased vulnerability information;Then execution step S240.
Specifically, this step searches one by one official website's safety of each type operation system or application software Bulletin, obtains the corresponding official website's security bulletin of the leak.
Above example is continued to use, the corresponding vulnerability information of each leak obtained in table 1 is as shown in table 2; Wherein, official website's security bulletin is represented with its URL address;The uncertain or unknown leakage for getting Information corresponding form in hole indicates "-".
Table 2
Leak number CVE is numbered Affect product Solution Official website's security bulletin
1 CVE-2015-0209 URL1
2 CVE-2015-0286 URL1
3 CVE-2015-0287 Product P1 URL1
4 CVE-2015-0288 Product P1 URL1
5 CVE-2015-3516 Solution S1
6 CVE-2015-3517 Solution S1
Step S240, for multiple leaks present in the designated equipment for being found, if a wherein fixed number The leak of amount has identical vulnerability information, then be a leak by a number of leak merger;So Execution step S250 afterwards.
In this step, if the product that wherein a number of leak is affected is identical, and the certain amount The solution of leak be the version of the product upgraded, then by a number of leak Merger is a leak;If the solution of wherein a number of leak is identical, by a fixed number The leak merger of amount is a leak;If the corresponding official website's safety of wherein a number of leak is public Accuse identical, be then a leak by a number of leak merger.The like, for other types Vulnerability information it is same as described above.Furthermore, it is desirable to explanation, above-mentioned to be entered according to different vulnerability informations In no particular order sequentially, can regard practical situation needs and change the process of row merger.
Example above is continued to use, for 6 leaks shown in table 2, it can be seen that CVE-2015-0287 The product affected with CVE-2015-0288 is P1, then be a leak by the two leak merger, Numbered as mark with CVE maximum in the two, i.e. CVE-2015-0288;The remaining leak for now obtaining: CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-3516 and CVE-2015-3517。
Continue to observe table 2, wherein, the solution phase of CVE-2015-3516 and CVE-2015-3517 Together, then by the two leak merger it is a leak, is numbered as mark with CVE maximum in the two, i.e., CVE-2015-3517;The remaining leak for now obtaining:CVE-2015-0209、CVE-2015-0286、 CVE-2015-0288 and CVE-2015-3517.
Continue to observe table 2, wherein, CVE-2015-0209, CVE-2015-0286, CVE-2015-0288 The URL of corresponding official website's security bulletin is identical, then be a leak by these three leak merger, with Maximum CVE numberings are mark in three, i.e. CVE-2015-0288;The remaining leak for finally giving is: CVE-2015-0288 and CVE-2015-3517, as shown in table 3.
Table 3
Leak number CVE is numbered Affect product Solution Official website's security bulletin
1 CVE-2015-0288 Product P1 URL1
2 CVE-2015-3517 Solution S1
Through the process of step S210- step S240,6 shown in table 1 leak is reduced to the institute of table 3 2 leaks for showing.
Step S250, to user the leak result after merger is shown;Terminate flow process.
In this step, full dose leak is verified after terminating, and equipment vulnerability information is represented with three kinds of views. Representing does not carry out the full dose vulnerability information of leak merger, and average leak quantity is 268 before non-merger;Exhibition Now product is affected to carry out the vulnerability information after merger according to leak, the leak quantity after merger is average 63, Represent and carry out merger according to security bulletin or carry out the vulnerability information after merger according to solution, after merger Leak quantity average out to 15.The sign designated equipment that the leak result for finally representing can become apparent from Existing potential safety hazard, efficiently launches beneficial to follow-up repair.
Embodiment two:
Fig. 3 shows a kind of flow process of the processing method of according to embodiments of the present invention two equipment safety leak Figure.As shown in figure 3, the method includes:
Step S310, starts.
Step S320:Leak inquiry table is set up, designated equipment Jing is obtained according to the leak inquiry table and is swept safely The leak obtained after retouching and its corresponding vulnerability information.
This step obtains altogether equipment leak 11:CVE-2015-0209、CVE-2015-0286、 CVE-2015-0287、CVE-2015-0288、CVE-2009-3516、CVE-2009-3517、 CVE-2015-0291、CVE-2015-0290、CVE-2015-0289、CVE-2015-0288、 CVE-2015-0287.And, the vulnerability information includes:Product that leak is affected, leak are retouched State the corresponding official website's security bulletin of information, the solution of leak and leak, specific acquisition methods Describe in detail above, will not be described here.
Step S330:According to the leak and its corresponding vulnerability information of step S320, set up leak and receive Affect product relation table.
For example, leak CVE-2015-0291, CVE-2015-0290, CVE-2015-0289, CVE-2015-0288, CVE-2015-0287 affect the 1.0.2 versions of Openssl products;Then leak It is as shown in Figure 4 with impacted product relation table:
Table 4
CVE is numbered Affect product
CVE-2015-0291 Openssl-1.0.2
CVE-2015-0290 Openssl-1.0.2
CVE-2015-0289 Openssl-1.0.2
CVE-2015-0288 Openssl-1.0.2
CVE-2015-0287 Openssl-1.0.2
Step S340:According to the leak and its corresponding vulnerability information of step S320, leak and official are set up Square web portal security announces relation table.
For example, IBM official websites find leak CVE-2015-0209, CVE-2015-0286, The corresponding security bulletin chained addresses of CVE-2015-0287 and CVE-2015-0288 and part bulletin content It is as follows:
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc
1.VULNERABILITY: AIX OpenSSL Denial of Service(memory corruption and application crash)via a malformed Elliptic Curve(EC)private-key file that is improperly handled during import
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0209
2.VULNERABILITY: AIX OpenSSL Denial of Service(invalid read operation and application crash)via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0286
3.VULNERABILITY: AIX OpenSSL Denial of Service(invalid write operation and memory corruption)by leveraging an application that relies on ASN.1 structure reuse
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0287
4.VULNERABILITY: AIX OpenSSL Denial of Service(NULL pointer dereference and application crash)via an invalid certificate key
PLATFORMS: AIX 5.3,6.1nad 7.1
VIOS 2.2.*
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2015-0288
Then leak and official website's security bulletin relation table are as shown in table 5:
Table 5
CVE is numbered Leak title in security bulletin
CVE-2015-0209 AIX OpenSSL Denial of Service
CVE-2015-0286 AIX OpenSSL Denial of Service
CVE-2015-0287 AIX OpenSSL Denial of Service
CVE-2015-0288 AIX OpenSSL Denial of Service
Step S350:According to the leak and its corresponding vulnerability information of step S320, leak is set up with leakage Hole solution relation table.
For example, leak CVE-2015-3516 is identical with the solution of CVE-2015-3517, then leak It is as shown in table 6 with leak solution relation table:
Table 6
Step S360:The product affected according to leak carries out merger.
Numbered according to leak CVE, the leak set up in finding step S104 and leak affect the right of product Answer relation table, find CVE-2015-0291, CVE-2015-0290, CVE-2015-0289, The product that CVE-2015-0288, CVE-2015-0287 affect is identical, now only needs to this software version This upgrading, you can while repairing multiple leaks, therefore can be one by its merger, selection represents CVE The largest number of vulnerability information, will CVE-2015-0291, CVE-2015-0290, CVE-2015-0289, CVE-2015-0288, CVE-2015-0287 merger is a leak CVE-2015-0291 is represented.
Step S370:Judge whether include that official website's safety is public in the corresponding vulnerability information of remaining leak Accuse, be then execution step S380, otherwise execution step S390.
Step S380:Merger is carried out to leak according to official website's security bulletin.
Numbered according to leak CVE, the leak and official website's security bulletin of foundation in finding step S102 Mapping table, find CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, The corresponding security bulletin contents of CVE-2015-0288 are identical, illustrate from equipment manufacturer's angle to consider, it is believed that The restorative procedure of four leaks of the above is identical.It can be one by its merger, selection represents CVE and numbers most Big vulnerability information, will CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288 merger is represented for a leak CVE-2015-0288.
Step S390:Merger is carried out to leak according to leak solution.
Numbered according to leak CVE, the leak set up in finding step S103 and the correspondence of solution are closed It is table, it is found that the corresponding solution of CVE-2009-3516, CVE-2009-3517 is identical, illustrates this The restorative procedure of two leaks is identical, and selection represents wherein the largest number of vulnerability information, will CVE-2009-3516, CVE-2009-3517 merger is represented for a leak CVE-2009-3517.
Step S400:Represent the leak after merger.
In this step, equipment vulnerability information is represented with three kinds of views.Representing does not carry out leak merger Full dose vulnerability information;Represent affects product to carry out the vulnerability information after merger according to leak;Represent according to Security bulletin carries out merger or carries out the vulnerability information after merger according to solution.
Step S410:Terminate.
Fig. 4 shows a kind of showing for the processing meanss of equipment safety leak according to an embodiment of the invention It is intended to.As shown in figure 4, the processing meanss of the equipment safety leak include:
Security sweep module 410, for carrying out designated equipment security sweep, finds to be deposited in designated equipment Multiple leaks;
Data obtaining module 420, for obtaining corresponding one or more vulnerability informations of each leak;
Merger module 430, for for multiple leaks present in the designated equipment for being found, if its In a number of leak there is identical vulnerability information, then by a number of leak merger be one Leak.
It can be seen that, because identical vulnerability information can reflect equivalent leak feature, with identical leak letter The leak of breath can be regarded as identical leak;Therefore, the device shown in Fig. 4 is for designated equipment Jing peaces The a fairly large number of leak found after full scan, by being one by the leak merger with identical vulnerability information Individual leak, realizes the merger to equipment safety leak and processes.The program is not reducing Hole Detection granularity On the premise of, the repetition leak in multiple leaks that security sweep is obtained has been screened out, significantly reduce Lou Hole quantity, finally gives and be most concisely and efficiently leak merger result;The result being capable of clear and definite ground sign The real potential safety hazard that equipment is present so that operation personnel can be direct without the need for substantial amounts of repetitive operation Repaired with having emphasis.
In one embodiment of the invention, described information acquisition module 420, is further used for utilizing net Network reptile crawls the vulnerability information that the authoritative vulnerability database on the Internet and specialty safety producer issue, and obtains many Individual leak sample and the corresponding vulnerability information of each leak sample;According to each leak sample for getting and its right The vulnerability information answered, sets up leak inquiry table.
In one embodiment of the invention, each corresponding leakage of leak sample in the leak inquiry table Hole information includes:The characteristic equation of the leak sample;The then security sweep module 410, for traveling through Leak sample in the leak inquiry table;For each leak sample, according to the leak inquiry table institute The characteristic equation of the leak sample for providing carries out security sweep to designated equipment, described if there is meeting The leak of characteristic equation, it is determined that find the leak with the leak sample matches;Wherein, it is mutually matched Leak has identical vulnerability information with leak sample;Then described information acquisition module 420, for for It was found that each leak, the whole leaks of leak sample matched with the leak are obtained from leak inquiry table Information.
In one embodiment of the invention, corresponding one or more vulnerability information bags of described each leak Include it is following one or more:The CVE numberings of the leak, the leak title of the leak, the feature of the leak Formula, the product that the leak is affected, the description information of the leak, solution of the leak etc.;Then Data obtaining module 420, is further used for the product affected according to each leak, obtains the leak institute The corresponding official website of product of impact, searches the corresponding official website of the leak from the official website Security bulletin.
In one embodiment of the invention, if the product that affected of wherein a number of leak is identical, And the solution of a number of leak is and the version of the product is upgraded, merger module The a number of leak merger is a leak by 430.If the solution of wherein a number of leak Certainly scheme is identical, and a number of leak merger is then a leak by merger module 430.If its In the corresponding official website's security bulletin of a number of leak it is identical, merger module 430 is then certain by this The leak merger of quantity is a leak.
The embodiment of the device shown in Fig. 4 is corresponding identical with each embodiment shown in Fig. 1-Fig. 3, above It is discussed in detail, will not be described here.
In sum, the technical scheme that the present invention is provided can reflect equivalent based on identical vulnerability information Leak feature, the leak with identical vulnerability information can be regarded as the principle of identical leak, for finger A fairly large number of leak that locking equipment finds Jing after security sweep, by by the leakage with identical vulnerability information Hole merger is a leak, realizes the merger to equipment safety leak and processes.The program is not being reduced Lou On the premise of hole detection granularity, the repetition leak in multiple leaks that security sweep is obtained is screened out, effectively Reduce leak quantity, finally give and be most concisely and efficiently leak merger result;The result can be clear Clearly characterize the real potential safety hazard that equipment is present so that operation personnel is without the need for substantial amounts of repeated work Work can be repaired with directly having emphasis, can actively improve leak security sweep and the efficiency repaired, For the development of leak security sweep has great importance.
Presently preferred embodiments of the present invention is the foregoing is only, the protection model of the present invention is not intended to limit Enclose.All any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., Comprising within the scope of the present invention.

Claims (10)

1. a kind of processing method of equipment safety leak, it is characterised in that the method includes:
Security sweep is carried out to designated equipment, multiple leaks present in designated equipment are found;
Obtain corresponding one or more vulnerability informations of each leak;
For multiple leaks present in the designated equipment for being found, if wherein a number of leak tool There is identical vulnerability information, be then a leak by a number of leak merger.
2. the method for claim 1, it is characterised in that safety is carried out to designated equipment described Before scanning, the method is further included:
The leak letter that authoritative vulnerability database on the Internet and specialty safety producer issue is crawled using web crawlers Breath, obtains multiple leak samples and the corresponding vulnerability information of each leak sample;
According to each leak sample and its corresponding vulnerability information that get, leak inquiry table is set up.
3. method as claimed in claim 2, it is characterised in that each leakage in the leak inquiry table Sample corresponding vulnerability information in hole includes:The characteristic equation of the leak sample;
It is then described that security sweep is carried out to designated equipment, it is found that multiple leaks present in designated equipment include:
Travel through the leak sample in the leak inquiry table;For each leak sample, according to the leak The characteristic equation of the leak sample that inquiry table is provided carries out security sweep to designated equipment, if there is Meet the leak of the characteristic equation, it is determined that find the leak with the leak sample matches;Wherein, phase Mutually the leak of matching has identical vulnerability information with leak sample;
Then corresponding one or more vulnerability informations of described each leak of acquisition include:
For each leak for finding, the leak sample that acquisition is matched with the leak from leak inquiry table Whole vulnerability informations.
4. method as claimed in claim 3, it is characterised in that described each leak it is corresponding one or Multiple vulnerability informations include it is following one or more:The CVE numberings of the leak, the leak title of the leak, The characteristic equation of the leak, the product that the leak is affected, the description information of the leak, the solution of the leak Certainly scheme;
Then corresponding one or more vulnerability informations of described each leak of acquisition are further included:
According to the product that each leak is affected, the corresponding official website of product that the leak is affected is obtained, The corresponding official website's security bulletin of the leak is searched from the official website.
5. the method as any one of claim 1-4, it is characterised in that if described wherein one The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger Including:
If the product that wherein a number of leak is affected is identical, and the solution of a number of leak Certainly scheme is and the version of the product is upgraded, then be one by a number of leak merger Leak.
6. the method as any one of claim 1-4, it is characterised in that if described wherein one The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger Including:
If the solution of wherein a number of leak is identical, by a number of leak merger For a leak.
7. the method as any one of claim 1-4, it is characterised in that if described wherein one The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger Including:
If the corresponding official website's security bulletin of wherein a number of leak is identical, by a fixed number The leak merger of amount is a leak.
8. a kind of processing meanss of equipment safety leak, it is characterised in that the device includes:
Security sweep module, for carrying out security sweep to designated equipment, finds present in designated equipment Multiple leaks;
Data obtaining module, for obtaining corresponding one or more vulnerability informations of each leak;
Merger module, for for multiple leaks present in the designated equipment for being found, if wherein one The leak of fixed number amount has identical vulnerability information, then be a leak by a number of leak merger.
9. device as claimed in claim 8, it is characterised in that
Described information acquisition module, is further used for crawling the authoritative leak on the Internet using web crawlers The vulnerability information that storehouse and specialty safety producer issue, obtains multiple leak samples and each leak sample is corresponding Vulnerability information;According to each leak sample and its corresponding vulnerability information that get, leak inquiry table is set up.
10. device as claimed in claim 9, it is characterised in that each in the leak inquiry table The corresponding vulnerability information of leak sample includes:The characteristic equation of the leak sample;
The then security sweep module, for traveling through the leak inquiry table in leak sample;For every Individual leak sample, the characteristic equation of the leak sample provided according to the leak inquiry table sets to specifying It is standby to carry out security sweep, if there is the leak for meeting the characteristic equation, it is determined that find and the leak The leak of sample matches;Wherein, the leak being mutually matched has identical vulnerability information with leak sample;
Then described information acquisition module, for for each leak for finding, obtaining from leak inquiry table Whole vulnerability informations of the leak sample matched with the leak.
CN201510729500.3A 2015-10-30 2015-10-30 Method and device for processing security vulnerabilities of device Pending CN106656924A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510729500.3A CN106656924A (en) 2015-10-30 2015-10-30 Method and device for processing security vulnerabilities of device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510729500.3A CN106656924A (en) 2015-10-30 2015-10-30 Method and device for processing security vulnerabilities of device

Publications (1)

Publication Number Publication Date
CN106656924A true CN106656924A (en) 2017-05-10

Family

ID=58809575

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510729500.3A Pending CN106656924A (en) 2015-10-30 2015-10-30 Method and device for processing security vulnerabilities of device

Country Status (1)

Country Link
CN (1) CN106656924A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609402A (en) * 2017-09-05 2018-01-19 中国科学院计算机网络信息中心 A kind of processing method of security breaches, device and storage medium
CN108830084A (en) * 2018-06-12 2018-11-16 国网江苏省电力有限公司无锡供电分公司 Realize the handheld terminal and means of defence of computer information safe protection vulnerability scanning and protective reinforcing
CN109413050A (en) * 2018-10-05 2019-03-01 国网湖南省电力有限公司 A kind of internet vulnerability information acquisition method that access rate is adaptive and system
CN109542785A (en) * 2018-11-19 2019-03-29 北京云测网络科技有限公司 A kind of invalid bug determines method and apparatus
CN109977677A (en) * 2017-12-28 2019-07-05 平安科技(深圳)有限公司 Vulnerability information collection method, device, equipment and readable storage medium storing program for executing
CN110334513A (en) * 2019-06-25 2019-10-15 广州嘉为科技有限公司 A kind of restorative procedure based on (SuSE) Linux OS loophole
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium
CN111865902A (en) * 2020-06-03 2020-10-30 国网浙江省电力有限公司丽水供电公司 Network information vulnerability analysis method and readable storage medium
CN113742721A (en) * 2021-08-30 2021-12-03 杭州安恒信息技术股份有限公司 Vulnerability scanning processing method, device and system, electronic device and storage medium
CN113934511A (en) * 2021-10-19 2022-01-14 苏州棱镜七彩信息科技有限公司 Container method based on self-built knowledge base

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103562923A (en) * 2011-05-31 2014-02-05 惠普发展公司,有限责任合伙企业 Application security testing
US9015847B1 (en) * 2014-05-06 2015-04-21 Synack, Inc. Computer system for distributed discovery of vulnerabilities in applications
CN104615542A (en) * 2015-02-11 2015-05-13 中国科学院软件研究所 Vulnerability correlation analysis assisted vulnerability mining method based on function calling

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103562923A (en) * 2011-05-31 2014-02-05 惠普发展公司,有限责任合伙企业 Application security testing
US9015847B1 (en) * 2014-05-06 2015-04-21 Synack, Inc. Computer system for distributed discovery of vulnerabilities in applications
CN104615542A (en) * 2015-02-11 2015-05-13 中国科学院软件研究所 Vulnerability correlation analysis assisted vulnerability mining method based on function calling

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609402B (en) * 2017-09-05 2020-05-12 中国科学院计算机网络信息中心 Security vulnerability processing method and device and storage medium
CN107609402A (en) * 2017-09-05 2018-01-19 中国科学院计算机网络信息中心 A kind of processing method of security breaches, device and storage medium
CN109977677A (en) * 2017-12-28 2019-07-05 平安科技(深圳)有限公司 Vulnerability information collection method, device, equipment and readable storage medium storing program for executing
CN108830084A (en) * 2018-06-12 2018-11-16 国网江苏省电力有限公司无锡供电分公司 Realize the handheld terminal and means of defence of computer information safe protection vulnerability scanning and protective reinforcing
CN108830084B (en) * 2018-06-12 2021-10-01 国网江苏省电力有限公司无锡供电分公司 Handheld terminal for realizing vulnerability scanning and protection reinforcement and protection method
CN109413050A (en) * 2018-10-05 2019-03-01 国网湖南省电力有限公司 A kind of internet vulnerability information acquisition method that access rate is adaptive and system
CN109413050B (en) * 2018-10-05 2020-11-24 国网湖南省电力有限公司 Access rate self-adaptive internet vulnerability information acquisition method and system
CN109542785A (en) * 2018-11-19 2019-03-29 北京云测网络科技有限公司 A kind of invalid bug determines method and apparatus
CN109542785B (en) * 2018-11-19 2021-07-27 北京云测网络科技有限公司 Invalid bug determination method and device
CN110334513A (en) * 2019-06-25 2019-10-15 广州嘉为科技有限公司 A kind of restorative procedure based on (SuSE) Linux OS loophole
CN110460571B (en) * 2019-07-05 2022-11-04 深圳壹账通智能科技有限公司 Business system vulnerability processing method and device, computer equipment and storage medium
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium
CN111865902A (en) * 2020-06-03 2020-10-30 国网浙江省电力有限公司丽水供电公司 Network information vulnerability analysis method and readable storage medium
CN113742721A (en) * 2021-08-30 2021-12-03 杭州安恒信息技术股份有限公司 Vulnerability scanning processing method, device and system, electronic device and storage medium
CN113742721B (en) * 2021-08-30 2024-03-26 杭州安恒信息技术股份有限公司 Vulnerability scanning processing method, device, system, electronic device and storage medium
CN113934511A (en) * 2021-10-19 2022-01-14 苏州棱镜七彩信息科技有限公司 Container method based on self-built knowledge base

Similar Documents

Publication Publication Date Title
CN106656924A (en) Method and device for processing security vulnerabilities of device
CN104767757B (en) Various dimensions safety monitoring method and system based on WEB service
CN104077531B (en) System vulnerability appraisal procedure, device and system based on open vulnerability assessment language
CN102739675B (en) Website security detection method and device
Tu et al. Webshell detection techniques in web applications
CN108446559B (en) APT organization identification method and device
CN106789939A (en) A kind of detection method for phishing site and device
CN111104579A (en) Identification method and device for public network assets and storage medium
CN111600850A (en) Method, equipment and storage medium for detecting mine digging virtual currency
CN110221977A (en) Website penetration test method based on ai
EP3531329B1 (en) Anomaly-based-malicious-behavior detection
CN105095769A (en) Information service software vulnerability detection method
CN112182587A (en) Web vulnerability scanning method, system, device, storage medium and computer equipment
CN104618177A (en) Website bug examination method and device
CN113190838A (en) Web attack behavior detection method and system based on expression
CN113190839A (en) Web attack protection method and system based on SQL injection
CN113158197A (en) SQL injection vulnerability detection method and system based on active IAST
CN114499939A (en) Optimal path selection method and system based on knowledge graph, storable medium and electronic equipment
Li et al. Large-scale third-party library detection in android markets
CN106650454A (en) SQL injection attack detection method and apparatus
CN107229867B (en) Kernel vulnerability mining method and device, computing equipment and computer storage medium
CN116932381A (en) Automatic evaluation method for security risk of applet and related equipment
WO2021047004A1 (en) Ip proxy pool management method and device, and storage medium
CN101901183B (en) Method and device of test case for filtering
Fathurrahmad et al. Automatic Scanner Tools Analysis As A Website Penetration Testing: Automatic Scanner Tools Analysis As A Website Penetration Testing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170510

RJ01 Rejection of invention patent application after publication