CN107194262A - Method and device for scanning leak and generation vulnerability information storehouse - Google Patents
Method and device for scanning leak and generation vulnerability information storehouse Download PDFInfo
- Publication number
- CN107194262A CN107194262A CN201710358585.8A CN201710358585A CN107194262A CN 107194262 A CN107194262 A CN 107194262A CN 201710358585 A CN201710358585 A CN 201710358585A CN 107194262 A CN107194262 A CN 107194262A
- Authority
- CN
- China
- Prior art keywords
- information
- vulnerability
- equipment
- scanned
- leak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The disclosure is directed to a kind of method and device for being used to scan leak and generation vulnerability information storehouse, belong to areas of information technology.There are priority orders between the multiple equipment information for obtaining equipment to be scanned for scanning the method for leak to include, the multiple facility information;Based on default vulnerability database, vulnerability scanning is carried out to the equipment to be scanned according to the priority of the multiple facility information, wherein, the default vulnerability database includes the vulnerability information of multiple equipment to be scanned, and the vulnerability information includes the corresponding relation of multiple equipment information and leak type;When the multiple equipment information matches in the multiple equipment information and any vulnerability information of the equipment to be scanned, the leak type of the equipment to be scanned is determined according to the vulnerability information matched.The scheme of the disclosure can save sweep time.
Description
Technical field
This disclosure relates to which areas of information technology, more particularly, to scan the method and device of leak and for generating leak
The method of information bank.
Background technology
Industrial control equipment is widely used in various industrial occasions and field, famous with its stability and reliability.But
Due to the industrial control equipment leak influence increasingly risen, every profession and trade, each field have faced no small leak and threatened.Thus,
Open vulnerability scanning is carried out to software product, the open vulnerability scanning that the equipment is included is come out and provides corresponding repairing and is leaked
The solution of hole measure becomes to be highly desirable to.
In correlation technique, the solution of scanning leak is typically to arrange whole open leaks for a unified leakage
Cave depot, when carrying out open vulnerability scanning to particular vulnerability, it is necessary to whole all open leaks of scanning, compare one by one whether be
The leak having of scanned equipment.When the information item by item (for example, trade name, unit type and firmware version etc.) of the equipment
When completely the same, then judge that current device has the leak of the disclosure.
There is shortcoming in the solution of existing scanning leak, i.e., it is necessary to all sweep in the open leak of scanning device
All disclosed leaks are retouched, this scan mode is time-consuming, and efficiency is low.
The content of the invention
To overcome problem present in correlation technique, the disclosure provides a kind of for scanning leak and generation vulnerability information storehouse
Method and device.
According to the first aspect of the embodiment of the present disclosure there is provided a kind of method for scanning leak, including:Obtain to be scanned
There are priority orders between the multiple equipment information of equipment, the multiple facility information;Based on default vulnerability database, according to described
The priority of multiple equipment information carries out vulnerability scanning to the equipment to be scanned, wherein, the default vulnerability database includes multiple
The vulnerability information of equipment to be scanned, the vulnerability information includes the corresponding relation of multiple equipment information and leak type;When described
During multiple equipment information matches in the multiple equipment information of equipment to be scanned and any vulnerability information, according to what is matched
Vulnerability information determines the leak type of the equipment to be scanned.
Alternatively, it is described based on default vulnerability database, to be scanned set to described according to the priority of the multiple facility information
It is standby to carry out vulnerability scanning, wherein, the default vulnerability database includes the vulnerability information of multiple equipment to be scanned, the vulnerability information bag
Including the corresponding relation of multiple equipment information and leak type includes:According to the multiple facility information priority from high to low
Facility information of the order successively with vulnerability information in the default vulnerability database is compared.
Alternatively, the order of the priority according to the multiple facility information from high to low successively with the default leakage
In cave depot the facility information of vulnerability information be compared including:By the corresponding equipment letter of the higher priority of the equipment to be scanned
Breath is compared with the facility information in the default vulnerability database;When the higher priority of the equipment to be scanned is corresponding
When facility information is matched with facility information in default vulnerability database, the equipment letter for obtaining and matching from the default vulnerability database
The vulnerability information of manner of breathing association;And by the corresponding facility information of the lesser priority of the higher priority and vulnerability information
Facility information be compared, wherein, the vulnerability information is believed for the leak associated with the facility information matched obtained
Breath.
Alternatively, it is described when the multiple equipment information of the equipment to be scanned is set with multiple in any vulnerability information
During standby information matches, the leak type for determining the equipment to be scanned according to the vulnerability information matched includes:Wait to sweep when described
The facility information for retouching the corresponding facility information of lowest priority and the vulnerability information in the default vulnerability database of equipment is matched
When, the corresponding leak type of the facility information matched is defined as to the leak type of the equipment to be scanned.
According to the second aspect of the embodiment of the present disclosure there is provided a kind of method for generating vulnerability information storehouse, methods described includes:
Facility information and leak type are obtained, the facility information includes equipment vendors' information, unit type and firmware version;Set up
Equipment vendors' information, unit type, the corresponding relation of firmware version and leak type;The corresponding relation is stored, with life
Into the default vulnerability database.
Alternatively, the firmware version includes version number and logical operator, and the logical operator is described for determining
The scope of the version number of firmware version in vulnerability information.
According to the third aspect of the embodiment of the present disclosure there is provided a kind of device for being used to scan leak, including:Acquiring unit,
There are priority orders between multiple equipment information for obtaining equipment to be scanned, the multiple facility information;Scanning element,
For based on default vulnerability database, vulnerability scanning to be carried out to the equipment to be scanned according to the priority of the multiple facility information,
Wherein, the default vulnerability database includes the vulnerability information of multiple equipment to be scanned, and the vulnerability information includes multiple equipment information
With the corresponding relation of leak type;And determining unit, for the multiple equipment information when the equipment to be scanned and any institute
When stating the multiple equipment information matches in vulnerability information, the leak of the equipment to be scanned is determined according to the vulnerability information matched
Type.
Alternatively, the scanning element includes:Comparing module, for the priority according to the multiple facility information from height
It is compared to facility information of the low order successively with vulnerability information in the default vulnerability database.
Alternatively, the comparing module includes:First compares submodule, for by the higher prior of the equipment to be scanned
The corresponding facility information of level is compared with the facility information in the default vulnerability database;Acquisition submodule, for being treated when described
When the corresponding facility information of the higher priority of scanning device is matched with facility information in default vulnerability database, from described pre-
If obtaining the vulnerability information associated with the facility information matched in vulnerability database;And second compare submodule, for by institute
The corresponding facility information of lesser priority for stating higher priority is compared with the facility information in vulnerability information, wherein, institute
The vulnerability information associated with the facility information matched for stating vulnerability information to obtain.
Alternatively, the determining unit includes:Determining module, for the lowest priority correspondence when the equipment to be scanned
Facility information and the default vulnerability database in the facility information of vulnerability information when matching, by the facility information pair matched
The leak type answered is defined as the leak type of the equipment to be scanned.
According to the fourth aspect of the embodiment of the present disclosure, there is provided a kind of device for being used to generate vulnerability information storehouse, described device
Including:Acquiring unit, for obtaining facility information and leak type, the facility information includes equipment vendors' information, equipment type
Number and firmware version;Unit is set up, for setting up equipment vendors' information, unit type, firmware version and leak type
Corresponding relation;And memory cell, for storing the corresponding relation, to generate the default vulnerability database.
The technical scheme provided by this disclosed embodiment can include the following benefits:According to the multiple of equipment to be scanned
The priority of facility information successively screens vulnerability information, constantly reduces the scanning range of the vulnerability information in default vulnerability database, drop
The short time consumption of low vulnerability scanning, can save the vulnerability scanning time.
It should be appreciated that the general description of the above and detailed description hereinafter are only exemplary and explanatory, not
The disclosure can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the implementation for meeting the present invention
Example, and for explaining principle of the invention together with specification.
Fig. 1 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment;
Fig. 2 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment;
Fig. 3 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment;
Fig. 4 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment;
Fig. 5 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment;
Fig. 6 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment;
Fig. 7 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment;
Fig. 8 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment;
Fig. 9 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment;
Figure 10 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment;
Figure 11 is a kind of flow chart for being used to generate the method in vulnerability information storehouse according to an exemplary embodiment;
Figure 12 show according to an exemplary embodiment on equipment vendors information, unit type, firmware version pass
It is the structural representation of tree;And
Figure 13 is a kind of structured flowchart for being used to generate the device in vulnerability information storehouse according to an exemplary embodiment.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects be described in detail in claims, the present invention.
Fig. 1 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment, such as Fig. 1 institutes
Show, the method for scanning leak comprises the following steps.
In step s 11, obtaining has priority between the multiple equipment information of equipment to be scanned, the plurality of facility information
Sequentially.
Exemplarily, equipment to be scanned is the network equipment etc. for needing to carry out vulnerability scanning, facility information can include but
It is not limited to equipment vendors' information, unit type and firmware version.Can have priority orders, example between each facility information
Such as, the highest priority of equipment vendors' information, the preferential level of unit type is high, and the priority of firmware version is minimum, with
Carry out that during vulnerability scanning priority Stepwise Screening vulnerability information can be based in subsequent step.
In step s 12, based on default vulnerability database, treat scanning device according to the priority of the plurality of facility information and carry out
Vulnerability scanning, wherein, default vulnerability database includes the vulnerability information of multiple equipment to be scanned, and vulnerability information includes multiple equipment information
With the corresponding relation of leak type.
In embodiments of the present invention, default leak can be set up based on authoritative vulnerability information disclosed in large number quipments manufacturer
Storehouse.In this step, for example can the priority based on equipment vendors' information, unit type and firmware version from default leak
Corresponding vulnerability information is searched in storehouse.Exemplarily, the priority based on facility information, progressively matching is set in default vulnerability database
Standby information.
In step s 13, when the multiple equipment information and the multiple equipment information in any vulnerability information of equipment to be scanned
During matching, the leak type of equipment to be scanned is determined according to the vulnerability information matched.
Exemplarily, when equipment to be scanned multiple equipment information with it is multiple in any vulnerability information in default vulnerability database
When facility information is all matched, the leak type of the equipment to be scanned can be determined according to this vulnerability information.According to another
A little examples, first can be looked into according to equipment to be scanned facility information (for example, equipment vendors' information) in default vulnerability database
Look for, so as to get the vulnerability information comprising the facility information, further, another equipment further according to equipment to be scanned is believed
Breath (for example, unit type) enters one in the vulnerability information got (a subset storehouse that can be understood as default vulnerability database)
Step is searched, the lookup vulnerability information of such progressive formula, finally determines the leak type of equipment to be scanned.
The above-mentioned method for being used to scan leak is based on default vulnerability database, according to the multiple equipment information of equipment to be scanned
Priority orders carry out vulnerability scanning, can be scanned by progressive mode, can constantly reduce the scope of scanning,
Avoid needing to include all vulnerability informations of the facility information in traversal vulnerability database for a certain facility information, so as to save scanning
Time.
Fig. 2 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment.Shown in Fig. 2
Method for scanning leak is the further embodiment for being used to scan the method for leak shown in Fig. 1, as shown in Fig. 2
Step S12 can include:
Set successively with vulnerability information in default vulnerability database according to the priority order from high to low of multiple equipment information
Standby information is compared.
Exemplarily, current priority (being currently used for the priority compared) corresponding facility information is in default vulnerability database
In vulnerability information in when finding, it may be determined that for the match is successful, can further obtain the vulnerability information that the match is successful.
It is understood that in default vulnerability database, a plurality of such vulnerability information can be included, the vulnerability information includes described
The corresponding facility information of current priority.Compared successively from high to low according to the priority of the multiple equipment information of equipment to be scanned
It is right, the screening scope of vulnerability information can be reduced, with the matching and the reduction of priority of facility information, corresponding leak letter
The quantity of breath can be reduced, so as to accelerate to compare speed, improve the efficiency of vulnerability scanning.
Fig. 3 is the flow chart for being used for according to an exemplary embodiment of the disclosure scanning the method for leak.Such as Fig. 3
Shown, the step S12 shown in Fig. 2 may comprise steps of.
In step S121, by the corresponding facility information of the higher priority of equipment to be scanned and setting in default vulnerability database
Standby information is compared;
In step S122, when equipment in the corresponding facility information of the higher priority of equipment to be scanned and default vulnerability database
When in information matches, the vulnerability information associated with the facility information matched is obtained from default vulnerability database;And
In step S123, by the equipment in the corresponding facility information of the lesser priority of higher priority and vulnerability information
Information is compared, wherein, vulnerability information is the vulnerability information associated with the facility information matched obtained.
Fig. 4 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment.Shown in Fig. 4
Method for scanning leak is the further embodiment for being used to scan the method for leak shown in Fig. 2, as shown in figure 4,
Step S13 can include:
When the equipment of the vulnerability information in the corresponding facility information of the lowest priority of equipment to be scanned and default vulnerability database
When in information matches, the corresponding leak type of the facility information matched is defined as to the leak type of equipment to be scanned.
Fig. 5 is a kind of flow chart for being used to scan the method for leak according to an exemplary embodiment.Shown in Fig. 4
Method for scanning leak is the further embodiment for being used to scan the method for leak shown in Fig. 3, as shown in figure 4,
Step S13 can include:
When the equipment of the vulnerability information in the corresponding facility information of the lowest priority of equipment to be scanned and default vulnerability database
When in information matches, the corresponding leak type of the facility information matched is defined as to the leak type of equipment to be scanned.
In an exemplary embodiment of the disclosure, multiple equipment information can include equipment vendors' information, unit type
And firmware version, but one of ordinary skill in the art are appreciated that multiple equipment information can include other kinds of information.It is many
Individual facility information can have respective priority.In one example, the priority of equipment vendors' information is higher than unit type
Priority, the priority of device signal is higher than the priority of firmware version.Vulnerability information in default vulnerability database can include
The corresponding relation of equipment vendors' information, unit type and firmware version and leak type.During vulnerability scanning, obtaining
After equipment vendors' information, device type and the firmware version of equipment to be scanned, the instrument factory of highest priority can be first directed to
Business's information is treated scanning device and is scanned.That is, by the equipment vendors in equipment vendors' information and default vulnerability database
Information is compared, if in equipment vendors' information matches in equipment vendors' information and default vulnerability database, from default leakage
The vulnerability information associated with equipment vendors' information is obtained in cave depot.Obtaining the leak associated with equipment vendors' information
After information, treat scanning device for unit type and be scanned, that is to say, that set the unit type with this with what is obtained
Unit type in the vulnerability information that standby manufacturer's information is associated is compared, if the unit type is with obtaining and the equipment
Unit type in the associated vulnerability information of manufacturer's information is matched, then is believed from the leak associated with equipment vendors' information
The vulnerability information associated with the unit type is obtained in breath.After the vulnerability information associated with the unit type is obtained,
Scanning device is treated for firmware version to be scanned, that is to say, that believe the firmware version with the equipment vendors with obtaining
Firmware version in breath and unit type all associated vulnerability informations is compared, if the firmware version with it is obtaining and this
The firmware version for the vulnerability information that equipment vendors' information and unit type are associated is matched, then from equipment vendors' information and
The vulnerability information associated with the firmware version is obtained in unit type all associated vulnerability informations.Afterwards, can be according to most
The vulnerability information obtained afterwards determines the leak type of equipment to be scanned.Specifically, can be according to the vulnerability information finally obtained
Including the corresponding relation of facility information and leak type determine the leak type of the equipment to be scanned.
In an exemplary embodiment of the disclosure, the firmware version in default vulnerability database can use firmware version number
The form of scope.Firmware version number scope can be determined by the version number of logical operator and firmware version.The following is making
The example for the logical operator used:
In-less-than symbol "<", for representing leak influence can be produced on the equipment less than certain firmware version, it is specifically, small
In certain firmware version all devices have some type of leak.Such as firmware version number is 5.0, then<5.0 represent leak meeting
Influence is produced on less than 5.0 version.Exemplarily, stored by the logical operator after vulnerability information, passing through firmware version
During this screening vulnerability information, the firmware version of equipment to be scanned below 5.0 (such as 4.0) is that can match the corresponding leak
Type.
Is-at-most symbol "<=", for representing leak influence can be produced on the equipment less than or equal to certain firmware version.
Such as firmware version number is 5.0, then<=5.0, which represent leak, to produce influence to 5.0 and its following version.Exemplarily, lead to
Cross after logical operator storage vulnerability information, when screening vulnerability information by firmware version, the firmware version of equipment to be scanned
This is that can match the corresponding leak type for 5.0 or less than 5.0 (such as 4.0).
Is-greater-than symbol ">", for representing leak influence can be produced on the equipment more than certain firmware version.Such as firmware version
Number it is 5.0, then>5.0, which represent leak, to produce influence to more than 5.0 version.Exemplarily, stored by the logical operator
After vulnerability information, when screening vulnerability information by firmware version, the firmware version of equipment to be scanned is more than 5.0 (such as 6.0)
The corresponding leak type can be matched.
Is-at-least symbol ">=", for representing leak influence can be produced on the equipment more than or equal to certain firmware version.
Such as firmware version number is 5.0, then>=5.0, which represent leak, to produce influence to the version of 5.0 and its above.Exemplarily, lead to
Cross after logical operator storage vulnerability information, when screening vulnerability information by firmware version, the firmware version of equipment to be scanned
This can match the corresponding leak type for 5.0 or more than 5.0 (such as 6.0).
Scope symbol " [] ", influence can be produced for representing leak on the equipment of the version in the range of restriction.For example
[1.0,5.0], representing leak can be to more than or equal to 1.0 versions, the equipment less than or equal to 5.0 versions produces influence.Exemplarily,
Stored by the logical operator after vulnerability information, when screening vulnerability information by firmware version, the firmware of equipment to be scanned
Version (such as 2.0,3.0 or 4.0, also including 1.0 and 5.0 versions) between 1.0 and 5.0 can match the corresponding leak
Type.
Particular version set symbol " { } ", shadow can be produced for representing leak to the equipment of the version in particular version set
Ring.Such as { 1.0,2.0,5.0 }, influence can be produced to the equipment of 1.0,2.0 and 5.0 these three versions by representing leak.It is exemplary
Ground, is stored after vulnerability information by the logical operator, and when screening vulnerability information by firmware version, equipment to be scanned is consolidated
Part version can match the corresponding leak type for 1.0,2.0 or 5.0.
The scope of the version number associated with leak is represented using logical operator, can be avoided in disclosed vulnerability database
Data redundancy is produced during storage.
Although the firmware version associated with leak is determined using logical operator in exemplary embodiment above
Version number's scope, but one of ordinary skill in the art are appreciated that other kinds of operator can also be used to realize identical
Function, only needs to change the analysis mode of logical operation in technology realization.
The method that being used in the above-mentioned embodiment described referring to figs. 2 to Fig. 5 scans leak can also include step S14:
If any one in multiple equipment information is not matched with the facility information in default vulnerability database, it is determined that to be scanned to set
Standby no leak.
Fig. 6 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment.Such as Fig. 6 institutes
Show, the device for scanning leak can include:
There is priority between acquiring unit, the multiple equipment information for obtaining equipment to be scanned, multiple equipment information
Sequentially;
Scanning element, for based on default vulnerability database, treating scanning device according to the priority of multiple equipment information and carrying out
Vulnerability scanning, wherein, default vulnerability database includes the vulnerability information of multiple equipment to be scanned, and vulnerability information includes multiple equipment information
With the corresponding relation of leak type;And
Determining unit, for when the multiple equipment in the multiple equipment information of equipment to be scanned and any vulnerability information
During information matches, the leak type of equipment to be scanned is determined according to the vulnerability information matched.
Fig. 7 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment.Such as Fig. 7 institutes
Show, the scanning element for being used to scan in the device of leak shown in Fig. 6 can include:
Comparing module, for the order of the priority according to multiple equipment information from high to low successively with default vulnerability database
The facility information of vulnerability information is compared.
Fig. 8 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment.Such as Fig. 8 institutes
Show, the comparing module shown in Fig. 7 can include:
First compares submodule, for by the corresponding facility information of the higher priority of equipment to be scanned and default vulnerability database
In facility information be compared;
Acquisition submodule, for when the corresponding facility information of the higher priority of equipment to be scanned in default vulnerability database with setting
When in standby information matches, the vulnerability information associated with the facility information matched is obtained from default vulnerability database;And
Second compares submodule, for by the corresponding facility information of the lesser priority of higher priority and vulnerability information
Facility information be compared, wherein, vulnerability information for obtain the vulnerability information associated with the facility information matched.
Fig. 9 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment.Such as Fig. 9 institutes
Show, the determining unit shown in Fig. 7 can include:
Determining module, for when the leakage in the corresponding facility information of the lowest priority of equipment to be scanned and default vulnerability database
When the facility information of hole information is matched, the corresponding leak type of the facility information matched is defined as to the leakage of equipment to be scanned
Hole type.
Figure 10 is a kind of structured flowchart for being used to scan the device of leak according to an exemplary embodiment.Such as Figure 10
Shown, the determining unit shown in Fig. 8 can include:
Determining module, for when the leakage in the corresponding facility information of the lowest priority of equipment to be scanned and default vulnerability database
When the facility information of hole information is matched, the corresponding leak type of the facility information matched is defined as to the leakage of equipment to be scanned
Hole type.
Determining module in above-described embodiment can be also used in multiple equipment information any one not with it is default
In the case that facility information in vulnerability database is matched, determine that equipment to be scanned does not have leak.
The device that being used in above-described embodiment scans leak can be according to the priority of multiple equipment information, by layer by layer
Progressive mode carries out vulnerability scanning, can save sweep time.
Figure 11 is a kind of flow chart for being used to generate the method in vulnerability information storehouse according to an exemplary embodiment.Such as
Shown in Figure 11, the method in generation vulnerability information storehouse may comprise steps of.
In the step s 21, facility information and leak type are obtained, facility information includes equipment vendors' information, unit type
And firmware version.
In step S22, the corresponding relation of equipment vendors' information, unit type, firmware version and leak type is set up;With
And
In step S23, corresponding relation is stored, to generate default vulnerability database.
Here the default vulnerability database generated can described referring to figs. 1 to Fig. 5 for scanning in the method for leak
The default vulnerability database used in any means.Facility information and leak type can be manufacturer's issue, authoritative secure group hair-weaving
Cloth, or release mechanism issue.
Priority can be set to equipment vendors' information, unit type, firmware version.For example, can believe to equipment vendors
Breath sets limit priority, sets lower priority to unit type, and set lowest priority to firmware version.In this public affairs
In the exemplary embodiment opened, it can be determined according to priority between equipment vendors' information, unit type, firmware version
Membership.For example, can according to priority set up on equipment vendors' information, unit type, firmware version relational tree.Figure
12 show according to an exemplary embodiment on equipment vendors' information, unit type, the structure of the relational tree of firmware version
Schematic diagram.As shown in figure 12, in the relational tree shown, unit type is the child node of equipment vendors' information, and firmware version is
The child node of unit type.When treating scanning device and carrying out vulnerability scanning, according to relational tree from father to son (from top to bottom)
Order traversal presets the facility information in vulnerability database.For example, when carrying out vulnerability scanning, first by equipment vendors' information of acquisition
It is compared with equipment vendors' information in default vulnerability database.If the equipment vendors' information obtained and setting in default vulnerability database
Standby manufacturer's information is matched, then setting the unit type of acquisition and the child node for belonging to equipment vendors' information in default vulnerability database
Standby model is compared.If the unit type obtained is matched with the unit type in default vulnerability database, by consolidating for acquisition
The firmware version of child node of the part version with belonging to the unit type in default vulnerability database is compared.If the firmware version obtained
This is matched with the firmware version in default vulnerability database, then the leak type of the equipment is determined according to corresponding relation.
During above-mentioned vulnerability scanning, if in any one comparison stage without the match is successful, it is determined that equipment
There is no leak.
One of ordinary skill in the art be appreciated that can also be set up with other modes equipment vendors' information, unit type,
Relation between firmware version, such as set and the relation of subset.
In an exemplary embodiment of the disclosure, the firmware version in default vulnerability database can use firmware version number
The form of scope.Firmware version number scope can be determined by the version number of logical operator and firmware version.The following is making
The example for the logical operator used.
In-less-than symbol "<", for representing leak influence can be produced on the equipment less than certain firmware version.Such as firmware version
Number it is 5.0, then<5.0, which represent leak, to produce influence to less than 5.0 version.
Is-at-most symbol "<=", for representing leak influence can be produced on the equipment less than or equal to certain firmware version.
Such as firmware version number is 5.0, then<=5.0, which represent leak, to produce influence to 5.0 and its following version.
Is-greater-than symbol ">", for representing leak influence can be produced on the equipment more than certain firmware version.Such as firmware version
Number it is 5.0, then>5.0, which represent leak, to produce influence to more than 5.0 version.
Is-at-least symbol ">=", for representing leak influence can be produced on the equipment more than or equal to certain firmware version.
Such as firmware version number is 5.0, then>=5.0, which represent leak, to produce influence to the version of 5.0 and its above.
Scope symbol " [] ", influence can be produced for representing leak on the equipment of the version in the range of restriction.For example
[1.0,5.0], representing leak can be to more than or equal to 1.0 versions, the equipment less than or equal to 5.0 versions produces influence.
Particular version set symbol " { } ", shadow can be produced for representing leak to the equipment of the version in particular version set
Ring.Such as { 1.0,2.0,5.0 }, influence can be produced to the equipment of 1.0,2.0 and 5.0 these three versions by representing leak.
The scope of the version number associated with leak is represented using logical operator, can be avoided in disclosed vulnerability database
Data redundancy is produced during storage.
Figure 13 is a kind of structured flowchart for being used to generate the device in vulnerability information storehouse according to an exemplary embodiment.
As shown in figure 13, it can include for generating the device in vulnerability information storehouse:
Acquiring unit, for obtaining facility information and leak type, facility information includes equipment vendors' information, unit type
And firmware version;
Unit is set up, for setting up equipment vendors' information, unit type, firmware version and the corresponding relation of leak type;
And
Memory cell, for storing corresponding relation, to generate default vulnerability database.
There is provided a kind of storage medium in an exemplary embodiment of the disclosure, be stored with instruction on the storage medium, should
Instruct when being run by processor so that the side in the above-mentioned method for being used to scan leak of computing device or generation vulnerability information storehouse
Method.
The exemplary embodiment above of the disclosure and its equivalent embodiment can be saved by progressive scan mode
Sweep time is saved, or by optimizing firmware version, makes it using logical operator etc. to avoid data redundancy.
Although the firmware version associated with leak is determined using logical operator in exemplary embodiment above
Version number's scope, but one of ordinary skill in the art are appreciated that other kinds of operator can also be used to realize identical
Function, only needs to change the analysis mode of logical operation in technology realization.
On the device in above-described embodiment, wherein modules perform the concrete mode of operation in relevant this method
Embodiment in be described in detail, explanation will be not set forth in detail herein.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein
Its embodiment.The application be intended to the present invention any modification, purposes or adaptations, these modifications, purposes or
Person's adaptations follow the general principle of the present invention and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.Description and embodiments be considered only as it is exemplary, true scope and spirit of the invention by right will
Ask and point out.
It should be appreciated that the invention is not limited in the precision architecture for being described above and being shown in the drawings, and
And various modifications and changes can be being carried out without departing from the scope.The scope of the present invention is only limited by appended claim.
Claims (10)
1. a kind of method for scanning leak, it is characterised in that including:
Obtaining has priority orders between the multiple equipment information of equipment to be scanned, the multiple facility information;
Based on default vulnerability database, vulnerability scanning is carried out to the equipment to be scanned according to the priority of the multiple facility information,
Wherein, the default vulnerability database includes the vulnerability information of multiple equipment to be scanned, and the vulnerability information includes multiple equipment information
With the corresponding relation of leak type;
When the multiple equipment information matches in the multiple equipment information and any vulnerability information of the equipment to be scanned, root
The leak type of the equipment to be scanned is determined according to the vulnerability information matched.
2. according to the method described in claim 1, it is characterised in that described based on default vulnerability database, according to the multiple equipment
The priority of information carries out vulnerability scanning to the equipment to be scanned, wherein, the default vulnerability database includes multiple to be scanned set
Standby vulnerability information, the corresponding relation that the vulnerability information includes multiple equipment information and leak type includes:
According to the multiple facility information priority order from high to low successively with vulnerability information in the default vulnerability database
Facility information be compared.
3. method according to claim 2, it is characterised in that the priority according to the multiple facility information is from height
To low order be compared successively with the facility information of vulnerability information in the default vulnerability database including:
The corresponding facility information of higher priority of the equipment to be scanned and the facility information in the default vulnerability database are entered
Row is compared;
When the corresponding facility information of the higher priority of the equipment to be scanned is matched with facility information in default vulnerability database
When upper, the vulnerability information associated with the facility information matched was obtained from the default vulnerability database;And
The corresponding facility information of the lesser priority of the higher priority and the facility information in vulnerability information are compared,
Wherein, the vulnerability information is the vulnerability information associated with the facility information matched obtained.
4. the method according to claim 2 or 3, it is characterised in that described when the multiple equipment of the equipment to be scanned
During multiple equipment information matches in information and any vulnerability information, wait to sweep according to being determined the vulnerability information matched
Retouching the leak type of equipment includes:
When the corresponding facility information of lowest priority and the vulnerability information in the default vulnerability database of the equipment to be scanned
When facility information is matched, the corresponding leak type of the facility information matched is defined as to the leak class of the equipment to be scanned
Type.
5. a kind of method for generating vulnerability information storehouse, it is characterised in that methods described includes:
Facility information and leak type are obtained, the facility information includes equipment vendors' information, unit type and firmware version;
Set up the corresponding relation of equipment vendors' information, unit type, firmware version and leak type;
The corresponding relation is stored, to generate the default vulnerability database.
6. method according to claim 5, it is characterised in that the firmware version includes version number and logical operator,
The logical operator is used for the scope for determining the version number of firmware version in the vulnerability information.
7. a kind of device for being used to scan leak, it is characterised in that including:
There is priority between acquiring unit, the multiple equipment information for obtaining equipment to be scanned, the multiple facility information
Sequentially;
Scanning element, for based on default vulnerability database, according to the priority of the multiple facility information to the equipment to be scanned
Vulnerability scanning is carried out, wherein, the default vulnerability database includes the vulnerability information of multiple equipment to be scanned, and the vulnerability information includes
The corresponding relation of multiple equipment information and leak type;And
Determining unit, for when the multiple equipment in the multiple equipment information of the equipment to be scanned and any vulnerability information
During information matches, the leak type of the equipment to be scanned is determined according to the vulnerability information matched.
8. device according to claim 7, it is characterised in that the scanning element includes:
Comparing module, for the order of the priority according to the multiple facility information from high to low successively with the default leak
The facility information of vulnerability information is compared in storehouse.
9. device according to claim 8, it is characterised in that the comparing module includes:
First compares submodule, for by the corresponding facility information of higher priority of the equipment to be scanned and the default leakage
Facility information in cave depot is compared;
Acquisition submodule, for the corresponding facility information of the higher priority when the equipment to be scanned and default vulnerability database
When middle facility information is matched, the vulnerability information associated with the facility information matched is obtained from the default vulnerability database;
And
Second compares submodule, for by the corresponding facility information of the lesser priority of the higher priority and vulnerability information
Facility information be compared, wherein, the vulnerability information is believed for the leak associated with the facility information matched obtained
Breath.
10. the device according to claim 8 or 9, it is characterised in that the determining unit includes:
Determining module, for when in the corresponding facility information of lowest priority of the equipment to be scanned and the default vulnerability database
The facility information of vulnerability information when matching, the corresponding leak type of the facility information matched is defined as described to be scanned
The leak type of equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710358585.8A CN107194262A (en) | 2017-05-19 | 2017-05-19 | Method and device for scanning leak and generation vulnerability information storehouse |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710358585.8A CN107194262A (en) | 2017-05-19 | 2017-05-19 | Method and device for scanning leak and generation vulnerability information storehouse |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107194262A true CN107194262A (en) | 2017-09-22 |
Family
ID=59875280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710358585.8A Pending CN107194262A (en) | 2017-05-19 | 2017-05-19 | Method and device for scanning leak and generation vulnerability information storehouse |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107194262A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108449355A (en) * | 2018-04-04 | 2018-08-24 | 上海有云信息技术有限公司 | A kind of vulnerability scanning method and system |
| CN109194615A (en) * | 2018-08-01 | 2019-01-11 | 北京奇虎科技有限公司 | A kind of method, apparatus and computer equipment of detection device vulnerability information |
| CN109753802A (en) * | 2018-12-14 | 2019-05-14 | 华东师范大学 | A kind of firmware loophole danger classes evaluation method based on software and hardware combining |
| CN110674505A (en) * | 2019-08-22 | 2020-01-10 | 苏州浪潮智能科技有限公司 | Vulnerability scanning remaining time estimation method and device |
| CN110740125A (en) * | 2019-09-23 | 2020-01-31 | 公安部第一研究所 | method for implementing vulnerability library used for vulnerability detection of video monitoring equipment |
| CN110941831A (en) * | 2019-11-22 | 2020-03-31 | 上海工业自动化仪表研究院有限公司 | Vulnerability matching method based on fragmentation technology |
| CN111385240A (en) * | 2018-12-27 | 2020-07-07 | 北京奇虎科技有限公司 | Method and device for reminding access of equipment in network and computing equipment |
| CN113553595A (en) * | 2021-07-27 | 2021-10-26 | 北京天融信网络安全技术有限公司 | Vulnerability scanning method, device, equipment and storage medium |
-
2017
- 2017-05-19 CN CN201710358585.8A patent/CN107194262A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108449355A (en) * | 2018-04-04 | 2018-08-24 | 上海有云信息技术有限公司 | A kind of vulnerability scanning method and system |
| CN109194615A (en) * | 2018-08-01 | 2019-01-11 | 北京奇虎科技有限公司 | A kind of method, apparatus and computer equipment of detection device vulnerability information |
| CN109753802A (en) * | 2018-12-14 | 2019-05-14 | 华东师范大学 | A kind of firmware loophole danger classes evaluation method based on software and hardware combining |
| CN111385240A (en) * | 2018-12-27 | 2020-07-07 | 北京奇虎科技有限公司 | Method and device for reminding access of equipment in network and computing equipment |
| CN110674505A (en) * | 2019-08-22 | 2020-01-10 | 苏州浪潮智能科技有限公司 | Vulnerability scanning remaining time estimation method and device |
| CN110740125A (en) * | 2019-09-23 | 2020-01-31 | 公安部第一研究所 | method for implementing vulnerability library used for vulnerability detection of video monitoring equipment |
| CN110941831A (en) * | 2019-11-22 | 2020-03-31 | 上海工业自动化仪表研究院有限公司 | Vulnerability matching method based on fragmentation technology |
| CN110941831B (en) * | 2019-11-22 | 2024-03-26 | 上海工业自动化仪表研究院有限公司 | Vulnerability matching method based on slicing technology |
| CN113553595A (en) * | 2021-07-27 | 2021-10-26 | 北京天融信网络安全技术有限公司 | Vulnerability scanning method, device, equipment and storage medium |
| CN113553595B (en) * | 2021-07-27 | 2023-09-26 | 北京天融信网络安全技术有限公司 | Vulnerability scanning method, vulnerability scanning device, vulnerability scanning equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107194262A (en) | Method and device for scanning leak and generation vulnerability information storehouse | |
| US11163744B2 (en) | Test data generation and scale up for database testing using unique common factor sequencing | |
| US9594797B2 (en) | Data quality assessment | |
| CN102713863B (en) | Automatically the method and system of application program is corrected based on behavior when running | |
| CN108241873B (en) | A kind of intelligent failure diagnosis method towards pumping plant main equipment | |
| CN106104472A (en) | Specify logic checking rule and logic checking rule is applied to data | |
| CN108415846A (en) | A kind of method and apparatus generating minimal automation test use cases | |
| US11416711B2 (en) | Defect detection system | |
| CN111767350A (en) | Data warehouse testing method and device, terminal equipment and storage medium | |
| CN109508189A (en) | A kind of layout templates processing method, device and computer readable storage medium | |
| CN103019691A (en) | Transformation method for extract, transform and load (ETL) operation relation graph and implementation system thereof | |
| Jin et al. | CLX: Towards verifiable PBE data transformation | |
| Iqbal et al. | Improving classification on images by extracting and transferring knowledge in genetic programming | |
| Zhu et al. | A general framework for enhancing relaxed Pareto dominance methods in evolutionary many-objective optimization | |
| CN105095889A (en) | Feature extraction, character identification, engine generation and information determination methods and devices | |
| Valtchev et al. | A generic scheme for the design of efficient on-line algorithms for lattices | |
| CN115757479A (en) | Database query optimization method, machine-readable storage medium and computer device | |
| JP2004341623A (en) | Security specification creation support device and security specification creation support method | |
| Rybina et al. | On a common approach to joining productive rules obtained from different knowledge sources | |
| CN101882159A (en) | Database detecting method of and device thereof | |
| Singh | Stacking based approach for prediction of faulty modules | |
| Pacini et al. | X-BaD: A Flexible Tool for Explanation-Based Bias Detection | |
| CN111562944B (en) | Program code comparison method and comparison device | |
| CN110517133A (en) | Interlock account lookup method, device, computer equipment and storage medium | |
| Pechenizkiy et al. | Knowledge management challenges in knowledge discovery systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |