CN107273497A - A kind of vulnerability information acquisition method and device - Google Patents
A kind of vulnerability information acquisition method and device Download PDFInfo
- Publication number
- CN107273497A CN107273497A CN201710455954.5A CN201710455954A CN107273497A CN 107273497 A CN107273497 A CN 107273497A CN 201710455954 A CN201710455954 A CN 201710455954A CN 107273497 A CN107273497 A CN 107273497A
- Authority
- CN
- China
- Prior art keywords
- leak
- title
- vulnerability information
- keyword
- leak title
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention provides a kind of vulnerability information acquisition method and device, this method can include:Predefine target leak distribution platform;It is determined that the period of collection, and at least one corresponding keyword of current production;Obtain at least one original list that the target leak distribution platform issues within the period and distinguish corresponding first link;For the first link each described, at least one leak title included in the respective list page is obtained one by one, and each described leak title difference corresponding second is linked;According at least one described keyword, filtration treatment is carried out to leak title each described, to determine at least one target leak title of the correspondence current production;For corresponding second link of target leak title difference each described, the vulnerability information included in respective page is gathered one by one.This programme can improve the collecting efficiency of vulnerability information.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of vulnerability information acquisition method and device.
Background technology
With developing rapidly for network, the problem of network security becomes increasingly conspicuous as one.To improve to network security
Pay attention to, it is to avoid cause economic loss, some leak distribution platforms arise at the historic moment (such as national information security breaches shared platform).Leakage
Hole distribution platform is primarily used to issue various types of vulnerability informations, and whether each tissue (such as enterprise) deposits for determination Related product
In big leak, the vulnerability information for the Related product issued in certain time period need to be acquired.
At present, when carrying out vulnerability information collection, mainly by manually being checked sometime on leak distribution platform
All vulnerability informations of issue in section, and artificial screening is carried out one by one to all vulnerability informations, meet Related product to gather
Vulnerability information.But, the quantity of usual leak distribution platform issue vulnerability information is more, then if still by manually entering one by one
If row screening, it will take considerable time, so as to cause the collecting efficiency of vulnerability information relatively low.
The content of the invention
The embodiments of the invention provide a kind of vulnerability information acquisition method and device, it is possible to increase the collection effect of vulnerability information
Rate.
In a first aspect, the embodiments of the invention provide a kind of vulnerability information acquisition method,
Predefine target leak distribution platform;Also include:
It is determined that the period of collection, and at least one corresponding keyword of current production;
Obtain at least one original list institute that the target leak distribution platform issues within the period right respectively
The first link answered;
For the first link each described, at least one leak mark included in the respective list page is obtained one by one
Topic, and each described leak title difference corresponding second are linked;
According at least one described keyword, filtration treatment is carried out to leak title each described, to determine that correspondence is described
At least one target leak title of current production;
For corresponding second link of target leak title difference each described, institute in respective page is gathered one by one
Comprising vulnerability information.
Preferably,
At least one keyword described in the basis, filtration treatment is carried out to leak title each described, to determine correspondence
At least one target leak title of the current production, including:
For leak title each described, current leak title is compared with keyword each described successively,
When it is determined that any one of keyword is not present in the current leak title, the current leak title is filtered, otherwise,
The current leak title is defined as to the target leak title of the correspondence current production.
Preferably,
Described for each first link, at least one leakage included in the respective list page is obtained one by one
After the title of hole, and it is described be directed to each described leak title, by current leak title successively with key each described
Before word is compared, further comprise:
According at least one described keyword, leak title each described is entered row format conversion, with generate with it is described extremely
A few keyword has each described leak title of same format;
It is described to be directed to each described leak title, current leak title is compared with keyword each described successively
It is right, including:
For each enter row format conversion after the leak title, by current leak title successively with described in each
Keyword is compared.
Preferably,
The vulnerability information, including:Leak description, CVE-ID (Common Vulnerabilities and
Exposures-identification, public leak and exposure are numbered), issuing time, hazard level, influence product and leakage
Any one or more in the solution of hole.
Preferably,
The vulnerability information, including:CVE-ID;
Further comprise:
When it is determined that collecting the corresponding vulnerability information respectively from target leak distribution platform described at least two, root
Distinguish the corresponding CVE-ID according to vulnerability information each described, judge whether at least two identical vulnerability informations,
If it is, carrying out deduplication processing at least two identicals vulnerability information.
Second aspect, the embodiments of the invention provide a kind of vulnerability information harvester, including:
First determining unit, the second determining unit, acquiring unit, filter element and collecting unit;Wherein,
First determining unit, for predefining target leak distribution platform;
At least one corresponding key of second determining unit, the period for determining collection, and current production
Word;
The acquiring unit, for obtaining at least one that the target leak distribution platform issues within the period
Original list distinguishes corresponding first link;For the first link each described, institute in the respective list page is obtained one by one
Comprising at least one leak title, and corresponding second link of each described leak title difference;
The filter element, for according at least one described keyword, being carried out to leak title each described at filtering
Reason, to determine at least one target leak title of the correspondence current production;
The collecting unit, for being linked for target leak title difference each described corresponding described second, by
Vulnerability information included in individual collection respective page.
Preferably,
The filter element, specifically for for leak title each described, by current leak title successively with it is each
The individual keyword is compared, when it is determined that any one of keyword is not present in the current leak title, filtering
The current leak title, otherwise, the current leak title is defined as the target leak title of the correspondence current production.
Preferably,
Further comprise:Format conversion unit;
The format conversion unit, for according at least one described keyword, lattice to be carried out to leak title each described
Formula is changed, to generate each the described leak title for having same format with least one described keyword;
The filter element, specifically for entering the leak title after row format is changed for each, will currently leak
Hole title is compared with keyword each described successively.
Preferably,
The collecting unit, is further used for judging whether there is reference link in respective page, if it is, accessing institute
The corresponding reference page of reference link is stated, and gathers the reference vulnerability information included in the reference page.
Preferably,
The vulnerability information, including:Leak description, CVE-ID, issuing time, hazard level, influence product and leak
Any one or more in solution.
Preferably,
The vulnerability information, including:CVE-ID;
Further comprise:Deduplication unit;
The deduplication unit, for being collected respectively accordingly from target leak distribution platform described at least two when determination
The vulnerability information when, the corresponding CVE-ID is distinguished according to each described vulnerability information, judged whether at least
Two identical vulnerability informations, if it is, carrying out deduplication processing at least two identicals vulnerability information.
The embodiments of the invention provide a kind of vulnerability information acquisition method and device, when needs are in the leakage of predetermined target
During the vulnerability information of hole distribution platform collection correlation, pass through and determine the period of collection and at least one corresponding pass of current production
Key word achieves that automatic data collection, specifically, by obtaining each original list that the platform is issued in the period automatically
First link, then for each first link, obtain the respective list page included in each leak title and its
Corresponding second link, so as to just can go out not meeting the leak mark of current production according to each keyword automatic fitration of determination
Topic, and the leak title for not filtered, by its corresponding second link, can automatic data collection to the leakage for meeting current production
Hole information.Due to whole process, without being screened one by one by user again, the operation of repeater's work is instead of, therefore improve
The collecting efficiency of vulnerability information.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
These accompanying drawings obtain other accompanying drawings.
Fig. 1 is a kind of flow chart for vulnerability information acquisition method that one embodiment of the invention is provided;
Fig. 2 is a kind of flow chart for vulnerability information acquisition method that another embodiment of the present invention is provided;
Fig. 3 is the hardware architecture diagram of equipment where vulnerability information harvester provided in an embodiment of the present invention;
Fig. 4 is the structural representation for the vulnerability information harvester that one embodiment of the invention is provided;
Fig. 5 is the structural representation for the vulnerability information harvester that another embodiment of the present invention is provided;
Fig. 6 is the structural representation for the vulnerability information harvester that another embodiment of the invention is provided.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments, based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
As shown in figure 1, the embodiments of the invention provide a kind of vulnerability information acquisition method, this method can include following step
Suddenly:
Step 101:Predefine target leak distribution platform.
Step 102:It is determined that the period of collection, and at least one corresponding keyword of current production.
Step 103:Obtain at least one original list that the target leak distribution platform is issued within the period
Distinguish corresponding first link.
Step 104:For the first link each described, at least one included in the respective list page is obtained one by one
Leak title, and each described leak title difference corresponding second are linked.
Step 105:According at least one described keyword, filtration treatment is carried out to leak title each described, to determine
At least one target leak title of the correspondence current production.
Step 106:For corresponding second link of target leak title difference each described, gather one by one corresponding
Vulnerability information included in the page.
In above-described embodiment, when needing to gather related vulnerability information in predetermined target leak distribution platform,
Automatic data collection is achieved that by the period and at least one corresponding keyword of current production that determine collection, specifically, logical
The first link for obtaining each original list that the platform is issued in the period automatically is crossed, then for each the first chain
Connect, each leak title included in the respective list page and its corresponding second link are obtained, so that just can be according to true
Each fixed keyword automatic fitration goes out not meeting the leak title of current production, and the leak title for not filtered, leads to
Cross its corresponding second link, can automatic data collection to the vulnerability information for meeting current production.Due to whole process, without again by with
Family is screened one by one, instead of the operation of repeater's work, therefore improve the efficiency of vulnerability information collection.
In order to find in leaky title and meet the leak title of current production, one embodiment of the invention
In, the embodiment of the step 105, it may include:For leak title each described, by current leak title successively
It is compared with keyword each described, when it is determined that any one of keyword is not present in the current leak title
When, the current leak title is filtered, otherwise, the target that the current leak title is defined as the correspondence current production is leaked
Hole title.
For example, the keyword determined has Mysql and Tomcat, the leak title 1 of acquisition is * * * Mysql, leak title 2
Be * * * Tomcat for * * * ROM**, leak title 3, due to there are the keyword of determination in leak title 1 and 3, therefore by this
Two be defined as correspondence current production target leak title, and due in leak title 2 be not present Mysql and Tomcat in
Any one, therefore leak title 2 is filtered out.And when comparing, have one in the title 1 that springs a leak if compared
Keyword Mysql, then improve the efficiency that vulnerability information is gathered to be further, then without again by leak title 1 and another pass
Key word Tomcat is compared.
In order to exactly find in leaky title and meet the leak title of current production, a reality of the invention
Apply in example, after the step 104, and it is described be directed to each described leak title, by current leak title successively with
Before each described keyword is compared, further comprise:According at least one described keyword, to leak each described
Title enters row format conversion, to generate each the described leak title for having same format with least one described keyword;Institute
State for each described leak title, current leak title is compared with keyword each described successively, including:Pin
To the leak title that each enters after row format conversion, current leak title is carried out with keyword each described successively
Compare.
In above-described embodiment, when the form of keyword of the leak title with determining is inconsistent, the unification of row format need to be entered,
The embodiment of the present invention mainly carries out capital and small letter conversion to leak title.For example, each keyword determined is small letter, such as
Tomcat, and the entitled * * Tomcat** of a leak collected, then in order to avoid there is mistake when comparing, then need
Small letter conversion is carried out to * * Tomcat**, then the result after changing is * * tomcat**, so, afterwards when comparing due to * *
There is tomcat, therefore the leak title of the entitled current production of the leak in tomcat**.But if directly by * *
Tomcat** is compared with tomcat, then very likely due to not fully matching, then also filters out * * Tomcat**, from
And the missing for causing vulnerability information to gather.
In order to improve vulnerability information, it is easy to user to realize in the reparation of relevant vulnerability, one embodiment of the invention, institute
State the embodiment of step 106, it may include:Judge to whether there is reference link in respective page, if it is, accessing institute
The corresponding reference page of reference link is stated, and gathers the reference vulnerability information included in the reference page.
For example, being linked as http second://www.cnvd.org.cn/flaw/show/CNVD-2017-08549 page
Except including vulnerability information (such as hazard level in face:In;Leak is described:In ImageMagick7.0.5-5 versions
There is refusal service leak in ' ReadICONImage ' function, attacker can cause to refuse by special file using the leak
Service (RAM leakage)) outside, it is also possible to including reference link https://github.com/ImageMagick/
ImageMagick/issues/457, now can also follow up the link, access the page of the link, and capture included in the page
Some information on current leak.
In one embodiment of the invention, the vulnerability information, including:Leak description, CVE-ID, issuing time, harm level
Not, influence product and leak solution in any one or more.
In order to avoid showing the vulnerability information repeated to user, influence in Consumer's Experience, one embodiment of the invention, it is described
Vulnerability information, including:CVE-ID;
It can further comprise:When it is determined that being collected respectively from target leak distribution platform described at least two corresponding described
During vulnerability information, the corresponding CVE-ID is distinguished according to each described vulnerability information, at least two phases are judged whether
Same vulnerability information, if it is, carrying out deduplication processing at least two identicals vulnerability information.
For example, having collected two vulnerability informations on current production, its CVE-ID points from target leak distribution platform a
It is not CVE-2017-9405 and CVE-2017-8302, one on current production has been collected from target leak distribution platform b
Individual vulnerability information, its CVE-ID is CVE-2017-9405, has been collected from target leak distribution platform c on current production
Three vulnerability informations, its CVE-ID is CVE-2017-9405, CVE-2017-9013 and CVE-2017-8012 respectively, then be
Avoid repeating, then need to carry out deduplication processing to the corresponding vulnerability informations of CVE-2017-9405 collected respectively from a, b and c,
Namely the vulnerability information that only remaining 1 CVE-ID is CVE-2017-9405, after processing, common residue 2+1+3-2=4
Vulnerability information individual different but on current production.
Below will with gather CNVD (China National Vulnerability Database, national information safely leak
Hole shared platform) issue relevant vulnerability information exemplified by, describe a kind of vulnerability information collection provided in an embodiment of the present invention in detail
Method, as shown in Fig. 2 this method may comprise steps of:
Step 201:It is CNVD to predefine target leak distribution platform.
In the embodiment of the present invention, the relevant vulnerability information issued in order to automatic data collection CNVD can be based on writing
Scrapy (crawl) framework is realized.
Step 202:It is determined that the period of collection is 2017/6/1-2017/6/7.
Wherein, the period of collection can be by program default setting (such as nearest one week), or user is according to actual need
Ask and be configured manually.
Step 203:It is mysql and tomcat to determine the corresponding both keyword of current production.
Wherein, keyword can be manually entered by user, or be pre-configured with a keyed file, and such as acquiescence is closed
Key word file is the keyword for including product in keyword.txt, this document, and each keyword occupies a line, then user
Each required keyword is selected in the keyed file according to the demand of oneself.
Step 204:Obtain at least one original list that CNVD issue in 2017/6/1-2017/6/7 and distinguish corresponding the
One link.
In the embodiment of the present invention, the first link refers to URL, and (Uniform Resource Locator, unified resource is fixed
Position symbol)., then in advance need to be in Scrapy frameworks so for the URL of each corresponding original list of CNVD can be obtained
Spider (spider) is write accordingly, and for ease of distinguishing, the Spider is named as by the embodiment of the present invention
CnvdpostSpider, it, which is acted on, mainly sends HTTP (HyperText Transfer Protocol, Hyper text transfer association
View) POST request, to read the data of response, then obtained using the Selectors (selector) in Scrapy frameworks
CNVD distinguishes corresponding URL in 2017/6/1-2017/6/7 each original list issued.
For example, getting 16 original lists altogether distinguishes corresponding URL.
Step 205:For each the first link, at least one leak included in the respective list page is obtained one by one
Title, and corresponding second link of each leak title difference.
In the embodiment of the present invention, that the second link refers to is also URL, and only URL and leak title is corresponded.
So for each leak title can be obtained, then another Spider in Scrapy frameworks need to equally be carried out in advance corresponding
Write, for ease of distinguishing, Spider is named as CnvdSpider by the embodiment of the present invention, it, which is acted on, is mainly read step 204
In 16 URL getting, and conduct interviews (send HTTP GET requests) one by one, to read the page of response, Ran Houli
Leak title is obtained with Selectors, and is stored in the CnvdItem set and (is ordered by the Item (project) in Scrapy frameworks
Name, it acts on the data for being primarily used to preserve webpage) in, then the Item Pipeline being delivered in Scrapy frameworks
(project pipeline), to carry out the filtering of leak title.
For example, comprising 20 leak titles in each original list.
Step 206:According to mysql and tomcat, small letter conversion is carried out to each leak title.
For example, the corresponding character string of one of leak title is * * * * MYSQL**, then to avoid matched
The leak title is filtered out during filter, therefore the character string of the leak title need to be subjected to small letter conversion, after conversion
As a result it is * * * * mysql**.
Step 207:For the leak title of each small letter, current leak title is compared with both keyword successively
It is right.
Step 208:It is determined that whether any one keyword is not present in current leak title, if it is, performing step
209, otherwise, perform step 210.
When being compared, if confirming there is keyword mysql in current leak title, you can perform step 210, be
The collecting efficiency of vulnerability information is further improved, without again by the current leak title and a remaining keyword tomcat
It is compared.
Step 209:Current leak title is filtered, and performs step 207.
Due to any one keyword being not present in current leak title, then illustrate the leakage corresponding to the current leak title
Hole information is unrelated with current production, therefore directly filters out.
Step 210:Current leak title is defined as to the target leak title of correspondence current production.
Step 211:For corresponding second link of each target leak title difference, institute in respective page is gathered one by one
Comprising vulnerability information.
For example, the embodiment of the present invention determines 3 target leak titles altogether, its corresponding URL is respectively http://
www.cnvd.org.cn/**-2017-08549、http://www.cnvd.org.cn/**-2017-08935、http://
Www.cnvd.org.cn/**-2017-08632, then be the collection for realizing vulnerability information, then also need to another in advance
Spider is write accordingly, for ease of distinguishing, and Spider is named as CnvddetailSpider by the embodiment of the present invention, its
Effect mainly reads this 3 URL, and accesses one by one, to read the page of response, then captures net using Selectors
The content of page, namely detailed vulnerability information.
Step 212:Judge to whether there is reference link in respective page, if it is, performing step 213, otherwise, perform
Step 214.
Some leak distribution platforms such as usual CNVD can also add the chain of other websites while vulnerability information is issued
Connect as reference, such as CNVD would generally add the reference link of CVE links and manufacturer, can so make enterprise obtain it is more certain
The relevant information of one leak, is conducive to early warning and repairs the leak.For example, reference link is https://
cxsecurity.com/issue/WLB-2017060062。
Step 213:The corresponding reference page of reference link is accessed, and gathers the reference leak letter included in reference page
Breath.
Step 214:When it is determined that collecting corresponding vulnerability information respectively from least two target leak distribution platforms,
Corresponding CVE-ID is distinguished according to each vulnerability information, at least two identical vulnerability informations are judged whether, if it is,
Step 215 is then performed, otherwise, terminates current process.
For example, one that has collected that CVE-ID is CVE-2017-9405 from CNVD and another leak distribution platform
Vulnerability information, then to avoid repeating, then need the leak collected respectively to the two leak distribution platforms to carry out duplicate removal and be combined
And.
Step 215:Deduplication processing is carried out at least two identical vulnerability informations.
In the embodiment of the present invention, being finally provided to the vulnerability information of user includes:Adopted respectively from each leak distribution platform
The vulnerability information collected carries out the vulnerability information after deduplication merging, and the corresponding reference leak for being also possible to get is believed
Breath.
As shown in Figure 3, Figure 4, the embodiments of the invention provide a kind of vulnerability information harvester.Device embodiment can lead to
Software realization is crossed, can also be realized by way of hardware or software and hardware combining.For hardware view, as shown in figure 3, being
A kind of hardware structure diagram of equipment where vulnerability information harvester provided in an embodiment of the present invention, except the processing shown in Fig. 3
Outside device, internal memory, network interface and nonvolatile memory, the equipment in embodiment where device can also generally include
Other hardware, are such as responsible for the forwarding chip of processing message.Exemplified by implemented in software, as shown in figure 4, being anticipated as a logic
Device in justice, is to be read corresponding computer program instructions in nonvolatile memory by the CPU of equipment where it
Operation is formed in internal memory.A kind of vulnerability information harvester that the present embodiment is provided, including:
First determining unit 401, the second determining unit 402, acquiring unit 403, filter element 404 and collecting unit 405;
Wherein,
First determining unit 401, for predefining target leak distribution platform;
At least one corresponding pass of second determining unit 402, the period for determining collection, and current production
Key word;
The acquiring unit 403, is issued at least for obtaining the target leak distribution platform within the period
One original list distinguishes corresponding first link;For the first link each described, the respective list page is obtained one by one
Included at least one leak title, and corresponding second link of each described leak title difference;
The filter element 404, for according at least one described keyword, being filtered to leak title each described
Processing, to determine at least one target leak title of the correspondence current production;
The collecting unit 405, for being linked for target leak title difference each described corresponding described second,
The vulnerability information included in respective page is gathered one by one.
In order to find in leaky title and meet the leak title of current production, one embodiment of the invention
In, the filter element 404, specifically for for leak title each described, by current leak title successively with each
The keyword is compared, and when it is determined that any one of keyword is not present in the current leak title, filters institute
Current leak title is stated, otherwise, the current leak title is defined as to the target leak title of the correspondence current production.
In order to exactly find in leaky title and meet the leak title of current production, a reality of the invention
Apply in example, as shown in figure 5, further comprising:Format conversion unit 501;
The format conversion unit 501, for according at least one described keyword, being carried out to leak title each described
Form is changed, to generate each the described leak title for having same format with least one described keyword;
The filter element 404, will be current specifically for entering the leak title after row format is changed for each
Leak title is compared with keyword each described successively.
In order to improve in vulnerability information, one embodiment of the invention, the collecting unit 405 is further used for sentencing
It whether there is reference link in disconnected respective page, if it is, accessing the corresponding reference page of the reference link, and gather institute
State the reference vulnerability information included in reference page.
In one embodiment of the invention, the vulnerability information, including:Leak description, CVE-ID, issuing time, harm level
Not, influence product and leak solution in any one or more.
In order to avoid showing the vulnerability information repeated to user, influence in Consumer's Experience, one embodiment of the invention, it is described
Vulnerability information, including:CVE-ID;As shown in fig. 6, further comprising:Deduplication unit 601;
The deduplication unit 601, for being collected respectively from target leak distribution platform described at least two when determination
During the corresponding vulnerability information, the corresponding CVE-ID is distinguished according to each described vulnerability information, judged whether
At least two identical vulnerability informations, if it is, carrying out deduplication processing at least two identicals vulnerability information.
The contents such as the information exchange between each unit, implementation procedure in said apparatus, due to implementing with the inventive method
Example is based on same design, and particular content can be found in the narration in the inventive method embodiment, and here is omitted.
Present invention also offers a kind of computer-readable medium, including execute instruction, when the processor of storage control is held
During the row execute instruction, the storage control performs the vulnerability information collection side that any of the above-described embodiment of the invention is provided
Method.
In addition, present invention also offers a kind of storage control, including:Processor, memory and bus;
The memory is used to store execute instruction, and the processor is connected with the memory by the bus, when
During the storage control operation, the execute instruction of memory storage described in the computing device, so that the storage
Controller performs the vulnerability information acquisition method that any of the above-described embodiment of the invention is provided.
To sum up, each embodiment of the invention at least has the advantages that:
1st, in embodiments of the present invention, when needs gather related leak letter in predetermined target leak distribution platform
During breath, automatic data collection is achieved that by the period and at least one corresponding keyword of current production that determine collection, specifically
, by obtaining the first link of each original list that the platform is issued in the period automatically, then for each
First link, obtains each leak title included in the respective list page and its corresponding second link, so that just can be with
Go out not meeting the leak title of current production according to each keyword automatic fitration of determination, and the leak mark for not filtered
Topic, by its corresponding second link, can automatic data collection to the vulnerability information for meeting current production.Due to whole process, without
Screened one by one by user again, instead of the operation of repeater's work, therefore improve the efficiency of vulnerability information collection.
2nd, in embodiments of the present invention, after each leak title is got automatically, by entering to each leak title
Row format is changed, and has identical form with the keyword for being converted into and determining, so as to avoid due to form disunity
The filtering error caused, can more accurately gather each vulnerability information of current production, it is to avoid because collection error is brought
Economic loss.
3rd, in embodiments of the present invention, by the reference link recommended in the corresponding page of the link of follow-up second, enterprise can be made
Industry obtains the relevant information of more a certain leaks, is conducive to early warning and repairs the leak.
4th, in embodiments of the present invention, when it is determined that getting the leak letter of correlation automatically from least two leak distribution platforms
During breath, by carrying out deduplication processing at least two vulnerability informations from different platform, to provide the user at deduplication
Latter incorporated vulnerability information is managed, is easy to user to be checked, Consumer's Experience is improved.
5th, in embodiments of the present invention, by realizing automation collection vulnerability information, computer generation can be made to replace repeater
Work is operated, and has been saved the cost of labor of preciousness, has been improved the operating efficiency of enterprise.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity
Or operation makes a distinction with another entity or operation, and not necessarily require or imply exist between these entities or operation
Any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant be intended to it is non-
It is exclusive to include, so that process, method, article or equipment including a series of key elements not only include those key elements,
But also other key elements including being not expressly set out, or also include solid by this process, method, article or equipment
Some key elements.In the absence of more restrictions, by sentence " including the key element that a 〃 〃 " is limited, it is not excluded that
Also there is other identical factor in the process including the key element, method, article or equipment.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
Programmed instruction related hardware is completed, and foregoing program can be stored in the storage medium of embodied on computer readable, the program
Upon execution, the step of including above method embodiment is performed;And foregoing storage medium includes:ROM, RAM, magnetic disc or light
Disk etc. is various can be with the medium of store program codes.
It is last it should be noted that:Presently preferred embodiments of the present invention is the foregoing is only, the skill of the present invention is merely to illustrate
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made within the spirit and principles of the invention,
Equivalent substitution, improvement etc., are all contained in protection scope of the present invention.
Claims (10)
1. a kind of vulnerability information acquisition method, it is characterised in that
Predefine target leak distribution platform;Also include:
It is determined that the period of collection, and at least one corresponding keyword of current production;
Obtain at least one original list that the target leak distribution platform issues within the period and distinguish corresponding
First link;
For the first link each described, at least one leak title included in the respective list page is obtained one by one, with
And each described leak title difference corresponding second is linked;
According at least one described keyword, filtration treatment is carried out to leak title each described, to determine that correspondence is described current
At least one target leak title of product;
For corresponding second link of target leak title difference each described, gather one by one included in respective page
Vulnerability information.
2. vulnerability information acquisition method according to claim 1, it is characterised in that
At least one keyword described in the basis, filtration treatment is carried out to leak title each described, to determine that correspondence is described
At least one target leak title of current production, including:
For leak title each described, current leak title is compared with keyword each described successively, when true
When any one of keyword is not present in the fixed current leak title, the current leak title is filtered, otherwise, by institute
State the target leak title that current leak title is defined as the correspondence current production.
3. vulnerability information acquisition method according to claim 2, it is characterised in that
Described for each first link, at least one leak mark included in the respective list page is obtained one by one
After topic, and each described leak title is directed to described, current leak title is entered with keyword each described successively
Before row is compared, further comprise:
According at least one described keyword, row format conversion is entered to leak title each described, to generate and described at least one
Individual keyword has each described leak title of same format;
It is described to be directed to each described leak title, current leak title is compared with keyword each described successively,
Including:
For each enter row format conversion after the leak title, by current leak title successively with key each described
Word is compared.
4. vulnerability information acquisition method according to claim 1, it is characterised in that
It is described to be linked for each described target leak title difference corresponding described second, institute in respective page is gathered one by one
Comprising vulnerability information, further comprise:
Judge to whether there is reference link in respective page, if it is, the corresponding reference page of the reference link is accessed, and
Gather the reference vulnerability information included in the reference page.
5. according to any described vulnerability information acquisition methods of claim 1-4, it is characterised in that
The vulnerability information, including:Leak description, public leak and exposure numbering CVE-ID, issuing time, hazard level, shadow
Ring any one or more in product and leak solution;
And/or,
The vulnerability information, including:CVE-ID;
Further comprise:
When it is determined that collecting the corresponding vulnerability information respectively from target leak distribution platform described at least two, according to every
One vulnerability information distinguishes the corresponding CVE-ID, judges whether at least two identical vulnerability informations, if
It is that deduplication processing then is carried out at least two identicals vulnerability information.
6. a kind of vulnerability information harvester, it is characterised in that including:
First determining unit, the second determining unit, acquiring unit, filter element and collecting unit;Wherein,
First determining unit, for predefining target leak distribution platform;
Second determining unit, the period for determining collection, and at least one corresponding keyword of current production;
The acquiring unit, for obtaining at least one list that the target leak distribution platform is issued within the period
The page distinguishes corresponding first link;For the first link each described, obtain one by one included in the respective list page
At least one leak title, and corresponding second link of each described leak title difference;
The filter element, for according at least one described keyword, filtration treatment to be carried out to leak title each described, with
It is determined that at least one target leak title of the correspondence current production;
The collecting unit, for for corresponding second link of target leak title difference each described, adopting one by one
Collect the vulnerability information included in respective page.
7. vulnerability information harvester according to claim 6, it is characterised in that
The filter element, specifically for for leak title each described, by current leak title successively with each institute
State keyword to be compared, when it is determined that any one of keyword is not present in the current leak title, filtering is described
Current leak title, otherwise, the current leak title is defined as the target leak title of the correspondence current production.
8. vulnerability information harvester according to claim 7, it is characterised in that
Further comprise:Format conversion unit;
The format conversion unit, for according at least one described keyword, row format being entered to leak title each described and is turned
Change, to generate each described leak title that there is same format with least one described keyword;
The filter element, specifically for entering the leak title after row format is changed for each, by current leak mark
Topic is compared with keyword each described successively.
9. vulnerability information harvester according to claim 6, it is characterised in that
The collecting unit, is further used for judging whether there is reference link in respective page, if it is, accessing the ginseng
The corresponding reference page of link is examined, and gathers the reference vulnerability information included in the reference page.
10. according to any described vulnerability information harvesters of claim 6-9, it is characterised in that
The vulnerability information, including:Leak description, CVE-ID, issuing time, hazard level, influence product and leak are solved
Any one or more in scheme;
And/or,
The vulnerability information, including:CVE-ID;
Further comprise:Deduplication unit;
The deduplication unit, determines to collect corresponding institute respectively from target leak distribution platform described at least two for working as
When stating vulnerability information, the corresponding CVE-ID is distinguished according to each described vulnerability information, at least two are judged whether
Identical vulnerability information, if it is, carrying out deduplication processing at least two identicals vulnerability information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710455954.5A CN107273497A (en) | 2017-06-16 | 2017-06-16 | A kind of vulnerability information acquisition method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710455954.5A CN107273497A (en) | 2017-06-16 | 2017-06-16 | A kind of vulnerability information acquisition method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107273497A true CN107273497A (en) | 2017-10-20 |
Family
ID=60067605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710455954.5A Pending CN107273497A (en) | 2017-06-16 | 2017-06-16 | A kind of vulnerability information acquisition method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107273497A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110134613A (en) * | 2019-05-22 | 2019-08-16 | 北京航空航天大学 | A kind of software defect data collection system based on code semanteme and background information |
| CN110768977A (en) * | 2019-10-21 | 2020-02-07 | 中国民航信息网络股份有限公司 | Method and system for capturing security vulnerability information |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853277A (en) * | 2010-05-14 | 2010-10-06 | 南京信息工程大学 | Vulnerability data mining method based on classification and association analysis |
| CN102902703A (en) * | 2012-07-19 | 2013-01-30 | 中国人民解放军国防科学技术大学 | Network sensitive information-oriented screenshot discovery and locking callback method |
| CN103927370A (en) * | 2014-04-23 | 2014-07-16 | 焦点科技股份有限公司 | Network information batch acquisition method of combined text and picture information |
| US20160127410A1 (en) * | 2012-12-18 | 2016-05-05 | Tinfoil Security, Inc. | System and methods for scalably identifying and characterizing structural differences between document object models |
| CN106357635A (en) * | 2016-09-09 | 2017-01-25 | 浪潮软件集团有限公司 | Vulnerability comparison analysis method based on homologous framework |
-
2017
- 2017-06-16 CN CN201710455954.5A patent/CN107273497A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853277A (en) * | 2010-05-14 | 2010-10-06 | 南京信息工程大学 | Vulnerability data mining method based on classification and association analysis |
| CN102902703A (en) * | 2012-07-19 | 2013-01-30 | 中国人民解放军国防科学技术大学 | Network sensitive information-oriented screenshot discovery and locking callback method |
| US20160127410A1 (en) * | 2012-12-18 | 2016-05-05 | Tinfoil Security, Inc. | System and methods for scalably identifying and characterizing structural differences between document object models |
| CN103927370A (en) * | 2014-04-23 | 2014-07-16 | 焦点科技股份有限公司 | Network information batch acquisition method of combined text and picture information |
| CN106357635A (en) * | 2016-09-09 | 2017-01-25 | 浪潮软件集团有限公司 | Vulnerability comparison analysis method based on homologous framework |
Non-Patent Citations (1)
| Title |
|---|
| 顾韵华等: "网络安全漏洞信息采集系统的研究", 《计算机工程与设计》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110134613A (en) * | 2019-05-22 | 2019-08-16 | 北京航空航天大学 | A kind of software defect data collection system based on code semanteme and background information |
| CN110768977A (en) * | 2019-10-21 | 2020-02-07 | 中国民航信息网络股份有限公司 | Method and system for capturing security vulnerability information |
| CN110768977B (en) * | 2019-10-21 | 2022-02-25 | 中国民航信息网络股份有限公司 | Method and system for capturing security vulnerability information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gupta et al. | PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications | |
| CN106572117B (en) | A kind of detection method and device of WebShell file | |
| CN105243159A (en) | Visual script editor-based distributed web crawler system | |
| CN102947767B (en) | Display has the method and system of the live thumbnail of the procedure graph diagram of priority | |
| EP3726410B1 (en) | Interpretation device, interpretation method and interpretation program | |
| KR101092024B1 (en) | Real-time vulnerability diagnoses and results information offer service system of web service | |
| US20120102543A1 (en) | Audit Management System | |
| CN107451034A (en) | A kind of big data cluster log management apparatus, method and system | |
| CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
| CN108628748B (en) | Automatic test management method and automatic test management system | |
| CN106101130A (en) | A kind of network malicious data detection method, Apparatus and system | |
| RU2757597C1 (en) | Systems and methods for reporting computer security incidents | |
| CN109213773A (en) | A kind of diagnostic method, device and the electronic equipment of online failure | |
| CN107612730A (en) | A kind of log collection analysis method, device and system | |
| CN106027528A (en) | WEB horizontal authority automatic identification method and device | |
| CN107273497A (en) | A kind of vulnerability information acquisition method and device | |
| CN103312692B (en) | Chained address safety detecting method and device | |
| CN114528457A (en) | Web fingerprint detection method and related equipment | |
| CN110659973A (en) | Fund tracking method, device and equipment | |
| CN114528132A (en) | Deep-level cause analysis of storage system failures | |
| CN107317708A (en) | The monitoring method and device of a kind of Court business application system | |
| CN107222497A (en) | Network traffic anomaly monitor method and electronic equipment | |
| CN109446441A (en) | A kind of credible distributed capture storage system of general Web Community | |
| CN103336693A (en) | Method and device for establishing refer chain and security detection device | |
| CN109359251A (en) | Audit method for early warning, device and the terminal device of application system service condition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |
|
| RJ01 | Rejection of invention patent application after publication |