CN107609179B - Data processing method and equipment - Google Patents
Data processing method and equipment Download PDFInfo
- Publication number
- CN107609179B CN107609179B CN201710910062.XA CN201710910062A CN107609179B CN 107609179 B CN107609179 B CN 107609179B CN 201710910062 A CN201710910062 A CN 201710910062A CN 107609179 B CN107609179 B CN 107609179B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- records
- attribute
- record
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The embodiment of the invention provides a data processing method and equipment, which are used for solving the technical problem that vulnerability records in vulnerability databases cannot be fused and shared in the prior art. The method comprises the following steps: acquiring at least two vulnerability records from at least two vulnerability databases; the vulnerability records are used for describing data contents of vulnerabilities of systems corresponding to different mechanisms; performing sememe analysis on the attribute characteristics of each vulnerability record in at least two vulnerability records; the vulnerability records with different attribute characteristics correspond to different classification types, and the classification types are related to the types of the data contents represented by the vulnerability records; associating vulnerability records of common sememes existing between attribute features in at least two vulnerability records with a first hierarchical type, and generating a standard vulnerability database containing at least one first hierarchical type; and the vulnerability records under the first hierarchical type have at least one same attribute characteristic.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a data processing method and device.
Background
With the development of science and technology, people pay more and more attention to information safety. The security vulnerability refers to corresponding problems generated in each stage of a life cycle of an information system, such as the processes of design, implementation, operation and maintenance and the like, and the problems can affect the security of the system. At present, in order to better manage and control information security vulnerabilities, countries in the world usually record known and some unknown security vulnerabilities and establish their own national security database, also commonly referred to as a vulnerability database.
However, in the existing leak library, as each leak library belongs to different mechanisms and no communication exists between the leak libraries, the leak records are not comprehensive enough. Meanwhile, as the vulnerability database does not comply with a uniform standard, the existing security vulnerability database adopts different identification, classification and rating methods, so that after the same vulnerability is released by different organizations, vulnerability records of the same vulnerability are greatly different, and sharing and communication of the vulnerability records are influenced.
In addition, the text types and the field expression modes of the vulnerabilities have great difference, and for nouns with the same meaning, software is difficult to identify the identity of the vulnerabilities when the nouns with the same meaning appear in different vulnerability libraries. Therefore, data fusion is difficult to be performed automatically and in batches, and if the data fusion is completed one by one in a manual mode, the workload is very huge and the subjectivity cannot be avoided.
In summary, in the prior art, the bug records in each bug database cannot be shared and fused.
Disclosure of Invention
The embodiment of the invention provides a data processing method and device, which are used for solving the technical problem that vulnerability records in vulnerability databases cannot be fused and shared in the prior art.
In a first aspect, an embodiment of the present invention provides a data processing method, including the following steps:
acquiring at least two vulnerability records from at least two vulnerability databases; each vulnerability database in the at least two vulnerability databases belongs to different mechanisms, and the vulnerability records are used for describing data contents of vulnerabilities of systems corresponding to the different mechanisms;
performing sememe analysis on the attribute characteristics of each vulnerability record in the at least two vulnerability records; the vulnerability records with different attribute characteristics correspond to different classification types, and the classification types are related to the types of the data contents represented by the vulnerability records;
associating vulnerability records of common sememes existing between attribute features in the at least two vulnerability records with a first hierarchical type, and generating a standard vulnerability database containing at least one first hierarchical type; and the vulnerability records under the first hierarchical type have at least one same attribute characteristic.
Optionally, after performing sememe analysis on the attribute characteristics of each of the at least two vulnerability records, the method further includes:
determining that a vulnerability record with a semantic element exists between attribute features in the at least two vulnerability records, wherein at least one distinguishing attribute feature exists between the attribute features of the vulnerability record with the semantic element;
simultaneously with or after associating the vulnerability records of the common sememe existing between the attribute features in the at least two vulnerability records with the first hierarchical type, the method further comprises:
determining vulnerability records with a semantic element between attribute features in the vulnerability records associated with the first hierarchical type;
and determining a second classification type according to the determined attribute characteristics of the vulnerability records, and associating the vulnerability records with the second classification type, wherein the attribute characteristics of the vulnerability records have a semantic element.
Optionally, the attribute feature includes data source information, vulnerability type information, and field information.
Optionally, after associating the vulnerability record with the second hierarchical type, where a semantic element exists between the attribute features in the at least two vulnerability records, the method further includes:
determining a storage path corresponding to each vulnerability data in the at least two vulnerability records according to the incidence relation between the vulnerability records and the classification types, wherein the storage path is used for indicating the storage address of the vulnerability record in the standard vulnerability database;
and storing each vulnerability record in the at least two vulnerability records according to a corresponding storage path.
Optionally, the method further includes:
receiving vulnerability record retrieval information, wherein the vulnerability record retrieval information comprises at least one retrieval keyword;
determining at least one attribute characteristic corresponding to the vulnerability record retrieval information according to the at least one retrieval keyword;
determining a target classification type corresponding to the vulnerability record retrieval information according to the at least one attribute feature, wherein the target classification type comprises the first classification type and/or the second classification type;
and outputting at least one vulnerability record associated with the target classification category.
In a second aspect, the present invention provides, in practice, a data processing apparatus comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring at least two vulnerability records from at least two vulnerability databases; each vulnerability database in the at least two vulnerability databases belongs to different mechanisms, and the vulnerability records are used for describing data contents of vulnerabilities of systems corresponding to the different mechanisms;
the analysis module is used for carrying out sememe analysis on the attribute characteristics of each vulnerability record in the at least two vulnerability records; the vulnerability records with different attribute characteristics correspond to different classification types, and the classification types are related to the types of the data contents represented by the vulnerability records;
the processing module is used for associating the vulnerability records of the common sememes existing between the attribute features in the at least two vulnerability records with a first hierarchical type and generating a standard vulnerability database containing at least one first hierarchical type; and the vulnerability records under the first hierarchical type have at least one same attribute characteristic.
Optionally, the analysis module is further configured to:
after semantic element analysis is carried out on the attribute characteristics of each vulnerability record in the at least two vulnerability records, determining that a vulnerability record with a semantic element distinguishing exists between the attribute characteristics in the at least two vulnerability records, wherein at least one distinguishing attribute characteristic exists between the attribute characteristics of the vulnerability records with the semantic element distinguishing;
the processing module is further configured to:
determining vulnerability records with different sememes between attribute features in vulnerability records associated with a first hierarchical type while or after associating vulnerability records with the first hierarchical type of common sememes existing between attribute features in the at least two vulnerability records;
and determining a second classification type according to the determined attribute characteristics of the vulnerability records, and associating the vulnerability records with the second classification type, wherein the attribute characteristics of the vulnerability records have a semantic element.
Optionally, the attribute feature includes data source information, vulnerability type information, and field information.
Optionally, the data processing apparatus further includes:
the first determining module is used for determining a storage path corresponding to each vulnerability data in the at least two vulnerability records according to the incidence relation between the vulnerability records and the classification types after the vulnerability records with the different meaning elements existing between the attribute characteristics in the at least two vulnerability records are associated with the second classification type, wherein the storage path is used for indicating the storage address of the vulnerability record in the standard vulnerability database;
and the storage module is used for storing each vulnerability record in the at least two vulnerability records according to a corresponding storage path.
Optionally, the data processing apparatus further includes:
the receiving module is used for receiving vulnerability record retrieval information, and the vulnerability record retrieval information comprises at least one retrieval keyword;
the second determining module is used for determining at least one attribute characteristic corresponding to the vulnerability record retrieval information according to the at least one retrieval keyword;
a third determining module, configured to determine, according to the at least one attribute feature, a target classification type corresponding to the vulnerability record retrieval information, where the target classification type includes the first classification type and/or the second classification type;
and the output module is used for outputting at least one vulnerability record associated with the target classification category.
In a third aspect, an embodiment of the present invention provides a computer apparatus, which includes a processor, and the processor is configured to implement the method according to the first aspect when executing a computer program stored in a memory.
In a fourth aspect, the present invention provides a computer-readable storage medium storing computer instructions, which when executed on a computer, cause the computer to perform the method according to the first aspect.
In the embodiment of the invention, the vulnerability records with common sememes in the attribute characteristics can be associated with the same classification type by performing sememe analysis on the attribute characteristics of the vulnerability records from different vulnerability databases, so that the vulnerability records with common attribute characteristics are associated to one classification type for storage, the related vulnerability records in the same classification type can be searched for later on based on the association relationship in the standard database, the searching efficiency is improved, and the unified management of the vulnerability records is realized.
Drawings
FIG. 1 is a flow chart illustrating a data processing method according to an embodiment of the present invention;
FIG. 2 is a first diagram illustrating a structural model of a vulnerability record in an embodiment of the present invention;
FIG. 3 is a schematic diagram of a structural model of a vulnerability record in an embodiment of the present invention;
FIG. 4 is a block diagram of a data processing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
First, some terms in the embodiments of the present invention are explained so as to be easily understood by those skilled in the art.
1) And the vulnerability database is used for collecting and managing network security defects and vulnerability data at home and abroad.
2) The vulnerability record refers to field information included in a vulnerability database of each mechanism for describing vulnerabilities, and may cover vulnerabilities of multiple systems, such as platforms of Windows (an operating system), Linux, WebApp, Android, Symbian, and the like. In a vulnerability database, each vulnerability record may correspond to a unique vulnerability number, and a vulnerability record may record vulnerabilities according to a corresponding format, for example, according to a format such as "data source, vulnerability type, field information".
3) The data processing device may be an electronic device with data processing capability, such as a terminal device or a server. The server can be connected with a plurality of terminal devices, even can be connected with and communicate with other servers, and can acquire corresponding vulnerability records through the connected terminal devices or other servers and process the vulnerability records.
4) In the embodiments of the present invention, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" generally indicates that the preceding and following related objects are in an "or" relationship, unless otherwise specified.
The embodiments of the present invention will be described in further detail with reference to the drawings attached hereto.
Example one
As shown in fig. 1, an embodiment of the present invention provides a data processing method, which may be applied to a data processing device, and the method may be described as follows:
s11: acquiring at least two vulnerability records from at least two vulnerability databases; each vulnerability database in the at least two vulnerability databases belongs to different mechanisms, and the vulnerability records are used for describing the data content of the vulnerabilities of the systems corresponding to the different mechanisms.
In the embodiment of the present invention, the at least two vulnerability databases may be local databases of the data processing device, or may be databases stored in a terminal device or a server (e.g., a cloud server) connected to the data processing device. Typically, vulnerability databases affiliated with different organizations may be stored in each organization's own management device. The data processing device may obtain at least two vulnerability records from an existing vulnerability database by sending a data request.
S12: performing sememe analysis on the attribute characteristics of each vulnerability record in at least two vulnerability records; the vulnerability records with different attribute characteristics correspond to different classification types, and the classification types are related to the types of the data contents represented by the vulnerability records.
In an actual vulnerability database application environment, each vulnerability record has a unique number, and each vulnerability record has a standardized description. When each organization establishes its own vulnerability database, different identification, classification and rating methods are usually adopted, so that the vulnerability records of the same vulnerability record have larger difference after being issued by different organizations.
In the embodiment of the present invention, before S12, the data processing device may structure the vulnerability records of different standards based on the existing vulnerability standard to establish a more standard and normative recording manner, so that the vulnerability records can be shared and circulated between different vulnerability databases and security tools.
In the embodiment of the present invention, a structured model used by a data processing device when structuring a vulnerability record is shown in fig. 2, where the model includes a plurality of hierarchies corresponding to the vulnerability record, and each hierarchy includes a category related to the attribute feature of the vulnerability record and a corresponding sub-hierarchy. The structured model can be compatible with a plurality of vulnerability standards at home and abroad, improves the scattered segmentation state among the original different vulnerability databases, and is beneficial to fusion of vulnerabilities belonging to different organizations and heterogeneous data among different standards. In the embodiment of the invention, the data with the structured model can be called as a standard vulnerability database.
In practical application, when the data processing device structures the bug records, the bug records can be structured in a multi-level classification mode. For example, the data processing device may classify the multidimensional vulnerability records at multiple levels, for example, the multidimensional vulnerability records may be first divided into corresponding level one classifications, each level one classification may be a set of one or more closely-associated attribute features in the vulnerability records, and each vulnerability may include multiple level one classifications, each level one classification containing multiple vulnerability records. The first-level classifications are independent of each other, and the attributes in the first-level classifications are related to each other.
That is, after acquiring vulnerability records in different standards, the data processing device compares the attribute features of each vulnerability record, aggregates closely-associated attribute features, which may be multiple attribute features corresponding to the same semantic field, and then sets corresponding hierarchical types according to the multiple attribute features. For example, if the aggregated multiple attribute features are basic information, the set first hierarchical type may be "primary, basic information class".
In this way, the data processing device may perform multi-level classification on the vulnerability records according to the attribute characteristics, where the one-level classification may include multiple types, each type corresponding to the same attribute characteristic, and each type may further include a corresponding sub-level, such as a second classification type, or even a third classification type.
For example, the next level of "base information" in the first hierarchical type, i.e., the second hierarchical type, may include a bug number, a bug name, a release time, an update time, a reference link, and the like. The "vulnerability number" in the second hierarchical type may further include a third hierarchical type, such as different number information of cve, cnnvd, and the like.
In the embodiment of the invention, the data processing equipment is based on the existing domestic and foreign standards, a structural model of a standard vulnerability database is defined as shown in fig. 3, and the structural model represents the classification of vulnerability records by the data processing equipment. In fig. 3, the preset primary classification in the data processing apparatus may include 6 types, i.e., basic information, classification rating, influence, solution, attack utilization information, and source. The basic information may correspond to a plurality of closely-associated attribute features of the vulnerability record, and may include, for example, a vulnerability name, a vulnerability description, an update time, and the like. And a sub-level type is also arranged under each level type. For example, one or more secondary classifications are set under the "primary, basic information", such as "vulnerability number", "vulnerability description", "release time", etc.
Then in S12, when performing sememe analysis on the obtained attribute features of the vulnerability records, the data processing apparatus may perform sememe analysis on the attribute features of each vulnerability record, for example, perform sememe analysis on field information in the attribute features, determine the source of attribute feature characterization data, or the solution for characterizing the vulnerability, or the characterization number, and so on.
S13: associating vulnerability records of common sememes existing between attribute features in at least two vulnerability records with a first hierarchical type, and generating a standard vulnerability database containing at least one first hierarchical type; and the vulnerability records under the first hierarchical type have at least one same attribute characteristic.
In the embodiment of the invention, when the data processing equipment performs the sememe analysis on the attribute characteristics of at least two vulnerability records, the vulnerability records with the common sememe among the attribute characteristics corresponding to each vulnerability record can be determined. Generally speaking, if a plurality of attribute features of different vulnerability records have a common meaning element, it can be indicated that the attribute features of each vulnerability record have the same attribute feature. At this time, the data processing device may determine, based on the attribute features having the common sememe, a classification type corresponding to the vulnerability record, where the classification type may indicate a classification and a type corresponding to the vulnerability record.
For example, the vulnerability record 1 includes 2 attribute characteristics, where the attribute characteristic 1 is number 1 (e.g., vendor number BH1025xx799xx), and the attribute characteristic 2 is the vulnerability name; the vulnerability record B corresponds to 2 attribute features, wherein the attribute feature 1 is a number 2 (such as a CVE number), the attribute feature 2 is update time, and the attribute feature 3 is a reference link, so that the same features between the attribute features of the vulnerability record A and the vulnerability record B can be considered to belong to basic information, so that the vulnerability record A and the vulnerability record B can be classified into the same type of the same level, such as a level one and a basic information type, and the vulnerability record A and the vulnerability record B are associated with the first classification type.
In practical application, after the data processing equipment performs sememe analysis on the acquired vulnerability records, classification and storage can be performed according to a structural model of the preset vulnerability records, so that automatic classification and storage of the vulnerability records are realized, the processing efficiency of the vulnerability records is improved, and later-stage management and utilization are facilitated.
For example, after performing sememe analysis on the attribute features of the plurality of vulnerability records, the data processing apparatus may determine that the vulnerability records in the plurality of vulnerability records have the same attribute features, for example, the same attribute features characterize the vulnerability records as the records of the solution, and may automatically associate the plurality of vulnerability records to the category of "solution" in the first hierarchical type preset in fig. 3.
In this embodiment of the present invention, while or after determining, in S13, common semaphores between attribute features of vulnerability records, the data processing device may also determine different semaphores between attribute features of the vulnerability records, where the different semaphores may represent differences between attribute features of vulnerability records belonging to the same classification type, that is, determine different characteristics between vulnerability records belonging to different types under the same classification, and further determine a sub-classification after the first classification type according to the differences.
For example, the data processing device further determines a semantic element in the attribute features of the vulnerability record included in the "first-level, basic information (type)" through semantic element analysis, and may determine that the second-level classification in the second classification type under the "basic information" includes types such as "vulnerability uniform number", "vulnerability name", "vulnerability description", "release time", "update time", and "reference link".
Or, the data processing device further determines a semantic element in the attribute features of the vulnerability records included in the "first-level, influence (type)" through semantic element analysis, and may determine that the second-level classification in the "second hierarchical type under influence" includes the "system (i.e., vulnerability influencing the system)" and the "software (i.e., vulnerability influencing the software)", that is, the vulnerability records may be associated to the corresponding type in the second hierarchical type.
Certainly, after determining the semantic element corresponding to the vulnerability record, the data processing device may further perform supplementation on the basis of the second hierarchical type according to the semantic element, for example, determine a plurality of three-level classifications included in a third hierarchical type of the vulnerability record under the second hierarchical type, such as a specific vulnerability number, a name, a version and a manufacturer of affected systems and/or software, and the like, so that the analysis and classification of the vulnerability record are more complete and refined, and the accuracy and efficiency of finding the vulnerability record at a later stage are improved.
In the embodiment of the invention, after the classification type corresponding to the vulnerability record is determined, if the classification type is the first classification type and the second classification type, the vulnerability record can be associated with the corresponding classification type, so that the vulnerability record can be found through any classification type associated with the vulnerability record.
Further, the data processing device may determine, according to an association relationship between the vulnerability record and the classification type, a storage path corresponding to each vulnerability data in the at least two vulnerability records in the standard vulnerability database, where the storage path may be used to indicate a storage address of the vulnerability record in the standard vulnerability database.
The standard vulnerability database may be used for classifying and storing vulnerability records according to the structured model shown in fig. 3, and may be a database local to the data processing device, or may be a cloud database, etc. The standard database can be provided with a storage address table corresponding to each hierarchical type in the structural model, and after the storage path corresponding to each vulnerability record in at least two vulnerability records is determined, the vulnerability records can be stored in the standard vulnerability database according to the corresponding storage path, wherein the standard vulnerability database is a database which can be compatible with domestic and foreign vulnerability standards.
After storing the vulnerability records from different vulnerability databases into the standard vulnerability database according to the corresponding classification types, the data processing equipment can receive vulnerability record retrieval information, wherein the vulnerability record retrieval information comprises at least one retrieval keyword, and then the data processing equipment can determine at least one attribute characteristic corresponding to the vulnerability record retrieval information, such as basic information or influence type and the like, according to the at least one retrieval keyword.
The data processing device may determine a target classification type corresponding to the vulnerability record retrieval information according to the at least one attribute feature, where the target classification type may include a first classification type and/or a second classification type, and may even include a sub-classification type under the second classification type, and the like. The data processing device may determine at least one vulnerability record associated with the target classification category as a search result of the vulnerability record retrieval information, and output the search result. For example, certain hierarchical types of vulnerability data, such as a plurality of vulnerability records that have an impact on the system, are output.
Therefore, in the embodiment of the invention, because the standard vulnerability database adopts a structured mode to store different vulnerability records in a classified manner, and the vulnerability records of the existing independent vulnerability databases of a plurality of mechanisms are fused, and the sharing quantity and the sharing level of the vulnerability records are enriched, when a user searches the corresponding vulnerability records in the standard vulnerability database through data processing equipment, a plurality of vulnerability records of the same type related to the retrieval information can be searched based on the structured standard vulnerability database, and the related vulnerability records contained in the retrieval result are complete.
Example two
Based on the same inventive concept, an embodiment of the present invention provides a data processing apparatus, the structure of which is shown in fig. 4. The data processing device comprises an acquisition module 21, an analysis module 22 and a processing module 23, which may be used to perform the data processing method described in fig. 1.
The obtaining module 21 is configured to obtain at least two vulnerability records from at least two vulnerability databases; each vulnerability database in the at least two vulnerability databases belongs to different mechanisms, and the vulnerability records are used for describing the data content of the vulnerabilities of the systems corresponding to the different mechanisms.
The analysis module 22 is configured to perform sememe analysis on the attribute characteristics of each of the at least two vulnerability records; the vulnerability records with different attribute characteristics correspond to different classification types, and the classification types are related to the types of the data contents represented by the vulnerability records.
The processing module 23 is configured to associate the vulnerability records of the common sememe existing between the attribute features in the at least two vulnerability records with a first hierarchical type, and generate a standard vulnerability database including at least one first hierarchical type; and the vulnerability records under the first hierarchical type have at least one same attribute characteristic.
Optionally, the analysis module 22 is further configured to:
after semantic element analysis is carried out on the attribute characteristics of each vulnerability record in the at least two vulnerability records, determining that a vulnerability record with a semantic element distinguishing exists between the attribute characteristics in the at least two vulnerability records, wherein at least one distinguishing attribute characteristic exists between the attribute characteristics of the vulnerability records with the semantic element distinguishing;
the processing module 23 is further configured to:
determining vulnerability records with different sememes between attribute features in vulnerability records associated with a first hierarchical type while or after associating vulnerability records with the first hierarchical type of common sememes existing between attribute features in the at least two vulnerability records;
and determining a second classification type according to the determined attribute characteristics of the vulnerability records, and associating the vulnerability records with the second classification type, wherein the attribute characteristics of the vulnerability records have a semantic element.
In the embodiment of the invention, the attribute characteristics comprise data source information, vulnerability type information and field information.
Optionally, the data processing apparatus may further include:
the first determining module is used for determining a storage path corresponding to each vulnerability data in the at least two vulnerability records according to the incidence relation between the vulnerability records and the classification types after the vulnerability records with the different meaning elements existing between the attribute characteristics in the at least two vulnerability records are associated with the second classification type, wherein the storage path is used for indicating the storage address of the vulnerability record in the standard vulnerability database;
and the storage module is used for storing each vulnerability record in the at least two vulnerability records according to a corresponding storage path.
Optionally, the data processing apparatus further includes:
the receiving module is used for receiving vulnerability record retrieval information, and the vulnerability record retrieval information comprises at least one retrieval keyword;
the second determining module is used for determining at least one attribute characteristic corresponding to the vulnerability record retrieval information according to the at least one retrieval keyword;
a third determining module, configured to determine, according to the at least one attribute feature, a target classification type corresponding to the vulnerability record retrieval information, where the target classification type includes the first classification type and/or the second classification type;
and the output module is used for outputting at least one vulnerability record associated with the target classification category.
EXAMPLE III
In an embodiment of the present invention, a computer apparatus is further provided, and its structure is shown in fig. 5, where the computer apparatus includes a processor 31 and a memory 32, where the processor 31 is configured to implement the steps of the data processing method provided in the first embodiment of the present invention when executing the computer program stored in the memory 32.
Optionally, the processor 31 may specifically be a central processing unit, an Application Specific Integrated Circuit (ASIC), one or more Integrated circuits for controlling program execution, a hardware Circuit developed by using a Field Programmable Gate Array (FPGA), or a baseband processor.
Optionally, the processor 31 may include at least one processing core.
Optionally, the electronic device further includes a Memory 32, and the Memory 32 may include a Read Only Memory (ROM), a Random Access Memory (RAM), and a disk Memory. The memory 32 is used for storing data required by the processor 31 in operation. The number of the memory 32 is one or more.
Example four
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and when the computer instructions are executed on a computer, the steps of the data processing method according to an embodiment of the present invention may be implemented.
In the embodiments of the present invention, it should be understood that the disclosed data processing method and data processing apparatus may be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical or other form.
The functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be an independent physical module.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device, such as a personal computer, a server, or a network device, or a Processor (Processor), to execute all or part of the steps of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a Universal Serial Bus flash drive (USB), a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, and an optical disk.
The above embodiments are only used to describe the technical solutions of the present invention in detail, but the above embodiments are only used to help understanding the method of the embodiments of the present invention, and should not be construed as limiting the embodiments of the present invention. Variations or substitutions that may be readily apparent to one skilled in the art are intended to be included within the scope of the embodiments of the present invention.
Claims (12)
1. A data processing method, comprising:
acquiring at least two vulnerability records from at least two vulnerability databases; each vulnerability database in the at least two vulnerability databases belongs to different mechanisms, and the vulnerability records are used for describing data contents of vulnerabilities of systems corresponding to the different mechanisms;
performing sememe analysis on the attribute characteristics of each vulnerability record in the at least two vulnerability records; the vulnerability records with different attribute characteristics correspond to different classification types, and the classification types are related to the types of the data contents represented by the vulnerability records;
associating vulnerability records of common sememes existing between attribute features in the at least two vulnerability records with a first hierarchical type, and generating a standard vulnerability database containing at least one first hierarchical type; and the vulnerability records under the first hierarchical type have at least one same attribute characteristic.
2. The method of claim 1, wherein after performing sememe analysis on attribute features of each of the at least two vulnerability records, the method further comprises:
determining that a vulnerability record with a semantic element exists between attribute features in the at least two vulnerability records, wherein at least one distinguishing attribute feature exists between the attribute features of the vulnerability record with the semantic element;
simultaneously with or after associating the vulnerability records of the common sememe existing between the attribute features in the at least two vulnerability records with the first hierarchical type, the method further comprises:
determining vulnerability records with a semantic element between attribute features in the vulnerability records associated with the first hierarchical type;
and determining a second classification type according to the determined attribute characteristics of the vulnerability records, and associating the vulnerability records with the second classification type, wherein the attribute characteristics of the vulnerability records have a semantic element.
3. The method of claim 2, wherein the attribute characteristics include data source information, vulnerability type information, and field information.
4. The method of claim 2 or 3, wherein after associating with the second hierarchical type the vulnerability records in the at least two vulnerability records having a discriminative element between attribute features, the method further comprises:
determining a storage path corresponding to each vulnerability data in the at least two vulnerability records according to the incidence relation between the vulnerability records and the classification types, wherein the storage path is used for indicating the storage address of the vulnerability record in the standard vulnerability database;
and storing each vulnerability record in the at least two vulnerability records according to a corresponding storage path.
5. The method of claim 4, wherein the method further comprises:
receiving vulnerability record retrieval information, wherein the vulnerability record retrieval information comprises at least one retrieval keyword;
determining at least one attribute characteristic corresponding to the vulnerability record retrieval information according to the at least one retrieval keyword;
determining a target classification type corresponding to the vulnerability record retrieval information according to the at least one attribute feature, wherein the target classification type comprises the first classification type and/or the second classification type;
and outputting at least one vulnerability record associated with the target classification category.
6. A data processing apparatus, characterized by comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring at least two vulnerability records from at least two vulnerability databases; each vulnerability database in the at least two vulnerability databases belongs to different mechanisms, and the vulnerability records are used for describing data contents of vulnerabilities of systems corresponding to the different mechanisms;
the analysis module is used for carrying out sememe analysis on the attribute characteristics of each vulnerability record in the at least two vulnerability records; the vulnerability records with different attribute characteristics correspond to different classification types, and the classification types are related to the types of the data contents represented by the vulnerability records;
the processing module is used for associating the vulnerability records of the common sememes existing between the attribute features in the at least two vulnerability records with a first hierarchical type and generating a standard vulnerability database containing at least one first hierarchical type; and the vulnerability records under the first hierarchical type have at least one same attribute characteristic.
7. The device of claim 6, wherein the analysis module is further to:
after semantic element analysis is carried out on the attribute characteristics of each vulnerability record in the at least two vulnerability records, determining that a vulnerability record with a semantic element distinguishing exists between the attribute characteristics in the at least two vulnerability records, wherein at least one distinguishing attribute characteristic exists between the attribute characteristics of the vulnerability records with the semantic element distinguishing;
the processing module is further configured to:
determining vulnerability records with different sememes between attribute features in vulnerability records associated with a first hierarchical type while or after associating vulnerability records with the first hierarchical type of common sememes existing between attribute features in the at least two vulnerability records;
and determining a second classification type according to the determined attribute characteristics of the vulnerability records, and associating the vulnerability records with the second classification type, wherein the attribute characteristics of the vulnerability records have a semantic element.
8. The apparatus of claim 6, in which the attribute characteristics comprise data source information, vulnerability type information, and field information.
9. The device of claim 7, wherein the data processing device further comprises:
the first determining module is used for determining a storage path corresponding to each vulnerability data in the at least two vulnerability records according to the incidence relation between the vulnerability records and the classification types after the vulnerability records with the different meaning elements existing between the attribute characteristics in the at least two vulnerability records are associated with the second classification type, wherein the storage path is used for indicating the storage address of the vulnerability record in the standard vulnerability database;
and the storage module is used for storing each vulnerability record in the at least two vulnerability records according to a corresponding storage path.
10. The apparatus of claim 9, wherein the data processing apparatus further comprises:
the receiving module is used for receiving vulnerability record retrieval information, and the vulnerability record retrieval information comprises at least one retrieval keyword;
the second determining module is used for determining at least one attribute characteristic corresponding to the vulnerability record retrieval information according to the at least one retrieval keyword;
a third determining module, configured to determine, according to the at least one attribute feature, a target classification type corresponding to the vulnerability record retrieval information, where the target classification type includes the first classification type and/or the second classification type;
and the output module is used for outputting at least one vulnerability record associated with the target classification category.
11. A computer arrangement, characterized in that the computer arrangement comprises a processor for implementing the method according to any of claims 1-5 when executing a computer program stored in a memory.
12. A computer-readable storage medium having stored thereon computer instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710910062.XA CN107609179B (en) | 2017-09-29 | 2017-09-29 | Data processing method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710910062.XA CN107609179B (en) | 2017-09-29 | 2017-09-29 | Data processing method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107609179A CN107609179A (en) | 2018-01-19 |
| CN107609179B true CN107609179B (en) | 2020-02-07 |
Family
ID=61067164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710910062.XA Active CN107609179B (en) | 2017-09-29 | 2017-09-29 | Data processing method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107609179B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965254A (en) * | 2018-06-11 | 2018-12-07 | 武汉般若互动科技有限公司 | One kind being used for government website security protection scheme |
| CN110502902A (en) * | 2019-08-07 | 2019-11-26 | 杭州海康威视数字技术股份有限公司 | A kind of vulnerability classification method, device and equipment |
| CN111310195A (en) * | 2020-03-27 | 2020-06-19 | 北京双湃智安科技有限公司 | Security vulnerability management method, device, system, equipment and storage medium |
| CN114860797B (en) * | 2022-03-16 | 2023-05-26 | 电子科技大学 | Data derivatization processing method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101334787A (en) * | 2008-07-22 | 2008-12-31 | 深圳钱袋商务有限公司 | Objects evaluation information enquiry system and method |
| WO2010115065A3 (en) * | 2009-04-03 | 2011-01-20 | Tyratech, Inc. | Methods for pest control employing microemulsion-based enhanced pest control formulations |
| CN105530243A (en) * | 2015-12-03 | 2016-04-27 | 中国南方电网有限责任公司信息中心 | Realizing method of network attack event quantitative hierarchical algorithm |
| CN105635112A (en) * | 2015-12-18 | 2016-06-01 | 国家电网公司 | Information system security performance assessment method |
| CN106682527A (en) * | 2016-12-25 | 2017-05-17 | 北京明朝万达科技股份有限公司 | Data security control method and system based on data classification and grading |
-
2017
- 2017-09-29 CN CN201710910062.XA patent/CN107609179B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101334787A (en) * | 2008-07-22 | 2008-12-31 | 深圳钱袋商务有限公司 | Objects evaluation information enquiry system and method |
| WO2010115065A3 (en) * | 2009-04-03 | 2011-01-20 | Tyratech, Inc. | Methods for pest control employing microemulsion-based enhanced pest control formulations |
| CN105530243A (en) * | 2015-12-03 | 2016-04-27 | 中国南方电网有限责任公司信息中心 | Realizing method of network attack event quantitative hierarchical algorithm |
| CN105635112A (en) * | 2015-12-18 | 2016-06-01 | 国家电网公司 | Information system security performance assessment method |
| CN106682527A (en) * | 2016-12-25 | 2017-05-17 | 北京明朝万达科技股份有限公司 | Data security control method and system based on data classification and grading |
Non-Patent Citations (2)
| Title |
|---|
| 专网安全保护策略研究;韦加宁 等;《信息网络安全》;20160910;173-176 * |
| 我国漏洞披露平台安全问题分析及对策建议;于成丽;《保密科学技术》;20170120;56-59 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107609179A (en) | 2018-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107609179B (en) | Data processing method and equipment | |
| WO2018120721A1 (en) | Method and system for testing user interface, electronic device, and computer readable storage medium | |
| CN110287696B (en) | Detection method, device and equipment for rebound shell process | |
| CN110515896B (en) | Model resource management method, model file manufacturing method, device and system | |
| CN106681854B (en) | Information verification method, device and system | |
| CN112929216A (en) | Asset management method, device, equipment and readable storage medium | |
| CN110737689A (en) | Data standard conformance detection method, device, system and storage medium | |
| CN113132311A (en) | Abnormal access detection method, device and equipment | |
| CN110990447A (en) | Data probing method, device, equipment and storage medium | |
| CN110955801A (en) | Knowledge graph analysis method and system for cognos report indexes | |
| CN110659063A (en) | Software project reconstruction method and device, computer device and storage medium | |
| CN111190880A (en) | Database detection method and device and computer readable storage medium | |
| CN113760891A (en) | Data table generation method, device, equipment and storage medium | |
| CN112668314A (en) | Data standard conformance detection method, device, system and storage medium | |
| CN112328363A (en) | Cloud hard disk mounting method and device | |
| CN109101595B (en) | Information query method, device, equipment and computer readable storage medium | |
| CN115757174A (en) | Database difference detection method and device | |
| JP2013077124A (en) | Software test case generation device | |
| CN112068979B (en) | Service fault determination method and device | |
| CN112860811B (en) | Method and device for determining data blood relationship, electronic equipment and storage medium | |
| CN112800149B (en) | Data treatment method and system based on data blood edge analysis | |
| CN114866627A (en) | Message checking method, device, processor and electronic equipment | |
| CN111352818B (en) | Application program performance analysis method and device, storage medium and electronic equipment | |
| CN111352824A (en) | Test method and device and computer equipment | |
| CN109558418A (en) | A kind of method of automatic identification information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee after: NSFOCUS Technologies Group Co.,Ltd. Patentee after: NSFOCUS TECHNOLOGIES Inc. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Patentee before: NSFOCUS TECHNOLOGIES Inc. |
|
| CP01 | Change in the name or title of a patent holder |