CN107977576A - A kind of host leakage location and method based on employing fingerprint - Google Patents

A kind of host leakage location and method based on employing fingerprint Download PDF

Info

Publication number
CN107977576A
CN107977576A CN201610921264.XA CN201610921264A CN107977576A CN 107977576 A CN107977576 A CN 107977576A CN 201610921264 A CN201610921264 A CN 201610921264A CN 107977576 A CN107977576 A CN 107977576A
Authority
CN
China
Prior art keywords
software
host
employing fingerprint
employing
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610921264.XA
Other languages
Chinese (zh)
Inventor
施雪成
刘丰
毛俐旻
海然
达小文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201610921264.XA priority Critical patent/CN107977576A/en
Publication of CN107977576A publication Critical patent/CN107977576A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a kind of host leakage location and method based on employing fingerprint, wherein, including:The finger print information of application software is stored in employing fingerprint storehouse, which is the unique attribute set of one software of mark;Software scans module is used for the finger print information in employing fingerprint storehouse, and the finger print information of the software document scanned is matched with the finger print information in employing fingerprint storehouse;Employing fingerprint acquisition module is used for file progress MD5 characteristic value calculating matched with finger print information in employing fingerprint storehouse that is being obtained to scanning;Employing fingerprint comparing module is used to the software document of acquisition being compared with the MD5 values of file of the same name in employing fingerprint storehouse;Scanning result receiving module, the software and version and corresponding vulnerability information that the system to be scanned obtained for receiving host scanning system vulnerability scanning is installed.Host leakage location and method based on employing fingerprint effectively increase Host Security in network, carry out safety detection to host loophole in time.

Description

A kind of host leakage location and method based on employing fingerprint
Technical field
The invention belongs to technical field of network information safety, particularly a kind of host Hole Detection system based on employing fingerprint System and method.
Background technology
With the high speed development of computer networking technology, the application of network starts to penetrate into each portion of social life Point.In this huge network, the fundamental node that support system normal operation is exactly network host.These hosts include clothes Business device, personal computer etc..However, there is security breaches to varying degrees for the software run on host.Rogue program with When can utilize these loopholes, influence the normal operation of network system, heavy losses caused to host and network security.
The content of the invention
It is an object of the invention to provide a kind of host leakage location and method based on employing fingerprint, for solving Above-mentioned problem of the prior art.
A kind of host leakage location based on employing fingerprint of the present invention, wherein, including:Host leakage location with And host scanner system, host scanner system are installed in system to be scanned;Host leakage location includes employing fingerprint storehouse And scanning result receiving module;Host scanner system includes:Software scans module, employing fingerprint acquisition module and application refer to Line comparing module;The finger print information of application software is stored in employing fingerprint storehouse, the finger print information is unique for one software of mark Attribute set;Software scans module is used for the finger print information in employing fingerprint storehouse, scans the file of system to be scanned, will sweep The finger print information for the software document retouched is matched with the finger print information in employing fingerprint storehouse, in acquisition and employing fingerprint storehouse The matched file of finger print information, is sent to employing fingerprint acquisition module;Employing fingerprint acquisition module be used for scanning obtain with The matched file of finger print information in employing fingerprint storehouse carries out MD5 characteristic value calculating, and result of calculation is sent to employing fingerprint Comparing module;Employing fingerprint comparing module be used for by the MD5 values of file of the same name in the software document of acquisition and employing fingerprint storehouse into Row compares, and according to comparison result, determines software and version that system to be scanned is installed, and corresponding vulnerability information;Scanning As a result receiving module, the software and version that the system to be scanned obtained for receiving host scanning system vulnerability scanning is installed, And corresponding vulnerability information.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, the inspection of host loophole Examining system further includes:Employing fingerprint information sending module and employing fingerprint information receiving module;Employing fingerprint information sends mould Block is used for the finger print information for searching employing fingerprint storehouse, and is sent to host scanner system.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, host scanning system System further includes:Employing fingerprint information receiving module, for answering in the employing fingerprint storehouse of receiving host leakage location transmission Use finger print information.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, host scanning system System further includes:Scanning result sending module, the software information in terminal and server detected is with corresponding loophole as a result, returning To host leakage location.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, application software Finger print information includes dbase, software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, software Vulnerability information and software patch information.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, the inspection of host loophole Examining system further includes:Scan report generation module, for carrying out the generation of Hole Detection result report.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, Hole Detection knot Fruit report includes:Scan the loophole statistical information of the loophole total number come, harm and various dimensions.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, system to be scanned Including the network terminal and server.
A kind of host leak detection method based on employing fingerprint of the present invention, wherein, including:Step 1:Scan the network terminal With the software document on server, and in employing fingerprint storehouse carry out software document software fingerprinting file lookup and matching, If the software fingerprinting file scanned is matched with the fileinfo in file fingerprint storehouse, confirm on measured terminal and server The software of installation;Step 2:The software fingerprinting file of the software document scanned is subjected to the calculating of MD5 values, and with employing fingerprint storehouse In software fingerprinting file MD5 values be compared, if MD5 values are identical, it is determined that one installed on measured terminal and server The version of software;Step 3:Lookup is associated in employing fingerprint storehouse, determines the vulnerability information of the software version of host installation.
An embodiment of the host leak detection method based on employing fingerprint according to the present invention, wherein, further include:Step 4:Test results report is generated according to the result of step 3.
To sum up, the present invention proposes a kind of host leakage based on employing fingerprint to solve the problems, such as host application security breaches Hole detecting system and method, by establishing host leakage location, host application software is scanned using host scanner system, with Veritification is compared in employing fingerprint storehouse, finally found that host loophole.Host Security in network is improved, in time to host loophole Safety detection is carried out, user can be prompted to carry out software upgrading or loophole reparation in time.
Brief description of the drawings
Fig. 1 show the module map of the host leakage location of the invention based on employing fingerprint.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's Embodiment is described in further detail.
Fig. 1 show the module map of the host leakage location of the invention based on employing fingerprint, as shown in Figure 1, this hair The bright host leakage location based on employing fingerprint includes:Host leakage location 1 and host scanner system
Host Hole Detection technology based on employing fingerprint needs to establish host Hole Detection management system 1 and host scanning System 2.Host leakage location 1 includes employing fingerprint storehouse 11, finger print information sending module 12, scanning result receiving module 13rd, scan report generation module 14.Wherein employing fingerprint storehouse 11 is key modules, and application software is stored in employing fingerprint storehouse 11 Finger print information, it is including dbase, software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, soft Part vulnerability information and software patch information (software upgrade package is considered as a kind of patch by the present invention) etc..These finger print informations identify The unique attribute set of a software.Host scanner system is installed on the network terminal and server, for scanning the machine Software document information.By the way that host software information is compared with the information in employing fingerprint storehouse, so as to confirm to pacify on host The software information and vulnerability information of dress, and generate vulnerability scanning report.
As shown in Figure 1, the function module of the host leakage location of employing fingerprint includes:Host leakage location 1 Mould is generated including employing fingerprint storehouse 11, employing fingerprint information sending module 12, scanning result receiving module 13 and scan report Block 14.Host scanner system 2 includes employing fingerprint information receiving module 21, software scans module 22, employing fingerprint acquisition module 23rd, employing fingerprint comparing module 24 and scanning result sending module 25.
As shown in Figure 1, employing fingerprint information sending module 12 be mainly used for be by the dbase in employing fingerprint storehouse 11, Software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, software vulnerability information, software patch information Host scanner system 2 is sent to Deng employing fingerprint information to use.
Obtained as shown in Figure 1,14 major function of scanning result receiving module is receiving host scanning system vulnerability scanning Host loophole result details.Checked for host leakage location result and provide result details data with report generation.
As shown in Figure 1, the major function of scan report generation module 13 is to carry out the generation of Hole Detection result report.Report Accusing content includes result general introduction and statistical conditions detailed description.As a result overview section summarizes the loophole total number for scanning, danger Evil grade etc.;Statistical conditions detailed portion illustrates the loophole statistical information situation shown according to different dimensions.
As shown in Figure 1, employing fingerprint storehouse 11 stores the finger print information of application software in a standardized way, including software Essential information, i.e. dbase, software version number, software vendor;After software fingerprinting file, that is, software installation to operating system, only A set of file of one marking software particular version.These files can be software executable or software relies on Dynamic link library file etc.;The software fingerprinting file MD5 values, that is, one-to-one MD5 values of software fingerprinting file;Software vulnerability information I.e. after manufacturer or security test personnel test, the vulnerability information of particular version software;Software patch information, that is, manufacturer To repair the software upgrading installation kit or patch installation package informatin that software vulnerability information is issued.
As shown in Figure 1,21 major function of employing fingerprint information receiving module of host scanner system 2 is receiving host loophole Employing fingerprint information in the employing fingerprint storehouse that detecting system is sent, it is soft during Hole Detection for host scanner system Part scanning, fingerprint comparison and loophole are found.
As shown in Figure 1, employing fingerprint file of the software scans module 22 in employing fingerprint storehouse 11, scanning host scanning File on the 2 place network terminal of system and server.By way of being scanned different operating path, by the software scanned text Part finger print information is matched with the finger print information in employing fingerprint storehouse 11, it is final obtain in terminal and server with employing fingerprint The matched file of fileinfo, uses for employing fingerprint acquisition module 23.
As shown in Figure 1, employing fingerprint acquisition module 23 is mainly used for software scans module 22 in the network terminal and service The each employing fingerprint file scanned on device carries out MD5 characteristic value calculating, refers to for using fingerprint comparison module apply Line compares.The MD5 values of each file fingerprint are obtained by MD5 algorithms, and result is recorded to carry out fingerprint comparison.
As shown in Figure 1, employing fingerprint comparing module 25 is the key modules of whole Hole Detection process, it is mainly used for obtaining The software document taken is compared with the MD5 values of file of the same name in employing fingerprint storehouse.When the file scanned and employing fingerprint text When part matches completely, illustrate the software that particular version is mounted with measured terminal and server, and then in employing fingerprint storehouse 11 The associated vulnerability information of this version software is searched, finally found that software vulnerability.
As shown in Figure 1, scanning result sending module 24 is mainly used for terminal and the service for detecting host scanner system 2 Software information and corresponding vulnerability information on device are sent to host leakage location 1, are checked for administrator, and as generation report The data source of announcement.
As shown in Figure 1, the host leak detection method of the invention based on employing fingerprint includes:
Step 1:Host scanner system scans host software.Hole Detection task is opened, host scanner system scanning network Software document in terminal and server, and in employing fingerprint storehouse carry out file fingerprint information lookup and matching.If sweep The file retouched all is matched with the fileinfo in file fingerprint storehouse, then confirms to be mounted with measured terminal and server specific Certain software of version.
Step 2:Fingerprint comparison.The software fingerprinting file scanned is subjected to the calculating of MD5 values, and with employing fingerprint storehouse Software fingerprinting file MD5 values are compared.If the MD5 values of each file are all identical, measured terminal kimonos can be determined The software of particular version is mounted with business device.
Step 3:Hole Detection.Pass through step 1 and step 2, it is determined that dbase and software version.By referring in application Lookup is associated in line storehouse, it can be found that the vulnerability information of the particular version software of host installation.
Step 4:Report generation.Host leakage location receives the Hole Detection result that whole host scanner system is sent Afterwards, the report of Hole Detection result is generated.
To sum up, the present invention proposes a kind of host leakage based on employing fingerprint to solve the problems, such as host application security breaches Hole detecting system and method, by establishing host leakage location, host application software is scanned using host scanner system, with Veritification is compared in employing fingerprint storehouse, finally found that host loophole.Host Security in network is improved, in time to host loophole Safety detection is carried out, user can be prompted to carry out software upgrading or loophole reparation in time.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these are improved and deformation Also it should be regarded as protection scope of the present invention.

Claims (10)

  1. A kind of 1. host leakage location based on employing fingerprint, it is characterised in that including:Host leakage location and Host scanner system, host scanner system are installed in system to be scanned;
    Host leakage location includes employing fingerprint storehouse and scanning result receiving module;
    Host scanner system includes:Software scans module, employing fingerprint acquisition module and employing fingerprint comparing module;
    The finger print information of application software is stored in employing fingerprint storehouse, which is the unique attribute collection of one software of mark Close;
    Software scans module is used for the finger print information in employing fingerprint storehouse, scans the file of system to be scanned, scanning is arrived The finger print information of software document matched with the finger print information in employing fingerprint storehouse, obtain and the fingerprint in employing fingerprint storehouse The file of information matches, is sent to employing fingerprint acquisition module;
    Employing fingerprint acquisition module is used for file progress MD5 matched with finger print information in employing fingerprint storehouse that be being obtained to scanning Characteristic value calculates, and result of calculation is sent to employing fingerprint comparing module;
    Employing fingerprint comparing module is used to be compared the software document of acquisition and the MD5 values of file of the same name in employing fingerprint storehouse It is right, according to comparison result, determine software and version that system to be scanned is installed, and corresponding vulnerability information;
    Scanning result receiving module, the software that the system to be scanned obtained for receiving host scanning system vulnerability scanning is installed And version, and corresponding vulnerability information.
  2. 2. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host Hole Detection System further includes:Employing fingerprint information sending module and employing fingerprint information receiving module;
    Employing fingerprint information sending module is used for the finger print information for searching employing fingerprint storehouse, and is sent to host scanner system.
  3. 3. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host scanner system Further include:Employing fingerprint information receiving module, for the application in the employing fingerprint storehouse of receiving host leakage location transmission Finger print information.
  4. 4. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host scanner system Further include:Scanning result sending module, the software information in terminal and server detected is with corresponding loophole as a result, returning to Host leakage location.
  5. 5. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that the finger of application software Line information includes dbase, software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, software leakage Hole information and software patch information.
  6. 6. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host Hole Detection System further includes:Scan report generation module, for carrying out the generation of Hole Detection result report.
  7. 7. the host leakage location based on employing fingerprint as claimed in claim 6, it is characterised in that Hole Detection result Report includes:Scan the loophole statistical information of the loophole total number come, harm and various dimensions.
  8. 8. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that system bag to be scanned Include the network terminal and server.
  9. A kind of 9. host leak detection method based on employing fingerprint, it is characterised in that including:
    Step 1:The software document on the network terminal and server is scanned, and the software of software document is carried out in employing fingerprint storehouse The lookup and matching of file fingerprint, if the software fingerprinting file scanned is matched with the fileinfo in file fingerprint storehouse, Perform step 2;
    Step 2:The software fingerprinting file of the software document scanned is subjected to the calculating of MD5 values, and with it is soft in employing fingerprint storehouse Part file fingerprint MD5 values are compared, if MD5 values are identical, it is determined that the software installed on measured terminal and server Version;
    Step 3:Lookup is associated in employing fingerprint storehouse, determines the vulnerability information of the software version of host installation.
  10. 10. the host leak detection method of employing fingerprint as claimed in claim 9, it is characterised in that further include:Step 4:Root Test results report is generated according to the result of step 3.
CN201610921264.XA 2016-10-21 2016-10-21 A kind of host leakage location and method based on employing fingerprint Pending CN107977576A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610921264.XA CN107977576A (en) 2016-10-21 2016-10-21 A kind of host leakage location and method based on employing fingerprint

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610921264.XA CN107977576A (en) 2016-10-21 2016-10-21 A kind of host leakage location and method based on employing fingerprint

Publications (1)

Publication Number Publication Date
CN107977576A true CN107977576A (en) 2018-05-01

Family

ID=62003852

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610921264.XA Pending CN107977576A (en) 2016-10-21 2016-10-21 A kind of host leakage location and method based on employing fingerprint

Country Status (1)

Country Link
CN (1) CN107977576A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110162980A (en) * 2019-05-31 2019-08-23 上交所技术有限责任公司 A kind of method of one-stop safety test and management in software development process
CN110210228A (en) * 2019-04-26 2019-09-06 国家电网有限公司 A kind of host equipment vulnerability scanning method and system
CN111290935A (en) * 2018-12-06 2020-06-16 中国移动通信集团辽宁有限公司 Application program APP detection method, device, equipment and medium
CN112906007A (en) * 2021-02-09 2021-06-04 中国工商银行股份有限公司 Open source software vulnerability management and control method and device
CN114095286A (en) * 2022-01-24 2022-02-25 浙江国利网安科技有限公司 Network security risk depth detection method and device for electric power intelligent terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573525A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Special information service software vulnerability fixing system based on white lists
CN105095769A (en) * 2015-08-28 2015-11-25 中国航天科工集团第二研究院七〇六所 Information service software vulnerability detection method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573525A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Special information service software vulnerability fixing system based on white lists
CN105095769A (en) * 2015-08-28 2015-11-25 中国航天科工集团第二研究院七〇六所 Information service software vulnerability detection method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111290935A (en) * 2018-12-06 2020-06-16 中国移动通信集团辽宁有限公司 Application program APP detection method, device, equipment and medium
CN110210228A (en) * 2019-04-26 2019-09-06 国家电网有限公司 A kind of host equipment vulnerability scanning method and system
CN110162980A (en) * 2019-05-31 2019-08-23 上交所技术有限责任公司 A kind of method of one-stop safety test and management in software development process
CN110162980B (en) * 2019-05-31 2023-04-18 上交所技术有限责任公司 One-stop safety testing and managing method in software development process
CN112906007A (en) * 2021-02-09 2021-06-04 中国工商银行股份有限公司 Open source software vulnerability management and control method and device
CN114095286A (en) * 2022-01-24 2022-02-25 浙江国利网安科技有限公司 Network security risk depth detection method and device for electric power intelligent terminal

Similar Documents

Publication Publication Date Title
CN107977576A (en) A kind of host leakage location and method based on employing fingerprint
US20180253545A1 (en) File authentication method and apparatus
KR101402057B1 (en) Analyzing system of repackage application through calculation of risk and method thereof
WO2021003982A1 (en) Service system vulnerability processing method and apparatus, computer device, and storage medium
CN108683687B (en) Network attack identification method and system
US20190104154A1 (en) Phishing attack detection
CN108881263B (en) Network attack result detection method and system
CN103679031B (en) A kind of immune method and apparatus of file virus
WO2020000743A1 (en) Webshell detection method and related device
CN105653947B (en) The method and device of data safety risk is applied in a kind of assessment
JP6711000B2 (en) Information processing apparatus, virus detection method, and program
CN103699844A (en) Safety protection system and safety protection method
CN105095769A (en) Information service software vulnerability detection method
CN112818352B (en) Database detection method and device, storage medium and electronic device
KR20100005518A (en) Method for detecting the file with fraud name and apparatus thereof
CN110071924B (en) Big data analysis method and system based on terminal
CN113704328B (en) User behavior big data mining method and system based on artificial intelligence
CN104980407A (en) Misinformation detecting method and device
Faruki et al. Droidolytics: robust feature signature for repackaged android apps on official and third party android markets
KR101803888B1 (en) Method and apparatus for detecting malicious application based on similarity
CN110135153A (en) The credible detection method and device of software
CN105791250B (en) Application program detection method and device
Feichtner et al. Obfuscation-resilient code recognition in Android apps
US10169582B2 (en) System, method, and computer program product for identifying a file used to automatically launch content as unwanted
Riasat et al. Onamd: an online android malware detection approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180501

RJ01 Rejection of invention patent application after publication