CN107977576A - A kind of host leakage location and method based on employing fingerprint - Google Patents
A kind of host leakage location and method based on employing fingerprint Download PDFInfo
- Publication number
- CN107977576A CN107977576A CN201610921264.XA CN201610921264A CN107977576A CN 107977576 A CN107977576 A CN 107977576A CN 201610921264 A CN201610921264 A CN 201610921264A CN 107977576 A CN107977576 A CN 107977576A
- Authority
- CN
- China
- Prior art keywords
- software
- host
- employing fingerprint
- employing
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a kind of host leakage location and method based on employing fingerprint, wherein, including:The finger print information of application software is stored in employing fingerprint storehouse, which is the unique attribute set of one software of mark;Software scans module is used for the finger print information in employing fingerprint storehouse, and the finger print information of the software document scanned is matched with the finger print information in employing fingerprint storehouse;Employing fingerprint acquisition module is used for file progress MD5 characteristic value calculating matched with finger print information in employing fingerprint storehouse that is being obtained to scanning;Employing fingerprint comparing module is used to the software document of acquisition being compared with the MD5 values of file of the same name in employing fingerprint storehouse;Scanning result receiving module, the software and version and corresponding vulnerability information that the system to be scanned obtained for receiving host scanning system vulnerability scanning is installed.Host leakage location and method based on employing fingerprint effectively increase Host Security in network, carry out safety detection to host loophole in time.
Description
Technical field
The invention belongs to technical field of network information safety, particularly a kind of host Hole Detection system based on employing fingerprint
System and method.
Background technology
With the high speed development of computer networking technology, the application of network starts to penetrate into each portion of social life
Point.In this huge network, the fundamental node that support system normal operation is exactly network host.These hosts include clothes
Business device, personal computer etc..However, there is security breaches to varying degrees for the software run on host.Rogue program with
When can utilize these loopholes, influence the normal operation of network system, heavy losses caused to host and network security.
The content of the invention
It is an object of the invention to provide a kind of host leakage location and method based on employing fingerprint, for solving
Above-mentioned problem of the prior art.
A kind of host leakage location based on employing fingerprint of the present invention, wherein, including:Host leakage location with
And host scanner system, host scanner system are installed in system to be scanned;Host leakage location includes employing fingerprint storehouse
And scanning result receiving module;Host scanner system includes:Software scans module, employing fingerprint acquisition module and application refer to
Line comparing module;The finger print information of application software is stored in employing fingerprint storehouse, the finger print information is unique for one software of mark
Attribute set;Software scans module is used for the finger print information in employing fingerprint storehouse, scans the file of system to be scanned, will sweep
The finger print information for the software document retouched is matched with the finger print information in employing fingerprint storehouse, in acquisition and employing fingerprint storehouse
The matched file of finger print information, is sent to employing fingerprint acquisition module;Employing fingerprint acquisition module be used for scanning obtain with
The matched file of finger print information in employing fingerprint storehouse carries out MD5 characteristic value calculating, and result of calculation is sent to employing fingerprint
Comparing module;Employing fingerprint comparing module be used for by the MD5 values of file of the same name in the software document of acquisition and employing fingerprint storehouse into
Row compares, and according to comparison result, determines software and version that system to be scanned is installed, and corresponding vulnerability information;Scanning
As a result receiving module, the software and version that the system to be scanned obtained for receiving host scanning system vulnerability scanning is installed,
And corresponding vulnerability information.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, the inspection of host loophole
Examining system further includes:Employing fingerprint information sending module and employing fingerprint information receiving module;Employing fingerprint information sends mould
Block is used for the finger print information for searching employing fingerprint storehouse, and is sent to host scanner system.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, host scanning system
System further includes:Employing fingerprint information receiving module, for answering in the employing fingerprint storehouse of receiving host leakage location transmission
Use finger print information.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, host scanning system
System further includes:Scanning result sending module, the software information in terminal and server detected is with corresponding loophole as a result, returning
To host leakage location.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, application software
Finger print information includes dbase, software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, software
Vulnerability information and software patch information.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, the inspection of host loophole
Examining system further includes:Scan report generation module, for carrying out the generation of Hole Detection result report.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, Hole Detection knot
Fruit report includes:Scan the loophole statistical information of the loophole total number come, harm and various dimensions.
An embodiment of the host leakage location based on employing fingerprint according to the present invention, wherein, system to be scanned
Including the network terminal and server.
A kind of host leak detection method based on employing fingerprint of the present invention, wherein, including:Step 1:Scan the network terminal
With the software document on server, and in employing fingerprint storehouse carry out software document software fingerprinting file lookup and matching,
If the software fingerprinting file scanned is matched with the fileinfo in file fingerprint storehouse, confirm on measured terminal and server
The software of installation;Step 2:The software fingerprinting file of the software document scanned is subjected to the calculating of MD5 values, and with employing fingerprint storehouse
In software fingerprinting file MD5 values be compared, if MD5 values are identical, it is determined that one installed on measured terminal and server
The version of software;Step 3:Lookup is associated in employing fingerprint storehouse, determines the vulnerability information of the software version of host installation.
An embodiment of the host leak detection method based on employing fingerprint according to the present invention, wherein, further include:Step
4:Test results report is generated according to the result of step 3.
To sum up, the present invention proposes a kind of host leakage based on employing fingerprint to solve the problems, such as host application security breaches
Hole detecting system and method, by establishing host leakage location, host application software is scanned using host scanner system, with
Veritification is compared in employing fingerprint storehouse, finally found that host loophole.Host Security in network is improved, in time to host loophole
Safety detection is carried out, user can be prompted to carry out software upgrading or loophole reparation in time.
Brief description of the drawings
Fig. 1 show the module map of the host leakage location of the invention based on employing fingerprint.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's
Embodiment is described in further detail.
Fig. 1 show the module map of the host leakage location of the invention based on employing fingerprint, as shown in Figure 1, this hair
The bright host leakage location based on employing fingerprint includes:Host leakage location 1 and host scanner system
Host Hole Detection technology based on employing fingerprint needs to establish host Hole Detection management system 1 and host scanning
System 2.Host leakage location 1 includes employing fingerprint storehouse 11, finger print information sending module 12, scanning result receiving module
13rd, scan report generation module 14.Wherein employing fingerprint storehouse 11 is key modules, and application software is stored in employing fingerprint storehouse 11
Finger print information, it is including dbase, software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, soft
Part vulnerability information and software patch information (software upgrade package is considered as a kind of patch by the present invention) etc..These finger print informations identify
The unique attribute set of a software.Host scanner system is installed on the network terminal and server, for scanning the machine
Software document information.By the way that host software information is compared with the information in employing fingerprint storehouse, so as to confirm to pacify on host
The software information and vulnerability information of dress, and generate vulnerability scanning report.
As shown in Figure 1, the function module of the host leakage location of employing fingerprint includes:Host leakage location 1
Mould is generated including employing fingerprint storehouse 11, employing fingerprint information sending module 12, scanning result receiving module 13 and scan report
Block 14.Host scanner system 2 includes employing fingerprint information receiving module 21, software scans module 22, employing fingerprint acquisition module
23rd, employing fingerprint comparing module 24 and scanning result sending module 25.
As shown in Figure 1, employing fingerprint information sending module 12 be mainly used for be by the dbase in employing fingerprint storehouse 11,
Software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, software vulnerability information, software patch information
Host scanner system 2 is sent to Deng employing fingerprint information to use.
Obtained as shown in Figure 1,14 major function of scanning result receiving module is receiving host scanning system vulnerability scanning
Host loophole result details.Checked for host leakage location result and provide result details data with report generation.
As shown in Figure 1, the major function of scan report generation module 13 is to carry out the generation of Hole Detection result report.Report
Accusing content includes result general introduction and statistical conditions detailed description.As a result overview section summarizes the loophole total number for scanning, danger
Evil grade etc.;Statistical conditions detailed portion illustrates the loophole statistical information situation shown according to different dimensions.
As shown in Figure 1, employing fingerprint storehouse 11 stores the finger print information of application software in a standardized way, including software
Essential information, i.e. dbase, software version number, software vendor;After software fingerprinting file, that is, software installation to operating system, only
A set of file of one marking software particular version.These files can be software executable or software relies on
Dynamic link library file etc.;The software fingerprinting file MD5 values, that is, one-to-one MD5 values of software fingerprinting file;Software vulnerability information
I.e. after manufacturer or security test personnel test, the vulnerability information of particular version software;Software patch information, that is, manufacturer
To repair the software upgrading installation kit or patch installation package informatin that software vulnerability information is issued.
As shown in Figure 1,21 major function of employing fingerprint information receiving module of host scanner system 2 is receiving host loophole
Employing fingerprint information in the employing fingerprint storehouse that detecting system is sent, it is soft during Hole Detection for host scanner system
Part scanning, fingerprint comparison and loophole are found.
As shown in Figure 1, employing fingerprint file of the software scans module 22 in employing fingerprint storehouse 11, scanning host scanning
File on the 2 place network terminal of system and server.By way of being scanned different operating path, by the software scanned text
Part finger print information is matched with the finger print information in employing fingerprint storehouse 11, it is final obtain in terminal and server with employing fingerprint
The matched file of fileinfo, uses for employing fingerprint acquisition module 23.
As shown in Figure 1, employing fingerprint acquisition module 23 is mainly used for software scans module 22 in the network terminal and service
The each employing fingerprint file scanned on device carries out MD5 characteristic value calculating, refers to for using fingerprint comparison module apply
Line compares.The MD5 values of each file fingerprint are obtained by MD5 algorithms, and result is recorded to carry out fingerprint comparison.
As shown in Figure 1, employing fingerprint comparing module 25 is the key modules of whole Hole Detection process, it is mainly used for obtaining
The software document taken is compared with the MD5 values of file of the same name in employing fingerprint storehouse.When the file scanned and employing fingerprint text
When part matches completely, illustrate the software that particular version is mounted with measured terminal and server, and then in employing fingerprint storehouse 11
The associated vulnerability information of this version software is searched, finally found that software vulnerability.
As shown in Figure 1, scanning result sending module 24 is mainly used for terminal and the service for detecting host scanner system 2
Software information and corresponding vulnerability information on device are sent to host leakage location 1, are checked for administrator, and as generation report
The data source of announcement.
As shown in Figure 1, the host leak detection method of the invention based on employing fingerprint includes:
Step 1:Host scanner system scans host software.Hole Detection task is opened, host scanner system scanning network
Software document in terminal and server, and in employing fingerprint storehouse carry out file fingerprint information lookup and matching.If sweep
The file retouched all is matched with the fileinfo in file fingerprint storehouse, then confirms to be mounted with measured terminal and server specific
Certain software of version.
Step 2:Fingerprint comparison.The software fingerprinting file scanned is subjected to the calculating of MD5 values, and with employing fingerprint storehouse
Software fingerprinting file MD5 values are compared.If the MD5 values of each file are all identical, measured terminal kimonos can be determined
The software of particular version is mounted with business device.
Step 3:Hole Detection.Pass through step 1 and step 2, it is determined that dbase and software version.By referring in application
Lookup is associated in line storehouse, it can be found that the vulnerability information of the particular version software of host installation.
Step 4:Report generation.Host leakage location receives the Hole Detection result that whole host scanner system is sent
Afterwards, the report of Hole Detection result is generated.
To sum up, the present invention proposes a kind of host leakage based on employing fingerprint to solve the problems, such as host application security breaches
Hole detecting system and method, by establishing host leakage location, host application software is scanned using host scanner system, with
Veritification is compared in employing fingerprint storehouse, finally found that host loophole.Host Security in network is improved, in time to host loophole
Safety detection is carried out, user can be prompted to carry out software upgrading or loophole reparation in time.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these are improved and deformation
Also it should be regarded as protection scope of the present invention.
Claims (10)
- A kind of 1. host leakage location based on employing fingerprint, it is characterised in that including:Host leakage location and Host scanner system, host scanner system are installed in system to be scanned;Host leakage location includes employing fingerprint storehouse and scanning result receiving module;Host scanner system includes:Software scans module, employing fingerprint acquisition module and employing fingerprint comparing module;The finger print information of application software is stored in employing fingerprint storehouse, which is the unique attribute collection of one software of mark Close;Software scans module is used for the finger print information in employing fingerprint storehouse, scans the file of system to be scanned, scanning is arrived The finger print information of software document matched with the finger print information in employing fingerprint storehouse, obtain and the fingerprint in employing fingerprint storehouse The file of information matches, is sent to employing fingerprint acquisition module;Employing fingerprint acquisition module is used for file progress MD5 matched with finger print information in employing fingerprint storehouse that be being obtained to scanning Characteristic value calculates, and result of calculation is sent to employing fingerprint comparing module;Employing fingerprint comparing module is used to be compared the software document of acquisition and the MD5 values of file of the same name in employing fingerprint storehouse It is right, according to comparison result, determine software and version that system to be scanned is installed, and corresponding vulnerability information;Scanning result receiving module, the software that the system to be scanned obtained for receiving host scanning system vulnerability scanning is installed And version, and corresponding vulnerability information.
- 2. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host Hole Detection System further includes:Employing fingerprint information sending module and employing fingerprint information receiving module;Employing fingerprint information sending module is used for the finger print information for searching employing fingerprint storehouse, and is sent to host scanner system.
- 3. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host scanner system Further include:Employing fingerprint information receiving module, for the application in the employing fingerprint storehouse of receiving host leakage location transmission Finger print information.
- 4. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host scanner system Further include:Scanning result sending module, the software information in terminal and server detected is with corresponding loophole as a result, returning to Host leakage location.
- 5. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that the finger of application software Line information includes dbase, software version number, software vendor, software fingerprinting file, software fingerprinting file MD5 values, software leakage Hole information and software patch information.
- 6. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that host Hole Detection System further includes:Scan report generation module, for carrying out the generation of Hole Detection result report.
- 7. the host leakage location based on employing fingerprint as claimed in claim 6, it is characterised in that Hole Detection result Report includes:Scan the loophole statistical information of the loophole total number come, harm and various dimensions.
- 8. the host leakage location based on employing fingerprint as claimed in claim 1, it is characterised in that system bag to be scanned Include the network terminal and server.
- A kind of 9. host leak detection method based on employing fingerprint, it is characterised in that including:Step 1:The software document on the network terminal and server is scanned, and the software of software document is carried out in employing fingerprint storehouse The lookup and matching of file fingerprint, if the software fingerprinting file scanned is matched with the fileinfo in file fingerprint storehouse, Perform step 2;Step 2:The software fingerprinting file of the software document scanned is subjected to the calculating of MD5 values, and with it is soft in employing fingerprint storehouse Part file fingerprint MD5 values are compared, if MD5 values are identical, it is determined that the software installed on measured terminal and server Version;Step 3:Lookup is associated in employing fingerprint storehouse, determines the vulnerability information of the software version of host installation.
- 10. the host leak detection method of employing fingerprint as claimed in claim 9, it is characterised in that further include:Step 4:Root Test results report is generated according to the result of step 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610921264.XA CN107977576A (en) | 2016-10-21 | 2016-10-21 | A kind of host leakage location and method based on employing fingerprint |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610921264.XA CN107977576A (en) | 2016-10-21 | 2016-10-21 | A kind of host leakage location and method based on employing fingerprint |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107977576A true CN107977576A (en) | 2018-05-01 |
Family
ID=62003852
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610921264.XA Pending CN107977576A (en) | 2016-10-21 | 2016-10-21 | A kind of host leakage location and method based on employing fingerprint |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107977576A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162980A (en) * | 2019-05-31 | 2019-08-23 | 上交所技术有限责任公司 | A kind of method of one-stop safety test and management in software development process |
CN110210228A (en) * | 2019-04-26 | 2019-09-06 | 国家电网有限公司 | A kind of host equipment vulnerability scanning method and system |
CN111290935A (en) * | 2018-12-06 | 2020-06-16 | 中国移动通信集团辽宁有限公司 | Application program APP detection method, device, equipment and medium |
CN112906007A (en) * | 2021-02-09 | 2021-06-04 | 中国工商银行股份有限公司 | Open source software vulnerability management and control method and device |
CN114095286A (en) * | 2022-01-24 | 2022-02-25 | 浙江国利网安科技有限公司 | Network security risk depth detection method and device for electric power intelligent terminal |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
CN105095769A (en) * | 2015-08-28 | 2015-11-25 | 中国航天科工集团第二研究院七〇六所 | Information service software vulnerability detection method |
-
2016
- 2016-10-21 CN CN201610921264.XA patent/CN107977576A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
CN105095769A (en) * | 2015-08-28 | 2015-11-25 | 中国航天科工集团第二研究院七〇六所 | Information service software vulnerability detection method |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111290935A (en) * | 2018-12-06 | 2020-06-16 | 中国移动通信集团辽宁有限公司 | Application program APP detection method, device, equipment and medium |
CN110210228A (en) * | 2019-04-26 | 2019-09-06 | 国家电网有限公司 | A kind of host equipment vulnerability scanning method and system |
CN110162980A (en) * | 2019-05-31 | 2019-08-23 | 上交所技术有限责任公司 | A kind of method of one-stop safety test and management in software development process |
CN110162980B (en) * | 2019-05-31 | 2023-04-18 | 上交所技术有限责任公司 | One-stop safety testing and managing method in software development process |
CN112906007A (en) * | 2021-02-09 | 2021-06-04 | 中国工商银行股份有限公司 | Open source software vulnerability management and control method and device |
CN114095286A (en) * | 2022-01-24 | 2022-02-25 | 浙江国利网安科技有限公司 | Network security risk depth detection method and device for electric power intelligent terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107977576A (en) | A kind of host leakage location and method based on employing fingerprint | |
US20180253545A1 (en) | File authentication method and apparatus | |
KR101402057B1 (en) | Analyzing system of repackage application through calculation of risk and method thereof | |
WO2021003982A1 (en) | Service system vulnerability processing method and apparatus, computer device, and storage medium | |
CN108683687B (en) | Network attack identification method and system | |
US20190104154A1 (en) | Phishing attack detection | |
CN108881263B (en) | Network attack result detection method and system | |
CN103679031B (en) | A kind of immune method and apparatus of file virus | |
WO2020000743A1 (en) | Webshell detection method and related device | |
CN105653947B (en) | The method and device of data safety risk is applied in a kind of assessment | |
JP6711000B2 (en) | Information processing apparatus, virus detection method, and program | |
CN103699844A (en) | Safety protection system and safety protection method | |
CN105095769A (en) | Information service software vulnerability detection method | |
CN112818352B (en) | Database detection method and device, storage medium and electronic device | |
KR20100005518A (en) | Method for detecting the file with fraud name and apparatus thereof | |
CN110071924B (en) | Big data analysis method and system based on terminal | |
CN113704328B (en) | User behavior big data mining method and system based on artificial intelligence | |
CN104980407A (en) | Misinformation detecting method and device | |
Faruki et al. | Droidolytics: robust feature signature for repackaged android apps on official and third party android markets | |
KR101803888B1 (en) | Method and apparatus for detecting malicious application based on similarity | |
CN110135153A (en) | The credible detection method and device of software | |
CN105791250B (en) | Application program detection method and device | |
Feichtner et al. | Obfuscation-resilient code recognition in Android apps | |
US10169582B2 (en) | System, method, and computer program product for identifying a file used to automatically launch content as unwanted | |
Riasat et al. | Onamd: an online android malware detection approach |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180501 |
|
RJ01 | Rejection of invention patent application after publication |