CN108011893A - A kind of asset management system based on networked asset information gathering - Google Patents
A kind of asset management system based on networked asset information gathering Download PDFInfo
- Publication number
- CN108011893A CN108011893A CN201711432433.4A CN201711432433A CN108011893A CN 108011893 A CN108011893 A CN 108011893A CN 201711432433 A CN201711432433 A CN 201711432433A CN 108011893 A CN108011893 A CN 108011893A
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- host
- information
- data
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention discloses a kind of asset management system based on networked asset information gathering, including networked asset information acquisition system, which includes:Basic information collection module, it is configured to find networked hosts, the fingerprint recognition of host operating system is carried out, to detect the OS Type of remote target host;Application component fingerprint-collection module, it is configured to find to include one or more application programs or the component finger print information in the version, serve port, protocol interaction feature of web application or component;Fragility sensing module, it is configured to carry out perception analysis to the fragility of network host and application system, to find the tender spots of operating system, service, application component.The asset management system of the invention based on networked asset information gathering can accurately and reliably find and the security breaches of timely restoration information system.
Description
Technical field
The present invention relates to the network information security, especially a kind of asset management system based on networked asset information gathering.
Background technology
With developing rapidly for internet, the security breaches of disparate networks assets and information system are the great of information security
Hidden danger.Security breaches are certain classes that information system produces in each stage (process such as design, realization, O&M) of life cycle
Problem, these problems can have an impact the safety (confidentiality, integrality, availability) of system.Due to software defect, using and
The error configurations of information technoloy equipment, and conventional mistake and other reasons, can all have new loophole to occur general using leakage at present daily
Hole scanning system periodically carries out vulnerability scanning or periodically carries out safety inspection to find security breaches and then carry out repairing and reinforcement work
Make, there is following deficiency:
Manual operation is relied on, lacks automation, standardized instrument;
There are hysteresis quality with disposal for the discovery of loophole;
The information of information assets is not grasped completely, it is difficult to promptly and accurately finds loophole and reparation.
Wherein, how to establish a kind of networked asset management system, realize much sooner, effectively, reliably, gather net exactly
Network assets information, is prior art urgent problem to be solved so as to preferably find and repair security breaches in time.
The content of the invention
It is a primary object of the present invention in view of the deficiencies of the prior art, there is provided a kind of based on networked asset information gathering
The asset management system.
To achieve the above object, the present invention uses following technical scheme:
A kind of asset management system based on networked asset information gathering, including networked asset information acquisition system, it is described
Networked asset information acquisition system includes:
Basic information collection module, it is configured to find networked hosts, carries out the fingerprint recognition of host operating system, with
Detect the OS Type of remote target host;
Application component fingerprint-collection module, it is configured to find version, the service for including web application or component
One or more application programs or component finger print information in port, protocol interaction feature;
Fragility sensing module, it is configured to carry out perception analysis to the fragility of network host and application system, with
It was found that operating system, service, the tender spots of application component.
Further:
The basic information collection module receives answer number by sending a series of TCP and UDP message bag to destination host
According to bag, and each data item in reply data bag is detected, then contrasted with fingerprint database, detected far by analyzing contrast
The OS Type of journey destination host.
The basic information collection module includes:
Detecting host submodule, it is configured to that objective area is converted into IP according to setting strategy, inquiry IP address storehouse
Scope, sets multiple scan procedures and/or thread, detection target machine corresponding port, each port receives one kind according to scanning
It is legal to respond bag, then judge open-ended, each host only has an open port, then judges that host is survived, will deposit
The IP of host living, the port of opening and protocol information deposit mobile host computers storehouse;Preferably, the setting strategy includes scanning target
Area, scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule, it is configured to send specific detection bag, find each node in network with
And their interconnected relationships;Preferably, the node includes router and host;
System fingerprint information collects submodule, it, which is configured to utilize, establishes different operating system, the finger of different agreement stack
Line database, detects TCP the and UDP reply data bags of destination host, identifying system and Protocol fingerprint information;
Service finger print information and collect submodule, its be configured to from service fingerprint base choose corresponding detection fingerprint send to
Corresponding port, is matched by the fingerprint in the bag of return, is judged whether containing corresponding component.
The system fingerprint information collect submodule identified using ICP/IP protocol stack fingerprint different operating system and
Equipment, it is preferable that the system fingerprint information is collected submodule and is configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of system known to foundation, this fingerprint characteristic deposit system fingerprint storehouse is made
For the sample storehouse of fingerprint contrast;
Initialization system detection task, selects the destination host of detecting, then activation system detection task;The task is chosen respectively
An opening and a port closed are selected, is sent to return by pre-set TCP/UDP/ICMP data packets, detection
The data packet returned simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is from mobile host computers
Selection;
The fingerprint for detecting generation is contrasted with system fingerprint storehouse, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
The application component fingerprint-collection module by carry out based on Web service, service end instruction, Web Development Frameworks,
One or more in Web applications, front end storehouse and third party's component recognition collect finger print information.
Wherein Web Development Frameworks are identified by using Component service Detection Techniques, wherein being detected by the application component page
Which kind of language technology and Component service Detection Techniques detection Web site backstage use, wherein detecting skill by the serviced component page
Art is applied to detect Web, and one or several pages for preferably capturing website are corresponding to differentiate to the fingerprint matches of fingerprint base
Web application, wherein using page Detection Techniques detection Web spaces, preferably page Detection Techniques include passing through the page
CLASSID be identified.
The fragility sensing module is carried out in system vulnerability scanning, database vulnerability scanning, Web application vulnerability scannings
It is one or more;Preferably, the fragility sensing module carries out certainly the loophole scanned by the vulnerability database that backstage is established
Dynamic matching, and automatically confirm that the CVE numberings of loophole and whether have Land use systems.
Vulnerability scanning is based on Port Scanning Technology, is learnt after port scan on port and port that destination host is opened
Network service, these relevant informations are matched with the vulnerability database being provided previously by, wherein by simulation the system is attacked
Hitter's method, checks whether with the presence of the loophole for meeting matching condition;Preferably, aggressive safety is carried out to target host systems
Vulnerability scanning, it is preferred to use test weak tendency password, if simulated strike success, showing target host systems, there are security breaches.
Using rule-based matching technique, the network system vulnerability database of formation, forms corresponding on basis herein
With rule, the work of vulnerability scanning is carried out automatically by scanning imaging system, if being matched the condition of satisfaction, be considered as there are loophole,
Client is returned the result to after the completion of detection;Preferably, if the rule not being matched, the network connection of system is forbidden;It is excellent
Selection of land, loophole data are separated from scan code, to be updated to scanning engine.
The networked asset information acquisition system further includes the one or more with lower module:
Task management module, it is configured to receive assignment instructions, dispatches multiple collection modules and completes corresponding appoint by strategy
Business, dynamically monitors the running state information of each collection module in real time and carries out load balancing and the allotment of task in real time,
To ensure that each collection module can reasonably work;
Data filtering module, it is configured to acquisition strategies and initial data is matched, to the data of redundancy into
Row filtering;
Data transmission module, it is configured to gathered data being sent to and the networked asset information by hidden subnet
The management subsystem of acquisition system connection.
The asset management system further includes the one or more in following subsystem:
Subsystem is managed, it, which is configured, provides data display, query analysis and operation management function, and is data manipulation people
Member provides human-computer interaction interface and carries out corresponding business operation;
Bug excavation subsystem, it, which is configured, provides bug excavation instrument, builds the general operations environment of bug excavation, real
Now to the bug excavation of destination OS and intended application software;
Vulnerability exploit verifies subsystem, it is configured the verification environment for providing structure loophole and vulnerability exploit method, to leakage
Hole is verified using sample, and assesses the effect of vulnerability exploit;
Security tool subsystem, it is configured offer security tool, including for destination OS and intended application into
Row penetration attack, and realize that long-term control is kept.
Beneficial effects of the present invention:
The present invention provides a kind of asset management system based on networked asset information gathering, is believed by networked asset therein
Cease acquisition system, can in time, reliably detect the mobile host computers for finding particular network area, and realize to its operating system and
The collection of application component information, especially carries out targetedly vulnerability information collection, is provided for follow-up penetration attack/test
Data supporting and utilize resource.Networked asset information acquisition system in the present invention can accurately and reliably find complex information system
Security breaches, the security breaches for asset management system's restoration information system in time provide advantage and good guarantor
Barrier.
Brief description of the drawings
Fig. 1 is the structure diagram of the asset management system based on networked asset information gathering of an embodiment of the present invention;
Fig. 2 is the vulnerability scanning system assumption diagram based on network system vulnerability database in the preferred embodiment of the present invention.
Embodiment
Elaborate below to embodiments of the present invention.It is emphasized that what the description below was merely exemplary,
The scope being not intended to be limiting of the invention and its application.
Refering to Fig. 1, in one embodiment, a kind of asset management system based on networked asset information gathering, including net
Network assets information acquisition system, the networked asset information acquisition system include:Basic information collection module, it is configured to find
Networked hosts, carry out the fingerprint recognition of host operating system, to detect the OS Type of remote target host;Using group
Part fingerprint-collection module, it is configured to find version, serve port, the protocol interaction spy for including web application or component
One or more application programs or component finger print information in sign;Fragility sensing module, its be configured to network host and
The fragility of application system carries out perception analysis, to find the tender spots of operating system, service, application component.
In certain embodiments, networked asset information acquisition system collects (including host by using network foundation information
It was found that, the detecting of port scan, operating system, using detecting and IP address storehouse) and fragility cognition technology, it can be found that ad hoc networks
Mobile host computers in network region, and realize and its OS Type and version, application component type and version information are collected, root
Targetedly vulnerability information is carried out according to system type and application component to collect.
In certain embodiments, networked asset information acquisition system can use IP address positioning, detecting host and port to sweep
Retouch, the detecting of operating system and application type, network application scanning, vulnerability scanning, advanced escape technology (AET), fire wall/IDS
The technology such as evade, realize networked asset information gathering.
In an exemplary embodiment, networked asset information acquisition system includes basic information collection module, application component refers to
Line collection module and fragility sensing module.
(1) basic information collection module
This module is configured to find networked hosts, and carries out the fingerprint recognition of host operating system.By to target
Host sends a series of TCP and UDP message bag, receives reply data bag, and detects each data item in reply data bag,
Contrasted again with fingerprint database, the OS Type of remote target host can be detected finally by analysis contrast.
In a preferred embodiment, basic information collection module specifically includes:
Detecting host submodule:Detecting host module sets strategy, including scanning objective area, scanning association according to user
View, port range, the scanning technique used and evade technology etc., objective area is converted into IP scopes, root by inquiry IP address storehouse
(line) journey is scanned into according to scanning setting is multiple, detection target machine corresponding port, each port receives legal time a kind of
It should wrap, then judge open-ended, each host only has an open port, then judges that host is survived, and by the IP for host of surviving, opens
The port put and protocol information deposit mobile host computers storehouse.
Topology Discovery submodule:Network topology is a kind of table of interconnecting relation between the entity of each interconnection in network
Show.Topological structure is usually modeled as a figure, and equipment (router, host etc.) is represented with node, is represented and connected with Bian Lai
Relation (physically or logically).Topology Discovery be by sending specific detection bag, find each node in network and it
Interconnected relationship.
System fingerprint information collects submodule:Using establish different operating system, different agreement stack fingerprint database, inspection
Survey TCP the and UDP reply data bags of destination host, identifying system and Protocol fingerprint information.
The system identifies different operating system and equipment preferably using ICP/IP protocol stack fingerprint.In RFC specifications,
Some realizations of place to TCP/IP do not have mandatory provision, thus may have the specific of oneself in different TCP/IP schemes
Mode.The system mainly judges the type of operating system according to the difference in these details.In preferred embodiment
In, specific implementation is as follows:
First, sorts of systems feature is analyzed, the fingerprint characteristic of system known to foundation, system fingerprint is stored in by this fingerprint characteristic
Storehouse, the sample storehouse as fingerprint contrast;
Initialization system detection task, selects the destination host (preferably being selected from mobile host computers, avoid ineffective detection) of detecting,
Then activation system detection task;The task selects an opening (open) and closes the port of (closed), Xiang Qifa respectively
The excessively pre-set TCP/UDP/ICMP data packets of the warp let-off, a system fingerprint is generated according to the data packet of return;
The fingerprint for detecting generation is contrasted with system fingerprint storehouse, searches matched system;
If can not match, possible system is included with Probability Forms.
Service finger print information and collect submodule:Corresponding detection fingerprint is chosen since being serviced fingerprint base to send to corresponding
Fingerprint matching judges whether containing corresponding component in the bag that port passes through return.
(2) application component fingerprint-collection module
This module is configured to find that version, serve port, protocol interaction feature of web application or component etc. refer to
Line information.
This module can be supported to be based on Web service, service end instruction, Web Development Frameworks, Web applications, front end storehouse and third party
Component etc. identifies.
Web Development Frameworks are a kind of service routines, and server externally provides service by some port, handles from client
The request sent, such as the Tomcat containers in JAVA, IIS the or PWS frames of ASP, this module is detected by using Component service
Technology can identify Web Development Frameworks, for example can detect Tomcat frames by sending finger print information " URI/status ".
This module can use application component page Detection Techniques and service Component service Detection Techniques detection Web site backstage
Using which kind of language, specific method is included by meta information, script labels, header information, session, error
The fingerprints such as some contents of page including webpage judge.
This module can realize the detection of Web applications using serviced component page Detection Techniques.By capture website one
A or several pages can differentiate corresponding web application with the fingerprint matches of fingerprint base.
Page Detection Techniques detection Web spaces can be used.For example, CLASSID's for passing through the page etc identifies.
(3) fragility sensing module
This module is configured to perceive the fragility of network host and application system, analyzes, discovery operating system,
Service, the tender spots of application component, its integrated system vulnerability scanning, database vulnerability scanning, Web application vulnerability scannings etc. are a variety of
Whether instrument, can carry out Auto-matching by the vulnerability database that backstage is established to loophole, and automatically confirm that the CVE numberings of loophole with
There are Land use systems.
In a preferred embodiment, the vulnerability scanning architecture based on network system vulnerability database is as shown in Figure 2.
Vulnerability-scanning technology is built upon on the basis of Port Scanning Technology.From the analysis to attack and collection
It is most both for some network service from the point of view of loophole, that is, for some specific port.Therefore, exist
In preferred embodiment, the Vulnerability-scanning technology used is scanned with the thinking same with Port Scanning Technology to carry out.Vulnerability scanning
Technology preferably checks that destination host whether there is loophole by the following method:Learn what destination host was opened after port scan
Network service on port and port, the vulnerability database progress that these relevant informations and Network Vulnerability Scanning System are provided
Match somebody with somebody.By simulating the attacking ways to the system, check whether with the presence of the loophole for meeting matching condition.Preferably, to target
Host computer system carries out aggressive security scan, such as tests weak tendency password.If simulated strike success, shows target master
There are security breaches for machine system.
The system uses rule-based matching technique, i.e., according to security expert to network system security loophole, Hei Kegong
Hit the analysis of case and practical experience that system manager configures network system security, form the leakage of standard set network system
Cave depot, forms corresponding matched rule on basis herein, carries out the work of vulnerability scanning on one's own initiative by scanning imaging system.Preferably
Ground, if the rule not being matched, forbids the network connection of system.
In preferred embodiment, the system vulnerability storehouse provided by vulnerability scanning system is matched, if meeting condition, depending on
For there are loophole.Client is returned the result to after the completion of the detection of server, and generates and intuitively reports.In server end
Rule match storehouse can be the set of many shared routings, store various scanning attack methods.Loophole data are from scan code
Separation, enables users to voluntarily be updated scanning engine.
In a more preferred embodiment, present networks assets information acquisition system can also include task management module.
(4) task management module
Task management module is configured to receive assignment instructions, and dispatches multiple collection modules and complete corresponding appoint by strategy
Business, task management module need dynamically to monitor the running state information of each collection module in real time and carry out task in real time
Load balancing and allotment, to ensure that each collection module can reasonably work.
In a more preferred embodiment, present networks assets information acquisition system can also include data filtering module.
(5) data filtering module
Data filtering module is configured to match initial data by acquisition strategies, and the data of redundancy were carried out
Filter.
In a more preferred embodiment, present networks assets information acquisition system can also include data transmission module.
(6) data transmission module
Data transmission module is configured is sent to management subsystem by gathered data by hidden subnet.
The asset management system of the present invention uses the networked asset information acquisition system of above-described embodiment, networked asset information
The detectable mobile host computers for finding particular network area of acquisition system, and realize the receipts to its operating system and application component information
Collection, and carry out targetedly vulnerability information and collect, provide data supporting and using resource for follow-up penetration attack/test,
So as to the present invention the asset management system can much sooner, effectively, reliably, exactly gather networked asset information, so as to
It is enough preferably to find simultaneously the security breaches of restoration information system in time.
In a preferred embodiment, the asset management system can also include the one or more in following subsystem:
Subsystem is managed, it, which is configured, provides data display, query analysis and operation management function, and is data manipulation people
Member provides human-computer interaction interface and carries out corresponding business operation;
Bug excavation subsystem, it, which is configured, provides bug excavation instrument, builds the general operations environment of bug excavation, real
Now to the bug excavation of destination OS and intended application software;
Vulnerability exploit verifies subsystem, it is configured the verification environment for providing structure loophole and vulnerability exploit method, to leakage
Hole is verified using sample, and assesses the effect of vulnerability exploit;
Security tool subsystem, it is configured offer security tool, including for destination OS and intended application into
Row penetration attack, and realize that long-term control is kept.
Preferably but not compulsorily, as shown in Figure 1, the asset management system based on networked asset information gathering of the present invention
Including networked asset information acquisition system and management subsystem.Specifically, management subsystem can provide to information gathering subsystem,
The results such as bug excavation subsystem, vulnerability exploit verification subsystem, security tool carry out the ability of data display, can also be to upper
State system and carry out operation management, while provide the work system of a query analysis, this system includes a regulation management
The task processing environment of pattern, and a series of analysis tool of man-machine interactives, analysis personnel can be completed by it each
Kind data analysis task.In addition, there is system individual operation desktop (workbench) and information for different rights user to converge
It is poly- to show interface.Shown eventually through the configuration management in the complete paired data area of the system and the analysis of Various types of data and report, and
Human-computer interaction interface, which is provided, for data manipulation personnel carries out corresponding business operation.
Preferably but not compulsorily, the asset management system of the invention based on networked asset information gathering can also be into one
Step includes bug excavation subsystem.Bug excavation subsystem is based on typical bug excavation technological means, passes through integrated leakage
Hole digging tool and the bug excavation instrument of exploitation customization, build the general operations environment of bug excavation, realize to object run
The bug excavation of system and intended application software, and for newfound loophole exploitation vulnerability exploit sample.
Preferably but not compulsorily, the asset management system of the invention based on networked asset information gathering can also be into one
Step includes vulnerability exploit verification subsystem.Loophole and the verification environment of vulnerability exploit method can be built, to vulnerability exploit
Sample is verified, and assesses the effect of vulnerability exploit.
Preferably but not compulsorily, the asset management system of the invention based on networked asset information gathering can also be into one
Step includes security tool subsystem.It can be directed to destination OS with customized development security tool and intended application is oozed
Attack thoroughly, and realize that long-term control is kept.
Above content is to combine specific/preferred embodiment further description made for the present invention, it is impossible to is recognized
The specific implementation of the fixed present invention is confined to these explanations.For general technical staff of the technical field of the invention,
Without departing from the inventive concept of the premise, it can also make some replacements or modification to the embodiment that these have been described,
And these are substituted or variant should all be considered as belonging to protection scope of the present invention.
Claims (10)
1. a kind of asset management system based on networked asset information gathering, including networked asset information acquisition system, its feature
It is, the networked asset information acquisition system includes:
Basic information collection module, it is configured to find networked hosts, the fingerprint recognition of host operating system is carried out, with detection
Go out the OS Type of remote target host;
Application component fingerprint-collection module, its be configured to find to include the version of web application or component, serve port,
One or more application programs or component finger print information in protocol interaction feature;
Fragility sensing module, it is configured to carry out perception analysis to the fragility of network host and application system, to find
Operating system, service, the tender spots of application component.
2. the asset management system as claimed in claim 1, it is characterised in that the basic information collection module is by target
Host sends a series of TCP and UDP message bag, receives reply data bag, and detects each data item in reply data bag,
Contrasted again with fingerprint database, the OS Type of remote target host is detected by analyzing contrast.
3. the asset management system as claimed in claim 1 or 2, it is characterised in that the basic information collection module includes:
Detecting host submodule, it is configured to that objective area is converted into IP scopes according to setting strategy, inquiry IP address storehouse,
Multiple scan procedures and/or thread are set according to scanning, detection target machine corresponding port, each port receives one kind and meets rule
Response bag then, then judge open-ended, and each host only has an open port, then judges that host is survived, by host of surviving
IP, the port and protocol information deposit mobile host computers storehouse of opening;Preferably, it is described setting strategy include scanning objective area,
Scan protocols, port range, the scanning technique used and evade technology;
Topology Discovery submodule, it is configured to send specific detection bag, find each node in network and it
Interconnected relationship;Preferably, the node includes router and host;
System fingerprint information collects submodule, it, which is configured to utilize, establishes different operating system, the fingerprint number of different agreement stack
According to storehouse, TCP the and UDP reply data bags of destination host, identifying system and Protocol fingerprint information are detected;
Service finger print information and collect submodule, it is configured to send to corresponding from the corresponding detection fingerprint of service fingerprint base selection
Port, matched, judged whether containing corresponding component by the fingerprint in the bag of return.
4. the asset management system as claimed in claim 3, it is characterised in that the system fingerprint information is collected submodule and used
ICP/IP protocol stack fingerprint identifies different operating system and equipment, it is preferable that the system fingerprint information collects submodule
It is configured in the following way to carry out system identification:
Sorts of systems feature is analyzed, the fingerprint characteristic of system known to foundation, is stored in system fingerprint storehouse, as finger by this fingerprint characteristic
The sample storehouse of line contrast;
Initialization system detection task, selects the destination host of detecting, then activation system detection task;The task selects one respectively
A opening and the port of a closing, are sent to, by pre-set TCP/UDP/ICMP data packets, detect return
Data packet simultaneously generates a system fingerprint according to the data packet of return;Preferably, the destination host is selected from mobile host computers;
The fingerprint for detecting generation is contrasted with system fingerprint storehouse, searches matched system;
Preferably, if system can not be matched accurately, possible system is determined in a probabilistic manner.
5. such as Claims 1-4 any one of them asset management system, it is characterised in that the application component fingerprint-collection
Module is by carrying out based on Web service, service end instruction, Web Development Frameworks, Web applications, front end storehouse and third party's component recognition
In one or more collect finger print information, wherein identify Web Development Frameworks by using Component service Detection Techniques, wherein
Detect which kind of language Web site backstage uses by application component page Detection Techniques and Component service Detection Techniques, wherein logical
Serviced component page Detection Techniques are crossed to detect Web applications, preferably capture one or several pages and fingerprint base of website
Fingerprint matches differentiate corresponding web application, wherein using page Detection Techniques detection Web spaces, the preferably page
Detection Techniques include being identified by the CLASSID of the page.
6. such as claim 1 to 5 any one of them asset management system, it is characterised in that the fragility sensing module into
One or more in the scanning of row system vulnerability, database vulnerability scanning, Web application vulnerability scannings;Preferably, the fragility
Sensing module carries out Auto-matching by the vulnerability database that backstage is established to the loophole scanned, and automatically confirms that the CVE of loophole is compiled
Number and whether have Land use systems.
7. the asset management system as claimed in claim 6, it is characterised in that vulnerability scanning is based on Port Scanning Technology, is holding
The network service on port and port that destination host is opened is learnt after mouthful scanning, by these relevant informations and is provided previously by
Vulnerability database is matched, wherein by simulating the attacking ways to the system, checks whether to meet that the loophole of matching condition is deposited
;Preferably, aggressive security scan is carried out to target host systems, it is preferred to use test weak tendency password, if simulation
Success attack, then show that there are security breaches for target host systems.
8. the asset management system as claimed in claims 6 or 7, it is characterised in that use rule-based matching technique, formed
Network system vulnerability database, herein basis on form corresponding matched rule, vulnerability scanning is carried out by scanning imaging system automatically
Work, if being matched the condition of satisfaction, is considered as there are loophole, client is returned the result to after the completion of detection;Preferably,
If the rule not being matched, forbids the network connection of system;Preferably, loophole data are separated from scan code, so as to right
Scanning engine is updated.
9. such as claim 1 to 8 any one of them asset management system, it is characterised in that the networked asset information gathering
System further includes the one or more with lower module:
Task management module, it is configured to receive assignment instructions, dispatches multiple collection modules and completes corresponding task by strategy, moves
Monitor to state the running state information of each collection module in real time and carry out load balancing and the allotment of task in real time, to ensure
Each collection module can reasonably work;
Data filtering module, it is configured to acquisition strategies and initial data is matched, and the data of redundancy were carried out
Filter;
Data transmission module, it is configured to gathered data being sent to and the networked asset information gathering by hidden subnet
The management subsystem of system connection.
10. such as claim 1 to 8 any one of them asset management system, it is characterised in that further include in following subsystem
It is one or more:
Subsystem is managed, it, which is configured, provides data display, query analysis and operation management function, and is carried for data manipulation personnel
Corresponding business operation is carried out for human-computer interaction interface;
Bug excavation subsystem, it, which is configured, provides bug excavation instrument, builds the general operations environment of bug excavation, realization pair
The bug excavation of destination OS and intended application software;
Vulnerability exploit verifies subsystem, it is configured the verification environment for providing structure loophole and vulnerability exploit method, to loophole profit
Verified with sample, and assess the effect of vulnerability exploit;
Security tool subsystem, it is configured offer security tool, including is oozed for destination OS and intended application
Attack thoroughly, and realize that long-term control is kept.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711432433.4A CN108011893A (en) | 2017-12-26 | 2017-12-26 | A kind of asset management system based on networked asset information gathering |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711432433.4A CN108011893A (en) | 2017-12-26 | 2017-12-26 | A kind of asset management system based on networked asset information gathering |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108011893A true CN108011893A (en) | 2018-05-08 |
Family
ID=62061536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711432433.4A Pending CN108011893A (en) | 2017-12-26 | 2017-12-26 | A kind of asset management system based on networked asset information gathering |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108011893A (en) |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
CN108881284A (en) * | 2018-07-17 | 2018-11-23 | 深圳市极限网络科技有限公司 | A kind of cyberspace loophole merger platform long-range attack control system |
CN109088790A (en) * | 2018-07-20 | 2018-12-25 | 南京方恒信息技术有限公司 | A kind of scanning of multi engine exposed assets and management system |
CN109413104A (en) * | 2018-12-11 | 2019-03-01 | 中国电子科技网络信息安全有限公司 | A kind of stateless TCP network scanning method |
CN109684588A (en) * | 2018-12-24 | 2019-04-26 | 北京神州绿盟信息安全科技股份有限公司 | A kind of asset management system and method |
CN110324310A (en) * | 2019-05-21 | 2019-10-11 | 国家工业信息安全发展研究中心 | Networked asset fingerprint identification method, system and equipment |
CN110336684A (en) * | 2019-03-21 | 2019-10-15 | 北京天防安全科技有限公司 | A kind of networked asset intelligent identification Method and system |
CN110532756A (en) * | 2018-05-23 | 2019-12-03 | 中国移动通信集团浙江有限公司 | A kind of system fingerprint recognition methods, device, electronic equipment and storage medium |
CN110555308A (en) * | 2018-06-01 | 2019-12-10 | 北京安天网络安全技术有限公司 | Terminal application behavior tracking and threat risk assessment method and system |
CN111010405A (en) * | 2019-12-30 | 2020-04-14 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
CN111028085A (en) * | 2019-03-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Network shooting range asset information acquisition method and device based on active and passive combination |
CN111695034A (en) * | 2020-06-05 | 2020-09-22 | 安徽三实信息技术服务有限公司 | Monitoring management system of internet assets |
CN111737106A (en) * | 2019-03-25 | 2020-10-02 | 歌乐株式会社 | Test scenario generation device, test scenario generation method, and test scenario generation program |
CN111931182A (en) * | 2020-07-10 | 2020-11-13 | 苏州浪潮智能科技有限公司 | Automatic security vulnerability scanning system and method |
CN112101716A (en) * | 2020-08-07 | 2020-12-18 | 广东电网有限责任公司 | Terminal asset management method based on hierarchical decoupling |
CN112312075A (en) * | 2019-08-02 | 2021-02-02 | 广州弘度信息科技有限公司 | Operation and maintenance system and method for video monitoring network |
CN112334901A (en) * | 2018-06-27 | 2021-02-05 | 亚马逊科技公司 | Automated packet-free network reachability analysis |
CN112731906A (en) * | 2020-12-24 | 2021-04-30 | 烽台科技(北京)有限公司 | Information acquisition device |
CN112804241A (en) * | 2021-01-25 | 2021-05-14 | 豪越科技有限公司 | Intelligent monitoring method and system for computer room network |
CN112995207A (en) * | 2021-04-16 | 2021-06-18 | 远江盛邦(北京)网络安全科技股份有限公司 | Fingerprint identification and exposed surface risk assessment method for network assets |
CN113904800A (en) * | 2021-09-02 | 2022-01-07 | 成都仁达至信科技有限公司 | Internal network risk asset detection and analysis system |
CN114301676A (en) * | 2021-12-28 | 2022-04-08 | 国网宁夏电力有限公司 | Nondestructive asset detection method of power monitoring system |
CN114422341A (en) * | 2022-01-14 | 2022-04-29 | 杭州立思辰安科科技有限公司 | Industrial control asset identification method and system based on fingerprint characteristics |
CN114826726A (en) * | 2022-04-22 | 2022-07-29 | 南方电网数字电网研究院有限公司 | Network asset vulnerability detection method and device, computer equipment and storage medium |
CN115208634A (en) * | 2022-06-17 | 2022-10-18 | 江苏信息职业技术学院 | Supervision engine of network assets |
CN115296891A (en) * | 2022-08-02 | 2022-11-04 | 中国电子科技集团公司信息科学研究院 | Data detection system and data detection method |
CN116308115A (en) * | 2023-01-31 | 2023-06-23 | 国网辽宁省电力有限公司信息通信分公司 | Power information asset identification and analysis method based on network detection technology |
CN116915476A (en) * | 2023-07-29 | 2023-10-20 | 上海螣龙科技有限公司 | Fingerprint identification method, system, equipment and medium of host operating system |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
CN102750602A (en) * | 2012-04-20 | 2012-10-24 | 广东电网公司信息中心 | Cloud platform isomerism integration resource management system |
CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
CN104243496A (en) * | 2014-10-11 | 2014-12-24 | 北京邮电大学 | Software defined network cross-domain security agent method and software defined network cross-domain security agent system |
CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
CN105635112A (en) * | 2015-12-18 | 2016-06-01 | 国家电网公司 | Information system security performance assessment method |
US20160197943A1 (en) * | 2014-06-24 | 2016-07-07 | Leviathan, Inc. | System and Method for Profiling System Attacker |
CN105871882A (en) * | 2016-05-10 | 2016-08-17 | 国家电网公司 | Network-security-risk analysis method based on network node vulnerability and attack information |
CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
WO2017059279A1 (en) * | 2015-09-11 | 2017-04-06 | Beyondtrust Software, Inc. | Systems and methods for detecting vulnerabilities and privileged access using cluster outliers |
CN106888194A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | Intelligent grid IT assets security monitoring systems based on distributed scheduling |
CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
WO2019018829A1 (en) * | 2017-07-20 | 2019-01-24 | Fractal Industries, Inc. | Advanced cybersecurity threat mitigation using behavioral and deep analytics |
-
2017
- 2017-12-26 CN CN201711432433.4A patent/CN108011893A/en active Pending
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
CN102750602A (en) * | 2012-04-20 | 2012-10-24 | 广东电网公司信息中心 | Cloud platform isomerism integration resource management system |
CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
US20160197943A1 (en) * | 2014-06-24 | 2016-07-07 | Leviathan, Inc. | System and Method for Profiling System Attacker |
CN104243496A (en) * | 2014-10-11 | 2014-12-24 | 北京邮电大学 | Software defined network cross-domain security agent method and software defined network cross-domain security agent system |
CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
WO2017059279A1 (en) * | 2015-09-11 | 2017-04-06 | Beyondtrust Software, Inc. | Systems and methods for detecting vulnerabilities and privileged access using cluster outliers |
CN106888194A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | Intelligent grid IT assets security monitoring systems based on distributed scheduling |
CN105635112A (en) * | 2015-12-18 | 2016-06-01 | 国家电网公司 | Information system security performance assessment method |
CN105871882A (en) * | 2016-05-10 | 2016-08-17 | 国家电网公司 | Network-security-risk analysis method based on network node vulnerability and attack information |
CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
WO2019018829A1 (en) * | 2017-07-20 | 2019-01-24 | Fractal Industries, Inc. | Advanced cybersecurity threat mitigation using behavioral and deep analytics |
CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
CN108183895B (en) * | 2017-12-26 | 2021-03-12 | 广东电网有限责任公司信息中心 | Network asset information acquisition system |
CN110532756A (en) * | 2018-05-23 | 2019-12-03 | 中国移动通信集团浙江有限公司 | A kind of system fingerprint recognition methods, device, electronic equipment and storage medium |
CN110555308B (en) * | 2018-06-01 | 2021-11-12 | 北京安天网络安全技术有限公司 | Terminal application behavior tracking and threat risk assessment method and system |
CN110555308A (en) * | 2018-06-01 | 2019-12-10 | 北京安天网络安全技术有限公司 | Terminal application behavior tracking and threat risk assessment method and system |
CN112334901A (en) * | 2018-06-27 | 2021-02-05 | 亚马逊科技公司 | Automated packet-free network reachability analysis |
CN108881284A (en) * | 2018-07-17 | 2018-11-23 | 深圳市极限网络科技有限公司 | A kind of cyberspace loophole merger platform long-range attack control system |
CN109088790A (en) * | 2018-07-20 | 2018-12-25 | 南京方恒信息技术有限公司 | A kind of scanning of multi engine exposed assets and management system |
CN109413104A (en) * | 2018-12-11 | 2019-03-01 | 中国电子科技网络信息安全有限公司 | A kind of stateless TCP network scanning method |
CN109684588A (en) * | 2018-12-24 | 2019-04-26 | 北京神州绿盟信息安全科技股份有限公司 | A kind of asset management system and method |
CN109684588B (en) * | 2018-12-24 | 2020-11-20 | 北京神州绿盟信息安全科技股份有限公司 | Asset management system and method |
CN110336684A (en) * | 2019-03-21 | 2019-10-15 | 北京天防安全科技有限公司 | A kind of networked asset intelligent identification Method and system |
CN110336684B (en) * | 2019-03-21 | 2022-03-18 | 北京天防安全科技有限公司 | Intelligent network asset identification method and system |
CN111737106A (en) * | 2019-03-25 | 2020-10-02 | 歌乐株式会社 | Test scenario generation device, test scenario generation method, and test scenario generation program |
CN111028085A (en) * | 2019-03-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Network shooting range asset information acquisition method and device based on active and passive combination |
CN110324310B (en) * | 2019-05-21 | 2022-04-29 | 国家工业信息安全发展研究中心 | Network asset fingerprint identification method, system and equipment |
CN110324310A (en) * | 2019-05-21 | 2019-10-11 | 国家工业信息安全发展研究中心 | Networked asset fingerprint identification method, system and equipment |
CN112312075A (en) * | 2019-08-02 | 2021-02-02 | 广州弘度信息科技有限公司 | Operation and maintenance system and method for video monitoring network |
CN111010405B (en) * | 2019-12-30 | 2021-10-22 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
CN111010405A (en) * | 2019-12-30 | 2020-04-14 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
CN111695034B (en) * | 2020-06-05 | 2024-04-19 | 安徽三实软件科技有限公司 | Internet asset monitoring management system |
CN111695034A (en) * | 2020-06-05 | 2020-09-22 | 安徽三实信息技术服务有限公司 | Monitoring management system of internet assets |
CN111931182A (en) * | 2020-07-10 | 2020-11-13 | 苏州浪潮智能科技有限公司 | Automatic security vulnerability scanning system and method |
CN111931182B (en) * | 2020-07-10 | 2022-06-21 | 苏州浪潮智能科技有限公司 | Automatic security vulnerability scanning system and method |
CN112101716A (en) * | 2020-08-07 | 2020-12-18 | 广东电网有限责任公司 | Terminal asset management method based on hierarchical decoupling |
CN112731906B (en) * | 2020-12-24 | 2022-04-08 | 烽台科技(北京)有限公司 | Information acquisition device |
CN112731906A (en) * | 2020-12-24 | 2021-04-30 | 烽台科技(北京)有限公司 | Information acquisition device |
CN112804241A (en) * | 2021-01-25 | 2021-05-14 | 豪越科技有限公司 | Intelligent monitoring method and system for computer room network |
CN112995207B (en) * | 2021-04-16 | 2021-09-10 | 远江盛邦(北京)网络安全科技股份有限公司 | Fingerprint identification and exposed surface risk assessment method for network assets |
CN112995207A (en) * | 2021-04-16 | 2021-06-18 | 远江盛邦(北京)网络安全科技股份有限公司 | Fingerprint identification and exposed surface risk assessment method for network assets |
CN113904800A (en) * | 2021-09-02 | 2022-01-07 | 成都仁达至信科技有限公司 | Internal network risk asset detection and analysis system |
CN113904800B (en) * | 2021-09-02 | 2024-01-26 | 成都仁达至信科技有限公司 | Internal network risk asset detection and analysis system |
CN114301676A (en) * | 2021-12-28 | 2022-04-08 | 国网宁夏电力有限公司 | Nondestructive asset detection method of power monitoring system |
CN114301676B (en) * | 2021-12-28 | 2023-07-18 | 国网宁夏电力有限公司 | Nondestructive asset detection method and device for power monitoring system and storage medium |
CN114422341A (en) * | 2022-01-14 | 2022-04-29 | 杭州立思辰安科科技有限公司 | Industrial control asset identification method and system based on fingerprint characteristics |
CN114826726A (en) * | 2022-04-22 | 2022-07-29 | 南方电网数字电网研究院有限公司 | Network asset vulnerability detection method and device, computer equipment and storage medium |
CN114826726B (en) * | 2022-04-22 | 2024-02-23 | 南方电网数字电网研究院有限公司 | Network asset vulnerability detection method, device, computer equipment and storage medium |
WO2023241202A1 (en) * | 2022-06-17 | 2023-12-21 | 江苏信息职业技术学院 | Supervision engine for network assets |
CN115208634A (en) * | 2022-06-17 | 2022-10-18 | 江苏信息职业技术学院 | Supervision engine of network assets |
CN115296891B (en) * | 2022-08-02 | 2023-12-22 | 中国电子科技集团公司信息科学研究院 | Data detection system and data detection method |
CN115296891A (en) * | 2022-08-02 | 2022-11-04 | 中国电子科技集团公司信息科学研究院 | Data detection system and data detection method |
CN116308115A (en) * | 2023-01-31 | 2023-06-23 | 国网辽宁省电力有限公司信息通信分公司 | Power information asset identification and analysis method based on network detection technology |
CN116915476A (en) * | 2023-07-29 | 2023-10-20 | 上海螣龙科技有限公司 | Fingerprint identification method, system, equipment and medium of host operating system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108011893A (en) | A kind of asset management system based on networked asset information gathering | |
CN108183895B (en) | Network asset information acquisition system | |
CN108712396A (en) | Networked asset management and loophole governing system | |
CN109525427A (en) | Distributed assets information detection method and system | |
CN109327461A (en) | Distributed asset identification and change cognitive method and system | |
US11902322B2 (en) | Method, apparatus, and system to map network reachability | |
US11336669B2 (en) | Artificial intelligence cyber security analyst | |
Foresti et al. | Visual correlation of network alerts | |
CN108769064A (en) | Realize the distributed asset identification and change cognitive method and system that loophole is administered | |
US7930752B2 (en) | Method for the detection and visualization of anomalous behaviors in a computer network | |
Morin et al. | A logic-based model to support alert correlation in intrusion detection | |
US8272061B1 (en) | Method for evaluating a network | |
EP1665011B1 (en) | Method and system for displaying network security incidents | |
Williams et al. | An interactive attack graph cascade and reachability display | |
CN104509034B (en) | Pattern merges to identify malicious act | |
KR101883400B1 (en) | detecting methods and systems of security vulnerability using agentless | |
CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
JP2006518080A (en) | Network audit and policy assurance system | |
CN104169937A (en) | Opportunistic system scanning | |
CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
US20230132703A1 (en) | Capturing Importance In A Network Using Graph Theory | |
Al-Sanjary et al. | Comparison and detection analysis of network traffic datasets using K-means clustering algorithm | |
CN114978614A (en) | IP asset rapid scanning processing system | |
CN115186136A (en) | Knowledge graph structure for network attack and defense confrontation | |
CN108173832A (en) | Family's Internet of Things application system penetration testing method based on end cloud translocation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180508 |