Invention content
In view of this, the application's is designed to provide a kind of networked asset risk portrait method and device, can be promoted
Network safety prevention efficiency.
In a first aspect, the present invention provides networked asset risk portrait methods, including:
Obtain the corresponding target rhizosphere name of networked asset to be drawn a portrait;
Obtain the subdomain name that the target rhizosphere includes under one's name;
Vulnerability scanning is carried out to the subdomain name of acquisition, obtains loophole present in the subdomain name of the acquisition;
Sort out strategy according to pre-set risk point, risk point classification is carried out to obtained loophole, according to the wind sorted out
It is dangerous, risk portrait is carried out to the networked asset to be drawn a portrait.
With reference to first aspect, the present invention provides the first possible embodiments of first aspect, wherein the acquisition
The subdomain name that the target rhizosphere includes under one's name includes:
The mapping relations collection for inquiring pre-stored rhizosphere name and subdomain name library obtains the son of the target rhizosphere name mapping
Domain name library;
Extract all subdomain names in the subdomain name library of the target rhizosphere name mapping.
With reference to first aspect, the present invention provides second of possible embodiments of first aspect, wherein it is described according to
Pre-set risk point sorts out strategy, and carrying out risk point classification to obtained loophole includes:
The mapping relations of loophole and risk are inquired, the risk of the loophole mapping obtained described in acquisition;
The mapping relations that risk is sorted out with risk point are inquired, the risk point of the risk mapping obtained is sorted out.
With reference to first aspect, the possible embodiment of the first of first aspect or second of possible embodiment, this
Invention provides the third possible embodiment of first aspect, wherein and it is described according to the risk point sorted out, to described to be painted
Include as networked asset carries out risk portrait:
It obtains the corresponding risk point of the risk point sorted out and loses base value;
The unit interval user's visit capacity for counting the target rhizosphere name calculates the risk point loss base value and the list
The product of position time user's visit capacity obtains the risk portrait of the networked asset to be drawn a portrait.
With reference to first aspect, the possible embodiment of the first of first aspect or second of possible embodiment, this
Invention provides the 4th kind of possible embodiment of first aspect, wherein the method further includes:
Asset size classification is carried out to the corresponding networked asset of each rhizosphere name, the classification of structure asset size is lost with risk point
The mapping relations collection in base value library;
The risk point according to classification, carrying out risk portrait to the networked asset to be drawn a portrait includes:
Asset size classification belonging to networked asset to be drawn a portrait described in determination;
The mapping relations collection that queries asset scale is classified with risk point loss base value library, obtains the affiliated asset size
The risk point loss base value library of classification map;
From obtained risk point loss base value library, the corresponding risk point loss base value of risk point of classification is obtained;
The unit interval user's visit capacity for counting the target rhizosphere name calculates the risk point loss base value and the list
The product of position time user's visit capacity obtains the risk portrait of the networked asset to be drawn a portrait.
The 4th kind of possible embodiment with reference to first aspect, the 5th kind the present invention provides first aspect are possible
Embodiment, wherein described to include to the progress asset size classification of each rhizosphere name corresponding networked asset:
According to the subdomain concrete number that rhizosphere includes under one's name, judge whether subdomain concrete number is less than or equal to first threshold, if so, will
The corresponding networked asset of rhizosphere name is placed in the classification of the first asset size;If subdomain concrete number is less than or waits more than first threshold
In second threshold, which is placed in the classification of the second asset size;If subdomain concrete number is more than second
The corresponding networked asset of rhizosphere name is placed in the classification of third asset size by threshold value.
The 5th kind of possible embodiment with reference to first aspect, the 6th kind the present invention provides first aspect are possible
Embodiment, wherein the structure asset size classification and the mapping relations collection in risk point loss base value library include:
The mapping relations for building the first asset size classification and risk point first-loss base value library, in the risk point first
It loses in base value library, user's sensitive data reveals corresponding first risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The mapping relations that base value library is lost in the classification of the second asset size with risk point second are built, in the risk point second
It loses in base value library, user's sensitive data reveals corresponding second risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The mapping relations for building the classification of third asset size and risk point third loss base value library, in the risk point third
It loses in base value library, user's sensitive data reveals corresponding third risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The first risk point loss base value is less than second risk point and loses base value, and second risk point loses base
Value is less than third risk point and loses base value;
Classify according to the classification of the first asset size and mapping relations, second asset size in risk point first-loss base value library
The mapping relations in base value library are lost with risk point second and the classification of third asset size loses base value library with risk point third
Mapping relations obtain the mapping relations collection of asset size classification and risk point loss base value library.
The 4th kind of possible embodiment with reference to first aspect, the 7th kind the present invention provides first aspect are possible
Embodiment, wherein described according to the risk point sorted out, carrying out risk portrait to the networked asset to be drawn a portrait further includes:
Assets importance degree is carried out to the corresponding networked asset of each subdomain name;
There are the corresponding assets importance degrees of the subdomain name of loophole for acquisition.
The 4th kind of possible embodiment with reference to first aspect, the 8th kind the present invention provides first aspect are possible
Embodiment, wherein described according to the risk point sorted out, carrying out risk portrait to the networked asset to be drawn a portrait further includes:
According to pre-set loophole grade, the corresponding loophole grade of existing loophole is inquired.
Second aspect, the present invention provides networked asset risk portrait devices, including:Rhizosphere name acquisition module, subdomain name
Acquisition module, vulnerability scanning module and risk portrait module, wherein
Rhizosphere name acquisition module, for obtaining the corresponding target rhizosphere name of networked asset to be drawn a portrait;
Subdomain name acquisition module, the subdomain name for including under one's name for obtaining the target rhizosphere;
Vulnerability scanning module carries out vulnerability scanning for the subdomain name to acquisition, obtains depositing in the subdomain name of the acquisition
Loophole;
Risk portrait module carries out risk point for sorting out strategy according to pre-set risk point to obtained loophole
Sort out, according to the risk point sorted out, risk portrait is carried out to the networked asset to be drawn a portrait.
Networked asset risk portrait method and device provided by the embodiments of the present application, it is corresponding to obtain networked asset to be drawn a portrait
Target rhizosphere name;Obtain the subdomain name that the target rhizosphere includes under one's name;Vulnerability scanning is carried out to the subdomain name of acquisition, obtains institute
State loophole present in the subdomain name of acquisition;Sort out strategy according to pre-set risk point, risk is carried out to obtained loophole
Point is sorted out, and according to the risk point sorted out, risk portrait is carried out to the networked asset to be drawn a portrait.In this way, by the way that network is occurring
It attacks before the state of affairs, vulnerability scanning is carried out to target rhizosphere each subdomain name under one's name, can find target rhizosphere under one's name in time
Loophole can promote network safety prevention efficiency.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment cited below particularly, and coordinate
Appended attached drawing, is described in detail below.
Specific implementation mode
To keep the purpose, technical scheme and advantage of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
Middle attached drawing, technical solutions in the embodiments of the present application are clearly and completely described, it is clear that described embodiment is only
It is some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is real
Applying the component of example can be arranged and designed with a variety of different configurations.Therefore, below to the application's for providing in the accompanying drawings
The detailed description of embodiment is not intended to limit claimed scope of the present application, but is merely representative of the selected reality of the application
Apply example.Based on embodiments herein, institute that those skilled in the art are obtained without making creative work
There is other embodiment, shall fall in the protection scope of this application.
Fig. 1 be the invention relates to networked asset risk draw a portrait method flow schematic diagram.As shown in Figure 1, the stream
Journey includes:
Step 101, the corresponding target rhizosphere name of networked asset to be drawn a portrait is obtained;
It is corresponding with enterprise or mechanism (networked asset to be drawn a portrait) main web site as an alternative embodiment in the present embodiment
Rhizosphere name is unit progress networked asset risk portrait, in this way, networked asset risk portrait is carried out as unit of enterprise or mechanism,
It is capable of assets on the line of effective protection enterprise or mechanism, multiple branches in enterprise or mechanism can also be avoided to carry out network money respectively
The wasting of resources and less efficient technical problem caused by production portrait.
In the present embodiment, as an alternative embodiment, by taking enterprise web site or organization web as an example, the domain name of website homepage is
Rhizosphere name, for example, the rhizosphere of China Mobile is entitled:10086.cn.
Step 102, the subdomain name that the target rhizosphere includes under one's name is obtained;
In the present embodiment, as an alternative embodiment, obtaining the subdomain name that the target rhizosphere includes under one's name includes:
The mapping relations collection for inquiring pre-stored rhizosphere name and subdomain name library obtains the son of the target rhizosphere name mapping
Domain name library;
Extract all subdomain names in the subdomain name library of the target rhizosphere name mapping.
In the present embodiment, as an alternative embodiment, by obtaining the rhizosphere name of each enterprise web site or organization web in advance,
Crawler technology is recycled to capture the subdomain name of each rhizosphere under one's name respectively, to build reflecting for rhizosphere name and subdomain name library
Set of relations is penetrated, is concentrated in mapping relations, each rhizosphere name corresponds to a subdomain name library, and an enterprise or mechanism correspond to a rhizosphere name, often
Include one or more subdomain names in one subdomain name library.
In the present embodiment, as another alternative embodiment, obtaining the subdomain name that the target rhizosphere includes under one's name includes:
The target rhizosphere name is retrieved using crawler technology, obtains the subdomain name of the target rhizosphere under one's name.
In the present embodiment, according to target rhizosphere name, whole subdomain names that the automatically retrieval target rhizosphere includes under one's name.Example
Such as, according to the rhizosphere name 10086.cn of middle mobile site, automatically retrieval obtains the whole subdomain names of the rhizosphere under one's name, including but
It is not limited to:Zj.10086.cn, bj.10086.cn, js.10086.cn etc..
Step 103, vulnerability scanning is carried out to the subdomain name of acquisition, obtains loophole present in the subdomain name of the acquisition;
In the present embodiment, vulnerability scanning is carried out to the whole subdomain names of rhizosphere under one's name, is obtained present in whole subdomain names
Loophole, identical loophole present in different subdomain names are handled by a loophole.
Can be according to the pre-set vulnerability scanning period to subdomain name as an alternative embodiment in the present embodiment
Carry out vulnerability scanning;Can also be that not timing carries out vulnerability scanning to subdomain name as another alternative embodiment;As further may be used
Embodiment is selected, can also be after having issued new loophole, starts and vulnerability scanning is carried out to the subdomain name of each rhizosphere under one's name.In this way,
By carrying out vulnerability scanning before the network attack state of affairs occurs, it can find loophole in time and carry out corresponding loophole to remedy,
Network safety prevention efficiency can be effectively promoted to avoid the leakage of data and user information.
Step 104, sort out strategy according to pre-set risk point, risk point classification, foundation are carried out to obtained loophole
The risk point of classification carries out risk portrait to the networked asset to be drawn a portrait.
In the present embodiment, as an alternative embodiment, risk is drawn a portrait to be carried out with the potential loss value of networked asset to be drawn a portrait
Characterization, in this way, can be in order to intuitively showing.
In the present embodiment, after the loophole of whole subdomain names is carried out risk point classification, calculating asset risk can bring
Potential loss value.
Since safety problem caused by different loopholes can be different, thus, in the present embodiment, according to safety caused by loophole
Sex chromosome mosaicism carries out risk point classification to loophole.As an alternative embodiment, risk point includes:Website by Denial of Service attack,
Website homepage face is tampered and the leakage of user's sensitive data.
In the present embodiment, as an alternative embodiment, each loophole can correspond to one or more of risk point classification
Risk point.
In the present embodiment, as an alternative embodiment, sort out strategy according to pre-set risk point, to obtained loophole
Carrying out risk point classification includes:
The mapping relations of loophole and risk are inquired, the risk of the loophole mapping obtained described in acquisition;
The mapping relations that risk is sorted out with risk point are inquired, the risk point of the risk mapping obtained is sorted out.
In the present embodiment, the mapping relations and risk that build and store loophole and risk in advance are reflected with what risk point was sorted out
Penetrate relationship.
In the present embodiment, as an alternative embodiment, risk includes:Refusal service risk, client side attack risk, logic
Risk of attacks, Brute Force risk, overflow risk, injection risk, information leakage risk, personnel safety consciousness risk, permission around
It crosses risk, code disclosure risk and order and executes risk, wherein
Refusal service risk and spilling risk are sorted out to website by Denial of Service attack;
Client side attack risk overflows risk, personnel safety consciousness risk, code disclosure risk and order execution risk
Sort out to website homepage face and is tampered;
Logical attack risk, Brute Force risk, injection risk, information leakage risk, personnel safety consciousness risk, permission
Risk is executed around risk and order to sort out to the leakage of user's sensitive data.
In the present embodiment, the networked asset to be drawn a portrait is carried out according to the risk point sorted out as an alternative embodiment
Risk is drawn a portrait:
It obtains the corresponding risk point of the risk point sorted out and loses base value;
The unit interval user's visit capacity for counting the target rhizosphere name calculates the risk point loss base value and the list
The product of position time user's visit capacity obtains the risk portrait of the networked asset to be drawn a portrait.
In the present embodiment, as an alternative embodiment, each risk point can be set and correspond to risk point loss base value, and
User's sensitive data reveals corresponding risk point loss base value maximum, and website is lost by the corresponding risk point of Denial of Service attack
Base value takes second place, and it is minimum that website homepage face is tampered corresponding risk point loss base value.
In the present embodiment, if sort out risk point have it is multiple, can be according to each risk point as an alternative embodiment
Corresponding risk point loss base value carries out risk portrait, can also choose risk point from multiple risk points of classification and lose base
It is worth the corresponding risk point of highest, carries out risk portrait only in accordance with the risk point, the present embodiment is not construed as limiting this.
In the present embodiment, since the different corresponding networked asset scales of rhizosphere name is different so that same loophole causes
The potential loss value of heterogeneous networks assets is also different, therefore, it is possible to consider that the scale of networked asset carries out risk portrait, as another
One alternative embodiment, this method further include:
Asset size classification is carried out to the corresponding networked asset of each rhizosphere name, the classification of structure asset size is lost with risk point
The mapping relations collection in base value library;
The risk point according to classification, carrying out risk portrait to the networked asset to be drawn a portrait includes:
Asset size classification belonging to networked asset to be drawn a portrait described in determination;
The mapping relations collection that queries asset scale is classified with risk point loss base value library, obtains the affiliated asset size
The risk point loss base value library of classification map;
From obtained risk point loss base value library, the corresponding risk point loss base value of risk point of classification is obtained;
The unit interval user's visit capacity for counting the target rhizosphere name calculates the risk point loss base value and the list
The product of position time user's visit capacity obtains the risk portrait of the networked asset to be drawn a portrait.
In the present embodiment, as an alternative embodiment, asset size classification is carried out to the corresponding networked asset of each rhizosphere name
Including:
According to the subdomain concrete number that rhizosphere includes under one's name, judge whether subdomain concrete number is less than or equal to first threshold, if so, will
The corresponding networked asset of rhizosphere name is placed in the classification of the first asset size;If subdomain concrete number is less than or waits more than first threshold
In second threshold, which is placed in the classification of the second asset size;If subdomain concrete number is more than second
The corresponding networked asset of rhizosphere name is placed in the classification of third asset size by threshold value.
In the present embodiment, as an alternative embodiment, first threshold, which can be based on operation cost input and the public, influences model
It encloses and is less than medium-sized businesses, risk attack utilization rate is low, causes company management, technology, maintenance cost, operation small range loss, and
The content for being stolen or attacking is by commercial or he is used for determining, for example, first threshold could be provided as 5, if a rhizosphere is under one's name
Subdomain concrete number be less than or equal to 5, then the corresponding networked asset of rhizosphere name belong to the first asset size classification.
Second threshold can be based on operation cost input and public's coverage is less than big companies, and risk is attacked to legal person
And company damages including company operation, technology, maintenance cost and the content that is stolen or attacks by commercial or he is used for really
It is fixed, for example, second threshold could be provided as 30, it, should if the subdomain concrete number of a rhizosphere under one's name is less than or equal to 30 more than 5
The corresponding networked asset of rhizosphere name belongs to the classification of the second asset size.
Classify for third asset size, operation cost input can be based on and public's coverage causes to damage on a large scale
Evil, risk attack damage including company operation, technology, maintenance cost and in being stolen or attacking legal person and company
Hold by commercial or he is used for considering, if the subdomain concrete number of a rhizosphere under one's name is more than 30, the corresponding networked asset of rhizosphere name
Belong to the classification of third asset size.
In the present embodiment, as an alternative embodiment, the mapping of the classification of structure asset size and risk point loss base value library
Set of relations includes:
The mapping relations for building the first asset size classification and risk point first-loss base value library, in the risk point first
It loses in base value library, user's sensitive data reveals corresponding first risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The mapping relations that base value library is lost in the classification of the second asset size with risk point second are built, in the risk point second
It loses in base value library, user's sensitive data reveals corresponding second risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The mapping relations for building the classification of third asset size and risk point third loss base value library, in the risk point third
It loses in base value library, user's sensitive data reveals corresponding third risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The first risk point loss base value is less than second risk point and loses base value, and second risk point loses base
Value is less than third risk point and loses base value;
Classify according to the classification of the first asset size and mapping relations, second asset size in risk point first-loss base value library
The mapping relations in base value library are lost with risk point second and the classification of third asset size loses base value library with risk point third
Mapping relations obtain the mapping relations collection of asset size classification and risk point loss base value library.
In the present embodiment, as an alternative embodiment, unit interval user's visit capacity can be averaged according to finding what is attacked
Both average response time or combination after detection time or discovery network attack are determined.In the present embodiment, the unit interval
User's visit capacity is monthly average user's visit capacity.
In the present embodiment, as an alternative embodiment, in risk point first-loss base value library, website is by Denial of Service attack
It hits corresponding risk point loss base value to be less than in the loss base value of risk point second library, website is by the corresponding wind of Denial of Service attack
Danger point loss base value;Risk point second loses in base value library, and base value is lost in website by the corresponding risk point of Denial of Service attack
Less than in risk point third loss base value library, base value is lost in website by the corresponding risk point of Denial of Service attack.Risk point
In one loss base value library, website homepage face is tampered corresponding risk point loss base value and is less than the loss base value of risk point second library
In, website homepage face is tampered corresponding risk point loss base value;Risk point second loses in base value library, and website homepage face is usurped
Change corresponding risk point loss base value to be less than in risk point third loss base value library, website homepage face is tampered corresponding risk point
Lose base value.For example,
In mapping relations of the first asset size classification with risk point first-loss base value library, it can be arranged:
For user or client-aware information leakage, risk point loses base value (each user registered) as 30;
For website by Denial of Service attack, it is 20 that risk point, which loses base value,;
Website homepage is tampered:It is 10 that risk point, which loses base value,.
In the classification of the second asset size loses the mapping relations in base value library with risk point second, it can be arranged:
For user or client-aware information leakage, it is 40 that risk point, which loses base value,;
For website by Denial of Service attack, it is 30 that risk point, which loses base value,;
Website homepage is tampered:It is 20 that risk point, which loses base value,.
In the classification of third asset size with the mapping relations in risk point third loss base value library, can be arranged:
For user or client-aware information leakage, it is 50 that risk point, which loses base value,;
For website by Denial of Service attack, it is 35 that risk point, which loses base value,;
Website homepage is tampered:It is 25 that risk point, which loses base value,.
For above-mentioned, for a big companies, if user sensitive information is revealed, lost to caused by a user
Value is 50 yuan (corresponding third asset size classification), then to calculate the economic loss (risk portrait) ultimately caused the moon according to the root
Average user visit capacity in domain name or subdomain name one month calculates in conjunction with user's loss, is:15000 (monthly average users
Visit capacity) * 50 yuan (in the classification of third asset size, user information is leaked to penalty values caused by a user)=750000 yuan
(economic loss ultimately caused).In this manner it is achieved that the loophole attack state of affairs gives warning in advance and assessed with risk potential loss value, make
Potential loss caused by user attacks loophole is got information about, and can effectively be promoted it to carry out safety to networked asset and be added
Gu.
In the present embodiment, as another alternative embodiment, according to the risk point sorted out, to the networked asset to be drawn a portrait into
Nearly portrait further includes sector-style:
Assets importance degree is carried out to the corresponding networked asset of each subdomain name;
There are the corresponding assets importance degrees of the subdomain name of loophole for acquisition.
In the present embodiment, as an alternative embodiment, assets importance degree includes:Critical asset, ordinary assets and
Assets in general, wherein
Critical asset includes:Portal website, mailing system, back-stage management, there are the assets of visit capacity, there are security protections
Assets;
Ordinary assets include:Other assets in addition to critical asset and assets in general;
Assets in general includes:Domain name exists, but the assets that cannot be accessed.
In the present embodiment, divided by the importance of assets on the line to enterprise or mechanism, it may be determined that subdomain name
Whether corresponding networked asset is critical asset, to realize the effective protection to critical asset.
In the present embodiment, as yet another alternative embodiment, according to the risk point sorted out, to the networked asset to be drawn a portrait into
Nearly portrait further includes sector-style:
According to pre-set loophole grade, the corresponding loophole grade of existing loophole is inquired.
In the present embodiment, as an alternative embodiment, loophole grade includes:It is low danger, it is middle danger, it is high-risk.By to scanning through
At loophole carry out loophole inquiry, obtain the corresponding loophole grade of each loophole in networked asset.
In the present embodiment, the loophole of loophole grade can also be calculated according to the corresponding loophole quantity of each loophole grade
Accounting, for example, calculate separately the accounting of low danger loophole and total loophole, the accounting of middle danger loophole and total loophole and high-risk loophole with
The accounting of total loophole.
In the present embodiment, as an alternative embodiment, calculation risk potential loss value (risk portrait) can cause domain name
Great influence is showed with most intuitive way, and associated restoration suggestion can be provided according to risk of loss.For example, in the wind of displaying
In the portrait interface of danger, left and right subfield is carried out to risk portrait interface, left column is each subdomain name that rhizosphere name and rhizosphere name include
Corresponding networked asset, a part for corresponding risk portrait, wherein
The corresponding networked asset of each subdomain name under the entitled Netease of rhizosphere (163.com) includes but not limited to:Portal website,
Mailbox system, forum, video platform, logging in system by user, test system, inquiry system, service platform, news release system,
Teaching platform, recruitment platform, customer relation system, other, WIKI systems.
Right column corresponds to another part of risk portrait, including:Assets importance divides, risk point is sorted out, loophole grade system
Meter and potential loss value, wherein
Assets importance is divided into the importance of networked asset to be assessed, for example, if networked asset to be assessed is:
Campus.163.com, the content that assets importance divides displaying can be:It is Netease's portal belonging to campus.163.com
It stands, is critical asset through system evaluation, awareness of safety please be reinforce, generation of avoiding risk.
Risk point is sorted out, and to be scanned the risk point of classification to networked asset to be assessed, the content of displaying can be:Altogether
It was found that 2 class risks, ask risk of selection type to check relevant vulnerability safety recommendation
Information leakage risk client end risk of attacks.
Loophole grade counts, and grade statistical analysis is carried out to the loophole that scanning obtains, for example, high-risk:0 (0%);Middle danger:2
(33.33%);Low danger:4 (66.67%).
Potential loss value shows potential loss value and potential loss and suggestion, wherein
Potential loss value shows specific numerical value;
Potential loss and suggest displaying content can be:This website belongs to portal website's system, and existence information reveals wind
Danger, this risk may result in the leakage of user's sensitive data, estimate penalty values XXX members, it is proposed that repair relevant vulnerability immediately and avoid
The generation of security threat.
In the present embodiment, by subdomain name automatically retrieval and subdomain name vulnerability scanning, the complete network money of rhizosphere name is formed
The portrait analysis and assessment of wind-producing danger.
Fig. 2 be the invention relates to networked asset risk draw a portrait apparatus structure schematic diagram.As shown in Fig. 2, the dress
Set including:Rhizosphere name acquisition module 21, subdomain name acquisition module 22, vulnerability scanning module 23 and risk portrait module 24,
In,
Rhizosphere name acquisition module 21, for obtaining the corresponding target rhizosphere name of networked asset to be drawn a portrait;
Subdomain name acquisition module 22, the subdomain name for including under one's name for obtaining the target rhizosphere;
In the present embodiment, as an alternative embodiment, subdomain name acquisition module 22 includes:Query unit and extraction unit
(not shown), wherein
Query unit, the mapping relations collection for inquiring pre-stored rhizosphere name and subdomain name library, obtains the target
The subdomain name library of rhizosphere name mapping;
Extraction unit, all subdomain names in subdomain name library for extracting the target rhizosphere name mapping.
Vulnerability scanning module 23 carries out vulnerability scanning for the subdomain name to acquisition, obtains in the subdomain name of the acquisition
Existing loophole;
Can be according to the pre-set vulnerability scanning period to subdomain name as an alternative embodiment in the present embodiment
Carry out vulnerability scanning;Can also be that not timing carries out vulnerability scanning to subdomain name as another alternative embodiment;As further may be used
Embodiment is selected, can also be after having issued new loophole, starts and vulnerability scanning is carried out to the subdomain name of each rhizosphere under one's name.
Risk portrait module 24 carries out risk for sorting out strategy according to pre-set risk point to obtained loophole
Point is sorted out, and according to the risk point sorted out, risk portrait is carried out to the networked asset to be drawn a portrait.
In the present embodiment, as an alternative embodiment, risk portrait module 24 includes:Risk query unit, risk point obtain
Take unit and risk portrait unit (not shown), wherein
Risk query unit, the mapping relations for inquiring loophole and risk, the wind of the loophole mapping obtained described in acquisition
Danger;
In the present embodiment, as an alternative embodiment, risk includes:Refusal service risk, client side attack risk, logic
Risk of attacks, Brute Force risk, overflow risk, injection risk, information leakage risk, personnel safety consciousness risk, permission around
It crosses risk, code disclosure risk and order and executes risk, wherein
Refusal service risk and spilling risk are sorted out to website by Denial of Service attack;
Client side attack risk overflows risk, personnel safety consciousness risk, code disclosure risk and order execution risk
Sort out to website homepage face and is tampered;
Logical attack risk, Brute Force risk, injection risk, information leakage risk, personnel safety consciousness risk, permission
Risk is executed around risk and order to sort out to the leakage of user's sensitive data.
Risk point acquiring unit, the mapping relations sorted out with risk point for inquiring risk, the risk mapping obtained
Risk point sort out;
Risk portrait unit, for according to the risk point sorted out, risk portrait to be carried out to the networked asset to be drawn a portrait.
In the present embodiment, as an alternative embodiment, risk portrait unit includes:First base value obtains subelement and money
Produce the first computation subunit of penalty values, wherein
First base value obtains subelement, for obtaining the corresponding risk point loss base value of risk point sorted out;
The first computation subunit of loss of assets value, unit interval user's visit capacity for counting the target rhizosphere name,
The product for calculating risk point the loss base value and the unit interval user visit capacity, obtains the networked asset to be drawn a portrait
Risk is drawn a portrait.
In the present embodiment, as another alternative embodiment, risk portrait unit includes:Asset size classification structure is single
Member, asset size classification determination subelement, risk point loss base value library obtains subelement, the second base value obtains subelement and money
Produce the second computation subunit of penalty values, wherein
Asset size classification structure subelement, for carrying out asset size classification to the corresponding networked asset of each rhizosphere name,
Build the mapping relations collection of asset size classification and risk point loss base value library;
In the present embodiment, as an alternative embodiment, asset size classification is carried out to the corresponding networked asset of each rhizosphere name
Including:
According to the subdomain concrete number that rhizosphere includes under one's name, judge whether subdomain concrete number is less than or equal to first threshold, if so, will
The corresponding networked asset of rhizosphere name is placed in the classification of the first asset size;If subdomain concrete number is less than or waits more than first threshold
In second threshold, which is placed in the classification of the second asset size;If subdomain concrete number is more than second
The corresponding networked asset of rhizosphere name is placed in the classification of third asset size by threshold value.
In the present embodiment, as an alternative embodiment, the mapping of the classification of structure asset size and risk point loss base value library
Set of relations includes:
The mapping relations for building the first asset size classification and risk point first-loss base value library, in the risk point first
It loses in base value library, user's sensitive data reveals corresponding first risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The mapping relations that base value library is lost in the classification of the second asset size with risk point second are built, in the risk point second
It loses in base value library, user's sensitive data reveals corresponding second risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The mapping relations for building the classification of third asset size and risk point third loss base value library, in the risk point third
It loses in base value library, user's sensitive data reveals corresponding third risk point loss base value maximum, and the website is refused
The corresponding risk point loss base value of service attack absolutely takes second place, and the website homepage face is tampered corresponding risk point loss base value most
It is small;
The first risk point loss base value is less than second risk point and loses base value, and second risk point loses base
Value is less than third risk point and loses base value;
Classify according to the classification of the first asset size and mapping relations, second asset size in risk point first-loss base value library
The mapping relations in base value library are lost with risk point second and the classification of third asset size loses base value library with risk point third
Mapping relations obtain the mapping relations collection of asset size classification and risk point loss base value library.
Asset size classification determination subelement, for the asset size classification belonging to networked asset to be drawn a portrait described in determination;
Risk point loses base value library and obtains subelement, and reflecting for base value library is lost with risk point for the classification of queries asset scale
Set of relations is penetrated, the risk point loss base value library of the affiliated asset size classification map is obtained;
Second base value obtains subelement, for from obtained risk point loss base value library, obtaining the risk point pair of classification
The risk point loss base value answered;
The second computation subunit of loss of assets value, unit interval user's visit capacity for counting the target rhizosphere name,
The product for calculating risk point the loss base value and the unit interval user visit capacity, obtains the networked asset to be drawn a portrait
Risk is drawn a portrait.
In the present embodiment, as another alternative embodiment, risk portrait unit further includes:Assets importance degree subelement
And assets importance obtains subelement, wherein
Assets importance degree subelement, for carrying out assets importance degree to the corresponding networked asset of each subdomain name;
Assets importance obtains subelement, and for obtaining, there are the corresponding assets importance degrees of the subdomain name of loophole.
In the present embodiment, as yet another alternative embodiment, risk portrait unit further includes:
Loophole grade obtains subelement, for according to pre-set loophole grade, inquiring the corresponding leakage of existing loophole
Hole grade.
In embodiment provided herein, it should be understood that disclosed device and method, it can be by others side
Formula is realized.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, only one kind are patrolled
Volume function divides, formula that in actual implementation, there may be another division manner, in another example, multiple units or component can combine or can
To be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some communication interfaces, device or unit
It connects, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in embodiment provided by the present application can be integrated in a processing unit, also may be used
It, can also be during two or more units be integrated in one unit to be that each unit physically exists alone.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer read/write memory medium.Based on this understanding, the technical solution of the application is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of step.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing, in addition, term " the
One ", " second ", " third " etc. are only used for distinguishing description, are not understood to indicate or imply relative importance.
Finally it should be noted that:Embodiment described above, the only specific implementation mode of the application, to illustrate the application
Technical solution, rather than its limitations, the protection domain of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen
It please be described in detail, it will be understood by those of ordinary skill in the art that:Any one skilled in the art
In the technical scope that the application discloses, it can still modify to the technical solution recorded in previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution.The protection in the application should all be covered
Within the scope of.Therefore, the protection domain of the application shall be subject to the protection scope of the claim.