CN109617910B - Vulnerability risk assessment method and device, storage medium and server - Google Patents

Vulnerability risk assessment method and device, storage medium and server Download PDF

Info

Publication number
CN109617910B
CN109617910B CN201910015181.8A CN201910015181A CN109617910B CN 109617910 B CN109617910 B CN 109617910B CN 201910015181 A CN201910015181 A CN 201910015181A CN 109617910 B CN109617910 B CN 109617910B
Authority
CN
China
Prior art keywords
vulnerability
risk
vulnerability risk
weight
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910015181.8A
Other languages
Chinese (zh)
Other versions
CN109617910A (en
Inventor
邢玉苗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910015181.8A priority Critical patent/CN109617910B/en
Publication of CN109617910A publication Critical patent/CN109617910A/en
Application granted granted Critical
Publication of CN109617910B publication Critical patent/CN109617910B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to the technical field of research and development management, development assistance and service management, and provides a vulnerability risk assessment method, which comprises the following steps: acquiring vulnerability information obtained by scanning an application program; extracting vulnerability risk factors from the vulnerability information, and calculating the vulnerability risk factors through a convolutional neural network to obtain vulnerability risk weights; determining a vulnerability risk level based on the vulnerability risk weight. In the method, the whole bug risk level judgment has no subjective participation of testers, the corresponding risk level is determined according to the preset condition, the risk weight and the incidence relation between the risk weight and the risk level, the determination of the risk level of the whole bug is objective, the bug risk level determination is fair and fair, contradictions between research and development personnel and the testers are avoided, the bug risk level judgment result is more accurate, reasonable human resources are reasonably utilized to formulate a reasonable repair scheme for the bug, and the probability of generating the bug in the follow-up process is reduced.

Description

Vulnerability risk assessment method and device, storage medium and server
Technical Field
The invention relates to the technical field of research and development management, development assistance and service management, in particular to a vulnerability risk assessment method and device, a storage medium and a server.
Background
Vulnerability discovery is a key process for the attacker and the protector to fight against, and if the protector cannot discover the exploitable vulnerability earlier than the attacker, the attacker can possibly exploit the vulnerability to launch an attack. The earlier a vulnerability is discovered and repaired, the less likely an information security event will occur.
To prevent this, it is necessary to detect vulnerabilities of an application, discover vulnerabilities and fix them before they are exploited. Currently, when a vulnerability is detected, the risk level of the vulnerability is usually evaluated, and a repair scheme is formulated according to different risk levels. Generally, an evaluation standard of a vulnerability library is adopted for evaluation, but the evaluation standard does not consider factors such as access flow of a vulnerability website and business influence associated with the vulnerability, so that the vulnerability risk level evaluated by the evaluation standard of the vulnerability library does not accord with the damage of the actual vulnerability to the website, and meanwhile, subjective factors of evaluators are doped, so that the judgment of the risk level is relatively simple, such as: whether the bug is necessary to be implemented or not is determined, and if the bug is necessary to be implemented, the bug is fatal, but in fact, the necessary crash is not necessarily fatal, for example, a hidden path is very deep or a small function which is not commonly used is determined, so that the bug is fatal because the determination cannot be made according to the necessary crash, the bug risk level determination is inaccurate, the false alarm rate is high, and a subsequent repair scheme which is made according to the risk level is not reasonable enough and cannot effectively play a precaution role.
Disclosure of Invention
In order to overcome the technical problems, particularly the problems that the bug risk level is judged inaccurately and the false alarm rate is high, so that the subsequent repair scheme made according to the risk level is not reasonable enough and can not effectively play a precaution role, the following technical scheme is proposed:
the vulnerability risk assessment method provided by the embodiment of the invention comprises the following steps:
acquiring vulnerability information obtained by scanning an application program;
extracting vulnerability risk factors from the vulnerability information, and calculating the vulnerability risk factors through a convolutional neural network to obtain vulnerability risk weights;
determining a vulnerability risk level based on the vulnerability risk weight.
Optionally, the calculating the vulnerability risk factor through a convolutional neural network to obtain the vulnerability risk weight includes:
calculating each vulnerability risk factor through a convolutional neural network, and determining a first vulnerability risk value corresponding to each vulnerability risk factor;
and obtaining a weight value corresponding to each vulnerability risk factor, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight.
Optionally, the extracting vulnerability risk factors from the vulnerability information, calculating the vulnerability risk factors through a convolutional neural network, and obtaining the vulnerability risk weight includes:
acquiring the version of an application program, and filtering the vulnerability information according to the version of the application program;
extracting the vulnerability risk factor from the vulnerability information after filtering, and inputting the vulnerability risk factor into a convolutional neural network;
calculating each vulnerability risk factor through the convolutional neural network, and determining the first vulnerability risk value corresponding to each vulnerability risk factor of the application program version;
obtaining a weight value corresponding to each vulnerability risk factor of the application program version, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight of the application program of the version.
Optionally, the obtaining a weight value corresponding to each vulnerability risk factor includes:
acquiring type information of an application program, and acquiring a weight value corresponding to each vulnerability risk factor according to the type information.
Optionally, the determining a vulnerability risk level based on the vulnerability risk weight includes:
acquiring an incidence relation between preset vulnerability risk weight and risk level;
and inquiring the incidence relation between the preset vulnerability risk weight and the risk level according to the vulnerability risk weight to determine the risk level.
Optionally, the vulnerability risk factor includes: external influence factors causing the vulnerability, vulnerability occurrence probability factors, user operation type factors, business function user number factors, vulnerability influence factors and vulnerability repair factors.
Optionally, after determining the vulnerability risk level based on the vulnerability risk weight, the method includes:
extracting vulnerability description information from the vulnerability information, and generating reminding information according to the vulnerability description information and vulnerability risk level;
and acquiring user information of the loophole corresponding to the loophole information, and sending the reminding information to a user according to the user information.
The embodiment of the invention also provides a vulnerability risk assessment device, which comprises:
the vulnerability information acquisition module is used for acquiring vulnerability information obtained by scanning the application program;
the vulnerability risk weight obtaining module is used for extracting vulnerability risk factors from the vulnerability information, calculating the vulnerability risk factors through a convolutional neural network and obtaining the vulnerability risk weight;
and the vulnerability risk level determining module is used for determining the vulnerability risk level based on the vulnerability risk weight.
Optionally, the vulnerability risk weight obtaining module includes:
the first vulnerability risk value determining unit is used for calculating each vulnerability risk factor through a convolutional neural network and determining a first vulnerability risk value corresponding to each vulnerability risk factor;
and the second vulnerability risk weight calculation unit is used for acquiring a weight value corresponding to each vulnerability risk factor, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to acquire the vulnerability risk weight.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the program is executed by a processor, the vulnerability risk assessment method of any technical scheme is realized.
An embodiment of the present invention further provides a server, including:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the steps of the vulnerability risk assessment method according to any of the claims.
Compared with the prior art, the invention has the following beneficial effects:
1. the vulnerability risk assessment method provided by the embodiment of the application comprises the following steps: acquiring vulnerability information obtained by scanning an application program; extracting vulnerability risk factors from the vulnerability information, and calculating the vulnerability risk factors through a convolutional neural network to obtain vulnerability risk weights; determining a vulnerability risk level based on the vulnerability risk weight. The vulnerability risk assessment method is mainly used in the testing link of the application program, and when the application program is scanned in the testing process, in order to improve the experience of using the application program by a user, the vulnerability risk level is determined according to the operation type, the number of the application programs used by the user, the source of the application program from the user and other influence factors in the using process of the user. After the vulnerability information is obtained, in order to improve the accuracy and objectivity of risk level determination, in the application, a convolutional neural network is also required to be obtained, and the model extracts vulnerability risk factors in the vulnerability information through the convolutional neural network, so that vulnerability risk weights can be accurately and objectively obtained based on the vulnerability risk factors. After the vulnerability risk weight is determined, the corresponding vulnerability risk level can be determined based on the incidence relation between the preset vulnerability risk level and the vulnerability risk weight. In the embodiment provided by the application, the incidence relation is queried through the vulnerability risk weight, and then the corresponding vulnerability risk level can be determined based on the incidence relation. The whole bug risk level evaluation has no subjective participation of testers, and the corresponding risk level is determined by preset conditions, risk weight and incidence relation between the risk weight and the risk level, so that the determination of the risk level of the whole bug is objective, the bug risk level determination is fair and fair, the contradiction between research and development personnel and the testers is avoided, the two parties can receive the result more easily, and the probability of generating the bug subsequently is reduced. Because in this process, the participation degree of survey personnel has been reduced, consequently also alleviateed the staff's of testing work for the bug risk level that judges is more accurate, and manpower resources pertinence that can be reasonable utilizes makes reasonable restoration scheme to the bug, so that obtain more effective guard action.
2. The vulnerability risk assessment method provided by the embodiment of the application comprises the following steps after the vulnerability risk level is determined based on the vulnerability risk weight: extracting vulnerability description information from the vulnerability information, and generating reminding information according to the vulnerability description information and vulnerability risk level; and acquiring user information of the loophole corresponding to the loophole information, and sending the reminding information to a user according to the user information. In order to enable related personnel to know the vulnerability level as soon as possible, vulnerability description information in the vulnerability information is extracted, reminding information is generated based on the vulnerability description information and the vulnerability risk level, namely the content of the reminding information comprises the vulnerability description information and the vulnerability risk level, then user information corresponding to the vulnerability is obtained, such as the name, the contact mode (e.g. mailbox, telephone, weChat and the like) and the like of testing and/or research and development personnel, the reminding information is sent to corresponding users, and therefore the users can know the vulnerability condition in time and make a timely response action on the vulnerability, namely corresponding measures can be taken according to the risk level, the bug is prevented from affecting the operation of an application program, and the user experience is reduced.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flow chart of an implementation manner in a typical embodiment of a vulnerability risk assessment method according to the present invention;
FIG. 2 is a schematic structural diagram of a vulnerability risk assessment apparatus according to an exemplary embodiment of the present invention;
fig. 3 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, or operations, but do not preclude the presence or addition of one or more other features, integers, steps, operations, or groups thereof.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
It will be appreciated by those skilled in the art that the terms "application," "application program," "application software," and the like, as used herein, are intended to refer to a computer software product electronically-adapted to be electronically-constructed, from a collection of computer instructions and associated data resources, in accordance with the principles of the present invention. Unless specifically stated, this nomenclature is not limited in itself by the programming language class, level, or operating system or platform on which it depends. Of course, such concepts are not limited to any type of terminal.
As shown in fig. 1, the vulnerability risk assessment method provided in the embodiment of the present application includes: s100, S200 and S300.
S100: acquiring vulnerability information obtained by scanning an application program;
s200: extracting vulnerability risk factors from the vulnerability information, and calculating the vulnerability risk factors through a convolutional neural network to obtain vulnerability risk weights;
s300: determining a vulnerability risk level based on the vulnerability risk weight.
The vulnerability risk assessment method is mainly used in the testing link of the application program, and when the application program is scanned in the testing process, in order to improve the experience of using the application program by a user, the vulnerability risk level is determined according to the operation type, the number of the application programs used by the user, the source of the application program from the user and other influence factors in the using process of the user. In the embodiment provided by the present application, vulnerability information obtained when an application is scanned is obtained, where the vulnerability information includes bug parameters, an id of a bug, bug details, and user feedback on the bug, and the user feedback on the bug includes the aforementioned operation type, the number of applications used by a user, and the source of the application used by the user. Common bug parameters are: for example, the bug occurrence probability is 1 or more times or every time; the platform of the bug is a front end or a background; the source of bug is system test or regression test or smoke test or UAT test; the module of the bug is login or session or setting, etc.; common bug details are: program stop/program log-in failure, etc. In brief, the details are descriptions of bugs. In the subsequent implementation process, the subsequent condition also needs to be determined based on the bug information, for example, the probability of the bug occurrence is determined by counting the number of times of the bug occurring when the software is used for a period of time, the total number of times of using the application software, and the like. After the vulnerability information is obtained, in order to improve the accuracy and objectivity of risk level determination, in the application, a convolutional neural network is also required to be obtained, and the model extracts vulnerability risk factors in the vulnerability information through the convolutional neural network, so that vulnerability risk weights can be accurately and objectively obtained based on the vulnerability risk factors. After the vulnerability risk weight is determined, the corresponding vulnerability risk level can be determined based on the incidence relation between the preset vulnerability risk level and the vulnerability risk weight. In the embodiment provided by the application, the incidence relation is queried through the vulnerability risk weight, and then the corresponding vulnerability risk level can be determined based on the incidence relation.
As described above, in order to make the determination process of the vulnerability risk level more objective and avoid the subjective factors of the testers from influencing the determination of the vulnerability risk level, so as to further avoid contradictions between the research and development personnel and the testers, in the application, the vulnerability risk factor needs to be extracted from the vulnerability information. As described above, the bug information includes bug parameters, bug id, bug details, user feedback on the bug, and the like, and each item further includes multiple contents. Therefore, the major content for determining the vulnerability risk weight is extracted from the vulnerability information, and the content comprises the following contents: external influence factors causing the vulnerability, vulnerability occurrence probability factors, user operation type factors, business function user number factors, vulnerability influence factors and vulnerability repair factors, wherein the external influence factors, the vulnerability occurrence probability factors, the user operation type factors, the business function user number factors, the vulnerability influence factors and the vulnerability repair factors are vulnerability risk factors. After the vulnerability risk factors are extracted, as more data are related in each factor and different vulnerability risk values are corresponding to different parameters, in order to improve the accuracy of the calculation, the data corresponding to each vulnerability risk factor are respectively input into the convolutional neural network, as the convolutional neural network can extract the main data in each vulnerability risk factor, and the finally obtained vulnerability risk weight is more objective by comprehensively extracting the main data from the data in the same vulnerability risk factor.
Optionally, the calculating the vulnerability risk factor through a convolutional neural network to obtain the vulnerability risk weight includes:
calculating each vulnerability risk factor through a convolutional neural network, and determining a first vulnerability risk value corresponding to each vulnerability risk factor;
and obtaining a weight value corresponding to each vulnerability risk factor, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight.
Combining the previous process, calculating vulnerability risk factors through a convolutional neural network, namely inputting data of the same vulnerability risk factor into the convolutional neural network, extracting main data features in the vulnerability risk factor through the convolutional neural network, determining a first vulnerability risk value corresponding to the vulnerability risk factor according to the corresponding relation between the data features and the vulnerability risk value, then obtaining weighted values of all vulnerability risk factors in the whole vulnerability risk weight, and weighting the product of the first vulnerability risk value corresponding to each vulnerability risk factor and the weighted values to obtain the risk weight of the vulnerability. By the method, the vulnerability risk is objectively evaluated, so that contradictions between developers and testers are reduced, the workload of the testers is reduced, and rapid evaluation of the risk vulnerability is further realized.
In connection with the foregoing example, the vulnerability risk factors include: external influence factors of the loopholes (external influence of bug), loophole occurrence probability factors (loophole occurrence probability), user operation type factors (user operation type), service function user number factors (service function user number), loophole influence factors (loophole influence) and loophole repair factors (loophole recovery conditions), wherein the above contents are loophole risk factors, and the score of the loophole risk factors can be determined through feedback of network users; the score corresponding to each condition can be determined by the following examples, such as the external influence of bug: normal conditions, abnormal conditions, personal conditions; the occurrence probability condition is divided into: high, low, extremely low probability; the user operation type conditions are as follows: necessary operation, unnecessary operation, abnormal operation; the service function user number condition is as follows: majority of users, partial users, few users; and (3) fault influence conditions: damage other function/critical user (VIP) problems, crash/stuck, complete function failure/poor experience, errors affecting other function/function operation or partial failure/poor experience, errors not affecting user usage, failure/poor experience, errors not perceptible, failure; and (3) fault recovery conditions: the fault state is formed after killing the process, triggering is not needed after killing the process, the fault can automatically appear after a period of time, the functional fault (irrelevant to whether the process is killed) is recovered after complex operation, the fault is automatically recovered after long-time waiting, the fault is simply recovered after other associated operations, and the fault is automatically recovered within an acceptable time. Specifically, the score corresponding to the probability condition of occurrence of one bug may be: high probability (more than 8 points), low probability (4-7 points) and extremely low probability (1-3 points), wherein the occurrence probability can be determined based on the number of tests, and the number of occurrences of the user in the process of using the tested application program can be counted. After the score of each risk assessment condition is determined, the weighted sum can be performed according to the weight occupied by each condition and the score to obtain a risk weight, and the risk weight is based on the risk weight. Exemplary risk weights = "external impact" score × "weight of occurrence" + score of "user operation type" score × + weight of "business function" score × + weight of + failure impact "score × + weight of" failure recovery condition "score.
Optionally, the extracting vulnerability risk factors from the vulnerability information, calculating the vulnerability risk factors through a convolutional neural network, and obtaining the vulnerability risk weight includes:
acquiring the version of an application program, and filtering the vulnerability information according to the version of the application program;
extracting the vulnerability risk factor from the vulnerability information after filtering, and inputting the vulnerability risk factor into a convolutional neural network;
calculating each vulnerability risk factor through the convolutional neural network, and determining the first vulnerability risk value corresponding to each vulnerability risk factor of the application program version;
obtaining a weight value corresponding to each vulnerability risk factor of the application program version, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight of the application program of the version.
In the embodiment provided by the application, when the versions of the application programs are not consistent, the extracted vulnerability information is different, and in order to correctly determine the risk level of the application program, after obtaining the vulnerability information, the vulnerability information of the application program may be filtered according to the versions of the application programs, as described above, the conventional vulnerability information includes bug parameters, bug ids, bug details, feedback of a user to the bug, and the like, the feedback of the user to the bug includes the aforementioned operation type, the number of the application programs used by the user, the source of the application programs used by the user, and the like, different versions may also include other types of vulnerability information, and necessary vulnerability information for determining vulnerability risk weight is filtered from the vulnerability information corresponding to the application programs of the versions, and further, the aforementioned first vulnerability risk value may be obtained based on the filtered vulnerability information, and the process is not described in detail herein. Correspondingly, the vulnerability risk factors of different application program versions are correspondingly provided with different weight values, as described above, the external influence weight of part of the versions is higher, the appearance probability weight is low, and the weight of part of the vulnerability risk factors is possibly zero. Therefore, the corresponding vulnerability risk weight is obtained based on the vulnerability risk factors of different versions, so that the accurate assessment of the risk levels of the application programs of different versions can be improved, and then the corresponding repair schemes can be conveniently formulated for bugs of the application programs of different versions according to the assessment result, so that the precaution effect can be more effectively achieved.
Optionally, the obtaining the weight value corresponding to each vulnerability risk factor includes:
and acquiring type information of the application program, and acquiring a weight value corresponding to each vulnerability risk factor according to the type information.
As mentioned above, in different types of applications, the weighted values corresponding to the vulnerability risk factors may also be different, for example, in the applications such as drawing and game, the user needs to perform various operations manually, and the user operation types are more, which results in a higher risk weight ratio (e.g., 30%) corresponding to the user operation type factor in this type, while in some video type applications, in the whole process, corresponding to the applications such as drawing and game, the user operation types are less manually operated in the process of viewing the video of the user, and the risk weight ratio corresponding to the user operation type factor is lower (e.g., 18%). Therefore, the type information of the application program is obtained based on the type of the application program, so that the bug risk weight corresponding to each bug risk factor is obtained based on the type information, the bug risk level can be determined more accurately, and then the corresponding repair scheme can be formulated for bugs of application programs of different versions according to the evaluation result, so that the precautionary effect can be effectively achieved.
Optionally, the determining a vulnerability risk level based on the vulnerability risk weight includes:
acquiring an incidence relation between preset vulnerability risk weight and risk level;
and inquiring the incidence relation between the preset vulnerability risk weight and the risk level according to the vulnerability risk weight to determine the risk level.
After the vulnerability risk weight is determined, the incidence relation between the preset vulnerability risk weight and the risk level is inquired through the vulnerability risk weight, and the vulnerability risk level corresponding to the vulnerability risk weight is determined. In the process, the risk vulnerability grade is evaluated without the need of a tester in charge, so that the risk vulnerability evaluation by subjective factors of the tester can be reduced, and the contradiction between developers and the tester is reduced. With reference to the foregoing example, after the specific vulnerability risk weight is determined on the basis, in order to take corresponding measures, the risk level corresponding to the bug may be determined according to the incidence relation between the vulnerability risk weight and the risk level. Exemplary risk levels include: fatal, severe, general, suggestive. The corresponding relationship between the vulnerability risk weight and the risk level is as follows: fatal (8-10 points), severe (6-8 points), general (3-6 points) and suggestive (1-3 points).
Optionally, after determining the vulnerability risk level based on the vulnerability risk weight, the method includes:
extracting vulnerability description information from the vulnerability information, and generating reminding information according to the vulnerability description information and vulnerability risk level;
and acquiring user information of the loophole corresponding to the loophole information, and sending the reminding information to a user according to the user information.
In order to enable related personnel to know the vulnerability level as soon as possible, vulnerability description information in the vulnerability information is extracted, reminding information is generated based on the vulnerability description information and the vulnerability risk level, namely the content of the reminding information comprises the vulnerability description information and the vulnerability risk level, then user information corresponding to the vulnerability is obtained, such as the name, the contact mode (e.g. mailbox, telephone, weChat and the like) and the like of testing and/or research and development personnel, the reminding information is sent to corresponding users, and therefore the users can know the vulnerability condition in time and make a timely response action on the vulnerability, namely corresponding measures can be taken according to the risk level, and the bug is prevented from affecting the operation of an application program. In the process, the whole bug risk level judgment is free from subjective participation of testers, the corresponding risk level is determined according to the preset conditions, the risk weight and the incidence relation between the risk weight and the risk level, so that the determination of the risk level of the whole bug is objective, the bug risk level determination is fair and fair, the contradiction between research and development personnel and the testers is avoided, the two parties can receive the result more easily, and the probability of the bug being generated subsequently is reduced. In the process, the participation degree of testers is reduced, so that the workload of the testers is reduced.
An embodiment of the present invention further provides a vulnerability risk assessment apparatus, in one implementation manner, as shown in fig. 2, the vulnerability risk assessment apparatus includes: the vulnerability information acquisition module 100, the vulnerability risk weight acquisition module 200 and the vulnerability risk level determination module 300:
a vulnerability information acquisition module 100, configured to acquire vulnerability information obtained by scanning an application;
a vulnerability risk weight obtaining module 200, configured to extract vulnerability risk factors from the vulnerability information, calculate the vulnerability risk factors through a convolutional neural network, and obtain the vulnerability risk weight;
and the vulnerability risk level determination module 300 is used for determining the vulnerability risk level based on the vulnerability risk weight.
Further, as shown in fig. 2, the vulnerability risk assessment apparatus provided in the embodiment of the present invention further includes a first vulnerability risk value determination unit 210, configured to calculate each vulnerability risk factor through a convolutional neural network, and determine that each vulnerability risk factor corresponds to a first vulnerability risk value; the first vulnerability risk weight calculation unit 220 is configured to obtain a weight value corresponding to each vulnerability risk factor, and weight a product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight. A version obtaining unit 230, configured to obtain a version of an application program, and filter the vulnerability information according to the version of the application program; a filtering unit 240, configured to extract the vulnerability risk factor from the vulnerability information after filtering, and input the vulnerability risk factor into a convolutional neural network; a calculating unit 250, configured to calculate each vulnerability risk factor through the convolutional neural network, and determine the first vulnerability risk value corresponding to each vulnerability risk factor of the application version; the second vulnerability risk weight calculation unit 260 is configured to obtain a weight value corresponding to each vulnerability risk factor of the application program version, and weight a product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight of the application program of the version. The type information obtaining unit 221 is configured to obtain type information of the application program, and obtain a weight value corresponding to each vulnerability risk factor according to the type information. An incidence relation obtaining unit 310, configured to obtain an incidence relation between a preset vulnerability risk weight and a risk level; the query unit 320 is configured to query the association relationship between the preset vulnerability risk weight and the risk level according to the vulnerability risk weight to determine the risk level. A prompt information generating unit 410, configured to extract vulnerability description information from the vulnerability information, and generate prompt information according to the vulnerability description information and vulnerability risk level; and the sending unit 420 is configured to obtain user information of the vulnerability corresponding to the vulnerability information, and send the reminding information to a user according to the user information.
The vulnerability risk assessment device provided by the embodiment of the invention can realize the embodiment of the vulnerability risk assessment method, and for specific function realization, reference is made to the description in the embodiment of the method, which is not repeated herein.
In the computer-readable storage medium provided in the embodiment of the present invention, a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the vulnerability risk assessment method according to any technical scheme is implemented. The computer-readable storage medium includes, but is not limited to, any type of disk including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks, ROMs (Read-Only memories), RAMs (Random AcceSS memories), EPROMs (EraSable Programmable Read-Only memories), EEPROMs (Electrically EraSable Programmable Read-Only memories), flash memories, magnetic cards, or optical cards. That is, a storage device includes any medium that stores or transmits information in a form readable by a device (e.g., a computer, a cellular phone), and may be a read-only memory, a magnetic or optical disk, or the like.
After the vulnerability information is obtained, in order to improve vulnerability risk factors of bug risk level for rapidly, stably and objectively determining vulnerability risk weight, the vulnerability information is calculated based on the convolutional neural network vulnerability risk weight to determine the vulnerability risk weight corresponding to the vulnerability, and then based on the corresponding relation between the vulnerability risk weight and the risk level, the vulnerability risk level corresponding to the vulnerability is determined; the vulnerability risk assessment method provided by the embodiment of the application comprises the following steps: acquiring vulnerability information obtained by scanning an application program; extracting vulnerability risk factors from the vulnerability information, and calculating the vulnerability risk factors through a convolutional neural network to obtain vulnerability risk weights; determining a vulnerability risk level based on the vulnerability risk weight. The vulnerability risk assessment method is mainly used in the testing link of the application program, and when the application program is scanned in the testing process, in order to improve the experience of using the application program by a user, the vulnerability risk level is determined according to the operation type, the number of the application programs used by the user, the source of the application program from the user and other influence factors in the using process of the user. In the embodiment provided by the present application, vulnerability information obtained when an application is scanned is obtained, where the vulnerability information includes bug parameters, an id of a bug, bug details, and user feedback on the bug, and the user feedback on the bug includes the aforementioned operation type, the number of applications used by a user, and the source of the application used by the user. Common bug parameters are: for example, the bug occurrence probability is 1 or more times or every time; the platform of the bug is a front end or a background; the source of the bug is a system test or a regression test or a smoking test or a UAT test; the module of the bug is login or session or setting, etc.; common bug details are: program stop/program log-in failure, etc. In brief, the details are the description of the bug. In the subsequent implementation process, the subsequent condition also needs to be determined based on the bug information, for example, the probability of the bug occurrence is determined by counting the number of times of the bug occurring when the software is used for a period of time, the total number of times of using the application software, and the like. After the vulnerability information is obtained, in order to improve the accuracy and objectivity of risk level determination, in the application, a convolutional neural network is also required to be obtained, and the model extracts vulnerability risk factors in the vulnerability information through the convolutional neural network, so that vulnerability risk weights can be accurately and objectively obtained based on the vulnerability risk factors. After the vulnerability risk weight is determined, the corresponding vulnerability risk level can be determined based on the incidence relation between the preset vulnerability risk level and the vulnerability risk weight. In the embodiment provided by the application, the incidence relation is queried through the vulnerability risk weight, and then the corresponding vulnerability risk level can be determined based on the incidence relation.
In addition, in another embodiment, the present invention further provides a server, as shown in fig. 3, the server includes a processor 503, a memory 505, an input unit 507, and a display unit 509. Those skilled in the art will appreciate that the structural elements shown in fig. 3 do not constitute a limitation of all servers and may include more or fewer components than those shown, or some combination of components. The memory 505 may be used to store the application 501 and various functional modules, and the processor 503 executes the application 501 stored in the memory 505, thereby performing various functional applications of the device and data processing. Memory 505 may be an internal memory or an external memory, or include both internal and external memories. The internal memory may include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), flash memory, or random access memory. The external memory may include a hard disk, a floppy disk, a ZIP disk, a usb-disk, a magnetic tape, etc. The disclosed memory includes, but is not limited to, these types of memory. The memory 505 disclosed herein is provided by way of example only and not by way of limitation.
The input unit 507 is used for receiving input of signals, and personal information and related physical condition information input by a user. The input unit 507 may include a touch panel and other input devices. The touch panel can collect touch operations of a client on or near the touch panel (for example, operations of the client on or near the touch panel by using any suitable object or accessory such as a finger, a stylus and the like) and drive the corresponding connecting device according to a preset program; other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., play control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like. The display unit 509 may be used to display information input by the customer or information provided to the customer and various menus of the computer device. The display unit 509 may take the form of a liquid crystal display, an organic light emitting diode, or the like. The processor 503 is a control center of the computer device, connects various parts of the entire computer using various interfaces and lines, and performs various functions and processes data by operating or executing software programs and/or modules stored in the memory 503 and calling data stored in the memory. The one or more processors 503 shown in fig. 3 can execute, implement, and implement the functions of the vulnerability information acquisition module 100, the vulnerability risk weight acquisition module 200, the vulnerability risk level determination module 300, the first vulnerability risk value determination unit 210, the first vulnerability risk weight calculation unit 220, the version acquisition unit 230, the filtering unit 240, the calculation unit 250, the second vulnerability risk weight calculation unit 260, the type information acquisition unit 221, the association relationship acquisition unit 310, the query unit 320, the reminder information generation unit 410, and the transmission unit 420 shown in fig. 2.
In one embodiment, the server includes one or more processors 503, one or more memories 505, and one or more applications 501, wherein the one or more applications 501 are stored in the memory 505 and configured to be executed by the one or more processors 503, and the one or more applications 301 are configured to perform the vulnerability risk assessment methods described in the above embodiments.
After the vulnerability information is obtained, in order to improve vulnerability risk factors of bug risk level for rapidly, stably and objectively determining vulnerability risk weight, the vulnerability information is calculated based on the convolutional neural network vulnerability risk weight to determine the vulnerability risk weight corresponding to the vulnerability, and then the vulnerability risk level corresponding to the vulnerability is determined based on the corresponding relation between the vulnerability risk weight and the risk level; the vulnerability risk assessment method provided by the embodiment of the application comprises the following steps: acquiring vulnerability information obtained by scanning an application program; extracting vulnerability risk factors from the vulnerability information, and calculating the vulnerability risk factors through a convolutional neural network to obtain vulnerability risk weights; and determining the vulnerability risk level based on the vulnerability risk weight. The vulnerability risk assessment method is mainly used in the testing link of the application program, and when the application program is scanned in the testing process, in order to improve the experience of using the application program by a user, the vulnerability risk level is determined according to the operation type, the number of the application programs used by the user, the source of the application program from the user and other influence factors in the using process of the user. In the embodiment provided by the present application, vulnerability information obtained when an application is scanned is obtained, where the vulnerability information includes bug parameters, an id of a bug, bug details, and user feedback on the bug, and the user feedback on the bug includes the aforementioned operation type, the number of applications used by a user, and the source of the application used by the user. Common bug parameters are: for example, the bug occurrence probability is 1 or more times or every time; the platform of the bug is a front end or a background; the source of bug is system test or regression test or smoke test or UAT test; the module of the bug is login or session or setting, etc.; common bug details are: program stop/program log-in failure, etc. In brief, the details are the description of the bug. In the subsequent implementation process, the subsequent condition also needs to be determined based on the bug information, for example, the probability of the bug occurrence is determined by counting the number of times of the bug occurring when the software is used for a period of time, the total number of times of using the application software, and the like. After the vulnerability information is obtained, in order to improve the accuracy and objectivity of risk level determination, in the application, a convolutional neural network is also required to be obtained, and the model extracts vulnerability risk factors in the vulnerability information through the convolutional neural network, so that vulnerability risk weights can be accurately and objectively obtained based on the vulnerability risk factors. After the vulnerability risk weight is determined, the corresponding vulnerability risk level can be determined based on the association relationship between the preset vulnerability risk level and the vulnerability risk weight. In the embodiment provided by the application, the incidence relation is queried through the vulnerability risk weight, and then the corresponding vulnerability risk level can be determined based on the incidence relation.
The server provided by the embodiment of the present invention can implement the embodiment of the vulnerability risk assessment method provided above, and for specific function implementation, reference is made to the description in the embodiment of the method, which is not described herein again.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and embellishments can be made without departing from the principle of the present invention, and these should also be construed as the scope of the present invention.

Claims (8)

1. A vulnerability risk assessment method is characterized by comprising the following steps:
acquiring vulnerability information obtained by scanning an application program;
extracting vulnerability risk factors from the vulnerability information, wherein the vulnerability risk factors comprise: external influence factors causing the vulnerability, vulnerability occurrence probability factors, user operation type factors, service function user number factors, vulnerability influence factors and vulnerability repair factors;
calculating each vulnerability risk factor through a convolutional neural network, and determining a first vulnerability risk value corresponding to each vulnerability risk factor;
acquiring a weight value corresponding to each vulnerability risk factor, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain a vulnerability risk weight;
determining a vulnerability risk level based on the vulnerability risk weight.
2. The vulnerability risk assessment method according to claim 1, wherein vulnerability risk factors are extracted from the vulnerability information, each vulnerability risk factor is calculated through a convolutional neural network, and a first vulnerability risk value corresponding to each vulnerability risk factor is determined; acquiring a weight value corresponding to each vulnerability risk factor, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight, wherein the method comprises the following steps:
acquiring the version of an application program, and filtering the vulnerability information according to the version of the application program;
extracting the vulnerability risk factor from the vulnerability information after filtering, and inputting the vulnerability risk factor into a convolutional neural network;
calculating each vulnerability risk factor through the convolutional neural network, and determining the first vulnerability risk value corresponding to each vulnerability risk factor of the application program version;
obtaining a weight value corresponding to each vulnerability risk factor of the application program version, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight of the application program of the version.
3. The vulnerability risk assessment method according to claim 1, wherein the obtaining of the weight value corresponding to each vulnerability risk factor comprises:
acquiring type information of an application program, and acquiring a weight value corresponding to each vulnerability risk factor according to the type information.
4. The vulnerability risk assessment method of claim 1, wherein the determining a vulnerability risk level based on the vulnerability risk weight comprises:
acquiring an incidence relation between preset vulnerability risk weight and risk level;
and inquiring the incidence relation between the preset vulnerability risk weight and the risk level according to the vulnerability risk weight to determine the risk level.
5. The vulnerability risk assessment method according to any one of claims 1 to 3, wherein the determining the vulnerability risk level based on the vulnerability risk weight comprises:
extracting vulnerability description information from the vulnerability information, and generating reminding information according to the vulnerability description information and vulnerability risk level;
and acquiring user information of the loophole corresponding to the loophole information, and sending the reminding information to a user according to the user information.
6. A vulnerability risk assessment device, comprising:
the vulnerability information acquisition module is used for acquiring vulnerability information obtained by scanning the application program;
the vulnerability risk weight obtaining module is used for extracting vulnerability risk factors from the vulnerability information, calculating each vulnerability risk factor through a convolutional neural network, and determining a first vulnerability risk value corresponding to each vulnerability risk factor; acquiring a weight value corresponding to each vulnerability risk factor, and weighting the product of the weight value corresponding to each vulnerability risk factor and the first vulnerability risk value to obtain the vulnerability risk weight; wherein the vulnerability risk factors include: external influence factors causing the vulnerability, vulnerability occurrence probability factors, user operation type factors, service function user number factors, vulnerability influence factors and vulnerability repair factors;
and the vulnerability risk level determining module is used for determining the vulnerability risk level based on the vulnerability risk weight.
7. A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when executed by a processor, implements the vulnerability risk assessment method of any of claims 1 to 5.
8. A server, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the steps of the vulnerability risk assessment method of any of claims 1 to 5.
CN201910015181.8A 2019-01-08 2019-01-08 Vulnerability risk assessment method and device, storage medium and server Active CN109617910B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910015181.8A CN109617910B (en) 2019-01-08 2019-01-08 Vulnerability risk assessment method and device, storage medium and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910015181.8A CN109617910B (en) 2019-01-08 2019-01-08 Vulnerability risk assessment method and device, storage medium and server

Publications (2)

Publication Number Publication Date
CN109617910A CN109617910A (en) 2019-04-12
CN109617910B true CN109617910B (en) 2023-03-24

Family

ID=66015652

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910015181.8A Active CN109617910B (en) 2019-01-08 2019-01-08 Vulnerability risk assessment method and device, storage medium and server

Country Status (1)

Country Link
CN (1) CN109617910B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855654B (en) * 2019-11-06 2021-10-08 中国移动通信集团广东有限公司 Vulnerability risk quantitative management method and system based on flow mutual access relation
CN111079150B (en) * 2019-11-25 2023-09-05 安天科技集团股份有限公司 Vulnerability risk assessment method and device for patch, electronic equipment and storage medium
CN111193727A (en) * 2019-12-23 2020-05-22 成都烽创科技有限公司 Operation monitoring system and operation monitoring method
CN111931187A (en) * 2020-08-13 2020-11-13 深信服科技股份有限公司 Component vulnerability detection method, device, equipment and readable storage medium
CN111967021B (en) * 2020-08-27 2022-06-03 山东英信计算机技术有限公司 Vulnerability processing method, device and equipment and computer readable storage medium
CN112039885B (en) * 2020-08-31 2022-09-02 绿盟科技集团股份有限公司 Website risk assessment method and device
CN112580054A (en) * 2020-11-26 2021-03-30 新华三大数据技术有限公司 Risk assessment method, device, network equipment and medium
CN114500101B (en) * 2022-03-07 2023-01-13 上海维迈文博数字科技有限公司 Cloud game vulnerability analysis method based on cloud computing and server
CN115296894B (en) * 2022-08-02 2023-11-28 北京天融信网络安全技术有限公司 In-vehicle privacy data risk assessment method and device, electronic equipment and storage medium
CN116389138B (en) * 2023-04-07 2023-11-24 深圳市众志天成科技有限公司 Information security protection method and device based on data transmission

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799822A (en) * 2012-07-11 2012-11-28 中国信息安全测评中心 Software running security measurement and estimation method based on network environment
CN103258165A (en) * 2013-05-10 2013-08-21 华为技术有限公司 Processing method and device for leak evaluation
CN107360188A (en) * 2017-08-23 2017-11-17 杭州安恒信息技术有限公司 Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2002256018A1 (en) * 2001-03-29 2002-10-15 Accenture Llp Overall risk in a system
US20080201780A1 (en) * 2007-02-20 2008-08-21 Microsoft Corporation Risk-Based Vulnerability Assessment, Remediation and Network Access Protection
US20110191854A1 (en) * 2010-01-29 2011-08-04 Anastasios Giakouminakis Methods and systems for testing and analyzing vulnerabilities of computing systems based on exploits of the vulnerabilities

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799822A (en) * 2012-07-11 2012-11-28 中国信息安全测评中心 Software running security measurement and estimation method based on network environment
CN103258165A (en) * 2013-05-10 2013-08-21 华为技术有限公司 Processing method and device for leak evaluation
CN107360188A (en) * 2017-08-23 2017-11-17 杭州安恒信息技术有限公司 Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system

Also Published As

Publication number Publication date
CN109617910A (en) 2019-04-12

Similar Documents

Publication Publication Date Title
CN109617910B (en) Vulnerability risk assessment method and device, storage medium and server
US20200267183A1 (en) Systems and methods for vulnerability analysis of phishing attacks
CN107291911B (en) Anomaly detection method and device
US8516449B2 (en) Detecting and localizing security vulnerabilities in client-server application
US6973415B1 (en) System and method for monitoring and modeling system performance
US8504874B2 (en) Repair-policy refinement in distributed systems
CN109559192A (en) Risk checking method, device, equipment and storage medium based on association map
US20110154109A1 (en) Continuous, automated discovery of bugs in released software
CN105512045B (en) Application program testing method and device and testing equipment
CN114117311B (en) Data access risk detection method and device, computer equipment and storage medium
CN110222513B (en) Abnormality monitoring method and device for online activities and storage medium
CN111611140B (en) Report verification method and device for buried point data, electronic equipment and storage medium
US20210400066A1 (en) Identifying data processing timeouts in live risk analysis systems
CN111754241A (en) User behavior perception method, device, equipment and medium
CN114553596B (en) Multi-dimensional security condition real-time display method and system suitable for network security
US20200342095A1 (en) Rule generaton apparatus and computer readable medium
CN103593610B (en) Spyware self adaptation based on computer immunity induction and detection method
CN109478219A (en) For showing the user interface of network analysis
US10789159B2 (en) Non-regressive injection of deception decoys
US11665185B2 (en) Method and apparatus to detect scripted network traffic
CN114697079B (en) Method and system for detecting illegal user of application client
CN110389897A (en) SDK logic test method, device, storage medium and server
Draganovic et al. “Do Users Fall for Real Adversarial Phishing?” Investigating the Human Response to Evasive Webpages
CN115964701A (en) Application security detection method and device, storage medium and electronic equipment
CN111786991B (en) Block chain-based platform authentication login method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant