CN109933990B - Multi-mode matching-based security vulnerability discovery method and device and electronic equipment - Google Patents
Multi-mode matching-based security vulnerability discovery method and device and electronic equipment Download PDFInfo
- Publication number
- CN109933990B CN109933990B CN201910186024.3A CN201910186024A CN109933990B CN 109933990 B CN109933990 B CN 109933990B CN 201910186024 A CN201910186024 A CN 201910186024A CN 109933990 B CN109933990 B CN 109933990B
- Authority
- CN
- China
- Prior art keywords
- security
- equipment
- state
- authentication request
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000007726 management method Methods 0.000 claims description 77
- 238000001514 detection method Methods 0.000 claims description 56
- 238000004891 communication Methods 0.000 claims description 52
- 230000008569 process Effects 0.000 claims description 21
- 230000002452 interceptive effect Effects 0.000 claims description 14
- 230000006870 function Effects 0.000 claims description 12
- 230000007613 environmental effect Effects 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 5
- 238000013524 data verification Methods 0.000 claims description 4
- 238000009434 installation Methods 0.000 claims description 4
- 230000003993 interaction Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 abstract description 28
- 238000011156 evaluation Methods 0.000 description 46
- 238000012360 testing method Methods 0.000 description 21
- 238000004458 analytical method Methods 0.000 description 19
- 238000004590 computer program Methods 0.000 description 14
- 238000013210 evaluation model Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 230000002159 abnormal effect Effects 0.000 description 8
- 238000004088 simulation Methods 0.000 description 5
- 230000006399 behavior Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a security vulnerability discovery method and device based on multi-pattern matching and electronic equipment, belonging to the technical field of network security, wherein the method comprises the following steps: receiving, in the first device, a security authentication request transmitted from a security management module of the second device; based on the security authentication request, scanning a security environment of the first device, determining a current first state of the first device, and sending a security state indication to the second device, the security state indication comprising a first data field of one of a plurality of security modes; acquiring a second state determined by the second device for the safety state indication, and communicating with the second device based on the second state, wherein the second state is used for describing the safety condition of the first device; and performing security management on the first device based on the second state. Through the processing scheme of the application, the safety of the equipment is improved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a security vulnerability discovery method and device based on multi-mode matching and electronic equipment.
Background
The challenges of network security are becoming more and more severe today with the popularity of the Internet and the rapid evolution of web technologies. With the increasing availability of online information and services, and the growing attack and destruction of the base web, security risks have reached an unprecedented height. Web applications are almost forgotten because of the large amount of security work concentrated on the network itself. Perhaps because applications in the past were often stand-alone programs running on a computer that was secure if the computer was secure. Today, the situation is quite different, with web applications running on a variety of different machines: client, web server, database server, and application server. Moreover, because they are generally available to all, these applications become a background bypass for many attack activities.
The security vulnerability of software mainly refers to the defect that the whole computer software system is easily threatened in the aspect of security in the process of writing the software, or the sum of various factors which can influence the operation of the whole system. Because computer software is artificially created, vulnerabilities are not completely brought about by the consideration of software builder in the process of creating software. Common software vulnerabilities include: exceptions in software operation, use; a vulnerability in protocol aspects; the abnormal operation behavior of the software after the computer is infected by the virus invasion.
In practical applications, users have increasingly high requirements for the security of computer devices. Therefore, a new security processing scheme for computing devices is needed.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and an electronic device for discovering a security vulnerability based on multi-pattern matching, which at least partially solve the problems in the prior art.
In a first aspect, an embodiment of the present invention provides a method for discovering a security vulnerability based on multi-pattern matching, including:
receiving, in the first device, a security authentication request transmitted from a security management module of the second device;
based on the security authentication request, scanning a security environment of the first device, determining a current first state of the first device, and sending a security state indication to the second device, the security state indication comprising a first data field of one of a plurality of security modes;
acquiring a second state determined by the second device for the safety state indication, and communicating with the second device based on the second state, wherein the second state is used for describing the safety condition of the first device;
and performing security management on the first device based on the second state.
According to a specific implementation manner of the embodiment of the present invention, the receiving, in the first device, the security authentication request sent by the security management module of the second device includes:
acquiring a communication log of a first device and a second device;
determining a security key between the first device and a second device based on the communication log;
and receiving a security authentication request sent by a security management module of the second device based on the security key.
According to a specific implementation manner of the embodiment of the present invention, the scanning the secure environment of the first device based on the security authentication request includes:
analyzing the security authentication request to obtain a target element in the security authentication request;
scanning data matching the target element in the first device.
According to a specific implementation manner of the embodiment of the present invention, the sending of the security status indication to the second device includes:
inputting a security code associated with a first device on a current interactive interface of the first device;
adding the security code to the first data field;
sending a first data field containing a security code to the second device as part of a security status indication.
According to a specific implementation manner of the embodiment of the present invention, the communicating with the second device based on the second state includes:
and when the second state shows that the first device is in a safe state, receiving one or more unencrypted application messages sent by the second device.
According to a specific implementation manner of the embodiment of the present invention, the communicating with the second device based on the second state further includes:
and when the second state shows that the first device is in a non-safety state, discarding the unencrypted application message sent by the second device.
According to a specific implementation manner of the embodiment of the present invention, the performing security management on the first device based on the second state includes:
and based on the second state, executing an initialization scanning operation from the security management module on the first device, and installing a first security detection component after the initialization scanning is completed, wherein the first security detection component is used for extracting the environment information of the first device.
According to a specific implementation manner of the embodiment of the present invention, the performing security management on the first device based on the second state further includes:
sending environment information of the first equipment to third equipment in communication connection with the first equipment by using a first safety detection component, wherein the third equipment is provided with a plurality of customized safety modules related to safety management;
receiving and installing, on a first device, a second security component distributed from the third device, the second security component being a set of one or more customized security modules selected by the third device from the plurality of customized security modules based on environmental information of the first device, the second security component performing security management on the first device based on the second security component after successful installation of the second security component.
In a second aspect, an embodiment of the present invention provides a device for discovering a security vulnerability based on multi-pattern matching, including:
the receiving module is used for receiving a security authentication request sent by a security management module of the second device in the first device;
a determining module, configured to scan a security environment of the first device based on the security authentication request, determine a current first state of the first device, and send a security state indication to the second device, where the security state indication includes a first data field of one of the multiple security modes;
an obtaining module, configured to obtain a second state determined by the second device for a security status indication, and communicate with the second device based on the second state, where the second state is used to describe a security status of the first device;
and the management module is used for carrying out safety management on the first equipment based on the second state.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method for vulnerability discovery based on multi-pattern matching in any of the preceding first aspects or any implementation manner of the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the method for discovering a security vulnerability based on multi-pattern matching in the foregoing first aspect or any implementation manner of the first aspect.
In a fifth aspect, an embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, and the computer program includes program instructions, when executed by a computer, cause the computer to execute the security vulnerability discovery method based on multi-pattern matching in the foregoing first aspect or any implementation manner of the first aspect.
The scheme in the embodiment of the invention comprises the steps of receiving a security authentication request sent by a security management module of second equipment in first equipment; based on the security authentication request, scanning a security environment of the first device, determining a current first state of the first device, and sending a security state indication to the second device, the security state indication comprising a first data field of one of a plurality of security modes; acquiring a second state determined by the second device for the safety state indication, and communicating with the second device based on the second state, wherein the second state is used for describing the safety condition of the first device; and performing security management on the first device based on the second state. Through the scheme of the application, the safety of the equipment is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a security vulnerability discovery process based on multi-pattern matching according to an embodiment of the present invention;
fig. 2 is a schematic diagram of another security vulnerability discovery process based on multi-pattern matching according to an embodiment of the present invention;
fig. 3 is a schematic diagram of another security vulnerability discovery process based on multi-pattern matching according to an embodiment of the present invention;
fig. 4 is a schematic diagram of another security vulnerability discovery process based on multi-pattern matching according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a security vulnerability discovery apparatus based on multi-pattern matching according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present disclosure, and the drawings only show the components related to the present disclosure rather than the number, shape and size of the components in actual implementation, and the type, amount and ratio of the components in actual implementation may be changed arbitrarily, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the disclosure provides a security vulnerability discovery method based on multi-pattern matching. The security vulnerability discovery method based on multi-pattern matching provided by the embodiment can be executed by a computing device, the computing device can be implemented as software, or implemented as a combination of software and hardware, and the computing device can be integrated in a server, a terminal device and the like.
Referring to fig. 1, a security vulnerability discovery method based on multi-pattern matching provided by the embodiment of the present invention includes the following steps:
s101, receiving, in the first device, a security authentication request sent by the security management module of the second device.
The first device is a hardware device that needs security management, and as an example, the first device may be a computer, a mobile phone, or other computing device. An operating system (e.g., windows system, Linux system, IOS system, Android system) may be run in the first device.
The second equipment is in communication connection with the first equipment, a safety management module is installed in the second equipment, and based on the safety management module, the second equipment can perform safety management on the equipment connected with the second equipment. Specifically, after acquiring the information of the first device, the second device may send a security authentication request to the first device in a wired or wireless manner, and further perform security management on the first device by receiving a response of the first device to the security authentication request.
As an alternative implementation, referring to fig. 2, receiving, in the first device, the security authentication request sent by the security management module from the second device may include the following steps:
s201, a communication log of the first device and the second device is obtained.
In the process of communicating between the first device and the second device, a log file of the communication between the first device and the second device may be stored in the first device, where the communication log includes details of the communication between the first device and the second device, such as whether the communication is performed in an encrypted manner, a security key used for encrypted communication, and the like.
S202, determining a security key between the first device and the second device based on the communication log.
For security, the first device and the second device may communicate with each other through an agreed security key, where the agreed security key may be sent by the second device to the first device in a distributed manner, or the first device may determine a common security key through a negotiation with the second device. As one approach, a security key used by the first device to communicate with the second device last time may be adopted as the current security key.
S203, receiving a security authentication request sent by the security management module of the second device based on the security key.
After the first device and the second device complete the current communication, the security key between the first device and the second device may be updated.
S102, based on the security authentication request, scanning the security environment of the first device, determining the current first state of the first device, and sending a security state indication to the second device, wherein the security state indication comprises a first data field of one of a plurality of security modes.
The first device, upon receiving a security authentication request from the second device, is able to parse the security authentication request. For example, the first device can perform data verification on the security authentication request, and after the second device is resolved as a trusted device through the security authentication request, the first device further performs communication connection with the second device.
The security authentication request comprises an initialization scanning operation request aiming at the first device, and when the first device determines that the second device is a trusted device, the initialization scanning operation from the security management module can be executed. By initializing the scanning operation, the environmental information on the first device can be preliminarily scanned, and the characteristic information related to the device safety on the first device can be extracted.
After the initialization scanning is completed, the first device sends a scanned result to the second device, a security management module in the second device analyzes the scanned result after receiving the scanned result sent by the first device, and when the analyzed result shows that the security environment of the first device needs to be further managed, a first security detection component is installed to the first device through a network and used for further extracting environment information of the first device. The first security detection component may have security software of a specific function.
As an alternative embodiment, referring to fig. 3, scanning the secure environment of the first device based on the security authentication request may include the following steps:
s301, analyzing the security authentication request to obtain a target element in the security authentication request.
Some necessary information (target element) related to the security of the first device may be included in the security authentication request, for example, a security network structure where the first device is located, a version number of software installed in the first device, and the like. By analyzing the necessary information, the target element can be acquired from the first equipment in a targeted manner
S302, scanning the data matched with the target element in the first device.
As an alternative implementation, referring to fig. 4, sending the security status indication to the second device may include:
s401, a security code related to first equipment is input on a current interactive interface of the first equipment.
The security code is a specific code assigned to the first device by the second device in order to secure the first device, and may be a sequence of letters and/or numbers, and the security code may be stored in a specific directory of the first device or may be managed by an administrator (user) of the first device. The security code may be entered into the interactive interface of the first device via the interactive interface.
S402, adding the security code into the first data field.
A preset safety code field area is arranged in the first data field, and after the current interactive interface of the first device obtains the safety code, the safety code can be added into the first data field in a coding mode.
S403, sending the first data field containing the security code to the second device as a part of the security status indication.
S103, acquiring a second state determined by the second device according to the safety state indication, and communicating with the second device based on the second state, wherein the second state is used for describing the safety condition of the first device.
The second device can receive the security status indication sent by the first device, and based on the security status indication, the second device can determine the security status of the first device, i.e., the second status. And when the second state shows that the first equipment is in a safe state, receiving one or more unencrypted application messages sent by the second equipment so as to improve the efficiency of data interaction. And when the second state shows that the first equipment is in a non-safety state, discarding the unencrypted application message sent by the second equipment to ensure the safety of communication.
And S104, performing security management on the first equipment based on the second state.
The second device may determine the security status of the first device, that is, the second status, by analyzing the security status indication sent by the first device, so as to further perform security management on the first device based on the second status.
As an optional implementation manner, the performing security management on the first device based on the second state includes:
and based on the second state, executing an initialization scanning operation from the security management module on the first device, and installing a first security detection component after the initialization scanning is completed, wherein the first security detection component is used for extracting the environment information of the first device.
The first device, upon receiving a security authentication request from the second device, is able to parse the security authentication request. For example, the first device can perform data verification on the security authentication request, and after the second device is resolved as a trusted device through the security authentication request, perform further communication connection with the second device.
The security authentication request comprises an initialization scanning operation request aiming at the first device, and when the first device determines that the second device is a trusted device, the initialization scanning operation from the security management module can be executed. By initializing the scanning operation, the environmental information on the first device can be preliminarily scanned, and the characteristic information related to the device safety on the first device can be extracted.
After the initialization scanning is completed, the first device sends a scanned result to the second device, a security management module in the second device analyzes the scanned result after receiving the scanned result sent by the first device, and when the analyzed result shows that the security environment of the first device needs to be further managed, a first security detection component is installed to the first device through a network and used for further extracting environment information of the first device. The first security detection component may have security software of a specific function.
As an optional implementation manner, the performing security management on the first device based on the second state further includes:
the method includes the steps of sending environment information of a first device to a third device which is in communication connection with the first device by means of a first security detection component, wherein a plurality of customized security modules related to security management are arranged on the third device, receiving and installing a second security component distributed from the third device on the first device, wherein the second security component is one or more customized security module sets selected by the third device from the plurality of customized security modules based on the environment information of the first device, and executing security management on the first device based on the second security component after the second security component is installed successfully.
After the first security detection component obtains the information scanning and collecting authority on the first device, the environment information of the first device can be sent to a third device appointed by a security management module in the second device. The third equipment is in communication connection with the first equipment, a plurality of customized security modules related to security management are arranged on the third equipment, and each customized security module has different security detection functions. For example, the customized security module may include a module for detecting a specific network virus, and may also include a module for detecting whether a vulnerability exists in a specific application program. The customization module may exist in the form of software.
The second device is communicatively coupled to a third device, and a security management module on the second device is capable of maintaining and updating one or more customized security modules on the third device.
After the first device sends the request to the third device, and the third device verifies the request sent by the first device, the first device sends the second security component to the first device. According to the content of the environmental information on the first device, the third device selects one or more customized security modules from the customized security module set to form a new software combination, the environmental information on the first device is different, the software combination on the second security component is also different, and because different customized security modules have different functions, the software set which is most suitable for security management of the first device, namely the second security component, can be configured in a software combination mode. The second security component can conduct targeted security management on the first device, and therefore efficiency of security management is improved.
In the process of executing step S101, a specific implementation method according to an embodiment of the present invention may include the following steps:
s1201, the security verification is carried out on the security authentication request of the second device.
After receiving the security authentication request of the second device, the first device needs to perform security verification on the security authentication request, specifically, it may analyze whether the security authentication request contains a preset management instruction, and after the preset management instruction exists, may determine that the security authentication request belongs to a legal source.
S1202, after the security verification is passed, the first device is started to register with the second device, and the first device is set to be in an isolated state.
After the security verification is completed, the first device may be registered on the second device, and specifically, the identification information and other identity information of the first device may be registered together in the security management module on the second device. In the registration process, in order to place a communication request of other devices to the first device, the first device sets itself to be in an isolated state.
S1203, after receiving the registration success message of the second device, setting the isolated state of the first device to a scanning state.
After the first device has registered with the second device, the next security scanning operation may be performed, and to this end, the state of the first device is converted from the isolated state to the scanning state.
As an optional implementation, the performing, on the first device, the initialization scanning operation from the security management module may include the following steps:
and S1301, receiving a vulnerability scanning request from the second equipment.
After the second device completes the initial security scanning of the first device, the second device may further perform targeted vulnerability scanning on the first device, and for this purpose, a security management module of the second device sends a vulnerability scanning request to the first device, and the first device can receive the vulnerability scanning request from the second device.
S1302, in response to the vulnerability scanning request, installing a first security detection component on the first device.
The second equipment stores a first safety detection assembly for detecting the environment of the equipment, the second equipment issues the first safety detection assembly to the first equipment in a lower mode, and the first equipment receives the first safety detection assembly and then installs the first safety detection assembly on the first equipment.
S1303, requesting a first security detection component to execute vulnerability scanning aiming at the first equipment.
After the first security detection component completes installation, the first device may start the first security detection component and request the first security detection component to perform vulnerability scanning for the first device. The first security detection component is used for extracting the environmental information of the first equipment
And S1304, sending the result of vulnerability scanning to the second equipment.
As some optional embodiments, the first security detection component may be installed at multiple occasions, and as an application scenario, the first security detection component may be received from the second device after a scan result that there is no security breach in the first device is sent to the second device.
In order to ensure the security of data interaction, after receiving the first security detection component from the second device, the authentication key in the first device may be updated from the second device. The first device and the second device perform encrypted communication by the authentication key.
In addition, performing security management on the first device based on the second security component may further include:
s1401, a network environment where a program to be tested in a first device is located is obtained, and security evaluation is performed on the network environment to obtain a first evaluation value.
The first device is a hardware operating environment of the program under test, and as an example, the first device may be a computer, a mobile phone, or other computing device. An operating system (e.g., a windows system, a Linux system, an IOS system, an Android system) may be run in the first device, and the program to be tested is an application program running in the operating system of the first device.
Before vulnerability detection is carried out on the program to be detected, security evaluation needs to be carried out on the network environment of the program to be detected, and the current environment of the first equipment can be ensured to meet the vulnerability detection condition by evaluating the security of the network environment.
Specifically, the network structure in the current network environment may be obtained, and the network structure may be extracted into the first network model, where the first network model may refine information included in the current network structure. In order to evaluate the first network model, a network evaluation model may be set in advance based on an information security criterion. And analyzing the first network model based on a preset network evaluation model to obtain a second network model containing a plurality of evaluation elements. Illustratively, the plurality of evaluation elements may include network area boundaries, protection levels, and the like. The evaluation element may be provided according to actual needs, and the specific content of the evaluation element is not limited herein.
Different weights can be set for different evaluation elements based on different needs, and therefore a weighted evaluation model can be set in a fourth device (for example, a server), when a network structure in the current network environment is evaluated, the weighted evaluation model at the current moment is obtained from the fourth device, and the second network model is weighted based on the weighted evaluation model to obtain a first processing result.
Besides, before the network topology information is acquired, a traffic data packet in a preset time period in the first device may be further acquired, and the traffic data packet is analyzed to obtain a first analysis result. The first parsing result may include traffic data within the traffic packet related to network security. And performing behavior characteristic analysis on the traffic data packet based on the first analysis result to obtain a first analysis result, wherein the first analysis result comprises contents such as whether the traffic packet contains network threat information or not. And based on the first analysis result, carrying out availability detection on the communication link in the first equipment to obtain a second processing result.
After the first and second processing results are obtained, normalization processing may be performed on the first and second processing results, for example, the first and second processing results may be made to be a numerical value between 0 and 1. Thereby, the first evaluation value is obtained based on the first processing result and the second processing result.
And S1402, under the condition that the first evaluation value is larger than a first threshold value, triggering the starting of the program to be tested, and evaluating the starting process of the program to be tested to obtain a second evaluation value, wherein the second evaluation value comprises a characteristic value of the program to be tested and a starting parameter of the program to be tested.
Based on the difference of the first device operating system, the program to be tested may be various types of software, for example, the program to be tested may be an application program under a Windows operating system, or an application program under an Android operating system. When the first evaluation value is detected to be larger than a preset first threshold value, the current operating system environment can be considered to belong to a relatively safe evaluation environment, and vulnerability detection of the program to be detected can be started.
As one way, the start of the program to be tested may be initiated by calling the program to be tested. In the process of starting the program to be tested, an input request of the program to be tested may be obtained, and based on the input request, parameter values of the test program corresponding to the program to be tested may be determined, where the parameter values may include a program type of the program to be tested, a start input request, and the like.
And generating a second evaluation value based on the parameter value of the test program, and determining the vulnerability detection mode of the program to be tested through the second evaluation value.
S1403, searching whether there is matching data corresponding to the second evaluation value in the matching database of the second device, and when there is matching data, performing vulnerability detection in the first device based on the second evaluation value.
After the second evaluation value is obtained, a vulnerability detection scheme corresponding to the second evaluation value needs to be determined, a second device in communication connection with the first device is specially arranged for the vulnerability detection scheme, the second device can be a server located at the cloud end, and the latest software vulnerability detection scheme to be detected is stored in a matching database in the second device. The second device can be in communication connection with the first device and can also be in communication connection with other devices needing vulnerability detection, so that a uniform vulnerability detection scheme is provided for more vulnerability detection devices.
And when the matching data exists in the matching database, vulnerability detection can be directly carried out in the first equipment. Specifically, after a second evaluation value is obtained, a corresponding vulnerability testing program is called to execute testing operation on the program to be tested according to the second evaluation value. As an example, the bug detection can be performed on the software to be tested by adopting a fuzzy test mode. For example, when the obtained to-be-tested program is an application program based on a Windows system, the corresponding first test parameter may be configured for the type of application program, so that the test program may perform vulnerability detection on the to-be-tested program according to the configured first test parameter; or when the obtained program to be tested is the Android-based application program, automatically configuring second test parameters corresponding to the test program based on the type, so that the test program can carry out fuzzy test on the command line program according to the configured second test parameters. Therefore, the embodiment of the invention can configure the test parameters corresponding to the test program according to the different types corresponding to the to-be-tested programs, so that the test program can adopt different test parameters to carry out the fuzzy test on the to-be-tested programs of different types, thereby improving the bug processing efficiency.
In the testing process, the program to be tested can generate a log file related to vulnerability detection, so that an abnormal log related to the testing operation can be obtained from the log file, and the overflow vulnerability of the program to be tested is determined according to the abnormal log.
In addition, a buffer area corresponding to the abnormal bug can be searched, and the bug instruction address of the program to be tested can be determined based on the buffer area.
When the matching data does not exist, the vulnerability detection is carried out by a third device in communication connection with the first device. At this time, a file parsing engine is required to be used in the third device to perform file parsing on the program to be tested, so as to generate a second parsing result, where the second parsing result includes the source code and the binary file information of the program to be tested.
Through the second analysis result, the characteristics of the program to be tested can be extracted, then the second analysis result can be subjected to result matching by adopting a preset vulnerability mode matching rule, and the vulnerability (first vulnerability) of the program to be tested is determined based on the matching similarity.
The first vulnerability is obtained in a similarity matching mode, whether a matching result is accurate or not needs to be verified, specifically, the vulnerability position and the vulnerability type of the first vulnerability can be searched, malformed test data corresponding to the vulnerability position and the vulnerability type are constructed, the malformed test data are injected into the program to be tested, and whether the first vulnerability is a real vulnerability of the program to be tested or not is judged based on response data of the program to be tested aiming at the malformed test data.
According to a specific implementation manner of the embodiment of the present invention, performing security evaluation on the network environment to obtain a first evaluation value may include the following steps:
s2201, acquiring a network structure in the network environment, and extracting the network structure into a first network model.
Network topology generation, which is the front-end input of network simulation, is an important content of network simulation and also an important factor for determining the authenticity and reliability of network simulation. The network structure of the first device may also be different according to different network environments. Simulation generation of the network topology can be performed based on a network model using a Brite or Inet topology generator, and network conditions and protocol performance in the first device network structure can be studied through the generated network topology data.
After extracting the network structure, the network structure may be extracted into any one of a stochastic model, a hierarchical model, or a power law model.
S2202 analyzes the first network model based on a preset network evaluation model to obtain a second network model including a plurality of evaluation elements.
In order to evaluate the first network model, a network evaluation model may be set in advance based on an information security criterion. And analyzing the first network model based on a preset network evaluation model to obtain a second network model containing a plurality of evaluation elements. Illustratively, the plurality of evaluation elements may include network area boundaries, protection levels, and the like. The evaluation element may be provided according to actual needs, and the specific content of the evaluation element is not limited herein.
S2203, acquiring a weighted evaluation model of the current time from the fourth device, and performing weighted processing on the second network model based on the weighted evaluation model to obtain a first processing result.
Different weights can be set for different evaluation elements based on different needs, and therefore a weighted evaluation model can be set in a fourth device (for example, a server), when a network structure in the current network environment is evaluated, the weighted evaluation model at the current moment is obtained from the fourth device, and the second network model is weighted based on the weighted evaluation model to obtain a first processing result.
In addition to performing security evaluation on a network structure, according to a specific implementation manner of the embodiment of the present invention, the performing security evaluation on the network environment to obtain a first evaluation value may further include:
s3301, obtaining a traffic data packet in the first device within a preset time period, and analyzing the traffic data packet to obtain a first analysis result.
The data packet capture at the network bottom layer can be realized in various ways, for example, by using the broadcast characteristic of the ethernet, and in addition, the data packet capture can be realized by setting a router snooping end.
After the traffic data packet is obtained, since more data irrelevant to the vulnerability analysis exists in the traffic data packet, the data packet needs to be analyzed, and data relevant to vulnerability detection is selected to form a first analysis result.
And S3302, based on the first analysis result, performing behavior feature analysis on the traffic data packet to obtain a first analysis result.
And detecting the content in the first analysis result, and further extracting abnormal behavior flow from the content. The abnormal flow detection utilizes behavior characteristic analysis to detect malicious codes such as industrial Trojan horse viruses and the like in the simulation platform, records threat information including attack time, attack source IP, attack destination IP, application layer protocol, network layer protocol and the like, and finally forms a first analysis result.
S3303, based on the first analysis result, performing availability detection on the communication link in the first device to obtain a second processing result.
And selecting a target node matched with the first analysis result according to the first analysis result, performing communication connection between the first equipment and a preset target node, testing the communication availability between the first equipment and the target node, and obtaining a second processing result based on the availability information.
S3304, obtaining the first evaluation value based on the first processing result and the second processing result.
After the first and second processing results are obtained, normalization processing may be performed on the first and second processing results, for example, the first and second processing results may be made to be a numerical value between 0 and 1. Thereby, the first evaluation value is obtained based on the first processing result and the second processing result.
According to a specific implementation manner of the embodiment of the present invention, triggering the start of the program to be tested, and evaluating the start process of the program to be tested to obtain a second evaluation value includes:
s4401, acquiring an input request of the program to be tested in the process of starting the program to be tested.
The input request of the program to be tested is an input item required when the program to be tested is started, and the specific requirement of the program to be tested can be obtained by obtaining the input request.
And S4402, determining parameter values of the test program corresponding to the program to be tested based on the input request.
The test program is bug detection software matched with the program to be tested, the parameter value of the test program needs to be configured before the test program is tested, and the test program can be subjected to type-specific detection through the parameter value.
S4403, generating a second evaluation value based on the parameter value of the test program.
And generating a second evaluation value based on the parameter value of the test program, and determining the vulnerability detection mode of the program to be tested through the second evaluation value.
And after the second evaluation value is acquired, configuring a test according to the second evaluation value, and calling a test program to execute a test operation on the program to be tested. In the testing process, an abnormal log related to the testing operation can be obtained, and the overflow vulnerability of the program to be tested can be determined according to the abnormal log.
In addition, a buffer area corresponding to the abnormal bug can be searched, and the bug instruction address of the program to be tested can be determined based on the buffer area.
Corresponding to the above method embodiment, referring to fig. 5, an embodiment of the present invention further discloses a security vulnerability discovery apparatus 50 based on multi-pattern matching, including:
a receiving module 501, configured to receive, in a first device, a security authentication request sent by a security management module of a second device.
A determining module 502, configured to scan a secure environment of the first device based on the security authentication request, determine a current first state of the first device, and send a security state indication to the second device, where the security state indication includes a first data field of one of the plurality of security modes.
An obtaining module 503, configured to obtain a second state determined by the second device for the security status indication, and communicate with the second device based on the second state, where the second state is used to describe the security status of the first device.
A management module 504, configured to perform security management on the first device based on the second state. .
The apparatus shown in fig. 5 may correspondingly execute the content in the above method embodiment, and details of the part not described in detail in this embodiment refer to the content described in the above method embodiment, which is not described again here.
Referring to fig. 6, an embodiment of the present invention further provides an electronic device 60, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method for security breach discovery based on multi-pattern matching of the aforementioned method embodiments.
Embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the foregoing method embodiments.
Embodiments of the present invention also provide a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a computer, the computer executes the security vulnerability discovery method based on multi-pattern matching in the foregoing method embodiments.
Referring now to FIG. 6, a schematic diagram of an electronic device 60 suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, the electronic device 60 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 60 are also stored. The processing device 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 60 to communicate with other devices wirelessly or by wire to exchange data. While the figures illustrate an electronic device 60 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring at least two internet protocol addresses; sending a node evaluation request comprising the at least two internet protocol addresses to node evaluation equipment, wherein the node evaluation equipment selects the internet protocol addresses from the at least two internet protocol addresses and returns the internet protocol addresses; receiving an internet protocol address returned by the node evaluation equipment; wherein the obtained internet protocol address indicates an edge node in the content distribution network.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a node evaluation request comprising at least two internet protocol addresses; selecting an internet protocol address from the at least two internet protocol addresses; returning the selected internet protocol address; wherein the received internet protocol address indicates an edge node in the content distribution network.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A security vulnerability discovery method based on multi-pattern matching is characterized by comprising the following steps:
receiving, in the first device, a security authentication request transmitted from a security management module of the second device;
based on the security authentication request, scanning a security environment of the first device, determining a current first state of the first device, and sending a security state indication to the second device, the security state indication comprising a first data field of one of a plurality of security modes;
acquiring a second state determined by the second device for the safety state indication, and communicating with the second device based on the second state, wherein the second state is used for describing the safety condition of the first device;
performing security management on the first device based on a second state; wherein
The first equipment is hardware equipment needing safety management, the second equipment is in communication connection with the first equipment, a safety management module is installed in the second equipment, and the second equipment carries out safety management on the equipment connected with the second equipment based on the safety management module;
after acquiring the information of the first device, the second device sends a security authentication request to the first device in a wired or wireless manner, and further performs security management on the first device by receiving a response of the first device to the security authentication request;
in the process of communication between first equipment and second equipment, saving a log file of the communication between the first equipment and the second equipment in the first equipment, wherein the log file comprises communication details between the first equipment and the second equipment and comprises whether the communication is carried out in an encryption mode or not and a security key adopted by encryption communication;
the first device and the second device communicate with each other through an agreed security key, wherein the agreed security key is sent to the first device by the second device in a distribution mode, or the first device determines a common security key through a negotiation mode with the second device;
after the first device and the second device complete the current communication, updating a security key between the first device and the second device;
after receiving a security authentication request from second equipment, first equipment analyzes the security authentication request, performs data verification on the security authentication request, and further performs communication connection with the second equipment after the second equipment is analyzed as trusted equipment through the security authentication request;
the security authentication request comprises an initialization scanning operation request aiming at the first equipment, when the first equipment determines that the second equipment is the trusted equipment, the initialization scanning operation from the security management module is executed, the environment information on the first equipment is preliminarily scanned through the initialization scanning operation, and the characteristic information related to the equipment security on the first equipment is extracted;
after the initialization scanning is completed, the first equipment sends a scanned result to the second equipment, a security management module in the second equipment analyzes the scanned result after receiving the scanned result sent by the first equipment, and after the analyzed result shows that the security environment of the first equipment needs to be further safely managed, a first security detection component is installed to the first equipment through a network and is used for further extracting the environment information of the first equipment, and the first security detection component has security software with a specific function;
based on the security authentication request, scanning the security environment of the first device, analyzing the security authentication request, and acquiring a target element in the security authentication request; the security authentication request comprises necessary information related to the security of the first equipment, and the target element can be acquired from the first equipment in a targeted manner by analyzing the necessary information; scanning data matching the target element in the first device;
in the process of sending a safety state indication to a second device, a safety code related to a first device is input on a current interactive interface of the first device, the safety code is a sequence formed by letters and/or numbers, the safety code is stored in a specific directory of the first device, and the safety code is input into the interactive interface through the interactive interface of the first device;
a preset safety code field area is arranged in the first data field, and after the current interactive interface of the first device obtains a safety code, the safety code is added into the first data field in a coding mode;
sending a first data field containing a security code to the second device as part of a security status indication;
the second device can receive a security status indication sent by the first device, based on the security status indication, the second device can determine the security status of the first device, namely a second status, and when the second status indicates that the first device is in the security status, receive one or more unencrypted application messages sent by the second device, so as to improve the efficiency of data interaction; when the second state shows that the first equipment is in a non-safety state, discarding the unencrypted application message sent by the second equipment to ensure the safety of communication; wherein,
the performing security management on the first device based on the second state includes: based on the second state, performing an initialization scanning operation from the security management module on a first device, and installing a first security detection component after the initialization scanning is completed, wherein the first security detection component is used for extracting environment information of the first device; sending environment information of the first equipment to third equipment in communication connection with the first equipment by using a first safety detection component, wherein the third equipment is provided with a plurality of customized safety modules related to safety management; receiving and installing, on a first device, a second security component distributed from the third device, the second security component being a set of one or more customized security modules selected by the third device from the plurality of customized security modules based on environmental information of the first device, the second security component performing security management on the first device based on the second security component after successful installation of the second security component.
2. The method of claim 1, wherein receiving, in the first device, the security authentication request sent from the security management module of the second device comprises:
acquiring a communication log of a first device and a second device;
determining a security key between the first device and a second device based on the communication log;
and receiving a security authentication request sent by a security management module of the second device based on the security key.
3. The method of claim 1, wherein scanning the secure environment of the first device based on the secure authentication request comprises:
analyzing the security authentication request to obtain a target element in the security authentication request;
scanning data matching the target element in the first device.
4. The method of claim 1, wherein sending a security status indication to the second device comprises:
inputting a security code associated with a first device on a current interactive interface of the first device;
adding the security code to the first data field;
sending a first data field containing a security code to the second device as part of a security status indication.
5. The method of claim 1, wherein the communicating with the second device based on the second state comprises:
and when the second state shows that the first device is in a safe state, receiving one or more unencrypted application messages sent by the second device.
6. The method of claim 5, wherein the communicating with the second device based on the second state further comprises:
and when the second state shows that the first device is in a non-safety state, discarding the unencrypted application message sent by the second device.
7. A security hole discovering device based on multi-pattern matching is characterized by comprising:
the receiving module is used for receiving a security authentication request sent by a security management module of the second device in the first device;
a determining module, configured to scan a security environment of the first device based on the security authentication request, determine a current first state of the first device, and send a security state indication to the second device, where the security state indication includes a first data field of one of the multiple security modes;
an obtaining module, configured to obtain a second state determined by the second device for a security status indication, and communicate with the second device based on the second state, where the second state is used to describe a security status of the first device;
the management module is used for carrying out safety management on the first equipment based on the second state; wherein
The first equipment is hardware equipment needing safety management, the second equipment is in communication connection with the first equipment, a safety management module is installed in the second equipment, and the second equipment carries out safety management on the equipment connected with the second equipment based on the safety management module;
after acquiring the information of the first device, the second device sends a security authentication request to the first device in a wired or wireless manner, and further performs security management on the first device by receiving a response of the first device to the security authentication request;
in the process of communication between first equipment and second equipment, saving a log file of the communication between the first equipment and the second equipment in the first equipment, wherein the log file comprises communication details between the first equipment and the second equipment and comprises whether the communication is carried out in an encryption mode or not and a security key adopted by encryption communication;
the first device and the second device communicate with each other through an agreed security key, wherein the agreed security key is sent to the first device by the second device in a distribution mode, or the first device determines a common security key through a negotiation mode with the second device;
after the first device and the second device complete the current communication, updating a security key between the first device and the second device;
after receiving a security authentication request from second equipment, first equipment analyzes the security authentication request, performs data verification on the security authentication request, and further performs communication connection with the second equipment after the second equipment is analyzed as trusted equipment through the security authentication request;
the security authentication request comprises an initialization scanning operation request aiming at the first equipment, when the first equipment determines that the second equipment is the trusted equipment, the initialization scanning operation from the security management module is executed, the environment information on the first equipment is preliminarily scanned through the initialization scanning operation, and the characteristic information related to the equipment security on the first equipment is extracted;
after the initialization scanning is completed, the first equipment sends a scanned result to the second equipment, a security management module in the second equipment analyzes the scanned result after receiving the scanned result sent by the first equipment, and after the analyzed result shows that the security environment of the first equipment needs to be further safely managed, a first security detection component is installed to the first equipment through a network and is used for further extracting the environment information of the first equipment, and the first security detection component has security software with a specific function;
based on the security authentication request, scanning the security environment of the first device, analyzing the security authentication request, and acquiring a target element in the security authentication request; the security authentication request comprises necessary information related to the security of the first equipment, and the target element can be acquired from the first equipment in a targeted manner by analyzing the necessary information; scanning data matching the target element in the first device;
in the process of sending a safety state indication to a second device, a safety code related to a first device is input on a current interactive interface of the first device, the safety code is a sequence formed by letters and/or numbers, the safety code is stored in a specific directory of the first device, and the safety code is input into the interactive interface through the interactive interface of the first device;
a preset safety code field area is arranged in the first data field, and after the current interactive interface of the first device obtains a safety code, the safety code is added into the first data field in a coding mode;
sending a first data field containing a security code to the second device as part of a security status indication;
the second device can receive a security status indication sent by the first device, based on the security status indication, the second device can determine the security status of the first device, namely a second status, and when the second status indicates that the first device is in the security status, receive one or more unencrypted application messages sent by the second device, so as to improve the efficiency of data interaction; when the second state shows that the first equipment is in a non-safety state, discarding the unencrypted application message sent by the second equipment to ensure the safety of communication; wherein,
the performing security management on the first device based on the second state includes: based on the second state, performing an initialization scanning operation from the security management module on a first device, and installing a first security detection component after the initialization scanning is completed, wherein the first security detection component is used for extracting environment information of the first device; sending environment information of the first equipment to third equipment in communication connection with the first equipment by using a first safety detection component, wherein the third equipment is provided with a plurality of customized safety modules related to safety management; receiving and installing, on a first device, a second security component distributed from the third device, the second security component being a set of one or more customized security modules selected by the third device from the plurality of customized security modules based on environmental information of the first device, the second security component performing security management on the first device based on the second security component after successful installation of the second security component.
8. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the multi-pattern matching based security breach discovery method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186024.3A CN109933990B (en) | 2019-03-12 | 2019-03-12 | Multi-mode matching-based security vulnerability discovery method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910186024.3A CN109933990B (en) | 2019-03-12 | 2019-03-12 | Multi-mode matching-based security vulnerability discovery method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109933990A CN109933990A (en) | 2019-06-25 |
| CN109933990B true CN109933990B (en) | 2020-12-29 |
Family
ID=66987109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910186024.3A Active CN109933990B (en) | 2019-03-12 | 2019-03-12 | Multi-mode matching-based security vulnerability discovery method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109933990B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112989333B (en) * | 2021-05-10 | 2021-08-03 | 北京安泰伟奥信息技术有限公司 | Security authentication method and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243486A (en) * | 2014-09-28 | 2014-12-24 | 中国联合网络通信集团有限公司 | Virus detection method and system |
| CN106130980A (en) * | 2016-06-23 | 2016-11-16 | 杭州迪普科技有限公司 | A kind of vulnerability scanning method and device |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
| CN107944276A (en) * | 2017-10-09 | 2018-04-20 | 西安交大捷普网络科技有限公司 | Vulnerability scanners and its plug-in unit dispatching method |
| CN109005142A (en) * | 2017-06-06 | 2018-12-14 | 腾讯科技(深圳)有限公司 | Website security detection method, device, system, computer equipment and storage medium |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
| CN109428878A (en) * | 2017-09-01 | 2019-03-05 | 阿里巴巴集团控股有限公司 | Leak detection method, detection device and detection system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10445506B2 (en) * | 2016-03-30 | 2019-10-15 | Airwatch Llc | Detecting vulnerabilities in managed client devices |
| CN105978894A (en) * | 2016-06-27 | 2016-09-28 | 上海柯力士信息安全技术有限公司 | Network security monitoring management system based on security vulnerability scanning cloud platform |
| CN106131041A (en) * | 2016-07-29 | 2016-11-16 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safety detection device and unknown leak detection method |
| US10505966B2 (en) * | 2017-06-06 | 2019-12-10 | Sap Se | Cross-site request forgery (CSRF) vulnerability detection |
| CN108259478B (en) * | 2017-12-29 | 2021-10-01 | 中国电力科学研究院有限公司 | Safety protection method based on industrial control terminal equipment interface HOOK |
-
2019
- 2019-03-12 CN CN201910186024.3A patent/CN109933990B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243486A (en) * | 2014-09-28 | 2014-12-24 | 中国联合网络通信集团有限公司 | Virus detection method and system |
| CN106130980A (en) * | 2016-06-23 | 2016-11-16 | 杭州迪普科技有限公司 | A kind of vulnerability scanning method and device |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| CN109005142A (en) * | 2017-06-06 | 2018-12-14 | 腾讯科技(深圳)有限公司 | Website security detection method, device, system, computer equipment and storage medium |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
| CN109428878A (en) * | 2017-09-01 | 2019-03-05 | 阿里巴巴集团控股有限公司 | Leak detection method, detection device and detection system |
| CN107944276A (en) * | 2017-10-09 | 2018-04-20 | 西安交大捷普网络科技有限公司 | Vulnerability scanners and its plug-in unit dispatching method |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109933990A (en) | 2019-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8806643B2 (en) | Identifying trojanized applications for mobile environments | |
| US20130097659A1 (en) | System and method for whitelisting applications in a mobile network environment | |
| US20130097660A1 (en) | System and method for whitelisting applications in a mobile network environment | |
| CN102867143B (en) | A kind of fast filtering method of malicious application | |
| US11316683B2 (en) | Systems and methods for providing IoT security service using hardware security module | |
| TW201642135A (en) | Detecting malicious files | |
| US9280665B2 (en) | Fast and accurate identification of message-based API calls in application binaries | |
| US10614208B1 (en) | Management of login information affected by a data breach | |
| US9747449B2 (en) | Method and device for preventing application in an operating system from being uninstalled | |
| CN109818972B (en) | Information security management method and device for industrial control system and electronic equipment | |
| US20220253297A1 (en) | Automated deployment of changes to applications on a cloud computing platform | |
| CN111563015A (en) | Data monitoring method and device, computer readable medium and terminal equipment | |
| JP2012008732A (en) | Installation control device and program | |
| Yankson et al. | Security assessment for Zenbo robot using Drozer and mobSF frameworks | |
| KR101657667B1 (en) | Malicious app categorization apparatus and malicious app categorization method | |
| CN109491908B (en) | Page detection method and device, electronic equipment and storage medium | |
| Bakhshi et al. | A Review of IoT Firmware Vulnerabilities and Auditing Techniques | |
| CN109933990B (en) | Multi-mode matching-based security vulnerability discovery method and device and electronic equipment | |
| CN106507300A (en) | A kind of method for giving loss terminal for change, device and terminal | |
| CN109714371B (en) | Industrial control network safety detection system | |
| CN113127875A (en) | Vulnerability processing method and related equipment | |
| US12003525B2 (en) | Development security operations on the edge of the network | |
| CN110348226A (en) | A kind of scan method of project file, device, electronic equipment and storage medium | |
| CN104951715A (en) | Information processing method and electronic equipment | |
| KR20140037442A (en) | Method for pre-qualificating social network service contents in mobile environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |