CN110661808A - Asset detection-based host vulnerability rapid scanning method and device - Google Patents
Asset detection-based host vulnerability rapid scanning method and device Download PDFInfo
- Publication number
- CN110661808A CN110661808A CN201910947111.6A CN201910947111A CN110661808A CN 110661808 A CN110661808 A CN 110661808A CN 201910947111 A CN201910947111 A CN 201910947111A CN 110661808 A CN110661808 A CN 110661808A
- Authority
- CN
- China
- Prior art keywords
- host
- vulnerability
- information
- asset detection
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention discloses a method and a system for rapidly scanning host vulnerability based on asset detection, wherein the method comprises the following steps: acquiring host information of a target host based on an asset detection technology, wherein the host information comprises service information and application program information; storing the host information in a database; and responding to a trigger instruction of vulnerability scanning, and determining whether the target host has a corresponding vulnerability according to the host information and the vulnerability database. According to the method and the system for rapidly scanning the host vulnerability based on asset detection, host information is obtained in advance through an asset detection technology, so that the vulnerability scanning speed is increased, the vulnerability scanning speed is obviously increased, the problem that a user needs to wait for a long time is solved, and the user experience is improved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a device for rapidly scanning host vulnerabilities based on asset detection.
Background
With the increasing number of network attacks, the need for detecting vulnerabilities of host systems is increasing. The traditional system vulnerability scanning technology obtains a returned response data packet, and judges whether the vulnerability exists or not through the content of the response data packet. This means how many requests are sent for how many vulnerabilities in the vulnerability library, and the network IO consumes a lot of time during the program execution process.
The existing host system vulnerability scanning products detect and respond to vulnerabilities by sending special request data packets constructed by the host to a target host, a large number of request packets need to be sent in each scanning, and the scanning process is slow due to time consumption of network IO (input/output). If the vulnerability library is large, more packets are sent and the system vulnerability scanning process is slower.
The scanning speed of the existing enterprise intranet host vulnerability scanning product is not fast enough, and users cannot obtain good user experience in specific use scenes. Generally, when a user wants to perform vulnerability scanning or a new vulnerability is exploded and needs to be detected, the user needs to start a vulnerability scanning task to find the vulnerability. And (4) from the moment that the user edits the task parameters, clicking to start scanning until the scanning is finished. The time spent in the whole scanning process is relatively large, generally between 15 minutes and 30 minutes, wherein the main time consumption is on the network IO, and the user needs to wait for that long, and the experience is very poor.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a host vulnerability rapid scanning method based on asset detection, which comprises the following steps:
acquiring host information of a target host based on an asset detection technology, wherein the host information comprises service information and application program information;
storing the host information in a database;
and responding to a trigger instruction of vulnerability scanning, and determining whether the target host has a corresponding vulnerability according to the host information and the vulnerability database.
In some embodiments, the acquiring host information of the target host based on the asset detection technology includes:
and acquiring host information of the target host within a preset IP range based on the asset detection technology.
In some embodiments, the acquiring host information of the target host based on the asset detection technology includes:
and periodically acquiring host information of the target host based on an asset detection technology according to a preset time interval.
In some embodiments said storing said host information in a database comprises:
and storing the acquired host information of the target host in a database according to a time interval corresponding to the preset time interval.
In some embodiments, before the acquiring host information of the target host based on the asset detection technology, the method further includes:
an asset detection task and a vulnerability scanning task are established in advance, wherein the asset detection task and the vulnerability scanning task both comprise the state of the tasks and the scanning targets.
In some embodiments, the determining whether the target host has the corresponding vulnerability according to the host information and the vulnerability database includes:
and matching the current vulnerability library with host information stored in a database to determine whether the target host has a corresponding vulnerability.
In some embodiments, the determining whether the target host has a corresponding vulnerability by using matching between the current vulnerability database and host information stored in the database specifically includes:
and matching the application program version or the service version corresponding to each vulnerability in the current vulnerability library with the version corresponding to the host information stored in the database to determine whether the target host has the corresponding vulnerability.
In some embodiments, further comprising:
and responding to the target host computer with the corresponding vulnerability, inquiring assets matched with the vulnerability in the database, and responding to the assets matched with the vulnerability in the database to generate alarm information.
Aiming at the defects in the prior art, the invention also provides a host vulnerability rapid scanning system based on asset detection, which comprises:
a user side and a background server;
the user side is used for receiving a vulnerability scanning instruction sent by a user;
the background server is used for acquiring host information of a target host based on an asset detection technology, the host information comprises service information and application program information, the host information is stored in a database, and whether corresponding vulnerabilities exist in the target host is determined according to the host information and a vulnerability database.
In some embodiments, the user side uses a vue.js framework and the backend server uses a flash framework, a gunitron server, and a mongodb database.
The invention has the beneficial effects that: host information is obtained in advance through an asset detection technology, so that the vulnerability scanning speed is increased, the vulnerability scanning speed is obviously increased, the problem that a user needs to wait for a long time is solved, and the user experience is improved.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a flowchart of a method for rapidly scanning a host vulnerability based on asset detection according to a first embodiment of the present application;
FIG. 2 is a flowchart of a second embodiment of the present application, illustrating a method for rapid scanning of host vulnerabilities based on asset detection;
fig. 3 is a schematic structural diagram of a host vulnerability quick scanning system based on asset detection according to a third embodiment of the present application;
fig. 4 is a schematic structural diagram of a host vulnerability quick scanning system based on asset detection according to a fourth embodiment of the present application.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby.
It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
Fig. 1 is a flowchart of a method for rapidly scanning a host vulnerability based on asset detection according to a first embodiment of the present application. As can be seen from fig. 1, the method for rapidly scanning a host vulnerability based on asset detection according to the present embodiment may include the following steps:
s101: host information of a target host is acquired based on asset detection technology, and the host information comprises service information and application program information.
Asset detection refers to a process of tracking and mastering network asset conditions, generally comprises host discovery, operating system identification, service identification and the like, is an important premise for realizing network security management, and has a wide application value in network security work. The method for rapidly scanning the host vulnerability based on asset detection can be applied to vulnerability scanning of the internal network host of an enterprise.
In the host in the enterprise applying the method, the front end can use the vue.js frame and the back end uses the flash frame and the Gunicron server to build an operation interface of a user, the data storage function and the interaction function between the system and the user are realized, and the database can use a mongodb database. In addition, on the basis of being able to implement the method of the embodiment, other types of databases or front-end frameworks or back-end frameworks and servers are all intended to fall within the scope of the present application.
In the process of implementing the method of the embodiment, first, host information of a target host needs to be acquired based on an asset detection technology, where the host information includes service information and application information, that is, service information and application information of a host that needs to be subjected to vulnerability scanning are acquired based on the asset detection technology.
S102: storing the host information in a database.
In this embodiment, after the host information of the target host is acquired based on the asset detection technology, the acquired host information of the target host is stored in the database.
S103: and responding to a trigger instruction of vulnerability scanning, and determining whether the target host has a corresponding vulnerability according to the host information and the vulnerability database.
In this embodiment, when a user performs vulnerability scanning on a host by using the method of this embodiment, the user may operate on a human-computer interaction interface to send a trigger instruction for vulnerability scanning, and then an operating program installed in the host may determine whether a corresponding vulnerability exists in the target host according to the host information and the vulnerability database.
According to the asset detection-based host vulnerability rapid scanning method, host information is obtained in advance through an asset detection technology, so that vulnerability scanning speed is increased, vulnerability scanning speed is obviously increased, the problem that a user needs to wait for a long time is solved, and user experience is improved.
Fig. 2 is a flowchart of a method for rapidly scanning a host vulnerability based on asset detection according to a second embodiment of the present application. The method of the embodiment may include the steps of:
s201: an asset detection task and a vulnerability scanning task are established in advance, wherein the asset detection task and the vulnerability scanning task both comprise the state of the tasks and the scanning targets.
The method for rapidly scanning the host vulnerability based on asset detection can be applied to vulnerability scanning of the internal network host of an enterprise. When scanning the vulnerability of the internal network host of the enterprise, an asset detection task and a vulnerability scanning task can be established in advance, wherein the asset detection task and the vulnerability scanning task both comprise the state of the task and the scanning target. By establishing the asset detection task, host information of the target host can be acquired periodically based on the asset detection technology, wherein the host information comprises service information and application program information. When a user needs to scan the vulnerability of the internal network host of the enterprise, a vulnerability scanning task can be issued, and a scanning target is configured.
S202: and periodically acquiring host information of the target host based on an asset detection technology according to a preset time interval.
After the asset detection task is established, host information of the target host may be periodically obtained based on an asset detection technology, that is, the host information of the target host is obtained at preset time intervals, where the host information includes service information and application information. In this embodiment, the host information of the target host may be automatically and periodically acquired based on the asset detection technology, or may be periodically acquired based on the asset detection technology according to the setting of the user.
S203: and storing the acquired host information of the target host in a database according to a time interval corresponding to the preset time interval.
And storing the acquired host information of the target host in a database after acquiring the host information of the target host each time. When the host information of the target host is acquired again, the acquired host information is stored in the database, and the related host information stored before is updated, so that the host information stored in the database can be ensured to be up-to-date.
S204: and responding to a trigger instruction of vulnerability scanning, and matching the application program version or service version corresponding to each vulnerability in the current vulnerability library with the version corresponding to the host information stored in the database to determine whether the target host has the corresponding vulnerability.
Due to the fact that the vulnerability scanning task is established in advance, when a user needs to scan the vulnerability of the internal network host of the enterprise, the vulnerability scanning task can be issued to achieve scanning of the vulnerability of the target host. When a vulnerability scanning task issued by a user is received, matching the application program version or the service version corresponding to each vulnerability in the current vulnerability library with the version corresponding to the host information stored in the database to determine whether the target host has the corresponding vulnerability.
Specifically, whether the target host has the corresponding vulnerability is determined by matching the application program version or the service version corresponding to each vulnerability in the current vulnerability library with the version corresponding to the host information stored in the database.
According to the asset detection-based host vulnerability rapid scanning method, host information is obtained in advance through an asset detection technology, so that vulnerability scanning speed is increased, vulnerability scanning speed is obviously increased, the problem that a user needs to wait for a long time is solved, and user experience is improved.
In addition, as an optional embodiment of the present application, in the above embodiment, when the target host has a corresponding vulnerability, the asset matching the vulnerability in the database may be further queried, and alarm information may be generated in response to the asset matching the vulnerability in the database.
The method of the embodiment can further protect the security of the internal assets of the target host.
Fig. 3 is a schematic structural diagram of a host vulnerability quick scanning system based on asset detection according to a third embodiment of the present application. The quick scanning system of host computer vulnerability based on asset detection of this embodiment mainly includes:
the system comprises a user side and a background server. The user side is used for receiving a vulnerability scanning instruction sent by a user; the background server is used for acquiring host information of a target host based on an asset detection technology, the host information comprises service information and application program information, the host information is stored in a database, and whether corresponding vulnerabilities exist in the target host is determined according to the host information and a vulnerability database.
According to the asset detection-based host vulnerability rapid scanning system, host information is obtained in advance through an asset detection technology, so that vulnerability scanning speed is increased, vulnerability scanning speed is obviously increased, the problem that a user needs to wait for a long time is solved, and user experience is improved.
Fig. 4 is a schematic structural diagram of a host vulnerability quick scanning system based on asset detection according to a fourth embodiment of the present application.
In this embodiment, the system for rapidly scanning a host vulnerability based on asset detection includes: the system comprises a user side and a background server, wherein the user side is used for receiving a vulnerability scanning instruction sent by a user; the background server is used for acquiring host information of a target host based on an asset detection technology, the host information comprises service information and application program information, the host information is stored in a database, and whether corresponding vulnerabilities exist in the target host is determined according to the host information and a vulnerability database. The back end uses a flash frame and a Gunicron server, the front end uses a vue.js frame, an operation interface of a user is built, and meanwhile, a data storage function and a system and user interaction function are achieved. The database uses the mongodb database. The method comprises the steps of establishing an asset detection task module and a vulnerability scanning task module, and storing information of the two task modules by using a mongodb database. The user needs to select the intranet IP range to be monitored, and then configures the asset detection task module on the interface and configures the timing frequency. And after receiving the periodic task of asset detection, the back end starts to acquire the service information and the application program information of the asset and stores the result into the mongodb database. The asset detection program in the system is executed regularly, and the asset information in the database can be ensured to be the latest asset information. After the user sets the timing time, the user cannot sense the asset detection process, and the process of waiting for the task to end does not exist, so that the user experience can be improved.
The asset detection-based host vulnerability rapid scanning system of the embodiment of the application acquires host information in advance through an asset detection technology, so that vulnerability scanning speed is increased, vulnerability scanning speed is obviously increased, the problem that a user needs to wait for a long time is solved, and user experience is improved.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (10)
1. A host vulnerability rapid scanning method based on asset detection is characterized by comprising the following steps:
acquiring host information of a target host based on an asset detection technology, wherein the host information comprises service information and application program information;
storing the host information in a database;
and responding to a trigger instruction of vulnerability scanning, and determining whether the target host has a corresponding vulnerability according to the host information and the vulnerability database.
2. The asset detection-based host vulnerability rapid scanning method according to claim 1, wherein the asset detection-based technology obtaining host information of a target host comprises:
and acquiring host information of the target host within a preset IP range based on the asset detection technology.
3. The asset detection-based host vulnerability rapid scanning method according to claim 1, wherein the asset detection-based technology obtaining host information of a target host comprises:
and periodically acquiring host information of the target host based on an asset detection technology according to a preset time interval.
4. The asset detection-based host vulnerability rapid scanning method according to claim 3, wherein the storing the host information in a database comprises:
and storing the acquired host information of the target host in a database according to a time interval corresponding to the preset time interval.
5. The asset detection-based host vulnerability rapid scanning method according to claim 4, before the asset detection-based technology obtains host information of a target host, further comprising:
an asset detection task and a vulnerability scanning task are established in advance, wherein the asset detection task and the vulnerability scanning task both comprise the state of the tasks and the scanning targets.
6. The asset detection-based host vulnerability rapid scanning method according to claim 5, wherein the determining whether the target host has a corresponding vulnerability according to the host information and a vulnerability database comprises:
and matching the current vulnerability library with host information stored in a database to determine whether the target host has a corresponding vulnerability.
7. The asset detection-based host vulnerability rapid scanning method according to claim 6, wherein the determining whether the target host has a corresponding vulnerability by using the current vulnerability database to match with host information stored in a database specifically comprises:
and matching the application program version or the service version corresponding to each vulnerability in the current vulnerability library with the version corresponding to the host information stored in the database to determine whether the target host has the corresponding vulnerability.
8. The asset detection-based host vulnerability rapid scanning method according to claim 7, further comprising:
and responding to the target host computer with the corresponding vulnerability, inquiring assets matched with the vulnerability in the database, and responding to the assets matched with the vulnerability in the database to generate alarm information.
9. A host vulnerability rapid scanning system based on asset detection is characterized by comprising:
a user side and a background server;
the user side is used for receiving a vulnerability scanning instruction sent by a user;
the background server is used for acquiring host information of a target host based on an asset detection technology, the host information comprises service information and application program information, the host information is stored in a database, and whether corresponding vulnerabilities exist in the target host is determined according to the host information and a vulnerability database.
10. The asset detection-based host vulnerability rapid scanning system of claim 9, wherein the user side uses vue.js framework and the backend server uses flash framework, gunitron server and mongodb database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910947111.6A CN110661808A (en) | 2019-09-29 | 2019-09-29 | Asset detection-based host vulnerability rapid scanning method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910947111.6A CN110661808A (en) | 2019-09-29 | 2019-09-29 | Asset detection-based host vulnerability rapid scanning method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110661808A true CN110661808A (en) | 2020-01-07 |
Family
ID=69040022
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910947111.6A Pending CN110661808A (en) | 2019-09-29 | 2019-09-29 | Asset detection-based host vulnerability rapid scanning method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110661808A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111682963A (en) * | 2020-05-22 | 2020-09-18 | 北京思特奇信息技术股份有限公司 | CMDB-based resource configuration management system and management method |
| CN112257070A (en) * | 2020-10-22 | 2021-01-22 | 全球能源互联网研究院有限公司 | Vulnerability troubleshooting method and system based on asset scene attributes |
| CN112395619A (en) * | 2020-11-18 | 2021-02-23 | 中国信息安全测评中心 | Vulnerability scanning method and device |
| CN112464238A (en) * | 2020-12-15 | 2021-03-09 | 中国联合网络通信集团有限公司 | Vulnerability scanning method and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
| CN107566388A (en) * | 2017-09-18 | 2018-01-09 | 杭州安恒信息技术有限公司 | Industry control vulnerability detection method, apparatus and system |
| CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
-
2019
- 2019-09-29 CN CN201910947111.6A patent/CN110661808A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
| CN107566388A (en) * | 2017-09-18 | 2018-01-09 | 杭州安恒信息技术有限公司 | Industry control vulnerability detection method, apparatus and system |
| CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111682963A (en) * | 2020-05-22 | 2020-09-18 | 北京思特奇信息技术股份有限公司 | CMDB-based resource configuration management system and management method |
| CN112257070A (en) * | 2020-10-22 | 2021-01-22 | 全球能源互联网研究院有限公司 | Vulnerability troubleshooting method and system based on asset scene attributes |
| CN112395619A (en) * | 2020-11-18 | 2021-02-23 | 中国信息安全测评中心 | Vulnerability scanning method and device |
| CN112464238A (en) * | 2020-12-15 | 2021-03-09 | 中国联合网络通信集团有限公司 | Vulnerability scanning method and electronic equipment |
| CN112464238B (en) * | 2020-12-15 | 2023-10-31 | 中国联合网络通信集团有限公司 | Vulnerability scanning method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110661808A (en) | Asset detection-based host vulnerability rapid scanning method and device | |
| CN106572173B (en) | Configuration information updating method, device and system | |
| CN109344172B (en) | High-concurrency data processing method and device and client server | |
| US20210226979A1 (en) | Vulnerability scanning method, server and system | |
| US20190158626A1 (en) | Method, apparatus and computer readable storage medium for processing service | |
| CN112422484B (en) | Method, apparatus, and storage medium for determining scenario for processing security event | |
| US10127385B2 (en) | Automated security vulnerability exploit tracking on social media | |
| CN110489315B (en) | Operation request tracking method, operation request tracking device and server | |
| CN111818073B (en) | Method, device, equipment and medium for detecting defect host | |
| US20200092157A1 (en) | Method And System For Clustered Real-Time Correlation Of Trace Data Fragments Describing Distributed Transaction Executions | |
| CN111818117A (en) | Data updating method and device, storage medium and electronic equipment | |
| JP2010541030A (en) | Monitor computer network resources with service level objectives | |
| CN111737128A (en) | On-line testing method, gray level shunting equipment and storage medium | |
| US20220369278A1 (en) | Object monitoring methods and apparatuses, electronic devices and computer readable storage media | |
| CN110830500A (en) | Network attack tracking method and device, electronic equipment and readable storage medium | |
| US20230359514A1 (en) | Operation-based event suppression | |
| WO2019196225A1 (en) | Resource file feedback method and apparatus | |
| US11930292B2 (en) | Device state monitoring method and apparatus | |
| CN111177722A (en) | Webshell file detection method and device, server and storage medium | |
| CN108390770B (en) | Information generation method and device and server | |
| CN111291127B (en) | Data synchronization method, device, server and storage medium | |
| CN111376255A (en) | Robot data acquisition method and device and terminal equipment | |
| CN112363940B (en) | Data processing method, device, storage medium and server | |
| Chen et al. | City eyes: An unified computational framework for intelligent video surveillance in cloud environment | |
| KR100799565B1 (en) | Method for hibernating and recovering web service processes and apparatus thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200107 |
|
| RJ01 | Rejection of invention patent application after publication |