CN110708344A - Vulnerability detection method and system based on fuzzy technology - Google Patents
Vulnerability detection method and system based on fuzzy technology Download PDFInfo
- Publication number
- CN110708344A CN110708344A CN201911159158.2A CN201911159158A CN110708344A CN 110708344 A CN110708344 A CN 110708344A CN 201911159158 A CN201911159158 A CN 201911159158A CN 110708344 A CN110708344 A CN 110708344A
- Authority
- CN
- China
- Prior art keywords
- fuzzy
- target
- scanning
- decision tree
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The disclosure provides a vulnerability detection method and system based on a fuzzy technology, which comprises the following steps: establishing a fuzzy target decision tree model, and making a target identification scanning strategy by adopting the fuzzy target decision tree model; determining a communication port number to communicate with a target host according to a target identification scanning strategy, acquiring information of the target host, and determining a detection target; and (4) according to the target host information, adopting a fuzzy algorithm to carry out vulnerability scanning on the detection target and judging whether a vulnerability exists. The target identification scanning strategy for searching and identifying the target host can be obtained through the decision tree, the approximate range and the open port number of the target host information are output, so that the target host is determined, a test case or a test data packet for carrying out vulnerability testing is generated by adopting a fuzzy algorithm according to the target host information returned by the target host, the vulnerability testing is carried out, a user can carry out vulnerability scanning without professional knowledge, and automation and intellectualization of vulnerability scanning are realized.
Description
Technical Field
The disclosure relates to the technical field related to network vulnerability detection, in particular to a vulnerability detection method and system based on a fuzzy technology.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
With the rapid development of the Internet, the network information security situation is increasingly severe, and various forms of attacks and secret stealing behaviors emerge endlessly, which not only pose a serious threat to personal information and property, but also to national defense construction and various fields of national economy. In recent years, a large number of security events have been exposed, and thus automatic, fast and effective vulnerability discovery has become an important research direction in the information security industry.
The inventor finds that the intelligent degree of the operation flow of the existing information security vulnerability scanning system is low, a user needs to add a scanning object and perform related configuration, and the user needs to know the related knowledge of the testing object and clearly understand the related configuration required during testing. The system has low intellectualization and complex flow, and does not utilize the popularization of system software. The commonly used vulnerability scanning method is based on a testing method of a payload library, the payload library for vulnerability scanning mainly comprises a vulnerability testing sentence library and a vulnerability error information library, the vulnerability scanning testing sentence library is used for constructing a vulnerability testing data packet, the testing data packet is sent to a tested target and return information is obtained, the return information is reversely judged by combining with the vulnerability error information library, and finally whether a vulnerability exists is determined. The detection method in the payload library aims at the single vulnerability and has low accuracy when detecting the vulnerability. The network information system has more and more types of equipment and more diversified application types, the traditional network space detection target branches have more and more branches, and the operation is more complex.
Disclosure of Invention
In order to solve the above problems, the present disclosure provides a vulnerability detection method based on a fuzzy technology, which is used for implementing vulnerability detection of network security and improving accuracy and intellectualization of vulnerability detection.
In order to achieve the purpose, the following technical scheme is adopted in the disclosure:
one or more embodiments provide a vulnerability detection method based on a fuzzy technology, which includes the following steps:
establishing a fuzzy target decision tree model, and making rough data of target identification scanning by adopting the fuzzy target decision tree model as a target identification scanning strategy;
determining a communication port number to communicate with a target host according to a target identification scanning strategy, acquiring information of the target host, and determining a detection target;
and (4) according to the target host information, adopting a fuzzy algorithm to carry out vulnerability scanning on the detection target and judging whether a vulnerability exists.
One or more embodiments provide a vulnerability detection system based on fuzzy technology, including:
a target identification strategy making module; the system is used for establishing a fuzzy target decision tree model, and adopting the fuzzy target decision tree model to make rough data of target identification scanning as a target identification scanning strategy;
a detection target determination module: the system comprises a target identification scanning strategy, a communication port number and a target host, wherein the target identification scanning strategy is used for determining communication between the communication port number and the target host, acquiring information of the target host and determining a detection target;
a vulnerability determination module: and the system is used for scanning the loophole of the detection target by adopting a fuzzy algorithm according to the information of the target host and judging whether the loophole exists.
An electronic device comprising a memory and a processor and computer instructions stored on the memory and executed on the processor, the computer instructions, when executed by the processor, performing the steps of the above method.
A computer readable storage medium storing computer instructions which, when executed by a processor, perform the steps of the above method.
Compared with the prior art, the beneficial effect of this disclosure is:
(1) the method and the system fuse decision trees and fuzzy algorithms in artificial intelligence, can intelligently make a target recognition scanning strategy and scan only by specifying a test target, namely a network or a host by a user, and can realize efficient and automatic detection.
(2) According to the method, the target identification scanning strategy for searching and identifying the target host can be obtained by adopting the decision tree, the approximate range and the open port number of the target host information are input, the target identification scanning data are sent through the port, so that the target host is determined, a test case or a test data packet for carrying out leak test is generated by adopting a fuzzy algorithm according to the target host information returned by the target host, the leak test is carried out, a user can carry out leak scanning without professional knowledge, and automation and intellectualization of the leak scanning are realized.
(3) A large number of test cases can be generated by adopting the fuzzy algorithm of the AI technology to carry out vulnerability scanning, and the vulnerability coverage rate of the vulnerability scanning is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure and not to limit the disclosure.
Fig. 1 is a flowchart of a vulnerability detection method based on a fuzzy technique in embodiment 1 of the present disclosure;
FIG. 2 is a diagram of a conventional decision tree model;
FIG. 3 is a diagram of a fuzzy target decision tree model of embodiment 1 of the present disclosure;
fig. 4 is a flowchart of vulnerability scanning on a detection target by using a fuzzy algorithm in embodiment 1 of the present disclosure.
The specific implementation mode is as follows:
the present disclosure is further described with reference to the following drawings and examples.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments in the present disclosure may be combined with each other. The embodiments will be described in detail below with reference to the accompanying drawings.
Example 1
In the technical solutions disclosed in one or more embodiments, as shown in fig. 1, a vulnerability detection method based on a fuzzy technology includes the following steps:
and 3, scanning the detected target by adopting a fuzzy algorithm according to the target host information to judge whether the vulnerability exists.
In the step 1, establishing a fuzzy target decision tree model, and adopting a fuzzy target decision tree model target identification scanning strategy, wherein the method comprises the following steps:
step 11, improving a decision tree based on fuzzy logic, and establishing a fuzzy logic reasoning decision tree model;
step 12, acquiring scanning target data set by a user; the scan target may be a target host or a network, and the scan target data may include an IP, a hardware type, etc. of the target host.
Step 13, making a target identification scanning strategy according to the scanning target data set by the user and the fuzzy logic reasoning decision tree model; the target identification scanning strategy comprises port numbers which can be opened, an approximate range of version numbers of an operating system, used software and software version numbers.
Based on the above steps 11 to 13, according to the IP, hardware type, etc. of the target host set by the user, the fuzzy logic reasoning decision tree model can output the rough information of the target host, i.e. the target recognition scanning strategy, so as to reduce the recognition range, and at the same time, the user does not need to know the vulnerability testing technology, and the target recognition scanning strategy is automatically generated according to the IP address, MAC address, hardware type, etc. of the target host sent by the user.
The ultimate goal of AI systems, the Artificial Intelligence (Artificial Intelligence) system, is to make human Intelligence, let machines learn human-like higher biological thinking problems and solve problems. Many software tasks in network security face similar specific problems, such as creating intelligent information security detection systems, giving the systems the same human-like reaction and behavior patterns, and the like.
The decision tree is an important algorithm of AI, which is a multi-branch tree established in the space of decision set, the root node of the tree represents the current state of the role, the branches of the decision tree represent the decision taken by the role, the intermediate nodes represent the temporary state or behavior generated, the path from the root node to the leaf node represents a decision path, the role always selects an optimal decision path, which can better reflect the real-time optimal decision of the test management process.
A decision tree is a mathematical model of the planned execution, as shown in fig. 2. It is represented as a directed root tree in which nodes are divided into nodes that control the flow or nodes that perform the behavior, and 1-6 in the figure are the nodes of the decision tree, respectively. When the decision tree is executed, the next executed node is decided by the node of the control flow, and the decision of the behavior is obtained by the node executing the behavior.
In the embodiment, the decision tree is improved based on fuzzy logic, and as shown in fig. 3, the improved decision tree of the fuzzy logic inference decision tree model established includes fuzzy judgment premise nodes and decision tree nodes with expected values.
The fuzzy judgment precondition node is used for providing execution expectation of the fuzzy logic calculation node, and the decision tree model preferentially selects the decision tree node with higher execution expectation so as to improve the decision precision of the decision tree.
The fuzzy logic is subjected to modularization processing and is used as a fuzzy judgment advance node to be added into the decision tree, so that the fuzzy logic and the decision tree can be combined, and the behavior tree has certain editability and expandability in design and construction.
The fuzzy judgment precondition node comprises: the fuzzy data set fuzzy control system comprises a first fuzzification module, a first fuzzy rule storage module, a first fuzzy set storage module and a fuzzy judgment module, wherein the first fuzzification module is used for storing fuzzy rules; the fuzzy dataset comprises an operating system version fuzzy dataset, a software version fuzzy dataset and the like.
The first fuzzification module: the scanning target data fuzzification module is used for fuzzifying the scanning target data set by a user;
a fuzzy judgment module: and the fuzzy module is used for judging according to the fuzzified scanning target data by combining the fuzzy data set of the first fuzzy set module and the fuzzy rule and outputting a fuzzy value.
The implementation in this embodiment is expected to be based on the ID3 algorithm or the C4.5 algorithm.
In step 13, a method for making a target identification scanning strategy according to the scanning target data set by the user and the fuzzy logic inference decision tree model specifically comprises the following steps:
step 131, according to the scanning target data, obtaining an execution expectation of other nodes in the fuzzy judgment premise nodes of the fuzzy logic reasoning decision tree model by adopting a fuzzy algorithm;
and 132, selecting the decision tree node with higher execution expectation as the output of the model according to the execution expectation, namely the target identification scanning strategy.
According to the scanning target data, a method for calculating execution expectation of other nodes is obtained by adopting a fuzzy algorithm in fuzzy judgment premise nodes of a fuzzy logic reasoning decision tree model, and the method specifically comprises the following steps:
131-1, fuzzifying the scanning target data set by the user;
131-2, judging by combining the fuzzy data set and the fuzzy rule of the first fuzzy set module according to the fuzzified scanning target data, outputting a fuzzy value and calculating a corresponding decision expectation value by adopting an ID3 or C4.5 decision algorithm according to the fuzzy value.
In step 2, determining a communication port number to communicate with a target host according to a target identification scanning strategy, and acquiring information of the target host; the method specifically includes that target identification scanning data are transmitted through a determined communication port number and can be sent in a broadcasting mode, a response data packet of a target host is further obtained, information of the target host is analyzed according to the response data packet, and an identification process is completed to determine that a detected object is a target to be detected. The information of the target host may include information such as a version number of an operating system, a version of application software, and the like.
In step 3, according to the target host information, adopting a fuzzy algorithm to scan the vulnerability, and judging whether the vulnerability exists, namely, according to the fuzzy algorithm, the vulnerability is specially scanned and detected aiming at the found detection target. As shown in fig. 4, including 1) generating fuzz test data; 2) executing the fuzzy test data to perform vulnerability detection; the method comprises the following steps:
step 31, fuzzifying the target recognition result as an input variable, and packaging the fuzzy variable;
step 32, establishing a fuzzy set library, calculating membership values of fuzzy variables in fuzzy sets expressed in different degrees, and taking the fuzzy set with the highest membership value as a fuzzy set group to which the fuzzy variables belong; the fuzzy set library comprises a system vulnerability fuzzy set and a web vulnerability fuzzy set.
Step 33, determining a test data packet of the tested object as a test case according to the fuzzy set group and the fuzzy rule to which the fuzzy variable belongs;
and step 34, sending a test data packet to the detected target, and judging whether a bug exists according to the message data returned by the detected target.
Optionally, the detected message is sent to the detected target according to the generated test data, and whether a bug exists is judged by receiving the returned message data.
The data fuzzification and fuzzy rule change more, a large number of fuzzy test cases can be generated, the tested object can be tested more comprehensively, and the preparation of vulnerability scanning is improved.
Fuzzy testing (Fuzzing), a technique for discovering vulnerabilities through an approximate inference method using fuzzy sets. In the fuzzing test, the constructed fuzzing test data is sent to the tested device, and then the data returned by the tested device is observed. The AI vulnerability detection technology based on the fuzzy test method is researched and realized by combining the network information security vulnerability attack principle.
Example 2
This embodiment provides a vulnerability detection system based on fuzzy technique, includes:
a target identification strategy making module; the system is used for establishing a fuzzy target decision tree model, and adopting the fuzzy target decision tree model to make rough data of target identification scanning as a target identification scanning strategy;
a detection target determination module: the system comprises a target identification scanning strategy, a communication port number and a target host, wherein the target identification scanning strategy is used for determining communication between the communication port number and the target host, acquiring information of the target host and determining a detection target;
a vulnerability determination module: and the system is used for scanning the loophole of the detection target by adopting a fuzzy algorithm according to the information of the target host and judging whether the loophole exists.
Further, the fuzzy target decision tree model comprises fuzzy judgment premise nodes and decision tree nodes with expected values; the fuzzy judgment precondition node is used for providing an execution expectation of the fuzzy logic calculation node as an expectation value of the decision tree node with the expectation value;
the fuzzy judgment precondition node comprises: the fuzzy data set fuzzy control system comprises a first fuzzification module, a first fuzzy rule storage module, a first fuzzy set storage module and a fuzzy judgment module, wherein the first fuzzification module is used for storing fuzzy rules; the fuzzy dataset comprises an operating system version fuzzy dataset, a software version fuzzy dataset and the like.
The first fuzzification module: the scanning target data fuzzification module is used for fuzzifying the scanning target data set by a user;
a fuzzy judgment module: and the fuzzy module is used for judging according to the fuzzified scanning target data by combining the fuzzy data set of the first fuzzy set module and the fuzzy rule and outputting a fuzzy value.
The implementation in this embodiment is expected to be based on the ID3 algorithm or the C4.5 algorithm.
Example 3
The present embodiment provides an electronic device comprising a memory and a processor, and computer instructions stored on the memory and executed on the processor, wherein the computer instructions, when executed by the processor, perform the steps of the method of embodiment 1.
Example 4
The present embodiment provides a computer readable storage medium for storing computer instructions which, when executed by a processor, perform the steps of the method of embodiment 1.
The electronic device provided by the present disclosure may be a mobile terminal and a non-mobile terminal, where the non-mobile terminal includes a desktop computer, and the mobile terminal includes a Smart Phone (such as an Android Phone and an IOS Phone), Smart glasses, a Smart watch, a Smart bracelet, a tablet computer, a notebook computer, a personal digital assistant, and other mobile internet devices capable of performing wireless communication.
It should be understood that in the present disclosure, the processor may be a central processing unit CPU, but may also be other general purpose processors, digital signal processors DSP, application specific integrated circuits ASIC, off-the-shelf programmable gate arrays FPGA or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may include both read-only memory and random access memory, and may provide instructions and data to the processor, and a portion of the memory may also include non-volatile random access memory. For example, the memory may also store device type information.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The steps of a method disclosed in connection with the present disclosure may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, among other storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor. To avoid repetition, it is not described in detail here. Those of ordinary skill in the art will appreciate that the various illustrative elements, i.e., algorithm steps, described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is merely a division of one logic function, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some interfaces, and may be in an electrical, mechanical or other form.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present disclosure and is not intended to limit the present disclosure, and various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.
Although the present disclosure has been described with reference to specific embodiments, it should be understood that the scope of the present disclosure is not limited thereto, and those skilled in the art will appreciate that various modifications and changes can be made without departing from the spirit and scope of the present disclosure.
Claims (10)
1. A vulnerability detection method based on a fuzzy technology is characterized by comprising the following steps:
establishing a fuzzy target decision tree model, and making rough data of target identification scanning by adopting the fuzzy target decision tree model as a target identification scanning strategy;
determining a communication port number to communicate with a target host according to a target identification scanning strategy, acquiring information of the target host, and determining a detection target;
and (4) according to the target host information, adopting a fuzzy algorithm to carry out vulnerability scanning on the detection target and judging whether a vulnerability exists.
2. The vulnerability detection method based on fuzzy technology as claimed in claim 1, characterized in that: the method adopts a fuzzy target decision tree model target recognition scanning strategy, and comprises the following steps:
based on the fuzzy logic improved decision tree, establishing a fuzzy logic reasoning decision tree model;
acquiring scanning target data set by a user; the scanning target is a target host or a network, and the scanning target data comprises the IP and the hardware type of the target host;
and making a target recognition scanning strategy according to the scanning target data set by the user and the fuzzy logic reasoning decision tree model.
3. The vulnerability detection method based on fuzzy technology as claimed in claim 2, characterized in that: the method for making the target identification scanning strategy according to the scanning target data set by the user and the fuzzy logic reasoning decision tree model specifically comprises the following steps:
obtaining an execution expectation of a node of a calculation decision tree by adopting a fuzzy algorithm in a fuzzy logic reasoning decision tree model according to the scanning target data;
selecting decision tree nodes with higher execution expectation as the output of the model according to the execution expectation, namely the target identification scanning strategy;
or
According to the scanning target data, a method for calculating execution expectation of other nodes is obtained by adopting a fuzzy algorithm in fuzzy judgment premise nodes of a fuzzy logic reasoning decision tree model, and the method specifically comprises the following steps:
fuzzifying scanning target data set by a user;
and judging by combining the fuzzy data set and the fuzzy rule of the first fuzzy set module according to the fuzzified scanning target data, outputting a fuzzy value and calculating a corresponding decision expected value by adopting an ID3 or C4.5 decision algorithm according to the fuzzy value.
4. The vulnerability detection method based on fuzzy technology as claimed in claim 1, characterized in that: the target identification scanning strategy comprises a port number which can be opened, a rough range of the version number of an operating system, used software and a software version number; the information of the target host comprises the version number of the operating system and the version information of the application software.
5. The vulnerability detection method based on fuzzy technology as claimed in claim 1, characterized in that: the fuzzy logic reasoning decision tree model comprises fuzzy judgment premise nodes and decision tree nodes with expected values; the fuzzy judgment precondition node is used for providing the execution expectation of the fuzzy logic calculation node as the expectation value of the decision tree node with the expectation value.
6. The vulnerability detection method based on fuzzy technology as claimed in claim 1, characterized in that: according to the target host information, adopting a fuzzy algorithm to carry out vulnerability scanning on the detection target and judging whether a vulnerability exists, comprising the following steps:
fuzzifying target host information as an input variable, and packaging the fuzzified input variable into a fuzzy variable;
establishing a fuzzy set library, calculating membership values of fuzzy variables in fuzzy sets expressed in different degrees, and taking the fuzzy set with the highest membership value as a fuzzy set group to which the fuzzy variables belong;
determining a test data packet of the tested object as a test case according to a fuzzy set group and a fuzzy rule to which the fuzzy variable belongs;
and sending a test data packet to the detected target, and judging whether a bug exists according to the message data returned by the detected target.
7. A vulnerability detection system based on fuzzy technology is characterized by comprising:
a target identification strategy making module; the system is used for establishing a fuzzy target decision tree model, and adopting the fuzzy target decision tree model to make rough data of target identification scanning as a target identification scanning strategy;
a detection target determination module: the system comprises a target identification scanning strategy, a communication port number and a target host, wherein the target identification scanning strategy is used for determining communication between the communication port number and the target host, acquiring information of the target host and determining a detection target;
a vulnerability determination module: and the system is used for scanning the loophole of the detection target by adopting a fuzzy algorithm according to the information of the target host and judging whether the loophole exists.
8. The vulnerability detection system based on fuzzy technology of claim 7, wherein: the fuzzy target decision tree model comprises fuzzy judgment premise nodes and decision tree nodes with expected values; the fuzzy judgment precondition node is used for providing an execution expectation of the fuzzy logic calculation node as an expectation value of the decision tree node with the expectation value;
the fuzzy judgment precondition node comprises: the fuzzy data set fuzzy control system comprises a first fuzzification module, a first fuzzy rule storage module, a first fuzzy set storage module and a fuzzy judgment module, wherein the first fuzzification module is used for storing fuzzy rules;
the first fuzzification module: the scanning target data fuzzification module is used for fuzzifying the scanning target data set by a user;
a fuzzy judgment module: and the fuzzy module is used for judging according to the fuzzified scanning target data by combining the fuzzy data set and the fuzzy rule of the first fuzzy set module, outputting a fuzzy value and obtaining an execution expectation according to an ID3 algorithm or a C4.5 algorithm.
9. An electronic device comprising a memory and a processor and computer instructions stored on the memory and executable on the processor, the computer instructions when executed by the processor performing the steps of the method of any of claims 1 to 6.
10. A computer-readable storage medium storing computer instructions which, when executed by a processor, perform the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911159158.2A CN110708344B (en) | 2019-11-22 | 2019-11-22 | Vulnerability detection method and system based on fuzzy technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911159158.2A CN110708344B (en) | 2019-11-22 | 2019-11-22 | Vulnerability detection method and system based on fuzzy technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110708344A true CN110708344A (en) | 2020-01-17 |
| CN110708344B CN110708344B (en) | 2022-03-04 |
Family
ID=69206674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911159158.2A Active CN110708344B (en) | 2019-11-22 | 2019-11-22 | Vulnerability detection method and system based on fuzzy technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110708344B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859375A (en) * | 2020-07-20 | 2020-10-30 | 百度在线网络技术(北京)有限公司 | Vulnerability detection method and device, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
| CN106713284A (en) * | 2016-12-02 | 2017-05-24 | 国网浙江省电力公司电力科学研究院 | Industrial control security testing system, and industrial control system |
| US9723489B1 (en) * | 2016-04-19 | 2017-08-01 | Synack, Inc. | Automated vulnerability discovery in mobile device applications |
| CN107423217A (en) * | 2017-07-10 | 2017-12-01 | 东北大学秦皇岛分校 | Black box fuzz testing method and system based on variation tree |
| CN107682302A (en) * | 2016-08-02 | 2018-02-09 | 中国电信股份有限公司 | Cross-site scripting attack detection method and device |
| CN109766697A (en) * | 2018-12-29 | 2019-05-17 | 武汉烽火技术服务有限公司 | Vulnerability scanning method, storage medium, equipment and system applied to linux system |
| CN110443045A (en) * | 2019-08-13 | 2019-11-12 | 北京计算机技术及应用研究所 | A kind of fuzz testing case generation method based on machine learning method |
-
2019
- 2019-11-22 CN CN201911159158.2A patent/CN110708344B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
| US9723489B1 (en) * | 2016-04-19 | 2017-08-01 | Synack, Inc. | Automated vulnerability discovery in mobile device applications |
| CN107682302A (en) * | 2016-08-02 | 2018-02-09 | 中国电信股份有限公司 | Cross-site scripting attack detection method and device |
| CN106713284A (en) * | 2016-12-02 | 2017-05-24 | 国网浙江省电力公司电力科学研究院 | Industrial control security testing system, and industrial control system |
| CN107423217A (en) * | 2017-07-10 | 2017-12-01 | 东北大学秦皇岛分校 | Black box fuzz testing method and system based on variation tree |
| CN109766697A (en) * | 2018-12-29 | 2019-05-17 | 武汉烽火技术服务有限公司 | Vulnerability scanning method, storage medium, equipment and system applied to linux system |
| CN110443045A (en) * | 2019-08-13 | 2019-11-12 | 北京计算机技术及应用研究所 | A kind of fuzz testing case generation method based on machine learning method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859375A (en) * | 2020-07-20 | 2020-10-30 | 百度在线网络技术(北京)有限公司 | Vulnerability detection method and device, electronic equipment and storage medium |
| CN111859375B (en) * | 2020-07-20 | 2023-08-29 | 百度在线网络技术(北京)有限公司 | Vulnerability detection method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110708344B (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alsamiri et al. | Internet of things cyber attacks detection using machine learning | |
| Anton et al. | Anomaly-based intrusion detection in industrial data with SVM and random forests | |
| Aleesa et al. | Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions | |
| CN110704846B (en) | Intelligent human-in-loop security vulnerability discovery method | |
| CN116756327B (en) | Threat information relation extraction method and device based on knowledge inference and electronic equipment | |
| CN110708344B (en) | Vulnerability detection method and system based on fuzzy technology | |
| de Elias et al. | A hybrid CNN-LSTM model for IIoT edge privacy-aware intrusion detection | |
| KR102386290B1 (en) | Anomaly data detection method based on trigger rule | |
| Shahhosseini et al. | A deep learning approach for botnet detection using raw network traffic data | |
| Ruiz-Villafranca et al. | A MEC-IIoT intelligent threat detector based on machine learning boosted tree algorithms | |
| CN117349618A (en) | Method and medium for constructing malicious encryption traffic detection model of network information system | |
| Eid et al. | IIoT network intrusion detection using machine learning | |
| Alqurashi et al. | On the performance of isolation forest and multi layer perceptron for anomaly detection in industrial control systems networks | |
| Alkaabi et al. | Modeling Cyber-Attribution Using Machine Learning Techniques | |
| Pashaei et al. | Honeypot intrusion detection system using an adversarial reinforcement learning for industrial control networks | |
| Alshaeaa et al. | Developing a hybrid feature selection method to detect botnet attacks in IoT devices | |
| Lazzarini et al. | A Stacking Ensemble of Deep Learning Models for IoT Network Intrusion Detection | |
| Sasi et al. | R0fuzz: A Collaborative Fuzzer for ICS Protocols | |
| Ethilu et al. | Improving Performance and Efficiency of Software Defined Networking by Identifying Malicious Switches through Deep Learning Model | |
| Abid et al. | Trust-based approach to secure low-power and lossy networks routing protocol | |
| Mustafa et al. | Intrusion detection systems for software-defined networks: a comprehensive study on machine learning-based techniques | |
| Reddy et al. | A P4-Based Adversarial Attack Mitigation on Machine Learning Models in Data Plane Devices | |
| CN116488941B (en) | Attack chain detection method, device and equipment | |
| Veeranam Shanmugam | Botnet Detection in IoT Devices using Gradient and Ada Boosting Algorithm | |
| Yuan et al. | ProfistMAC: A Protocol Finite State Machine Classifier via Graph Representation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 266555 No. 98 Xiangjiang Road, Huangdao District, Qingdao City, Shandong Province Applicant after: CLP kesiyi Technology Co.,Ltd. Address before: 266555 No. 98 Xiangjiang Road, Huangdao District, Qingdao City, Shandong Province Applicant before: CHINA ELECTRONICS TECHNOLOGY INSTRUMENTS Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |