CN111368305A - Code security risk detection method - Google Patents
Code security risk detection method Download PDFInfo
- Publication number
- CN111368305A CN111368305A CN201910628412.2A CN201910628412A CN111368305A CN 111368305 A CN111368305 A CN 111368305A CN 201910628412 A CN201910628412 A CN 201910628412A CN 111368305 A CN111368305 A CN 111368305A
- Authority
- CN
- China
- Prior art keywords
- code
- vulnerability
- knowledge base
- security
- cve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a code security risk detection method, which comprises the following steps: step 1), constructing a safety information knowledge base; step 2), maintaining the increment of a safety information knowledge base; step 3), extracting vulnerability code characteristic information; step 4), establishing a vulnerability code characteristic and defect association knowledge base; step 5), extracting the characteristics of the monitored code; and 6) matching the monitored code characteristics with the vulnerability codes and the defect association knowledge base, wherein if the monitored code characteristics are matched with the vulnerability codes and the defect association knowledge base, the monitored code has a safety risk, otherwise, the monitored code is a safety code and does not have a safety risk. According to the invention, whether the code has a security risk is detected by completing the extraction of the security information knowledge base and the code characteristics and establishing the association knowledge base of the vulnerability code characteristics and the security information knowledge base.
Description
Technical Field
The invention relates to the field of code security detection, in particular to a code security risk detection method.
Background
With the rapid development of networks, various network applications are mature continuously, various development technologies are endless, and internet surfing becomes an important part of people's daily life. Safety issues are becoming increasingly important while enjoying the convenience of interconnecting webbing. With the continuous rampant invasion of hackers on the global scale, the information security problem becomes more and more serious. In security technologies against hacker intrusion, technologies and products for real-time intrusion detection and vulnerability scanning assessment of idna (intrusion detection and assessment) have begun to occupy an increasingly important position.
The main methods based on real-time intrusion detection and vulnerability scanning evaluation are known intrusion technique detection and known vulnerability scanning, in other words, knowledge base based techniques. It can be seen that an important indicator for determining IDnA techniques and products is the type of intrusion and the number of vulnerabilities that can be detected.
The CVE acts as a dictionary table giving a common name for widely recognized information security vulnerabilities or vulnerabilities that have been exposed. Using a common name may help users share data among their own separate vulnerability databases and vulnerability assessment tools, although these tools are difficult to integrate together. This makes the CVE a "key" for secure information sharing. If there is a vulnerability indicated in a vulnerability report, you can quickly find the corresponding fix information in any other CVE-compatible database if there is a CVE name, solving the security problem.
Although CVE gives a uniform vulnerability name, example code is also listed on the website to account for the vulnerability and to give resolution suggestions. But whether a security risk exists in a section of code or not cannot be quickly analyzed according to the website corresponding to cve!
Disclosure of Invention
Aiming at cve bugs and bug codes provided by cve website, the invention first crawls cve bug information and bug codes, establishes a security information knowledge base and a bug code characteristic and security information knowledge association base. By extracting the characteristics of the detected code and matching the characteristics with the vulnerability code characteristics and the security information knowledge association library, if data are matched, the detected code can be proved to have security risk, and in addition, the existing vulnerability name (corresponding cveID) can be positioned; if no data is matched, no security risk is indicated.
According to an aspect of the present invention, there is provided a code security risk detection method, the method including:
step 1) constructing a safety information knowledge base: safety information is crawled from an cve vulnerability information website, and a risk level corresponding to cve vulnerability is crawled from a national vulnerability database of America, so that a safety information knowledge base is constructed;
step 2) security information knowledge base increment maintenance: as new vulnerabilities are continuously discovered and published in cve vulnerability information security websites, latest security information increments are periodically crawled and maintained to a local security information knowledge base;
step 3), extracting vulnerability code characteristic information: code files or segments (functions) with known cve vulnerabilities are crawled from an open source website, and characteristic values are extracted;
step 4), establishing a vulnerability code characteristic and defect association knowledge base: establishing a vulnerability code characteristic and security information association knowledge base by using the code characteristic value obtained in the step 3) and the corresponding cve vulnerability ID;
step 5) extracting the detected code features: extracting a characteristic value of the detected code file or code segment;
step 6), matching the monitored code characteristics with the vulnerability codes and the defect association knowledge base: matching cve vulnerabilities in the vulnerability code characteristic and security information association knowledge base established in the step 4) according to the characteristic values of the detected codes, wherein if the vulnerability code characteristic values can be matched with the cve vulnerabilities, the detected codes have security risks, otherwise, the security risks do not exist;
more specifically, in the method of the code security risk detection method: in step 1), the security information crawled from the cve vulnerability information website comprises the following steps: cve vulnerability ID, status, type and corresponding solution, from the U.S. national vulnerability database, can be crawled to CVSS vulnerability risk assessment level, which is classified into two categories, V2 and V3.
More specifically, in the method of the code security risk detection method: in step 3) and step 5), if the code is in a file form, the extracted characteristic values are as follows: file name, size, MD 5; if the code segment (function) is selected, the extracted characteristic values are as follows: code character length, MD 5.
More specifically, in the method of the code security risk detection method: in step 4), the vulnerability code characteristic and security information association knowledge base mainly comprises MD5 and cve vulnerability ID of the vulnerability code.
More specifically, in the method of the code security risk detection method: in step 6), when the detected code features are matched with the vulnerability codes and the defect association knowledge base, the matching is carried out according to the MD5 of the detected codes.
Aiming at the difficult problem of complex structure of the mixed source code, the invention utilizes multi-level characteristics such as a function interface, a code interface and the like to carry out intelligent analysis, realizes the analysis of the mixed source code and the positioning of the open source code, and mainly breaks through the intelligent detection and analysis technology of the mixed source code around the safety and intellectual property analysis brought by the complexity of open source software and the diversity of licenses.
Drawings
Embodiments of the invention will now be described with reference to the accompanying drawings, in which:
fig. 1 is a flowchart illustrating steps of a code security risk detection method according to an embodiment of the present invention.
Fig. 2, 3, 4 and 5 are detailed diagrams illustrating a flowchart of steps of a hybrid file license conflict detection method according to an embodiment of the present invention.
Detailed Description
Embodiments of the code security risk detection method of the present invention will be described in detail below with reference to the accompanying drawings.
The CVE related products of the code safety risk are detected based on the known intrusion method detection mode and the known vulnerability scanning mode at present. Although the CVE gives a uniform vulnerability name, example code is also listed on the website to account for the vulnerability and to give a solution suggestion. But whether a security risk exists in a section of code or not cannot be quickly analyzed according to the website corresponding to cve!
In order to overcome the defects, the invention builds a code security risk detection method, and can effectively solve the technical problems.
Fig. 1 is a flowchart illustrating steps of a method for detecting a mixed source file license conflict according to an embodiment of the present invention, where the method includes:
step 1) constructing a safety information knowledge base: safety information is crawled from an cve vulnerability information website, and a risk level corresponding to cve vulnerability is crawled from a national vulnerability database of America, so that a safety information knowledge base is constructed;
step 2) security information knowledge base increment maintenance: as new vulnerabilities are continuously discovered and published in cve vulnerability information security websites, latest security information increments are periodically crawled and maintained to a local security information knowledge base;
step 3), extracting vulnerability code characteristic information: code files or segments (functions) with known cve vulnerabilities are crawled from an open source website, and characteristic values are extracted;
step 4), establishing a vulnerability code characteristic and defect association knowledge base: establishing a vulnerability code characteristic and security information association knowledge base by using the code characteristic value obtained in the step 3) and the corresponding cve vulnerability ID;
step 5) extracting the detected code features: extracting a characteristic value of the detected code file or code segment;
step 6), matching the monitored code characteristics with the vulnerability codes and the defect association knowledge base: matching cve vulnerabilities in the vulnerability code characteristic and security information association knowledge base established in the step 4) according to the characteristic values of the detected codes, wherein if the vulnerability code characteristic values can be matched with the cve vulnerabilities, the detected codes have security risks, otherwise, the security risks do not exist;
the security information and the vulnerability code information are obtained by crawling from a vulnerability information website, the security information and the vulnerability codes are collected, the vulnerability code characteristic value is extracted, and a security information base and a vulnerability code characteristic and security information association base are constructed, so that the regular updating and maintenance are realized, and the integrity of data is ensured.
In conclusion, the method and the device can extract the code characteristics and accurately judge whether the code has the security risk.
It is to be understood that while the present invention has been disclosed in connection with the preferred embodiments thereof, the same is not to be considered as limiting. It will be apparent to those skilled in the art from this disclosure that many changes and modifications can be made, or equivalents modified, in the embodiments of the invention without departing from the scope of the invention. Therefore, any simple modification, equivalent change and modification made to the above embodiments according to the technical essence of the present invention are still within the scope of the protection of the technical solution of the present invention, unless the contents of the technical solution of the present invention are departed.
Claims (5)
1. A code security risk detection method, the method comprising:
step 1) constructing a safety information knowledge base: the security information is crawled from an cve vulnerability information website, and the risk level corresponding to cve vulnerability is crawled from a national vulnerability database of the United states, so that a security information knowledge base is constructed;
step 2) security information knowledge base increment maintenance: as new vulnerabilities are continuously discovered and published in cve vulnerability information security websites, latest security information increments are periodically crawled and maintained to a local security information knowledge base;
step 3), extracting vulnerability code characteristic information: code files or segments (functions) with known cve vulnerabilities are crawled from an open source website, and characteristic values are extracted;
step 4), establishing a vulnerability code characteristic and defect association knowledge base: establishing a vulnerability code characteristic and security information association knowledge base by using the code characteristic value obtained in the step 3) and the corresponding cve vulnerability ID;
step 5) extracting the detected code features: extracting characteristic values of the detected code files or code segments;
step 6), matching the monitored code characteristics with the vulnerability codes and the defect association knowledge base: matching cve vulnerabilities in the vulnerability code characteristic and security information association knowledge base established in the step 4) according to the characteristic values of the detected codes, wherein the characteristic values of the detected codes acquired in the step 5) have security risks if the characteristic values of the detected codes can be matched, and otherwise, the detected codes do not have the security risks.
2. The code security risk detection method of claim 1, wherein:
in step 1), the security information crawled from the cve vulnerability information website comprises the following steps: cve vulnerability ID, status, type and corresponding solution, from the U.S. national vulnerability database can be crawled into CVSS vulnerability risk assessment levels, which are classified into V2 and V3.
3. The code security risk detection method of claim 1, wherein:
in step 3) and step 5), if the code is in a file form, the extracted characteristic values are as follows: file name, size, MD 5; if the code segment (function) is selected, the extracted characteristic values are as follows: code character length, MD 5.
4. The code security risk detection method of claim 1, wherein:
in step 4), the vulnerability code characteristic and security information association knowledge base mainly comprises MD5 and cve vulnerability IDs of vulnerability codes.
5. The code security risk detection method of claim 1, wherein:
in step 6), when the detected code features are matched with the vulnerability codes and the defect association knowledge base, the matching is carried out according to the MD5 of the detected codes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910628412.2A CN111368305A (en) | 2019-07-12 | 2019-07-12 | Code security risk detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910628412.2A CN111368305A (en) | 2019-07-12 | 2019-07-12 | Code security risk detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111368305A true CN111368305A (en) | 2020-07-03 |
Family
ID=71207855
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910628412.2A Pending CN111368305A (en) | 2019-07-12 | 2019-07-12 | Code security risk detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111368305A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112580057A (en) * | 2020-12-17 | 2021-03-30 | 光通天下网络科技股份有限公司 | Attack vulnerability detection method, device, equipment and medium for ZIP encrypted compressed packet |
| CN117473513A (en) * | 2023-12-28 | 2024-01-30 | 北京立思辰安科技术有限公司 | Equipment detection method, storage medium and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
| CN104615542A (en) * | 2015-02-11 | 2015-05-13 | 中国科学院软件研究所 | Vulnerability correlation analysis assisted vulnerability mining method based on function calling |
| CN106446691A (en) * | 2016-11-24 | 2017-02-22 | 工业和信息化部电信研究院 | Method and device for detecting integrated or customized open source project bugs in software |
| US20170171236A1 (en) * | 2015-12-14 | 2017-06-15 | Vulnetics Inc. | Method and system for automated computer vulnerability tracking |
| JP2017224053A (en) * | 2016-06-13 | 2017-12-21 | 株式会社日立製作所 | Vulnerability risk evaluation system and method |
| CN107688748A (en) * | 2017-09-05 | 2018-02-13 | 中国人民解放军信息工程大学 | Fragility Code Clones detection method and its device based on leak fingerprint |
| US20180205755A1 (en) * | 2017-01-19 | 2018-07-19 | University Of North Texas | Systems and methods for adaptive vulnerability detection and management |
-
2019
- 2019-07-12 CN CN201910628412.2A patent/CN111368305A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
| CN104615542A (en) * | 2015-02-11 | 2015-05-13 | 中国科学院软件研究所 | Vulnerability correlation analysis assisted vulnerability mining method based on function calling |
| US20170171236A1 (en) * | 2015-12-14 | 2017-06-15 | Vulnetics Inc. | Method and system for automated computer vulnerability tracking |
| JP2017224053A (en) * | 2016-06-13 | 2017-12-21 | 株式会社日立製作所 | Vulnerability risk evaluation system and method |
| CN106446691A (en) * | 2016-11-24 | 2017-02-22 | 工业和信息化部电信研究院 | Method and device for detecting integrated or customized open source project bugs in software |
| US20180205755A1 (en) * | 2017-01-19 | 2018-07-19 | University Of North Texas | Systems and methods for adaptive vulnerability detection and management |
| CN107688748A (en) * | 2017-09-05 | 2018-02-13 | 中国人民解放军信息工程大学 | Fragility Code Clones detection method and its device based on leak fingerprint |
Non-Patent Citations (1)
| Title |
|---|
| 刘臻等: "基于漏洞指纹的软件脆弱性代码复用检测方法", 《浙江大学学报(工学版)》, no. 11, 15 November 2018 (2018-11-15), pages 143 - 153 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112580057A (en) * | 2020-12-17 | 2021-03-30 | 光通天下网络科技股份有限公司 | Attack vulnerability detection method, device, equipment and medium for ZIP encrypted compressed packet |
| CN117473513A (en) * | 2023-12-28 | 2024-01-30 | 北京立思辰安科技术有限公司 | Equipment detection method, storage medium and electronic equipment |
| CN117473513B (en) * | 2023-12-28 | 2024-04-12 | 北京立思辰安科技术有限公司 | Equipment detection method, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110535806B (en) | Method, device and equipment for monitoring abnormal website and computer storage medium | |
| CN103150511B (en) | Safety protection system | |
| CN106845223B (en) | Method and apparatus for detecting malicious code | |
| US20170061126A1 (en) | Process Launch, Monitoring and Execution Control | |
| CN102467633A (en) | Method and system for safely browsing webpage | |
| CN104994091B (en) | Detection method and device, the method and apparatus of defence Web attacks of abnormal flow | |
| CN104520871A (en) | Vulnerability vector information analysis | |
| CN111611590B (en) | Method and device for data security related to application program | |
| CN114553720B (en) | User operation abnormity detection method and device | |
| KR20080044145A (en) | Anomaly detection system and method of web application attacks using web log correlation | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| CN111368305A (en) | Code security risk detection method | |
| CN110858247A (en) | Android malicious application detection method, system, device and storage medium | |
| CN113221032A (en) | Link risk detection method, device and storage medium | |
| CN112115473A (en) | Method for security detection of Java open source assembly | |
| KR101372906B1 (en) | Method and system to prevent malware code | |
| CN114024773B (en) | Webshell file detection method and system | |
| CN115952503A (en) | Application safety testing method and system integrating black, white and gray safety detection technology | |
| CN118381627A (en) | LLM driven industrial network intrusion detection method and response system | |
| CN108171057B (en) | Android platform malicious software detection method based on feature matching | |
| KR102590082B1 (en) | Security compliance automation method | |
| CN116010963A (en) | Kernel vulnerability detection method, device, equipment and readable storage medium | |
| CN112464218B (en) | Model training method and device, electronic equipment and storage medium | |
| CN109067716A (en) | A kind of method and system identifying dark chain | |
| CN111934949A (en) | Safety test system based on database injection test |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 102209 southeast, 6th floor, block B, national power investment Central Research Institute, South District, future science city, Changping District, Beijing Applicant after: BEIJING KEYWARE Co.,Ltd. Address before: 102208 key technology on the fourth floor of the production building of the second Pinzi Bona group, Huilongguan, Changping District, Beijing Applicant before: BEIJING KEYWARE Co.,Ltd. |
|
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200703 |