CN112269999A - Vulnerability scanning task scheduling method, device, equipment and medium - Google Patents
Vulnerability scanning task scheduling method, device, equipment and medium Download PDFInfo
- Publication number
- CN112269999A CN112269999A CN202011219347.7A CN202011219347A CN112269999A CN 112269999 A CN112269999 A CN 112269999A CN 202011219347 A CN202011219347 A CN 202011219347A CN 112269999 A CN112269999 A CN 112269999A
- Authority
- CN
- China
- Prior art keywords
- scanning
- task
- tasks
- execution queue
- queue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
- G06F9/5055—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering software capabilities, i.e. software resources associated or available to the machine
Abstract
The disclosure provides a method, a device, equipment and a medium for scheduling a vulnerability scanning task, wherein the method comprises the following steps: confirming that scanning tasks in an execution queue change, wherein the execution queue is used for storing the scanning tasks in execution, and each scanning task has a corresponding priority; and reallocating resources corresponding to the priority of the scanning task for each scanning task in the execution queue. By carrying out priority differentiation on the scanning tasks and correspondingly distributing the scanning tasks according to the priorities when the scanning tasks are distributed with resources, the scanning tasks with high priorities can be distributed with more resources, and the system resources are dynamically distributed according to the progress condition of the scanning tasks, so that the resource distribution is more reasonable and the efficiency is higher.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a medium for scheduling a vulnerability scanning task.
Background
The business informatization brings huge economic and social benefits and simultaneously faces the challenge of severe information safety. Network security products are also produced, and the products avoid illegal infringement of network environment in the modes of finding bugs, solving bugs, protecting attacks and the like.
In the prior art, when allocating system resources during vulnerability scanning, a maximum task concurrency number can be set, a maximum host concurrency number can be set for each scanning task, and a maximum thread concurrency number can be set for each host. Because the available resources of the device for vulnerability scanning and the network environment resources are limited, the important scanning task is influenced by the resources occupied by other tasks, so that the important scanning task is slow in progress, and meanwhile, the system resources are not reasonably utilized, and the scanning effect is influenced.
Disclosure of Invention
In view of this, the embodiments of the present disclosure provide a method, an apparatus, a device, and a medium for scheduling a bug scanning task, so as to effectively solve the problem of unreasonable utilization of system resources during bug scanning.
Specifically, the present disclosure is realized by the following technical solutions:
in a first aspect, a method for scheduling vulnerability scanning tasks is provided, where the method includes:
confirming that scanning tasks in an execution queue change, wherein the execution queue is used for storing the scanning tasks in execution, and each scanning task has a corresponding priority;
and reallocating resources corresponding to the priority of the scanning task for each scanning task in the execution queue.
In a second aspect, an apparatus for vulnerability scanning task scheduling is provided, the apparatus comprising:
the device comprises a confirming module, a processing module and a processing module, wherein the confirming module is used for confirming that scanning tasks in an execution queue change, the execution queue is used for storing the scanning tasks in execution, and each scanning task has a corresponding priority;
and the resource allocation module is used for reallocating the resources corresponding to the priority of the scanning task for each scanning task in the execution queue.
In a third aspect, an electronic device is provided, which comprises a memory for storing computer instructions executable on a processor, and a processor for implementing the method according to any of the embodiments of the present disclosure when executing the computer instructions.
In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the method of any of the embodiments of the present disclosure.
According to the vulnerability scanning task scheduling method, device and equipment provided by the embodiment of the disclosure, the scanning tasks are prioritized and are correspondingly allocated according to the priorities when the scanning tasks are allocated with resources, so that the scanning tasks with high priorities can be allocated with more resources; according to the progress of the scanning task, the system resources are dynamically allocated, so that the resource allocation is more reasonable and the efficiency is higher.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
In order to more clearly illustrate one or more embodiments of the present disclosure or technical solutions in related arts, the drawings used in the description of the embodiments or related arts will be briefly described below, it is obvious that the drawings in the description below are only some embodiments described in one or more embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without inventive exercise.
Fig. 1 is a flowchart illustrating a method for vulnerability scanning task scheduling according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating another vulnerability scanning task scheduling method according to an embodiment of the present disclosure;
fig. 3 is a block diagram illustrating a vulnerability scanning task scheduling apparatus according to an embodiment of the present disclosure;
fig. 4 is a block diagram illustrating another vulnerability scanning task scheduling apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
As shown in fig. 1, fig. 1 is a flowchart of a method for scheduling a vulnerability scanning task according to an embodiment of the present disclosure, where the method is applicable to a device capable of vulnerability scanning (hereinafter referred to as vulnerability scanning device), and includes the following steps:
step S101, confirming that the scanning task in the execution queue changes, where the execution queue is used to store the scanning tasks in execution, and each scanning task has a corresponding priority.
The scanning task with high priority has the authority of entering the execution queue preferentially, and can use more resources. The priority can be represented by letters, for example, A, B, C, D, E and F are used for representing the priority from high to low; color representations may also be used, such as, for example, red, orange, yellow, green, cyan, blue, and purple in order of priority from high to low; it is also possible to use a numerical representation with priorities 10, 9, 8, … … and 0 in order from high to low. This disclosure does not limit the specific representation of priority.
The scanning tasks in the execution queue are all in an execution state, wherein the scanning tasks can have different priorities, the scanning tasks with high priorities occupy more available resources, and the scanning tasks with low priorities occupy less available resources. The change of the scanning task in the execution queue may be an increase of the number of the scanning tasks, for example, the scanning task is newly added in the execution queue; the number of the scanning tasks can be reduced, for example, the scanning tasks in the execution queue exit the execution queue after being executed, or the scanning tasks accidentally terminate and exit the execution queue; it may be that the priority of the scanning task is changed, for example, a scanning task with a low priority in the execution queue is replaced by a scanning task with a high priority, or the priority of a certain task in the execution queue is temporarily raised.
An example of a change in scan jobs in the execution queue is shown below:
for example, the vulnerability scanning apparatus may acquire the priority of a new scanning task when receiving the new scanning task. The priority of the new scanning task may be set by the operation and maintenance personnel, or may be searched in the history. Then, the vulnerability scanning apparatus may determine whether the number of the scanning tasks in the lower execution queue reaches an upper limit, and may insert a new scanning task into the execution queue if the upper limit is not reached. At this time, since a new scan job is inserted into the execution queue, it can be confirmed that a change in the number of scan jobs in the execution queue has occurred. The upper limit of the execution queue is the maximum task execution number of the vulnerability scanning device, and the upper limit of the execution queue is set to avoid the problems of page jamming, device downtime and the like caused by overlarge task amount and overweight load of the device.
And under the condition that the number of the scanning tasks in the execution queue reaches the upper limit, inserting the new scanning task into a waiting queue, and not confirming that the scanning tasks in the execution queue change, wherein the waiting queue is used for storing the scanning tasks in a waiting state, and the waiting queue has no upper limit.
For example, the vulnerability scanning apparatus may compare a first task with the lowest priority in the scanning tasks of the execution queue with a second task with the highest priority in the scanning tasks of the waiting queue, where the waiting queue is used for storing the scanning tasks in a waiting state. When the priority of the first task is lower than that of the second task as a result of the comparison, the execution of the first task is stopped, the first task is moved from the execution queue to the waiting queue, and the second task is moved from the waiting queue to the execution queue.
The scanning tasks in the execution queue and the scanning tasks in the waiting queue are compared in priority, so that the scanning tasks with high priority can be always executed preferentially, and the execution sequence cannot be influenced by being inserted into the waiting queue.
For example, when there are scanning tasks in a waiting queue of the vulnerability scanning apparatus, it is determined every specified period whether the number of the scanning tasks in the execution queue reaches an upper limit, where the waiting queue is used to store the scanning tasks in a waiting state. And when the number of the scanning tasks in the execution queue does not reach the upper limit, moving the scanning task with the highest priority in the waiting queue into the execution queue. At this time, since a new scan job is inserted into the execution queue, it can be confirmed that a change in the number of scan jobs in the execution queue has occurred. And the high-priority scanning tasks in the waiting queue are timely moved into the execution queue, so that the scanning efficiency is improved.
Step S102, reallocating the resource corresponding to the priority of the scanning task for each scanning task in the execution queue.
The resource allocated to the scan task is a resource that can be used by the scan task during execution, and may be an available memory, a Central Processing Unit (CPU), a hard disk, a thread that can be concurrent, a session, or the like, or a network egress traffic. The disclosed embodiments are not limited with respect to the specific form of the resource.
And after confirming that the scanning tasks in the execution queue are changed, redistributing the available resources of each scanning task in the execution queue corresponding to the priority of the scanning task. Before or after the reallocation, the scanning task with high priority occupies more available resources, and the scanning task with low priority occupies less available resources.
For example, when the execution of the scanning task in the execution queue is finished, the execution queue is backed out, the previously occupied resources are released, the released resources are reallocated to the other scanning tasks according to the priorities of the other scanning tasks in the execution queue, the scanning task with the high priority originally occupies more usable resources, reallocated usable resources are more, the scanning task with the low priority originally occupies less usable resources, and reallocated usable resources are less.
For another example, when a new scan task is added to the execution queue, the available resources are reallocated according to the corresponding priorities for the new scan task and the original scan task in the execution queue. In the process of executing each scanning task, when the available resources are actually used, the available resources are continuously acquired and released, and the occupied available resources are not all in the use state but are partially in the idle state. When a new scanning task enters the execution queue, the available resources released by the original scanning task in the execution process are not acquired any more, but the released available resources and the available resources in the idle state are reallocated to the new scanning task until the available resources occupied by each scanning task in the execution queue correspond to the priority of the scanning task, and the reallocation is actually a dynamic adjustment process.
According to the embodiment of the disclosure, the scanning tasks are prioritized, and the resources are allocated to the scanning tasks according to the corresponding priorities, so that the high-priority tasks can be allocated to more resources; according to the progress of the scanning task, the system resources are dynamically allocated, so that the resource allocation is more reasonable and the efficiency is higher.
In a disclosed embodiment, the priority of each scanning task is represented by a score, when reassigning, a ratio of the priority score of each scanning task in the execution queue to the total priority scores of all scanning tasks in the execution queue is calculated, and task resources corresponding to the scanning tasks are assigned according to the ratio corresponding to each scanning task, wherein the share of the task resources in the total task resources is the ratio.
The total task resources are the maximum available resources of the vulnerability scanning device, and include the maximum outlet flow, the maximum session number, the maximum available memory, a CPU, a hard disk, and the like. And the total task resources are completely occupied by the scanning tasks in the execution queue, and the ratio of the priority score of each scanning task to the sum of the priority scores of all the scanning tasks in the execution queue is the ratio of the task resources occupied by the scanning task to the total task resources. The ratio can be expressed in mathematical forms such as percentage, fraction, etc.
For example, the sum of the priority values of the original scanning tasks in the execution queue is 80, the priority value of the third task is 8, the percentage of the priority value of the third task to the total priority value of all the scanning tasks in the original execution queue is 10%, and the percentage of the task resources occupied by the third task to the total task resources is still 10%. The scanning tasks are newly added in the execution queue, the priority value of a newly added fourth task in the execution queue is 20, the sum of the priority values of the scanning tasks in the execution queue is 100, the priority value of the fourth task accounts for 20% of the total priority value of all the scanning tasks in the execution queue, and the percentage of task resources occupied by the fourth task accounts for 20% of the total task resources. At this time, the percentage of the third task priority score to the total score of the scanning tasks in the execution queue is 8%, and the percentage of the task resources occupied by the third task to the total task resources is reallocated to 8%.
For another example, when only one scan task remains in the execution queue, all the total task resources are allocated to the scan task.
The priority use score of the scanning task is expressed, the ratio of the priority use score of each scanning task to the total priority score is used for determining the available task resources when the scanning task is executed, the task resources distributed to each scanning task are not only related to the priority of the scanning task, but also related to the priorities of other scanning tasks in the execution queue, more task resources are inclined to the tasks with relatively high priority, and the execution of the tasks with high priority is guaranteed; meanwhile, task resources are always distributed completely, the resource utilization rate and the number of scanning tasks are decoupled, and the resource maximum utilization is realized.
In a disclosed embodiment, the vulnerability scanning apparatus receives pre-configured parameters before starting scanning, the parameters including at least one of: a maximum egress flow, a maximum number of sessions, and the upper limit of the number of tasks in the execution queue. The preconfigured parameters can be set by operation and maintenance personnel after evaluating the network environment, such as the bearing capacity of a firewall of a router switch, and the use risk of the device is reduced.
As shown in fig. 2, which is a flowchart of another vulnerability scanning task scheduling method according to an embodiment of the present disclosure, the method describes a vulnerability scanning task scheduling process in more detail, and the method may be used in a vulnerability scanning apparatus, and includes the following steps:
s200, receiving a new scanning task and acquiring the priority of the new scanning task.
The process proceeds to the next step S201.
S201, judging whether the task quantity of the scanning tasks in the execution queue reaches an upper limit.
If yes, go to S202; otherwise, S203 is executed.
S202, the scanning task is inserted into a waiting queue.
In this step, each scanning task in the waiting queue may be arranged from high to low according to the priority score, the scanning tasks are inserted into the correct queue position according to the sorting of the priority scores of the scanning tasks, and S204 and S205 are executed.
S203, the scanning task is inserted into the execution queue.
In this step, each scanning task in the execution queue may be arranged from high to low according to the priority score, and the scanning task is inserted into a suitable position according to the priority score of the scanning task, and the step S206 is executed.
S204, comparing the task with the lowest priority in the scanning tasks of the execution queue with the task with the highest priority in the scanning tasks of the waiting queue.
In this step, there may be a thread loop comparing the priority score of the first scanning task in the waiting queue with the priority score of the last scanning task in the execution queue. If the priority score of the first scanning task of the waiting queue is high, the last scanning task of the execution queue is suspended and executed S202, and the first scanning task of the waiting queue is executed S203. And if the priority score of the last scanning task of the execution queue is high, the next step is not carried out.
S205, judging whether the task number of the scanning tasks in the execution queue reaches the upper limit or not every appointed period.
In this step, when there is a scan task waiting in the wait queue, the thread of the wait queue circularly determines whether the execution queue reaches the upper limit, and if not, executes the first scan task of the wait queue S203. If the upper limit is still reached, the next step is not carried out.
S206, reallocating the resource corresponding to the priority of the scanning task for each scanning task in the execution queue.
In this step, the scanning task with the higher priority is allocated more usable resources, and the scanning task with the lower priority is allocated less usable resources.
According to the scanning task priority distinguishing method and device, the scanning tasks with high priority have the authority of preferentially entering the execution queue and more available resources, and the preferential execution of the scanning tasks cannot be influenced due to the fact that the scanning tasks are inserted into the waiting queue; and the system resources are dynamically distributed, so that the system resources are reasonably utilized.
As shown in fig. 3, fig. 3 is a block diagram of an apparatus for vulnerability scanning task scheduling, which is shown in the embodiment of the present disclosure, and the apparatus includes:
a confirming module 310, configured to confirm that scan tasks in an execution queue change, where the execution queue is used to store scan tasks in execution, and each scan task has a corresponding priority;
a resource allocation module 320, configured to reallocate, for each scan task in the execution queue, a resource corresponding to the priority of the scan task.
The vulnerability scanning task scheduling device in the embodiment of the disclosure performs priority differentiation on scanning tasks, and allocates resources according to corresponding priorities when allocating resources for the scanning tasks, so that tasks with high priorities can be allocated to more resources; according to the progress of the scanning task, the system resources are dynamically allocated, so that the resource allocation is more reasonable and the efficiency is higher.
As shown in fig. 4, fig. 4 is a block diagram of another apparatus for vulnerability scanning task scheduling shown in the embodiment of the present disclosure, and on the basis of the foregoing apparatus embodiment, the apparatus further includes:
a parameter configuration module 300 for receiving preconfigured parameters, said parameters comprising at least one of: the maximum egress traffic, the maximum number of sessions, and the upper limit of the number of tasks in the execution queue;
the confirmation module 310 further includes:
a receiving module 311, configured to receive a new scanning task and obtain a priority of the new scanning task; inserting the new scanning task into the execution queue under the condition that the task quantity of the scanning tasks in the execution queue does not reach an upper limit, and inserting the new scanning task into a waiting queue under the condition that the task quantity of the scanning tasks in the execution queue reaches the upper limit, wherein the waiting queue is used for storing the scanning tasks in a waiting state;
a comparing module 312, configured to compare a first task with a lowest priority among the scanning tasks in the execution queue with a second task with a highest priority among the scanning tasks in a waiting queue, where the waiting queue is used to store the scanning tasks in a waiting state; when the priority of the first task is lower than that of the second task, stopping executing the first task, moving the first task from the execution queue to the waiting queue, and moving the second task from the waiting queue to the execution queue;
a judging module 313, configured to judge, every specified period, whether the number of the tasks of the scanning task in the execution queue reaches an upper limit when there is a scanning task in a waiting queue, where the waiting queue is used to store the scanning task in a waiting state; when the number of the scanning tasks in the execution queue does not reach the upper limit, the scanning task with the highest priority in the waiting queue is moved into the execution queue;
the resource allocation module 320 is further configured to represent the priority by using a score, and calculate a ratio of the priority score of each scanning task in the execution queue to a total priority score of all scanning tasks in the execution queue; and distributing task resources corresponding to the scanning tasks according to the ratio corresponding to each scanning task, wherein the share of the task resources in the total task resources is the ratio.
The present disclosure further provides an electronic device, as shown in fig. 5, the electronic device includes a memory 401 and a processor 402, where the memory 401 is configured to store computer instructions executable on the processor, and the processor 402 is configured to implement the method for vulnerability scanning task scheduling according to any embodiment of the present disclosure when executing the computer instructions.
The present disclosure also provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for vulnerability scanning task scheduling according to any embodiment of the present disclosure.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A vulnerability scanning task scheduling method is characterized by comprising the following steps:
confirming that scanning tasks in an execution queue change, wherein the execution queue is used for storing the scanning tasks in execution, and each scanning task has a corresponding priority;
and reallocating resources corresponding to the priority of the scanning task for each scanning task in the execution queue.
2. The method of claim 1, wherein the validating the change of the scan task in the execution queue comprises:
receiving a new scanning task and acquiring the priority of the new scanning task;
and under the condition that the task quantity of the scanning tasks in the execution queue does not reach the upper limit, inserting the new scanning task into the execution queue.
3. The method of claim 2, further comprising:
and under the condition that the number of the scanning tasks in the execution queue reaches the upper limit, inserting the new scanning task into a waiting queue, wherein the waiting queue is used for storing the scanning tasks in a waiting state.
4. The method of claim 1, wherein the validating the change of the scan task in the execution queue comprises:
comparing a first task with the lowest priority in the scanning tasks of the execution queue with a second task with the highest priority in the scanning tasks of a waiting queue, wherein the waiting queue is used for storing the scanning tasks in a waiting state;
and when the priority of the first task is lower than that of the second task, stopping executing the first task, moving the first task from the execution queue to the waiting queue, and moving the second task from the waiting queue to the execution queue.
5. The method of claim 1, wherein validating the scan job change in the execution queue comprises:
when scanning tasks exist in a waiting queue, judging whether the task quantity of the scanning tasks in the execution queue reaches an upper limit or not every appointed period, wherein the waiting queue is used for storing the scanning tasks in a waiting state;
and when the number of the scanning tasks in the execution queue does not reach the upper limit, moving the scanning task with the highest priority in the waiting queue into the execution queue.
6. The method of claim 1, further comprising:
receiving preconfigured parameters, the parameters including at least one of: a maximum egress flow, a maximum number of sessions, and the upper limit of the number of tasks in the execution queue.
7. The method of claim 1, wherein the priority is represented using a score;
the reallocating the resource corresponding to the priority of the scanning task for each scanning task in the execution queue comprises:
calculating the ratio of the priority score of each scanning task in the execution queue to the total priority score of all scanning tasks in the execution queue;
and distributing task resources corresponding to the scanning tasks according to the ratio corresponding to each scanning task, wherein the share of the task resources in the total task resources is the ratio.
8. An apparatus for scheduling vulnerability scanning tasks, the apparatus comprising:
the device comprises a confirming module, a processing module and a processing module, wherein the confirming module is used for confirming that scanning tasks in an execution queue change, the execution queue is used for storing the scanning tasks in execution, and each scanning task has a corresponding priority;
and the resource allocation module is used for reallocating the resources corresponding to the priority of the scanning task for each scanning task in the execution queue.
9. An electronic device, comprising a memory for storing computer instructions executable on a processor, the processor being configured to implement the method of any one of claims 1 to 8 when executing the computer instructions.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011219347.7A CN112269999A (en) | 2020-11-04 | 2020-11-04 | Vulnerability scanning task scheduling method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011219347.7A CN112269999A (en) | 2020-11-04 | 2020-11-04 | Vulnerability scanning task scheduling method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112269999A true CN112269999A (en) | 2021-01-26 |
Family
ID=74345149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011219347.7A Pending CN112269999A (en) | 2020-11-04 | 2020-11-04 | Vulnerability scanning task scheduling method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112269999A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114090208A (en) * | 2021-11-22 | 2022-02-25 | 南方电网电力科技股份有限公司 | Task scheduling method and device for electric energy meter operating system |
| CN114553585A (en) * | 2022-03-04 | 2022-05-27 | 北京网藤科技有限公司 | Vulnerability scanning system based on industrial network and control method thereof |
| CN116795518A (en) * | 2023-08-25 | 2023-09-22 | 北京飞轮数据科技有限公司 | Scan operator execution method, device, electronic equipment and computer readable medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102915254A (en) * | 2011-08-02 | 2013-02-06 | 中兴通讯股份有限公司 | Task management method and device |
| CN106033371A (en) * | 2015-03-13 | 2016-10-19 | 杭州海康威视数字技术股份有限公司 | Method and system for dispatching video analysis task |
| CN107634945A (en) * | 2017-09-11 | 2018-01-26 | 平安科技(深圳)有限公司 | Website vulnerability scan method, device, computer equipment and storage medium |
| CN109408215A (en) * | 2018-11-07 | 2019-03-01 | 郑州云海信息技术有限公司 | A kind of method for scheduling task and device of calculate node |
| CN111064746A (en) * | 2019-12-30 | 2020-04-24 | 深信服科技股份有限公司 | Resource allocation method, device, equipment and storage medium |
-
2020
- 2020-11-04 CN CN202011219347.7A patent/CN112269999A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102915254A (en) * | 2011-08-02 | 2013-02-06 | 中兴通讯股份有限公司 | Task management method and device |
| CN106033371A (en) * | 2015-03-13 | 2016-10-19 | 杭州海康威视数字技术股份有限公司 | Method and system for dispatching video analysis task |
| CN107634945A (en) * | 2017-09-11 | 2018-01-26 | 平安科技(深圳)有限公司 | Website vulnerability scan method, device, computer equipment and storage medium |
| CN109408215A (en) * | 2018-11-07 | 2019-03-01 | 郑州云海信息技术有限公司 | A kind of method for scheduling task and device of calculate node |
| CN111064746A (en) * | 2019-12-30 | 2020-04-24 | 深信服科技股份有限公司 | Resource allocation method, device, equipment and storage medium |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114090208A (en) * | 2021-11-22 | 2022-02-25 | 南方电网电力科技股份有限公司 | Task scheduling method and device for electric energy meter operating system |
| CN114090208B (en) * | 2021-11-22 | 2023-10-13 | 南方电网电力科技股份有限公司 | Task scheduling method and device for electric energy meter operating system |
| CN114553585A (en) * | 2022-03-04 | 2022-05-27 | 北京网藤科技有限公司 | Vulnerability scanning system based on industrial network and control method thereof |
| CN116795518A (en) * | 2023-08-25 | 2023-09-22 | 北京飞轮数据科技有限公司 | Scan operator execution method, device, electronic equipment and computer readable medium |
| CN116795518B (en) * | 2023-08-25 | 2023-10-27 | 北京飞轮数据科技有限公司 | Scan operator execution method, device, electronic equipment and computer readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112269999A (en) | Vulnerability scanning task scheduling method, device, equipment and medium | |
| CN111176852B (en) | Resource allocation method, device, chip and computer readable storage medium | |
| US20120066683A1 (en) | Balanced thread creation and task allocation | |
| US9465663B2 (en) | Allocating resources in a compute farm to increase resource utilization by using a priority-based allocation layer to allocate job slots to projects | |
| US6711616B1 (en) | Client-server task distribution system and method | |
| CN105487919A (en) | Multi-core processor systems and methods for assigning tasks | |
| US20030061261A1 (en) | System, method and computer program product for dynamic resource management | |
| CN108123980B (en) | Resource scheduling method and system | |
| CN111124687A (en) | CPU resource reservation method, device and related equipment | |
| CN112181613B (en) | Heterogeneous resource distributed computing platform batch task scheduling method and storage medium | |
| WO2019205370A1 (en) | Electronic device, task distribution method and storage medium | |
| CN111190691A (en) | Automatic migration method, system, device and storage medium suitable for virtual machine | |
| CN110764887A (en) | Task rescheduling method and system, and related equipment and device | |
| CN106201665A (en) | A kind of dynamic queue's method for arranging and equipment | |
| CN101908004A (en) | Promote the apparatus and method that request is carried out | |
| CN114911613A (en) | Cross-cluster resource high-availability scheduling method and system in inter-cloud computing environment | |
| CN113626173B (en) | Scheduling method, scheduling device and storage medium | |
| CN111176833A (en) | Task allocation method and system for multiprocessing nodes | |
| CN103440113A (en) | Disk IO (Input/output) resource allocation method and device | |
| CN105786601B (en) | The dispatching method and its dispatching device of document typing | |
| CN107544840A (en) | A kind of process management method and device | |
| US20140047454A1 (en) | Load balancing in an sap system | |
| CN110968420A (en) | Scheduling method and device for multi-crawler platform, storage medium and processor | |
| Hu et al. | An optimal resource allocator of elastic training for deep learning jobs on cloud | |
| CN112685158B (en) | Task scheduling method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |