CN112822210A - Vulnerability management system based on network assets - Google Patents
Vulnerability management system based on network assets Download PDFInfo
- Publication number
- CN112822210A CN112822210A CN202110165058.1A CN202110165058A CN112822210A CN 112822210 A CN112822210 A CN 112822210A CN 202110165058 A CN202110165058 A CN 202110165058A CN 112822210 A CN112822210 A CN 112822210A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- module
- information
- library
- cnnvd
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
A vulnerability management system based on network assets comprises a vulnerability library module, a vulnerability information display module, a vulnerability retrieval module, an updated vulnerability library module and a vulnerability library export module; the vulnerability database module classifies the detected vulnerability information; the vulnerability information display module displays specific vulnerability information under three different classifications of CNNVD, CNVD and CVE; the vulnerability retrieval module analyzes and arranges the screened information in an HTML way; the vulnerability updating base module stores the acquired useful information into a MongoDB database; the increment detection module completes increment updating detection; a vulnerability library export module exports vulnerabilities; according to the invention, the network assets are automatically detected through the Scapy framework, so that the excessive dependence on manual detection is avoided; the network assets are continuously detected and the vulnerability database is updated in time, so that the hysteresis of the database is effectively avoided, meanwhile, vulnerability information can be derived from the MongoDB database and analyzed, and the security threat is solved.
Description
Technical Field
The invention belongs to the field of computers, relates to a vulnerability management system, and particularly relates to a vulnerability management system based on network assets.
Background
With the development of network technology, the combination of computer network and asset information system can realize paperless office work and raise work efficiency effectively. However, while the network technology brings convenience to people, security problems on various networks and asset information systems are gradually exposed, at present, the network asset system mainly relies on manual processing to find and process bugs, and with the increasing complexity and the increasing variety of assets of the network asset system, the system maintenance is more difficult, an attacker enters the system while being false, and the system is invaded, a page is tampered, even important asset data is obtained, so that information leakage is caused, and the normal operation of the whole company is threatened.
Disclosure of Invention
In order to achieve the above object, the present invention provides a vulnerability management system based on network assets, which can automatically detect the entire network assets, and when the assets are changed, perform incremental or complete detection in time, and developers check and repair updated vulnerabilities according to the obtained detection information, so as to discover potential threats faced by the existing network assets and solve security threats faced by the network assets.
In order to achieve the purpose, the invention provides the following technical scheme:
a vulnerability management system based on network assets is based on CPU hardware and network environment and comprises a vulnerability library module 1, a vulnerability information display module 2, a vulnerability retrieval module 3, an updated vulnerability library module 4 and a vulnerability library export module 5;
the vulnerability library module 1 is used for classifying the detected vulnerability information, and comprises the following steps: the system comprises a China national information security vulnerability library CNNVD, a national information security vulnerability sharing platform CNVD, a public vulnerability and an exposed CVE;
the vulnerability information display module 2 is used for displaying specific vulnerability information under three different classifications of CNNVD, CNVD and CVE, wherein each piece of vulnerability information comprises a vulnerability number, vulnerability description and release time;
the vulnerability retrieval module 3 screens the vulnerability information and displays the vulnerability information in the vulnerability information display module 2, and a user can directly check the vulnerability information in the vulnerability information display module 2;
the leak database updating module 4 extracts network resources, and transmits the obtained useful information to an entity pipeline, the entity pipeline filters and deduplicates the data, stores the data into a MongoDB database, and continuously repeats the process until the ending date, so as to complete incremental updating detection;
and the vulnerability database export module 5 is used for selecting the starting and ending dates and exporting vulnerabilities from the MongoDB database under three different categories of the vulnerability databases of CNNVD, CNVD and CVE.
The vulnerability retrieval module 3 comprises a serial number retrieval module 31 and a keyword retrieval module 32; the serial number retrieval module 31 is used for receiving vulnerability information by adopting an Item Pipeline in a script frame under three different categories of vulnerability libraries of CNNVD, CNVD and CVE, screening the vulnerability information by taking the input serial number as a condition, performing HTML (hypertext markup language) analysis and arrangement on the screened information meeting the condition, and displaying the information in the vulnerability information display module 2, wherein a user directly checks the information in the vulnerability information display module 2; the keyword retrieval module 32 is configured to receive vulnerability information by using an Item Pipeline in a script frame under three different categories of vulnerability libraries, namely CNNVD, CNVD and CVE, screen the vulnerability information by using the input keywords as conditions, perform HTML (hypertext markup language) analysis and sorting on the screened information meeting the conditions, and display the information in the vulnerability information display module 2, so that a user can directly view the information in the vulnerability information display module 2.
The updating vulnerability library module 4 comprises a complete detection module 41 and an increment detection module 42; the integrity detection module 41 is used for sending a request to the scheduler by the script engine under three different types of vulnerability libraries, namely CNNVD, CNVD and CVE, sending a URL address to the downloader by the scheduler, sending a network resource obtained by requesting the server to the Spider by the downloader, extracting the network resource by the Spider, sending the obtained useful information to the entity pipeline, filtering and de-duplicating the data by the entity pipeline, storing the data into the MongoDB database, continuously repeating the process until the latest date stops, and completing integrity updating detection; the increment detection module 42 is used for selecting a date for starting detection under three different types of vulnerability libraries, namely CNNVD, CNVD and CVE, sending a request to the scheduler by the script engine, sending a URL address to the downloader by the scheduler, handing a network resource obtained by requesting the server to the Spider, extracting the network resource by the Spider, handing the obtained useful information to the entity pipeline, filtering and de-duplicating the data by the entity pipeline, storing the data in the MongoDB database, continuously repeating the process until the date is finished, and stopping the incremental updating detection.
The invention has the technical effects and advantages that:
1. according to the invention, the network assets are automatically detected through the Scapy framework, so that the excessive dependence on manual detection is avoided, and the vulnerability detection efficiency is greatly improved;
2. the invention can continuously detect the network assets and update the vulnerability database in time by combining the Scapy framework with the MongoDB database, effectively avoids the hysteresis of the database, is also beneficial to developers to derive vulnerability information from the MongoDB database and analyze the vulnerability information, and solves the security threat.
Drawings
FIG. 1 is a schematic diagram of the overall system framework of the present invention.
In the figure: 1. the system comprises a vulnerability database module, a vulnerability information display module, a vulnerability retrieval module, a vulnerability updating database module, a vulnerability library export module, a serial number retrieval module, a keyword retrieval module, a complete detection module, a keyword detection module, a complete detection module and an increment detection module, wherein the vulnerability database module 2, the vulnerability information display module 3, the vulnerability retrieval module, and the vulnerability updating database module 4 are respectively connected with the vulnerability database export module 31, the serial number retrieval module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the vulnerability management system based on network assets is based on CPU hardware and network environment, and includes a vulnerability database module 1, a vulnerability information display module 2, a vulnerability retrieval module 3, an updated vulnerability database module 4, and a vulnerability database export module 5.
The vulnerability information display module 2 is used for displaying specific vulnerability information under three different classifications of CNNVD, CNVD and CVE, wherein each piece of vulnerability information comprises a vulnerability number, vulnerability description and release time;
the vulnerability retrieval module 3 comprises a serial number retrieval module 31 and a keyword retrieval module 32; the serial number retrieval module 31 is used for receiving vulnerability information by adopting Item Pipeline in a script frame under three different categories of vulnerability libraries of CNNVD, CNVD and CVE, screening the vulnerability information by taking the input serial number as a condition, performing HTML (hypertext markup language) analysis and arrangement on the screened information meeting the condition, and displaying the information in the vulnerability information display module 2, wherein a user can directly view the information in the vulnerability information display module 2; the keyword retrieval module 32 is configured to receive vulnerability information by using Item Pipeline in script frame under three different categories of vulnerability libraries, namely CNNVD, CNVD and CVE, screen the vulnerability information with the input keywords as conditions, perform HTML (hypertext markup language) analysis and sorting on the screened information meeting the conditions, and display the information in the vulnerability information display module 2, so that a user can directly view the information in the vulnerability information display module 2;
the updating vulnerability library module 4 comprises a complete detection module 41 and an increment detection module 42; the integrity detection module 41 is used for sending a request to the scheduler by the script engine under three different types of vulnerability libraries, namely CNNVD, CNVD and CVE, sending a URL address to the downloader by the scheduler, handing network resources obtained by requesting the server to the Spider (Spider) by the downloader, extracting the network resources by the Spider, handing the obtained useful information to the entity pipeline, filtering and removing the data by the entity pipeline, storing the data into the MongoDB database, continuously repeating the process until the latest date stops, and completing integrity update detection; the increment detection module 42 is used for selecting a date for starting detection under three different types of vulnerability libraries, namely CNNVD, CNVD and CVE, sending a request to the scheduler by the Scapy engine, sending a URL address to the downloader by the scheduler, handing network resources obtained by requesting the server to the Spider (Spider) by the downloader, extracting the network resources by the Spider, handing the obtained useful information to the entity pipeline, filtering and de-duplicating the data by the entity pipeline, storing the data in the MongoDB database, continuously repeating the process until the ending date, and stopping the process to finish increment updating detection;
and the vulnerability database export module 5 is used for selecting the starting and ending dates and exporting vulnerabilities from the MongoDB database under three different categories of the vulnerability databases of CNNVD, CNVD and CVE.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments or portions thereof without departing from the spirit and scope of the invention.
Claims (3)
1. A vulnerability management system based on network assets is characterized by comprising a vulnerability library module (1), a vulnerability information display module (2), a vulnerability retrieval module (3), an updated vulnerability library module (4) and a vulnerability library export module (5) based on CPU hardware and a network environment;
the vulnerability library module (1) is used for classifying the detected vulnerability information and comprises: the system comprises a China national information security vulnerability library CNNVD, a national information security vulnerability sharing platform CNVD, a public vulnerability and an exposed CVE;
the vulnerability information display module (2) is used for displaying specific vulnerability information under three different classifications of CNNVD, CNVD and CVE, and each piece of vulnerability information comprises a vulnerability number, vulnerability description and release time;
the vulnerability retrieval module (3) screens vulnerability information and displays the vulnerability information in the vulnerability information display module (2), and a user can directly view the vulnerability information in the vulnerability information display module (2);
the vulnerability updating library module (4) extracts network resources, the obtained useful information is delivered to the entity pipeline, the entity pipeline filters and deduplicates the data, the data are stored in the MongoDB database, the process is continuously repeated until the data are finished, and incremental updating detection is completed;
and the leak library export module (5) is used for selecting the starting date and the ending date under the three different classes of leak libraries of CNNVD, CNVD and CVE and exporting the leak from the MongoDB database.
2. The network asset based vulnerability management system of claim 1, wherein the vulnerability retrieval module (3) comprises a number retrieval module (31) and a keyword retrieval module (32); the serial number retrieval module (31) is used for receiving vulnerability information by adopting an Item Pipeline in a script frame under three different categories of vulnerability libraries of CNNVD, CNVD and CVE, screening the vulnerability information by taking the input serial number as a condition, performing HTML (hypertext markup language) analysis and arrangement on the screened information meeting the condition, displaying the information in the vulnerability information display module (2), and directly checking the information in the vulnerability information display module (2) by a user; the keyword retrieval module (32) is used for receiving vulnerability information by adopting an Item Pipeline in a script frame under three different classified vulnerability libraries of CNNVD, CNVD and CVE, screening the vulnerability information by taking the input keywords as conditions, performing HTML (hypertext markup language) analysis and arrangement on the screened information meeting the conditions, and displaying the information in the vulnerability information display module (2), wherein a user can directly view the information in the vulnerability information display module (2).
3. A network asset based vulnerability management system according to claim 1, wherein the update vulnerability library module (4) comprises a integrity detection module (41) and an incremental detection module (42); the integrity detection module (41) is used for sending a request to the scheduler by the script engine under three different types of vulnerability libraries of CNNVD, CNVD and CVE, sending a URL address to the downloader by the scheduler, sending a network resource obtained by requesting the server to the Spider by the downloader, extracting the network resource by the Spider, sending the obtained useful information to the entity pipeline, filtering and removing the duplicate of the data by the entity pipeline, storing the data into the MongoDB database, continuously repeating the process until the latest date stops, and completing integrity updating detection; the incremental detection module (42) is used for selecting a date for starting detection under three different types of vulnerability libraries, namely CNNVD, CNVD and CVE, the Scapy engine sends a request to the scheduler, the scheduler sends a URL address to the downloader, the downloader gives a network resource obtained by requesting the server to the Spider, the Spider extracts the network resource, the useful information is given to the entity pipeline, the entity pipeline filters and deduplicates the data, the data are stored in the MongoDB database, the process is continuously repeated until the ending date, and the incremental updating detection is completed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110165058.1A CN112822210B (en) | 2021-02-06 | 2021-02-06 | Vulnerability management system based on network assets |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110165058.1A CN112822210B (en) | 2021-02-06 | 2021-02-06 | Vulnerability management system based on network assets |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112822210A true CN112822210A (en) | 2021-05-18 |
| CN112822210B CN112822210B (en) | 2023-01-03 |
Family
ID=75861945
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110165058.1A Active CN112822210B (en) | 2021-02-06 | 2021-02-06 | Vulnerability management system based on network assets |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112822210B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113438248A (en) * | 2021-06-30 | 2021-09-24 | 深圳供电局有限公司 | Network IP address self-checking management system convenient for master station |
| KR102598126B1 (en) * | 2023-06-14 | 2023-11-03 | 주식회사 이글루코퍼레이션 | Method and apparatus for managing redundant security threat data in cluster environment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945351A (en) * | 2012-11-05 | 2013-02-27 | 中国科学院软件研究所 | Security vulnerability fixing method based on two-dimensional code for mobile intelligent terminal in cloud environment |
| US20160378993A1 (en) * | 2015-06-24 | 2016-12-29 | Alcatel-Lucent Usa Inc. | Systems for diagnosing and tracking product vulnerabilities |
| CN107239705A (en) * | 2017-05-25 | 2017-10-10 | 中国东方电气集团有限公司 | A kind of contactless industrial control system or the static leakage location of equipment and detection method |
| CN108985068A (en) * | 2018-06-26 | 2018-12-11 | 广东电网有限责任公司信息中心 | Loophole quick sensing, positioning and the method and system of verifying |
| CN112087462A (en) * | 2020-09-11 | 2020-12-15 | 北京顶象技术有限公司 | Vulnerability detection method and device of industrial control system |
-
2021
- 2021-02-06 CN CN202110165058.1A patent/CN112822210B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945351A (en) * | 2012-11-05 | 2013-02-27 | 中国科学院软件研究所 | Security vulnerability fixing method based on two-dimensional code for mobile intelligent terminal in cloud environment |
| US20160378993A1 (en) * | 2015-06-24 | 2016-12-29 | Alcatel-Lucent Usa Inc. | Systems for diagnosing and tracking product vulnerabilities |
| CN107239705A (en) * | 2017-05-25 | 2017-10-10 | 中国东方电气集团有限公司 | A kind of contactless industrial control system or the static leakage location of equipment and detection method |
| CN108985068A (en) * | 2018-06-26 | 2018-12-11 | 广东电网有限责任公司信息中心 | Loophole quick sensing, positioning and the method and system of verifying |
| CN112087462A (en) * | 2020-09-11 | 2020-12-15 | 北京顶象技术有限公司 | Vulnerability detection method and device of industrial control system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113438248A (en) * | 2021-06-30 | 2021-09-24 | 深圳供电局有限公司 | Network IP address self-checking management system convenient for master station |
| KR102598126B1 (en) * | 2023-06-14 | 2023-11-03 | 주식회사 이글루코퍼레이션 | Method and apparatus for managing redundant security threat data in cluster environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112822210B (en) | 2023-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11580680B2 (en) | Systems and interactive user interfaces for dynamic retrieval, analysis, and triage of data items | |
| US9069930B1 (en) | Security information and event management system employing security business objects and workflows | |
| US11036867B2 (en) | Advanced rule analyzer to identify similarities in security rules, deduplicate rules, and generate new rules | |
| CN101751535B (en) | Data loss protection through application data access classification | |
| Chyrun et al. | Web Resource Changes Monitoring System Development. | |
| CN112822210B (en) | Vulnerability management system based on network assets | |
| US10740164B1 (en) | Application programming interface assessment | |
| EA038063B1 (en) | Intelligent control system for cyberthreats | |
| US11989743B2 (en) | System and method for processing public sentiment, computer storage medium and electronic device | |
| CN112668010A (en) | Method, system and computing device for scanning industrial control system for bugs | |
| CN112738040A (en) | Network security threat detection method, system and device based on DNS log | |
| CN113360566A (en) | Information content monitoring method and system | |
| CN101252440B (en) | Network intrude detecting method based on inherent subsequence mode decomposition | |
| US20230289444A1 (en) | Data traffic characterization prioritization | |
| CN116186716A (en) | Security analysis method and device for continuous integrated deployment | |
| CN116112194A (en) | User behavior analysis method and device, electronic equipment and computer storage medium | |
| Aranovich et al. | Beyond NVD: Cybersecurity meets the Semantic Web. | |
| Qu | Research on password detection technology of iot equipment based on wide area network | |
| CN103414735A (en) | Website content classified inspection system | |
| CN113923037B (en) | Anomaly detection optimization device, method and system based on trusted computing | |
| Van Landuyt et al. | A study of NoSQL query injection in Neo4j | |
| Liu et al. | A method for identifying references between projects in github | |
| CN113688346A (en) | Illegal website identification method, device, equipment and storage medium | |
| CN112199573A (en) | Active detection method and system for illegal transaction | |
| CN111274585B (en) | Method, device, equipment and medium for detecting unauthorized vulnerability of Web application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |