CN113194108B - Attack tool selection method, device, equipment and computer readable storage medium - Google Patents

Attack tool selection method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN113194108B
CN113194108B CN202110748114.4A CN202110748114A CN113194108B CN 113194108 B CN113194108 B CN 113194108B CN 202110748114 A CN202110748114 A CN 202110748114A CN 113194108 B CN113194108 B CN 113194108B
Authority
CN
China
Prior art keywords
attack
information
tool
keyword
keywords
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110748114.4A
Other languages
Chinese (zh)
Other versions
CN113194108A (en
Inventor
郝伟
刘加勇
白兴伟
沈传宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huayuan Information Technology Co Ltd
Original Assignee
Beijing Huayuan Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huayuan Information Technology Co Ltd filed Critical Beijing Huayuan Information Technology Co Ltd
Priority to CN202110748114.4A priority Critical patent/CN113194108B/en
Publication of CN113194108A publication Critical patent/CN113194108A/en
Application granted granted Critical
Publication of CN113194108B publication Critical patent/CN113194108B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Computer And Data Communications (AREA)

Abstract

Embodiments of the present disclosure provide attack tool selection methods, apparatuses, devices, and computer-readable storage media. The method comprises the following steps: acquiring network scanning information; acquiring tool description information of each of a plurality of available attack tools; and matching the network scanning information with the respective tool description information of the plurality of attack tools so as to select a target attack tool from the plurality of attack tools according to a matching result. In this way, a proper attack tool can be automatically selected on the basis of avoiding artificially analyzing the target information, the matching error can be reduced, and the matching efficiency is improved.

Description

Attack tool selection method, device, equipment and computer readable storage medium
Technical Field
Embodiments of the present disclosure relate generally to the field of attack tool selection, and more particularly, to attack tool selection methods, apparatuses, devices, and computer-readable storage media.
Background
At present, in network defense, after available target information of platforms such as websites is collected by using information collection tools (such as Nmap, Portscan, Fingerscan, etc.), corresponding attack tools (such as Exp/PoC tools) are reselected or matched in a manner of manually analyzing the target information to perform vulnerability attack or verification on the affiliated platforms of the target information, however, currently, there are still many processes of manual participation, and the error is too large when matching is performed automatically.
Disclosure of Invention
According to an embodiment of the present disclosure, an attack tool selection scheme is provided.
In a first aspect of the disclosure, an attack tool selection method is provided. The method comprises the following steps: acquiring network scanning information;
acquiring tool description information of each of a plurality of available attack tools;
and matching the network scanning information with the respective tool description information of the plurality of attack tools so as to select a target attack tool from the plurality of attack tools according to a matching result.
The foregoing aspects and any possible implementations further provide an implementation, where the matching the network scanning information with tool description information of each of the multiple attack tools to select a target attack tool from the multiple attack tools according to a matching result, including:
respectively performing word segmentation and filtering processing on the network scanning information and the tool description information of each of the plurality of attack tools to obtain a scanning keyword of the network scanning information and a description keyword of each of the plurality of attack tools;
and matching the scanning keywords of the network scanning information with the respective description keywords of the plurality of attack tools to select the target attack tool according to the matching result.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, where the performing word segmentation and filtering processing on the network scanning information and the tool description information of each of the plurality of attack tools respectively includes:
and after the network scanning information and the respective tool description information of the plurality of attack tools are subjected to separator processing and word segmentation processing respectively, filtering processing is carried out by adopting a preset deactivation word list respectively, wherein the preset deactivation word list is used for indicating that the network scanning information and the information which does not need to be matched in the respective tool description information of the plurality of attack tools are excluded.
The above-described aspect and any possible implementation further provide an implementation, wherein the delimiter processing includes: deletion of delimiters and/or splitting of delimiters;
the preset deactivation vocabulary is determined by the network scanning information.
The above-described aspects and any possible implementations further provide an implementation in which the matching result includes a first matching result and a second matching result;
the matching the scanning keywords of the network scanning information and the description keywords of the attack tools respectively to select the target attack tool according to the matching result includes:
matching a first keyword in the scanning keywords with a second keyword in the description keywords of each attack tool to obtain a first matching result, and selecting a candidate attack tool from the attack tools according to the first matching result;
and matching the rest keywords except the first keyword in the scanning keywords with the rest keywords except the second keyword of the description keywords of the candidate attack tool in sequence to obtain a second matching result, and selecting the target attack tool from the candidate attack tool according to the second matching result.
As to the above-mentioned aspects and any possible implementation manner, there is further provided an implementation manner, where the matching of the remaining keywords except the first keyword in the scan keywords with the remaining keywords except the second keyword in the description keywords of the candidate attack tool is performed in sequence to obtain a second matching result, so as to select the target attack tool from the candidate attack tools according to the second matching result, including:
determining a matching coefficient according to the information type of the network scanning information;
comparing the rest keywords except the first keyword in the scanned keywords with the rest keywords except the second keyword in the description keywords of the candidate attack tool respectively to obtain keyword relevancy;
according to the keyword correlation degree and the matching coefficient, obtaining the similarity of the scanning keyword and the description keyword of each attack tool in the candidate attack tools as the second matching result;
and selecting the target attack tool from the candidate attack tools according to the second matching result.
The above-described aspect and any possible implementation manner further provide an implementation manner, where the obtaining network scanning information includes:
acquiring network scanning information stored in advance according to a first data format;
acquiring tool description information of each of a plurality of available attack tools, including:
and acquiring the tool description information of each attack tool stored in advance according to a second data format.
In a second aspect of the disclosure, an attack tool selection apparatus is provided. The device includes: the first acquisition module is used for acquiring network scanning information;
the second acquisition module is used for acquiring tool description information of each of a plurality of available attack tools;
and the selection module is used for matching the network scanning information with the respective tool description information of the plurality of attack tools so as to select a target attack tool from the plurality of attack tools according to a matching result.
In a third aspect of the disclosure, an electronic device is provided. The electronic device includes: a memory having a computer program stored thereon and a processor implementing the method as described above when executing the program.
In a fourth aspect of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the method as according to the first and/or second aspect of the present disclosure.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
FIG. 1 shows a flow diagram of an attack tool selection method according to an embodiment of the present disclosure;
FIG. 2 shows a block diagram of an attack tool selection apparatus according to an embodiment of the present disclosure;
FIG. 3 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
According to the method and the device, after the network scanning information is obtained, the network scanning information can be matched with the tool description information of each attack tool one by one, so that the matched target attack tool can be automatically selected from a plurality of attack tools according to the matching result, the appropriate attack tool can be automatically selected on the basis of avoiding artificially analyzing the target information, the matching error can be reduced, and the matching efficiency is improved.
Fig. 1 shows a flow diagram of an attack tool selection method 100 according to an embodiment of the disclosure. The attack tool selection method 100 includes:
step 110, acquiring network scanning information; the Network scanning information can be collected by means of Nmap (Network Mapper), Portscan (local area Network port scanner), fingercan, and the like. The network scanning information is variable and may be information of a certain website, such as information of a certain product website or information of a certain company website, or information of a certain browser.
Step 120, acquiring tool description information of each of a plurality of available attack tools; the tool description information is information for describing the tool.
Step 130, matching the network scanning information with respective tool description information of the plurality of attack tools, so as to select a target attack tool from the plurality of attack tools according to a matching result.
After the network scanning information is obtained, the network scanning information can be matched with the tool description information of each attack tool one by one, so that the matched target attack tool can be automatically selected from a plurality of attack tools according to the matching result, the appropriate attack tool can be automatically selected on the basis of avoiding artificially analyzing the target information, the matching error can be reduced, and the matching efficiency is improved.
In one embodiment, the matching the network scanning information with tool description information of each of the plurality of attack tools to select a target attack tool from the plurality of attack tools according to a matching result includes:
respectively performing word segmentation and filtering processing on the network scanning information and the tool description information of each of the plurality of attack tools to obtain a scanning keyword of the network scanning information and a description keyword of each of the plurality of attack tools;
the description keyword may be a keyword in the tool description information, such as port information, path information, rule information, version information, etc. describing a port required by the tool.
The scan keyword may be a keyword in the network scan information, such as version information, status information, product information, additional information, and the like of an object, such as a website, from which the network scan information is derived.
And matching the scanning keywords of the network scanning information with the respective description keywords of the plurality of attack tools to select the target attack tool according to the matching result.
The network scanning information and the respective tool description information of the plurality of attack tools are respectively subjected to word segmentation and filtering processing, so that the scanning keywords of the network scanning information and the respective description keywords of the plurality of attack tools can be screened out, automatic matching is conveniently carried out by using the keywords, and the most matched target attack tool is automatically selected from the plurality of attack tools according to the matching result of the keywords, so that the automatic selection of the attack tools can be realized, and the selection efficiency and accuracy of the attack tools can be improved.
In one embodiment, the performing word segmentation and filtering on the network scanning information and the tool description information of each of the plurality of attack tools respectively includes:
and after the network scanning information and the respective tool description information of the plurality of attack tools are subjected to separator processing and word segmentation processing respectively, filtering processing is carried out by adopting a preset deactivation word list respectively, wherein the preset deactivation word list is used for indicating that the network scanning information and the information which does not need to be matched in the respective tool description information of the plurality of attack tools are excluded.
After the network scanning information and the respective tool description information of the plurality of attack tools are subjected to separator processing and word segmentation processing respectively, a part of information can be filtered by using a preset stop word list, so that more effective information can be screened out for matching, and the matching efficiency and the selection accuracy of a target attack tool are improved.
In one embodiment, the delimiter processing comprises: deletion of delimiters and/or splitting of delimiters;
the preset deactivation vocabulary is determined by the network scanning information.
The preset deactivation vocabulary for different network scan information is different, and thus, the preset deactivation vocabulary can be determined individually according to the network scan information, for example: when the network scanning information is the scanning information of a company website and the scanning information of a certain product website, the preset stop word list of the network scanning information is different, the preset stop word list of the network scanning information emphasizes the company information, and the preset stop word list of the network scanning information emphasizes the product information.
In one embodiment, the match results include a first match result and a second match result;
the matching the scanning keywords of the network scanning information and the description keywords of the attack tools respectively to select the target attack tool according to the matching result includes:
matching a first keyword in the scanning keywords with a second keyword in the description keywords of each attack tool to obtain a first matching result, and selecting a candidate attack tool from the attack tools according to the first matching result;
the first keywords are keywords with fixed information in the scanning keywords, and the second keywords are keywords describing the fixed information in the keywords, such as ports, operating systems, versions and the like.
And matching the rest keywords except the first keyword in the scanning keywords with the rest keywords except the second keyword of the description keywords of the candidate attack tool in sequence to obtain a second matching result, and selecting the target attack tool from the candidate attack tool according to the second matching result. The matching between the keywords is to determine the similarity between the keywords, and the matching can be performed by using a jaccard algorithm, an edit distance method, a cosine distance, an euclidean distance, and the like.
And matching a first keyword in the scanning keywords with a second keyword in the description keywords of the attack tools to obtain a first matching result, so that candidate attack tools are preliminarily and automatically selected from the attack tools according to the first matching result, and then automatically matching the rest keywords in the scanning keywords with the rest keywords in the description keywords of the candidate attack tools in sequence, so that the target attack tools are further selected from the candidate attack tools according to the second matching result, thus the tool selection range is gradually narrowed through two times of matching, and the selection accuracy is improved while the selection efficiency of the target attack tools is improved.
In one embodiment, the sequentially matching remaining keywords in the scan keywords except the first keyword with remaining keywords in the description keywords of the candidate attack tool except the second keyword to obtain a second matching result, so as to select the target attack tool from the candidate attack tools according to the second matching result, includes:
determining a matching coefficient according to the information type of the network scanning information; the information types of the network scanning information are different, and the matching coefficient can change adaptively, so that the selection accuracy of the attack tool can be improved.
Comparing the rest keywords except the first keyword in the scanned keywords with the rest keywords except the second keyword in the description keywords of the candidate attack tool respectively to obtain keyword relevancy;
certainly, the keyword correlation degree between every two keywords has a matching coefficient; and according to the information type of the network scanning information, determining the matching coefficient means that the intervals of the matching coefficient between the keywords are different according to the different information types of the network scanning information.
According to the keyword correlation degree and the matching coefficient, obtaining the similarity of the scanning keyword and the description keyword of each attack tool in the candidate attack tools as the second matching result;
and selecting the target attack tool from the candidate attack tools according to the second matching result.
By comparing the rest keywords in the scanned keywords with the rest keywords in the description keywords of the candidate attack tools, the keyword correlation degrees between different keywords can be obtained, and further multiplied by the matching coefficients, the similarity between the scanned keywords and the description keywords of each attack tool in the candidate attack tools, namely a second matching result, can be obtained, and then the most appropriate target attack tool can be accurately selected from the candidate attack tools according to the second matching result, so that the rapidness and the accuracy of selecting the target attack tool are improved.
In one embodiment, the acquiring network scanning information includes:
acquiring network scanning information stored in advance according to a first data format;
acquiring tool description information of each of a plurality of available attack tools, including:
and acquiring the tool description information of each attack tool stored in advance according to a second data format.
By storing the network scanning information and the tool description information according to the first data format and the second data format, extraction efficiency of scanning keywords and describing keywords can be improved, and further improvement of tool selection efficiency by improving matching efficiency of the keywords is facilitated.
For example: for network scan information, a json format may be used, with an example format as follows:
Figure DEST_PATH_IMAGE001
wherein, the core extraction key value port = '389' represents port information, name and product information, and state, version, and extrainfo are used for storing additional information for reference only.
For the poc information (i.e., tool description information) of available poc tools, the following format may be used for storage.
Figure 127285DEST_PATH_IMAGE002
Where the key value key = "Apache Solr _ Unauthorized" represents a name, rule and port represent a name rule and port, which are core information for matching, and path represents a path where poc is located, and create represents a creator.
Embodiments of the present disclosure will be described in further detail below with reference to other steps:
1) firstly, storing network scanning information and tool description information according to the above mode;
2) data preprocessing with splitting and then elimination
The data preprocessing includes the removal and splitting of separators of the input string, including spaces, bars, brackets, etc., and the splitting of the input string into multiple words. For some content that does not need to be matched, filtering is performed in advance, such as httpd. The specific implementation method is to establish a Stop word list (Stop Words), and to store all the Words that can be excluded in the list so as to filter out the Words when matching.
3) Matching calculation
Keyword matching is compared by using similarity, and the method comprises the following two steps:
step 1, port (or fixed information such as an operating system and a version) is used for comparison, and nmap records and poc information which are the same with the port are selected.
Step 2, similarity calculation is carried out, and a specific formula is as follows:
Figure DEST_PATH_IMAGE003
wherein, S is similarity, k1, k2, k3 and k4 are matching coefficients, which are manually selected according to actual conditions (such as types of information according to scanned target information, such as company information and products), comp (S1 and S2) is a comparison function, and the matching of the character strings can use existing algorithms, such as a Jacard algorithm, an edit distance method and other existing character string matching libraries.
In addition, in the rule of pocs, more rules can be added manually, so that better matching of data is realized.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present disclosure is not limited by the order of acts, as some steps may, in accordance with the present disclosure, occur in other orders and concurrently. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that acts and modules referred to are not necessarily required by the disclosure.
The above is a description of embodiments of the method, and the embodiments of the apparatus are further described below.
Fig. 2 shows a block diagram of an attack tool selection apparatus 200 according to an embodiment of the present disclosure. The apparatus 200 may comprise:
a first obtaining module 210, configured to obtain network scanning information;
a second obtaining module 220, configured to obtain tool description information of each of the available attack tools;
a selecting module 230, configured to match the network scanning information with respective tool description information of the multiple attack tools, so as to select a target attack tool from the multiple attack tools according to a matching result. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
FIG. 3 shows a schematic block diagram of an electronic device 300 that may be used to implement embodiments of the present disclosure. The device 300 may be used to implement the attack tool selection apparatus 200 of fig. 2. As shown, the device 300 includes a CPU301 that can perform various appropriate actions and processes according to computer program instructions stored in a ROM302 or loaded from a storage unit 308 into a RAM 303. In the RAM303, various programs and data necessary for the operation of the device 300 can also be stored. The CPU301, ROM302, and RAM303 are connected to each other via a bus 304. An I/O interface 305 is also connected to bus 304.
Various components in device 300 are connected to I/O interface 305, including: an input unit 306 such as a keyboard, a mouse, or the like; an output unit 307 such as various types of displays, speakers, and the like; a storage unit 308 such as a magnetic disk, optical disk, or the like; and a communication unit 309 such as a network card, modem, wireless communication transceiver, etc. The communication unit 309 allows the device 300 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processing unit 301 performs the various methods and processes described above, such as the method 100. For example, in some embodiments, the method 100 may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as the storage unit 308. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 300 via ROM302 and/or communication unit 309. When the computer program is loaded into RAM303 and executed by CPU301, one or more steps of methods 200, 300, 400 described above may be performed. Alternatively, in other embodiments, the CPU301 may be configured to perform the method 100 by any other suitable means (e.g., by way of firmware).
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a RAM, a ROM, an EPROM, an optical fiber, a CD-ROM, an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, while operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (7)

1. An attack tool selection method, comprising:
acquiring network scanning information;
acquiring tool description information of each of a plurality of available attack tools;
respectively performing word segmentation and filtering processing on the network scanning information and the tool description information of each of the plurality of attack tools to obtain a scanning keyword of the network scanning information and a description keyword of each of the plurality of attack tools;
matching a first keyword in the scanning keywords with a second keyword in the description keywords of each attack tool to obtain a first matching result, and selecting a candidate attack tool from the attack tools according to the first matching result;
determining a matching coefficient according to the information type of the network scanning information;
comparing the rest keywords except the first keyword in the scanned keywords with the rest keywords except the second keyword in the description keywords of the candidate attack tool respectively to obtain keyword relevancy;
according to the keyword correlation degree and the matching coefficient, obtaining the similarity of the scanning keyword and the description keyword of each attack tool in the candidate attack tools as a second matching result;
and selecting a target attack tool from the candidate attack tools according to the second matching result.
2. The method of claim 1,
the performing word segmentation and filtering processing on the network scanning information and the tool description information of each of the plurality of attack tools respectively includes:
and after the network scanning information and the respective tool description information of the plurality of attack tools are subjected to separator processing and word segmentation processing respectively, filtering processing is carried out by adopting a preset deactivation word list respectively, wherein the preset deactivation word list is used for indicating that the network scanning information and the information which does not need to be matched in the respective tool description information of the plurality of attack tools are excluded.
3. The method of claim 2,
the delimiter processing includes: deletion of delimiters and/or splitting of delimiters;
the preset deactivation vocabulary is determined by the network scanning information.
4. The method according to any one of claims 1 to 3,
the acquiring network scanning information includes:
acquiring network scanning information stored in advance according to a first data format;
acquiring tool description information of each of a plurality of available attack tools, including:
and acquiring the tool description information of each attack tool stored in advance according to a second data format.
5. An attack tool selection apparatus, comprising:
the first acquisition module is used for acquiring network scanning information;
the second acquisition module is used for acquiring tool description information of each of a plurality of available attack tools;
the selection module is specifically configured to:
respectively performing word segmentation and filtering processing on the network scanning information and the tool description information of each of the plurality of attack tools to obtain a scanning keyword of the network scanning information and a description keyword of each of the plurality of attack tools;
matching a first keyword in the scanning keywords with a second keyword in the description keywords of each attack tool to obtain a first matching result, and selecting a candidate attack tool from the attack tools according to the first matching result;
determining a matching coefficient according to the information type of the network scanning information;
comparing the rest keywords except the first keyword in the scanned keywords with the rest keywords except the second keyword in the description keywords of the candidate attack tool respectively to obtain keyword relevancy;
according to the keyword correlation degree and the matching coefficient, obtaining the similarity of the scanning keyword and the description keyword of each attack tool in the candidate attack tools as a second matching result;
and selecting a target attack tool from the candidate attack tools according to the second matching result.
6. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, wherein the processor, when executing the program, implements the method of any of claims 1-4.
7. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method according to any one of claims 1 to 4.
CN202110748114.4A 2021-07-02 2021-07-02 Attack tool selection method, device, equipment and computer readable storage medium Active CN113194108B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110748114.4A CN113194108B (en) 2021-07-02 2021-07-02 Attack tool selection method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110748114.4A CN113194108B (en) 2021-07-02 2021-07-02 Attack tool selection method, device, equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN113194108A CN113194108A (en) 2021-07-30
CN113194108B true CN113194108B (en) 2021-09-24

Family

ID=76976982

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110748114.4A Active CN113194108B (en) 2021-07-02 2021-07-02 Attack tool selection method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN113194108B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532793A (en) * 2013-10-28 2014-01-22 中国航天科工集团第二研究院七〇六所 Automatic penetration testing method for information system security
CN107480531A (en) * 2017-07-18 2017-12-15 北京计算机技术及应用研究所 Automated software validating vulnerability system and method based on vulnerability database

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2685994C1 (en) * 2015-07-15 2019-04-23 Гуанчжоу Уквеб Компьютер Текнолоджи Ко., Лтд. Method of estimating network attack, said method for secured transmission of network data and corresponding device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532793A (en) * 2013-10-28 2014-01-22 中国航天科工集团第二研究院七〇六所 Automatic penetration testing method for information system security
CN107480531A (en) * 2017-07-18 2017-12-15 北京计算机技术及应用研究所 Automated software validating vulnerability system and method based on vulnerability database

Also Published As

Publication number Publication date
CN113194108A (en) 2021-07-30

Similar Documents

Publication Publication Date Title
CN106131071B (en) A kind of Web method for detecting abnormality and device
CN106033416B (en) Character string processing method and device
CN107851156B (en) Analysis method, analysis device, and recording medium
EP3251298B1 (en) Data extraction
US11379670B1 (en) Automatically populating responses using artificial intelligence
CN113448935B (en) Method, electronic device and computer program product for providing log information
EP2728493A1 (en) Method, apparatus and computer program for detecting deviations in data repositories
WO2014201833A1 (en) Method and device for processing data
CN105790967B (en) Network log processing method and device
CN112328805A (en) Entity mapping method of vulnerability description information and database table based on NLP
CN109561163B (en) Method and device for generating uniform resource locator rewriting rule
CN113392303A (en) Background blasting method, device, equipment and computer readable storage medium
CN112235305A (en) Malicious traffic detection method based on convolutional neural network
CN113194108B (en) Attack tool selection method, device, equipment and computer readable storage medium
EP3564833B1 (en) Method and device for identifying main picture in web page
CN113076961A (en) Image feature library updating method, image detection method and device
CN116383742B (en) Rule chain setting processing method, system and medium based on feature classification
CN116359201A (en) Medicine identification method, system, storage medium and electronic equipment
CN111027771A (en) Scenic spot passenger flow volume estimation method, system and device and storable medium
Ford et al. Pattern matching techniques for correcting low-confidence OCR words in a known context
CN113535458B (en) Abnormal false alarm processing method and device, storage medium and terminal
CN110633430B (en) Event discovery method, apparatus, device, and computer-readable storage medium
CN113486086A (en) Data mining method and system based on feature engineering
CN112861891A (en) User behavior abnormity detection method and device
WO2022259557A1 (en) Determination device, determination method, and determination program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant