CN113626829A - Intelligent terminal operating system vulnerability repair method and system based on vulnerability information - Google Patents
Intelligent terminal operating system vulnerability repair method and system based on vulnerability information Download PDFInfo
- Publication number
- CN113626829A CN113626829A CN202110913563.XA CN202110913563A CN113626829A CN 113626829 A CN113626829 A CN 113626829A CN 202110913563 A CN202110913563 A CN 202110913563A CN 113626829 A CN113626829 A CN 113626829A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- kernel
- intelligent terminal
- data
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention discloses a vulnerability repairing method and system of an intelligent terminal operating system based on vulnerability information, which comprises the steps that a remote intelligent terminal vulnerability detection system selects corresponding kernel codes according to the version information of a main system kernel of an abnormal intelligent terminal; respectively matching the kernel codes by using a plurality of kernel vulnerability code segments obtained from vulnerability information, and obtaining kernel vulnerability associated data from the vulnerability information according to a matching result; and sending the kernel repairing program generated according to the kernel vulnerability associated data to the abnormal intelligent terminal so as to repair the vulnerability of the main system. The method and the system realize security situation awareness and vulnerability repair of the intelligent terminal, help intelligent terminal users to resist security threats and 0-day attacks, and reduce detection time and repair time after attacks; the mobile internet attack behavior and security vulnerability risks can be effectively responded, and the security of the intelligent terminal is finally improved.
Description
Technical Field
The invention belongs to the technical field of information technology and computer software, and particularly relates to a vulnerability repairing method and system of an intelligent terminal operation system based on vulnerability intelligence.
Background
With the continuous development of the global mobile intelligent terminal industry, intelligent mobile terminals represented by smart phones and tablet computers are deeply involved in the aspects of people's life. The rapid rise of the mobile terminal enables the service range of the mobile terminal to gradually develop from traditional communication to service scenes including office, payment, public management and the like.
The functions of the intelligent terminal operating system are gradually complicated, and the security defense reinforcing technology of the terminal system faces increasing war. The malicious application can achieve the malicious purposes of deceiving users and the like by using the modes of system loopholes, flow hijacking, data tampering and the like, and even bring casualties and heavy economic loss. There is a need to provide operating system security enhancements for smart terminals in sensitive scenarios.
The existing intelligent terminal security mechanism and security upgrading strategy are that after finding a leak, a developer performs leak repairing and provides security upgrading for a user. The traditional processing mode can only process the disclosed loopholes, but lacks effective active coping strategies in the aspect of resisting unknown security threats and 0-day attacks, and cannot effectively cope with the attack behaviors of the mobile internet and the serious threat of the security loophole risks to the security of an operating system.
Disclosure of Invention
Aiming at unknown security threats of an intelligent terminal operating system, in order to improve the active security defense capability of a safe and credible intelligent terminal operating system, the invention provides the intelligent terminal operating system vulnerability repair method and system based on vulnerability information.
In order to achieve the purpose, the invention adopts the following technical scheme:
a vulnerability repairing method of an intelligent terminal operating system based on vulnerability information is suitable for a system consisting of a remote intelligent terminal vulnerability detection system and at least one intelligent terminal, and comprises the following steps:
1) the remote intelligent terminal vulnerability detection system selects a corresponding kernel code according to the kernel version information of the main system of the abnormal intelligent terminal;
2) respectively matching the kernel codes by using a plurality of kernel vulnerability code segments obtained from vulnerability information, and obtaining kernel vulnerability associated data from the vulnerability information according to a matching result;
3) and sending the kernel repairing program generated according to the kernel vulnerability associated data to the abnormal intelligent terminal so as to repair the main system leak.
Further, whether the intelligent terminal is abnormal is judged through the following steps:
1) the intelligent terminal classifies and associates the safety related data in the main system to obtain integrated safety data;
2) and analyzing the integrated safety data and judging whether the intelligent terminal is abnormal or not.
And further, the intelligent terminal monitors and judges the safety related data in real time.
Further, the integrated security data is obtained by:
1) after the safety related data are classified, forming an association rule among the safety related data;
2) and integrating the safety related data by using the association rule to obtain integrated safety data.
Further, a kernel repair program is generated by:
1) respectively obtaining a repair patch of the bug and construction environment data of the main system according to the kernel bug associated data;
2) compiling and constructing based on the repair patch and the construction environment data to generate a kernel repair program.
Furthermore, when the intelligent terminal is abnormal, the intelligent terminal is automatically switched to the standby system.
Further, main system vulnerability repair is carried out through the following steps:
1) executing a kernel repairing program in the standby system;
2) and restarting the abnormal intelligent terminal and entering the repaired main system.
An intelligent terminal operating system vulnerability fix system based on vulnerability intelligence, comprising:
the remote intelligent terminal vulnerability detection system is used for selecting a corresponding kernel code according to the main system kernel version information of the abnormal intelligent terminal; respectively matching kernel codes by using a plurality of kernel vulnerability code segments obtained from vulnerability information, and obtaining kernel vulnerability associated data from the vulnerability information according to a matching result; sending a kernel repairing program generated according to kernel vulnerability associated data to an abnormal intelligent terminal;
the intelligent terminal is used for providing the kernel version information of the main system when the system is abnormal; and performing main system bug fixing based on the kernel fixing program.
Compared with the prior art, the invention has the following advantages:
1. establishing an intelligent terminal sensing system, collecting and judging safety related data of an intelligent terminal main system, and switching to a standby system when the data state is abnormal;
2. utilizing a remote intelligent terminal vulnerability detection system to detect vulnerabilities of kernel codes of a main system to obtain vulnerabilities existing in a kernel of the main system; generating a kernel repairing program of the main system by using a remote intelligent terminal vulnerability repairing system according to the kernel vulnerability detection result of the main system; repairing the main system by using a kernel repairing program to complete the main system bug repairing;
3. the security situation awareness and vulnerability repair of the intelligent terminal are realized, the intelligent terminal user is helped to resist security threats and 0-day attacks, and the detection time and the repair time after the attack are reduced;
4. the mobile internet attack behavior and security vulnerability risks can be effectively responded, and the security of the intelligent terminal is finally improved.
Drawings
Fig. 1 is a flowchart of a vulnerability detection and remediation technique for an intelligent terminal operating system based on vulnerability intelligence, according to an embodiment.
Fig. 2 is a schematic diagram of each processing module of the vulnerability detection and repair technology of the intelligent terminal operating system based on vulnerability intelligence according to the embodiment.
Fig. 3 is a flowchart of vulnerability awareness and vulnerability repair of the intelligent terminal in the embodiment.
FIG. 4 is a remote platform processing diagram in an embodiment.
Detailed Description
The invention will be further described by way of example with reference to the accompanying drawings.
According to the vulnerability information established based on the knowledge in the security vulnerability field, the relationship among related affairs such as vulnerabilities, software and threats is mined by conceptually depicting and describing each security vulnerability, and a human-understandable and machine-computable general knowledge structure is formed, so that the vulnerability information replaces the work needing human participation such as vulnerability data acquisition, analysis, vulnerability detection, positioning, threat assessment, repair priority and strategy planning, and the like, and the vulnerability information helps to realize more accurate vulnerability detection, more intuitive threat assessment, more reasonable repair guidance and more abundant repair means.
The general flow of the bug fixing method of this embodiment is shown in fig. 1, each processing module is shown in fig. 2, and the method mainly includes the following steps:
1) and establishing an intelligent terminal sensing system, collecting and judging safety related data of the intelligent terminal main system, and switching to a standby system when the data are abnormal.
Specifically, a step flow of establishing an intelligent terminal sensing system and collecting and distinguishing safety related data of an intelligent terminal main system is shown in fig. 3, which is specifically described as follows:
1a) starting an intelligent terminal system, entering a main system, and turning to 1 b);
1b) and collecting safety related data in the system in real time, and classifying and associating the safety related data with different characteristics. Go to 1 c);
1c) analyzing and judging different types of data, and turning to 1 d);
1d) judging whether the data is abnormal, if so, turning to 1f), and otherwise, turning to 1 e);
1e) continuing to monitor the system and turning to 1 b);
1f) and switching to the standby system and recording the kernel version information of the main system.
2) And carrying out vulnerability detection on the kernel code of the main system by using a remote intelligent terminal vulnerability detection system to obtain the vulnerability existing in the kernel code of the main system.
Specifically, a flow of a step of performing vulnerability detection on a kernel of a host system to obtain a vulnerability existing in the kernel of the host system is shown in fig. 4, which is specifically described as follows:
2a) pushing the kernel version information in the step 1f) to a remote intelligent terminal vulnerability detection system, and turning to the step 2 b);
2b) selecting a kernel code of a corresponding version from a kernel code library of the main system according to the kernel version of the main system, taking the kernel code as a tested code of the main system, and turning to 2 c);
2c) acquiring kernel vulnerability code segments from vulnerability intelligence to serve as vulnerability code characteristic data, and turning to 2 d);
2d) matching unrepaired code segments in the tested code of the main system of the 2b) by using the vulnerability code characteristic data in the 2c), so as to obtain the kernel vulnerability code of the main system, and turning to the 2 e);
2e) obtaining the kernel vulnerability associated data of the main system from the vulnerability intelligence according to the vulnerability code characteristic data with the matching result in the step 2 d).
3) And generating a kernel repairing program of the main system by using the remote intelligent terminal vulnerability repairing system according to the kernel code vulnerability detection result of the main system.
Specifically, the flow of the step of generating the kernel repair program of the main system by the remote intelligent terminal bug repair system is shown in fig. 4, which is specifically described as follows:
3a) obtaining a repair patch of the bug from the kernel vulnerability associated data of the main system in the step 2e), and turning to the step 3 b);
3b) obtaining the construction environment data of the system from the kernel vulnerability associated data of the main system in the step 2e), and turning to the step 3 c);
3c) compiling and constructing the repair patch of 3a) in the environment of 3b) to obtain a main system kernel repair program, and turning to 3 d);
3d) pushing the kernel repairing program in the step 3c) to a standby system of the intelligent terminal.
4) And repairing the main system by using the kernel repairing program to finish the main system bug repairing.
Specifically, the specific description of repairing the main system by using the kernel repairing program is as follows:
4a) in the standby system, executing the kernel repairing program in 3d), and turning to 4 b);
4b) restart the system, go to 4 c);
4c) and the intelligent terminal enters the main system to complete the repair.
The above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and those skilled in the art can make modifications or equivalent substitutions on the technical solutions of the present invention without departing from the spirit and scope of the present invention, and the protection scope of the present invention should be subject to the claims.
Claims (10)
1. A vulnerability repairing method of an intelligent terminal operating system based on vulnerability information is suitable for a system consisting of a remote intelligent terminal vulnerability detection system and at least one intelligent terminal, and comprises the following steps:
1) the remote intelligent terminal vulnerability detection system selects a corresponding kernel code according to the kernel version information of the main system of the abnormal intelligent terminal;
2) respectively matching the kernel codes by using a plurality of kernel vulnerability code segments obtained from vulnerability information, and obtaining kernel vulnerability associated data from the vulnerability information according to a matching result;
3) and sending the kernel repairing program generated according to the kernel vulnerability associated data to the abnormal intelligent terminal so as to repair the vulnerability of the main system.
2. The method of claim 1, wherein the determination of whether the intelligent terminal is abnormal is made by:
1) the intelligent terminal classifies and associates the safety related data in the main system to obtain integrated safety data;
2) and analyzing the integrated safety data and judging whether the intelligent terminal is abnormal or not.
3. The method of claim 2, wherein the intelligent terminal monitors and discriminates the safety-related data in real time.
4. The method of claim 2, wherein the integrated security data is obtained by:
1) after the safety related data are classified, forming an association rule among the safety related data;
2) and integrating the safety related data by using the association rule to obtain integrated safety data.
5. The method of claim 1, wherein the kernel repair program is generated by:
1) respectively obtaining a repair patch of the bug and construction environment data of the main system according to the kernel bug associated data;
2) compiling and constructing based on the repair patch and the construction environment data to generate a kernel repair program.
6. The method of claim 1, wherein the intelligent terminal automatically switches to the standby system when abnormal.
7. The method of claim 6, wherein the main system vulnerability fix is performed by:
1) executing a kernel repairing program in the standby system;
2) and restarting the abnormal intelligent terminal and entering the repaired main system.
8. An intelligent terminal operating system vulnerability fix system based on vulnerability intelligence, comprising:
the remote intelligent terminal vulnerability detection system is used for selecting a corresponding kernel code according to the kernel version information of the main system of the abnormal intelligent terminal; respectively matching the kernel codes by using a plurality of kernel vulnerability code segments obtained from vulnerability information, and obtaining kernel vulnerability associated data from the vulnerability information according to a matching result; sending a kernel repairing program generated according to kernel vulnerability associated data to an abnormal intelligent terminal;
the intelligent terminal is used for providing the kernel version information of the main system when the system is abnormal; and performing main system bug fixing based on the kernel fixing program.
9. The system of claim 8, wherein the determination of whether the intelligent terminal is abnormal is made by:
1) the intelligent terminal classifies and associates the safety related data in the main system to obtain integrated safety data;
2) and analyzing the integrated safety data and judging whether the intelligent terminal is abnormal or not.
10. The system of claim 8, wherein the kernel repair program is generated by:
1) respectively obtaining a repair patch of the bug and construction environment data of the main system according to the kernel bug associated data;
2) compiling and constructing based on the repair patch and the construction environment data to generate a kernel repair program.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110913563.XA CN113626829A (en) | 2021-08-10 | 2021-08-10 | Intelligent terminal operating system vulnerability repair method and system based on vulnerability information |
| PCT/CN2021/134944 WO2023015783A1 (en) | 2021-08-10 | 2021-12-02 | Intelligent terminal operating system vulnerability repairing method and system based on vulnerability intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110913563.XA CN113626829A (en) | 2021-08-10 | 2021-08-10 | Intelligent terminal operating system vulnerability repair method and system based on vulnerability information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113626829A true CN113626829A (en) | 2021-11-09 |
Family
ID=78383959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110913563.XA Pending CN113626829A (en) | 2021-08-10 | 2021-08-10 | Intelligent terminal operating system vulnerability repair method and system based on vulnerability information |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113626829A (en) |
| WO (1) | WO2023015783A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023015783A1 (en) * | 2021-08-10 | 2023-02-16 | 中国科学院软件研究所 | Intelligent terminal operating system vulnerability repairing method and system based on vulnerability intelligence |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117272330B (en) * | 2023-11-22 | 2024-03-08 | 深圳市奥盛通科技有限公司 | Method and system for reinforcing and updating server system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20110119929A (en) * | 2010-04-28 | 2011-11-03 | 한국전자통신연구원 | Method and device against intelligent bots by masquerading virtual machine information |
| CN106598667A (en) * | 2016-12-12 | 2017-04-26 | 百度在线网络技术(北京)有限公司 | Method and device used for restoring kernel vulnerability |
| CN107506647A (en) * | 2017-07-28 | 2017-12-22 | 努比亚技术有限公司 | Leak self-repairing method and mobile terminal |
| CN109086100A (en) * | 2018-07-26 | 2018-12-25 | 中国科学院信息工程研究所 | A kind of high safety is credible mobile terminal safety architectural framework and security service method |
| CN112395616A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability processing method and device and computer equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9118708B2 (en) * | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Multi-path remediation |
| CN113626829A (en) * | 2021-08-10 | 2021-11-09 | 中国科学院软件研究所 | Intelligent terminal operating system vulnerability repair method and system based on vulnerability information |
-
2021
- 2021-08-10 CN CN202110913563.XA patent/CN113626829A/en active Pending
- 2021-12-02 WO PCT/CN2021/134944 patent/WO2023015783A1/en unknown
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20110119929A (en) * | 2010-04-28 | 2011-11-03 | 한국전자통신연구원 | Method and device against intelligent bots by masquerading virtual machine information |
| CN106598667A (en) * | 2016-12-12 | 2017-04-26 | 百度在线网络技术(北京)有限公司 | Method and device used for restoring kernel vulnerability |
| CN107506647A (en) * | 2017-07-28 | 2017-12-22 | 努比亚技术有限公司 | Leak self-repairing method and mobile terminal |
| CN109086100A (en) * | 2018-07-26 | 2018-12-25 | 中国科学院信息工程研究所 | A kind of high safety is credible mobile terminal safety architectural framework and security service method |
| CN112395616A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability processing method and device and computer equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023015783A1 (en) * | 2021-08-10 | 2023-02-16 | 中国科学院软件研究所 | Intelligent terminal operating system vulnerability repairing method and system based on vulnerability intelligence |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023015783A1 (en) | 2023-02-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112134761B (en) | Electric power Internet of things terminal vulnerability detection method and system based on firmware analysis | |
| KR101377014B1 (en) | System and Method of Malware Diagnosis Mechanism Based on Immune Database | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| EP3113062B1 (en) | System and method of detecting modified or corrupted external devices | |
| CN103890771A (en) | User-defined countermeasures | |
| CN105074718A (en) | On-line behavioral analysis engine in mobile device with multiple analyzer model providers | |
| CN113626829A (en) | Intelligent terminal operating system vulnerability repair method and system based on vulnerability information | |
| US10839074B2 (en) | System and method of adapting patterns of dangerous behavior of programs to the computer systems of users | |
| CN103164653B (en) | For analyzing equipment and the method for Malware in data analysis system | |
| CN104809397A (en) | Android malicious software detection method and system based on dynamic monitoring | |
| CN113872965B (en) | SQL injection detection method based on Snort engine | |
| CN113221032A (en) | Link risk detection method, device and storage medium | |
| US11003772B2 (en) | System and method for adapting patterns of malicious program behavior from groups of computer systems | |
| CN112528295B (en) | Vulnerability restoration method and device for industrial control system | |
| CN103795771A (en) | User terminal, reliability management server, and corresponding methods and programs | |
| CN117240632A (en) | Attack detection method and system based on knowledge graph | |
| KR20130085483A (en) | System and method for detecting malicious mobile applications | |
| Thevenon et al. | iMRC: Integrated Monitoring & Recovery Component, a Solution to Guarantee the Security of Embedded Systems. | |
| CN116248397A (en) | Vulnerability detection method and device, electronic equipment and readable storage medium | |
| CN113364766B (en) | APT attack detection method and device | |
| CN115967565A (en) | Battlefield situation sensing method, system, terminal equipment and storage medium | |
| CN109933990B (en) | Multi-mode matching-based security vulnerability discovery method and device and electronic equipment | |
| CN112464249A (en) | Asset equipment attack vulnerability repairing method, device, equipment and storage medium | |
| KR102541888B1 (en) | Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same | |
| Al-Mandhari et al. | Association Rules for Buffer Overflow Vulnerability Detection Using Machine Learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |