CN113709174A - Network vulnerability heat reappearance and repair method for power monitoring system - Google Patents
Network vulnerability heat reappearance and repair method for power monitoring system Download PDFInfo
- Publication number
- CN113709174A CN113709174A CN202111029561.0A CN202111029561A CN113709174A CN 113709174 A CN113709174 A CN 113709174A CN 202111029561 A CN202111029561 A CN 202111029561A CN 113709174 A CN113709174 A CN 113709174A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- patch
- information
- environment
- power monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a method for recovering and repairing a power monitoring system network vulnerability heat, which comprises the steps of automatically configuring a vulnerability heat recovery environment, analyzing a vulnerability utilization mode, searching and repairing a vulnerability hot patch and the like, can automatically realize the vulnerability heat recovery, analyzes the vulnerability utilization mode and finally achieves the goal of vulnerability repair. Compared with the traditional method, the method provided by the invention has the advantages that the complicated process of configuring the environment during artificial loophole reproduction is reduced by an automatic reproduction mode, the workload of an artificial loophole analysis utilization mode is reduced, the autonomous hot patch searching and repairing based on the analysis loophole utilization mode are realized, and the method has the advantages of scientific and reasonable method, strong applicability, good effect and the like.
Description
Technical Field
The invention relates to a power monitoring technology, in particular to a power monitoring system network vulnerability heat reappearing and repairing method.
Background
The power monitoring system network vulnerability hot-replication and repair mainly comprises three parts, namely vulnerability hot-replication, vulnerability utilization analysis and vulnerability hot-patch repair. The vulnerability hot recurrence refers to the utilization process of a certain vulnerability existing in the system, which is combined with the acquired vulnerability information to self-configure a recurrence environment and recur the vulnerability without influencing the normal service of the system; the vulnerability utilization analysis is to identify the vulnerability type and determine the vulnerability generation reason and other key information by combining system defects based on vulnerability information and through technologies such as manual analysis, fuzzy analysis and the like; the vulnerability hot patch repairing refers to the steps of aiming at system defects, searching corresponding vulnerability patches according to vulnerability generation reasons, configuring patch operating environments and then installing the patches so as to achieve the purpose of repairing vulnerabilities. In summary, after the vulnerability information is obtained, under the condition that normal service operation of the power monitoring system network is not affected, the vulnerability exploitation process can be simulated in a vulnerability hot-replication mode, the vulnerability exploitation mode is analyzed to extract key field information of the replication process, namely executed functions, memory context information, registers and other data, and then relevant patches are searched after the vulnerability generation reason is obtained, so that vulnerability repair is realized. The current bug fixing technology still has the following problems:
(1) the existing vulnerability repair technology cannot automatically build a vulnerability recurrence environment, search and construct a vulnerability utilization mode;
(2) the existing vulnerability repair technology cannot autonomously analyze a vulnerability utilization mode according to vulnerability recurrence information;
(3) the existing vulnerability patching technology cannot independently search hot patch information based on vulnerability generation reasons, and realizes vulnerability hot patch patching under the condition of not interrupting the current service of equipment.
Disclosure of Invention
The invention mainly aims to improve and innovate the vulnerability repair technology on the basis of the existing network vulnerability repair technology, and provides a vulnerability hot-replication and repair method which is scientific, reasonable, high in applicability and good in effect. The method is based on the existing vulnerability repairing method, based on vulnerability information, a vulnerability environment is automatically set up, a vulnerability utilization mode is searched or constructed, vulnerability reproduction is completed under the condition that the current service of the power monitoring system network is not interrupted, the utilization mode is analyzed and processed through a semantic analysis technology, and repairing modes such as hot patches are searched to complete vulnerability repairing.
The technical scheme adopted by the invention is as follows: a power monitoring system network vulnerability thermal reappearance and repair method comprises the following steps: automatically configuring a vulnerability thermal recurrence environment method; a vulnerability exploiting mode analyzing method; a vulnerability hot patch searching and repairing method.
Further, the method for automatically configuring the vulnerability thermal recurrence environment comprises the following steps: when the bug hot replication is carried out, the rapid simulation kernel virtual machine technology is utilized to realize the virtualized configuration of bug replication environment vectors, and the kernel virtual machine KVM is used for carrying out hardware acceleration on the rapid simulator QEMU while the normal state of the power monitoring system network is maintained; during configuration, firstly, known vulnerability information is read, vulnerability recurrence environment data, namely variables such as a system kernel file kernel, a system memory, bios during vulnerability operation, a hard disk had, a network card file net and a mirror image hard disk drive, are obtained, a recurrence environment vector TargetVuln _ map corresponding to the vulnerability is established, resources such as the kernel, the memory, the bios, the had, the net and the drive are read and distributed, vulnerability recurrence is carried out in a dynamic code translation mode, and an actual trigger scene of each vulnerability is completely recovered.
Further, the vulnerability exploiting mode analyzing method comprises the following steps: establishing a three-dimensional coordinate system, marking vulnerability occurrence NewV by using a related application state, a middle component state and a bottom register state of a vulnerability discovery site as three-dimensional coordinate points, automatically crawling related vulnerability information in a common network, a national information security vulnerability sharing platform and a Chinese national information security vulnerability library, screening a plurality of vulnerabilities of the same type, calculating a correlation coefficient among the vulnerabilities according to each vulnerability occurrence coordinate point, searching vulnerability information similar to new vulnerabilities, and defining a similarity calculation formula as follows:
wherein the content of the first and second substances,is the dimension of the vulnerability coordinate point,is newThe number of the loopholes is increased,for the relevant vulnerability crawled from the network, the similarity of the two is calculatedThe loophole with the highest similarity can be analyzed and obtained for searchingThe concept certification and the vulnerability of the related release are analyzed by common words, and the specific formula is as follows:
binding vulnerabilitiesBy means of, obtainAnd determining the vulnerability utilization mode according to the vulnerability trigger point.
Furthermore, the vulnerability hot patch searching and repairing method comprises the following steps: according to the obtained vulnerability trigger point and the vulnerability type, searching related vulnerability hot patches by adopting a search mode based on a search engine, searching corresponding patches with similar vulnerabilities, collecting information of the searched vulnerability hot patches, extracting factors such as an operating system patch _ os, an equipment type patch _ dev, a software version patch _ svsion, a programming language type patch _ language and the like in the patches, and constructing a patch information text vector patch _ mag; extracting information such as an operating system pathc _ os, a device type pathc _ dev, a software version pathc _ svision, a programming language type pathc _ language and the like of the vulnerability reproduction environment, establishing a vulnerability information text vector vuln _ mag, and analyzing the correlation between the patch information and the vulnerability information by using a formula (3):
wherein the content of the first and second substances,and selecting the patches according to the sequence of the correlation degree from high to low to operate the related patches in the generated virtualized environment after the correlation degree calculation result is obtained, detecting whether the hot patch repair is effective, and performing hot patch repair on the actual environment of the power monitoring system network after verification is finished.
The invention has the advantages that: according to the method for reproducing and repairing the power monitoring system network vulnerability heat, disclosed by the invention, the vulnerability heat reproduction can be automatically realized, and the vulnerability utilization mode is analyzed, so that the purpose of vulnerability repair is finally achieved. Compared with the traditional method, the automatic vulnerability replication method has the advantages that the complicated process of configuring the environment during artificial vulnerability replication is reduced through the automatic replication method, the workload of the artificial vulnerability analysis utilization method is reduced, the automatic hot patch searching and repairing based on the vulnerability analysis utilization method is realized, and the automatic vulnerability replication method has the advantages of being scientific and reasonable, strong in applicability, good in effect and the like.
In addition to the objects, features and advantages described above, other objects, features and advantages of the present invention are also provided. The present invention will be described in further detail below with reference to the drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention.
FIG. 1 is a flow chart of a method for recovering and repairing network vulnerability heat of a power monitoring system according to the present invention;
fig. 2 is a schematic diagram of analyzing vulnerability similarity coordinates by the power monitoring system network vulnerability heat recovery and repair method.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1 and fig. 2, a power monitoring system network vulnerability thermal recovery and repair method includes: automatically configuring a vulnerability thermal recurrence environment method; a vulnerability exploiting mode analyzing method; a vulnerability hot patch searching and repairing method.
The method for automatically configuring the vulnerability thermal recurrence environment comprises the following steps: when the bug hot replication is carried out, a Quick emulation Kernel-based Virtual Machine (QEMU-KVM) technology is utilized to realize the virtualized configuration of bug replication environment vectors, and the Kernel Virtual Machine (KVM) is used for carrying out hardware acceleration on a Quick Emulator QEMU while the normal state of a power monitoring system network is maintained; during configuration, firstly, known vulnerability information is read, vulnerability recurrence environment data, namely variables such as a system kernel file kernel, a system memory, bios during vulnerability operation, a hard disk had, a network card file net and a mirror image hard disk drive, are obtained, a recurrence environment vector TargetVuln _ map corresponding to the vulnerability is established, resources such as the kernel, the memory, the bios, the had, the net and the drive are read and distributed, vulnerability recurrence is carried out in a dynamic code translation mode, and an actual trigger scene of each vulnerability is completely recovered.
The vulnerability exploiting mode analyzing method comprises the following steps: establishing a three-dimensional coordinate system, marking new V (AppState, middle component State, and UnderlyingState) for generating the Vulnerability by using a relevant application state (AppState), middle component state (MiddleState) and bottom layer register state (UnderlyingState) of a Vulnerability recurrence field as three-dimensional coordinate points, automatically crawling Common Vulnerability disclosure (CVE) in a public network, National Information Security sharing platform (China National Vulnerability Database, CNVD), and China National Information Security Vulnerability library (China National Vulnerability Database of Information Security, CNNVD), screening a plurality of Vulnerabilities of the same type, and calculating a relevant coefficient between Vulnerabilities according to the coordinate points of the Vulnerability generation to find Vulnerability Information similar to the new Vulnerability, wherein a similarity calculation formula is defined as:
wherein the content of the first and second substances,is the dimension of the vulnerability coordinate point,in order to newly create a vulnerability,for the relevant vulnerability crawled from the network, the similarity of the two is calculatedThe loophole with the highest similarity can be analyzed and obtained for searchingThe Concept certification (POC) and the Exploit (expit, EXP) of the related release are analyzed for common words, and the specific formula is as follows:
binding vulnerabilitiesBy means of, obtainAnd determining the vulnerability utilization mode according to the vulnerability trigger point.
The vulnerability hot patch searching and repairing method comprises the following steps: according to the obtained vulnerability trigger point and the vulnerability type, searching related vulnerability hot patches by adopting a search mode based on a search engine, searching corresponding patches with similar vulnerabilities, collecting information of the searched vulnerability hot patches, extracting factors such as an operating system patch _ os, an equipment type patch _ dev, a software version patch _ svsion, a programming language type patch _ language and the like in the patches, and constructing a patch information text vector patch _ mag; extracting information such as an operating system pathc _ os, a device type pathc _ dev, a software version pathc _ svision, a programming language type pathc _ language and the like of the vulnerability reproduction environment, establishing a vulnerability information text vector vuln _ mag, and analyzing the correlation between the patch information and the vulnerability information by using a formula (3):
wherein the content of the first and second substances,and selecting the patches according to the sequence of the correlation degree from high to low to operate the related patches in the generated virtualized environment after the correlation degree calculation result is obtained, detecting whether the hot patch repair is effective, and performing hot patch repair on the actual environment of the power monitoring system network after verification is finished.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (4)
1. A power monitoring system network vulnerability thermal reappearance and repair method is characterized by comprising the following steps: automatically configuring a vulnerability thermal recurrence environment method; a vulnerability exploiting mode analyzing method; a vulnerability hot patch searching and repairing method.
2. The power monitoring system network vulnerability thermal rendering and patching method of claim 1, wherein the automatic configuration vulnerability thermal rendering environment method comprises: when the bug hot replication is carried out, the rapid simulation kernel virtual machine technology is utilized to realize the virtualized configuration of bug replication environment vectors, and the kernel virtual machine KVM is used for carrying out hardware acceleration on the rapid simulator QEMU while the normal state of the power monitoring system network is maintained; during configuration, firstly, known vulnerability information is read, vulnerability recurrence environment data, namely variables such as a system kernel file kernel, a system memory, bios during vulnerability operation, a hard disk had, a network card file net and a mirror image hard disk drive, are obtained, a recurrence environment vector TargetVuln _ map corresponding to the vulnerability is established, resources such as the kernel, the memory, the bios, the had, the net and the drive are read and distributed, vulnerability recurrence is carried out in a dynamic code translation mode, and an actual trigger scene of each vulnerability is completely recovered.
3. The power monitoring system network vulnerability thermal rendering and patching method of claim 1, wherein the vulnerability exploitation manner analysis method comprises: establishing a three-dimensional coordinate system, marking vulnerability occurrence NewV by using a related application state, a middle component state and a bottom register state of a vulnerability discovery site as three-dimensional coordinate points, automatically crawling related vulnerability information in a common network, a national information security vulnerability sharing platform and a Chinese national information security vulnerability library, screening a plurality of vulnerabilities of the same type, calculating a correlation coefficient among the vulnerabilities according to each vulnerability occurrence coordinate point, searching vulnerability information similar to new vulnerabilities, and defining a similarity calculation formula as follows:
wherein the content of the first and second substances,is the dimension of the vulnerability coordinate point,in order to newly create a vulnerability,for relevant vulnerabilities crawled from the networkBy calculating the similarity of bothThe loophole with the highest similarity can be analyzed and obtained for searchingThe concept certification and the vulnerability of the related release are analyzed by common words, and the specific formula is as follows:
4. The power monitoring system network vulnerability thermal rendering and patching method of claim 1, wherein the vulnerability thermal patch finding and patching method comprises: according to the obtained vulnerability trigger point and the vulnerability type, searching related vulnerability hot patches by adopting a search mode based on a search engine, searching corresponding patches with similar vulnerabilities, collecting information of the searched vulnerability hot patches, extracting factors such as an operating system patch _ os, an equipment type patch _ dev, a software version patch _ svsion, a programming language type patch _ language and the like in the patches, and constructing a patch information text vector patch _ mag; extracting information such as an operating system pathc _ os, a device type pathc _ dev, a software version pathc _ svision, a programming language type pathc _ language and the like of the vulnerability reproduction environment, establishing a vulnerability information text vector vuln _ mag, and analyzing the correlation between the patch information and the vulnerability information by using a formula (3):
wherein the content of the first and second substances,and selecting the patches according to the sequence of the correlation degree from high to low to operate the related patches in the generated virtualized environment after the correlation degree calculation result is obtained, detecting whether the hot patch repair is effective, and performing hot patch repair on the actual environment of the power monitoring system network after verification is finished.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111029561.0A CN113709174B (en) | 2021-09-03 | 2021-09-03 | Network vulnerability heat reappearance and repair method for power monitoring system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111029561.0A CN113709174B (en) | 2021-09-03 | 2021-09-03 | Network vulnerability heat reappearance and repair method for power monitoring system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113709174A true CN113709174A (en) | 2021-11-26 |
CN113709174B CN113709174B (en) | 2023-04-18 |
Family
ID=78657730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111029561.0A Active CN113709174B (en) | 2021-09-03 | 2021-09-03 | Network vulnerability heat reappearance and repair method for power monitoring system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113709174B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114301638A (en) * | 2021-12-13 | 2022-04-08 | 山石网科通信技术股份有限公司 | Method and device for reproducing firewall rules, storage medium and processor |
CN114329486A (en) * | 2021-12-24 | 2022-04-12 | 中电信数智科技有限公司 | Asset vulnerability management method and device, electronic equipment and storage medium |
CN115310099A (en) * | 2022-10-12 | 2022-11-08 | 北京盛邦赛云科技有限公司 | Vulnerability coordinate system establishing method, vulnerability analyzing device and related equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103745158A (en) * | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
US20190005246A1 (en) * | 2017-06-29 | 2019-01-03 | Aqua Security Software, Ltd. | System for Virtual Patching Security Vulnerabilities in Software Containers |
CN109714314A (en) * | 2018-11-21 | 2019-05-03 | 中国电子科技网络信息安全有限公司 | A kind of construction method for the holographic vulnerability database reappearing loophole Life cycle |
CN112286823A (en) * | 2020-11-18 | 2021-01-29 | 山石网科通信技术股份有限公司 | Method and device for testing kernel of operating system |
-
2021
- 2021-09-03 CN CN202111029561.0A patent/CN113709174B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103745158A (en) * | 2014-01-26 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for repairing system bugs |
US20190005246A1 (en) * | 2017-06-29 | 2019-01-03 | Aqua Security Software, Ltd. | System for Virtual Patching Security Vulnerabilities in Software Containers |
CN109714314A (en) * | 2018-11-21 | 2019-05-03 | 中国电子科技网络信息安全有限公司 | A kind of construction method for the holographic vulnerability database reappearing loophole Life cycle |
CN112286823A (en) * | 2020-11-18 | 2021-01-29 | 山石网科通信技术股份有限公司 | Method and device for testing kernel of operating system |
Non-Patent Citations (6)
Title |
---|
李志茹等: "电网企业统一漏洞补丁管理系统设计与应用", 《电力信息与通信技术》 * |
温涛等: "UVDA:自动化融合异构安全漏洞库框架的设计与实现", 《通信学报》 * |
滕忠钢: "利用"Kali Linux"与"Docker"技术进行渗透测试实验", 《信息技术与信息化》 * |
邹雅毅等: "开源软件漏洞补丁的采集与整理", 《河北省科学院学报》 * |
陈一鸣等: "基于Docker的漏洞验证框架的设计与实现", 《电子技术应用》 * |
靳宪龙等: "基于Crash的漏洞利用自动生成系统", 《现代计算机》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114301638A (en) * | 2021-12-13 | 2022-04-08 | 山石网科通信技术股份有限公司 | Method and device for reproducing firewall rules, storage medium and processor |
CN114301638B (en) * | 2021-12-13 | 2024-02-06 | 山石网科通信技术股份有限公司 | Firewall rule reproduction method and device, storage medium and processor |
CN114329486A (en) * | 2021-12-24 | 2022-04-12 | 中电信数智科技有限公司 | Asset vulnerability management method and device, electronic equipment and storage medium |
CN115310099A (en) * | 2022-10-12 | 2022-11-08 | 北京盛邦赛云科技有限公司 | Vulnerability coordinate system establishing method, vulnerability analyzing device and related equipment |
Also Published As
Publication number | Publication date |
---|---|
CN113709174B (en) | 2023-04-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113709174B (en) | Network vulnerability heat reappearance and repair method for power monitoring system | |
Tian et al. | A real-time correlation of host-level events in cyber range service for smart campus | |
CN101438529B (en) | Proactive computer malware protection through dynamic translation | |
CN101788915A (en) | White list updating method based on trusted process tree | |
JP2021022400A (en) | Analysis system, method and program | |
CN106951345A (en) | A kind of conformance test method and device of magnetic disk of virtual machine data | |
CN107515778A (en) | A kind of origin method for tracing and system based on context-aware | |
US20230168916A1 (en) | Method and System for Interactive Cyber Simulation Exercises | |
CN113868648A (en) | Automatic shelling engine implementation method for malicious files | |
CN110875928A (en) | Attack tracing method, device, medium and equipment | |
CN116527332B (en) | Network attack drilling method, device, equipment and storage medium | |
Le et al. | Iot Botnet detection using system call graphs and one-class CNN classification | |
CN103455677B (en) | Environmental simulation method and system | |
CN113468524A (en) | RASP-based machine learning model security detection method | |
CN105701405A (en) | System and method for antivirus checking of native images of software assemblies | |
Zhang et al. | Automatic detection of Android malware via hybrid graph neural network | |
CN112257077A (en) | Automatic vulnerability mining method based on deep learning | |
CN107203410A (en) | A kind of VMI method and system based on redirection of system call | |
KR102507189B1 (en) | Method for extracting neural networks via meltdown | |
Thevenon et al. | iMRC: Integrated Monitoring & Recovery Component, a Solution to Guarantee the Security of Embedded Systems. | |
CN115220736A (en) | Target automatic deployment method based on OPENSTACK | |
CN102999719B (en) | A kind of malicious code on-line analysis based on hardware simulator and system | |
Zhou et al. | A hardware-based architecture-neutral framework for real-time iot workload forensics | |
Yao et al. | Research on IoT Device Vulnerability Mining Technology Based on Static Preprocessing and Coloring Analysis | |
Newlin et al. | ARC Containers for AI Workloads: Singularity Performance Overhead |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |