CN113742721A - Vulnerability scanning processing method, device and system, electronic device and storage medium - Google Patents
Vulnerability scanning processing method, device and system, electronic device and storage medium Download PDFInfo
- Publication number
- CN113742721A CN113742721A CN202111004747.0A CN202111004747A CN113742721A CN 113742721 A CN113742721 A CN 113742721A CN 202111004747 A CN202111004747 A CN 202111004747A CN 113742721 A CN113742721 A CN 113742721A
- Authority
- CN
- China
- Prior art keywords
- scanning
- vulnerability
- result
- vulnerability scanning
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 28
- 238000012216 screening Methods 0.000 claims abstract description 31
- 238000004458 analytical method Methods 0.000 claims description 35
- 238000012545 processing Methods 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 17
- 230000005540 biological transmission Effects 0.000 claims description 12
- 238000012163 sequencing technique Methods 0.000 claims description 12
- 238000000034 method Methods 0.000 abstract description 17
- 238000004364 calculation method Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 3
- 230000001174 ascending effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application relates to a processing method, a device, a system, an electronic device and a storage medium for vulnerability scanning, wherein the processing method for vulnerability scanning comprises the following steps: acquiring scanning reports corresponding to at least two vulnerability scanning devices, and acquiring scanning vulnerabilities scanned by each vulnerability scanning device according to all the scanning reports; calculating to obtain an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screening all vulnerability scanning devices to obtain target combination devices according to the accuracy result and the similarity result; and generating a vulnerability scanning result based on the target combination equipment. Through the vulnerability scanning method and device, the problem of low vulnerability scanning efficiency is solved, and the scanning capability comparison of multiple types of vulnerability scanning equipment is realized.
Description
Technical Field
The present application relates to the field of vulnerability scanning technologies, and in particular, to a vulnerability scanning processing method, device, system, electronic device, and storage medium.
Background
The security vulnerability scanning of the current system is usually realized through software or browser Web; and multiple types of vulnerability scanning equipment can be installed aiming at different systems, so that asset vulnerability scanning is carried out on environments with various types of vulnerabilities. However, in the related art, the vulnerability scanning device cannot be flexibly combined to analyze assets, resulting in low vulnerability scanning efficiency.
At present, no effective solution is provided for the problem of low efficiency of vulnerability scanning in the related technology.
Disclosure of Invention
The embodiment of the application provides a vulnerability scanning processing method, device, system, electronic device and storage medium, so as to at least solve the problem of low vulnerability scanning efficiency in the related technology.
In a first aspect, an embodiment of the present application provides a vulnerability scanning processing method, where the method includes:
acquiring scanning reports corresponding to at least two vulnerability scanning devices, and acquiring scanning vulnerabilities scanned by each vulnerability scanning device according to all the scanning reports;
calculating to obtain an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screening all vulnerability scanning devices to obtain target combination devices according to the accuracy result and the similarity result;
and generating a vulnerability scanning result based on the target combination equipment.
In some embodiments, the obtaining, according to all the scanning reports, the scanning vulnerabilities scanned by each vulnerability scanning device includes:
acquiring a preset third-party database;
executing specified analysis operation aiming at all the scanning reports according to the third-party database and the vulnerability scanning equipment to obtain an analysis result corresponding to each vulnerability scanning equipment; wherein the specified parsing operation is matched with the vulnerability scanning equipment;
and acquiring the corresponding scanning loopholes according to each analysis result.
In some embodiments, the obtaining the corresponding scanning vulnerability according to each parsing result includes:
and acquiring the scanning vulnerability according to the analysis result, and acquiring the same vulnerability result among all vulnerability scanning devices based on the scanning vulnerability.
In some embodiments, the obtaining, according to the calculation of all the scanning vulnerabilities, an accuracy result and a similarity result of each vulnerability scanning device includes:
acquiring vulnerability quantity results scanned by each vulnerability scanning device according to the scanning vulnerabilities;
acquiring a preset environment vulnerability result, and acquiring an accuracy result of the vulnerability scanning equipment corresponding to the vulnerability quantity result according to a first ratio result of the environment vulnerability result and the vulnerability quantity result;
and acquiring the same vulnerability results among all vulnerability scanning devices, and acquiring the similarity result of the vulnerability scanning devices corresponding to the vulnerability quantity result according to a second ratio result of the same vulnerability results and the vulnerability quantity result.
In some embodiments, the screening, according to the accuracy result and the similarity result, target combination devices from all the vulnerability scanning devices includes:
sequencing all the accuracy results to obtain a first sequencing result, and screening from the vulnerability scanning equipment according to the first sequencing result to obtain first target scanning equipment;
according to the first target scanning device, sequencing all the similarity results to obtain a second sequencing result, and screening from the vulnerability scanning device according to the second sequencing result to obtain a second target scanning device;
and obtaining the target combination equipment according to the first target scanning equipment and the second target scanning equipment.
In some embodiments, the generating vulnerability scanning results based on the target combination device comprises:
sending a combined report generated according to the target combined equipment to terminal equipment for displaying, and receiving a scanning instruction of the terminal equipment for the combined report;
and generating the vulnerability scanning result according to the scanning instruction.
In a second aspect, an embodiment of the present application provides a processing apparatus for vulnerability scanning, where the apparatus includes: the device comprises an acquisition module, a combination module and a generation module;
the acquisition module is used for acquiring scanning reports corresponding to at least two vulnerability scanning devices and acquiring the scanning vulnerability scanned by each vulnerability scanning device according to all the scanning reports;
the combined module is used for calculating and obtaining an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screening and obtaining target combined devices from all the vulnerability scanning devices according to the accuracy result and the similarity result;
the generation module is used for generating a vulnerability scanning result based on the target combination equipment.
In a third aspect, an embodiment of the present application provides a vulnerability scanning processing system, where the system includes: vulnerability scanning equipment, transmission equipment and server equipment; the vulnerability scanning equipment is connected with the server equipment through the transmission equipment;
the vulnerability scanning equipment is used for scanning to obtain a corresponding scanning report;
the transmission equipment is used for acquiring the scanning report from the vulnerability scanning equipment and sending the scanning report to the server equipment;
the server device is configured to execute the vulnerability scanning processing method according to the first aspect.
In a fourth aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor, when executing the computer program, implements the processing method for vulnerability scanning according to the first aspect.
In a fifth aspect, the present application provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the processing method for vulnerability scanning according to the first aspect.
Compared with the related art, the vulnerability scanning processing method, the vulnerability scanning processing device, the vulnerability scanning system, the electronic device and the storage medium provided by the embodiment of the application acquire the scanning reports corresponding to at least two vulnerability scanning devices and acquire the scanning vulnerability scanned by each vulnerability scanning device according to all the scanning reports; calculating to obtain an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screening all vulnerability scanning devices to obtain target combination devices according to the accuracy result and the similarity result; based on the target combination equipment, the vulnerability scanning result is generated, the problem of low vulnerability scanning efficiency is solved, and the scanning capability comparison of multiple types of vulnerability scanning equipment is realized.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is an application environment diagram of a vulnerability scanning processing method according to an embodiment of the present application;
FIG. 2 is a flowchart of a vulnerability scanning processing method according to an embodiment of the present application;
FIG. 3 is a flowchart of a vulnerability scanning processing method according to the preferred embodiment of the present application;
FIG. 4 is a block diagram of a vulnerability scanning processing apparatus according to an embodiment of the present application;
FIG. 5 is a block diagram of a vulnerability scanning processing system according to an embodiment of the present application;
fig. 6 is a block diagram of the inside of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference herein to "a plurality" means greater than or equal to two. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The vulnerability scanning processing method provided by the embodiment can be applied to the application scenario shown in fig. 1. Wherein the terminal device 102 communicates with the server device 104 over a network. The server device 104 obtains scanning reports generated by scanning a plurality of vulnerability scanning devices, and analyzes the scanning reports according to all the reports to obtain scanning vulnerabilities corresponding to each vulnerability scanning device; the server device 104 performs analysis processing on all scanning vulnerabilities, calculates accuracy results and similarity results of vulnerability scanning devices, and further screens the vulnerability scanning devices to obtain optimal target combination devices; finally, the server device 104 sends the combined report generated based on the target combined device to the terminal device 102, and the terminal device 102 displays the combined report to the user, so as to generate a vulnerability scanning result according to the scanning instruction corresponding to the combined report acquired by the terminal device. The terminal device 102 may be, but is not limited to, various smart phones, personal computers, notebook computers, and tablet computers, and the server device 104 may be implemented by an independent server or a server cluster formed by a plurality of servers.
Fig. 2 is a flowchart of a vulnerability scanning processing method according to an embodiment of the present application, and as shown in fig. 2, the flowchart includes the following steps:
step S210, obtaining scanning reports corresponding to at least two vulnerability scanning devices, and obtaining the scanning vulnerability scanned by each vulnerability scanning device according to all the scanning reports.
The vulnerability scanning device may be a device that can scan vulnerabilities in system assets such as a host and a Web, and the scanning types of all vulnerability scanning devices are the same, for example, each vulnerability scanning device may employ a host scanning engine or a Web scanning engine, and the vulnerability scanning device may be deployed on the server device, other server devices connected to the server device or belonging to the same server cluster, or the terminal device. It should be noted that in the embodiment of the present application, multiple vulnerability scanning devices of different manufacturers and different types may be used to scan the system. Specifically, the processor may instruct each vulnerability scanning device to perform asset scanning in an environment where vulnerabilities of various types and known numbers are pre-deployed, and obtain respective corresponding scanning reports; and then the processor imports and analyzes the scanning report generated by each vulnerability scanning device, so as to obtain the number and the type of the scanning vulnerabilities corresponding to each vulnerability scanning device.
Step S220, calculating an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screening all the vulnerability scanning devices to obtain a target combination device according to the accuracy result and the similarity result.
Specifically, after the number of scanning vulnerabilities scanned by each vulnerability scanning device and the type of the scanning vulnerabilities are sequentially analyzed and obtained according to the scanning vulnerabilities obtained through analysis, the accuracy result of each vulnerability scanning device can be obtained by calculating and comparing the number of the scanning vulnerabilities corresponding to each vulnerability scanning device, and it can be understood that the accuracy result is used for indicating the strength of the scanning capabilities of the corresponding vulnerability scanning devices, that is, the more vulnerabilities scanned, the stronger the scanning capabilities of the vulnerability scanning devices can be considered, or the higher the similarity between the detected number and type information of the scanned vulnerabilities and known vulnerabilities in a pre-deployed environment is detected, that is, the more accurate the scanning results of the vulnerability scanning devices are, and the stronger the scanning capabilities of the vulnerability scanning devices are also indicated. Moreover, the number of scanning vulnerabilities under the same scanning vulnerability type between vulnerability scanning devices can be compared through calculation, and the calculated number of scanning vulnerabilities between two vulnerability scanning devices is larger, which indicates that the similarity of the two vulnerability scanning devices is higher.
Then, the accuracy result and the similarity result obtained by the calculation can be screened from all vulnerability scanning devices based on a preset screening strategy to obtain the optimal target combination device; the number of vulnerability scanning devices forming the target combination device is at least two. For example, the screening policy may be set to sort based on the accuracy result, and select three vulnerability scanning devices with the highest accuracy indicated by the accuracy result as the target combination device; or, the screening strategy may also be set to sort based on the accuracy result to obtain two vulnerability scanning devices with the highest accuracy, then randomly select one of the two vulnerability scanning devices, calculate the similarity result between the vulnerability scanning device and other vulnerability scanning devices, and finally select a vulnerability scanning device with the highest similarity result to serve as the target combination device together with the two selected vulnerability scanning devices; alternatively, the screening policy may be set to analyze the accuracy result and the similarity result at the same time, and different screening policies may be applicable to different scanning application scenarios, which are not described herein again. It should be added that, after the target combination device is obtained through screening, the processor may transmit and store specific numerical values of the target combination device, such as a device type, an accuracy result, or a similarity result, into a storage space, such as a database, a memory, or a hard disk, so as to be taken out at any time during an actual scanning process in a subsequent step.
Step S230, generating a vulnerability scanning result based on the target combination device.
Specifically, in the case of performing asset scanning by using the target combination device, the scanning results of the vulnerability scanning devices in the target combination device may be comprehensively analyzed by the processor, so as to obtain a final vulnerability scanning result.
Through the steps S210 to S230, the scanning loopholes of each loophole scanning device are obtained through the scanning report calculation of all loophole scanning devices, the optimal target combination device is obtained through the calculation of all the scanning loopholes, and the loophole scanning result is generated based on the target combination device, so that the combination of the scanning results of all different types of loophole scanning devices can be realized only through analyzing the scanning report without additionally arranging new loophole scanning devices, the manpower and material resource cost required to be consumed is effectively reduced, and the problem of low loophole scanning efficiency is solved.
In some embodiments, the obtaining of the scanning vulnerability scanned by each vulnerability scanning device according to all the scanning reports further includes the following steps:
step S211, acquiring a preset third-party database; executing specified analysis operation aiming at all the scanning reports according to the third-party database and the vulnerability scanning equipment to obtain an analysis result corresponding to each vulnerability scanning equipment; wherein the specified parsing operation is matched with the vulnerability scanning device.
After the scanning report corresponding to each vulnerability scanning device is obtained through the steps, each scanning report can be led in by the processor, and each scanning report executes the appointed analysis operation matched with each vulnerability scanning device according to different vulnerability scanning devices; each vulnerability scanning device contains unique identification marks such as an ID and the like, and each unique identification mark is stored in a software program for executing specified analysis operation in advance. Specifically, the software program may be utilized to sequentially select each vulnerability scanning device to create an analysis task, match each scanning report with the corresponding vulnerability scanning device based on the unique identity, and execute the corresponding specified analysis operation according to the matched scanning report; it should be noted that the vulnerability level corresponding to the vulnerability scanning device, Nessus, is english, and the fields and definitions corresponding to the vulnerability solution, vulnerability description, etc. are all different from those of other vulnerability scanning devices, and there is also a difference with the returned results between other vulnerability scanning devices, so that a user can write codes in advance to set a third party definition with a uniform data structure, and the third party definition can be stored in the third party database in advance by the processor; in the process that the software program executes corresponding specified analysis operations on different scanning reports, the data in each scanning report can be analyzed to the unified third party definition in the third party database through different specified analysis operations, so as to obtain a final analysis result; through the step S211, after the data analysis is performed on each scanned data, the scanned data can have the same corresponding data field and the unified result, so that the data structure of each bug scanning device is unified.
Step S212, obtaining the corresponding scanning vulnerability according to each analysis result.
Specifically, after the scanning reports are analyzed to obtain analysis results with unified data structures among the scanning reports, the scanning bugs in the analysis results can be calculated and counted, so that comparison of the bug scanning devices in the subsequent steps can be realized.
Through the steps S211 to S212, before the target combination device is obtained by screening, designated parsing operation may be performed on each scanning device in advance to obtain a parsing result corresponding to each bug scanning device, so that data in a scanning report of each bug scanning device can be uniformly converted to a third party definition, so that data structures between the bug scanning devices are uniform, performance of each bug scanning device is conveniently and rapidly compared, and variables can be controlled to ensure accuracy of performance comparison results, thereby realizing efficient and accurate screening of the optimal target combination device, and effectively improving efficiency and accuracy of bug scanning processing.
In some embodiments, the step S212 further includes the following steps: and acquiring the scanning vulnerability according to the analysis result, and acquiring the same vulnerability result among all vulnerability scanning devices based on the scanning vulnerability. After the analysis result of each vulnerability scanning device is obtained through the analysis in step S211, the analysis result may be stored in the third-party database, and the analysis result is summarized and read from the third-party database, and fields such as Common Vulnerabilities and Exposures (CVE for short) or vulnerability names of the Vulnerabilities scanned in each analysis result are obtained, where the CVE is characterized in that a unique name is determined for the Vulnerabilities and Exposures; because the data structures in the analysis results are unified, the types of all scanning vulnerabilities can be quickly obtained and determined so as to perform comparative analysis processing. For example, the vulnerability scanning devices include a Nessus and an anxion cloud, and a report of the Nessus scanner with an IP of 192.168.31.1 to 192.168.31.255 is imported in step S211, and a scanning report of the anxion cloud for an IP of 192.168.31.55 is imported, and after the step of parsing and warehousing, the processor may detect that both vulnerability scanning devices have a scanning vulnerability corresponding to the same IP of 192.168.31.55, that is, a vulnerability result corresponding to the IP of 192.168.31.55 may be used as the same vulnerability result between the vulnerability scanning devices. It should be added that, since the same vulnerability result among all vulnerability scanning devices is obtained through calculation in this embodiment, in the subsequent step S220, the accuracy result and the similarity result corresponding to each vulnerability scanning device can be obtained through calculation based on the same vulnerability result.
Through the embodiment, the uniform analysis result based on the data structure is processed, so that the same vulnerability result among all vulnerability scanning devices is obtained, the performance comparison of all vulnerability scanning devices is convenient to count aiming at the same vulnerability result, the comparison variable is further controlled, and the efficiency and the accuracy of vulnerability scanning processing are improved.
In some embodiments, the step of obtaining the accuracy result and the similarity result of each vulnerability scanning device according to the calculation of all the scanning vulnerabilities further includes the following steps:
step S221, obtaining a vulnerability quantity result scanned by each vulnerability scanning device according to the scanning vulnerability.
It can be understood that, after the scanning vulnerabilities scanned by each vulnerability scanning device are obtained in step S210, the data amount of the scanning vulnerabilities corresponding to each vulnerability scanning device may be further calculated and counted by the processor, and the data amount is used as the vulnerability number result.
Step S222, obtaining a preset environment vulnerability result, and obtaining an accuracy result of the vulnerability scanning device corresponding to the vulnerability quantity result according to a first ratio result of the environment vulnerability result and the vulnerability quantity result.
It can be understood that, in this embodiment, the process of screening the target combination device is to scan the system assets by using the target combination device before actually scanning the asset vulnerabilities and after obtaining the target combination device. Specifically, a user may first deploy an environment with various vulnerability types and known vulnerability number by writing a script in advance, and use each vulnerability type and number in the deployed environment as the environment vulnerability result. The vulnerability scanning device comprises a vulnerability scanning device, a target combination device and a script generating device, wherein the vulnerability type and the number of the vulnerabilities can be manually controlled through the script, and therefore the vulnerabilities with comprehensive types and large data volumes can be manufactured through the script, so that the scanning capability of the vulnerability scanning device can be compared more accurately, and the generated target combination device can be suitable for more actual scanning scenes.
After the environment vulnerability result is obtained, the processor may compare the vulnerability quantity result with the total vulnerability quantity in the environment vulnerability result to obtain the first ratio result, and the first ratio result may be used as the accuracy result of the corresponding vulnerability scanning device. It should be noted that, in this comparison process, the vulnerability scanning devices of the same type may be compared; for example, if the number of common scanned vulnerabilities by the host scanning engine 1 is X scanning vulnerabilities, and the number of common scanned vulnerabilities by the host scanning engine 2 is Y scanning vulnerabilities, and the known vulnerabilities in the environment vulnerability results are Z vulnerabilities, and X, Y, Z is a positive integer, the accuracy result of the host scanning engine 1 is X/Z, and the accuracy result of the host scanning engine 2 is Y/Z, all the vulnerability scanning engines adopt the host scanning engine, which may be aggregated according to the CVE of each host scanning engine. Or, each vulnerability scanning device may also be a Web scanning engine, and the first ratio result may be obtained based on POC calculation for vulnerability specification or example, so as to obtain an accuracy result corresponding to each vulnerability scanning device; alternatively, each vulnerability scanning device may also be a baseline scanning engine, and the accuracy result is determined based on the comparison, inspection and classification, which is not described herein again.
Step S223, obtaining the same vulnerability result between all vulnerability scanning devices, and obtaining the similarity result of the vulnerability scanning device corresponding to the vulnerability quantity result according to the second ratio result of the same vulnerability result and the vulnerability quantity result.
The method comprises the steps that scanning vulnerabilities of vulnerability scanning devices are analyzed, and whether the same vulnerability results of the same IP exist among the vulnerability scanning devices or not can be detected; if the same vulnerability result does not exist between a certain vulnerability scanning device and another vulnerability scanning device, the similarity degree of the two vulnerability scanning devices is 0; if the same vulnerability result exists between a certain vulnerability scanning device and other vulnerability scanning devices, comparing the vulnerability number in the same vulnerability result with the total vulnerability number in the environment vulnerability result to obtain the second ratio result, and taking the second ratio result as the similarity result between the two corresponding vulnerability scanning devices. Taking the vulnerability scanning device including the host scanning engine 1 and the host scanning engine 2 as an example, when detecting that the number of the same CVE vulnerabilities between the host scanning engine 1 and the host scanning engine 2 is N, the similarity result between the host scanning engine 1 and the host scanning engine 2 is N/Z; wherein N is a positive integer.
In some embodiments, the screening of the target combination device from all the vulnerability scanning devices according to the accuracy result and the similarity result further includes the following steps:
step S224, performing sorting processing on all the accuracy results to obtain a first sorting result, and screening from the vulnerability scanning device according to the first sorting result to obtain a first target scanning device.
Specifically, after the accuracy results corresponding to all the vulnerability scanning devices are obtained through the calculation in the step S222, the processor may perform descending sorting on the accuracy results according to the value size, and use the descending result as the first sorting result, where one or more vulnerability scanning devices that are sorted most in the first sorting result are the first target scanning devices obtained through the screening; wherein the number of the first target scanning devices may be set by a user in advance.
Step S225, according to the first target scanning device, performing ranking processing on all the similarity results to obtain a second ranking result, and according to the second ranking result, screening from the vulnerability scanning device to obtain a second target scanning device.
Specifically, after the similarity results corresponding to each two vulnerability scanning devices are obtained through calculation in step S223 and the first target scanning device is obtained through screening in step S224, the processor may obtain the similarity results between the other vulnerability scanning devices and the first target scanning device based on the first target scanning device, sort the obtained similarity results in ascending order according to the value size, and use the ascending order result as the second sorting result, where one or more vulnerability scanning devices in the second sorting result that are the most ranked in the first sorting result are the second target scanning device obtained through screening; wherein the number of the second target scanning devices may be set by a user in advance.
In step S226, the target combination device is obtained according to the first target scanning device and the second target scanning device. And combining the first target scanning device and the second target scanning device to obtain the target combination device.
Through the steps S221 to S226, the accuracy result and the similarity result of each vulnerability scanning device are respectively obtained by calculating using the preset environment vulnerability result, and the calculated results are subjected to sorting processing, so that efficient and accurate screening of the target combination device is realized, and the efficiency and the accuracy of vulnerability scanning processing are further improved.
In some embodiments, the step S230 further includes the following steps: sending the combined report generated according to the target combined equipment to terminal equipment for displaying, and receiving a scanning instruction of the terminal equipment for the combined report; and generating the vulnerability scanning result according to the scanning instruction. After the target combination device is obtained through the screening in step S220, a combination report may be generated in a table manner according to data such as the device name and the accuracy result of each vulnerability scanning device in the target combination device, and the scanning similarity result between the vulnerability scanning device and other vulnerability scanning devices, and sent to the terminal device, and the terminal device may output and display the combination report in a Word table or an Excel table. The user may query the automatically generated combined report by interacting with the terminal device, and may select whether to select a target combined device from the combined report to combine multiple types of vulnerability scanning devices for scanning, or select a part of vulnerability scanning devices in the target combined device, or select a vulnerability scanning device other than the combined report, and the terminal device obtains a selected result by the user interaction, and sends a scanning instruction generated based on the selected result to the processor, and finally the processor instructs the corresponding vulnerability scanning device to scan for the system asset according to the scanning instruction, thereby generating the vulnerability scanning result.
Through the embodiment, the generated combination based on the target combination equipment is sent to the terminal equipment for displaying, so that the optimized combination visualization in the vulnerability scanning equipment is realized, a user can conveniently inquire and apply the optimal combination result of multiple vulnerability scanning equipment in time, and the user experience is improved.
An embodiment of the present application is described in detail below with reference to an actual application scenario, and fig. 3 is a flowchart of a vulnerability scanning processing method according to a preferred embodiment of the present application, and as shown in fig. 3, the flowchart includes the following steps:
step S301, starting a vulnerability scanning processing flow; and scanning the IP by multiple vulnerability scanning devices.
Step S302, downloading a scanning report.
Step S303, importing the scan report into the system, and performing data unified conversion on the scan report.
And step S304, analyzing the data and giving a specific numerical value of the optimal combined equipment.
Step S305, deriving a table report including the specific numerical values to display to a user; and ending the processing flow of vulnerability scanning.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here.
The present embodiment further provides a processing apparatus for vulnerability scanning, where the apparatus is used to implement the foregoing embodiments and preferred embodiments, and the details of which have been already described are not repeated. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 4 is a block diagram of a processing apparatus for vulnerability scanning according to an embodiment of the present application, where as shown in fig. 4, the apparatus includes: an acquisition module 42, a combining module 44, and a generation module 46; the obtaining module 42 is configured to obtain scanning reports corresponding to at least two vulnerability scanning devices, and obtain, according to all the scanning reports, a scanning vulnerability scanned by each vulnerability scanning device; the combination module 44 is configured to calculate an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screen all the vulnerability scanning devices to obtain a target combination device according to the accuracy result and the similarity result; the generating module 46 is configured to generate a vulnerability scanning result based on the target combination device.
Through the embodiment, the obtaining module 42 obtains the scanning loopholes of each loophole scanning device through the scanning report calculation of all loophole scanning devices, the combining module 44 obtains the optimal target combining device based on all scanning loopholes, and the generating module 46 generates the loophole scanning result based on the target combining device, so that the combination of the scanning results of all different loophole scanning devices can be realized only by analyzing the scanning report without additionally providing new loophole scanning devices, the manpower and material resource costs required to be consumed are effectively reduced, and the problem of low loophole scanning efficiency is solved.
In some embodiments, the obtaining module 42 is further configured to obtain a preset third-party database; executing specified analysis operation aiming at all the scanning reports according to the third-party database and the vulnerability scanning equipment to obtain an analysis result corresponding to each vulnerability scanning equipment; wherein the specified parsing operation is matched with the vulnerability scanning equipment; the obtaining module 42 obtains the corresponding scanning vulnerability according to each parsing result.
In some embodiments, the obtaining module 42 is further configured to obtain the scanning vulnerability according to the analysis result, and obtain the same vulnerability result among all vulnerability scanning devices based on the scanning vulnerability.
In some embodiments, the above-mentioned combination module 44 is further configured to obtain, according to the scanning vulnerability, a vulnerability quantity result scanned by each vulnerability scanning device; the combination module 44 obtains a preset environment vulnerability result, and obtains an accuracy result of the vulnerability scanning device corresponding to the vulnerability quantity result according to a first ratio result of the environment vulnerability result and the vulnerability quantity result; the combination module 44 obtains the same vulnerability result among all vulnerability scanning devices, and obtains the similarity result of the vulnerability scanning device corresponding to the vulnerability quantity result according to the second ratio result of the same vulnerability result and the vulnerability quantity result.
In some embodiments, the combination module 44 is further configured to perform sorting processing on all the accuracy results to obtain a first sorting result, and screen a first target scanning device from the vulnerability scanning device according to the first sorting result; the combination module 44 performs sorting processing on all the similarity results according to the first target scanning device to obtain a second sorting result, and screens from the vulnerability scanning device according to the second sorting result to obtain a second target scanning device; the combining module 44 derives the target combination device from the first target scanning device and the second target scanning device.
In some embodiments, the generating module 46 is further configured to send the combined report generated by the target combined device to a terminal device for displaying, and receive a scanning instruction of the terminal device for the combined report; the generating module 46 generates the bug scan result according to the scan instruction.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
Fig. 5 is a block diagram of a structure of a vulnerability scanning processing system according to an embodiment of the present application, and as shown in fig. 5, the vulnerability scanning processing system includes: vulnerability scanning device 52, transmission device 54, and server device 104; wherein the vulnerability scanning device 52 is connected to the server device 106 through the transmission device 54; the vulnerability scanning device 52 may be deployed on the server device 104, or may be deployed on another server device connected to the server device 104 or belonging to the same server cluster, and the vulnerability scanning device 52 may also be deployed on the terminal device, which is not described herein again. The vulnerability scanning equipment 52 is used for scanning to obtain a corresponding scanning report; the transmission device 54 is configured to obtain the scan report from the vulnerability scanning device 52 and send the scan report to the server device 104; the server device 104 obtains scanning reports corresponding to at least two vulnerability scanning devices 52, and obtains the scanning vulnerability scanned by each vulnerability scanning device 52 according to all the scanning reports; the server device 104 calculates an accuracy result and a similarity result of each vulnerability scanning device 52 according to all the scanning vulnerabilities, and screens all vulnerability scanning devices 52 according to the accuracy result and the similarity result to obtain a target combination device; the server device 104 generates vulnerability scanning results based on the target combination device.
Through the embodiment, the server device 104 calculates the scanning loopholes of each loophole scanning device 52 through the scanning reports of all loophole scanning devices 52 to obtain an optimal target combination device based on all scanning loopholes, and generates a loophole scanning result based on the target combination device, so that the combination of the scanning results of all different loophole scanning devices can be realized only by analyzing the scanning reports without additional new loophole scanning devices 52, the human and material cost required to be consumed is effectively reduced, and the problem of low loophole scanning efficiency is solved.
In some embodiments, the server device 104 is further configured to obtain a preset third-party database; executing specified analysis operation aiming at all the scanning reports according to the third-party database and the vulnerability scanning equipment 52 to obtain an analysis result corresponding to each vulnerability scanning equipment 52; wherein the specified parsing operation matches the vulnerability scanning device 52; the server device 104 obtains the corresponding scanning vulnerability according to each parsing result.
In some embodiments, the server device 104 is further configured to obtain the scanning vulnerability according to the parsing result, and obtain the same vulnerability result among all vulnerability scanning devices 52 based on the scanning vulnerability.
In some embodiments, the server device 104 is further configured to obtain, according to the scanning vulnerability, a vulnerability number result scanned by each vulnerability scanning device 52; the server device 104 obtains a preset environment vulnerability result, and obtains an accuracy result of the vulnerability scanning device 52 corresponding to the vulnerability quantity result according to a first ratio result of the environment vulnerability result and the vulnerability quantity result; the server device 104 obtains the same vulnerability result among all vulnerability scanning devices 52, and obtains the similarity result of the vulnerability scanning device 52 corresponding to the vulnerability quantity result according to the second ratio result of the same vulnerability result and the vulnerability quantity result.
In some embodiments, the server device 104 is further configured to perform sorting processing on all the accuracy results to obtain a first sorting result, and screen the vulnerability scanning device 104 according to the first sorting result to obtain a first target scanning device; the server device 104 performs sorting processing on all the similarity results according to the first target scanning device to obtain a second sorting result, and screens the vulnerability scanning device 52 according to the second sorting result to obtain a second target scanning device; the server device 104 obtains the target combination device from the first target scanning device and the second target scanning device.
In some embodiments, the vulnerability scanning processing system further includes a terminal device; wherein the terminal device is connected to the server device 104 through the transmission device 54; the server device 104 is further configured to send the combined report generated according to the target combined device to the terminal device for displaying, and receive a scanning instruction of the terminal device for the combined report; the server device 104 generates the vulnerability scanning result according to the scanning instruction.
In some embodiments, a computer device is provided, and the computer device may be a server, and fig. 6 is a structural diagram of the inside of a computer device according to the embodiment of the present application, as shown in fig. 6. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used to store the target combination device. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to realize the processing method of vulnerability scanning.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
The present embodiment also provides an electronic device comprising a memory having a computer program stored therein and a processor configured to execute the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
and S1, acquiring scanning reports corresponding to at least two vulnerability scanning devices, and acquiring the scanning vulnerability scanned by each vulnerability scanning device according to all the scanning reports.
And S2, calculating according to all the scanning vulnerabilities to obtain an accuracy result and a similarity result of each vulnerability scanning device, and screening all vulnerability scanning devices to obtain target combination devices according to the accuracy result and the similarity result.
And S3, generating vulnerability scanning results based on the target combination equipment.
It should be noted that, for specific examples in this embodiment, reference may be made to examples described in the foregoing embodiments and optional implementations, and details of this embodiment are not described herein again.
In addition, the processing of vulnerability scanning in the above embodiments is combined. The embodiment of the application can provide a storage medium to realize the method. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any one of the vulnerability scanning processing methods in the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be understood by those skilled in the art that various features of the above-described embodiments can be combined in any combination, and for the sake of brevity, all possible combinations of features in the above-described embodiments are not described in detail, but rather, all combinations of features which are not inconsistent with each other should be construed as being within the scope of the present disclosure.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A vulnerability scanning processing method is characterized by comprising the following steps:
acquiring scanning reports corresponding to at least two vulnerability scanning devices, and acquiring scanning vulnerabilities scanned by each vulnerability scanning device according to all the scanning reports;
calculating to obtain an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screening all vulnerability scanning devices to obtain target combination devices according to the accuracy result and the similarity result;
and generating a vulnerability scanning result based on the target combination equipment.
2. The processing method according to claim 1, wherein the obtaining of the scanning vulnerabilities scanned by each vulnerability scanning device according to all the scanning reports comprises:
acquiring a preset third-party database;
executing specified analysis operation aiming at all the scanning reports according to the third-party database and the vulnerability scanning equipment to obtain an analysis result corresponding to each vulnerability scanning equipment; wherein the specified parsing operation is matched with the vulnerability scanning equipment;
and acquiring the corresponding scanning loopholes according to each analysis result.
3. The processing method according to claim 2, wherein the obtaining the corresponding scanning vulnerability according to each parsing result comprises:
and acquiring the scanning vulnerability according to the analysis result, and acquiring the same vulnerability result among all vulnerability scanning devices based on the scanning vulnerability.
4. The processing method according to claim 1, wherein the calculating the accuracy result and the similarity result of each vulnerability scanning device according to all the scanning vulnerabilities comprises:
acquiring vulnerability quantity results scanned by each vulnerability scanning device according to the scanning vulnerabilities;
acquiring a preset environment vulnerability result, and acquiring an accuracy result of the vulnerability scanning equipment corresponding to the vulnerability quantity result according to a first ratio result of the environment vulnerability result and the vulnerability quantity result;
and acquiring the same vulnerability results among all vulnerability scanning devices, and acquiring the similarity result of the vulnerability scanning devices corresponding to the vulnerability quantity result according to a second ratio result of the same vulnerability results and the vulnerability quantity result.
5. The processing method according to claim 1, wherein the screening of the target combination device from all the vulnerability scanning devices according to the accuracy result and the similarity result comprises:
sequencing all the accuracy results to obtain a first sequencing result, and screening from the vulnerability scanning equipment according to the first sequencing result to obtain first target scanning equipment;
according to the first target scanning device, sequencing all the similarity results to obtain a second sequencing result, and screening from the vulnerability scanning device according to the second sequencing result to obtain a second target scanning device;
and obtaining the target combination equipment according to the first target scanning equipment and the second target scanning equipment.
6. The processing method according to any one of claims 1 to 5, wherein the generating vulnerability scanning results based on the target combination device comprises:
sending a combined report generated according to the target combined equipment to terminal equipment for displaying, and receiving a scanning instruction of the terminal equipment for the combined report;
and generating the vulnerability scanning result according to the scanning instruction.
7. An apparatus for processing vulnerability scanning, the apparatus comprising: the device comprises an acquisition module, a combination module and a generation module;
the acquisition module is used for acquiring scanning reports corresponding to at least two vulnerability scanning devices and acquiring the scanning vulnerability scanned by each vulnerability scanning device according to all the scanning reports;
the combined module is used for calculating and obtaining an accuracy result and a similarity result of each vulnerability scanning device according to all the scanning vulnerabilities, and screening and obtaining target combined devices from all the vulnerability scanning devices according to the accuracy result and the similarity result;
the generation module is used for generating a vulnerability scanning result based on the target combination equipment.
8. A vulnerability scanning processing system, the system comprising: vulnerability scanning equipment, transmission equipment and server equipment; the vulnerability scanning equipment is connected with the server equipment through the transmission equipment;
the vulnerability scanning equipment is used for scanning to obtain a corresponding scanning report;
the transmission equipment is used for acquiring the scanning report from the vulnerability scanning equipment and sending the scanning report to the server equipment;
the server device is used for executing the vulnerability scanning processing method of any one of claims 1 to 6.
9. An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the vulnerability scanning processing method of any of claims 1 to 6.
10. A storage medium having a computer program stored thereon, wherein the computer program is configured to execute the processing method of vulnerability scanning according to any of claims 1 to 6 when running.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111004747.0A CN113742721B (en) | 2021-08-30 | 2021-08-30 | Vulnerability scanning processing method, device, system, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111004747.0A CN113742721B (en) | 2021-08-30 | 2021-08-30 | Vulnerability scanning processing method, device, system, electronic device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113742721A true CN113742721A (en) | 2021-12-03 |
| CN113742721B CN113742721B (en) | 2024-03-26 |
Family
ID=78733841
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111004747.0A Active CN113742721B (en) | 2021-08-30 | 2021-08-30 | Vulnerability scanning processing method, device, system, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113742721B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080092237A1 (en) * | 2006-10-13 | 2008-04-17 | Jun Yoon | System and method for network vulnerability analysis using multiple heterogeneous vulnerability scanners |
| CN106656924A (en) * | 2015-10-30 | 2017-05-10 | 北京神州泰岳软件股份有限公司 | Method and device for processing security vulnerabilities of device |
| CN109302423A (en) * | 2018-11-23 | 2019-02-01 | 杭州迪普科技股份有限公司 | A kind of vulnerability scanning aptitude tests method and apparatus |
-
2021
- 2021-08-30 CN CN202111004747.0A patent/CN113742721B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080092237A1 (en) * | 2006-10-13 | 2008-04-17 | Jun Yoon | System and method for network vulnerability analysis using multiple heterogeneous vulnerability scanners |
| CN106656924A (en) * | 2015-10-30 | 2017-05-10 | 北京神州泰岳软件股份有限公司 | Method and device for processing security vulnerabilities of device |
| CN109302423A (en) * | 2018-11-23 | 2019-02-01 | 杭州迪普科技股份有限公司 | A kind of vulnerability scanning aptitude tests method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113742721B (en) | 2024-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9246932B2 (en) | Selective website vulnerability and infection testing | |
| CN108282489B (en) | vulnerability scanning method, server and system | |
| EP2916256A1 (en) | Systems and methods for behavior-based automated malware analysis and classification | |
| US10257222B2 (en) | Cloud checking and killing method, device and system for combating anti-antivirus test | |
| CN112559365A (en) | Test case screening method and device, computer equipment and storage medium | |
| CN111835756B (en) | APP privacy compliance detection method and device, computer equipment and storage medium | |
| CN109766261B (en) | Coverage test method, coverage test device, computer equipment and storage medium | |
| CN108256322B (en) | Security testing method and device, computer equipment and storage medium | |
| CN109271789B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
| CN112559364A (en) | Test case generation method and device, computer equipment and storage medium | |
| Mirzaei et al. | Triflow: Triaging android applications using speculative information flows | |
| CN111338622B (en) | Supply chain code identification method, device, server and readable storage medium | |
| Vadrevu et al. | Maxs: Scaling malware execution with sequential multi-hypothesis testing | |
| Feng et al. | Android malware detection based on call graph via graph neural network | |
| CN112347474A (en) | Method, device, equipment and storage medium for constructing security threat information | |
| CN116599747A (en) | Network and information security service system | |
| CN109542764B (en) | Webpage automatic testing method and device, computer equipment and storage medium | |
| CN109241511B (en) | Electronic report generation method and equipment | |
| CN114139161A (en) | Method, device, electronic equipment and medium for batch vulnerability detection | |
| CN111314326B (en) | Method, device, equipment and medium for confirming HTTP vulnerability scanning host | |
| US10248789B2 (en) | File clustering using filters working over file attributes | |
| CN111338958A (en) | Parameter generation method and device of test case and terminal equipment | |
| CN113742721A (en) | Vulnerability scanning processing method, device and system, electronic device and storage medium | |
| US11528294B2 (en) | Systems and methods for automated threat detection | |
| US20220237289A1 (en) | Automated malware classification with human-readable explanations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |