CN114050940A - Asset vulnerability detection method and device and electronic equipment - Google Patents
Asset vulnerability detection method and device and electronic equipment Download PDFInfo
- Publication number
- CN114050940A CN114050940A CN202210022928.4A CN202210022928A CN114050940A CN 114050940 A CN114050940 A CN 114050940A CN 202210022928 A CN202210022928 A CN 202210022928A CN 114050940 A CN114050940 A CN 114050940A
- Authority
- CN
- China
- Prior art keywords
- scanning
- scanned
- server
- dynamic
- asset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the disclosure provides an asset vulnerability detection method, an asset vulnerability detection device and electronic equipment. The method comprises the following steps: the server dynamically groups the targets to be scanned in the network to be scanned; the server respectively issues each dynamic group to the scanning probes deployed on different deployment nodes in the network to be scanned; the scanning probes execute asset scanning and vulnerability scanning tasks for corresponding dynamic groups; and the server receives asset scanning and vulnerability scanning results uploaded by the scanning probe. In this way, the accuracy and efficiency of asset vulnerability scanning may be improved.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to an asset vulnerability detection method, an asset vulnerability detection apparatus, and an electronic device.
Background
A deployment node is arranged in the traditional asset vulnerability detection method, when scanning is carried out for multiple times, the deployment node is easily identified as external attack by a protection system, so that request blocking and interception are carried out, the accuracy of vulnerability scanning results is reduced, and meanwhile, the scanning speed of the traditional asset detection and vulnerability scanning mode is low, and more time is spent for scanning and repairing vulnerabilities.
Disclosure of Invention
The disclosure provides an asset vulnerability detection method, an asset vulnerability detection device, an electronic device and a storage medium.
According to a first aspect of the present disclosure, an asset vulnerability detection method is provided. The method comprises the following steps: the server dynamically groups the targets to be scanned in the network to be scanned;
the server respectively issues each dynamic group to the scanning probes deployed on different deployment nodes in the network to be scanned;
the scanning probes execute asset scanning and vulnerability scanning tasks for corresponding dynamic groups;
and the server receives asset scanning and vulnerability scanning results uploaded by the scanning probe.
The foregoing aspect and any possible implementation manner further provide an implementation manner, where the dynamically grouping, by the server, targets to be scanned in a network to be scanned includes:
and the server dynamically groups the targets to be scanned through the IP address field, the port and the strategy protocol of the targets to be scanned in the network to be scanned.
The above-described aspect and any possible implementation manner further provide an implementation manner, where each dynamic packet is respectively issued to scanning probes deployed on different deployment nodes in the network to be scanned according to an IP address field, a port, or a policy protocol.
The above-described aspects and any possible implementations further provide an implementation in which the dynamic grouping includes:
and updating and regrouping the targets to be scanned according to the asset scanning and vulnerability scanning results uploaded by the scanning probe in real time.
According to a second aspect of the present disclosure, an asset vulnerability detection apparatus is provided. The device includes: the dynamic grouping module is used for dynamically grouping the targets to be scanned in the network to be scanned by the server;
the issuing module is used for the server to respectively issue each dynamic group to the scanning probes deployed on different deployment nodes in the network to be scanned;
the scanning module is used for executing asset scanning and vulnerability scanning tasks aiming at the corresponding dynamic groups by the scanning probe;
and the result uploading module is used for receiving the asset scanning and vulnerability scanning results uploaded by the scanning probe by the server.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory having a computer program stored thereon and a processor implementing the method as described above when executing the program.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as in accordance with the first aspect of the present disclosure.
The above aspects and any possible implementation manner provide an asset vulnerability detection method with high accuracy and high speed.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. The accompanying drawings are included to provide a further understanding of the present disclosure, and are not intended to limit the disclosure thereto, and the same or similar reference numerals will be used to indicate the same or similar elements, where:
FIG. 1 illustrates a flow diagram of an exemplary asset vulnerability detection method in which embodiments of the present disclosure can be implemented;
FIG. 2 illustrates an exemplary asset vulnerability detection apparatus schematic diagram implementing embodiments of the present disclosure;
FIG. 3 shows a schematic diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
According to the method and the device, the targets to be scanned are dynamically grouped and distributed to the scanning probes deployed on different deployment nodes in the network to be scanned for scanning, so that the risk that the same deployment node is mistakenly identified as external attack in repeated scanning can be reduced, the scanning accuracy is improved, and meanwhile, the scanning speed can be improved in multi-node scanning.
FIG. 1 is a flow diagram of an example asset vulnerability detection method 100 in which embodiments of the present disclosure can be implemented. The method comprises the following steps:
step 110: the server dynamically groups the targets to be scanned in the network to be scanned;
step 120: the server respectively issues each dynamic group to the scanning probes deployed on different deployment nodes in the network to be scanned;
step 130: the scanning probes execute asset scanning and vulnerability scanning tasks for corresponding dynamic groups;
step 140: and the server receives asset scanning and vulnerability scanning results uploaded by the scanning probe.
In some embodiments of the present disclosure, for step 110, the dynamically grouping, by the server, the targets to be scanned in the network to be scanned includes: and the server dynamically groups the target to be scanned through an IP address field, a port or a policy protocol of the target to be scanned in the network to be scanned. The flexibility of the asset vulnerability detection method can be improved by selecting different dynamic grouping methods, and the dynamic grouping methods can be selected or changed according to actual needs.
In some embodiments of the present disclosure, for step 120, each dynamic packet is respectively issued to scanning probes deployed on different deployment nodes in the network to be scanned according to an IP address field, a port, or a policy protocol. By dynamic grouping and issuing rules, the detection task is distributed to the scanning probes deployed on different deployment nodes to execute the scanning task, the situation that the same deployment node is repeatedly or repeatedly scanned and is mistakenly identified as external attack by a protection system is avoided, and the scanning task is blocked. Therefore, the scanning coverage rate and accuracy can be improved by using the scheme disclosed by the embodiment, and meanwhile, the scanning efficiency can be obviously improved by using the multi-node scanning method.
In some embodiments of the present disclosure, for step 120, the sending, by the server, each dynamic packet to the scanning probes deployed on the different deployment nodes respectively includes: the server respectively issues each dynamic packet to a scanning probe deployed on a deployment node corresponding to the IP address field according to the IP address field of each dynamic packet; and scanning probes deployed on different deployment nodes according to different IP address fields of corresponding dynamic packets.
In some embodiments of the present disclosure, for step 120, the sending, by the server, each dynamic packet to the scanning probes deployed on the different deployment nodes respectively includes: the server respectively issues each dynamic group to the scanning probes deployed on the deployment nodes corresponding to the ports according to the ports of each dynamic group; and scanning the scanning probes deployed on the different deployment nodes according to the corresponding ports of the dynamic grouping.
In some embodiments of the present disclosure, for step 120, the sending, by the server, each dynamic packet to the scanning probes deployed on the different deployment nodes respectively includes: the server respectively issues each dynamic group to a scanning probe deployed on a deployment node corresponding to the policy protocol according to the policy protocol of each dynamic group; and scanning the scanning probes deployed on the different deployment nodes according to the corresponding dynamic grouping strategy protocol.
In the above embodiment, if the dynamic packet is performed according to the IP address field, the scanning probe performs scanning according to the corresponding IP address field, which can improve the probe scanning accuracy and efficiency. The method effect of the port and the strategy protocol is the same.
In some embodiments of the present disclosure, for step 120, before the server issues each dynamic group to the scanning probes deployed on the different deployment nodes, the method further includes a step of optimizing resource configuration: and the server monitors the task requirement and selects the scanning probe meeting the task requirement to execute the scanning task.
In some embodiments of the present disclosure, the task requirements include requirements of the asset vulnerability detection method on storage space and/or computing space.
In some embodiments of the disclosure, the task requirements include requirements of CPU, memory, bandwidth, port, or storage space.
In some embodiments of the present disclosure, for step 130, the asset scanning includes analyzing each dynamic group issued by using a scanning probe to find a surviving host, identifying an operating system of the host, and detecting asset information of the host.
In some embodiments of the present disclosure, for step 130, the vulnerability scanning includes using the security capabilities of the scanning probe itself to perform PoC scanning, weak password scanning or Web scanning on the surviving assets to discover the vulnerability of the assets.
In some embodiments of the disclosure, the dynamic grouping comprises: and the server updates and regroups the targets to be scanned according to the asset scanning and vulnerability scanning results uploaded by the scanning probe in real time.
In some embodiments of the present disclosure, if asset scanning and vulnerability scanning results obtained by the server show that when grouping is performed according to IP address segments or ports and a corresponding scanning task is completed, a certain IP address segment or a certain port has more vulnerabilities, and the server may rearrange, according to the results, a scanning probe meeting task requirements to scan the IP address segment or the port again. Therefore, not only can a complete asset vulnerability detection result be obtained, but also a key analysis result can be provided through targeted scanning.
In some embodiments of the present disclosure, when the scan probe meeting the task requirement is rearranged to scan the IP address segment or the port again, the scan probe with the highest accuracy obtained in the last scan result or the scan probe with the fastest scan rate may also be arranged to scan.
In some embodiments of the present disclosure, if it is desired to improve the reliability of the method for detecting asset vulnerability or reduce the one-time scanning error, the dynamic grouping principle may be reset in step 110, and two rules are used to perform the grouping and scanning operations simultaneously. For example: and dynamically grouping according to the two standards of the IP address field and the scanning strategy or dynamically grouping according to the two standards of the port and the scanning strategy. Correspondingly, in step 130, the scanning probes deployed on different deployment nodes perform scanning according to the IP address field and the scanning policy of the corresponding dynamic packet, or the scanning probes deployed on different deployment nodes perform scanning according to the port and the scanning policy of the corresponding dynamic packet. And uploading the result obtained by scanning to the server, and comparing the result with the last scanning result.
In some embodiments of the present disclosure, for step 130, the server monitors the running process of the scanning probes deployed on different deployment nodes, and if it is found that the scanning rate of a certain scanning probe is slower in the scanning process, the server controls the scanning probe to terminate the scanning process, dynamically groups the targets to be scanned in the network to be scanned again, that is, terminates the operation of step 130, and returns to step 110.
For example, a first round of asset vulnerability detection method includes:
the server dynamically groups the targets to be scanned through the IP address field of the targets to be scanned in the network to be scanned; each dynamic group is issued to scanning probes deployed on different deployment nodes in the network to be scanned according to the IP address field; the server respectively issues each dynamic packet to a scanning probe deployed on a deployment node corresponding to the IP address field according to the IP address field of each dynamic packet; and scanning probes deployed on different deployment nodes according to different IP address fields of corresponding dynamic packets.
At this time, if the server or the scanning probe monitoring system finds that the scanning speed of a certain scanning probe is slower, the server controls the scanning probe to terminate the scanning task, readjusts the dynamic grouping rule, and performs the second scanning:
the server dynamically groups the targets to be scanned through the ports of the targets to be scanned in the network to be scanned; each dynamic group is issued to the scanning probes deployed on different deployment nodes in the network to be scanned according to the ports; the server respectively issues each dynamic group to the scanning probes deployed on the deployment nodes corresponding to the ports according to the ports of each dynamic group; and scanning probes deployed on different deployment nodes according to different ports of corresponding dynamic groups.
It should be noted that the replacement of the first-round scanning and the second-round scanning rules in the above examples includes, but is not limited to, replacing the IP address field with the port dynamic grouping or scanning basis, replacing the IP address field with the scanning policy dynamic grouping or scanning basis, replacing the port with the IP address field grouping or dynamic scanning basis, replacing the port with the dynamic scanning policy grouping or scanning basis, replacing the scanning policy with the IP address field dynamic grouping or scanning basis, replacing the scanning policy with the IP address field and port dynamic grouping or scanning basis, replacing the IP address field with the port and scanning policy dynamic grouping or scanning basis, replacing the port with the IP address field and scanning policy dynamic grouping or scanning basis, and the like, which can be thought of by those skilled in the art.
In some embodiments of the present disclosure, for step 140, the step of the server receiving the asset scanning and vulnerability scanning results uploaded by the scanning probe further includes: and the server collects the assets and vulnerability data gathered by the probes to perform data cleaning processing, and provides detailed vulnerability scanning reports from the two aspects of asset dimension and vulnerability dimension.
By the asset vulnerability detection method recorded in some embodiments of the present disclosure, the overall coverage and accuracy of asset detection and vulnerability detection can be improved, and the detection efficiency can also be improved.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present disclosure is not limited by the order of acts, as some steps may, in accordance with the present disclosure, occur in other orders and concurrently. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that acts and modules referred to are not necessarily required by the disclosure.
The above is a description of embodiments of the method, and the embodiments of the apparatus are further described below.
FIG. 2 illustrates an exemplary asset vulnerability detection apparatus 200 schematic diagram implementing embodiments of the present disclosure. The device includes:
the dynamic grouping module 210 is used for dynamically grouping targets to be scanned in a network to be scanned by the server;
the issuing module 220 is configured to issue each dynamic packet to the scanning probes deployed on different deployment nodes in the network to be scanned respectively by the server;
a scanning module 230 for the scanning probe to perform asset scanning and vulnerability scanning tasks for the corresponding dynamic groups;
and a result uploading module 240, configured to receive, by the server, asset scanning and vulnerability scanning results uploaded by the scanning probe.
In the dynamic grouping module 210 of some embodiments, the dynamically grouping, by the server, the targets to be scanned in the network to be scanned includes: and the server dynamically groups the target to be scanned through an IP address field, a port or a policy protocol of the target to be scanned in the network to be scanned.
In the issuing module 220 of some embodiments, each dynamic packet is issued to the scanning probes deployed on different deployment nodes in the network to be scanned according to an IP address field, a port, or a policy protocol. By dynamic grouping and issuing rules, the detection task is distributed to the scanning probes deployed on different deployment nodes to execute the scanning task, the situation that the same deployment node is repeatedly or repeatedly scanned and is mistakenly identified as external attack by a protection system is avoided, and the scanning task is blocked. Therefore, the scanning coverage rate and accuracy can be improved by using the scheme disclosed by the embodiment, and meanwhile, the scanning efficiency can be obviously improved by using the multi-node scanning method.
In the issuing module 220 of some embodiments, the issuing, by the server, each dynamic packet to the scanning probes deployed on the different deployment nodes includes: the server respectively issues each dynamic packet to a scanning probe deployed on a deployment node corresponding to the IP address field according to the IP address field of each dynamic packet; and scanning probes deployed on different deployment nodes according to different IP address fields of corresponding dynamic packets.
In the issuing module 220 of some embodiments, the issuing, by the server, each dynamic packet to the scanning probes deployed on the different deployment nodes includes: the server respectively issues each dynamic group to the scanning probes deployed on the deployment nodes corresponding to the ports according to the ports of each dynamic group; and scanning the scanning probes deployed on the different deployment nodes according to the corresponding ports of the dynamic grouping.
In the issuing module 220 of some embodiments, the issuing, by the server, each dynamic packet to the scanning probes deployed on the different deployment nodes includes: the server respectively issues each dynamic group to a scanning probe deployed on a deployment node corresponding to the policy protocol according to the policy protocol of each dynamic group; and scanning the scanning probes deployed on the different deployment nodes according to the corresponding dynamic grouping strategy protocol.
In the issuing module 220 of some embodiments, before the server issues each dynamic packet to the scanning probes deployed on different deployment nodes, the method further includes the step of optimizing resource configuration: and the server monitors the task requirement and selects the scanning probe meeting the task requirement to execute the scanning task.
In some embodiments of the present disclosure, the task requirements include requirements of the asset vulnerability detection method on storage space and/or computing space.
In some embodiments of the present disclosure, the task requirements include requirements of CPU, memory, bandwidth, port, or storage space.
In the scanning module 230 of some embodiments, the asset scanning includes analyzing the issued dynamic packets to find surviving hosts, identifying operating systems of the hosts, and detecting asset information of the hosts.
In the scanning module 230 of some embodiments, the vulnerability scanning includes PoC scanning, weak password scanning or Web scanning of the surviving assets using the security capabilities of the scanning probe itself to discover the vulnerability of the assets.
In some embodiments of the present disclosure, the dynamic grouping comprises: and the server updates and regroups the targets to be scanned according to the asset scanning and vulnerability scanning results uploaded by the scanning probe in real time.
In some embodiments of the present disclosure, if asset scanning and vulnerability scanning results obtained by the server show that when grouping is performed according to IP address segments or ports and a corresponding scanning task is completed, a certain IP address segment or a certain port has more vulnerabilities, and the server may rearrange, according to the results, a scanning probe meeting task requirements to scan the IP address segment or the port again. Therefore, not only can a complete asset vulnerability detection result be obtained, but also a key analysis result can be provided through targeted scanning.
In some embodiments of the present disclosure, when the scan probe meeting the task requirement is rearranged to scan the IP address segment or the port again, the scan probe with the highest accuracy obtained in the last scan result or the scan probe with the fastest scan rate may also be arranged to scan.
In some embodiments of the present disclosure, if it is desired to improve the reliability of the asset vulnerability detection method or reduce the one-time scanning error, the dynamic grouping principle may be reset in the dynamic grouping module 210. For example: and dynamically grouping according to the two standards of the IP address field and the scanning strategy or dynamically grouping according to the two standards of the port and the scanning strategy. Accordingly, the scanning probes deployed on different deployment nodes in the scanning module 230 perform scanning according to the IP address field and the scanning policy of the corresponding dynamic packet or the scanning probes deployed on different deployment nodes perform scanning according to the port and the scanning policy of the corresponding dynamic packet. And uploading the result obtained by scanning to the server, and comparing the result with the last scanning result.
In the scanning module 230 of some embodiments, the server monitors the operation process of the scanning probes deployed on different deployment nodes, and if it is found that the scanning rate of a certain scanning probe is slow in the scanning process, the server controls the scanning probe to terminate the scanning process, dynamically groups the targets to be scanned in the network to be scanned again, that is, terminates the operation of the scanning module 230, and returns to the dynamic grouping module 210 to perform the grouping operation again.
For example, a first round of asset vulnerability detection method includes:
the server dynamically groups the targets to be scanned through the IP address field of the targets to be scanned in the network to be scanned; each dynamic group is issued to scanning probes deployed on different deployment nodes in the network to be scanned according to the IP address field; the server respectively issues each dynamic packet to a scanning probe deployed on a deployment node corresponding to the IP address field according to the IP address field of each dynamic packet; and scanning probes deployed on different deployment nodes according to different IP address fields of corresponding dynamic packets.
At this time, if the server or the scanning probe monitoring system finds that the scanning speed of a certain scanning probe is slower, the server controls the scanning probe to terminate the scanning task, readjusts the dynamic grouping rule, and performs the second scanning:
the server dynamically groups the targets to be scanned through the ports of the targets to be scanned in the network to be scanned; each dynamic group is issued to the scanning probes deployed on different deployment nodes in the network to be scanned according to the ports; the server respectively issues each dynamic group to the scanning probes deployed on the deployment nodes corresponding to the ports according to the ports of each dynamic group; and scanning probes deployed on different deployment nodes according to different ports of corresponding dynamic groups.
It should be noted that the replacement of the first-round scanning and the second-round scanning rules in the above examples includes, but is not limited to, replacing the IP address field with a port dynamic grouping or scanning basis, replacing the IP address field with a scanning policy dynamic grouping or scanning basis, replacing the port with an IP address field grouping or dynamic scanning basis, replacing the port with a dynamic scanning policy grouping or scanning basis, replacing the scanning policy with an IP address field dynamic grouping or scanning basis, replacing the scanning policy with an IP address field and port dynamic grouping or scanning basis, replacing the IP address field with a port and scanning policy dynamic grouping or scanning basis, replacing the port with an IP address field and scanning policy dynamic grouping or scanning basis, and so on, which can be thought by those skilled in the art.
In the result uploading module 240 of some embodiments, the step of the server receiving the asset scanning and vulnerability scanning results uploaded by the scanning probe further includes: and the server collects the assets and vulnerability data gathered by the probes to perform data cleaning processing, and provides detailed vulnerability scanning reports from the two aspects of asset dimension and vulnerability dimension.
According to the embodiment of the disclosure, the accuracy and efficiency of asset scanning and vulnerability scanning can be improved through the cooperation of the dynamic grouping module 210, the issuing module 220, the scanning module 230 and the result uploading module 240.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
Embodiments of the present disclosure provide an electronic device. The electronic device includes: a memory having stored thereon a computer program and a processor implementing the method 100 as described above when executing the program.
Embodiments of the present disclosure provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method 100 as in accordance with the present disclosure.
FIG. 3 shows a schematic block diagram of an electronic device 300 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The device 300 comprises a computing unit 301 which may perform various suitable actions and processes in accordance with a computer program stored in a Read Only Memory (ROM) 302 or a computer program loaded from a storage unit 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the operation of the device 300 can also be stored. The calculation unit 301, the ROM 302, and the RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Various components in device 300 are connected to I/O interface 305, including: an input unit 306 such as a keyboard, a mouse, or the like; an output unit 307 such as various types of displays, speakers, and the like; a storage unit 308 such as a magnetic disk, optical disk, or the like; and a communication unit 309 such as a network card, modem, wireless communication transceiver, etc. The communication unit 309 allows the device 300 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 301 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 301 performs the various methods and processes described above, such as the asset vulnerability detection method. For example, in some embodiments, the asset vulnerability detection method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 308. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 300 via ROM 302 and/or communication unit 309. When loaded into RAM 303 and executed by computing unit 301, may perform one or more of the steps of the asset vulnerability detection methods described above. Alternatively, in other embodiments, the computing unit 301 may be configured to perform the asset vulnerability detection method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (9)
1. An asset vulnerability detection method, comprising:
the server dynamically groups the targets to be scanned in the network to be scanned;
the server respectively issues each dynamic group to the scanning probes deployed on different deployment nodes in the network to be scanned;
the scanning probes execute asset scanning and vulnerability scanning tasks for corresponding dynamic groups;
and the server receives asset scanning and vulnerability scanning results uploaded by the scanning probe.
2. The asset vulnerability detection method according to claim 1, wherein the server dynamically grouping targets to be scanned in a network to be scanned comprises:
and the server dynamically groups the target to be scanned through an IP address field, a port or a policy protocol of the target to be scanned in the network to be scanned.
3. The asset vulnerability detection method according to claim 2, wherein each dynamic packet is issued to scanning probes deployed on different deployment nodes in the network to be scanned according to an IP address field, a port or a policy protocol.
4. The asset vulnerability detection method according to claim 3, wherein the server issuing each dynamic group to the scanning probes deployed on the different deployment nodes respectively comprises:
the server respectively issues each dynamic packet to a scanning probe deployed on a deployment node corresponding to the IP address field according to the IP address field of each dynamic packet; and scanning probes deployed on different deployment nodes according to different IP address fields of corresponding dynamic packets.
5. The asset vulnerability detection method according to claim 3, wherein the server issuing each dynamic group to the scanning probes deployed on the different deployment nodes respectively comprises:
the server respectively issues each dynamic group to the scanning probes deployed on the deployment nodes corresponding to the ports according to the ports of each dynamic group; and scanning the scanning probes deployed on the different deployment nodes according to the corresponding ports of the dynamic grouping.
6. The asset vulnerability detection method according to claim 3, wherein the server issuing each dynamic group to the scanning probes deployed on the different deployment nodes respectively comprises:
the server respectively issues each dynamic group to a scanning probe deployed on a deployment node corresponding to the policy protocol according to the policy protocol of each dynamic group; and scanning the scanning probes deployed on the different deployment nodes according to the corresponding dynamic grouping strategy protocol.
7. The asset vulnerability detection method of claim 1, wherein the dynamic grouping comprises:
and updating and regrouping the targets to be scanned according to the asset scanning and vulnerability scanning results uploaded by the scanning probe in real time.
8. Asset vulnerability detection device, characterized by, including:
the dynamic grouping module is used for dynamically grouping the targets to be scanned in the network to be scanned by the server;
the issuing module is used for the server to respectively issue each dynamic group to the scanning probes deployed on different deployment nodes in the network to be scanned;
the scanning module is used for executing asset scanning and vulnerability scanning tasks aiming at the corresponding dynamic groups by the scanning probe;
and the result uploading module is used for receiving the asset scanning and vulnerability scanning results uploaded by the scanning probe by the server.
9. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, wherein the processor, when executing the program, implements the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210022928.4A CN114050940A (en) | 2022-01-10 | 2022-01-10 | Asset vulnerability detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210022928.4A CN114050940A (en) | 2022-01-10 | 2022-01-10 | Asset vulnerability detection method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114050940A true CN114050940A (en) | 2022-02-15 |
Family
ID=80213489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210022928.4A Pending CN114050940A (en) | 2022-01-10 | 2022-01-10 | Asset vulnerability detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114050940A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338415A (en) * | 2022-03-08 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Port scanning method and device, computer equipment and storage medium |
| CN114900341A (en) * | 2022-04-24 | 2022-08-12 | 京东科技信息技术有限公司 | Scanning detection method, device, system, equipment and medium in mixed cloud environment |
| CN115022257A (en) * | 2022-06-22 | 2022-09-06 | 绿盟科技集团股份有限公司 | Equipment scanning method and device, electronic equipment and storage medium |
| CN115296928A (en) * | 2022-09-28 | 2022-11-04 | 北京源堡科技有限公司 | Port scanning method and device, computer equipment and readable storage medium |
| CN116318824A (en) * | 2023-01-09 | 2023-06-23 | 广州云峰信息科技有限公司 | Web attack trapping system |
| CN116546009A (en) * | 2023-07-06 | 2023-08-04 | 北京华云安信息技术有限公司 | Asset discovery method, device, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150150072A1 (en) * | 2013-11-25 | 2015-05-28 | Level 3 Communications, Llc | System and method for a security asset manager |
| US20180278626A1 (en) * | 2017-03-22 | 2018-09-27 | Qadium, Inc. | Distributed scanning |
| CN110019282A (en) * | 2018-08-20 | 2019-07-16 | 郑州向心力通信技术股份有限公司 | A kind of information assets investigation system and method |
| CN111786857A (en) * | 2020-07-03 | 2020-10-16 | 国网湖北省电力有限公司 | Network asset active detection method and system based on distribution |
| CN112511571A (en) * | 2021-02-07 | 2021-03-16 | 连连(杭州)信息技术有限公司 | Web vulnerability scanning method, device, system, equipment and storage medium |
| CN113766047A (en) * | 2021-09-16 | 2021-12-07 | 北京恒安嘉新安全技术有限公司 | Task grouping method and device, computer equipment and storage medium |
| CN113810393A (en) * | 2021-09-03 | 2021-12-17 | 杭州安恒信息技术股份有限公司 | Industrial internet vulnerability scanning platform and scanning method |
-
2022
- 2022-01-10 CN CN202210022928.4A patent/CN114050940A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150150072A1 (en) * | 2013-11-25 | 2015-05-28 | Level 3 Communications, Llc | System and method for a security asset manager |
| US20180278626A1 (en) * | 2017-03-22 | 2018-09-27 | Qadium, Inc. | Distributed scanning |
| CN110019282A (en) * | 2018-08-20 | 2019-07-16 | 郑州向心力通信技术股份有限公司 | A kind of information assets investigation system and method |
| CN111786857A (en) * | 2020-07-03 | 2020-10-16 | 国网湖北省电力有限公司 | Network asset active detection method and system based on distribution |
| CN112511571A (en) * | 2021-02-07 | 2021-03-16 | 连连(杭州)信息技术有限公司 | Web vulnerability scanning method, device, system, equipment and storage medium |
| CN113810393A (en) * | 2021-09-03 | 2021-12-17 | 杭州安恒信息技术股份有限公司 | Industrial internet vulnerability scanning platform and scanning method |
| CN113766047A (en) * | 2021-09-16 | 2021-12-07 | 北京恒安嘉新安全技术有限公司 | Task grouping method and device, computer equipment and storage medium |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338415A (en) * | 2022-03-08 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Port scanning method and device, computer equipment and storage medium |
| CN114900341A (en) * | 2022-04-24 | 2022-08-12 | 京东科技信息技术有限公司 | Scanning detection method, device, system, equipment and medium in mixed cloud environment |
| WO2023207175A1 (en) * | 2022-04-24 | 2023-11-02 | 京东科技信息技术有限公司 | Scanning detection method, apparatus and system in hybrid cloud environment, and device and medium |
| CN114900341B (en) * | 2022-04-24 | 2023-11-03 | 京东科技信息技术有限公司 | Scanning detection method, device, system, equipment and medium in hybrid cloud environment |
| CN115022257A (en) * | 2022-06-22 | 2022-09-06 | 绿盟科技集团股份有限公司 | Equipment scanning method and device, electronic equipment and storage medium |
| CN115296928A (en) * | 2022-09-28 | 2022-11-04 | 北京源堡科技有限公司 | Port scanning method and device, computer equipment and readable storage medium |
| CN115296928B (en) * | 2022-09-28 | 2023-02-03 | 北京源堡科技有限公司 | Port scanning method and device, computer equipment and readable storage medium |
| CN116318824A (en) * | 2023-01-09 | 2023-06-23 | 广州云峰信息科技有限公司 | Web attack trapping system |
| CN116546009A (en) * | 2023-07-06 | 2023-08-04 | 北京华云安信息技术有限公司 | Asset discovery method, device, electronic equipment and storage medium |
| CN116546009B (en) * | 2023-07-06 | 2023-09-22 | 北京华云安信息技术有限公司 | Asset discovery method, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114050940A (en) | Asset vulnerability detection method and device and electronic equipment | |
| US20200213325A1 (en) | Securing network-based compute resources using tags | |
| CN113010896B (en) | Method, apparatus, device, medium and program product for determining abnormal object | |
| CN113672397B (en) | Full-flow storage method, system and equipment | |
| CN111880914A (en) | Resource scheduling method, resource scheduling apparatus, electronic device, and storage medium | |
| CN110958250B (en) | Port monitoring method and device and electronic equipment | |
| CN113795039A (en) | Operator network switching method, device, equipment and computer readable storage medium | |
| CN114070752B (en) | Test method, test device, electronic equipment and computer readable storage medium | |
| CN111865720A (en) | Method, apparatus, device and storage medium for processing request | |
| CN113312560B (en) | Group detection method and device and electronic equipment | |
| CN113965508A (en) | Dual path data transmission method, electronic device, and computer-readable storage medium | |
| CN112084000A (en) | Container cluster testing method and device | |
| CN116015960A (en) | Multi-node traffic confusion method, device, equipment and storage medium | |
| CN113965514A (en) | Link construction and display method and device and electronic equipment | |
| CN114064804A (en) | Data interaction method, device, equipment and storage medium | |
| CN114205414A (en) | Data processing method, device, electronic equipment and medium based on service grid | |
| CN115277428A (en) | Method and apparatus for configuring a network | |
| CN113778645A (en) | Task scheduling method, device and equipment based on edge calculation and storage medium | |
| CN114844723A (en) | Network attack protection method, device, equipment and storage medium | |
| CN114095564A (en) | Data processing method and device, equipment and medium | |
| CN113347186A (en) | Reflection attack detection method and device and electronic equipment | |
| CN114389969A (en) | Client test method and device, electronic equipment and storage medium | |
| CN113655906A (en) | Folding screen control method and device | |
| CN113691403A (en) | Topological node configuration method, related device and computer program product | |
| CN113992449B (en) | Docker security capability scheduling method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220215 |