CN114168962A - Vulnerability data obtaining method and device, terminal equipment and storage medium - Google Patents
Vulnerability data obtaining method and device, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN114168962A CN114168962A CN202111317054.7A CN202111317054A CN114168962A CN 114168962 A CN114168962 A CN 114168962A CN 202111317054 A CN202111317054 A CN 202111317054A CN 114168962 A CN114168962 A CN 114168962A
- Authority
- CN
- China
- Prior art keywords
- equipment
- vulnerability
- vulnerability scanning
- target network
- groups
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention discloses a method for acquiring vulnerability data, which comprises the following steps: acquiring task requirements and target network information of a target network; dividing a plurality of target vulnerability scanning devices into a plurality of device groups based on task requirements; acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups; sending the target network information and the vulnerability scanning modes to a plurality of equipment groups so that the equipment groups can detect the target network by using the vulnerability scanning modes and the target network information to obtain a plurality of vulnerability data corresponding to the equipment groups; and receiving a plurality of loophole data fed back by a plurality of equipment groups, and performing duplication removal and fusion operation on the plurality of loophole data to obtain result loophole data. The invention also discloses a loophole data obtaining device, terminal equipment and a computer readable storage medium. By using the method, the accuracy of the plurality of loophole data is improved, and the technical effect of improving the accuracy of the final result loophole data is realized.
Description
Technical Field
The present invention relates to the technical field of vulnerability management, and in particular, to a method and an apparatus for acquiring vulnerability data, a terminal device, and a computer-readable storage medium.
Background
The situation awareness model of the network technology simulation verification platform is a process for situation awareness of a test carried out on the network technology simulation verification platform, and comprises data acquisition, safety situation assessment and safety situation data display. In a situation assessment model of a network technology simulation verification platform, vulnerability detection can be performed on a host, a network device node, a security device node and application software in a target network by accessing vulnerability scanning equipment, so that detected vulnerability data is used as basic data for situation assessment.
However, in the existing method, the accuracy of the acquired vulnerability data of the vulnerability scanning equipment is low.
Disclosure of Invention
The invention mainly aims to provide a method and a device for acquiring vulnerability data, a terminal device and a computer readable storage medium, and aims to solve the technical problem that the accuracy of vulnerability data of vulnerability scanning equipment acquired by the existing method in the prior art is low.
In order to achieve the above object, the present invention provides a method for obtaining vulnerability data, which includes the following steps:
acquiring task requirements and target network information of a target network;
dividing a plurality of target vulnerability scanning devices into a plurality of device groups based on the task requirements;
acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups, wherein one equipment group corresponds to one vulnerability scanning mode;
sending the target network information and the vulnerability scanning modes to a plurality of equipment groups, so that the equipment groups can detect a target network corresponding to the target network information by using the vulnerability scanning modes and the target network information, and obtain a plurality of vulnerability data corresponding to the equipment groups;
and receiving a plurality of loophole data fed back by the plurality of equipment groups, and performing duplication removal and fusion operation on the plurality of loophole data to obtain result loophole data.
Optionally, before the step of dividing the target vulnerability scanning devices into a plurality of device groups based on the task requirements, the method further includes:
when a plurality of preset vulnerability scanning devices are successfully accessed, acquiring a plurality of basic device information of the preset vulnerability scanning devices;
performing registration operation on the preset vulnerability scanning equipment by using the basic equipment information;
and when the preset vulnerability scanning devices are successfully registered, determining the preset vulnerability scanning devices as the target vulnerability scanning devices.
Optionally, before the step of obtaining a plurality of vulnerability scanning modes corresponding to a plurality of device groups, the method further includes:
obtaining a plurality of pieces of equipment state information of a plurality of target vulnerability scanning equipment corresponding to a plurality of equipment groups;
the step of obtaining a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups comprises the following steps:
and if the plurality of equipment state information are available, acquiring a plurality of vulnerability scanning modes corresponding to the plurality of equipment groups.
Optionally, after the step of obtaining the device state information of the target vulnerability scanning devices corresponding to the device groups, the method further includes:
if the target vulnerability scanning equipment with the equipment state information being unavailable exists in the plurality of equipment groups, determining the target vulnerability scanning equipment with the equipment state information being unavailable as offline vulnerability scanning equipment;
performing registration operation by using basic device information of the offline vulnerability scanning device, and/or dividing the offline vulnerability scanning device into corresponding device groups by using task requirements;
acquiring new equipment state information of the offline vulnerability scanning equipment;
and if the new equipment state information is unavailable, returning to execute the step of utilizing the basic equipment information of the offline vulnerability scanning equipment to perform registration operation, and/or utilizing task requirements to divide the offline vulnerability scanning equipment into corresponding equipment groups, and executing the step of acquiring target network information and a plurality of vulnerability scanning modes corresponding to the equipment groups until the new equipment state information of the offline vulnerability scanning equipment is available.
Optionally, before the step of obtaining the task requirement and the target network information of the target network, the method further includes:
acquiring a detection instruction from a target network technology simulation verification platform;
analyzing the detection instruction to obtain the target network information;
determining a vulnerability scanning task based on the task requirements;
and determining a plurality of vulnerability scanning modes by using the basic device information of each target vulnerability scanning device in the plurality of device groups and the vulnerability scanning task.
Optionally, after the step of performing deduplication and fusion operations on the plurality of vulnerability data to obtain result vulnerability data, the method further includes:
sending the result vulnerability data to the target network technology simulation verification platform so that the target network technology simulation verification platform performs situation analysis on the result vulnerability data to obtain an analysis result;
and receiving the analysis result fed back by the target network technology simulation verification platform.
Optionally, after the step of dividing the target vulnerability scanning devices into a plurality of device groups based on the task requirements, the method further includes:
when detecting that a new vulnerability scanning device is accessed, acquiring new device basic information of the new vulnerability scanning device;
performing registration operation on the new vulnerability scanning equipment by using the new equipment basic information;
when the new vulnerability scanning equipment is successfully registered, determining the new vulnerability scanning equipment as new target vulnerability scanning equipment;
and dividing the new target vulnerability scanning equipment into corresponding equipment groups by using the task requirements.
In addition, to achieve the above object, the present invention further provides an apparatus for obtaining vulnerability data, where the apparatus includes:
the first acquisition module is used for acquiring task requirements and target network information of a target network;
the dividing module is used for dividing the target vulnerability scanning equipment into a plurality of equipment groups based on the task requirements;
the second acquisition module is used for acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups, wherein one equipment group corresponds to one vulnerability scanning mode;
the detection module is used for sending the target network information and the vulnerability scanning modes to the equipment groups so that the equipment groups can detect a target network corresponding to the target network information by using the vulnerability scanning modes and the target network information to obtain vulnerability data corresponding to the equipment groups;
and the obtaining module is used for receiving a plurality of vulnerability data fed back by the equipment groups, and performing duplication removal and fusion operation on the plurality of vulnerability data to obtain result vulnerability data.
In addition, to achieve the above object, the present invention further provides a terminal device, including: the method comprises a memory, a processor and an acquiring program which is stored on the memory and runs the vulnerability data on the processor, wherein when the acquiring program of the vulnerability data is executed by the processor, the steps of the acquiring method of the vulnerability data are realized.
In addition, to achieve the above object, the present invention further provides a computer-readable storage medium, on which an obtaining program of vulnerability data is stored, and when the obtaining program of vulnerability data is executed by a processor, the steps of the method for obtaining vulnerability data as described in any one of the above items are implemented.
The technical scheme of the invention provides a method for acquiring vulnerability data, which comprises the following steps: acquiring task requirements and target network information of a target network; dividing a plurality of target vulnerability scanning devices into a plurality of device groups based on the task requirements; acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups, wherein one equipment group corresponds to one vulnerability scanning mode; sending the target network information and the vulnerability scanning modes to a plurality of equipment groups, so that the equipment groups can detect a target network corresponding to the target network information by using the vulnerability scanning modes and the target network information, and obtain a plurality of vulnerability data corresponding to the equipment groups; and receiving a plurality of loophole data fed back by the plurality of equipment groups, and performing duplication removal and fusion operation on the plurality of loophole data to obtain result loophole data.
In the existing method, vulnerability scanning modes executed by different target vulnerability scanning devices are the same, and vulnerability data obtained by the same vulnerability scanning mode is difficult to accurately reflect vulnerability conditions of a target network, so that the accuracy of the obtained vulnerability data is low, and the accuracy of the obtained final result vulnerability data is low. By utilizing the method, the target vulnerability scanning devices are divided into a plurality of device groups, and different device groups correspond to different vulnerability scanning modes, so that the corresponding vulnerability data can accurately reflect the vulnerability condition of the target network, the accuracy of the vulnerability data is improved, and the technical effect of improving the accuracy of the final result vulnerability data is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a terminal device in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flowchart of a first embodiment of a vulnerability data obtaining method according to the present invention;
fig. 3 is a block diagram of a first embodiment of a vulnerability data obtaining apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a terminal device in a hardware operating environment according to an embodiment of the present invention.
In general, a terminal device includes: at least one processor 301, a memory 302, and a program for obtaining vulnerability data stored in the memory and executable on the processor, wherein the program for obtaining vulnerability data is configured to implement the steps of the method for obtaining vulnerability data as described above.
The processor 301 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and so on. The processor 301 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 301 may also include a main processor and a coprocessor, where the main processor is a processor for processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 301 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. The processor 301 may further include an AI (Artificial Intelligence) processor for processing an acquisition method operation related to the vulnerability data, so that an acquisition method model of the vulnerability data may be trained and learned autonomously, thereby improving efficiency and accuracy.
In some embodiments, the terminal may further include: a communication interface 303 and at least one peripheral device. The processor 301, the memory 302 and the communication interface 303 may be connected by a bus or signal lines. Various peripheral devices may be connected to communication interface 303 via a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of radio frequency circuitry 304, a display screen 305, and a power source 306.
The communication interface 303 may be used to connect at least one peripheral device related to I/O (Input/Output) to the processor 301 and the memory 302. In some embodiments, processor 301, memory 302, and communication interface 303 are integrated on the same chip or circuit board; in some other embodiments, any one or two of the processor 301, the memory 302 and the communication interface 303 may be implemented on a single chip or circuit board, which is not limited in this embodiment.
The Radio Frequency circuit 304 is used for receiving and transmitting RF (Radio Frequency) signals, also called electromagnetic signals. The radio frequency circuitry 304 communicates with communication networks and other communication devices via electromagnetic signals. The rf circuit 304 converts an electrical signal into an electromagnetic signal to transmit, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 304 comprises: an antenna system, an RF transceiver, one or more amplifiers, a tuner, an oscillator, a digital signal processor, a codec chipset, a subscriber identity module card, and so forth. The radio frequency circuitry 304 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocols include, but are not limited to: metropolitan area networks, various generation mobile communication networks (2G, 3G, 4G, and 5G), Wireless local area networks, and/or WiFi (Wireless Fidelity) networks. In some embodiments, the rf circuit 304 may further include NFC (Near Field Communication) related circuits, which are not limited in the present invention.
The display screen 305 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display screen 305 is a touch display screen, the display screen 305 also has the ability to capture touch signals on or over the surface of the display screen 305. The touch signal may be input to the processor 301 as a control signal for processing. At this point, the display screen 305 may also be used to provide virtual buttons and/or a virtual keyboard, also referred to as soft buttons and/or a soft keyboard. In some embodiments, the display screen 305 may be one, the front panel of the electronic device; in other embodiments, the display screens 305 may be at least two, respectively disposed on different surfaces of the electronic device or in a folded design; in still other embodiments, the display screen 305 may be a flexible display screen disposed on a curved surface or a folded surface of the electronic device. Even further, the display screen 305 may be arranged in a non-rectangular irregular figure, i.e. a shaped screen. The Display screen 305 may be made of LCD (liquid crystal Display), OLED (Organic Light-Emitting Diode), and the like.
The power supply 306 is used to power various components in the electronic device. The power source 306 may be alternating current, direct current, disposable or rechargeable. When the power source 306 includes a rechargeable battery, the rechargeable battery may support wired or wireless charging. The rechargeable battery may also be used to support fast charge technology.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the terminal device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where an obtaining program of vulnerability data is stored on the computer-readable storage medium, and when the obtaining program of vulnerability data is executed by a processor, the steps of the obtaining method of vulnerability data described above are implemented. Therefore, a detailed description thereof will be omitted. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer-readable storage medium according to the present invention, reference is made to the description of the method embodiments of the present invention. It is determined that the program instructions may be deployed to be executed on one terminal device, or on multiple terminal devices located at one site, or distributed across multiple sites and interconnected by a communication network, as examples.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The computer-readable storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Based on the hardware structure, the embodiment of the vulnerability data obtaining method is provided.
Referring to fig. 2, fig. 2 is a schematic flowchart of a first embodiment of a method for acquiring vulnerability data, where the method is used for a terminal device, and includes the following steps:
step S11: and acquiring task requirements and target network information of a target network.
Step S12: and dividing the target vulnerability scanning equipment into a plurality of equipment groups based on the task requirements.
The execution main body of the method is the terminal device, the terminal device is provided with the program for acquiring the vulnerability data, and the steps of the method for acquiring the vulnerability data are realized when the terminal device executes the program for acquiring the vulnerability data.
In specific application, the task requirement is determined by a user, for example, the vulnerability detection efficiency is high or the vulnerability detection accuracy is high. Even if the target vulnerability scanning devices need to perform the vulnerability scanning device of the vulnerability data obtaining method of the invention, the target vulnerability scanning devices can be any type of scanning devices, and the structure information of the target vulnerability scanning devices refers to the structure of the terminal device.
The task requirements can also comprise vulnerability scanning tasks set by a user, the vulnerability scanning tasks can be directly obtained from the task requirements, corresponding task requirements are the same in one detection process, and the vulnerability scanning tasks in the task requirements are also the same.
Specifically, the obtaining manner of the target vulnerability scanning devices is as follows: when a plurality of preset vulnerability scanning devices are successfully accessed, acquiring a plurality of basic device information of the preset vulnerability scanning devices; performing registration operation on the preset vulnerability scanning equipment by using the basic equipment information; and when the preset vulnerability scanning devices are successfully registered, determining the preset vulnerability scanning devices as the target vulnerability scanning devices.
The preset vulnerability scanning device is an initial-state and unregistered vulnerability scanning device, and the basic device information of the preset vulnerability scanning device may include information such as a name of the device, a manufacturer of the device, a protocol type adopted by the device, an IP of the device, and an account of the device.
When all the preset vulnerability scanning devices are successfully registered, all the preset vulnerability scanning devices form a plurality of target vulnerability scanning devices, and if part of the preset vulnerability scanning devices are successfully registered, the part of the preset vulnerability scanning devices which are successfully registered form a plurality of target vulnerability scanning devices. And performing operations such as maintenance or repair on the preset vulnerability scanning equipment which is not successfully registered, and then registering the preset vulnerability scanning equipment, wherein if the registration is successful, the preset vulnerability scanning equipment is determined as target vulnerability scanning equipment, and if the registration fails, the preset vulnerability scanning equipment is abandoned.
In the specific application, a plurality of target vulnerability scanning devices are divided into a plurality of device groups by using task requirements, for example, 20 target vulnerability scanning devices are provided in total, based on the task requirements, namely high vulnerability detection accuracy, the 20 target vulnerability scanning devices are divided into 4 device groups, and each device group comprises 5 target vulnerability scanning devices.
Step S13: and acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups, wherein one equipment group corresponds to one vulnerability scanning mode.
Step S14: and sending the target network information and the plurality of vulnerability scanning modes to the plurality of equipment groups so that the plurality of equipment groups utilize the plurality of vulnerability scanning modes and the target network information to detect the target network corresponding to the target network information and obtain a plurality of vulnerability data corresponding to the plurality of equipment groups.
In the invention, each equipment group corresponds to a vulnerability scanning mode, different equipment groups execute different vulnerability scanning modes, each equipment group executes a vulnerability scanning mode to obtain corresponding vulnerability data, a plurality of equipment groups respectively execute corresponding vulnerability scanning modes to obtain a plurality of vulnerability data, and one equipment group corresponds to one vulnerability data.
The target network is a network which needs to be subjected to vulnerability detection, the information of the target network is target network information, and the target network information comprises a target network ID, an experiment ID, a task ID and the like.
Further, before the step of acquiring the task requirement and the target network information of the target network, the method further includes: acquiring a detection instruction from a target network technology simulation verification platform; analyzing the detection instruction to obtain the target network information; determining a vulnerability scanning task based on the task requirements; and determining a plurality of vulnerability scanning modes by using the basic device information of each target vulnerability scanning device in the plurality of device groups and the vulnerability scanning task.
In the invention, vulnerability detection is carried out by utilizing a network technology simulation verification platform, the network technology simulation verification platform used for sending the detection instruction is a target network technology simulation verification platform, and the target network technology simulation verification platform can be any form of network technology simulation verification platform.
Based on the above description, when the method of the present invention is executed once, one task requirement includes one vulnerability scanning task, and therefore, for the process of executing the method of the present invention once, the vulnerability scanning modes of each device group are determined based on one vulnerability scanning task, that is, vulnerability scanning tasks corresponding to a plurality of vulnerability scanning modes are the same. Specifically, the detection instruction is automatically analyzed to obtain target network information.
Further, before the step of obtaining a plurality of vulnerability scanning modes corresponding to a plurality of the device groups, the method further includes: obtaining a plurality of pieces of equipment state information of a plurality of target vulnerability scanning equipment corresponding to a plurality of equipment groups; the step of obtaining a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups comprises the following steps: and if the plurality of equipment state information are available, acquiring a plurality of vulnerability scanning modes corresponding to the plurality of equipment groups.
After the step of obtaining the device state information of the target vulnerability scanning devices corresponding to the device groups, the method further includes: if the target vulnerability scanning equipment with the equipment state information being unavailable exists in the plurality of equipment groups, determining the target vulnerability scanning equipment with the equipment state information being unavailable as offline vulnerability scanning equipment; performing registration operation by using basic device information of the offline vulnerability scanning device, and/or dividing the offline vulnerability scanning device into corresponding device groups by using task requirements; acquiring new equipment state information of the offline vulnerability scanning equipment; and if the new equipment state information is unavailable, returning to execute the step of utilizing the basic equipment information of the offline vulnerability scanning equipment to perform registration operation, and/or utilizing task requirements to divide the offline vulnerability scanning equipment into corresponding equipment groups, and executing the step of acquiring target network information and a plurality of vulnerability scanning modes corresponding to the equipment groups until the new equipment state information of the offline vulnerability scanning equipment is available. The device state information may also be represented as online, and the like, and the device state information may also be represented as offline, and the like.
Step S15: and receiving a plurality of loophole data fed back by the plurality of equipment groups, and performing duplication removal and fusion operation on the plurality of loophole data to obtain result loophole data.
And (4) for a plurality of loophole data, removing repeated loophole data, fusing the loophole data with the same type, and finally removing the repeated loophole data, wherein the fused data is the result loophole data.
Further, after the step of performing deduplication and fusion operations on the plurality of vulnerability data to obtain result vulnerability data, the method further includes: sending the result vulnerability data to the target network technology simulation verification platform so that the target network technology simulation verification platform performs situation analysis on the result vulnerability data to obtain an analysis result; and receiving the analysis result fed back by the target network technology simulation verification platform.
In the invention, network detection is carried out by means of a target network technology simulation verification platform: and sending a detection instruction by using a target network technology simulation verification platform, registering vulnerability scanning equipment, analyzing the situation and the like. Management (adding, deleting, modifying and checking operation) and storage operation can be carried out on the obtained analysis result and the result vulnerability number so as to continue further situation analysis.
Further, after the step of dividing the target vulnerability scanning devices into a plurality of device groups based on the task requirements, the method further includes: when detecting that a new vulnerability scanning device is accessed, acquiring new device basic information of the new vulnerability scanning device; performing registration operation on the new vulnerability scanning equipment by using the new equipment basic information; when the new vulnerability scanning equipment is successfully registered, determining the new vulnerability scanning equipment as new target vulnerability scanning equipment; and dividing the new target vulnerability scanning equipment into corresponding equipment groups by using the task requirements.
For a newly accessed new vulnerability scanning device, a plurality of target vulnerability scanning devices can be incorporated according to the above manner, so that a plurality of target vulnerability scanning devices are added with new members.
It should be noted that, in the present invention, if the accuracy of vulnerability data is to be improved, including the high vulnerability detection accuracy, a plurality of target vulnerability scanning devices may be divided into a plurality of groups, and each group performs vulnerability detection by using a vulnerability scanning manner, so as to ensure that the vulnerability data of each group has strong comprehensiveness; for improving vulnerability detection efficiency, namely the task requirement includes that vulnerability detection efficiency is high, a plurality of target vulnerability scanning devices can be divided into one group so as to ensure that vulnerability data acquisition efficiency is high. When a plurality of target vulnerability scanning devices are divided into a group, the vulnerability detection speed can be improved by more than half according to the scanning speed of each target vulnerability scanning device of about 1000 ip/h.
The technical scheme of the invention provides a method for acquiring vulnerability data, which comprises the following steps: acquiring task requirements and target network information of a target network; dividing a plurality of target vulnerability scanning devices into a plurality of device groups based on the task requirements; acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups, wherein one equipment group corresponds to one vulnerability scanning mode; sending the target network information and the vulnerability scanning modes to a plurality of equipment groups, so that the equipment groups can detect a target network corresponding to the target network information by using the vulnerability scanning modes and the target network information, and obtain a plurality of vulnerability data corresponding to the equipment groups; and receiving a plurality of loophole data fed back by the plurality of equipment groups, and performing duplication removal and fusion operation on the plurality of loophole data to obtain result loophole data.
In the existing method, vulnerability scanning modes executed by different target vulnerability scanning devices are the same, and vulnerability data obtained by the same vulnerability scanning mode is difficult to accurately reflect vulnerability conditions of a target network, so that the accuracy of the obtained vulnerability data is low, and the accuracy of the obtained final result vulnerability data is low. By utilizing the method, the target vulnerability scanning devices are divided into a plurality of device groups, and different device groups correspond to different vulnerability scanning modes, so that the corresponding vulnerability data can accurately reflect the vulnerability condition of the target network, the accuracy of the vulnerability data is improved, and the technical effect of improving the accuracy of the final result vulnerability data is realized.
The network technology simulation verification platform is compatible with vulnerability scanning equipment of a plurality of or a plurality of security manufacturers, and provides a function of flexibly configuring vulnerability scanning modes of the vulnerability scanning equipment, so that the utilization rate of the equipment is improved, and the expandability of the platform is ensured; meanwhile, the false alarm rate and the missing alarm rate of the network technology simulation verification platform security situation evaluation model can be effectively reduced, and the detection time of target network vulnerability scanning is shortened.
Referring to fig. 3, fig. 3 is a block diagram of a first embodiment of an apparatus for obtaining vulnerability data, which is used for a terminal device, and based on the same inventive concept as the foregoing embodiment, the apparatus includes:
a first obtaining module 10, configured to obtain a task requirement and target network information of a target network;
a dividing module 20, configured to divide the multiple target vulnerability scanning devices into multiple device groups based on the task requirements;
a second obtaining module 30, configured to obtain multiple vulnerability scanning modes corresponding to multiple device groups, where one device group corresponds to one vulnerability scanning mode;
the detection module 40 is configured to send the target network information and the vulnerability scanning manners to the multiple device groups, so that the multiple device groups detect a target network corresponding to the target network information by using the vulnerability scanning manners and the target network information to obtain multiple vulnerability data corresponding to the multiple device groups;
an obtaining module 50, configured to receive multiple vulnerability data fed back by multiple device groups, and perform deduplication and fusion operations on the multiple vulnerability data to obtain result vulnerability data.
It should be noted that, since the steps executed by the apparatus of this embodiment are the same as the steps of the foregoing method embodiment, the specific implementation and the achievable technical effects thereof can refer to the foregoing embodiment, and are not described herein again.
The above description is only an alternative embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications and equivalents of the present invention, which are made by the contents of the present specification and the accompanying drawings, or directly/indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A method for acquiring vulnerability data is characterized by comprising the following steps:
acquiring task requirements and target network information of a target network;
dividing a plurality of target vulnerability scanning devices into a plurality of device groups based on the task requirements;
acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups, wherein one equipment group corresponds to one vulnerability scanning mode;
sending the target network information and the vulnerability scanning modes to a plurality of equipment groups, so that the equipment groups can detect a target network corresponding to the target network information by using the vulnerability scanning modes and the target network information, and obtain a plurality of vulnerability data corresponding to the equipment groups;
and receiving a plurality of loophole data fed back by the plurality of equipment groups, and performing duplication removal and fusion operation on the plurality of loophole data to obtain result loophole data.
2. The method of claim 1, wherein prior to the step of dividing the plurality of target vulnerability scanning devices into a plurality of device groups based on the task requirements, the method further comprises:
when a plurality of preset vulnerability scanning devices are successfully accessed, acquiring a plurality of basic device information of the preset vulnerability scanning devices;
performing registration operation on the preset vulnerability scanning equipment by using the basic equipment information;
and when the preset vulnerability scanning devices are successfully registered, determining the preset vulnerability scanning devices as the target vulnerability scanning devices.
3. The method of claim 2, wherein before the step of obtaining a plurality of vulnerability scanning modes corresponding to a plurality of the device groups, the method further comprises:
obtaining a plurality of pieces of equipment state information of a plurality of target vulnerability scanning equipment corresponding to a plurality of equipment groups;
the step of obtaining a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups comprises the following steps:
and if the plurality of equipment state information are available, acquiring a plurality of vulnerability scanning modes corresponding to the plurality of equipment groups.
4. The method of claim 3, wherein after the step of obtaining the device state information for the target vulnerability scanning devices corresponding to the device groups, the method further comprises:
if the target vulnerability scanning equipment with the equipment state information being unavailable exists in the plurality of equipment groups, determining the target vulnerability scanning equipment with the equipment state information being unavailable as offline vulnerability scanning equipment;
performing registration operation by using basic device information of the offline vulnerability scanning device, and/or dividing the offline vulnerability scanning device into corresponding device groups by using task requirements;
acquiring new equipment state information of the offline vulnerability scanning equipment;
and if the new equipment state information is unavailable, returning to execute the step of utilizing the basic equipment information of the offline vulnerability scanning equipment to perform registration operation, and/or utilizing task requirements to divide the offline vulnerability scanning equipment into corresponding equipment groups, and executing the step of acquiring target network information and a plurality of vulnerability scanning modes corresponding to the equipment groups until the new equipment state information of the offline vulnerability scanning equipment is available.
5. The method of claim 4, wherein the step of obtaining the task requirements and the target network information of the target network is preceded by the method further comprising:
acquiring a detection instruction from a target network technology simulation verification platform;
analyzing the detection instruction to obtain the target network information;
determining a vulnerability scanning task based on the task requirements;
and determining a plurality of vulnerability scanning modes by using the basic device information of each target vulnerability scanning device in the plurality of device groups and the vulnerability scanning task.
6. The method of claim 5, wherein after the step of performing deduplication and fusion operations on the plurality of vulnerability data to obtain result vulnerability data, the method further comprises:
sending the result vulnerability data to the target network technology simulation verification platform so that the target network technology simulation verification platform performs situation analysis on the result vulnerability data to obtain an analysis result;
and receiving the analysis result fed back by the target network technology simulation verification platform.
7. The method of claim 6, wherein after the step of dividing the plurality of target vulnerability scanning devices into a plurality of device groups based on the task requirements, the method further comprises:
when detecting that a new vulnerability scanning device is accessed, acquiring new device basic information of the new vulnerability scanning device;
performing registration operation on the new vulnerability scanning equipment by using the new equipment basic information;
when the new vulnerability scanning equipment is successfully registered, determining the new vulnerability scanning equipment as new target vulnerability scanning equipment;
and dividing the new target vulnerability scanning equipment into corresponding equipment groups by using the task requirements.
8. An apparatus for obtaining vulnerability data, the apparatus comprising:
the first acquisition module is used for acquiring task requirements and target network information of a target network;
the dividing module is used for dividing the target vulnerability scanning equipment into a plurality of equipment groups based on the task requirements;
the second acquisition module is used for acquiring a plurality of vulnerability scanning modes corresponding to a plurality of equipment groups, wherein one equipment group corresponds to one vulnerability scanning mode;
the detection module is used for sending the target network information and the vulnerability scanning modes to the equipment groups so that the equipment groups can detect a target network corresponding to the target network information by using the vulnerability scanning modes and the target network information to obtain vulnerability data corresponding to the equipment groups;
and the obtaining module is used for receiving a plurality of vulnerability data fed back by the equipment groups, and performing duplication removal and fusion operation on the plurality of vulnerability data to obtain result vulnerability data.
9. A terminal device, characterized in that the terminal device comprises: memory, a processor and an obtainer of vulnerability data stored on the memory and running on the processor, the obtainer of vulnerability data, when executed by the processor, implementing the steps of the method of obtaining vulnerability data according to any of claims 1 to 7.
10. A computer-readable storage medium, on which a program for acquiring vulnerability data is stored, which, when executed by a processor, implements the steps of the method for acquiring vulnerability data according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111317054.7A CN114168962A (en) | 2021-11-08 | 2021-11-08 | Vulnerability data obtaining method and device, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111317054.7A CN114168962A (en) | 2021-11-08 | 2021-11-08 | Vulnerability data obtaining method and device, terminal equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114168962A true CN114168962A (en) | 2022-03-11 |
Family
ID=80478324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111317054.7A Pending CN114168962A (en) | 2021-11-08 | 2021-11-08 | Vulnerability data obtaining method and device, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114168962A (en) |
-
2021
- 2021-11-08 CN CN202111317054.7A patent/CN114168962A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111142711B (en) | Firmware configuration method and device, storage medium and mobile terminal | |
| CN109451130B (en) | Mobile terminal testing method and device, mobile terminal and storage medium | |
| CN113014452A (en) | Network flow testing method, device, testing end and storage medium | |
| CN104363590A (en) | Access point connection method and device | |
| CN113795039B (en) | Operator network switching method, device, equipment and computer readable storage medium | |
| CN113326204B (en) | Substation system testing method and device, terminal equipment and storage medium | |
| CN111026457B (en) | Hardware configuration method and device, storage medium and terminal equipment | |
| CN113225234B (en) | Asset detection method, device, terminal equipment and computer readable storage medium | |
| CN112415367A (en) | Drive chip abnormality detection method and device, electronic equipment and readable storage medium | |
| CN112560020A (en) | Threat attack detection method, device, terminal equipment and storage medium | |
| CN112243259A (en) | Network disconnection method, device, storage medium and mobile terminal | |
| CN114168962A (en) | Vulnerability data obtaining method and device, terminal equipment and storage medium | |
| CN114299534A (en) | Method and device for detecting circuit schematic diagram, terminal equipment and storage medium | |
| CN115600213A (en) | Vulnerability management method, device, medium and equipment based on application program | |
| CN112882773B (en) | Network performance detection method, device, test terminal and storage medium | |
| CN113221127B (en) | Program vulnerability detection method and device, terminal device and storage medium | |
| CN114518718A (en) | Device control method, device, storage medium and electronic device | |
| CN115098468A (en) | Flexible data migration method and device, storage medium and electronic equipment | |
| CN112486350B (en) | Detection method and device for touch screen of mobile terminal, storage medium and mobile terminal | |
| CN109831770B (en) | Pairing method and device of mobile terminal, storage medium and mobile terminal | |
| CN112667522A (en) | Penetration testing method and device, terminal equipment and computer readable storage medium | |
| CN112612593A (en) | Bluetooth control method, device, terminal equipment and computer readable storage medium | |
| CN112788640A (en) | Communication equipment testing method and device, storage medium and terminal | |
| CN114546865A (en) | Order attribution information obtaining method and device, debugging equipment and storage medium | |
| CN113918453A (en) | Program testing method, system, test execution end and test control end |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |