CN114584342A - Network vulnerability identification and detection system based on data analysis - Google Patents
Network vulnerability identification and detection system based on data analysis Download PDFInfo
- Publication number
- CN114584342A CN114584342A CN202210048478.6A CN202210048478A CN114584342A CN 114584342 A CN114584342 A CN 114584342A CN 202210048478 A CN202210048478 A CN 202210048478A CN 114584342 A CN114584342 A CN 114584342A
- Authority
- CN
- China
- Prior art keywords
- network
- vulnerability
- loopholes
- time
- vulnerabilities
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 68
- 238000007405 data analysis Methods 0.000 title claims abstract description 9
- 238000004458 analytical method Methods 0.000 claims abstract description 29
- 238000012423 maintenance Methods 0.000 claims description 50
- 238000012216 screening Methods 0.000 claims description 42
- 238000005457 optimization Methods 0.000 claims description 25
- 238000012795 verification Methods 0.000 claims description 25
- 238000000034 method Methods 0.000 claims description 14
- 238000012038 vulnerability analysis Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 10
- 238000010219 correlation analysis Methods 0.000 claims description 8
- 230000006854 communication Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention discloses a network vulnerability identification and detection system based on data analysis, which relates to the technical field of network vulnerability identification and detection, solves the technical problem that the incidence risk of a network vulnerability cannot be controlled due to the fact that the relevance analysis of the network vulnerability cannot be carried out in the prior art, and carries out detection and identification on the network vulnerability, so that the accuracy of network vulnerability detection and identification is improved, and the influence of the network vulnerability on network data is reduced; the relevance analysis is carried out on each network bug, whether each network bug is relevant or not is judged, and therefore whether the network bugs can appear in succession or not is judged, the predictability of the network bugs is improved, the influence caused by sudden network bugs is effectively reduced, and meanwhile, the risk of the network bugs on network data can be reduced; and carrying out environment detection on the current network, and judging whether the current network is normal or not, so as to analyze the occurrence probability of the network vulnerability and the influence of the network vulnerability on the network.
Description
Technical Field
The invention relates to the technical field of network vulnerability identification and detection, in particular to a network vulnerability identification and detection system based on data analysis.
Background
A network vulnerability may be generally understood as a flaw in the specific implementation of hardware, software, protocols, etc. or in the security policy of a system, thereby enabling an attacker to access or destroy the system without authorization. Colloquial descriptive definitions are all factors that exist in a computer network system that may cause damage to components, data, etc. in the system;
in the prior art, however, in the process of detecting and identifying the network vulnerabilities, relevance analysis cannot be performed on the network vulnerabilities, so that the risks of the network vulnerabilities cannot be managed and controlled, and the potential safety hazards of the network environment are increased;
in view of the above technical drawbacks, a solution is proposed.
Disclosure of Invention
The invention aims to solve the problems, and provides a network vulnerability identification and detection system based on data analysis, which is used for detecting and identifying network vulnerabilities, so that the accuracy of network vulnerability detection and identification is improved, and the influence of the network vulnerabilities on network data is reduced; the relevance analysis is carried out on each network bug, whether each network bug is relevant or not is judged, and therefore whether the network bugs can appear in succession or not is judged, the predictability of the network bugs is improved, the influence caused by sudden network bugs is effectively reduced, and meanwhile, the risk of the network bugs on network data can be reduced; and carrying out environment detection on the current network, and judging whether the current network is normal or not, so as to analyze the occurrence probability of the network vulnerability and the influence of the network vulnerability on the network.
The purpose of the invention can be realized by the following technical scheme:
a network vulnerability identification and detection system based on data analysis comprises a network vulnerability detection and identification platform, wherein a server is arranged in the network vulnerability detection and identification platform and is in communication connection with a vulnerability correlation analysis unit, a network environment detection unit, a verification task allocation optimization unit and a database;
the network vulnerability detection and identification platform is used for detecting and identifying network vulnerabilities, the server generates relevance analysis signals and sends the relevance analysis signals to the vulnerability relevance analysis unit, and relevance analysis is carried out on each network vulnerability through the vulnerability relevance analysis unit; the server generates a network environment detection signal and sends the network environment detection signal to the network environment detection unit, and the network environment detection unit detects the environment of the current network; the server generates a verification task allocation optimization signal and sends the verification task allocation optimization signal to the verification task allocation optimization unit, and the verification of the network loopholes by the verification task allocation optimization unit is reasonably matched with maintenance personnel.
As a preferred embodiment of the present invention, a vulnerability correlation analysis process of the vulnerability correlation analysis unit is as follows:
marking the network construction time as an initial time, constructing a vulnerability analysis time period according to the current time and the initial time, collecting network vulnerabilities appearing in the vulnerability analysis time period, simultaneously collecting vulnerability data corresponding to the network vulnerabilities appearing in the vulnerability analysis time period, wherein the vulnerability data comprises vulnerability influence duration, net speed influence floating values and influence data downloading flow, marking the network vulnerabilities appearing in the vulnerability analysis time period as historical vulnerabilities, setting a mark i to be a natural number larger than 1, simultaneously marking vulnerability data corresponding to the historical vulnerabilities as influence factors, marking the influence of the influence factors on the network data as influence characteristics, and expressing the influence characteristics as vulnerability influence duration increase, net speed floating value increase or data downloading flow reduction;
sequencing the collected historical loopholes according to the sequence of the loophole analysis time period, constructing a historical loophole set, comparing the interval time of the historical loopholes corresponding to adjacent subsets in the collected historical loophole set and the difference value of the influence time of the historical loopholes corresponding to the adjacent subsets with the interval time threshold and the difference value of the influence time of the historical loopholes corresponding to the adjacent subsets, respectively:
if the occurrence interval duration of the history loopholes corresponding to the adjacent subsets is smaller than the interval duration threshold, and the influence duration difference of the history loopholes corresponding to the adjacent subsets is smaller than the influence duration difference threshold, binding the history loopholes corresponding to the adjacent subsets, and marking the bound history loopholes as preset associated loopholes; if the occurrence interval duration of the history loopholes corresponding to the adjacent subsets is greater than the interval duration threshold, and the influence duration difference of the history loopholes corresponding to the adjacent subsets is greater than the influence duration difference threshold, binding the history loopholes corresponding to the adjacent subsets, and marking the bound history loopholes as preset non-associated loopholes;
comparing the influence factors and the influence characteristics of the preset associated loopholes and the preset non-associated loopholes, and if the influence factors and the influence characteristics of the preset associated loopholes are consistent, marking the corresponding preset associated loopholes as selected associated loopholes; if the comparison of the influence factors and the influence characteristics of the preset associated loopholes is inconsistent, marking the corresponding preset associated loopholes as risk associated loopholes; if the influence factors and the influence characteristics of the preset non-associated vulnerability are consistent in comparison, marking the corresponding preset non-associated vulnerability as a monitoring associated vulnerability; if the comparison of the influence factors and the influence characteristics of the preset non-associated loopholes is inconsistent, marking the corresponding preset non-associated loopholes as selected non-associated loopholes;
sending the selected associated vulnerability, the risk associated vulnerability, the monitoring associated vulnerability and the selected non-associated vulnerability to a server; and after receiving the selected associated loophole, the risk associated loophole, the monitored associated loophole and the selected non-associated loophole, the server forwards the selected associated loophole, the risk associated loophole, the monitored associated loophole and the selected non-associated loophole to a database for storage, detects the risk associated loophole and the monitored associated loophole, and determines the risk associated loophole or the monitored associated loophole as the selected associated loophole if the frequency of occurrence of the corresponding risk associated loophole and the monitored associated loophole in succession exceeds a corresponding frequency threshold value.
As a preferred embodiment of the present invention, a network environment detecting process of the network environment detecting unit is as follows:
setting a network environment detection time period, acquiring the network vulnerability screening frequency in the network environment detection time period and the times of network vulnerabilities appearing in a network vulnerability screening period, and comparing the network vulnerability screening frequency in the network environment detection time period and the times of network vulnerabilities appearing in the network vulnerability screening period with a network vulnerability screening frequency threshold value and a network vulnerability appearing times threshold value respectively:
if the network vulnerability screening frequency in the network environment detection time period exceeds the network vulnerability screening frequency threshold value and the number of times of network vulnerabilities appearing in the network vulnerability screening period does not exceed the network vulnerability appearing number threshold value, judging the safety of the corresponding network environment, generating a network environment safety signal and sending the network environment safety signal to a server; if the network vulnerability screening frequency in the network environment detection time period does not exceed the network vulnerability screening frequency threshold value and the number of times of network vulnerabilities appearing in the network vulnerability screening period exceeds the network vulnerability appearing number threshold value, judging that the corresponding network environment is unsafe, generating a network environment risk signal and sending the network environment risk signal to the server.
As a preferred embodiment of the present invention, a verification task allocation optimization process of the verification task allocation optimization unit is as follows:
collecting the real-time network loopholes, marking the real-time network loopholes as real-time loopholes, comparing the real-time loopholes with historical loopholes in a database, if the real-time loopholes are consistent with the historical loopholes in the database, comparing the selected associated loopholes of the real-time loopholes with the longest maintenance time length corresponding to the selected associated loopholes, and comparing the selected associated loopholes of the real-time loopholes with the selected associated loopholes threshold value and the longest maintenance time length threshold value respectively:
if the number of the selected associated vulnerabilities of the real-time vulnerabilities exceeds a selected associated vulnerability number threshold value, or the longest maintenance time corresponding to the selected associated vulnerabilities exceeds a longest maintenance time threshold value, marking the corresponding vulnerabilities as first-level known vulnerabilities; if the number of the selected associated vulnerabilities of the real-time vulnerabilities does not exceed the threshold of the number of the selected associated vulnerabilities and the longest maintenance time corresponding to the selected associated vulnerabilities does not exceed the threshold of the longest maintenance time, marking the corresponding vulnerabilities as second-level known vulnerabilities;
if the comparison is inconsistent, comparing the duration and the number of the influencing factors of the influencing characteristics corresponding to the real-time vulnerability with the duration threshold and the number of the influencing factors respectively:
if the duration of the influence characteristics corresponding to the real-time vulnerability exceeds the duration threshold and the number of the influence factors exceeds the number threshold of the influence factors, marking the corresponding network vulnerability as a first-level unknown vulnerability; if the duration of the influence characteristics corresponding to the real-time vulnerability does not exceed the duration threshold and the number of the influence factors does not exceed the number threshold, marking the corresponding network vulnerability as a second-level unknown vulnerability;
dividing the real-time idle maintainers according to the maintenance times, and if the corresponding maintenance times of the real-time idle maintainers exceed a maintenance time threshold, marking the corresponding real-time idle maintainers as real-time first-class staffs; if the corresponding maintenance times of the real-time idle maintenance personnel do not exceed the maintenance time threshold, marking the corresponding real-time idle maintenance personnel as real-time secondary personnel;
matching the first-level known loopholes and the first-level unknown loopholes for the first-level real-time personnel, and matching the second-level known loopholes and the second-level unknown loopholes for the second-level real-time personnel; and sending the matched maintenance personnel and the matched network loopholes to a server.
Compared with the prior art, the invention has the beneficial effects that:
in the invention, the network vulnerability is detected and identified, thereby improving the accuracy of detecting and identifying the network vulnerability and reducing the influence of the network vulnerability on network data; the method has the advantages that relevance analysis is carried out on each network bug, whether each network bug is relevant or not is judged, and therefore whether the network bugs can appear in succession or not is judged, predictability of the network bugs is improved, influence caused by sudden network bugs is effectively reduced, and meanwhile risks of the network bugs on network data can be reduced; performing environment detection on the current network, and judging whether the current network is normal or not so as to analyze the occurrence probability of the network bug and the influence of the network bug on the network; the network vulnerability is verified and reasonably matched with maintainers, so that the distribution of verification tasks is optimized according to vulnerability information, importance and work task information of the maintainers, the verification efficiency is improved, the vulnerability maintenance efficiency is improved, and the influence of the network environment of the vulnerability is reduced.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
Fig. 1 is a schematic block diagram of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a network vulnerability identification and detection system based on data analysis includes a network vulnerability detection and identification platform, a server is disposed in the network vulnerability detection and identification platform, and the server is connected with a vulnerability correlation analysis unit, a network environment detection unit, a verification task allocation optimization unit and a database in a communication manner; the server is in bidirectional communication connection with the vulnerability correlation analysis unit, the network environment detection unit, the verification task allocation optimization unit and the database;
the network vulnerability detection and identification platform is used for detecting and identifying network vulnerabilities, so that the accuracy of network vulnerability detection and identification is improved, the influence of the network vulnerabilities on network data is reduced, the server generates relevance analysis signals and sends the relevance analysis signals to the vulnerability relevance analysis unit, the vulnerability relevance analysis unit is used for conducting relevance analysis on the network vulnerabilities and judging whether the network vulnerabilities are relevant or not, so that whether the network vulnerabilities can appear in succession or not is judged, the predictability of the network vulnerabilities is improved, the influence caused by sudden network vulnerabilities is effectively reduced, meanwhile, the risk of the network vulnerabilities on the network data can be reduced, and the specific vulnerability relevance analysis process is as follows:
marking the network construction time as an initial time, constructing a vulnerability analysis time period according to the current time and the initial time, collecting network vulnerabilities appearing in the vulnerability analysis time period, simultaneously collecting vulnerability data corresponding to the network vulnerabilities appearing in the vulnerability analysis time period, wherein the vulnerability data comprises vulnerability influence duration, influence network speed floating values and influence data downloading flow, marking the network vulnerabilities appearing in the vulnerability analysis time period as historical vulnerabilities, setting a mark i to be a natural number larger than 1, simultaneously marking vulnerability data corresponding to the historical vulnerabilities as influence factors, marking the influence of the influence factors on the network data as influence characteristics, and expressing the influence characteristics as vulnerability influence duration increase, network speed floating value increase or data downloading flow reduction;
sequencing the collected historical loopholes according to the sequence of a loophole analysis time period, constructing a historical loophole set, comparing the occurrence interval time of the historical loopholes corresponding to adjacent subsets in the collected historical loophole set and the influence time difference of the historical loopholes corresponding to the adjacent subsets with the interval time threshold and the influence time difference threshold respectively:
if the occurrence interval duration of the history loopholes corresponding to the adjacent subsets is smaller than the interval duration threshold, and the influence duration difference of the history loopholes corresponding to the adjacent subsets is smaller than the influence duration difference threshold, binding the history loopholes corresponding to the adjacent subsets, and marking the bound history loopholes as preset associated loopholes; if the occurrence interval duration of the history loopholes corresponding to the adjacent subsets is greater than the interval duration threshold, and the influence duration difference of the history loopholes corresponding to the adjacent subsets is greater than the influence duration difference threshold, binding the history loopholes corresponding to the adjacent subsets, and marking the bound history loopholes as preset non-associated loopholes;
comparing the influence factors and the influence characteristics of the preset associated loopholes and the preset non-associated loopholes, and if the influence factors and the influence characteristics of the preset associated loopholes are consistent, marking the corresponding preset associated loopholes as selected associated loopholes; if the comparison of the influence factors and the influence characteristics of the preset associated loopholes is inconsistent, marking the corresponding preset associated loopholes as risk associated loopholes; if the influence factors and the influence characteristics of the preset non-associated vulnerability are consistent in comparison, marking the corresponding preset non-associated vulnerability as a monitoring associated vulnerability; if the comparison of the influence factors and the influence characteristics of the preset non-associated vulnerability is inconsistent, marking the corresponding preset non-associated vulnerability as a selected non-associated vulnerability;
sending the selected associated vulnerability, the risk associated vulnerability, the monitoring associated vulnerability and the selected non-associated vulnerability to a server; the server receives the selected associated loophole, the risk associated loophole, the monitored associated loophole and the selected non-associated loophole, then forwards the selected associated loophole, the risk associated loophole, the monitored associated loophole and the selected non-associated loophole to the database for storage, simultaneously detects the risk associated loophole and the monitored associated loophole, and judges the risk associated loophole or the monitored associated loophole as the selected associated loophole if the successive occurrence frequency of the corresponding risk associated loophole and the monitored associated loophole exceeds a corresponding frequency threshold value; in the method, the selected associated loopholes, the risk associated loopholes, the monitored associated loopholes and the selected non-associated loopholes are distinguished, the loopholes appearing in the network are divided, and when the loopholes appear in the network in real time, the associated loopholes, the non-associated loopholes and the like can be determined, so that the danger coefficient of the real-time loopholes and the targeted maintenance-removing loopholes can be accurately judged, and the maintenance efficiency of the loopholes is ensured;
the server generates a network environment detection signal and sends the network environment detection signal to the network environment detection unit, the network environment detection unit is used for carrying out environment detection on the current network and judging whether the current network is normal or not, so that the occurrence probability of a network bug and the influence of the network bug on the network are analyzed, and the specific network environment detection process is as follows:
setting a network environment detection time period, acquiring the network vulnerability screening frequency in the network environment detection time period and the times of network vulnerabilities appearing in a network vulnerability screening period, and comparing the network vulnerability screening frequency in the network environment detection time period and the times of network vulnerabilities appearing in the network vulnerability screening period with a network vulnerability screening frequency threshold value and a network vulnerability appearing times threshold value respectively:
if the network vulnerability screening frequency in the network environment detection time period exceeds the network vulnerability screening frequency threshold value and the number of times of network vulnerabilities appearing in the network vulnerability screening period does not exceed the network vulnerability appearing number threshold value, judging the safety of the corresponding network environment, generating a network environment safety signal and sending the network environment safety signal to a server; if the network vulnerability screening frequency in the network environment detection time period does not exceed the network vulnerability screening frequency threshold value and the number of times of network vulnerabilities appearing in the network vulnerability screening period exceeds the network vulnerability appearing number threshold value, judging that the corresponding network environment is unsafe, generating a network environment risk signal and sending the network environment risk signal to a server; according to the method and the device, the network vulnerability screening frequency and the number of times of network vulnerabilities appearing in the network vulnerability screening period can reflect the state of a network environment, and when the network vulnerability screening frequency and the number of times of network vulnerabilities appearing in the network vulnerability screening period are not in direct proportion, the corresponding network environment is indicated to be abnormal; such as: when the network vulnerability screening frequency is once every ten days, and the number of times of occurrence of the vulnerability in the screening frequency once every ten days is ten times, judging that the network environment is abnormal;
the server generates a checking task distribution optimization signal and sends the checking task distribution optimization signal to a checking task distribution optimization unit, the checking task distribution optimization unit is used for reasonably matching maintenance personnel for checking the network leak, therefore, the checking task distribution is optimized according to the information, the importance and the work task information of the checking personnel, the checking efficiency is improved, the efficiency of leak maintenance is improved, the influence of the network environment of the leak is reduced, and the specific checking task distribution optimization process is as follows:
collecting the real-time network loopholes, marking the real-time network loopholes as real-time loopholes, comparing the real-time loopholes with historical loopholes in a database, if the real-time loopholes are consistent with the historical loopholes in the database, comparing the selected associated loopholes of the real-time loopholes with the longest maintenance time length corresponding to the selected associated loopholes, and comparing the selected associated loopholes of the real-time loopholes with the selected associated loopholes threshold value and the longest maintenance time length threshold value respectively:
if the number of the selected associated vulnerabilities of the real-time vulnerabilities exceeds a selected associated vulnerability number threshold value, or the longest maintenance time corresponding to the selected associated vulnerabilities exceeds a longest maintenance time threshold value, marking the corresponding vulnerabilities as first-level known vulnerabilities; if the number of the selected associated vulnerabilities of the real-time vulnerabilities does not exceed the threshold value of the number of the selected associated vulnerabilities, and the longest maintenance time corresponding to the selected associated vulnerabilities does not exceed the threshold value of the longest maintenance time, marking the corresponding vulnerabilities as second-level known vulnerabilities; the vulnerability is graded, so that vulnerability detection and maintenance can be effectively and reasonably performed;
if the comparison is inconsistent, comparing the duration and the number of the influencing factors of the influencing characteristics corresponding to the real-time vulnerability with the duration threshold and the number of the influencing factors respectively:
if the duration of the influence characteristics corresponding to the real-time vulnerability exceeds the duration threshold and the number of the influence factors exceeds the number threshold of the influence factors, marking the corresponding network vulnerability as a first-level unknown vulnerability; if the duration of the influence characteristics corresponding to the real-time vulnerability does not exceed the duration threshold and the number of the influence factors does not exceed the number threshold, marking the corresponding network vulnerability as a second-level unknown vulnerability;
dividing the real-time idle maintainers according to the maintenance times, and if the corresponding maintenance times of the real-time idle maintainers exceed a maintenance time threshold, marking the corresponding real-time idle maintainers as real-time first-class staffs; if the corresponding maintenance times of the real-time idle maintenance personnel do not exceed the maintenance time threshold, marking the corresponding real-time idle maintenance personnel as real-time secondary personnel;
matching a first-stage known vulnerability and a first-stage unknown vulnerability to the real-time first-stage personnel, and matching a second-stage known vulnerability and a second-stage unknown vulnerability to the real-time second-stage personnel; and sending the matched maintenance personnel and the matched network loopholes to a server.
When the system is used, the network vulnerability detection and identification platform is used for detecting and identifying the network vulnerability, the server generates a relevance analysis signal and sends the relevance analysis signal to the vulnerability relevance analysis unit, and the vulnerability relevance analysis unit is used for carrying out relevance analysis on each network vulnerability; the server generates a network environment detection signal and sends the network environment detection signal to the network environment detection unit, and the network environment detection unit detects the environment of the current network; the server generates a verification task allocation optimization signal and sends the verification task allocation optimization signal to the verification task allocation optimization unit, and the verification of the network loopholes by the verification task allocation optimization unit is reasonably matched with maintenance personnel.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.
Claims (8)
1. A network vulnerability identification and detection system based on data analysis is characterized by comprising a network vulnerability detection and identification platform, wherein a server is arranged in the network vulnerability detection and identification platform and is in communication connection with a vulnerability correlation analysis unit, a network environment detection unit, a verification task allocation optimization unit and a database;
the network vulnerability detection and identification platform is used for detecting and identifying network vulnerabilities, the server generates relevance analysis signals and sends the relevance analysis signals to the vulnerability relevance analysis unit, and relevance analysis is carried out on each network vulnerability through the vulnerability relevance analysis unit; the server generates a network environment detection signal and sends the network environment detection signal to the network environment detection unit, and the network environment detection unit detects the environment of the current network; the server generates a verification task allocation optimization signal and sends the verification task allocation optimization signal to the verification task allocation optimization unit, and the verification of the network loopholes by the verification task allocation optimization unit is reasonably matched with maintenance personnel.
2. The system according to claim 1, wherein the vulnerability correlation analysis unit performs the vulnerability correlation analysis process as follows:
marking the network construction time as an initial time, constructing a vulnerability analysis time period according to the current time and the initial time, collecting network vulnerabilities appearing in the vulnerability analysis time period, simultaneously collecting vulnerability data corresponding to the network vulnerabilities appearing in the vulnerability analysis time period, wherein the vulnerability data comprises vulnerability influence duration, net speed influence floating values and influence data downloading flow, marking the network vulnerabilities appearing in the vulnerability analysis time period as historical vulnerabilities, setting a mark i to be a natural number larger than 1, simultaneously marking vulnerability data corresponding to the historical vulnerabilities as influence factors, marking the influence of the influence factors on the network data as influence characteristics, and expressing the influence characteristics as vulnerability influence duration increase, net speed floating value increase or data downloading flow reduction;
sequencing the collected historical loopholes according to the sequence of the loophole analysis time period, constructing a historical loophole set, comparing the occurrence interval time of the historical loopholes corresponding to the adjacent subsets in the collected historical loophole set and the influence time difference of the historical loopholes corresponding to the adjacent subsets with the interval time threshold and the influence time difference of the historical loopholes corresponding to the adjacent subsets respectively.
3. The system according to claim 2, wherein the comparison between the occurrence interval duration of the historical vulnerabilities corresponding to the adjacent subsets and the difference between the impact durations of the historical vulnerabilities corresponding to the adjacent subsets and the interval duration threshold and the difference between the impact durations respectively is as follows:
if the occurrence interval duration of the history loopholes corresponding to the adjacent subsets is smaller than the interval duration threshold, and the influence duration difference of the history loopholes corresponding to the adjacent subsets is smaller than the influence duration difference threshold, binding the history loopholes corresponding to the adjacent subsets, and marking the bound history loopholes as preset associated loopholes; if the occurrence interval duration of the history loopholes corresponding to the adjacent subsets is greater than the interval duration threshold, and the influence duration difference of the history loopholes corresponding to the adjacent subsets is greater than the influence duration difference threshold, binding the history loopholes corresponding to the adjacent subsets, and marking the bound history loopholes as preset non-associated loopholes;
comparing the influence factors and the influence characteristics of the preset associated loopholes and the preset non-associated loopholes, and if the influence factors and the influence characteristics of the preset associated loopholes are consistent, marking the corresponding preset associated loopholes as selected associated loopholes; if the comparison of the influence factors and the influence characteristics of the preset associated loopholes is inconsistent, marking the corresponding preset associated loopholes as risk associated loopholes; if the influence factors and the influence characteristics of the preset non-associated vulnerability are consistent in comparison, marking the corresponding preset non-associated vulnerability as a monitoring associated vulnerability; and if the comparison of the influence factors and the influence characteristics of the preset non-associated vulnerability is inconsistent, marking the corresponding preset non-associated vulnerability as the selected non-associated vulnerability.
4. The system according to claim 3, wherein selected associated vulnerabilities, risk associated vulnerabilities, monitored associated vulnerabilities, and selected non-associated vulnerabilities are sent to a server; and after receiving the selected associated loophole, the risk associated loophole, the monitoring associated loophole and the selected non-associated loophole, the server forwards the selected associated loophole, the risk associated loophole, the monitoring associated loophole and the selected non-associated loophole to a database for storage, detects the risk associated loophole and the monitoring associated loophole at the same time, and determines the risk associated loophole or the monitoring associated loophole as the selected associated loophole if the successive occurrence frequency of the corresponding risk associated loophole and the monitoring associated loophole exceeds a corresponding frequency threshold value.
5. The system for detecting network vulnerability identification based on data analysis according to claim 1, wherein the network environment detection process of the network environment detection unit is as follows:
setting a network environment detection time period, acquiring the network vulnerability screening frequency in the network environment detection time period and the times of network vulnerabilities appearing in a network vulnerability screening period, and comparing the network vulnerability screening frequency in the network environment detection time period and the times of network vulnerabilities appearing in the network vulnerability screening period with a network vulnerability screening frequency threshold value and a network vulnerability appearing times threshold value respectively.
6. The system according to claim 5, wherein the comparison process between the network vulnerability screening frequency in the network environment detection time period and the number of times of network vulnerabilities appearing in the network vulnerability screening period and the network vulnerability screening frequency threshold and the network vulnerability appearing time threshold respectively is as follows:
if the network vulnerability screening frequency in the network environment detection time period exceeds the network vulnerability screening frequency threshold value and the number of times of network vulnerabilities appearing in the network vulnerability screening period does not exceed the network vulnerability appearing number threshold value, judging the safety of the corresponding network environment, generating a network environment safety signal and sending the network environment safety signal to a server; if the network vulnerability screening frequency in the network environment detection time period does not exceed the network vulnerability screening frequency threshold value and the number of times of network vulnerabilities appearing in the network vulnerability screening period exceeds the network vulnerability appearing number threshold value, judging that the corresponding network environment is unsafe, generating a network environment risk signal and sending the network environment risk signal to the server.
7. The system according to claim 1, wherein the verification task allocation optimization process of the verification task allocation optimization unit is as follows:
collecting the real-time network loopholes, marking the real-time network loopholes as real-time loopholes, comparing the real-time loopholes with historical loopholes in a database, if the real-time loopholes are consistent with the historical loopholes in the database, comparing the selected associated loopholes of the real-time loopholes with the longest maintenance time length corresponding to the selected associated loopholes, and comparing the selected associated loopholes of the real-time loopholes with the selected associated loopholes threshold value and the longest maintenance time length threshold value respectively:
if the number of the selected associated vulnerabilities of the real-time vulnerabilities exceeds a selected associated vulnerability number threshold value, or the longest maintenance time corresponding to the selected associated vulnerabilities exceeds a longest maintenance time threshold value, marking the corresponding vulnerabilities as first-level known vulnerabilities; if the number of the selected associated vulnerabilities of the real-time vulnerabilities does not exceed the threshold value of the number of the selected associated vulnerabilities, and the longest maintenance time corresponding to the selected associated vulnerabilities does not exceed the threshold value of the longest maintenance time, marking the corresponding vulnerabilities as second-level known vulnerabilities;
if the comparison is inconsistent, comparing the duration and the number of the influencing factors of the influencing characteristics corresponding to the real-time vulnerability with the duration threshold and the number of the influencing factors threshold respectively.
8. The system according to claim 7, wherein the comparison between the duration and the number of influencing factors of the influencing features corresponding to the real-time vulnerability and the duration threshold and the number of influencing factors threshold respectively is as follows:
if the duration of the influence characteristics corresponding to the real-time vulnerability exceeds the duration threshold and the number of the influence factors exceeds the number threshold, marking the corresponding network vulnerability as a first-level unknown vulnerability; if the duration of the influence characteristics corresponding to the real-time vulnerability does not exceed the duration threshold and the number of the influence factors does not exceed the number threshold, marking the corresponding network vulnerability as a second-level unknown vulnerability;
dividing the real-time idle maintainers according to the maintenance times, and if the corresponding maintenance times of the real-time idle maintainers exceed a maintenance time threshold, marking the corresponding real-time idle maintainers as real-time first-class staffs; if the maintenance times corresponding to the real-time idle maintenance personnel do not exceed the maintenance time threshold, marking the corresponding real-time idle maintenance personnel as real-time secondary personnel;
matching the first-level known loopholes and the first-level unknown loopholes for the first-level real-time personnel, and matching the second-level known loopholes and the second-level unknown loopholes for the second-level real-time personnel; and sending matched maintenance personnel and network vulnerabilities to a server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210048478.6A CN114584342B (en) | 2022-01-17 | 2022-01-17 | Network vulnerability recognition and detection system based on data analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210048478.6A CN114584342B (en) | 2022-01-17 | 2022-01-17 | Network vulnerability recognition and detection system based on data analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114584342A true CN114584342A (en) | 2022-06-03 |
| CN114584342B CN114584342B (en) | 2024-02-06 |
Family
ID=81772743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210048478.6A Active CN114584342B (en) | 2022-01-17 | 2022-01-17 | Network vulnerability recognition and detection system based on data analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114584342B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618176A (en) * | 2014-12-29 | 2015-05-13 | 北京奇虎科技有限公司 | Website security detection method and device |
| CN104836855A (en) * | 2015-04-30 | 2015-08-12 | 国网四川省电力公司电力科学研究院 | Web application safety situation assessment system based on multi-source data fusion |
| CN106649429A (en) * | 2016-08-25 | 2017-05-10 | 北京知道未来信息技术有限公司 | Method and device for rapidly evaluating vulnerability hazard level based on multi-dimensional statistics |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| WO2019047346A1 (en) * | 2017-09-11 | 2019-03-14 | 平安科技(深圳)有限公司 | Website vulnerability scanning method, device, computer device, and storage medium |
| CN109600371A (en) * | 2018-12-08 | 2019-04-09 | 公安部第三研究所 | A kind of network layer leakage location and method |
| CN110417751A (en) * | 2019-07-10 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of network safety pre-warning method, device and storage medium |
-
2022
- 2022-01-17 CN CN202210048478.6A patent/CN114584342B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618176A (en) * | 2014-12-29 | 2015-05-13 | 北京奇虎科技有限公司 | Website security detection method and device |
| CN104836855A (en) * | 2015-04-30 | 2015-08-12 | 国网四川省电力公司电力科学研究院 | Web application safety situation assessment system based on multi-source data fusion |
| CN106649429A (en) * | 2016-08-25 | 2017-05-10 | 北京知道未来信息技术有限公司 | Method and device for rapidly evaluating vulnerability hazard level based on multi-dimensional statistics |
| WO2019047346A1 (en) * | 2017-09-11 | 2019-03-14 | 平安科技(深圳)有限公司 | Website vulnerability scanning method, device, computer device, and storage medium |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN109600371A (en) * | 2018-12-08 | 2019-04-09 | 公安部第三研究所 | A kind of network layer leakage location and method |
| CN110417751A (en) * | 2019-07-10 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of network safety pre-warning method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114584342B (en) | 2024-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110390357A (en) | A kind of DTU safety monitoring method based on side channel | |
| CN110912884A (en) | Detection method, detection equipment and computer storage medium | |
| CN113254978B (en) | Data security management system based on machine learning | |
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| CN112685682B (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
| CN109257393A (en) | XSS attack defence method and device based on machine learning | |
| CN110135166A (en) | A kind of detection method and system for the attack of service logic loophole | |
| CN114155614B (en) | Method and system for identifying anti-violation behavior of operation site | |
| CN116305052B (en) | Electronic signature data real-time safety supervision system based on artificial intelligence | |
| CN113704328B (en) | User behavior big data mining method and system based on artificial intelligence | |
| CN116319099A (en) | Multi-terminal financial data management method and system | |
| CN113486343A (en) | Attack behavior detection method, device, equipment and medium | |
| CN101588358A (en) | System and method for detecting host intrusion based on danger theory and NSA | |
| CN112637108B (en) | Internal threat analysis method and system based on anomaly detection and emotion analysis | |
| CN114050937B (en) | Mailbox service unavailability processing method and device, electronic equipment and storage medium | |
| CN116628705A (en) | Data security processing method, system, electronic equipment and storage medium | |
| KR101444250B1 (en) | System for monitoring access to personal information and method therefor | |
| CN113946492A (en) | Intelligent operation and maintenance method, device, equipment and storage medium | |
| CN113282920A (en) | Log abnormity detection method and device, computer equipment and storage medium | |
| CN117336055A (en) | Network abnormal behavior detection method and device, electronic equipment and storage medium | |
| CN112688971A (en) | Function-damaged network security threat identification device and information system | |
| CN114584342A (en) | Network vulnerability identification and detection system based on data analysis | |
| CN114884712B (en) | Method, device, equipment and medium for determining risk level information of network asset | |
| CN115333849A (en) | Computer network safety intrusion detection system | |
| CN113923011A (en) | Phishing early warning method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |