CN115883190A - Method, device, equipment and storage medium for correcting loophole - Google Patents

Method, device, equipment and storage medium for correcting loophole Download PDF

Info

Publication number
CN115883190A
CN115883190A CN202211510799.XA CN202211510799A CN115883190A CN 115883190 A CN115883190 A CN 115883190A CN 202211510799 A CN202211510799 A CN 202211510799A CN 115883190 A CN115883190 A CN 115883190A
Authority
CN
China
Prior art keywords
vulnerability
information
asset
electronic device
time limit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211510799.XA
Other languages
Chinese (zh)
Inventor
梁浩波
罗金满
林浩钊
刘飘
刘卓贤
刘丽媛
邹钟璐
封祐钧
冷颖雄
姚子汭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Dongguan Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Dongguan Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Dongguan Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202211510799.XA priority Critical patent/CN115883190A/en
Publication of CN115883190A publication Critical patent/CN115883190A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method, a device, equipment and a storage medium for correcting a vulnerability, wherein the method comprises the following steps: the method comprises the steps of searching electronic equipment with a vulnerability in network security, calculating candidate time limit for correcting the vulnerability of each electronic equipment according to the hazard level of the vulnerability, calculating characteristic values of each electronic equipment on a plurality of asset dimensions, adjusting the candidate time limit of each electronic equipment according to a plurality of characteristic values to obtain target time limit for correcting the vulnerability of each electronic equipment, issuing vulnerability correction tasks to each electronic equipment, wherein the vulnerability correction tasks require that the vulnerability of each electronic equipment is corrected within the target time limit, the accuracy and the real-time performance of evaluation on the electronic equipment with the vulnerability correction time limit can be effectively improved, and risks can be effectively controlled in time under the condition of limited human cost.

Description

Method, device, equipment and storage medium for correcting loophole
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a method, a device, equipment and a storage medium for correcting a vulnerability.
Background
At present, the situation of network security at home and abroad is severe, network attack means are endless, network security threats of various IT assets, such as electronic equipment, are increasingly increased, related network security vulnerabilities are frequently exploded, and the efficient and high-quality promotion of network security vulnerability renovation work is very important.
At present, the conventional evaluation method of the network security vulnerability truing time limit mainly determines a unified general network security vulnerability truing time limit according to the hazard level of the vulnerability (the division requirement is an access path, the utilization complexity and the influence degree), wherein the unified general network security vulnerability truing time limit is 10 working days, for example, the ultra-dangerous vulnerability truing time limit and the high-dangerous vulnerability truing time limit are 30 working days. Such a specified reforming time limit tends to cause the following problems:
(1) The requirements of the bug repairs can not be met accurately only by considering the hazard level of the bug and determining the correction time limit without considering other influence factors.
(2) The priority of the rectified loophole is determined only according to the hazard level, the loophole with high hazard is difficult to solve in time, potential safety hazards exist, and meanwhile poor force distribution of the rectified loophole is caused.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for correcting a vulnerability, which are used for solving the problem caused by simply dividing the vulnerability grade in the prior art, ensuring the accuracy and real-time performance of the time limit evaluation of the vulnerability correction and realizing timely and effective risk control.
According to a first aspect of the present invention, there is provided a method for modifying a vulnerability, including:
searching for electronic equipment with vulnerabilities on network security;
calculating and correcting the candidate time limit of the vulnerability for each electronic device according to the hazard level of the vulnerability;
calculating characteristic values presented by each electronic device on a plurality of asset dimensions;
adjusting the candidate time limit of each electronic device according to the plurality of characteristic values to obtain a target time limit for modifying the vulnerability of each electronic device;
and issuing a vulnerability correction task to each electronic device, wherein the vulnerability correction task requires that the vulnerability of each electronic device is corrected within the target time limit.
According to a second aspect of the present invention, there is provided a vulnerability remedying apparatus, including:
the searching module is used for searching the electronic equipment with the vulnerability on the network security;
the candidate time limit calculation module is used for calculating and correcting the candidate time limit of the vulnerability for each electronic device according to the hazard level of the vulnerability;
the characteristic value calculation module is used for calculating characteristic values of all the electronic devices presented on a plurality of asset dimensions;
the adjusting module is used for adjusting the candidate time limit of each electronic device according to the plurality of characteristic values to obtain a target time limit for correcting the vulnerability of each electronic device;
and the issuing module is used for issuing a vulnerability correcting task to each electronic device, wherein the vulnerability correcting task requires that the vulnerability of each electronic device is corrected within the target time limit.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform a method of remediating a vulnerability according to any of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement a method for correcting a vulnerability according to any of the embodiments of the present invention when the computer instructions are executed.
The embodiment of the application provides a vulnerability rectification method, which can search electronic equipment with a vulnerability on network security, then calculate candidate time limit of the vulnerability rectification according to the hazard level of the vulnerability, wherein the determined candidate time limit does not well define the emergency degree corresponding to each electronic equipment, can calculate characteristic values of each electronic equipment on multiple asset dimensions, adjust the candidate time limit of each electronic equipment according to multiple characteristic values, obtain the target time limit of the vulnerability rectification of each electronic equipment, and issue a vulnerability rectification task to each electronic equipment, wherein the vulnerability rectification task requires to rectify the vulnerability of each electronic equipment within the target time limit, so that the accuracy and the real-time performance of the electronic equipment rectification time limit evaluation of the vulnerability can be effectively improved, and risks can be effectively controlled in time under the condition of limited human cost.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for modifying a vulnerability according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a vulnerability correcting device according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device for implementing a vulnerability correcting method according to an embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a method for modifying a vulnerability according to an embodiment of the present disclosure.
For the problems faced by the network security at present, how to reasonably evaluate the network security vulnerability rectification time limit of each type of electronic equipment on the limited manpower cost condition is the key for realizing the efficient and high-quality promotion of the network security vulnerability rectification work.
At present, the time limit for correcting the universal network security vulnerability is determined only by considering the hazard level of the vulnerability, and not considering the difference between the vulnerability with the repair patch and the vulnerability without the repair patch temporarily, and the change of the requirement on the time limit for correcting the vulnerability in different network security guarantee periods. In addition, the network security hole rectification time limit does not comprehensively consider factors such as attack exposure faces, asset types, asset use frequency and the like faced by various electronic equipment, and the urgency of the vulnerability rectification of various electronic equipment is not determined, so that the early-stage security hole rectification force is dispersed, and the network security hole rectification is more and more successful.
By the method for correcting the vulnerability, the accuracy and the real-time performance of the evaluation of the network security vulnerability correction time limit of the electronic equipment are improved, and therefore efficient and high-quality vulnerability correction is achieved.
The method can be executed by a vulnerability truing device, and the truing device for the vulnerability can be realized in a form of hardware and/or software.
As shown in fig. 1, the present embodiment may include the following steps:
s110, searching for the electronic equipment with the vulnerability in the network security.
In this embodiment, operations such as vulnerability scanning and the like may be performed on the electronic device based on a platform having a vulnerability searching function to determine the electronic device having a vulnerability in the network security within a specified range.
For example, for the interior of an enterprise, the electronic devices may include various business systems, network devices, security devices, host devices, office terminals, office peripherals, and the like.
In one embodiment, step S110 includes the following steps:
s110-1, acquiring vulnerability information released in a specified channel, wherein the vulnerability information comprises first version information of software and/or hardware.
In this embodiment, the specified channels may refer to national network security regulatory agencies, internet network security vulnerabilities mainstream distribution platforms, and the like, and these specified channels will publish the latest information related to the network security vulnerabilities, that is, vulnerability information. Specifically, the specific version of the software and/or hardware and the specific bug existing in the corresponding version can be obtained from the specified channel.
And S110-2, inquiring second version information of each electronic device in the software and/or hardware in the specified range.
In this embodiment, each electronic device in the designated range may refer to all electronic devices in a certain management range, and for example, if a bug is rectified for a certain enterprise, each electronic device in the designated range may be all electronic devices in the enterprise.
After querying the version corresponding to the software and/or hardware of each electronic device in the specified range, the version information corresponding to the software and/or hardware stored in the specific electronic device may be determined, that is, the second version information is obtained.
S110-3, if the second version information of a certain electronic device is the same as the first version information, determining that the electronic device has a vulnerability in network security.
In this embodiment, after obtaining the first version information from the specified channel and determining the second version information by searching, the first version information and the second version information may be matched, and if the second version information of a certain electronic device is the same as the first version information, it may be determined that the electronic device has a vulnerability in network security and is affected by the vulnerability. All electronic devices within a specified range with the same vulnerability in network security can be checked out.
And S120, calculating the candidate time limit for correcting the vulnerability for each electronic device according to the hazard level of the vulnerability.
In an embodiment, after the vulnerability is determined, the hazard levels of the vulnerability may be divided, and the correction time limit corresponding to different hazard levels is determined.
Different weights can be set according to the influence of the vulnerability on different layers, different weights can be set according to the issued time length of the vulnerability, and different weights can be set according to the specific use requirement in the specified range. For example, when the specified range is a bank enterprise, the threat of the vulnerability related to the transaction flow to the bank enterprise is large, and at this time, a corresponding weight may be set for the vulnerability related to the transaction flow, so as to shorten the correction time limit.
Then, the candidate time limit can be calculated according to the correction time limits corresponding to different hazard levels and the determined weights.
In one embodiment, step S120 includes the following steps:
s120-1, inquiring the damage level of the vulnerability.
In this embodiment, the vulnerability classification may be performed in advance for all vulnerabilities to generate vulnerability classification information. After the vulnerability existing in the electronic equipment is determined, the vulnerability classification information of the vulnerability classification generated in advance can be inquired, and the vulnerability classification corresponding to the vulnerability existing in the electronic equipment is determined. Specifically, the hazard classes can be classified into ultra-hazardous, high-hazardous, medium-hazardous, and low-hazardous.
And S120-2, mapping the hazard level to the original time limit of the configuration rectification vulnerability of each electronic device, wherein the original time limit is negatively related to the hazard level.
In this embodiment, the modification time limit corresponding to different hazard levels is different, and the greater the hazard indicated by the hazard level is, the higher the modification time limit requirement is, that is, the shorter the time limit is. The damage level can be mapped to the original time limit of the configured rectification vulnerability of each electronic device, wherein the damage level is an ultra-dangerous vulnerability and a high-dangerous vulnerability, the original time limit is 10 working days, the damage level is a medium-dangerous vulnerability and a low-dangerous vulnerability, and the original time limit is 30 working days.
And S120-3, configuring a plurality of adjusting coefficients for each electronic device under a plurality of security dimensions respectively.
In this embodiment, the original time limit of the truing vulnerability mapped by the division of the hazard level is difficult to accurately meet the urgency of the truing vulnerability, and the problem of unreasonable distribution of truing power exists. Therefore, different safety dimensions can be set for different application places, a plurality of adjusting coefficients are configured for each electronic device under the plurality of safety dimensions, and the whole time limit of the vulnerability is further refined accurately so as to obtain a more reasonable whole time limit. For example, the security dimension may be whether the current period is a network security guarantee period, the time length of vulnerability release, the level of vulnerability impact, and the like.
In one embodiment, step S120-3 includes the steps of:
inquiring the time length of the released vulnerability;
configuring an adjusting coefficient for each electronic device according to the time length, wherein the adjusting coefficient is in positive correlation with the time length;
inquiring the security guarantee level of the network environment where the electronic equipment is located;
configuring an adjusting coefficient for each electronic device according to the safety guarantee level, wherein the adjusting coefficient is negatively related to the safety guarantee level;
inquiring the level of security influence of the vulnerability on software and/or hardware of the electronic equipment;
and configuring adjustment coefficients for each electronic device according to the layer, wherein the authority of external access at the module layer is negatively related to the safety guarantee level.
In this embodiment, the security dimension may be a time length for which the vulnerability has been released, a security level of a network environment where the electronic device is located, and a level of security impact of the vulnerability on software and/or hardware of the electronic device.
The issued time of the vulnerability can be inquired and determined from vulnerability information issued from a specified channel, and an adjustment system is configured for each electronic device according to the timeThe number, the adjustment coefficient and the duration are positively correlated. Can be combined with A 1 As adjusting coefficients are configured for each electronic device according to the time length. Exemplarily, for a vulnerability with a duration of 0 days, a vulnerability with a duration of 1 day, and a vulnerability with a duration of N days, A 1 The number of the coefficients can be set to be 3 such as 0.5, 0.7, 1 and the like, the loophole of 0 day means the loophole without releasing the official patch, the damage is extremely large, the higher the requirement on the correction time limit is, the smaller the corresponding adjusting coefficient is. In an embodiment, if only the time length of the released vulnerability is considered, for a high-risk vulnerability with a time length of 0 day, the modification time length may be 10 days of the original time length multiplied by the adjustment coefficient, that is, 10 × 0.5=5 working days.
The security level of the network environment where the electronic device is located may be determined by the time node at which the vulnerability is currently discovered. Because different network environments process different information, and the information processed by part of the network environments is related to national security, social order, public benefits and the like, the evaluation needs to be performed at intervals, and the urgency degrees of different evaluation time periods can be different. Because there is a more targeted vulnerability during evaluation, that is, there is a greater potential safety hazard, when the vulnerability is within the evaluation time period, the vulnerability needs to be repaired more quickly to ensure the safety of information.
A 2 And configuring an adjusting coefficient for each electronic device according to the safety guarantee level, wherein the adjusting coefficient is negatively related to the safety guarantee level. Illustratively, the security level can be divided into a special level, a first level, a second level, a daily network security period, A 2 The 4 adjustment coefficients can be set to 0.7, 0.8, 0.9, 1, etc., respectively, i.e., the higher the grade, the higher the adjustment coefficient. In an embodiment, if only the security level is considered, the time limit for correcting the high-risk vulnerability may be 10 days of the original time limit multiplied by an adjustment coefficient, that is, 10 × 0.7=7 working days, when the current time limit is during the security guarantee period of the super network.
The layers affected by different vulnerabilities may be divided in advance, and then the layer where the current vulnerability affects the security of software and/or hardware of the electronic device is queried, for example, the different layers may include an application layer, a database layer, and an operating system layer.
Because the external access authority of the application port, the database port and the operating system port is changed from wide to narrow, A 3 Configuring regulating coefficients for each electronic device according to the layer, the authority of external access at the module layer being negatively related to the security level, A 3 Can be set to 0.5, 1, 2, etc. 3 coefficients accordingly. In an embodiment, if only the affected layer is considered, the current vulnerability is the vulnerability at the operating system layer, and the high-risk vulnerability is the vulnerability at the operating system layer, the modification time limit may be 10 days of the original time limit multiplied by the adjustment coefficient, that is, 10 × 2=20 working days.
And S120-4, multiplying the original time limit by a plurality of regulating coefficients aiming at the same electronic equipment to obtain a candidate time limit for correcting the vulnerability of the electronic equipment.
In one embodiment, after determining the plurality of adjustment coefficients from the plurality of security dimensions, the original time limit may be multiplied by the plurality of adjustment coefficients when determining the candidate time limit for remediating the vulnerability of the electronic device.
The candidate time limit may be determined using the following equation:
T 1 =T 0 ×A 1 ×A 2 ×A 3
wherein, T 1 Candidate time limits, T, for correcting vulnerabilities for electronic devices 0 To the original time limit, A 1 For configuring the regulating factor, A, for each electronic device according to the duration 2 For configuring the adjustment coefficients for the respective electronic devices according to the level of security assurance, A 3 Adjustment coefficients are configured for each electronic device in accordance with the layer.
It can be known that the candidate time limits determined for electronic devices having the same vulnerability are the same.
And S130, calculating characteristic values presented by each electronic device on a plurality of asset dimensions.
In this embodiment, the modification time limit may be comprehensively considered by combining asset dimensions to determine a modification time limit with higher real-time performance and higher security corresponding to each electronic device affected by the vulnerability.
Specifically, the feature values presented in the multiple asset dimensions may be represented in the form of a diagonal matrix.
In one embodiment, step S130 includes the steps of:
s130-1, inquiring the asset information on a plurality of asset dimensions for each electronic device.
The asset dimension may be predetermined, and for an electronic device with a vulnerability, asset information may be queried from a specified range to which the electronic device belongs, for example, when the specified range is inside a certain enterprise, for the inside of the enterprise, records may be stored for part of asset information of the electronic device in multiple asset dimensions, and the records may be directly queried from information recorded inside the enterprise, and in addition, part of asset information may also be queried from historical network environment data, such as the number of users, the access amount, and the like.
In one embodiment, step S130-1 includes:
respectively inquiring asset type information, asset exposure surface information and asset use information of each electronic device as asset information;
the asset type information comprises a service system, information infrastructure, terminal equipment and office peripherals;
the asset exposure surface information comprises an internet application, a first intranet system with data interaction with the internet application, a second intranet system with cross-region access and a third intranet system with single-region access;
the asset usage information comprises first usage information, second usage information, third usage information, and fourth usage information; the user magnitude of the first use information and the user magnitude of the second use information both belong to a first magnitude, the user magnitude of the third use information and the user magnitude of the fourth use information both belong to a second magnitude, and the first magnitude is greater than the second magnitude; the access magnitude of the first usage information and the access magnitude of the third usage information both belong to a third magnitude, the access magnitude of the second usage information and the access magnitude of the fourth usage information both belong to a fourth magnitude, and the third magnitude is greater than the fourth magnitude.
Specifically, the information infrastructure includes network devices, security devices, and host devices. The first usage information may be understood as a large number of users and a large number of accesses, the second usage information may be understood as a large number of users and a small number of accesses, the third usage information may be understood as a small number of users and a large number of accesses, and the fourth usage information may be understood as a small number of users and a small number of accesses.
S130-2, mapping the asset information into characteristic values.
According to the practical application condition, the characteristic value of each piece of information in the asset information can be determined and adjusted, mapping is carried out after the asset information of the electronic equipment with the vulnerability is determined, and the characteristic value corresponding to each piece of asset information is determined.
In one embodiment, step S130-2 includes:
respectively mapping the asset type information, the asset exposure face information and the asset use information to asset values;
the characteristic value of the business system is smaller than that of the information infrastructure, the characteristic value of the information infrastructure is smaller than that of the terminal equipment, and the characteristic value of the terminal equipment is smaller than that of the office peripheral equipment;
the characteristic value of the Internet application is smaller than that of a first intranet system, the characteristic value of the first intranet system is smaller than that of a second intranet system, and the characteristic value of the second intranet system is smaller than that of a third intranet system;
the feature value of the first usage information is smaller than the feature value of the second usage information, the feature value of the second usage information is smaller than the feature value of the third usage information, and the feature value of the third usage information is smaller than the feature value of the fourth usage information.
Specifically, the eigenvalue of the business system, the eigenvalue of the terminal device, the eigenvalue of the information infrastructure, and the eigenvalue of the terminal device may be set to 1, 1.5, 1.8, and 2, respectively, correspondingly.
The characteristic value of the internet application, the characteristic value of the first intranet system, the characteristic value of the second intranet system, and the characteristic value of the third intranet system may be set to 0.8, 1, 1.5, and 2, respectively, correspondingly.
The feature value of the first usage information, the feature value of the second usage information, the feature value of the third usage information, and the feature value of the fourth usage information may be correspondingly set to 1, 1.5, and 2, respectively.
S130-3, writing the characteristic values of the electronic devices into the same diagonal matrix aiming at the same asset dimension.
In this embodiment, after determining the eigenvalues of each electronic device corresponding to different asset dimensions, the eigenvalues of each electronic device may be written into a diagonal matrix, where eigenvalues belonging to the same asset dimension are written into the same diagonal matrix.
In one embodiment, step S130-3 includes:
writing characteristic values of all electronic equipment in the asset class information into a diagonal matrix;
writing characteristic values of the electronic equipment in the asset exposure surface information into the other diagonal matrix;
and writing characteristic values of the electronic devices in the asset use information into the other diagonal matrix.
Specifically, a diagonal matrix C = diag { C may be employed 1 ,c 2 ,…,c n Indicating characteristic values in the asset class information corresponding to each electronic device with the vulnerability, wherein c i And representing the characteristic value in the asset class information corresponding to the electronic equipment Si. When the eigenvalue of the business system, the eigenvalue of the terminal device, the eigenvalue of the information infrastructure, and the eigenvalue of the terminal device can be correspondingly set to 1, 1.5, 1.8, 2, respectively, then c i ∈{1,1.5,1.8,2}。
The diagonal matrix E = diag { E } may be employed 1 ,e 2 ,…,e n And e represents a characteristic value in the asset exposure surface information corresponding to each electronic device with the vulnerability, wherein e i And representing the characteristic value in the asset exposure surface information corresponding to the electronic equipment Si. When the characteristic value of the internet application, the characteristic value of the first intranet system, the characteristic value of the second intranet system, and the characteristic value of the third intranet system may be set to 0.8, 1, 1.5, and 2, respectively, e i ∈{0.8,1,1.5,2}。
The diagonal matrix U = diag { U } may be employed 1 ,u 2 ,…,u n Denotes a characteristic value in the asset use information corresponding to each electronic device having a vulnerability, where u is i And representing the characteristic value in the asset use information corresponding to the electronic equipment Si. When the feature value of the first usage information, the feature value of the second usage information, the feature value of the third usage information, and the feature value of the fourth usage information may be set to 1, 1.5, and 2, respectively, u is set to be equal to u i ∈{1,1.5,1.5,2}。
And S140, adjusting the candidate time limit of each electronic device according to the plurality of characteristic values to obtain a target time limit for correcting the vulnerability of each electronic device.
Because the candidate time limit is determined based on the hazard grade, the candidate time limit of each electronic device can be adjusted according to a plurality of characteristic values to obtain the target time limit for correcting the vulnerability of each electronic device, so that the target time limit which has real-time performance and can ensure safety of each electronic device correcting vulnerability can be determined by considering from various aspects.
In one embodiment, step S140 includes the following steps:
and multiplying the candidate time limit of each electronic device by the diagonal matrix corresponding to the asset class information, the diagonal matrix corresponding to the asset exposure surface information and the diagonal matrix corresponding to the asset use information to obtain the target time limit for correcting the vulnerability of each electronic device.
Specifically, the following formula may be adopted to determine the target time limit for modifying the vulnerability of each electronic device affected by the vulnerability:
T n =(T 1 ,T 1 ,…,T 1 ) 1×n ×C n×n ×E n×n ×U n×n =(T 11 ,T 12 ,…,T 1n ) 1×n
wherein, T n Target time limit, T, for trimming vulnerabilities for each electronic device affected by a vulnerability 1 Candidate time limit, T, corresponding to the electronic device having the vulnerability 1i Representing an electronic device S i When the corresponding target isAnd (4) limiting.
And S150, issuing vulnerability correcting tasks to the electronic devices.
Specifically, after the target time limit corresponding to each electronic device with a bug is determined, a bug correction task may be generated, and the bug correction task may be issued to each electronic device. And the vulnerability correcting task requires correcting the vulnerability of each electronic device within a target time limit.
The embodiment of the invention provides a method for correcting a vulnerability, which can search electronic equipment with the vulnerability on network security, calculate the candidate time limit of correcting the vulnerability according to the hazard level of the vulnerability, wherein the determined candidate time limit does not well define the emergency degree corresponding to each electronic equipment, can calculate the characteristic value of each electronic equipment on a plurality of asset dimensions, adjust the candidate time limit of each electronic equipment according to a plurality of characteristic values to obtain the target time limit of correcting the vulnerability of each electronic equipment, and issue a vulnerability correcting task to each electronic equipment, wherein the vulnerability correcting task requires correcting the vulnerability of each electronic equipment within the target time limit, so that the accuracy and the real-time performance of evaluating the correction time limit of the electronic equipment with the vulnerability can be effectively improved, and the risk can be effectively controlled in time under the condition of limited human cost.
Example two
Fig. 2 provides a schematic structural diagram of a vulnerability correction apparatus, as shown in fig. 2, the apparatus includes:
the searching module 210 is configured to search for an electronic device with a vulnerability in network security;
a candidate time limit calculation module 220, configured to calculate, for each electronic device, a candidate time limit for correcting the vulnerability according to the hazard level of the vulnerability;
a feature value calculation module 230, configured to calculate feature values presented by the electronic devices in multiple asset dimensions;
an adjusting module 240, configured to adjust the candidate time limit of each electronic device according to the plurality of feature values, so as to obtain a target time limit for modifying the vulnerability of each electronic device;
a publishing module 250, configured to publish a vulnerability tailoring task to each electronic device, where the vulnerability tailoring task requires tailoring the vulnerability of each electronic device within the target time limit.
In one embodiment, the lookup module 210 includes the following sub-modules:
the vulnerability information acquisition submodule is used for acquiring vulnerability information issued in a specified channel, and the vulnerability information comprises first version information of software and/or hardware;
the second version information inquiry submodule is used for inquiring the second version information of each electronic device in software and/or hardware in a specified range;
and the execution submodule is used for determining that the electronic equipment has a vulnerability on network security when the second version information of certain electronic equipment is the same as the first version information.
In one embodiment, the candidate time limit calculation module 220 includes the following sub-modules:
the hazard grade query submodule is used for querying the hazard grade of the vulnerability;
the first mapping sub-module is used for mapping the hazard level to each electronic device to configure and correct the original time limit of the vulnerability, wherein the original time limit is negatively related to the hazard level;
the adjustment coefficient configuration submodule is used for configuring a plurality of adjustment coefficients for each piece of electronic equipment under a plurality of security dimensions respectively;
and the candidate time limit determining submodule is used for multiplying the original time limit and the plurality of adjusting coefficients aiming at the same electronic equipment to obtain the candidate time limit for correcting the vulnerability of the electronic equipment.
In an embodiment, the adjustment coefficient configuring sub-module is specifically configured to:
inquiring the issued time length of the vulnerability;
configuring an adjusting coefficient for each electronic device according to the duration, wherein the adjusting coefficient is positively correlated with the duration;
inquiring the security guarantee level of the network environment where the electronic equipment is located;
configuring an adjusting coefficient for each electronic device according to the safety guarantee level, wherein the adjusting coefficient is negatively related to the safety guarantee level;
inquiring the level of security influence of the vulnerability on software and/or hardware of the electronic equipment;
and configuring an adjusting coefficient for each electronic device according to the layer, wherein the authority of the module layer for external access is negatively related to the safety guarantee level.
In one embodiment, the feature value calculation module 230 includes the following sub-modules:
the asset information inquiry submodule is used for inquiring the asset information of each electronic device on a plurality of asset dimensions;
the second mapping submodule is used for mapping the asset information into a characteristic value;
and the writing eigenvalue submodule is used for writing the eigenvalues of the electronic equipment into the same diagonal matrix aiming at the same asset dimension.
In one embodiment of the method of manufacturing the optical fiber,
the asset information query submodule is specifically configured to:
respectively inquiring asset type information, asset exposure surface information and asset use information of each electronic device as asset information;
the asset type information comprises a service system, information infrastructure, terminal equipment and office peripherals;
the asset exposure surface information comprises an internet application, a first intranet system with data interaction with the internet application, a second intranet system with cross-region access and a third intranet system with single-region access;
the asset usage information comprises first usage information, second usage information, third usage information, and fourth usage information; the user magnitude of the first usage information and the user magnitude of the second usage information both belong to a first magnitude, the user magnitude of the third usage information and the user magnitude of the fourth usage information both belong to a second magnitude, and the first magnitude is larger than the second magnitude; the access magnitude of the first use information and the access magnitude of the third use information both belong to a third magnitude, the access magnitude of the second use information and the access magnitude of the fourth use information both belong to a fourth magnitude, and the third magnitude is greater than the fourth magnitude;
the second mapping submodule is specifically configured to:
mapping the asset class information, the asset exposure information and the asset usage information to asset values, respectively;
the characteristic value of the business system is smaller than that of the information infrastructure, the characteristic value of the information infrastructure is smaller than that of the terminal equipment, and the characteristic value of the terminal equipment is smaller than that of the office peripheral equipment;
the characteristic value of the internet application is smaller than the characteristic value of the first intranet system, the characteristic value of the first intranet system is smaller than the characteristic value of the second intranet system, and the characteristic value of the second intranet system is smaller than the characteristic value of the third intranet system;
the feature value of the first usage information is smaller than the feature value of the second usage information, the feature value of the second usage information is smaller than the feature value of the third usage information, and the feature value of the third usage information is smaller than the feature value of the fourth usage information;
the write eigenvalue submodule is specifically configured to:
writing the characteristic value of each electronic device in the asset class information into a diagonal matrix;
writing the characteristic value of each electronic device in the asset exposure surface information into another diagonal matrix;
writing the eigenvalues of each of the electronic devices in the asset usage information into yet another diagonal matrix.
In an embodiment, the adjusting module 240 is specifically configured to:
and multiplying the candidate time limit of each electronic device by the diagonal matrix corresponding to the asset type information, the diagonal matrix corresponding to the asset exposure surface information and the diagonal matrix corresponding to the asset use information to obtain a target time limit for modifying the vulnerability of each electronic device.
The vulnerability rectification device provided by the embodiment of the invention can realize the vulnerability rectification method provided by the embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE III
FIG. 3 illustrates a schematic diagram of an electronic device 10 that may be used to implement an embodiment of the present invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 3, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 can perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from a storage unit 18 into the Random Access Memory (RAM) 13. In the RAM13, various programs and data necessary for the operation of the electronic apparatus 10 may also be stored. The processor 11, the ROM12, and the RAM13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The processor 11 performs the various methods and processes described above, such as a method of remediating vulnerabilities.
In some embodiments, a method of remediating vulnerabilities may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM12 and/or the communication unit 19. When the computer program is loaded into RAM13 and executed by processor 11, one or more steps of a method of remediating vulnerabilities described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform a method of remediation of vulnerabilities by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Computer programs for implementing the methods of the present invention can be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired result of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for correcting a vulnerability, comprising:
searching for electronic equipment with vulnerabilities on network security;
calculating a candidate time limit for correcting the vulnerability for each electronic device according to the hazard level of the vulnerability;
calculating characteristic values presented by each electronic device on a plurality of asset dimensions;
adjusting the candidate time limit of each electronic device according to the plurality of characteristic values to obtain a target time limit for modifying the vulnerability of each electronic device;
and issuing a vulnerability correction task to each electronic device, wherein the vulnerability correction task requires that the vulnerability of each electronic device is corrected within the target time limit.
2. The method of claim 1, wherein the searching for electronic devices with vulnerabilities on network security comprises:
acquiring vulnerability information issued in a specified channel, wherein the vulnerability information comprises first version information of software and/or hardware;
inquiring second version information of each electronic device in software and/or hardware within a specified range;
and if the second version information of the certain electronic equipment is the same as the first version information, determining that the electronic equipment has a vulnerability in network security.
3. The method of claim 1, wherein the calculating, for each of the electronic devices, a candidate time limit for remedying the vulnerability according to the hazard level of the vulnerability comprises:
inquiring the damage level of the vulnerability;
mapping the hazard level to each electronic device configuration to modify the vulnerability original time limit, wherein the original time limit is negatively related to the hazard level;
configuring a plurality of adjustment coefficients for each electronic device under a plurality of security dimensions, respectively;
and multiplying the original time limit by the adjusting coefficients aiming at the same electronic equipment to obtain the candidate time limit for correcting the vulnerability of the electronic equipment.
4. The method of claim 3, wherein configuring a plurality of adjustment coefficients for each of the electronic devices in a plurality of security dimensions, respectively, comprises:
inquiring the issued time length of the vulnerability;
configuring an adjusting coefficient for each electronic device according to the duration, wherein the adjusting coefficient is positively correlated with the duration;
inquiring the security guarantee level of the network environment where the electronic equipment is located;
configuring an adjusting coefficient for each electronic device according to the safety guarantee level, wherein the adjusting coefficient is negatively related to the safety guarantee level;
querying a layer of security influence of the vulnerability on software and/or hardware of the electronic equipment;
and configuring an adjusting coefficient according to the layer surface to each electronic device, wherein the authority of the module layer for external access is negatively related to the safety guarantee level.
5. The method according to any one of claims 1-4, wherein said calculating feature values presented by each of said electronic devices in a plurality of asset dimensions comprises:
querying each of the electronic devices for asset information in a plurality of asset dimensions;
mapping the asset information to a feature value;
and writing the characteristic values of the electronic devices into the same diagonal matrix aiming at the same asset dimension.
6. The method of claim 5,
the querying each of the electronic devices for asset information in a plurality of asset dimensions comprises:
respectively inquiring asset type information, asset exposure surface information and asset use information of each electronic device as asset information;
the asset type information comprises a service system, information infrastructure, terminal equipment and office peripherals;
the asset exposure surface information comprises an internet application, a first intranet system with data interaction with the internet application, a second intranet system with cross-region access and a third intranet system with single-region access;
the asset usage information comprises first usage information, second usage information, third usage information, and fourth usage information; the user magnitude of the first use information and the user magnitude of the second use information both belong to a first magnitude, the user magnitude of the third use information and the user magnitude of the fourth use information both belong to a second magnitude, and the first magnitude is greater than the second magnitude; the access magnitude of the first usage information and the access magnitude of the third usage information both belong to a third magnitude, the access magnitude of the second usage information and the access magnitude of the fourth usage information both belong to a fourth magnitude, and the third magnitude is greater than the fourth magnitude;
the mapping the asset information to a feature value comprises:
mapping the asset class information, the asset exposure information and the asset usage information to asset values, respectively;
the characteristic value of the business system is smaller than that of the information infrastructure, the characteristic value of the information infrastructure is smaller than that of the terminal equipment, and the characteristic value of the terminal equipment is smaller than that of the office peripheral equipment;
the characteristic value of the internet application is smaller than the characteristic value of the first intranet system, the characteristic value of the first intranet system is smaller than the characteristic value of the second intranet system, and the characteristic value of the second intranet system is smaller than the characteristic value of the third intranet system;
the feature value of the first usage information is smaller than the feature value of the second usage information, the feature value of the second usage information is smaller than the feature value of the third usage information, and the feature value of the third usage information is smaller than the feature value of the fourth usage information;
writing the eigenvalues of each electronic device into the same diagonal matrix for the same asset dimension, including:
writing the characteristic value of each electronic device in the asset class information into a diagonal matrix;
writing the characteristic value of each electronic device in the asset exposure surface information into another diagonal matrix;
writing the characteristic values of each of the electronic devices in the asset usage information into a further diagonal matrix.
7. The method according to claim 6, wherein the adjusting the candidate time limit of each of the electronic devices according to the plurality of feature values to obtain a target time limit for modifying the vulnerability of each of the electronic devices comprises:
and multiplying the candidate time limit of each electronic device by the diagonal matrix corresponding to the asset type information, the diagonal matrix corresponding to the asset exposure surface information and the diagonal matrix corresponding to the asset use information to obtain a target time limit for correcting the vulnerability of each electronic device.
8. An apparatus for modifying a vulnerability, comprising:
the searching module is used for searching the electronic equipment with the vulnerability on the network security;
the candidate time limit calculation module is used for calculating the candidate time limit for rectifying and modifying the vulnerability for each electronic device according to the hazard level of the vulnerability;
the characteristic value calculation module is used for calculating characteristic values of all the electronic devices presented on a plurality of asset dimensions;
the adjusting module is used for adjusting the candidate time limit of each electronic device according to the plurality of characteristic values to obtain a target time limit for correcting the vulnerability of each electronic device;
and the issuing module is used for issuing a vulnerability correcting task to each electronic device, wherein the vulnerability correcting task requires that the vulnerability of each electronic device is corrected within the target time limit.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform a method of remediating a vulnerability according to any of claims 1-7.
10. A computer-readable storage medium having stored thereon computer instructions for causing a processor to, when executed, implement a method of remediating a vulnerability of any of claims 1-7.
CN202211510799.XA 2022-11-29 2022-11-29 Method, device, equipment and storage medium for correcting loophole Pending CN115883190A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211510799.XA CN115883190A (en) 2022-11-29 2022-11-29 Method, device, equipment and storage medium for correcting loophole

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211510799.XA CN115883190A (en) 2022-11-29 2022-11-29 Method, device, equipment and storage medium for correcting loophole

Publications (1)

Publication Number Publication Date
CN115883190A true CN115883190A (en) 2023-03-31

Family

ID=85764579

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211510799.XA Pending CN115883190A (en) 2022-11-29 2022-11-29 Method, device, equipment and storage medium for correcting loophole

Country Status (1)

Country Link
CN (1) CN115883190A (en)

Similar Documents

Publication Publication Date Title
Darbandi Proposing new intelligence algorithm for suggesting better services to cloud users based on Kalman Filtering
EP3373543B1 (en) Service processing method and apparatus
US10334036B2 (en) System and method for risk-aware server load balancing
US11163889B2 (en) System and method for analyzing and remediating computer application vulnerabilities via multidimensional correlation and prioritization
JP2021519478A (en) How to quantify heterogeneous computing resource usage as a single unit of measurement
US9456004B2 (en) Optimizing risk-based compliance of an information technology (IT) system
US20150088595A1 (en) Systems and Methods for Evaluating Risks Associated with a Contractual Service Agreement
US20160012540A1 (en) Systems and methods for insurance process routing and versioning
US20150278336A1 (en) Software Application Complexity Analysis
US10379850B2 (en) Software project estimation
KR102042442B1 (en) Regtech platform apparatus for digital compliance and risk management, method for risk management of financial transactions and computer program for the same
KR20200112622A (en) Regtech platform apparatus for digital compliance and risk management, method for risk management of financial transactions and computer program for the same
CN108805603A (en) Marketing activity method for evaluating quality, server and computer readable storage medium
CN115883190A (en) Method, device, equipment and storage medium for correcting loophole
CN116307717A (en) Risk assessment system, method and program product for supply chain
JP2020013229A (en) Device, method and program for calculating default probability
US11269689B2 (en) Distribution of components of displayed data between a server and a client based on server and client load factors
CN114490406A (en) Test coverage item management method, device, equipment and medium
CN115204746A (en) Engineering risk assessment method, device, equipment and storage medium
Tanimoto et al. Risk assessment quantification in hybrid cloud configuration
CN115357346B (en) Transaction processing method and device based on block chain, electronic equipment and medium
CN108876582A (en) A kind of method, apparatus exporting real-time accounting statement and server
CN116974621A (en) Parameter configuration method, device and equipment
TWI657393B (en) Marketing customer group prediction system and method
CN117035662A (en) Robot flow automation RPA management method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination