CN116383332A - Method, device and equipment for generating vulnerability restoration sequence table based on knowledge graph - Google Patents
Method, device and equipment for generating vulnerability restoration sequence table based on knowledge graph Download PDFInfo
- Publication number
- CN116383332A CN116383332A CN202310383498.3A CN202310383498A CN116383332A CN 116383332 A CN116383332 A CN 116383332A CN 202310383498 A CN202310383498 A CN 202310383498A CN 116383332 A CN116383332 A CN 116383332A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- knowledge
- priority
- information
- vulnerability information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012545 processing Methods 0.000 claims abstract description 29
- 238000013507 mapping Methods 0.000 claims abstract description 20
- 230000008439 repair process Effects 0.000 claims abstract description 18
- 230000004931 aggregating effect Effects 0.000 claims abstract description 7
- 238000012163 sequencing technique Methods 0.000 claims abstract description 5
- 238000011156 evaluation Methods 0.000 claims description 17
- 230000004927 fusion Effects 0.000 claims description 5
- 238000004140 cleaning Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000002776 aggregation Effects 0.000 description 3
- 238000004220 aggregation Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000003058 natural language processing Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000007 visual effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 101100206192 Arabidopsis thaliana TCP22 gene Proteins 0.000 description 1
- 101100206193 Arabidopsis thaliana TCP23 gene Proteins 0.000 description 1
- 102100030664 T-complex protein 1 subunit zeta Human genes 0.000 description 1
- 101710147017 T-complex protein 1 subunit zeta Proteins 0.000 description 1
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 235000019633 pungent taste Nutrition 0.000 description 1
- 238000005067 remediation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/31—Indexing; Data structures therefor; Storage structures
- G06F16/316—Indexing structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/34—Browsing; Visualisation therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/36—Creation of semantic tools, e.g. ontology or thesauri
- G06F16/367—Ontology
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Animal Behavior & Ethology (AREA)
- Computational Linguistics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the disclosure provides a method, a device and equipment for generating a bug fix sequence table based on a knowledge graph. The method is applied to the technical field of network security, and comprises the following steps: aggregating entities associated with vulnerability information, definitely influencing factors of vulnerability ordering, and configuring a factor weight table; collecting vulnerability information in the associated entity and processing the vulnerability information; mapping the knowledge of the treated vulnerability information; based on the knowledge graph, evaluating the vulnerability priority by combining with a factor weight table; and sequencing the loopholes according to the priority of the loopholes to generate a loophole repair sequence table. In this way, the high-risk vulnerability corresponding to the enterprise characteristics can be accurately estimated according to the enterprise characteristics, and the vulnerability restoration efficiency is improved.
Description
Technical Field
The disclosure relates to the field of network security, and in particular relates to a method, a device and equipment for generating a bug fix sequence table based on a knowledge graph.
Background
With the development of computer network technology, the global internet volume is rapidly expanded, the vulnerability number is also obviously increased year by year, and the vulnerability number in 2021 is shown by authoritative data to be increased by breakthrough 20000. The endlessly formed loopholes can lead the work of security personnel to be overwhelmed. However, it is almost impossible to eliminate all vulnerabilities at one time. If security personnel are focused on small "no injury elegant" holes and ignore serious holes for a long time, it is just as funny as brushing a roof that collapses at any time. Because each enterprise has its own characteristics, it is necessary to know the severity of threat to the enterprise asset or business by each vulnerability, and prioritize the vulnerability response sequence.
Of the vulnerabilities revealed in the past year, 55% were rated as high-risk vulnerabilities or severe vulnerabilities by the generic vulnerability scoring system (Common Vulnerability Scoring System, CVSS), but the threat of vulnerabilities to our businesses or products could never be reflected by a single score. We also consider whether the vulnerability has a complete repair scheme, whether there is available EXP or PoC, factors such as popularity, attention level, etc. of the vulnerability. However, these factors are difficult to be put together and displayed together in an aggregate manner in a conventional manner, and the priorities of the related vulnerabilities cannot be rapidly evaluated.
In the traditional mode, vulnerability priorities are evaluated mainly through CVSS or vulnerability influence ranges and influence factors are displayed through MySQL database storage. The foregoing approach has the following drawbacks:
and (3) faceting: leaving the enterprise assets, the threat level evaluation of vulnerabilities by CVSS scores alone is very monolithic and unitary.
Difficult to evaluate: there are many factors that affect vulnerability remediation priority, for example: vulnerability location, completeness of vulnerability solution, vulnerability hotness, whether PoC is publicly verified, etc., it is difficult to aggregate and evaluate these factors in the above manner.
Difficult to expand: factors affecting vulnerability restoration priority are stored in a traditional MySQL database, and relevance of related factors cannot be quickly expanded and checked.
Difficult to present: factors influencing vulnerability restoration priority evaluation cannot be presented in a visual manner in the conventional list display mode at present, so that the vulnerability restoration priority evaluation is concise and clear.
Disclosure of Invention
The disclosure provides a method, a device and equipment for generating a bug fix sequence table based on a knowledge graph.
According to a first aspect of the present disclosure, a method of generating a vulnerability fix order table based on a knowledge-graph is provided. The method comprises the following steps:
aggregating entities associated with vulnerability information, definitely influencing factors of vulnerability ordering, and configuring a factor weight table;
collecting vulnerability information in the associated entity and processing the vulnerability information;
mapping the knowledge of the treated vulnerability information;
based on the knowledge graph, evaluating the vulnerability priority by combining with a factor weight table;
and sequencing the loopholes according to the priority of the loopholes to generate a loophole repair sequence table.
In some implementations of the first aspect, processing vulnerability information includes:
and cleaning and integrating the vulnerability information to realize the consistency of the vulnerability information.
In some implementations of the first aspect, knowledge mapping the processed vulnerability information includes:
knowledge extraction is carried out on the processed vulnerability information, a knowledge unit is extracted, and relevant knowledge elements are extracted from the knowledge unit;
carrying out knowledge fusion on the knowledge elements to generate a knowledge base;
and carrying out knowledge reasoning on the knowledge base to realize knowledge mapping.
In some implementations of the first aspect, evaluating vulnerability priorities in combination with a factor weight table based on a knowledge graph includes:
presetting a vulnerability priority score evaluation table;
based on the knowledge graph, counting entities associated with the vulnerability to be evaluated;
calculating the score of the corresponding vulnerability priority according to the weight of the entity associated with the vulnerability to be evaluated in a preconfigured factor weight table;
and evaluating the vulnerability priority according to the score and the vulnerability priority score evaluation table.
In some implementations of the first aspect, calculating the score corresponding to the vulnerability priority according to the weight of the vulnerability-associated entity in the preconfigured factor weight table includes:
inquiring a factor weight table to obtain the weight of the vulnerability-associated entity;
and adding and summing weights of the vulnerability-associated entities, and calculating scores of corresponding vulnerability priorities.
According to a second aspect of the present disclosure, there is provided an apparatus for generating a vulnerability fix order table based on a knowledge-graph, the apparatus comprising:
the first processing module is used for aggregating entities associated with the vulnerability information, definitely influencing factors of vulnerability ordering and configuring a factor weight table;
the second processing module is used for collecting and processing the vulnerability information;
the knowledge mapping module is used for mapping the knowledge of the processed vulnerability information;
the priority evaluation module is used for evaluating the vulnerability priority based on the knowledge graph and combining the factor weight table;
and the third processing module sorts the loopholes according to the priority of the loopholes to generate a loophole repair sequence table.
According to a third aspect of the present invention, an electronic device is provided. The electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
According to a fourth aspect of the present invention there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform a method as described above.
In the method, vulnerability information data in enterprise assets are collected and the vulnerability information is processed; mapping the knowledge of the treated vulnerability information; further, based on the knowledge graph, evaluating the vulnerability priority by combining a preset factor weight table; the vulnerabilities are ordered according to the vulnerability priorities, a vulnerability repair sequence table aiming at the characteristics of the enterprise is generated, high-risk vulnerabilities corresponding to the characteristics of the enterprise can be rapidly and accurately evaluated, and vulnerability repair efficiency is improved.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 illustrates a flowchart of a method for generating a vulnerability restoration order table based on a knowledge-graph provided by an embodiment of the disclosure;
FIG. 2 illustrates an exemplary knowledge graph constructed when applying a method for generating a vulnerability restoration order table based on knowledge graph provided by an embodiment of the present disclosure;
FIG. 3 shows a block diagram of an apparatus for generating a vulnerability restoration order table based on a knowledge-graph, provided by an embodiment of the disclosure;
fig. 4 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Aiming at the problems mentioned in the background art, the disclosure provides a method, a device and equipment for generating a bug fix sequence table based on a knowledge graph.
Specifically, by aggregating entities associated with vulnerability information, factors affecting vulnerability ordering are definitely configured with a factor weight table; collecting vulnerability information in the associated entity and processing the vulnerability information; further, knowledge mapping the processed vulnerability information; based on the knowledge graph, evaluating the vulnerability priority by combining with a factor weight table; and sequencing the loopholes according to the priority of the loopholes to generate a loophole repair sequence table.
In this way, the severity of threat to the enterprise asset or business caused by each vulnerability can be known by combining the characteristics of the enterprise, and the factor weight table is reasonably configured; meanwhile, the factors influencing the vulnerability restoration priority can be displayed through the knowledge graph in an aggregation mode, the relevance of related factors is quickly expanded and checked, high-risk vulnerabilities corresponding to the characteristics of enterprises can be quickly and accurately evaluated, and vulnerability restoration efficiency is improved.
The method, the device and the equipment for generating the bug fix sequence table based on the knowledge-graph provided by the embodiment of the invention are described in detail below with reference to the accompanying drawings.
FIG. 1 illustrates a flowchart of a method for generating a vulnerability restoration order table based on a knowledge-graph provided by an embodiment of the disclosure; as shown in fig. 1, a method 100 of generating a vulnerability fix order table based on a knowledge graph may include the steps of:
s110, aggregating entities associated with vulnerability information, clearly influencing factors of vulnerability ordering, and configuring a factor weight table.
Specifically, the entity associated with the aggregated vulnerability information definitely influences factors of vulnerability ordering, and configures a factor weight table according to characteristics of enterprise assets, businesses, preferences and the like.
Among the factors that affect vulnerability ordering include, but are not limited to: high-risk ports and services, number of affected assets, type of affected assets, number of affected components and versions, associated POC/EXP cases, repair scheme integrity, utilization in attack and defense exercises, multi-source heterogeneous cases, revealed time, CVSS score, attention.
S120, collecting vulnerability information in the associated entity and processing the vulnerability information.
Wherein, processing the vulnerability information may include: and cleaning and integrating the vulnerability information to realize the consistency of the vulnerability information.
Specifically, detecting, denoising, checking, converting and standardizing the obtained vulnerability information; further, the vulnerability information after processing is subjected to aggregation, compression and consistency check processing, so that the consistency of the vulnerability information data is realized, and knowledge mapping of the vulnerability information is realized.
S130, mapping the knowledge of the processed vulnerability information.
Specifically, knowledge extraction can be performed on the processed vulnerability information, a knowledge unit is extracted, and relevant knowledge elements are extracted from the knowledge unit; carrying out knowledge fusion on the knowledge elements to generate a knowledge base; and carrying out knowledge reasoning on the knowledge base to realize knowledge mapping of the vulnerability information.
Further, natural language processing (Natural Language Processing, NLP) may be utilized to extract available knowledge units from the collected vulnerability information, and to extract knowledge elements related to entities, relationships, and attributes from the available knowledge units; carrying out knowledge fusion on the extracted knowledge elements, carrying out heterogeneous data integration, disambiguation, processing, reasoning verification, updating and the like on the multisource knowledge elements under the same frame specification, achieving fusion of data, information, methods, experiences and human ideas, eliminating ambiguity between reference items such as entities, relations and attributes and fact objects, and generating a knowledge base; and carrying out knowledge reasoning on the generated knowledge base, and further mining hidden knowledge on the basis of the generated knowledge base, so that the knowledge base is enriched and expanded, and related vulnerability information knowledge mapping is realized.
According to the embodiment of the disclosure, the knowledge base map association relationship is utilized, and factors influencing vulnerability ordering are concisely and clearly presented in a visual mode, so that the association of related factors can be quickly expanded and checked.
And S140, evaluating the vulnerability priority by combining the factor weight table based on the knowledge graph.
Specifically, based on the knowledge graph, evaluating the vulnerability priority in combination with the factor weight table may include the following steps:
presetting a vulnerability priority value evaluation table.
Based on the knowledge graph, the entity associated with the vulnerability to be evaluated is counted.
And calculating the score of the corresponding vulnerability priority according to the weight of the entity associated with the vulnerability to be evaluated in the preconfigured factor weight table.
And evaluating the vulnerability priority according to the score and the vulnerability priority score evaluation table.
The calculating the score corresponding to the vulnerability priority according to the weight of the vulnerability associated entity in the preconfigured factor weight table may specifically include: inquiring a factor weight table to obtain the weight of the vulnerability-associated entity; and adding and summing weights of the vulnerability-associated entities, and calculating scores of corresponding vulnerability priorities.
S150, sorting the loopholes according to the loopholes priority, and generating a loophole repair sequence table.
According to the method, the device and the equipment for generating the bug repair order table based on the knowledge graph, which are provided by the embodiment of the disclosure, after the configuration of the factor weight table and the bug priority value evaluation table is completed, related personnel can automatically generate the bug repair order table without manual participation, so that the efficiency of generating the bug repair order table is effectively improved.
The foregoing is described in detail with reference to the accompanying drawings and tables.
The factor weight table provided by the embodiments of the present disclosure may be as shown in table 1:
TABLE 1
The vulnerability priority value evaluation table provided by the embodiment of the present disclosure may be as shown in table 2:
TABLE 2
In this embodiment, 10 factors influencing the vulnerability priority are as follows:
high-risk ports and services: vulnerability-associated high-risk ports and services, monitoring the common ports of protocols that allow remote sessions, such as:
common ports such as TCP22 (SSH), TCP23 (Telnet), TCP3389 (RDP), TCP20 and TCP 21 (FTP) are monitored.
Number and type of affected assets: the number and type of assets affected by the vulnerability, including but not limited to: traditional IT assets, industrial control assets, internet of things assets, and digital assets.
Affected components and versions: the number of affected components and versions associated with the vulnerability, namely the vulnerability impact scope.
Associating POC/EXP case: whether the vulnerability has disclosed a detection script (POC), and associating POC entities; whether an attack script (EXP) is publicly available.
Repair scheme completeness: whether a repair scheme exists in the vulnerability association disposal scheme situation or not, and whether a security company has disclosed a patch or a security version or not; whether there is a mitigation scheme or an avoidance scheme when there is no published patch.
The conditions used in attack and defense exercises are as follows: whether the vulnerability is exploited in the attack and defense exercise of the past year.
Vulnerability multisource heterogeneous case: whether a vulnerability is publicly disclosed by multiple vulnerability data sources.
The time the vulnerability is revealed: the time that the statistical vulnerability was publicly revealed.
CVSS score: score of vulnerability CVSS.
Vulnerability awareness: the loopholes are on the reading level of different websites, namely the attention of the loopholes.
Taking an enterprise A as an example, a factor weight table shown in table 1 is configured according to the factors influencing the vulnerability ordering and the characteristics of the enterprise.
Collecting vulnerability information in the associated entity after configuration is completed and processing the vulnerability information; knowledge mapping the processed vulnerability information, wherein the constructed knowledge mapping can be shown in fig. 2; fig. 2 illustrates an exemplary knowledge graph constructed when a method for generating a vulnerability restoration order table based on a knowledge graph provided by an embodiment of the present disclosure is applied.
Presetting a vulnerability priority value evaluation table shown in table 2; and acquiring the loopholes to be evaluated from the related entity of the enterprise A, carrying out weighted summation on the loopholes to be evaluated by combining the factor weight table shown in the table 1 based on the knowledge graph, and calculating the scores of the corresponding loophole priorities.
Evaluating the priority of the loopholes to be evaluated by combining a loophole priority value evaluation table shown in the table 2, and obtaining priority levels corresponding to the loophole priority values; and sequentially sequencing the loopholes according to the priority level of the loopholes to generate a loophole repair sequence table.
It can be appreciated that the factor weight table and the vulnerability priority score evaluation table can be reconfigured according to the emphasis point in the actual application scenario.
According to the embodiment of the disclosure, the following technical effects are achieved:
by combining the characteristics of the enterprise, the severity degree of threat to the enterprise asset or business caused by each vulnerability is known, and a factor weight table is reasonably configured; meanwhile, the factors influencing the vulnerability restoration priority can be displayed through the knowledge graph in an aggregation mode, the relevance of related factors is quickly expanded and checked, high-risk vulnerabilities corresponding to the characteristics of enterprises can be quickly and accurately evaluated, and vulnerability restoration efficiency is improved.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 3 shows a block diagram of an apparatus for generating a bug fix order table based on a knowledge-graph according to an embodiment of the present disclosure. As shown in fig. 3, an apparatus 300 for generating a vulnerability fix order table based on a knowledge graph may include:
the first processing module 310 aggregates entities associated with vulnerability information, explicitly influences factors of vulnerability ordering, and configures a factor weight table.
And the second processing module 320 collects and processes the vulnerability information.
The knowledge mapping module 330 maps the knowledge of the vulnerability information processed.
The priority evaluation module 340 evaluates vulnerability priorities based on the knowledge graph in combination with the factor weight table.
The third processing module 350 sorts the vulnerabilities according to the vulnerability priorities, and generates a vulnerability repair order table.
It can be understood that each module/unit in the device 300 for generating the bug fix sequence table based on the knowledge graph shown in fig. 3 has a function of implementing each step in the method 100 for generating the bug fix sequence table based on the knowledge graph provided by the embodiment of the present disclosure, and can achieve a corresponding technical effect thereof, and a specific working process of the described module may refer to a corresponding process in the foregoing method embodiment, which is not repeated herein for convenience and brevity of description.
According to an embodiment of the disclosure, the disclosure further provides an electronic device, a readable storage medium.
Fig. 4 shows a schematic block diagram of an electronic device 400 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The electronic device 400 includes a computing unit 401 that can perform various suitable actions and processes according to a computer program stored in a ROM402 or a computer program loaded from a storage unit 408 into a RAM 403. In the RAM403, various programs and data required for the operation of the electronic device 400 may also be stored. The computing unit 401, ROM402, and RAM403 are connected to each other by a bus 404. An I/O interface 405 is also connected to bus 404.
Various components in electronic device 400 are connected to I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, etc.; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408, such as a magnetic disk, optical disk, etc.; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the electronic device 400 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The computing unit 401 may be a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 401 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 401 performs the various methods and processes described above, such as method 100. For example, in some embodiments, the method 100 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 408. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 400 via the ROM402 and/or the communication unit 409. One or more of the steps of the method 100 described above may be performed when a computer program is loaded into RAM403 and executed by the computing unit 401. Alternatively, in other embodiments, the computing unit 401 may be configured to perform the method 100 by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems-on-chips (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: display means for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (8)
1. A method for generating a vulnerability restoration sequence table based on a knowledge graph, the method comprising:
aggregating entities associated with vulnerability information, definitely influencing factors of vulnerability ordering, and configuring a factor weight table;
collecting vulnerability information in the associated entity and processing the vulnerability information;
mapping the knowledge of the treated vulnerability information;
based on the knowledge graph, evaluating vulnerability priorities by combining the factor weight table;
and sequencing the loopholes according to the loopholes priority, and generating a loophole repair sequence table.
2. The method of claim 1, wherein the processing the vulnerability information comprises:
and cleaning and integrating the vulnerability information to realize the consistency of the vulnerability information.
3. The method of claim 1, wherein the mapping knowledge of the vulnerability information processed comprises:
carrying out knowledge extraction on the processed vulnerability information, extracting a knowledge unit, and extracting relevant knowledge elements from the knowledge unit;
carrying out knowledge fusion on the knowledge elements to generate a knowledge base;
and carrying out knowledge reasoning on the knowledge base to realize knowledge mapping.
4. The method of claim 1, wherein the evaluating vulnerability priorities based on the knowledge-graph in combination with the factor weight table comprises:
presetting a vulnerability priority score evaluation table;
based on the knowledge graph, counting entities associated with the vulnerability to be evaluated;
calculating the score of the corresponding vulnerability priority according to the weight of the entity associated with the vulnerability to be evaluated in the preconfigured factor weight table;
and evaluating the vulnerability priority according to the score combined with the vulnerability priority score evaluation table.
5. The method of claim 4, wherein calculating the score corresponding to the vulnerability priority based on the weights of the vulnerability-associated entities in the pre-configured factor weight table comprises:
inquiring the factor weight table to obtain the weight of the vulnerability-associated entity;
and adding and summing the weights of the vulnerability-associated entities, and calculating the score of the corresponding vulnerability priority.
6. An apparatus for generating a vulnerability restoration sequence table based on a knowledge graph, the apparatus comprising:
the first processing module is used for aggregating entities associated with the vulnerability information, definitely influencing factors of vulnerability ordering and configuring a factor weight table;
the second processing module is used for collecting vulnerability information and processing the vulnerability information;
the knowledge mapping module is used for mapping the processed vulnerability information knowledge;
the priority evaluation module is used for evaluating the vulnerability priority by combining the factor weight table based on the knowledge graph;
and the third processing module sorts the loopholes according to the loopholes priority and generates a loophole repair sequence table.
7. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
8. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310383498.3A CN116383332A (en) | 2023-04-11 | 2023-04-11 | Method, device and equipment for generating vulnerability restoration sequence table based on knowledge graph |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310383498.3A CN116383332A (en) | 2023-04-11 | 2023-04-11 | Method, device and equipment for generating vulnerability restoration sequence table based on knowledge graph |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116383332A true CN116383332A (en) | 2023-07-04 |
Family
ID=86976628
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310383498.3A Pending CN116383332A (en) | 2023-04-11 | 2023-04-11 | Method, device and equipment for generating vulnerability restoration sequence table based on knowledge graph |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116383332A (en) |
-
2023
- 2023-04-11 CN CN202310383498.3A patent/CN116383332A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113342564B (en) | Log auditing method and device, electronic equipment and medium | |
| CN112953938B (en) | Network attack defense method, device, electronic equipment and readable storage medium | |
| CN110519263B (en) | Anti-swipe method, device, apparatus, and computer-readable storage medium | |
| CN114157480B (en) | Method, device, equipment and storage medium for determining network attack scheme | |
| CN110968895B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN116383332A (en) | Method, device and equipment for generating vulnerability restoration sequence table based on knowledge graph | |
| CN113127878A (en) | Risk assessment method and device for threat event | |
| CN110825951A (en) | Webpage processing method and device and electronic equipment | |
| CN110781410A (en) | Community detection method and device | |
| CN116015860A (en) | Network asset simulation method, device, equipment and medium based on honeypot technology | |
| CN113395297B (en) | Vulnerability processing method, device, equipment and computer readable storage medium | |
| CN115589339A (en) | Network attack type identification method, device, equipment and storage medium | |
| CN113553370A (en) | Abnormality detection method, abnormality detection device, electronic device, and readable storage medium | |
| CN112836212B (en) | Mail data analysis method, phishing mail detection method and device | |
| CN115378746B (en) | Network intrusion detection rule generation method, device, equipment and storage medium | |
| CN110704848A (en) | Vulnerability quantitative evaluation method and device | |
| CN110517104A (en) | Account association discovery method, apparatus, server and medium | |
| CN113343064B (en) | Data processing method, apparatus, device, storage medium, and computer program product | |
| CN115296917B (en) | Asset exposure surface information acquisition method, device, equipment and storage medium | |
| CN114615092B (en) | Network attack sequence generation method, device, equipment and storage medium | |
| CN114036532A (en) | Fuzz testing method, device, equipment and computer readable storage medium | |
| CN114172725B (en) | Illegal website processing method and device, electronic equipment and storage medium | |
| CN117077151B (en) | Vulnerability discovery method, device, equipment and storage medium | |
| CN112579925B (en) | Public opinion data visualization method, apparatus, computer device and readable storage medium | |
| CN110719260B (en) | Intelligent network security analysis method and device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |