CN117290851A - Vulnerability identification-based reading security enhancement method and system - Google Patents
Vulnerability identification-based reading security enhancement method and system Download PDFInfo
- Publication number
- CN117290851A CN117290851A CN202311224554.5A CN202311224554A CN117290851A CN 117290851 A CN117290851 A CN 117290851A CN 202311224554 A CN202311224554 A CN 202311224554A CN 117290851 A CN117290851 A CN 117290851A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- code
- attack
- repair
- bug
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000008439 repair process Effects 0.000 claims abstract description 98
- 239000012634 fragment Substances 0.000 claims abstract description 36
- 238000012544 monitoring process Methods 0.000 claims abstract description 23
- 230000000694 effects Effects 0.000 claims abstract description 18
- 238000007621 cluster analysis Methods 0.000 claims abstract description 16
- 238000004458 analytical method Methods 0.000 claims description 18
- 238000005516 engineering process Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 11
- 238000007418 data mining Methods 0.000 claims description 10
- 238000012360 testing method Methods 0.000 claims description 10
- 238000004140 cleaning Methods 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 6
- 230000014509 gene expression Effects 0.000 claims description 5
- 230000000737 periodic effect Effects 0.000 abstract description 4
- 238000004422 calculation algorithm Methods 0.000 description 5
- 238000011156 evaluation Methods 0.000 description 5
- 230000002708 enhancing effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000003058 natural language processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000011524 similarity measure Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a reading security enhancement method and a reading security enhancement system based on vulnerability recognition, which relate to the technical field of computer network information security, wherein the method comprises the following steps: performing cluster analysis on historical vulnerability monitoring data of the target reader peer readers to obtain a preset vulnerability type set of the target reader; obtaining a bug difference set of a repair bug type and a preset bug type set of a target reader bug repair record, and taking the bug difference set as a bug type to be overhauled; acquiring a vulnerability code fragment dataset of a vulnerability type to be overhauled; obtaining a control flow code of a target reader for similarity comparison, and positioning a vulnerability position and a vulnerability code; performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes; and carrying out security upgrade management on the target reader according to the update vulnerability position and the update vulnerability code. Thereby achieving the technical effects of high vulnerability identification efficiency, periodic repair and high safety.
Description
Technical Field
The invention relates to the technical field of computer network information security, in particular to a reading security enhancement method and system based on vulnerability identification.
Technical Field
With the popularization of mobile devices and network construction, the mobile office demand is also growing, and in mobile office, there is a demand for referring to format documents at the mobile device end, and how to ensure mobile reading security is one of the important subjects in the field of network information security. The existing reader and reading mode have the technical problems of high vulnerability identification difficulty, long vulnerability identification repair cycle and low safety.
Disclosure of Invention
The purpose of the application is to provide a reading security enhancement method and system based on vulnerability identification. The method is used for solving the technical problems of high vulnerability identification difficulty, long vulnerability identification repair cycle and low safety in the prior art.
In view of the above technical problems, the present application provides a method and a system for enhancing reading security based on vulnerability identification.
In a first aspect, the present application provides a method for enhancing reading security based on vulnerability identification, where the method includes:
acquiring a preset vulnerability type set of a target reader, wherein the preset vulnerability type set is obtained by performing cluster analysis on historical vulnerability monitoring data of a same family reader of the target reader; obtaining a vulnerability repair record of the target reader, and extracting a vulnerability difference set between a repair vulnerability type in the historical vulnerability repair record and the preset vulnerability type set; taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to the peer reader based on a data mining technology; obtaining a control flow code of the target reader, performing similarity comparison with the vulnerability code fragment data set, and positioning a vulnerability position and a vulnerability code according to a vulnerability similarity index; performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes; and carrying out security upgrade management on the target reader according to the update vulnerability position and the update vulnerability code.
In a second aspect, the present application further provides a reading security enhancement system based on vulnerability identification, where the system includes:
the vulnerability type acquisition module is used for acquiring a preset vulnerability type set of the target reader, wherein the preset vulnerability type set is obtained by performing cluster analysis on historical vulnerability monitoring data of the same family of readers of the target reader; the difference set extraction module is used for acquiring a bug repair record of the target reader and extracting bug difference sets of repair bug types in the historical bug repair record and the preset bug type set; the vulnerability code acquisition module is used for taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to the peer reader based on a data mining technology; the similarity comparison module is used for acquiring the control flow code of the target reader, performing similarity comparison with the vulnerability code fragment data set and positioning the vulnerability position and the vulnerability code according to the vulnerability similarity index; the association recognition module is used for carrying out code feature recognition on the vulnerability codes, carrying out code association recognition according to the code features and the control flow codes, and obtaining updated vulnerability positions and updated vulnerability codes; and the security upgrading module is used for performing security upgrading management on the target reader according to the updating vulnerability position and the updating vulnerability code.
One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:
obtaining a preset vulnerability type set of the target reader by carrying out cluster analysis on historical vulnerability monitoring data of the same family of readers of the target reader; obtaining a vulnerability repair record of a target reader, and extracting a vulnerability difference set between a repair vulnerability type in a historical vulnerability repair record and a preset vulnerability type set; taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to a peer reader based on a data mining technology; obtaining a control flow code of a target reader, comparing the control flow code with a vulnerability code fragment data set, and positioning a vulnerability position and a vulnerability code according to a vulnerability similarity index; performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes; and carrying out security upgrade management on the target reader according to the update vulnerability position and the update vulnerability code. Thereby achieving the technical effects of high vulnerability identification efficiency, periodic repair and high safety.
The foregoing description is merely an overview of the technical solutions of the present application, and may be implemented according to the content of the specification, so that the technical means of the present application can be more clearly explained, and the following specific embodiments of the present application are given for more understanding of the above and other objects, features and advantages of the present application.
Drawings
Embodiments of the invention and the following brief description are described with reference to the drawings, in which:
FIG. 1 is a schematic flow chart of a vulnerability identification-based reading security enhancement method of the present application;
FIG. 2 is a schematic flow chart of locating a bug position and a bug code according to a bug similarity index in a read security enhancement method based on bug identification in the present application;
fig. 3 is a schematic structural diagram of a reading security enhancement system based on vulnerability recognition.
Reference numerals illustrate: the system comprises a vulnerability type acquisition module 11, a difference set extraction module 12, a vulnerability code acquisition module 13, a similarity comparison module 14, an association identification module 15 and a security upgrading module 16.
Detailed Description
By providing the reading security enhancement method and the reading security enhancement system based on the vulnerability identification, the technical problems of high vulnerability identification difficulty, long vulnerability identification repair cycle and low security in the prior art are solved.
In order to solve the above problems, the technical embodiment adopts the following overall concept:
performing cluster analysis on historical vulnerability monitoring data of readers of the same family as the target reader to obtain a preset vulnerability type set of the target reader; obtaining a vulnerability repair record of a target reader, and extracting a vulnerability difference set between a repair vulnerability type in a historical vulnerability repair record and a preset vulnerability type set; taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to a peer reader based on a data mining technology; obtaining a control flow code of a target reader, comparing the control flow code with a vulnerability code fragment data set, and positioning a vulnerability position and a vulnerability code according to a vulnerability similarity index; performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes; and carrying out security upgrade management on the target reader according to the update vulnerability position and the update vulnerability code. Thereby achieving the technical effects of high vulnerability identification efficiency, periodic repair and high safety.
In order to better understand the foregoing technical solutions, the following detailed description will be given with reference to the accompanying drawings and specific embodiments, and it should be noted that the described embodiments are only some examples of the present application, and not all examples of the present application, and it should be understood that the present application is not limited by the example embodiments described herein. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention. It should be further noted that, for convenience of description, only some, but not all of the drawings related to the present invention are shown.
Example 1
As shown in fig. 1, the present application provides a method for enhancing reading security based on vulnerability identification, which includes:
s100: acquiring a preset vulnerability type set of a target reader, wherein the preset vulnerability type set is obtained by performing cluster analysis on historical vulnerability monitoring data of a same family reader of the target reader;
the historical vulnerability monitoring data comprises vulnerability reports, vulnerability repair conditions, vulnerability detailed information and the like of readers of different models or versions. Each cluster in the set of vulnerability types represents a vulnerability type or vulnerability pattern. These aggregate types form a vulnerability type set that contains historical data of similar vulnerabilities.
Optionally, cluster analysis is performed on historical vulnerability monitoring data of readers of the target reader family. Firstly, historical vulnerability monitoring data of readers of the same family as the target reader are obtained, and the historical vulnerability monitoring data are obtained through data sources such as an interactive vulnerability monitoring log, a vulnerability repair log, a security evaluation log and the like. And then preprocessing the obtained historical vulnerability monitoring data, including data cleaning, deduplication, format conversion and the like, so as to ensure the quality and consistency of the data. And then, carrying out cluster analysis on the preprocessed historical vulnerability monitoring data.
Optionally, the cluster analysis algorithm comprises a K-means (K-means) cluster algorithm, hierarchical clustering, RVN cluster algorithm and the like, wherein for readers with program specifications and mature structures, the cluster analysis of the K-means cluster algorithm is carried out based on the number of known vulnerability types. For reading areas with complex program structures, adopting cluster analysis based on RVN cluster algorithm.
S200: obtaining a vulnerability repair record of the target reader, and extracting a vulnerability difference set between a repair vulnerability type in the historical vulnerability repair record and the preset vulnerability type set;
alternatively, the vulnerability difference set refers to a set of vulnerability types that have been found and processed in readers of the same family as the target reader and that have not appeared in the target reader, i.e., a set of vulnerabilities that may exist in the target reader.
Optionally, the bug fix record of the target reader is obtained, and the bug fix record is obtained through interaction with a bug report or maintenance log of the target reader. The vulnerability restoration record of the target reader comprises a vulnerability type, a vulnerability restoration method, a discovery date and the like.
S300: taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to the peer reader based on a data mining technology;
optionally, the vulnerability code segment dataset comprises a plurality of vulnerability code segments of a vulnerability type to be overhauled. Acquiring a vulnerability code fragment data set, firstly traversing historical vulnerability monitoring data clustering results of the same family of readers of a target reader based on a vulnerability type to be overhauled, and extracting a plurality of historical vulnerability monitoring data clusters; then, based on the vulnerability monitoring log, the vulnerability repair log and the security evaluation log of the peer reader, extracting vulnerability positions, vulnerability code fragments and the like of a plurality of historical vulnerability monitoring data clusters, and generating a vulnerability code fragment data set.
Optionally, based on a data mining technology, a vulnerability code fragment dataset of a vulnerability type to be overhauled is obtained. Including text mining, vulnerability report parsing, code analysis, and the like. The bug code segment is a code segment containing related bugs, and generally comprises information such as triggering conditions of the bugs, bug utilization modes and the like.
S400: obtaining a control flow code of the target reader, performing similarity comparison with the vulnerability code fragment data set, and positioning a vulnerability position and a vulnerability code according to a vulnerability similarity index;
optionally, the similarity comparison of the control flow code of the target reader and the vulnerability code fragment dataset includes Abstract Syntax Tree (AST) level comparison and Intermediate Representation (IR)
Further, as shown in fig. 2, extracting a vulnerability difference set between the repair vulnerability type in the historical vulnerability repair record and the predetermined vulnerability type set, and step S400 further includes:
s410: code data cleaning is carried out on the control flow codes and the vulnerability code segment data sets;
s420: carrying out standardized replacement of custom variables and custom functions on the control flow codes and the vulnerability code fragment data sets subjected to the code data cleaning to obtain standard control flow codes and standard vulnerability code fragment data sets;
s430: performing similarity comparison on the standard control flow code and the standard vulnerability code fragment data set to obtain the vulnerability similarity index;
s440: and acquiring a standard control flow code block with the vulnerability similarity index larger than a preset similarity threshold value as the vulnerability code, and taking the position of the vulnerability code in the standard control flow code as the vulnerability code position.
The standardized substitution of custom variables and custom functions is performed on the control flow code and vulnerability code fragment data sets, and is used for removing irrelevant character strings and notes, saving the code forms and syntax elements, and illustratively, only double quotation marks are reserved for contents including directly removing variables.
Alternatively, the code is represented as a graph and the GMN method is used to compare the similarity of the two code graphs. The idea of the methodology is as follows: first, each piece of code is represented as a graph, including converting the code into a graph using an AST (abstract syntax tree) or CFG (control flow graph) representation method or the like. Where nodes represent elements (e.g., functions, classes, variables, etc.) in the code and edges represent relationships (e.g., calls, dependencies, etc.) between the elements. And then, constructing a similarity comparator, wherein the similarity comparator comprises a plurality of similarity comparison models, and the similarity comparison models are in one-to-one correspondence with the vulnerability categories in the vulnerability code fragment data set. Further, the similarity comparison model comprises a Graph Neural Network (GNN), and the Graph Neural Network (GNN) is used for generating a numerical vector by taking the formatted code graph conversion image as input to perform graph comparison, so as to obtain the vulnerability similarity index. The similarity measures include cosine similarity, euclidean distance, and the like.
Optionally, the predetermined similarity threshold is determined by a practitioner based on accuracy, recall, F1 score, average precision average (mAP), etc. of the threshold screening result.
S500: performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes;
optionally, the code features include function calls, variable usage, keywords, and the like. Code parsing tools (e.g., compilers or parsers, etc.) are used to translate the code into a data structure and then extract information about these features. The control flow code is used for knowing the execution path of the code. And determining the propagation relationship between the calling relationship of the code and the vulnerability influence.
Optionally, the code association identification based on the control flow includes using a control flow graph (Control Flow Graph, CFG) to represent the control flow of the program, using a static single assignment (Static Single Assignment, SSA) to represent a Use-definition Chain (Use-Def Chain) of data in the program, and further performing IR-level code control flow analysis, which has the technical effects of strong language independence adaptability and stable analysis.
Optionally, code-associated recognition is performed based on the code features and the control flow code, including processing methods that combine Natural Language Processing (NLP) with code analysis techniques.
Optionally, based on the same principle of similarity comparison, code association identification based on code features and control flow codes is realized, and an update vulnerability position and an update vulnerability code are obtained. For brevity of description, no further development is made here. By means of code association identification, complete association identification is carried out on the control flow codes of the target reading area on the premise that the vulnerability codes are known, and all code positions and code contents affected by the vulnerability are obtained.
S600: and carrying out security upgrade management on the target reader according to the update vulnerability position and the update vulnerability code.
Further, performing security upgrade management on the target reader according to the update vulnerability location and the update vulnerability code, and step S600 includes:
s610: performing vulnerability feature recognition based on the updated vulnerability codes to obtain vulnerability external features;
s620: performing vulnerability security risk level analysis based on the vulnerability external features to obtain vulnerability security risk level marks to the updated vulnerability positions and the updated vulnerability codes;
s630: carrying out serialization processing on the updated vulnerability position and the updated vulnerability code according to the marked vulnerability security risk level to obtain a vulnerability priority processing sequence;
s640: and carrying out security upgrading management on the updated vulnerability position and the updated vulnerability code according to the vulnerability priority processing sequence.
Optionally, the external feature of the vulnerability refers to a feature of an influence of the vulnerability on the target reader, including: vulnerability impact scope, which is used to describe the scope of possible vulnerability impact, including whether system crash, data leakage, denial of service attack or other security problems can be caused; potential attack paths, which describe how an attacker might attack with a vulnerability. Including steps that an attacker needs to take, access rights requirements, etc. The affected business processes are used for expressing key business processes possibly affected by the vulnerability.
Optionally, the vulnerability security risk level analysis content includes: difficulty in utilizing loopholes: and measuring the difficulty level of the attacker in utilizing the loopholes. This may be evaluated based on factors such as the complexity of the vulnerability, the preconditions required, etc. Potential threat level: and according to the influence and utilization difficulty of the vulnerability, a potential threat level is allocated to help determine the urgency of repairing the vulnerability. Potential data leakage: if the leak is at risk of causing sensitive data leakage, describing the type and the quantity of the data which can be leaked, and evaluating and acquiring the risk level of the sensitive data leakage.
Optionally, the vulnerability security risk level is determined based on vulnerability security risk level analysis content according to the vulnerability evaluation rule. The vulnerability evaluation rule is set by a professional technician according to target requirements of a target reader.
Optionally, serializing the updated vulnerability position and the updated vulnerability code according to the marked vulnerability security risk level, and ordering the vulnerabilities according to the security risk level to generate a vulnerability priority processing sequence. High risk vulnerabilities are ranked in front and low risk vulnerabilities are ranked in back. High risk vulnerabilities typically require immediate repair, while low risk vulnerabilities may be scheduled in subsequent repair cycles. And the vulnerability influence and vulnerability risk are minimized.
Further, the security upgrade management is performed on the target reader according to the update vulnerability location and the update vulnerability code, and step S600 further includes:
s710: constructing a digital twin model of the target reader after security upgrade management;
s720: obtaining attack sample data according to the preset vulnerability type set;
s730: carrying out attack test on the digital twin model by using the attack sample data, and recording a test result;
s740: and calculating and acquiring the bug repair state index after the security upgrade by using the expression for acquiring the repair state index according to the test result, and evaluating the repair effect according to the bug repair state index after the security upgrade.
Digital twinning refers to a method for modeling and simulating objects, systems or processes in the physical world through digital technology to reflect and predict the running state and behavior of the objects, systems or processes in real time. By connecting the physical entity and the digital model, the change and influence in the entity world can be reflected in the digital model in real time, so that the purposes of monitoring, analyzing and optimizing the entity world are realized.
Optionally, the digital twin model of the target reader is set in an isolated environment, and the digital twin model of the target reader after security upgrade management is constructed. Firstly, the isolated environment is configured and selected, so that the environment configuration parameters are matched with the target reader. Then, a target reader copy is imported to obtain a digital twin model.
Optionally, the attack sample data includes attack path, attack parameter, attack flow, attack category, etc. The test results include: threat detection Time (TTD), set refers to the Time the target reader detects a threat and sounds an alarm, recovery Time (RT), refers to the Time required for the target reader to recover from normal operation after the threat occurs, availability (Availability), refers to the proportion of Time the target reader can normally provide service, and high Availability means that the target reader has good stability.
Further, a predetermined vulnerability type set of the target reader is obtained, where the predetermined vulnerability type set is a vulnerability type set obtained by performing cluster analysis on historical vulnerability monitoring data of peer readers of the target reader, and step S100 further includes:
s211: extracting a bug intersection set and a bug time record of the bug types in the historical bug repair record and the preset bug type set;
the intersection of the repair vulnerability types in the historical vulnerability repair records and the preset vulnerability type set refers to the set of vulnerability types detected and repaired by the same group of readers.
S221: acquiring a first preset time window according to the repair time record, and acquiring an attack record data set of the target reader under the first preset time window;
the first predetermined time window refers to a time interval between a preamble repair time point and a current time point. The attack record data set includes all attack records within a first predetermined time window. Optionally, the acquisition path of the attack record set includes security log, intrusion detection system report, network traffic record, and the like. The purpose of the acquisition is to collect security events and attacks that occur within this time window.
S231: based on the attack record data set, the attack type, the attack times and the attack state are identified, and an attack characteristic set is obtained;
optionally, first, data processing is performed on the attack record data set, which specifically includes: data cleaning, data deduplication, data sorting, and the like.
Optionally, attack record data in the attack record data set is generated according to a certain data coding format and a storage rule. Illustratively, first, the attack record data is decoded according to the data coding format, and then, based on the storage rule, an attack characteristic set is obtained, including information such as attack type, attack time, attack source IP, and affected system components of the attack state (whether the attack state has an effect on the target reader or not).
S241: matching analysis is carried out on the attack types in the attack feature set and the vulnerability types in the vulnerability intersection set, and matching vulnerability types are obtained;
the matching vulnerability type is the repaired vulnerability type in the preamble repair. Based on the matching vulnerability types, the attack record data and the attack features belonging to vulnerability intersections in the attack feature set are extracted.
S251: performing repair effect analysis on the matched vulnerability types according to the attack times and attack states in the attack feature set to obtain a repair state index;
s261: judging whether the repair state index is larger than a preset repair index, if not, performing vulnerability patch upgrading management on the matched vulnerability type.
Optionally, the predetermined repair index is determined based on expected protection performance of the vulnerability corresponding to the repair status index. Firstly, according to the expected protection performance of the loopholes corresponding to the repair state indexes, the expected repair indexes are obtained through calculation. And then, selecting a repair safety coefficient, taking the product of the repair safety coefficient and an expected repair index, and setting the product as a preset repair index. Wherein the repair safety coefficient is greater than 1.
Further, the step S1300 further includes performing repair effect analysis on the matching vulnerability type according to the attack times and attack states in the attack feature set to obtain a repair state index:
s2511: acquiring the attack success times, attack success period characteristics and attack failure times of the matched vulnerability types based on the attack times and the attack states;
s2512: and calculating and obtaining the repair state index by combining the attack success times, the attack success period characteristics and the attack failure times.
The attack success period characteristic refers to the total number of attacks which need to be performed once each attack is successful. The attack success number refers to the number of attacks occurring within a first predetermined time window.
Alternatively, the attack success cycle characteristic is represented as a frequency domain characteristic. Illustratively, the attack success cycle characteristic is expressed as a separate image in a rectangular coordinate system, wherein the horizontal axis is an attack success cycle characteristic value, and the vertical axis is the occurrence number of the attack success cycle characteristic value.
Further, in combination with the attack success times, attack success period characteristics, and attack failure times, the repair state index is calculated and obtained, and step S1320 further includes:
the expression for obtaining the repair status index is as follows:
wherein T is i+1 -T i For the number of attack intervals between the success of the ith attack and the success of the (i+1) th attack,the number of attack interval times between the i-th attack success and the i+1th attack success is 0; f is the attack failure times; s is the successful times of attack.
In summary, the method for enhancing reading safety based on vulnerability identification provided by the invention has the following technical effects:
obtaining a preset vulnerability type set of the target reader by carrying out cluster analysis on historical vulnerability monitoring data of readers of the same family as the target reader; obtaining a vulnerability repair record of a target reader, and extracting a vulnerability difference set between a repair vulnerability type in a historical vulnerability repair record and a preset vulnerability type set; taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to a peer reader based on a data mining technology; obtaining a control flow code of a target reader, comparing the control flow code with a vulnerability code fragment data set, and positioning a vulnerability position and a vulnerability code according to a vulnerability similarity index; performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes; and carrying out security upgrade management on the target reader according to the update vulnerability position and the update vulnerability code. Thereby achieving the technical effects of high vulnerability identification efficiency, periodic repair and high safety.
Example two
Based on the same concept as the reading security enhancement method based on vulnerability recognition in the embodiment, as shown in fig. 3, the present application further provides a reading security enhancement system based on vulnerability recognition, where the system includes:
the vulnerability type acquisition module 11 is configured to acquire a predetermined vulnerability type set of a target reader, where the predetermined vulnerability type set is a vulnerability type set obtained by performing cluster analysis on historical vulnerability monitoring data of a peer reader of the target reader;
the difference set extraction module 12 is configured to obtain a bug fix record of the target reader, and extract a bug difference set of a fix bug type in the historical bug fix record and the predetermined bug type set;
the vulnerability code acquisition module 13 is configured to take a vulnerability type in the vulnerability difference set as a vulnerability type to be overhauled, and acquire a vulnerability code fragment dataset of the vulnerability type to be overhauled according to the peer reader based on a data mining technology;
the similarity comparison module 14 is configured to obtain a control flow code of the target reader, perform similarity comparison with the vulnerability code fragment dataset, and locate a vulnerability position and a vulnerability code according to a vulnerability similarity index;
the association recognition module 15 is used for performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes;
and the security upgrade module 16 is configured to perform security upgrade management on the target reader according to the update vulnerability location and the update vulnerability code.
Further, the similarity comparison module 14 further includes:
the data cleaning unit is used for cleaning code data of the control flow code and the vulnerability code fragment data set;
the standardized unit is used for carrying out standardized replacement of custom variables and custom functions on the control flow codes and the vulnerability code fragment data sets after the code data are cleaned to obtain standard control flow codes and standard vulnerability code fragment data sets;
the similarity comparison unit is used for performing similarity comparison on the standard control flow code and the standard vulnerability code fragment data set to obtain the vulnerability similarity index;
the vulnerability code positioning unit is used for acquiring a standard control flow code block with a vulnerability similarity index larger than a preset similarity threshold value as the vulnerability code, and taking the position of the vulnerability code in the standard control flow code as the vulnerability code position.
Further, the security upgrade module 16 further includes:
the feature recognition unit is used for recognizing the vulnerability features based on the updated vulnerability codes to obtain vulnerability external features;
the risk level marking unit is used for carrying out vulnerability security risk level analysis based on the vulnerability external characteristics and obtaining vulnerability security risk level marks to the updated vulnerability position and the updated vulnerability code;
the processing serialization unit is used for serializing the updated vulnerability position and the updated vulnerability code according to the marked vulnerability security risk level to obtain a vulnerability priority processing sequence;
and the upgrade management unit is used for carrying out security upgrade management on the update vulnerability position and the update vulnerability code according to the vulnerability priority processing sequence.
Further, the reading security enhancement system based on vulnerability identification of the present application further comprises:
an intersection extraction unit, configured to extract a vulnerability intersection of the repair vulnerability type in the historical vulnerability repair record and the predetermined vulnerability type set, and a repair time record;
the attack data acquisition unit is used for: acquiring a first preset time window according to the repair time record, and acquiring an attack record data set of the target reader under the first preset time window;
the attack characteristic identification unit is used for identifying the attack type, the attack times and the attack state based on the attack record data set to obtain an attack characteristic set;
the attack vulnerability matching unit is used for carrying out matching analysis on attack types in the attack feature set and vulnerability types in the vulnerability intersection set to obtain matching vulnerability types;
the repair effect analysis unit is used for carrying out repair effect analysis on the matched vulnerability types according to the attack times and the attack states in the attack feature set to obtain a repair state index;
and the vulnerability patch upgrading unit is used for judging whether the repair state index is larger than a preset repair index, and if not, carrying out vulnerability patch upgrading management on the matched vulnerability type.
Further, the repair effect analysis unit further includes:
the attack parameter extraction unit is used for acquiring the attack success times, the attack success period characteristics and the attack failure times of the matching vulnerability types based on the attack times and the attack states;
and the index calculation unit is used for calculating and obtaining the repair state index by combining the attack success times, the attack success period characteristics and the attack failure times.
Further, the reading security enhancement system based on vulnerability identification of the present application further comprises:
the twin construction unit is used for constructing a digital twin model of the target reader after the safety upgrade management;
the attack sample acquisition unit is used for acquiring attack sample data according to the preset vulnerability type set;
the simulation attack unit is used for carrying out attack test on the digital twin model by using the attack sample data and recording a test result;
and the repair evaluation unit is used for calculating and acquiring the bug repair state indexes after the security upgrade by using the expressions for acquiring the repair state indexes according to the test results and evaluating the repair effect according to the bug repair state indexes after the security upgrade.
It should be understood that the embodiments mentioned in this specification focus on differences from other embodiments, and the specific embodiments in the first embodiment are equally applicable to the reading security enhancement system based on vulnerability recognition described in the second embodiment, and are not further developed herein for brevity of description.
It should be understood that the embodiments disclosed herein and the foregoing description may enable one skilled in the art to utilize the present application. While the present application is not limited to the above-mentioned embodiments, obvious modifications and variations of the embodiments mentioned herein are possible and are within the principles of the present application.
Claims (8)
1. The reading security enhancement method based on vulnerability identification is characterized by comprising the following steps:
acquiring a preset vulnerability type set of a target reader, wherein the preset vulnerability type set is obtained by performing cluster analysis on historical vulnerability monitoring data of a same family reader of the target reader;
obtaining a vulnerability repair record of the target reader, and extracting a vulnerability difference set between a repair vulnerability type in the historical vulnerability repair record and the preset vulnerability type set;
taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to the peer reader based on a data mining technology;
obtaining a control flow code of the target reader, performing similarity comparison with the vulnerability code fragment data set, and positioning a vulnerability position and a vulnerability code according to a vulnerability similarity index;
performing code feature recognition on the vulnerability codes, and performing code association recognition according to the code features and the control flow codes to obtain updated vulnerability positions and updated vulnerability codes;
and carrying out security upgrade management on the target reader according to the update vulnerability position and the update vulnerability code.
2. The method of claim 1, wherein the method further comprises:
extracting a bug intersection set and a bug time record of the bug types in the historical bug repair record and the preset bug type set;
acquiring a first preset time window according to the repair time record, and acquiring an attack record data set of the target reader under the first preset time window;
based on the attack record data set, the attack type, the attack times and the attack state are identified, and an attack characteristic set is obtained;
matching analysis is carried out on the attack types in the attack feature set and the vulnerability types in the vulnerability intersection set, and matching vulnerability types are obtained;
performing repair effect analysis on the matched vulnerability types according to the attack times and attack states in the attack feature set to obtain a repair state index;
judging whether the repair state index is larger than a preset repair index, if not, performing vulnerability patch upgrading management on the matched vulnerability type.
3. The method of claim 2, wherein the performing the repair effect analysis on the matching vulnerability type according to the attack times and the attack states in the attack feature set to obtain a repair state index includes:
acquiring the attack success times, attack success period characteristics and attack failure times of the matched vulnerability types based on the attack times and the attack states;
and calculating and obtaining the repair state index by combining the attack success times, the attack success period characteristics and the attack failure times.
4. The method of claim 3, wherein the expression for obtaining the repair status index is as follows:
wherein T is i+1 -T i For the number of attack intervals between the success of the ith attack and the success of the (i+1) th attack,the number of attack interval times between the i-th attack success and the i+1th attack success is 0; f is the attack failure times; s is the successful times of attack.
5. The method of claim 1, wherein the obtaining the control flow code of the target reader and comparing with the vulnerability code segment dataset, locating vulnerability locations and vulnerability codes according to vulnerability similarity indexes comprises:
code data cleaning is carried out on the control flow codes and the vulnerability code segment data sets;
carrying out standardized replacement of custom variables and custom functions on the control flow codes and the vulnerability code fragment data sets subjected to the code data cleaning to obtain standard control flow codes and standard vulnerability code fragment data sets;
performing similarity comparison on the standard control flow code and the standard vulnerability code fragment data set to obtain the vulnerability similarity index;
and acquiring a standard control flow code block with the vulnerability similarity index larger than a preset similarity threshold value as the vulnerability code, and taking the position of the vulnerability code in the standard control flow code as the vulnerability code position.
6. The method of claim 1, wherein the secure upgrade management of the target reader according to the update vulnerability location and the update vulnerability code comprises:
performing vulnerability feature recognition based on the updated vulnerability codes to obtain vulnerability external features;
performing vulnerability security risk level analysis based on the vulnerability external features to obtain vulnerability security risk level marks to the updated vulnerability positions and the updated vulnerability codes;
carrying out serialization processing on the updated vulnerability position and the updated vulnerability code according to the marked vulnerability security risk level to obtain a vulnerability priority processing sequence;
and carrying out security upgrading management on the updated vulnerability position and the updated vulnerability code according to the vulnerability priority processing sequence.
7. The method of claim 4, wherein the method further comprises:
constructing a digital twin model of the target reader after security upgrade management;
obtaining attack sample data according to the preset vulnerability type set;
carrying out attack test on the digital twin model by using the attack sample data, and recording a test result;
and calculating and acquiring the bug repair state index after the security upgrade by using the expression for acquiring the repair state index according to the test result, and evaluating the repair effect according to the bug repair state index after the security upgrade.
8. A reading security enhancement system based on vulnerability identification, the system comprising:
the vulnerability type acquisition module is used for acquiring a preset vulnerability type set of the target reader, wherein the preset vulnerability type set is obtained by performing cluster analysis on historical vulnerability monitoring data of the same family of readers of the target reader;
the difference set extraction module is used for acquiring a bug repair record of the target reader and extracting bug difference sets of repair bug types in the historical bug repair record and the preset bug type set;
the vulnerability code acquisition module is used for taking the vulnerability types in the vulnerability difference set as vulnerability types to be overhauled, and acquiring a vulnerability code fragment data set of the vulnerability types to be overhauled according to the peer reader based on a data mining technology;
the similarity comparison module is used for acquiring the control flow code of the target reader, performing similarity comparison with the vulnerability code fragment data set and positioning the vulnerability position and the vulnerability code according to the vulnerability similarity index;
the association recognition module is used for carrying out code feature recognition on the vulnerability codes, carrying out code association recognition according to the code features and the control flow codes, and obtaining updated vulnerability positions and updated vulnerability codes;
and the security upgrading module is used for performing security upgrading management on the target reader according to the updating vulnerability position and the updating vulnerability code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311224554.5A CN117290851B (en) | 2023-09-21 | 2023-09-21 | Vulnerability identification-based reading security enhancement method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311224554.5A CN117290851B (en) | 2023-09-21 | 2023-09-21 | Vulnerability identification-based reading security enhancement method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117290851A true CN117290851A (en) | 2023-12-26 |
| CN117290851B CN117290851B (en) | 2024-02-20 |
Family
ID=89243695
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311224554.5A Active CN117290851B (en) | 2023-09-21 | 2023-09-21 | Vulnerability identification-based reading security enhancement method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117290851B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462986A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Detecting method and device of loophole triggering threats in PDF |
| CN107451474A (en) * | 2016-05-31 | 2017-12-08 | 百度在线网络技术(北京)有限公司 | Software vulnerability restorative procedure and device for terminal |
| US20180034842A1 (en) * | 2016-07-26 | 2018-02-01 | Booz Allen Hamilton Inc. | Automated machine learning scheme for software exploit prediction |
| WO2021003982A1 (en) * | 2019-07-05 | 2021-01-14 | 深圳壹账通智能科技有限公司 | Service system vulnerability processing method and apparatus, computer device, and storage medium |
| CN115412354A (en) * | 2022-09-01 | 2022-11-29 | 北京赛博易安科技有限公司 | Network security vulnerability detection method and system based on big data analysis |
| CN116776334A (en) * | 2023-05-29 | 2023-09-19 | 和欣彤 | Office software vulnerability analysis method based on big data |
-
2023
- 2023-09-21 CN CN202311224554.5A patent/CN117290851B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462986A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Detecting method and device of loophole triggering threats in PDF |
| CN107451474A (en) * | 2016-05-31 | 2017-12-08 | 百度在线网络技术(北京)有限公司 | Software vulnerability restorative procedure and device for terminal |
| US20180034842A1 (en) * | 2016-07-26 | 2018-02-01 | Booz Allen Hamilton Inc. | Automated machine learning scheme for software exploit prediction |
| WO2021003982A1 (en) * | 2019-07-05 | 2021-01-14 | 深圳壹账通智能科技有限公司 | Service system vulnerability processing method and apparatus, computer device, and storage medium |
| CN115412354A (en) * | 2022-09-01 | 2022-11-29 | 北京赛博易安科技有限公司 | Network security vulnerability detection method and system based on big data analysis |
| CN116776334A (en) * | 2023-05-29 | 2023-09-19 | 和欣彤 | Office software vulnerability analysis method based on big data |
Non-Patent Citations (1)
| Title |
|---|
| 单纯;荆高鹏;胡昌振;薛静锋;贺津朝;: "基于漏洞知识库的8031单片机系统软件漏洞检测算法", 北京理工大学学报, no. 04, 15 April 2017 (2017-04-15) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117290851B (en) | 2024-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109933984B (en) | Optimal clustering result screening method and device and electronic equipment | |
| CN107862327B (en) | Security defect identification system and method based on multiple features | |
| CN117034299B (en) | Intelligent contract safety detection system based on block chain | |
| CN113609008B (en) | Test result analysis method and device and electronic equipment | |
| CN117094184A (en) | Modeling method, system and medium of risk prediction model based on intranet platform | |
| CN116383833A (en) | Method and device for testing software program code, electronic equipment and storage medium | |
| CN116720197B (en) | Method and device for arranging vulnerability priorities | |
| CN113779573B (en) | Large-scale lux software analysis method and analysis device based on system traceability graph | |
| CN113886832A (en) | Intelligent contract vulnerability detection method, system, computer equipment and storage medium | |
| CN117290851B (en) | Vulnerability identification-based reading security enhancement method and system | |
| CN112464237A (en) | Static code safety diagnosis method and device | |
| CN117668892A (en) | Sensitive information detection feedback method, device, equipment and medium | |
| CN111460137A (en) | Micro-service focus identification method, device and medium based on topic model | |
| KR20220116410A (en) | Security compliance automation method | |
| CN116089262A (en) | Code security scanning system and method based on code dynamic analysis | |
| CN114925365A (en) | File processing method and device, electronic equipment and storage medium | |
| CN115145623A (en) | White box monitoring method, device, equipment and storage medium of software business system | |
| CN118276933B (en) | Method, device, equipment and medium for processing software compatibility problem | |
| CN111651753A (en) | User behavior analysis system and method | |
| CN118036080B (en) | Data security treatment method and system based on big data technology | |
| CN118170685B (en) | Automatic test platform and method for self-adapting to operating system environment | |
| CN114329471A (en) | Data processing method, data processing device, electronic equipment and storage medium | |
| Prudkovskiy | Static analysis of executable files by machine learning methods | |
| CN118710224A (en) | Enterprise platform safety management method and system based on artificial intelligence | |
| CN118094538A (en) | Hidden vulnerability poisoning patch identification method based on deep learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |