CN118133291B - Vulnerability restoration method and device of security management system and electronic equipment - Google Patents
Vulnerability restoration method and device of security management system and electronic equipment Download PDFInfo
- Publication number
- CN118133291B CN118133291B CN202410312249.XA CN202410312249A CN118133291B CN 118133291 B CN118133291 B CN 118133291B CN 202410312249 A CN202410312249 A CN 202410312249A CN 118133291 B CN118133291 B CN 118133291B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- patch
- target
- repair
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000008439 repair process Effects 0.000 claims abstract description 256
- 238000013507 mapping Methods 0.000 claims abstract description 49
- 238000004088 simulation Methods 0.000 claims abstract description 40
- 238000004458 analytical method Methods 0.000 claims description 22
- 238000012545 processing Methods 0.000 claims description 21
- 230000002159 abnormal effect Effects 0.000 claims description 13
- 238000010586 diagram Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000001965 increasing effect Effects 0.000 description 4
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a vulnerability restoration method and device of a security management system and electronic equipment. The method comprises the following steps: the method comprises the steps of obtaining a scanning task, obtaining a target bug in an integrated security framework according to the scanning task, determining a first patch mapped by the target bug according to a bug patch mapping relation, repairing the target bug in the integrated security framework by the first patch, analyzing the first patch and the target bug and generating first repair data, calculating the security loss of the target bug according to the first repair data when the first patch is determined to be failed to repair, determining a bug level according to the security loss, determining a secondary repair and generating a second patch according to the bug level, operating the second patch in the real-time simulation integrated security framework, and determining the second patch as the target patch and repairing the target bug in the integrated security framework when the second patch is determined to be successful to repair the target bug. The method of the application increases the bug repairing efficiency and the repairing success rate and improves the convenience of bug repairing.
Description
Technical Field
The present application relates to vulnerability detection and analysis technologies, and in particular, to a vulnerability repair method, device and electronic equipment for a security management system.
Background
With the increasing digitization of modern enterprises, a secure network architecture needs to be built for defending against attacks, but a reasonable secure network architecture may also have vulnerabilities that may be exploited by hackers, resulting in enterprise tragic.
In the prior art, the integrated security frame vulnerability analysis system is used for detecting the vulnerabilities in the security frame and outputting corresponding suggestions of each vulnerability, so that related personnel generate corresponding patches according to the suggestions of each vulnerability and repair the corresponding vulnerabilities by the patches.
However, the loopholes are various, and when the loophole analysis system of the integrated security framework in the prior art detects the loopholes, the efficiency and the accuracy of patches generated aiming at each loophole are low.
Disclosure of Invention
The application provides a vulnerability restoration method, device and electronic equipment of a security management system, which are used for improving the efficiency and convenience of vulnerability restoration and enhancing the effectiveness of vulnerability restoration.
In a first aspect, the present application provides a vulnerability restoration method of a security management system, where the security management system includes an integrated security framework, and the vulnerability restoration method includes:
acquiring a scanning task, and acquiring a target vulnerability in the integrated security framework according to the scanning task;
determining the vulnerability characteristics of the target vulnerability according to the target vulnerability, and determining whether a first patch corresponding to the vulnerability characteristics exists according to the vulnerability patch mapping relation; when the first patch exists, repairing the target vulnerability according to the first patch;
analyzing the repair state of the target vulnerability according to the first patch to generate first repair data of the target vulnerability;
when the first patch fails to repair the target vulnerability, determining a vulnerability grade corresponding to the target vulnerability according to the first repair data; and determining a second patch according to the vulnerability level, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability.
Optionally, when the first patch fails to repair the target vulnerability, determining the vulnerability level corresponding to the target vulnerability according to the first repair data specifically includes:
when the first patch fails to repair the target vulnerability according to the first repair data of the target vulnerability, calculating the security loss of the target vulnerability according to the first repair data and the scanning task;
Determining a vulnerability grade corresponding to the target vulnerability according to the security loss; the first repair data are related data of the target loopholes before and after repair of the first patch respectively.
Optionally, determining a second patch according to the vulnerability level, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability specifically includes:
Determining whether to carry out second repair on the target vulnerability according to the vulnerability grade;
When the second repair is determined to be performed, generating a second patch according to the target vulnerability, the first patch and the first repair data;
Simulating and repairing the target loopholes in the integrated security framework in real time according to the second patches, and analyzing the target loopholes according to the second patches to generate second repair data of the target loopholes; the second repair data are related data of the target vulnerability after second repair;
and carrying out repair comparison on the second repair data and the first repair data to obtain a comparison result, determining a target patch according to the comparison result, and repairing a target vulnerability according to the target patch.
Optionally, when determining that the patch corresponding to the vulnerability feature of the target vulnerability does not exist according to the vulnerability patch mapping relationship, analyzing the target vulnerability to generate abnormal data of the target vulnerability;
determining a vulnerability grade corresponding to the target vulnerability according to the abnormal data;
And determining a target patch according to the vulnerability grade, and repairing the target patch with the target vulnerability.
Optionally, generating an analog integrated security framework according to the integrated security framework in the initial state, wherein the integrated security framework in the initial state is the integrated security framework before starting the execution of the scanning task;
generating and outputting a reparation instruction when the second repair is determined to be performed;
And operating the target vulnerability in the simulation integrated type safety framework according to the reparation instruction to obtain the updated real-time simulation integrated type safety framework.
Optionally, when the first patch is determined to successfully repair the target vulnerability according to the first repair data of the target vulnerability, determining the first patch which successfully repairs the target vulnerability as the target patch;
and recording according to the target patch and the target vulnerability.
Optionally, before determining whether the first patch corresponding to the vulnerability feature exists according to the vulnerability patch mapping relationship, establishing the vulnerability patch mapping relationship;
The method specifically comprises the following steps:
acquiring detailed data of each vulnerability and repairing patches corresponding to each vulnerability, and establishing a mapping relation between each vulnerability and the corresponding patch repairing each vulnerability to obtain a vulnerability patch mapping relation;
The patches mapped by all the vulnerabilities are stored in a patch library;
correspondingly, determining target patches corresponding to the loopholes to be repaired;
Updating patches mapped by corresponding vulnerabilities in a patch library according to the target patches respectively; and obtaining the mapping between the loopholes and the corresponding target patches, and updating the mapping relation of the loopholes patches.
In a second aspect, the present application provides a vulnerability restoration device of a security management system, including:
the acquisition module acquires a scanning task and acquires a target vulnerability in the integrated security framework according to the scanning task;
The processing module is used for determining the vulnerability characteristics of the target vulnerability according to the target vulnerability and determining whether a first patch corresponding to the vulnerability characteristics exists according to the vulnerability patch mapping relation; when the first patch exists, repairing the target vulnerability according to the first patch;
The analysis module is used for analyzing the repair state of the target vulnerability according to the first patch and generating first repair data of the target vulnerability;
The analysis module is further used for determining a vulnerability grade corresponding to the target vulnerability according to the first repair data when the first patch fails to repair the target vulnerability; and determining a second patch according to the vulnerability level, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability.
Optionally, the analysis module is further configured to calculate a security loss of the target vulnerability according to the first repair data and the scan task when determining that the first patch fails to repair the target vulnerability according to the first repair data of the target vulnerability;
Determining a vulnerability grade corresponding to the target vulnerability according to the security loss; the first repair data are related data of the target loopholes before and after repair of the first patch respectively.
Optionally, the analysis module is further configured to determine whether to perform second repair on the target vulnerability according to the vulnerability level;
When the second repair is determined to be performed, generating a second patch according to the target vulnerability, the first patch and the first repair data;
Simulating and repairing the target loopholes in the integrated security framework in real time according to the second patches, and analyzing the target loopholes according to the second patches to generate second repair data of the target loopholes; the second repair data are related data of the target vulnerability after second repair;
and carrying out repair comparison on the second repair data and the first repair data to obtain a comparison result, determining a target patch according to the comparison result, and repairing a target vulnerability according to the target patch.
Optionally, the analysis module is further configured to analyze the target vulnerability and generate abnormal data of the target vulnerability when determining that the patch corresponding to the vulnerability feature of the target vulnerability does not exist according to the vulnerability patch mapping relationship;
determining a vulnerability grade corresponding to the target vulnerability according to the abnormal data;
And determining a target patch according to the vulnerability grade, and repairing the target patch with the target vulnerability.
Optionally, the processing module is further configured to generate an analog integrated security frame according to the integrated security frame in the initial state, where the integrated security frame in the initial state is the integrated security frame before the execution of the scanning task is started;
generating and outputting a reparation instruction when the second repair is determined to be performed;
And operating the target vulnerability in the simulation integrated type safety framework according to the reparation instruction to obtain the updated real-time simulation integrated type safety framework.
Optionally, the processing module is further configured to determine, when the first patch is determined to repair the target vulnerability successfully according to the first repair data of the target vulnerability, that the first patch that repair the target vulnerability successfully is the target patch;
and recording according to the target patch and the target vulnerability.
Optionally, the processing module is further configured to establish a vulnerability patch mapping relationship;
The method specifically comprises the following steps:
acquiring detailed data of each vulnerability and repairing patches corresponding to each vulnerability, and establishing a mapping relation between each vulnerability and the corresponding patch repairing each vulnerability to obtain a vulnerability patch mapping relation;
The patches mapped by all the vulnerabilities are stored in a patch library;
correspondingly, determining target patches corresponding to the loopholes to be repaired;
Updating patches mapped by corresponding vulnerabilities in a patch library according to the target patches respectively; and obtaining the mapping between the loopholes and the corresponding target patches, and updating the mapping relation of the loopholes patches.
In a third aspect, the present application provides an electronic device comprising: a processor, a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
The processor executes computer-executable instructions stored in the memory to implement the method as referred to in the first aspect above.
In a fourth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions for performing the method as referred to in the first aspect above when executed by a processor.
In a fifth aspect, the application provides a computer program product comprising a computer program for implementing the method as referred to in the first aspect above when the computer program is executed by a processor.
According to the vulnerability restoration method, device and electronic equipment of the security management system, the target vulnerability in the integrated security framework is obtained through the acquisition of the scanning task, the target vulnerability in the integrated security framework is obtained according to the scanning task, the first patch mapped by the target vulnerability is determined according to the vulnerability patch mapping relation, the first patch is operated in the integrated security framework to restore the target vulnerability when the first patch exists, the first restoration data are obtained through analysis according to the target vulnerability, the first patch and the scanning task, when the first restoration data are determined that the first patch is not restored successfully, the security loss of the target vulnerability is calculated according to the first restoration data, the corresponding vulnerability grade is determined according to the specific value of the security loss, whether the second restoration is carried out is determined according to the vulnerability grade, and when the second restoration is determined, the integrated security framework is updated to obtain the integrated security framework according to the first patch and the target vulnerability, the second patch is operated in the integrated security framework to restore the target vulnerability, when the second patch is restored successfully, the target vulnerability is determined to be used for restoring the target vulnerability in the integrated security framework, the corresponding vulnerability is distributed to the first restoration grade, therefore, the corresponding vulnerability is processed quickly according to the grade, the success rate and the vulnerability restoration success rate is improved, and the vulnerability restoration success rate is convenient.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
FIG. 1 is a flowchart of a vulnerability restoration method of a security management system according to an embodiment of the present application;
FIG. 2 is a flowchart of a vulnerability restoration method of a security management system according to an embodiment of the present application;
FIG. 3 is a flowchart of a vulnerability restoration method of a security management system according to an embodiment of the present application;
Fig. 4 is a schematic structural diagram of a vulnerability restoration device of a security management system according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a vulnerability restoration device of a security management system according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
It should be noted that, the user data (including but not limited to user equipment data, user personal data, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are data and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related region, and are provided with corresponding operation entries for the user to select authorization or rejection.
The system of terminal equipment such as a computer has larger potential safety hazard, so that modern enterprises defend by constructing a security network architecture system, but loopholes can appear again even in the defending of the system and are easily licensed by other personnel to be utilized, so that the loss is serious, therefore, the enterprises need to detect the loopholes of the self security network architecture system, and the information security of the enterprises and individuals is protected.
At present, a security framework vulnerability detection analysis system is generally used for detecting vulnerabilities of a security network architecture system, and after each detected vulnerability is analyzed, a repair suggestion corresponding to the vulnerability is output, so that a worker repairs the vulnerability according to the corresponding repair suggestion.
However, under the condition that the computer is used for a long time, the types of loopholes are more and more, the number of loopholes is gradually huge, and in a large number of loopholes, analysis and treatment are sequentially carried out according to part of loopholes which do not need to be treated, so that the time cost for repairing the loopholes is increased, and the timely repair of part of loopholes which need to be treated urgently is delayed. For an invalid or lost aggravated processing scheme, the patch generated according to the processing scheme cannot repair the corresponding loopholes, and factors threatening the security of the system are increased, so that the repairing pressure is increased, and the efficiency and quality of the loophole repairing are further reduced.
In addition, suggestions generated by analyzing all vulnerabilities cannot be timely verified for correctness or validity, and when the scheme cannot repair corresponding vulnerabilities, corresponding revisions cannot be timely performed on the scheme, so that the efficiency and convenience of vulnerability repair are reduced.
According to the method, after a scanning task is acquired, an integrated security framework in terminal equipment is scanned according to the indication of the scanning task, when a target bug is scanned, a first patch corresponding to the target bug is determined according to the bug patch mapping relation, the first patch is used for repairing the target bug, meanwhile, the first repair data of the target bug is generated by analyzing the detailed data of the first patch and the target bug, when the first repair data is determined to fail in repairing, the security loss of the target bug to the integrated security framework is calculated according to the first repair data, and the security loss is classified, so that whether the target bug is timely processed or not is determined according to the level. And when the timely processing is determined, updating the target loopholes in the simulated integrated security framework to form a real-time simulated integrated security framework, generating a second patch according to the target loopholes and the first patch, running the second patch in the real-time simulated integrated security framework, analyzing to obtain second repair data, comparing the two repair data, determining that the patches with successful repair or large repair range run in the integrated security framework to repair the target loopholes, thereby realizing the provision of a specific patch repair scheme for each loophole, analyzing the level of the loopholes specifically, distributing the corresponding patch repair scheme according to the level, improving the processing efficiency and repair probability, enhancing the convenience, and avoiding invalid repair and improving the repair probability by detecting and analyzing the effectiveness of the patches in real time.
The application provides a vulnerability restoration method of a security management system, which aims to solve the technical problems in the prior art.
The following describes the technical scheme of the present application and how the technical scheme of the present application solves the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
The vulnerability restoration method of the security management system can be used in terminal equipment, wherein the terminal equipment comprises the security management system, the security management system comprises an integrated security framework, and the embodiment relates to a specific process of obtaining the vulnerability of the security management system by scanning the vulnerability of the integrated security framework in the terminal equipment and restoring the vulnerability.
Fig. 1 is a flowchart of a vulnerability restoration method of a security management system according to an embodiment of the present application, as shown in fig. 1, specifically including the following steps:
s101, acquiring a scanning task, and acquiring a target vulnerability in the integrated security framework according to the scanning task.
More specifically, the terminal device acquires a scanning task, scans an integrated security framework in the security management system according to a target instruction in the scanning task, and acquires a scanned target vulnerability.
Optionally, the scanning task is information called by related personnel according to an internal flow task configured by actual requirements before scanning, wherein the scanning task at least comprises the following items: scan initiation node, scan frequency, scan termination node, etc.
In one possible embodiment, according to a scan start node in the scan task, it is determined that the terminal device starts to create a corresponding scan task when reaching the designated start node, and according to a scan frequency in the scan task, vulnerabilities existing in the integrated security framework are periodically scanned, and according to a scan end node in the scan task, it is determined that the terminal device ends the scan task when reaching the designated end node.
Optionally, the integrated security framework is scanned according to threat objects, wherein the threat objects include at least one of: authentication and authorization problems, lack of security control, unsafe configuration, cross-site scripting attacks, SQL (database) injection attacks, etc.
S102, determining whether a first patch corresponding to the target vulnerability exists according to the vulnerability patch mapping relation, and repairing the target vulnerability according to the first patch when the first patch exists.
More specifically, determining the vulnerability characteristics of the target vulnerability according to the target vulnerability, and determining whether a first patch corresponding to the vulnerability characteristic mapping exists according to the vulnerability patch mapping relation. The vulnerability features are main features of the target vulnerability, which are different from other vulnerabilities and are of the target vulnerability, for example, asset objects, occurrence frequency, influence intensity and the like which are mainly influenced by the vulnerability.
Optionally, when the first patch is determined to exist according to the vulnerability patch mapping relation, the first patch is obtained from a patch library, and the first patch is operated in the integrated security framework to repair the target vulnerability. The patch library is used for generating each patch of the mapping relation for each vulnerability.
Optionally, in the process of repairing the target bug by the first patch, the standard repair time is configured, so that the first patch repairs the target bug within the standard repair time, and the situation that the repair cannot be terminated in time after a problem occurs in the repair process is prevented, and the system client is occupied, thereby influencing the repair efficiency of other bugs.
S103, analyzing the repair state of the target vulnerability according to the first patch to generate first repair data of the target vulnerability.
More specifically, the repair state of the target vulnerability is analyzed together according to the obtained first patch, the target vulnerability and the threat object scanned when the scanning task is executed, and first repair data of the target vulnerability is generated after the analysis is completed. The first repair data are related data of the target loopholes before and after repair of the first patch respectively.
In one possible embodiment, the relevant data of the target vulnerability before and after the first patch repair may include: the method comprises the steps of affecting value data of each asset object by a target vulnerability before repairing the target vulnerability, actual repairing time for repairing the target vulnerability, repairing operation state, number of repaired vulnerabilities obtained by scanning after standard repairing time, affecting range of the repaired vulnerabilities and strength of the repaired vulnerabilities.
S104, when the first patch fails to repair the target bug, determining a bug grade corresponding to the target bug according to the first repair data, determining a second patch according to the bug grade, and determining the target bug repaired by the target patch together with the first repair data.
More specifically, whether the first patch repairs the target bug is determined according to the first repair data, when the first patch fails to repair the target bug is determined, a bug level corresponding to the target bug is determined according to the first repair data, a second patch repairing the target bug is determined according to the bug level corresponding to the target bug, a final target patch is determined according to the second patch and the first repair data, and the target bug is repaired by using the target patch.
Optionally, determining whether the first patch completes the repair of the target vulnerability according to the actual repair time and the standard repair time for repairing the target vulnerability in the first repair data.
For example: determining that the first patch completes the repair of the target bug within the standard repair time according to the actual repair time for repairing the target bug, and determining that the first patch fails to repair the target bug according to the number of repaired bugs exceeding 0.
Optionally, when determining that the first patch fails to repair the target vulnerability according to the first repair data of the target vulnerability, calculating the security loss of the target vulnerability according to the first repair data and the scanning task, and determining the vulnerability level corresponding to the target vulnerability according to the security loss.
In a possible embodiment, when determining that the first patch fails to repair the target vulnerability according to the first repair data of the target vulnerability, obtaining appearance time and ending time of the target vulnerability by executing a scanning task, and obtaining value data of the target vulnerability on each asset object before repair and value data of the target vulnerability on each asset object after repair according to the first repair data, so as to obtain value data under influence on each asset object in the whole existing process from occurrence to ending of the target vulnerability. And calculating the security loss of the target vulnerability according to the occurrence time and the ending time of the target vulnerability, the influence on the value data of each asset object in the whole existing process from the occurrence to the ending of the target vulnerability and the value data of each asset object before the occurrence of the target vulnerability.
For example: according to the appearance time and the ending time of the target vulnerability, the value data of all the asset objects before the appearance of the target vulnerability and the value data under the influence of the target vulnerability on each asset object in the whole process from the appearance to the ending, the security loss S of each affected asset object when the target vulnerability appears is calculated as shown in the following formula:
S is loss generated to the affected asset objects when the target vulnerability appears, H is the influence percentage of the influence asset loss to all asset values in the whole process from the appearance to the end of the target vulnerability, and H is obtained according to the value data under the influence to all asset objects in the whole existing process from the appearance to the end of the target vulnerability. N is the benefits of all asset objects on the first two days of the target vulnerability, W is the benefits of all asset objects on the first day of the target vulnerability, and N and W are obtained from the value data of all asset objects before the target vulnerability. X a is the appearance time of the target vulnerability and X b is the ending time of the target vulnerability. The influence asset loss is the loss of value data generated by the part of asset objects influenced by the target vulnerability, the benefit is the value data generated by each asset object under the security protection of different time periods, and the security loss is the value data which can be generated by each asset object lost due to the existence of the target vulnerability.
Optionally, determining the vulnerability level corresponding to the target vulnerability according to the magnitude of the security loss value and/or the specific range of influence of the target vulnerability.
Optionally, the configuration level list comprises a plurality of vulnerability levels, relevant data corresponding to the target vulnerability is recorded under the vulnerability level in the level list according to the vulnerability level of the target vulnerability, and all relevant vulnerability data corresponding to each level in the level list are displayed on relevant personnel in real time.
For example: the vulnerability classes comprise a first class, a second class, a third class and the like, wherein the first class corresponds to all vulnerabilities which are urgently required to be repaired, the second class corresponds to all vulnerabilities which are repairable, and the third class corresponds to all vulnerabilities which are temporarily not repairable.
Optionally, determining whether to perform second repair on the target vulnerability according to the vulnerability level.
In one possible embodiment, the vulnerability level of the target vulnerability is determined according to the level list, and whether the second repair is performed on the target vulnerability is determined in real time according to the criticality indicated by the vulnerability level and the current actual situation.
In one possible embodiment, according to the vulnerabilities under each vulnerability level shown in the level list, all vulnerabilities under the vulnerability level to be repaired are selected according to the indication information of the vulnerability level.
In one possible embodiment, the corresponding vulnerability level is determined according to the level list without processing, and the vulnerability related data under the level is configured to be deleted periodically.
In a possible embodiment, vulnerabilities repaired by using the same patch are recorded under the same vulnerability level in the level list, and the patch for repairing can be rapidly determined for all vulnerabilities under the level, so that convenience in repairing the vulnerabilities is improved.
Optionally, when determining to perform the second repair, generating a second patch according to the target vulnerability, the first patch and the first repair data, simulating the target vulnerability in the integrated security framework in real time according to the second patch simulation repair, and analyzing the target vulnerability according to the second patch to generate second repair data of the target vulnerability. The second repair data is related data of the target vulnerability after repair of the second patch.
In a possible embodiment, when determining to perform the second repair, modifying or re-writing the content in the first patch according to the detailed data of the target vulnerability, the detailed data of the first patch and the related information of the repair failure of the first patch in the first repair data to obtain the second patch, operating the second patch in a real-time simulation integrated security framework, performing simulation repair on the target vulnerability in the real-time simulation integrated security framework, analyzing according to the second patch and the target vulnerability after the repair process is finished, generating second repair data of the target vulnerability, and determining that the second patch is successful in repairing the target vulnerability according to the real-time repair time of the second patch in the second repair data within the standard repair time and when determining that the number of repaired vulnerabilities is 0.
Optionally, repairing and comparing the second repairing data with the first repairing data to obtain a comparison result, determining a target patch according to the comparison result, and repairing the target vulnerability according to the target patch.
Optionally, comparing the repair condition of the second patch in the second repair data with the repair condition of the first patch in the first repair data to obtain a comparison result, where the comparison result at least includes one of the following: the first patch repair is successful and the second patch repair fails, or the first patch repair fails and the second patch repair is successful.
In one possible embodiment, when it is determined that the first patch repair fails and the second patch repair is successful, the second patch is taken as a target patch and the second patch is rerun in the integrated security framework to repair the target vulnerability.
In the vulnerability restoration method of the security management system provided by the embodiment of the application, the first patch mapped by the target vulnerability is determined, after the target vulnerability is restored by the first patch, the restoration condition of the first patch to the target vulnerability is analyzed, the first restoration data is obtained, when the first patch is determined to be not restored successfully, the security loss corresponding to the target vulnerability is calculated according to the first restoration data, and the vulnerability grade of the target vulnerability is determined according to the security loss value, so that the relevant data record of the target leak is displayed under the vulnerability grade corresponding to the grade list, and relevant personnel are triggered to restore again until restoration is successful, the restoration probability of the vulnerability is enhanced, and the processing mode of the relevant vulnerability is determined more intuitively and rapidly through the corresponding vulnerability grade, thereby improving the processing efficiency of the vulnerability.
Optionally, before determining whether the first patch corresponding to the vulnerability feature of the target vulnerability exists according to the vulnerability patch mapping relationship, establishing the vulnerability patch mapping relationship.
Optionally, acquiring detailed data of each vulnerability and repairing patches corresponding to each vulnerability, establishing a mapping relation between each vulnerability and the corresponding patch repairing each vulnerability to obtain a vulnerability patch mapping relation, and storing the patches mapped by each vulnerability to a patch library.
In a possible embodiment, determining target patches corresponding to the repaired vulnerabilities, and respectively and correspondingly updating the first patches in the patch library mapped by the original vulnerabilities by the target patches corresponding to the vulnerabilities to obtain the mapping between the vulnerabilities and the updated target patches, namely updating the mapping relation of the vulnerability patches in real time, so that the probability of directly repairing the vulnerabilities by the first patches is improved, and the vulnerability processing efficiency is further improved.
Optionally, fig. 2 is a flowchart of a vulnerability restoration method of a security management system according to an embodiment of the present application, as shown in fig. 2, specifically including the following steps:
S201, generating an analog integrated security framework according to the integrated security framework in the initial state.
More specifically, the same analog integrated security framework as the integrated security framework in the initial state is generated from the integrated security framework in the initial state, wherein the integrated security framework in the initial state is the integrated security framework before the execution of the scanning task is started.
S202, when the second repair is determined, a repair instruction is generated and output.
More specifically, when the second repair is determined according to the vulnerability level of the target vulnerability, a repairment instruction is generated and output, where the repairment instruction is used to trigger a second repair process of the target vulnerability.
S203, obtaining the updated real-time simulation integrated security framework according to the reparation instruction.
More specifically, the target vulnerability is operated in the simulation integrated security framework according to the reparation instruction, and the updated real-time simulation integrated security framework is obtained.
In one possible embodiment, the target vulnerability is operated in an analog integrated security framework to obtain an integrated security framework before the first patch is unrepaired, and then the first patch is operated in the integrated security framework in which the target vulnerability is operated to obtain a real-time analog integrated security framework identical to the integrated security framework in which the current first patch is unrepaired.
In the vulnerability restoration method of the security management system provided by the embodiment of the application, the target vulnerability and the first patch are operated into the simulation integrated security framework after the instruction of restoring is output by generating the simulation integrated security framework which is the same as the integrated security framework in the initial state, so that the real-time updating of the simulation integrated security framework is realized, the reliability and the accuracy of the restoration result of the second patch under the real-time simulation integrated security framework are enhanced, and the restoration probability is further improved.
Optionally, in step S104, when the number of repaired vulnerabilities is 0, it is determined that the first patch is successful in repairing the target vulnerability, at this time, it is determined that the first patch that is successful in repairing the target vulnerability is used as the target patch, and the target patch and the target vulnerability are recorded and displayed.
Optionally, analyzing according to the target patch and the target vulnerability to obtain first repair data of the target vulnerability, and calculating a vulnerability level of the target vulnerability according to the first repair data.
Optionally, when the target patch and the target vulnerability are recorded, recording the occurrence times of the target vulnerability, recording the occurrence time and the ending time of the target vulnerability, and adding all relevant record information of the target vulnerability to a level list corresponding to the affiliated vulnerability level. By recording the basic information of the target vulnerability, and storing the basic information under the corresponding level list according to the corresponding vulnerability level, the convenience of checking and managing related personnel is improved, and the vulnerability repairing efficiency is further improved.
Optionally, fig. 3 is a flowchart of a vulnerability repairing method of a security management system according to an embodiment of the present application, as shown in fig. 3, when determining, in step S102, that a patch corresponding to a vulnerability feature of a target vulnerability does not exist according to a vulnerability patch mapping relationship, the method specifically includes the following steps:
s301, analyzing the target loopholes to generate abnormal data of the target loopholes.
More specifically, the target vulnerability is analyzed, and abnormal data of the target vulnerability is generated, wherein the abnormal data is detailed data describing vulnerability characteristics of the target vulnerability.
S302, determining the vulnerability grade corresponding to the target vulnerability according to the abnormal data.
More specifically, the influence percentage of the influence asset loss on all asset values, the occurrence time and the end time of the target vulnerability and the value data of each asset object before the occurrence of the target vulnerability are obtained from the abnormal data of the target vulnerability, the first security loss of the target vulnerability is calculated, and the corresponding vulnerability grade is determined according to the specific value of the first security loss.
Optionally, a specific method for determining the vulnerability level corresponding to the target vulnerability according to the anomaly data is similar to that of determining the vulnerability level corresponding to the target vulnerability according to the first repair data in step S104, which is not described in detail in this embodiment.
S303, determining a target patch according to the vulnerability level, and repairing the target patch with the target vulnerability.
More specifically, determining whether the target leak needs to be repaired in time according to the leak level, generating a first patch according to detailed data of the target leak when the need of the repair is determined, operating the first patch in a real-time simulation integrated security frame in which the target leak is installed, and scanning whether the target leak is repaired in standard repair time in real time.
Optionally, if the repair is completed within the standard repair time and the scan determines that the target vulnerability number is 0, determining that the first patch is a target patch, and rerun the target patch in the integrated security framework, thereby repairing the target vulnerability.
Optionally, if the repair is not finished in the standard repair time, that is, the repair is overtime, or if the repair is finished in the standard repair time but the number of the target holes is more than 0 after scanning, generating first repair data according to the first patch and the target holes, generating second patches according to the first repair data, the first patch and the target holes, operating the second patches in a real-time simulation integrated security frame provided with the target holes and the first patches, so as to repair the target holes in the second patches, analyzing the second patches and the target holes to obtain second repair data, determining that the second patches are finished in the standard repair time according to the second repair data, and determining that the number of the target holes is 0 after scanning, determining that the second patches are target patches, and operating the target patches in the integrated security frame again, thereby repairing the target holes.
Optionally, when the second patch is operated in the real-time simulation integrated security frame with the target vulnerability and the first patch installed to repair the target vulnerability, the real-time simulation integrated security frame is scanned in real time to determine that the second patch is repaired within the standard repair time, and when the number of the target vulnerabilities is 0 or the target vulnerabilities are not found by scanning, the second patch is determined to be the target patch, and the target patch is rerun in the integrated security frame, so that the target vulnerability is repaired.
In the vulnerability restoration method of the security management system provided by the embodiment of the application, when the mapping patch of the target vulnerability does not exist in the vulnerability patch mapping relation, the vulnerability grade can still be determined by analyzing the target vulnerability, when the target vulnerability is determined to be restored at the moment according to the vulnerability grade, the patch is generated according to the target vulnerability, after the restoration is successfully tested in the real-time simulation integrated security framework, the patch is operated in the integrated security framework as the target patch, the probability of restoring the target vulnerability is enhanced, the vulnerability with higher vulnerability grade is avoided from being missed, and the security is enhanced.
Optionally, the security management system comprises an integrated security framework and is integrated in the terminal device.
Optionally, the vulnerability scanning and repairing are performed on the integrated security framework through a vulnerability repairing device of the security management system, wherein the integrated security framework is a framework in which each security maintenance tool is integrated and packaged.
Optionally, the integrated security framework generates and stores elements in a data table according to names corresponding to the asset objects in the terminal device, in a scanning process of the integrated security framework, for each scanned vulnerability, value influence on each asset object in the whole process after each vulnerability appears is detected, and related data of the value influence on each asset object is recorded under the name corresponding to each asset object in the data table. Wherein the assets are system resources and information resources of the computer.
In one possible embodiment, the integrated security framework generates a data table for each asset object in the terminal device, and classifies, stores and records the names of each asset object in three categories of fixed asset, mobile asset and other asset, so as to improve the convenience of detecting and recording the value influence of each asset object.
Optionally, in the process of scanning the integrated security framework, real-time detecting the status of the asset objects related to the system resources and the information resources of the computer, determining the value influence of each vulnerability on each asset object according to the status of each asset object in real time, and providing basis for the security loss and vulnerability level of subsequent calculation of the vulnerability, so that the vulnerability is repaired according to the influence degree and/or vulnerability level of the asset object, the influence on the asset object of the computer is fully resisted, and the security of the computer is further protected.
Optionally, the vulnerability restoration device of the security management system is installed in a computer terminal device where the security management system is located. After the computer terminal equipment is started, the vulnerability restoration device of the security management system is in a standby state, and when the vulnerability restoration device of the security management system determines that the scanning time and/or conditions are reached according to the scanning task, the vulnerability restoration device of the security management system is started to perform vulnerability scanning and restoration.
Optionally, as shown in fig. 4, the vulnerability restoration apparatus of the security management system includes an acquisition module 501, a processing module 502, and an analysis module 503. The acquisition module comprises a scanning unit 101, the processing module comprises a master control unit 201, a patch unit 202, a simulation unit 204 and a record display unit 203, and the analysis module comprises an auditing unit 301, a grading unit 302 and a determining unit 303.
Optionally, the scanning unit acquires a scanning task, scans and detects the integrated security framework according to the scanning task, when a bug is scanned, transmits detailed data of the bug to the master control unit, and sends the detailed data of the bug to the patch unit through the master control unit, so that the patch unit determines a first patch corresponding to the detailed data of the bug from the patch library according to the patch mapping relation, and feeds the first patch back to the master control unit, so that the master control unit operates the first patch in the integrated security framework to repair the corresponding bug.
Optionally, the general control unit transmits detailed data, a first patch, a scanning task and each scanned threat item of the vulnerability to the auditing unit, so that the auditing unit analyzes the vulnerability according to the data to generate first repair data, and feeds back the first repair data to the general control unit, when the first patch is determined to fail in repair according to the first repair data, the information of the failure in repair is fed back to the auditing unit, so that the auditing unit transmits the first repair data, the detailed data of the vulnerability and the first patch to the grading unit according to the information of the failure in repair of the first patch, calculates the vulnerability grade corresponding to the vulnerability according to the first repair data, transmits the vulnerability grade, the detailed data of the vulnerability and the first patch to the determining unit, so that the determining unit determines whether to repair the vulnerability according to the vulnerability grade, and generates a repair instruction and sends the repair instruction to the record display unit when determining to repair the vulnerability.
Optionally, the record display unit transmits the repairment instruction, the vulnerability and the first patch to the simulation unit, so that the simulation unit sequentially runs the vulnerability and the first patch in the simulation integrated security framework according to the repairment instruction, and the real-time simulation integrated security framework is obtained. The simulation unit comprises a simulation integrated type safety framework or a real-time simulation integrated type safety framework, and the simulation integrated type safety framework is generated according to the integrated type safety framework in an initial state.
Optionally, the scanning unit further sends the scanned vulnerability to the simulation unit, so that the simulation unit updates the simulation integrated security framework according to the vulnerability.
Optionally, the record presentation unit includes a level list, where a plurality of different vulnerability levels and detailed data corresponding to a plurality of vulnerabilities under each vulnerability level are stored.
In one possible embodiment, the record displaying unit stores the time and the number of times of the occurrence of the vulnerability, displays the patch, the vulnerability, the time and the number of times of the occurrence of the vulnerability output by the patch unit, and marks the target patch of the vulnerability with a green background.
Optionally, the patch unit transmits the detailed data of the vulnerability and the detailed data of the first patch to the record display unit. And generating a second patch according to the detailed data of the first patch by the reparation instruction, and recording and displaying the position related to the vulnerability under the corresponding vulnerability level of the level list.
In one possible embodiment, the determining unit generates a second patch according to the detailed data of the first patch and the vulnerability, and transmits the second patch to a position related to the vulnerability under the vulnerability level corresponding to the record display unit level list.
Optionally, the record display unit transmits the second patch to the patch unit, and transmits the second patch to the master control unit through the patch unit, so that the master control unit transmits the second patch and the vulnerability to the auditing unit for analysis, second repair data are obtained, and when the second patch is determined to successfully repair the vulnerability according to the second repair data, the master control unit operates the second patch in the integrated security framework to repair the vulnerability.
Optionally, the record display unit operates the second patch in the real-time simulation integrated security framework, acquires an operation result of the second patch through the master control unit, acquires the second patch when the operation is determined to be completed and the repair is successful, and operates the second patch in the integrated security framework to repair the corresponding vulnerability.
Optionally, the master control unit determines that the second patch is a target patch according to the success of repairing the second patch, outputs a control instruction, and transmits the control instruction to the record display unit through the patch unit, so that the record display unit updates the background color of the first patch corresponding to the vulnerability under the vulnerability level to a red background color mark according to the control instruction, and performs green background marking as the second patch of the target patch.
In one possible embodiment, the second patch in the record presentation unit may be edited and modified.
In a possible embodiment, the determining unit at least includes a terminal device of the relevant staff, obtains the vulnerability level of the target vulnerability through the terminal device of the relevant staff, inputs a reparation instruction in the terminal device according to the vulnerability level, and indicates the subsequent program through the reparation instruction. The record display unit at least comprises a computer display interface, the vulnerability grade of the target vulnerability, the detailed data of the target vulnerability and each patch and the repair result corresponding to each patch are displayed through the computer display interface, any patch is modified or a new patch is directly generated according to the displayed related information, and the modified patch or the new patch is used in the subsequent repair process.
The embodiment of the application provides a structural schematic diagram of a vulnerability restoration device of a security management system, as shown in fig. 5, where the structural schematic diagram of the device is shown in fig. 5, and the device 500 includes:
the acquisition module 501 is configured to acquire a scan task, and acquire a target vulnerability in the integrated security framework according to the scan task;
The processing module 502 is configured to determine, according to the target vulnerability, a vulnerability feature of the target vulnerability, and determine whether a first patch corresponding to the vulnerability feature exists according to a vulnerability patch mapping relationship; when the first patch exists, repairing the target vulnerability according to the first patch;
an analysis module 503, configured to analyze a repair state of the target vulnerability according to the first patch, and generate first repair data of the target vulnerability;
the analysis module 503 is further configured to determine, according to the first repair data, a vulnerability level corresponding to the target vulnerability when the first patch fails to repair the target vulnerability; and determining a second patch according to the vulnerability level, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability.
Optionally, the analysis module 503 is further configured to calculate a security loss of the target vulnerability according to the first repair data and the scan task when determining that the first patch fails to repair the target vulnerability according to the first repair data of the target vulnerability;
Determining a vulnerability grade corresponding to the target vulnerability according to the security loss; the first repair data are related data of the target loopholes before and after repair of the first patch respectively.
Optionally, the analysis module 503 is further configured to determine whether to perform the second repair on the target vulnerability according to the vulnerability level;
When the second repair is determined to be performed, generating a second patch according to the target vulnerability, the first patch and the first repair data;
Simulating and repairing the target loopholes in the integrated security framework in real time according to the second patches, and analyzing the target loopholes according to the second patches to generate second repair data of the target loopholes; the second repair data are related data of the target vulnerability after second repair;
and carrying out repair comparison on the second repair data and the first repair data to obtain a comparison result, determining a target patch according to the comparison result, and repairing a target vulnerability according to the target patch.
Optionally, the analysis module 503 is further configured to analyze the target vulnerability and generate abnormal data of the target vulnerability when determining that the patch corresponding to the vulnerability feature of the target vulnerability does not exist according to the vulnerability patch mapping relationship;
determining a vulnerability grade corresponding to the target vulnerability according to the abnormal data;
And determining a target patch according to the vulnerability grade, and repairing the target patch with the target vulnerability.
Optionally, the processing module 502 is further configured to generate an analog integrated security frame according to the integrated security frame in the initial state, where the integrated security frame in the initial state is the integrated security frame before the execution of the scanning task is started;
generating and outputting a reparation instruction when the second repair is determined to be performed;
And operating the target vulnerability in the simulation integrated type safety framework according to the reparation instruction to obtain the updated real-time simulation integrated type safety framework.
Optionally, the processing module 502 is further configured to determine, when determining that the first patch is successful in repairing the target vulnerability according to the first repair data of the target vulnerability, determine that the first patch that is successful in repairing the target vulnerability is the target patch;
and recording according to the target patch and the target vulnerability.
Optionally, the processing module 502 is further configured to establish a vulnerability patch mapping relationship;
The method specifically comprises the following steps:
acquiring detailed data of each vulnerability and repairing patches corresponding to each vulnerability, and establishing a mapping relation between each vulnerability and the corresponding patch repairing each vulnerability to obtain a vulnerability patch mapping relation;
The patches mapped by all the vulnerabilities are stored in a patch library;
correspondingly, determining target patches corresponding to the loopholes to be repaired;
Updating patches mapped by corresponding vulnerabilities in a patch library according to the target patches respectively; and obtaining the mapping between the loopholes and the corresponding target patches, and updating the mapping relation of the loopholes patches.
As shown in fig. 6, an embodiment of the present application provides an electronic device 600, the electronic device 600 comprising a memory 601 and a processor 602.
Wherein the memory 601 is for storing computer instructions executable by the processor;
the processor 602, when executing computer instructions, implements the steps of the methods of the embodiments described above. Reference may be made in particular to the relevant description of the embodiments of the method described above.
Alternatively, the memory 601 may be separate or integrated with the processor 602. When the memory 601 is provided separately, the electronic device further comprises a bus for connecting the memory 601 and the processor 602.
The embodiment of the application also provides a computer readable storage medium, wherein computer instructions are stored in the computer readable storage medium, and when the processor executes the computer instructions, the steps of the method in the embodiment are realized.
Embodiments of the present application also provide a computer program product comprising computer instructions which, when executed by a processor, implement the steps of the method of the above embodiments.
The terminal device may be a wireless terminal or a wired terminal. A wireless terminal may be a device that provides voice and/or other traffic data connectivity to a user, a handheld device with wireless connectivity, or other processing device connected to a wireless modem. The wireless terminal may communicate with one or more core network devices via a radio access network (Radio Access Network, RAN for short), which may be mobile terminals such as mobile phones (or "cellular" phones) and computers with mobile terminals, for example, portable, pocket, hand-held, computer-built-in or vehicle-mounted mobile devices that exchange voice and/or data with the radio access network. For another example, the wireless terminal may be a Personal communication service (Personal Communication Service, PCS) phone, a cordless phone, a session initiation protocol (Session Initiation Protocol, SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA) or the like. A wireless Terminal may also be referred to as a system, subscriber Unit (Subscriber Unit), subscriber Station (Subscriber Station), mobile Station (Mobile Station), remote Terminal (Remote Terminal), access Terminal (ACCESS TERMINAL), user Terminal (User Terminal), user Agent (User Agent), user equipment (User Device or User Equipment), without limitation.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (8)
1. A method for bug fixes in a security management system, the security management system comprising an integrated security framework, the method comprising:
acquiring a scanning task, and acquiring a target vulnerability in the integrated security framework according to the scanning task;
Determining the vulnerability characteristics of the target vulnerability according to the target vulnerability, and determining whether a first patch corresponding to the vulnerability characteristics exists according to a vulnerability patch mapping relation; when the first patch exists, repairing the target vulnerability according to the first patch;
analyzing the repair state of the target vulnerability according to the first patch to generate first repair data of the target vulnerability;
When the first patch fails to repair the target vulnerability, determining a vulnerability grade corresponding to the target vulnerability according to the first repair data; determining a second patch according to the vulnerability grade, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability;
When the first patch fails to repair the target vulnerability, determining a vulnerability level corresponding to the target vulnerability according to the first repair data specifically includes:
When the first patch fails to repair the target vulnerability according to the first repair data of the target vulnerability, calculating the security loss of the target vulnerability according to the first repair data and a scanning task;
Determining a vulnerability grade corresponding to the target vulnerability according to the security loss; the first repair data are related data of the target vulnerability before and after repair of the first patch respectively;
determining a second patch according to the vulnerability level, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability, wherein the method specifically comprises the following steps:
determining whether to carry out second repair on the target vulnerability according to the vulnerability grade;
When the second repair is determined, generating a second patch according to the target vulnerability, the first patch and the first repair data;
Simulating and repairing a target vulnerability in the real-time simulation integrated security framework according to the second patch, and analyzing the target vulnerability according to the second patch to generate second repair data of the target vulnerability; the second repair data are related data of the target vulnerability after second repair;
And carrying out repair comparison on the second repair data and the first repair data to obtain a comparison result, determining a target patch according to the comparison result, and repairing the target vulnerability according to the target patch.
2. The method according to claim 1, characterized in that it comprises:
When determining that a patch corresponding to the vulnerability characteristics of the target vulnerability does not exist according to the vulnerability patch mapping relationship, analyzing the target vulnerability to generate abnormal data of the target vulnerability;
Determining a vulnerability grade corresponding to the target vulnerability according to the abnormal data;
and determining a target patch according to the vulnerability grade, and repairing the target patch to the target vulnerability.
3. The method according to claim 1 or 2, comprising:
generating an analog integrated security framework according to the integrated security framework in the initial state, wherein the integrated security framework in the initial state is the integrated security framework before the execution of the scanning task is started;
generating and outputting a reparation instruction when the second repair is determined to be performed;
and operating the target vulnerability in the simulation integrated type safety framework according to the reparation instruction to obtain an updated real-time simulation integrated type safety framework.
4. The method according to claim 1, characterized in that it comprises:
When the first patch is determined to successfully repair the target vulnerability according to the first repair data of the target vulnerability, determining the first patch which successfully repair the target vulnerability as a target patch;
And recording according to the target patch and the target vulnerability.
5. The method of claim 1, wherein the vulnerability patch mapping relationship is established before determining whether the first patch corresponding to the vulnerability feature exists according to the vulnerability patch mapping relationship;
The method specifically comprises the following steps:
acquiring detailed data of each vulnerability and repairing patches corresponding to each vulnerability, and establishing a mapping relation between each vulnerability and the corresponding patch repairing each vulnerability to obtain a vulnerability patch mapping relation;
The patches mapped by all the vulnerabilities are stored in a patch library;
correspondingly, determining target patches corresponding to the loopholes to be repaired;
Updating patches mapped by corresponding vulnerabilities in a patch library according to the target patches respectively; and obtaining the mapping between the loopholes and the corresponding target patches, and updating the mapping relation of the loopholes patches.
6. A vulnerability restoration apparatus of a security management system, the security management system comprising an integrated security framework, the apparatus comprising:
The acquisition module acquires a scanning task and acquires a target vulnerability in the integrated security framework according to the scanning task;
The processing module is used for determining the vulnerability characteristics of the target vulnerability according to the target vulnerability and determining whether a first patch corresponding to the vulnerability characteristics exists or not according to the vulnerability patch mapping relation; when the first patch exists, repairing the target vulnerability according to the first patch;
the analysis module is used for analyzing the repair state of the target vulnerability according to the first patch and generating first repair data of the target vulnerability;
The analysis module is further configured to determine, according to the first repair data, a vulnerability level corresponding to the target vulnerability when the first patch fails to repair the target vulnerability; determining a second patch according to the vulnerability grade, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability;
When the first patch fails to repair the target vulnerability, determining a vulnerability level corresponding to the target vulnerability according to the first repair data specifically includes:
When the first patch fails to repair the target vulnerability according to the first repair data of the target vulnerability, calculating the security loss of the target vulnerability according to the first repair data and a scanning task;
Determining a vulnerability grade corresponding to the target vulnerability according to the security loss; the first repair data are related data of the target vulnerability before and after repair of the first patch respectively;
determining a second patch according to the vulnerability level, determining a target patch according to the second patch and the first repair data, and repairing the target patch with the target vulnerability, wherein the method specifically comprises the following steps:
determining whether to carry out second repair on the target vulnerability according to the vulnerability grade;
When the second repair is determined, generating a second patch according to the target vulnerability, the first patch and the first repair data;
Simulating and repairing a target vulnerability in the real-time simulation integrated security framework according to the second patch, and analyzing the target vulnerability according to the second patch to generate second repair data of the target vulnerability; the second repair data are related data of the target vulnerability after second repair;
And carrying out repair comparison on the second repair data and the first repair data to obtain a comparison result, determining a target patch according to the comparison result, and repairing the target vulnerability according to the target patch.
7. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
The processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1 to 5.
8. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410312249.XA CN118133291B (en) | 2024-03-19 | 2024-03-19 | Vulnerability restoration method and device of security management system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410312249.XA CN118133291B (en) | 2024-03-19 | 2024-03-19 | Vulnerability restoration method and device of security management system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118133291A CN118133291A (en) | 2024-06-04 |
| CN118133291B true CN118133291B (en) | 2024-09-10 |
Family
ID=91231278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410312249.XA Active CN118133291B (en) | 2024-03-19 | 2024-03-19 | Vulnerability restoration method and device of security management system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118133291B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114662120A (en) * | 2022-03-23 | 2022-06-24 | 京东科技信息技术有限公司 | Patch management method and device |
| CN117056940A (en) * | 2023-10-12 | 2023-11-14 | 中关村科学城城市大脑股份有限公司 | Method, device, electronic equipment and medium for repairing loopholes of server system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110460571B (en) * | 2019-07-05 | 2022-11-04 | 深圳壹账通智能科技有限公司 | Business system vulnerability processing method and device, computer equipment and storage medium |
-
2024
- 2024-03-19 CN CN202410312249.XA patent/CN118133291B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114662120A (en) * | 2022-03-23 | 2022-06-24 | 京东科技信息技术有限公司 | Patch management method and device |
| CN117056940A (en) * | 2023-10-12 | 2023-11-14 | 中关村科学城城市大脑股份有限公司 | Method, device, electronic equipment and medium for repairing loopholes of server system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118133291A (en) | 2024-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220121739A1 (en) | Risk evaluation and countermeasure planning system, and risk evaluation and countermeasure planning method | |
| CN104077531B (en) | System vulnerability appraisal procedure, device and system based on open vulnerability assessment language | |
| CN113011632B (en) | Enterprise risk assessment method, device, equipment and computer readable storage medium | |
| CN112650520B (en) | Ammeter upgrading method and system, intelligent ammeter and storage medium | |
| CN107395593A (en) | A kind of leak automation means of defence, fire wall and storage medium | |
| CN101901323B (en) | System filtration method for monitoring loading activity of program module | |
| CN109684863B (en) | Data leakage prevention method, device, equipment and storage medium | |
| CN110955897A (en) | Software research and development safety control visualization method and system based on big data | |
| CN109413047B (en) | Behavior simulation judgment method, behavior simulation judgment system, server and storage medium | |
| CN104022879A (en) | Voice security verification method and apparatus | |
| CN107870859A (en) | High-volume contrast test method and system | |
| CN107133056A (en) | The method and apparatus of smart machine upgrading restoring subregion | |
| CN104038488A (en) | System network safety protection method and device | |
| CN111756842A (en) | Method and device for detecting vulnerability of Internet of vehicles and computer equipment | |
| CN118133291B (en) | Vulnerability restoration method and device of security management system and electronic equipment | |
| CN112422527A (en) | Safety protection system, method and device of transformer substation electric power monitoring system | |
| CN104021324A (en) | Method and device for writing safety verification | |
| CN111796857B (en) | Hot patch release method, device, equipment and storage medium | |
| CN112286733B (en) | Method, device and equipment for determining backup data recovery time and storage medium | |
| CN116561755A (en) | Vulnerability detection method and device of cloud API, computer equipment and storage medium | |
| CN110602210A (en) | Method, system, client and medium for cost accounting management electronic seal | |
| Jung et al. | Practical experience gained from modeling security goals: using SGITs in an industrial project | |
| CN117240554B (en) | Security event management method and electronic equipment | |
| CN107133528A (en) | The level of confidentiality protection implementation method and device of a kind of database purchase | |
| CN114860549B (en) | Buried data verification method, buried data verification device, buried data verification equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |