KR101881271B1 - 취약점 정보를 수집하는 장치 및 그 방법 - Google Patents
취약점 정보를 수집하는 장치 및 그 방법 Download PDFInfo
- Publication number
- KR101881271B1 KR101881271B1 KR1020170152291A KR20170152291A KR101881271B1 KR 101881271 B1 KR101881271 B1 KR 101881271B1 KR 1020170152291 A KR1020170152291 A KR 1020170152291A KR 20170152291 A KR20170152291 A KR 20170152291A KR 101881271 B1 KR101881271 B1 KR 101881271B1
- Authority
- KR
- South Korea
- Prior art keywords
- vulnerability
- vulnerability data
- unstructured
- structured
- data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/31—Indexing; Data structures therefor; Storage structures
- G06F16/316—Indexing structures
- G06F16/322—Trees
-
- G06F17/30312—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/14—Tree-structured documents
- G06F40/143—Markup, e.g. Standard Generalized Markup Language [SGML] or Document Type Definition [DTD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
- G06F40/216—Parsing using statistical methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
- G06F40/221—Parsing markup language streams
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/30—Semantic analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/42—Syntactic analysis
- G06F8/427—Parsing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Abstract
본 발명은 컴퓨터 시스템의 취약점 정보를 수집하는 장치 및 그 방법이 제공 된다. 본 발명의 일 실시예에 따른 취약점 정보 수집 방법은, 취약점 데이터베이스로부터 미리 정해진 포맷으로 구성된 정형 취약점 데이터를 포함하는 취약점 파일을 다운로드하는 단계, 상기 취약점 파일에 대해 상기 미리 정해진 포맷에 기초하여 파일 파싱을 수행함으로써 상기 정형 취약점 데이터를 분류하는 단계, 웹 페이지의 소스 코드에 대한 소스 코드 파싱을 수행함으로써 상기 소스 코드에 포함된 비정형 취약점 데이터를 분류하고, 상기 분류의 결과에 기초하여 상기 비정형 취약점 데이터를 정형화하는 단계 및 상기 정형 취약점 데이터 및 상기 정형화된 비정형 취약점 데이터를 상기 분류의 결과에 기초하여 취약점 테이블의 필드에 저장하는 단계를 포함 포함한다.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020170152291A KR101881271B1 (ko) | 2017-11-15 | 2017-11-15 | 취약점 정보를 수집하는 장치 및 그 방법 |
US15/876,514 US20190147167A1 (en) | 2017-11-15 | 2018-01-22 | Apparatus for collecting vulnerability information and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020170152291A KR101881271B1 (ko) | 2017-11-15 | 2017-11-15 | 취약점 정보를 수집하는 장치 및 그 방법 |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101881271B1 true KR101881271B1 (ko) | 2018-07-25 |
Family
ID=63058753
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020170152291A KR101881271B1 (ko) | 2017-11-15 | 2017-11-15 | 취약점 정보를 수집하는 장치 및 그 방법 |
Country Status (2)
Country | Link |
---|---|
US (1) | US20190147167A1 (ko) |
KR (1) | KR101881271B1 (ko) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021085983A1 (ko) * | 2019-10-28 | 2021-05-06 | 삼성전자 주식회사 | 소스 코드에서 취약성을 탐지하기 위한 방법, 디바이스, 및 컴퓨터 판독가능 매체 |
KR102403014B1 (ko) * | 2021-11-10 | 2022-05-30 | 인트인 주식회사 | 클라우드 컨테이너 이미지의 위·변조 방지 및 취약점 진단 동시 체크 방법 |
KR102526302B1 (ko) * | 2021-11-16 | 2023-04-26 | 연세대학교 산학협력단 | 소프트웨어 테스팅 방법 및 소프트 테스팅을 위한 취약점 분류 모델 생성 방법 |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10984109B2 (en) * | 2018-01-30 | 2021-04-20 | Cisco Technology, Inc. | Application component auditor |
US11531762B2 (en) | 2018-08-10 | 2022-12-20 | Jpmorgan Chase Bank, N.A. | Method and apparatus for management of vulnerability disclosures |
US11308219B2 (en) * | 2019-07-19 | 2022-04-19 | F5, Inc. | System and method for multi-source vulnerability management |
US11729197B2 (en) | 2019-11-19 | 2023-08-15 | T-Mobile Usa, Inc. | Adaptive vulnerability management based on diverse vulnerability information |
WO2021160822A1 (en) | 2020-02-14 | 2021-08-19 | Debricked Ab | A method for linking a cve with at least one synthetic cpe |
SE2050302A1 (en) * | 2020-03-19 | 2021-09-20 | Debricked Ab | A method for linking a cve with at least one synthetic cpe |
US11934531B2 (en) | 2021-02-25 | 2024-03-19 | Bank Of America Corporation | System and method for automatically identifying software vulnerabilities using named entity recognition |
US11868482B2 (en) * | 2021-09-22 | 2024-01-09 | Gitlab Inc. | Vulnerability tracing using scope and offset |
CN114817929B (zh) * | 2022-04-19 | 2022-11-22 | 北京天防安全科技有限公司 | 物联网漏洞动态追踪和处理方法、装置、电子设备及介质 |
CN114928502B (zh) * | 2022-07-19 | 2022-10-21 | 杭州安恒信息技术股份有限公司 | 一种针对0day漏洞的信息处理方法、装置、设备及介质 |
CN115828270B (zh) * | 2023-02-20 | 2023-06-09 | 南京治煜信息科技有限公司 | 一种基于nlp的漏洞验证构建系统与构建方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140337974A1 (en) * | 2013-04-15 | 2014-11-13 | Anupam Joshi | System and method for semantic integration of heterogeneous data sources for context aware intrusion detection |
US20160065599A1 (en) * | 2014-08-29 | 2016-03-03 | Accenture Global Services Limited | Unstructured security threat information analysis |
US9411965B2 (en) * | 2011-09-16 | 2016-08-09 | Rapid7 LLC | Methods and systems for improved risk scoring of vulnerabilities |
KR101751388B1 (ko) * | 2016-07-05 | 2017-06-27 | (주)엔키소프트 | 오픈소스 취약점 분석 대상 검색 및 수집을 위한 빅데이터 분석 기반 웹 크롤링 시스템 및 그 방법 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9871815B2 (en) * | 2015-12-14 | 2018-01-16 | Joseph Nabil Ouchn | Method and system for automated computer vulnerability tracking |
US20190102564A1 (en) * | 2017-10-02 | 2019-04-04 | Board Of Trustees Of The University Of Arkansas | Automated Security Patch and Vulnerability Remediation Tool for Electric Utilities |
-
2017
- 2017-11-15 KR KR1020170152291A patent/KR101881271B1/ko active IP Right Grant
-
2018
- 2018-01-22 US US15/876,514 patent/US20190147167A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9411965B2 (en) * | 2011-09-16 | 2016-08-09 | Rapid7 LLC | Methods and systems for improved risk scoring of vulnerabilities |
US20140337974A1 (en) * | 2013-04-15 | 2014-11-13 | Anupam Joshi | System and method for semantic integration of heterogeneous data sources for context aware intrusion detection |
US20160065599A1 (en) * | 2014-08-29 | 2016-03-03 | Accenture Global Services Limited | Unstructured security threat information analysis |
KR101751388B1 (ko) * | 2016-07-05 | 2017-06-27 | (주)엔키소프트 | 오픈소스 취약점 분석 대상 검색 및 수집을 위한 빅데이터 분석 기반 웹 크롤링 시스템 및 그 방법 |
Non-Patent Citations (1)
Title |
---|
2016년도 한국인터넷정보학회 추계학술발표대회 논문집 제17권2호 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021085983A1 (ko) * | 2019-10-28 | 2021-05-06 | 삼성전자 주식회사 | 소스 코드에서 취약성을 탐지하기 위한 방법, 디바이스, 및 컴퓨터 판독가능 매체 |
KR102403014B1 (ko) * | 2021-11-10 | 2022-05-30 | 인트인 주식회사 | 클라우드 컨테이너 이미지의 위·변조 방지 및 취약점 진단 동시 체크 방법 |
KR102526302B1 (ko) * | 2021-11-16 | 2023-04-26 | 연세대학교 산학협력단 | 소프트웨어 테스팅 방법 및 소프트 테스팅을 위한 취약점 분류 모델 생성 방법 |
Also Published As
Publication number | Publication date |
---|---|
US20190147167A1 (en) | 2019-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101881271B1 (ko) | 취약점 정보를 수집하는 장치 및 그 방법 | |
GB2563175A (en) | Systems, methods, and computer readable media for extracting data from portable document format(PDF) files | |
CL2019002635A1 (es) | Ofuscación del contenido de usuario en archivos de datos estructurados de usuario. | |
WO2018148619A3 (en) | Automated accessibility testing | |
EP3021239A3 (en) | Display apparatus and method for summarizing of document | |
GB2553234A (en) | Developer voice actions system | |
MX2015002065A (es) | Sistema y metodo de comunicacion entre la nube y un telefono inteligente. | |
MX2015009172A (es) | Sistemas y metodos para identificar y reportar vulnerabilidades de aplicaciones y archivos. | |
WO2012125448A3 (en) | Systems and methods for message collection | |
MY185366A (en) | Audio information processing method and device | |
IN2013CH04267A (ko) | ||
AU2022202023B2 (en) | Method and system for segmentation as a service | |
GB2550533A (en) | Systems and methods for electronic document review | |
IN2013CH06086A (ko) | ||
WO2012128553A3 (ko) | 학습교육 서비스 제공 방법과 장치 | |
MY191557A (en) | Management server and management method employing same | |
MY194297A (en) | A method and device for providing search engine label | |
SG11201909119YA (en) | Search method and apparatus and non-temporary computer-readable storage medium | |
AU2016204194A1 (en) | A system, method and computer program for preparing data for analysis | |
TW201614519A (en) | Apparatus and application server for providing a service to a user | |
IN2013CH01239A (ko) | ||
GB2568013A (en) | Method and system for optimizing voice recognition and information searching based on talkgroup activities | |
van den Berg et al. | Aging: health at advanced ages | |
CN107517237B (zh) | 一种视频识别方法和装置 | |
CL2017002629A1 (es) | Método y aparato para proveer una interfaz de usuario |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |