Host risk evaluation method and device

A risk assessment and host technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of inability to deeply explore host vulnerabilities, lack of host topology and attack paths, and achieve perfect host risk assessment and ideal results

Inactive Publication Date: 2011-08-31
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF4 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The existing host risk assessment methods only analyze and extract some characteristics of the host itself, without starting from the perspective of host topology and attack paths, so the potential vulnerabilities of the host cannot be deeply explored.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Host risk evaluation method and device
  • Host risk evaluation method and device
  • Host risk evaluation method and device

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0044] In the first embodiment of the present invention, a host risk assessment method, such as figure 1 shown, including the following specific steps:

[0045] Step S101 , the host obtains its own system software configuration information through local scanning, and the system software configuration information includes software name, version, patch and so on.

[0046] Comparing the system software configuration information with the vulnerability software database file, the local vulnerability software and remote vulnerability software existing in the host itself are obtained. Wherein, each remote vulnerability software corresponds to a fixed port on the host.

[0047] Preferably, while obtaining the vulnerable software existing in the host computer, the state of the vulnerable software, including whether it is running and has self-starting characteristics, is further determined by detecting the system process name list, service list and registry.

[0048] Step S102 , each ...

no. 3 example

[0063] In the third embodiment of the present invention, a host risk assessment device, such as image 3 As shown, it includes the following components:

[0064] 1) The detection module is deployed in each host in the network, and is used to detect vulnerability information and network connectivity information of all hosts in the network. The detection module specifically includes: a vulnerability detection module and a network connectivity detection module, wherein,

[0065] The vulnerability detection module is used to check the vulnerability information of all hosts in the network. Vulnerability information includes local vulnerable software and remote vulnerable software. Specifically, the system software configuration information of the host is obtained by scanning, and the system software configuration information is compared with the vulnerable software database file to obtain all vulnerable software existing on the host, and each remote vulnerable software correspond...

no. 4 example

[0083] In the fourth embodiment of the present invention, the following introduces an example of a risk assessment process from the perspective of a device in combination with the above method:

[0084] 1. Control host

[0085] A control host is set independently of all hosts to be assessed for risk in the network, and the control host is mainly responsible for controlling the vulnerability detection module and the network connectivity detection module deployed in each host. The control host includes an adjacent host attack relationship generation module, an attack path generation module and a risk assessment module. The working steps of the control host are as follows:

[0086] Step S1: Send a command. Notify each host to perform its own vulnerability detection and network connectivity detection, and wait for the information to be sent back.

[0087] Step S2: All the information is sent back, and each host is notified that the receiving is completed.

[0088] Step S3: Sub...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a host risk evaluation method and a host risk evaluation device. The method comprises the following steps of: detecting the bug information and network connectivity information of all hosts in a network; determining an attack path in the network according to the bug information and the network connectivity information; and determining the total risk of any target host based on the bug information and the attack path. In the method and the device, the thought of actively and dynamically evaluating potential bugs and risks by the attack path is put forward for the first time, so that host risk evaluation is more perfect, and effects are more ideal. Own bugs of the host and threats from the attack path in the network are combined, so the potential risks of the host can be explored more deeply.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a host computer risk assessment method and device. Background technique [0002] In recent years, computer network attacks are increasing day by day, and people are facing more and more serious security threats from computer network systems. Security issues have become the main issues affecting Internet development and commercial applications. The most important and fundamental cause of network security problems is that computer systems have security loopholes and risks that can be penetrated and exploited. At present, the methods of host risk assessment can be divided into three categories according to the assessment object: asset assessment, vulnerability assessment and threat assessment. Among them, asset assessment is based on the input of asset security attributes, according to the asset assessment model, to obtain the security value of the asset, which is...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 卿昱张小松杨鹏郑炯陈厅
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap