Vulnerability Automatic Classification Method Supporting Vulnerability Correlation Mining

Abstract

The invention relates to a vulnerability automatic classification method supporting vulnerability correlation mining, which belongs to the technical field of information security. The specific operation is as follows: Step 1: Build a vulnerability database and collect vulnerability records. Step 2. Determine the privilege set category. Step 3, train the classifier. Step four, test data. Compared with the existing methods, the vulnerability automatic classification method proposed by the present invention, which supports vulnerability correlation mining, has the following advantages: ① the vulnerability classification result is suitable for vulnerability correlation mining; Obvious; ③ Realize automatic classification of vulnerabilities, improve classification efficiency, and save labor costs.

Description

Technical field [0001] The invention relates to a method for automatically classifying vulnerabilities supporting vulnerabilities association mining, and belongs to the technical field of information security. Background technique [0002] Network security vulnerability refers to the existence of certain security vulnerabilities in the computer system that may be exploited by malicious subjects (attackers or attack programs), which may cause unauthorized access to system resources or cause other damage to the system. In recent years, mature vulnerability scanning technology and CVE (Common Vulnerabilities & Exposures) standards and Common Vulnerability Scoring System (CVSS) vulnerability rating methods have gradually developed, which can detect and discover vulnerabilities in the network, But it is impossible to analyze the correlation and mutual utilization of the vulnerabilities. The attack method in cyber risk is often through the related vulnerabilities, cut from one vulnera...

AI Technical Summary

Problems solved by technology

[0004] The current vulnerability classification mainly includes the Unix operating system classification method proposed by Aslam of Purdue University’s COAST Laboratory, which is divided into operational failure, environmental failure and coding failure. However, due to the lack of specific quantitative indicators, it is impossible to evaluate the harm level of vulnerabilities; The software vulnerability classification method proposed by Wang Lidong of Harbin Institute of Technology describes the impact of vulnerabilities on security such as confidentiality, integrity, and availability. The generalized classification method proposed by Knight et al. There are four types of vulnerabilities. Due to a certain degree of conceptual ambiguity, there is no mutual exclusion between classes

[0005] The above classification methods all analyze the vulnerability as a single defect. Zhang Yongzheng emphasized the correlation between the vulnerabilities, and proposed that the premise of judging the relevance of the vulnerability is that the vulnerability can be accurately determined according to the "premise privilege set" and "result privilege set". Classification, implements a novel multi-dimensional quantitative attribute vulnerability classification method that supports correlation mining, but does not clearly point out the specific characteristics of each category, and cannot be automatically classified

Images