Multi-source heterogeneous vulnerability information duplicate removal and grading methods and apparatuses

Abstract

Embodiments of the invention disclose multi-source heterogeneous vulnerability information duplicate removal and grading methods and apparatuses. In the vulnerability information duplicate removal process, firstly weight values of extracted feature words in whole vulnerability information contents are calculated; secondly according to calculated weight value results, the feature words with the weight values sorted in front are selected as effective feature words of vulnerability information; and finally the vulnerability information which the effective feature words can be matched with is classified and grouped to realize vulnerability information duplicate removal. According to the duplicate removal method provided by the invention, vector space dimension calculation is not required, so that the calculation complexity can be lowered; and moreover, the feature words with the weight values sorted in front are screened out to serve as the effective feature words, and a few interference feature words are removed, so that the accuracy of a correlation judgment result can be improved. Likewise, in the information grading process, firstly the feature words of the vulnerability information are extracted; secondly the extracted feature words are subjected to expression analysis of emotional semantics; and through the analysis, the risk levels of the vulnerability information can be obtained.

Description

technical field [0001] The invention relates to the field of computer network information security, in particular to a method for deduplication of multi-source heterogeneous vulnerability information, a classification method and a device. Background technique [0002] With the continuous development of social informatization, network security vulnerabilities are also increasing. Correspondingly, a variety of organizations that release vulnerability intelligence information have emerged, such as authoritative vulnerability databases such as NVD and CNNVD, and professional security manufacturers such as SecurityFocus. For the vulnerability management system, it is necessary to determine the repeatability and relevance of the vulnerability information obtained from the above-mentioned multiple information sources, and finally form unique and effective vulnerability information. [0003] For multi-source heterogeneous vulnerability deduplication, distance calculation based on V...

AI Technical Summary

Problems solved by technology

[0004] Using the above calculation method, because the total number of feature words is equal to the dimension of the vector space, when the number of feature words contained in the vulnerability information is large, the more dimensions formed by the vector space, the longer the corresponding calculation time; in addition, due to the vulnerability The description accuracy of the feature words contained in the intelligence is not consistent. Therefore, when the vulnerability intelligence contains too many feature words, the reliability of the results obtained by the above calculation method will also decrease.

Images