Unlock instant, AI-driven research and patent intelligence for your innovation.

Vulnerability checking method and system based on asset scene attributes

An asset and vulnerability technology, applied in transmission systems, platform integrity maintenance, instruments, etc., can solve the problems of low scanning time efficiency and high vulnerability false positive rate, and achieve the goal of overcoming low scanning time efficiency and high vulnerability false positive rate. Effect

Pending Publication Date: 2021-01-22
GLOBAL ENERGY INTERCONNECTION RES INST CO LTD +1
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Therefore, a method and system for troubleshooting vulnerabilities based on asset scene attributes provided by the present invention overcomes the defects of low scanning time efficiency and high vulnerability false positive rate in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability checking method and system based on asset scene attributes
  • Vulnerability checking method and system based on asset scene attributes
  • Vulnerability checking method and system based on asset scene attributes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] An embodiment of the present invention provides a method for troubleshooting vulnerabilities based on asset scene attributes, such as figure 1 shown, including the following steps:

[0039] Step S1: Obtain an asset target to be scanned.

[0040] In the embodiment of the present invention, the information of the asset target can be obtained by scanning the IP address of the asset device. This is only an example and not limited thereto. In practical applications, the information of the corresponding asset target can be obtained according to actual needs.

[0041]Step S2: Screen out the surviving asset targets by comparing the asset table with the asset targets to be scanned.

[0042] In the embodiment of the present invention, the fingerprint information of each asset device is included in the asset table, and the fingerprint information includes: asset IP, operating system type, network equipment manufacturer information, database information, application software versi...

Embodiment 2

[0058] The embodiment of the present invention provides a vulnerability checking system based on asset scene attributes, such as image 3 shown, including:

[0059] The target acquisition module 1 is used to acquire the asset target to be scanned; this module executes the method described in step S1 in Embodiment 1, which will not be repeated here.

[0060] The asset identification module 2 is used to filter out the surviving asset objects through the comparison result between the asset table and the asset objects to be scanned; this module executes the method described in step S2 in Embodiment 1, which will not be repeated here.

[0061] The asset table parsing module 3 is used to extract the basic asset information of the surviving asset objects in the asset table; this module executes the method described in step S3 in Embodiment 1, which will not be repeated here.

[0062] The vulnerability library and vulnerability matching strategy module 4 is used to load the correspon...

Embodiment 3

[0066] An embodiment of the present invention provides a terminal, such as Figure 4 As shown, it includes: at least one processor 401 , such as a CPU (Central Processing Unit, central processing unit), at least one communication interface 403 , memory 404 , and at least one communication bus 402 . Wherein, the communication bus 402 is used to realize connection and communication between these components. Wherein, the communication interface 403 may include a display screen (Display) and a keyboard (Keyboard), and the optional communication interface 403 may also include a standard wired interface and a wireless interface. The memory 404 may be a high-speed RAM memory (Random Access Memory, volatile random access memory), or a non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 404 may also be at least one storage device located away from the aforementioned processor 401 . Wherein, the processor 401 may execute the vulnerabilit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a vulnerability checking method and system based on asset scene attributes. The method comprises the steps of obtaining a to-be-scanned asset target; screening out survival asset targets through a comparison result of the asset table and the asset targets to be scanned; extracting asset basic information of a survival asset target in the asset table; loading a correspondingvulnerability library and a vulnerability matching strategy related to the vulnerability according to asset basic information of the survival asset target; and loading the vulnerability verificationstrategy according to the vulnerability with the vulnerability verification strategy screened from the currently loaded vulnerability library, then performing vulnerability scanning and service fingerprint detection of the corresponding vulnerability message, and outputting a scanning result. According to the method, the asset basic information of the survival asset target is extracted from the asset table, whether the vulnerability exists or not is detected in combination with the vulnerability library, the vulnerability matching strategy related to the vulnerability and the vulnerability verification strategy, the scanning time efficiency is improved through the dynamic cycle process of vulnerability detection, and meanwhile, the false alarm rate of the vulnerability is reduced.

Description

technical field [0001] The invention relates to the technical field of network security automation, in particular to a method and system for troubleshooting vulnerabilities based on asset scene attributes. Background technique [0002] With the development of information technology and the generation of massive data, the network architecture and terminal equipment are complicated, including host servers, network equipment, security equipment, and software applications with industry attributes. A large number of application services inevitably exist security. Vulnerabilities. Vulnerabilities are exploited by malicious attackers, causing risks such as massive data leakage, financial security, and unsustainable business operations. [0003] The traditional vulnerability scanning method obtains the terminal fingerprint information of the target device through asset fingerprinting technology, such as obtaining the operating system type, network device type, port opening status, a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57H04L29/06
CPCG06F21/577H04L63/1433
Inventor 仇慎健费稼轩石聪聪张小建王齐
Owner GLOBAL ENERGY INTERCONNECTION RES INST CO LTD