Known vulnerability positioning method and device for network equipment

Abstract

The invention discloses a known vulnerability positioning method and device for network equipment. Known vulnerabilities are positioned through two stages of module-level coarse-grained positioning and function-level fine-grained identification, and finally security repair codes are identified according to screening of difference functions and sorting from high to low according to determination degrees. The method and device serve vulnerability positioning, the positioning precision is effectively improved, the patch comparison efficiency is improved, the misinformation of subsequent safety repair is avoided, and the misinformation and misinformation problems of an existing patch analysis framework can be corrected.

Description

technical field [0001] The present invention relates to a patch comparison technology for known vulnerabilities, and mainly relates to a method and device for locating known vulnerabilities in network equipment. Based on the revolutionary binary comparison technology, the semantic similarity measurement method is used to screen and sort the comparison results, improve the patch analysis efficiency of network devices, and support researchers to discover more details of known vulnerabilities. Background technique [0002] Patch comparison technology is an auxiliary technology for vulnerability mining. By comparing and analyzing the difference between the original program and the updated program after vulnerability repair, it can use the limited vulnerability report description and patch program to accurately locate known vulnerabilities, so as to further explore potential vulnerabilities. loophole. Usually there is a long time window between the release of patches and the dep...

AI Technical Summary

Problems solved by technology

[0005] (1) Vulnerability location based on the patch comparison method has false positives, that is, the comparison results contain a large number of non-secure patches. Due to the inherent differences to be confirmed and the low degree of screening automation, it takes a lot of manpower to confirm the results one by one in actual work

[0006] (2) There are false negatives in vulnerability location based on the patch comparison method. For example, in the absence of debugging symbols, the comparison heuristic algorithm may incorrectly match two irrelevant functions, resulting in the lack of correct security patches.

[0007] The complexity of the network device itself makes it difficult to quickly reverse the details of the vulnerability and understand the mechanism of the vulnerability through simple command comparison. Therefore, using the existing patch comparison tool to locate known vulnerabilities on the network device will easily produce a large number of false negatives and false positives. The situation hinders the researcher's vulnerability analysis and mining process, and brings hidden dangers to the security of network equipment.

Images