Method for verifying vulnerabilities of network devices using CVE entries
A technology of network equipment and entries, applied in the field of security systems, can solve problems such as unspecified CPE, confusion, and difficulty in generating CPE
Pending Publication Date: 2022-07-19
诺佐米网络有限公司
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0009] Standardization is yet to be achieved, and in any case, the complex syntax of CVEs makes it difficult to provide structured and consistent access to data vulnerabilities
In particular, generating CPE is difficult because although it is a standard format, the standardization does not specify what information is contained in the CPE, so different products often follow different standards, where the same product is identified by different CPE logos, resulting in confusion and inconsistency
Additionally, the source information extracted from network protocols varies by protocol, adding another pain point to the process of generating CPE identities
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0061] The present invention relates to a method for verifying vulnerabilities of network devices using CVE entries.
[0062] The method according to the present invention can be applied to CVE-based classification of vulnerable IoT systems. The present invention applies to scenarios that require automated methods to process large amounts of data from different sources without relying on human interaction.
[0063] In particular, the present invention is applicable to the field of security methods for automated management of large amounts of software and hardware vulnerability data and reports.
[0064] In the present invention, the term "CVE entry" refers to a record commonly used in various databases or documents to refer to a given vulnerability, such as a vulnerability published by MITRE, with an ID of the form: CVE-yyyy-nnnnn.
[0065] In the present invention, the term "CVE tree" refers to a representation in the form of a tree-like graph of CVE entries provided with no...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present invention relates to a method for verifying vulnerabilities of a network device using CVE entries, comprising generating a CVE tree according to each CVE entry, defining indexed CVE entries, where generating comprises identifying vulnerability configuration fields, and extracting, for each vulnerability configuration field, a set of vulnerability conditions comprising operator attributes and nested CPE records, where each set of vulnerability conditions comprises an operator attribute and a nested CPE record. The CVE tree is provided with an operator attribute as a node and a CPE record as a leaf from the node, where the decoding comprises tag parsing the decoded string into a sequence of a plurality of n-grams having a predetermined size, and where the matching comprises looking up the sequence of the plurality of n-grams in the CVE tree, if the operator attribute corresponds to OR, if the operator attribute corresponds to OR. An alert is issued if a match is found between at least one CPE record, and if a match is found between all CPE records when the operator attribute corresponds to the AND.
Description
technical field [0001] The present invention relates to the field of security methods and security systems in Common Vulnerability and Exposure (CVE) management. In particular, the present invention relates to a method for verifying vulnerabilities of network devices using CVE entries. Background technique [0002] The use of web applications and web services has become an integral part of almost every aspect of the business process cycle. In addition to promoting products and services online, businesses interact with customers via the Internet, and employees are using more and more Web-based tools for everyday tasks. Web applications have become the most commonly used platform for new software solutions. However, these effective and cost-effective tools introduce new risks and require better or different security measures to compensate for the open, rapid development style that has made the technology increasingly common. [0003] Hardware devices commonly used to connec...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06F21/57G06K9/62
CPCH04L63/1433G06F21/577G06F18/22G06F21/552G06F16/2246G06F16/90344G06F40/284G06F40/205
Inventor 亚历山德拉·卡瓦拉罗·科尔蒂莫雷诺·卡露萝安德莉亚·卡尔卡诺
Owner 诺佐米网络有限公司