A vulnerability processing method, electronic equipment and storage medium

By performing vulnerability scanning and optimizing parameter combinations on the data center platform, the problem of incomplete vulnerability management in existing technologies has been solved, achieving efficient vulnerability remediation and risk reduction.

CN120979793BActive Publication Date: 2026-07-07ZHEJIANG BIG DATA TRADING CENT CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ZHEJIANG BIG DATA TRADING CENT CO LTD
Filing Date
2025-09-15
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Current technologies using CVSS for vulnerability remediation are not comprehensive enough and are inefficient, failing to effectively manage vulnerabilities in data center platforms.

Method used

By performing vulnerability scanning on the data center platform, a list of vulnerability information is obtained, a list of preset associated parameters is determined, a list of combinations of optimized parameter values ​​is generated, the security risk value is calculated, and the combination corresponding to the minimum security risk value is used for optimization.

Benefits of technology

It effectively reduces the impact of vulnerabilities in data center platforms and improves the comprehensiveness and efficiency of vulnerability management.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120979793B_ABST
    Figure CN120979793B_ABST
Patent Text Reader

Abstract

The application provides a vulnerability processing method, electronic equipment and a storage medium, and relates to the technical field of data security transmission, and the method comprises the following steps: performing vulnerability scanning on a data center platform, obtaining a vulnerability information list of the data center platform, determining a preset correlation parameter list of the data center platform affected by the vulnerability, generating a plurality of optimization parameter values for each preset correlation parameter in the preset correlation parameter list, thereby obtaining a combination list of all optimization parameter values, determining the security risk value of the data center platform under each combination based on the combination list of the optimization parameter values, optimizing the data center platform by using the combination corresponding to the smallest security risk value, and reducing the influence of the vulnerability by optimizing the preset correlation parameter.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data security transmission technology, and in particular to a vulnerability handling method, electronic device, and storage medium. Background Technology

[0002] In the context of accelerated digitalization, business systems often rely on large-scale data training. Data center platforms frequently receive encrypted data transmissions from multiple parties, handling massive data processing and transmission tasks, making their security paramount. Vulnerabilities are inherent flaws in information systems' hardware, software, protocol design, configuration strategies, or security management processes, which can be exploited by attackers. Therefore, managing and optimizing vulnerabilities in data center platforms is crucial. Current technologies use CVSS (Continuous Vulnerability Detection and Surgery) prioritization for vulnerability remediation; however, relying solely on CVSS for vulnerability remediation is neither comprehensive nor efficient. Summary of the Invention

[0003] To address the aforementioned technical problems, the technical solution adopted by this invention is as follows:

[0004] According to a first aspect of the present invention, a vulnerability handling method is provided, the method comprising the following steps:

[0005] A vulnerability scan is performed on the data center platform to obtain a vulnerability information list. The vulnerability information list includes vulnerability information for several vulnerabilities, and the vulnerability information includes at least: vulnerability type, vulnerability severity score, vulnerability impact score, and vulnerability threat score. The data center platform receives transmission data sent by the data provider. The vulnerability severity score is the base score (baceScore) after normalization in the CVSS system, the vulnerability impact score is the impact score (impactScore) after normalization in the CVSS system, and the vulnerability threat score is calculated using the Predictive Scoring System (EPSS).

[0006] Based on the vulnerability type, a list of preset associated parameters that the vulnerability affects the data center platform is determined. The list of preset associated parameters includes several preset associated parameters.

[0007] For each preset associated parameter in the preset associated parameter list, generate several optimized parameter values ​​to obtain a combination list of all optimized parameter values. The combination list includes several combinations, and each combination includes several optimized parameter values ​​corresponding to the preset associated parameter values.

[0008] Based on the list of combinations of optimized parameter values, the security risk value of the data center platform under each combination is determined. The security risk value is equal to the product of the base score of the vulnerability in the CVSS system, the preset threat weight, and the reciprocal of the repair urgency of the vulnerability in the current combination of the data center platform. The repair urgency is determined based on the impact of the vulnerability in the current combination of the data center platform on the business.

[0009] Optimize the data center platform using the combination that corresponds to the minimum security risk value.

[0010] According to a second aspect of the present invention, a non-transitory computer-readable storage medium is provided, wherein a computer program is stored in the storage medium, and the computer program is loaded and executed by a processor to implement the aforementioned method.

[0011] According to a third aspect of the present invention, an electronic device is provided, comprising: a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the aforementioned method.

[0012] The present invention has at least the following beneficial effects: In summary, by performing vulnerability scanning on a data center platform, obtaining a list of vulnerability information for the data center platform, determining a list of preset associated parameters corresponding to the vulnerability information that affect the data center platform, generating several optimized parameter values ​​for each preset associated parameter in the list of preset associated parameters, thereby obtaining a list of combinations of all optimized parameter values, determining the security risk value of the data center platform under each combination based on the list of combinations of optimized parameter values, and optimizing the data center platform using the combination corresponding to the minimum security risk value, the impact of vulnerabilities is effectively reduced by optimizing the preset associated parameters. Attached Figure Description

[0013] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0014] Figure 1 A flowchart of a vulnerability handling method provided in an embodiment of the present invention. Detailed Implementation

[0015] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0016] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar tasks and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or server that comprises a series of steps or units is not necessarily limited to those explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or devices.

[0017] This invention provides a vulnerability handling method, such as... Figure 1 As shown, the method includes the following steps:

[0018] S001, Perform a vulnerability scan on the data center platform to obtain a vulnerability information list for the data center platform. The vulnerability information list includes vulnerability information for several vulnerabilities, and the vulnerability information includes at least: vulnerability type, vulnerability severity score, vulnerability impact score, and vulnerability threat score. The data center platform receives transmission data sent by the data provider. The vulnerability severity score is the base score (baceScore) after normalization processing in the CVSS system. The vulnerability impact score is the impact score (impactScore) after normalization processing in the CVSS system. The vulnerability threat score is calculated using the Predictive Scoring System (EPSS).

[0019] Specifically, the vulnerability threat score R = 1 / (1+e) -L The probability of vulnerability exploitation is assessed using linear regression technology, L = -θ0 + θ1 × vend + θ2 × tag + θ3 × exp + θ4 × ref; θ0 is the preset base offset, θ1 is the first dynamic regression coefficient, θ2 is the second dynamic regression coefficient, θ3 is the third dynamic regression coefficient, and θ4 is the fourth dynamic regression coefficient. θ1, θ2, θ3, and θ4 are dynamically given based on EPSS, vend is the vendor characteristic related to the vulnerability, tag is the vulnerability classification label, exp is the characteristic of whether the vulnerability is publicly disclosed, and ref is the characteristic of the number of references. Specifically, the calculation can be referenced through patent CN 115396156B.

[0020] S002, Based on the vulnerability type, determine a list of preset associated parameters that affect the data center platform. The list of preset associated parameters includes several preset associated parameters.

[0021] Specifically, pre-set the associated parameters corresponding to the vulnerability types. For example, the associated parameters for application layer vulnerabilities include: session timeout, request rate limit, and input validation rules; the associated parameters for network layer vulnerabilities include: IP blacklist refresh frequency and TCP connection timeout.

[0022] S003, generate several optimized parameter values ​​for each preset associated parameter in the preset associated parameter list, thereby obtaining a combination list of all optimized parameter values. The combination list includes several combinations, and each combination includes several optimized parameter values ​​corresponding to the preset associated parameter values.

[0023] S004. Based on the list of combinations of optimized parameter values, determine the security risk value of the data center platform under each combination. The security risk value is equal to the product of the base score of the CVSS system for the vulnerability of the data center platform under the current combination, the preset threat weight, and the reciprocal of the remediation urgency. The remediation urgency is determined based on the impact of the vulnerability of the data center platform under the current combination on the business.

[0024] S005 optimizes the data center platform using the combination corresponding to the minimum security risk value.

[0025] In summary, vulnerability scanning of the data center platform yields a list of vulnerabilities. This leads to the determination of a pre-defined list of associated parameters affecting the data center platform, the generation of several optimized parameter values ​​for each pre-defined parameter, and the creation of a list of all possible combinations of optimized parameter values. Based on these combinations, the security risk value of the data center platform under each combination is determined. The combination with the lowest security risk value is then used to optimize the data center platform. By optimizing the pre-defined associated parameters, the impact of vulnerabilities can be effectively reduced.

[0026] Specifically, after S001 obtains the vulnerability information list, it also includes:

[0027] S006, obtain the predicted threat level corresponding to the transmission data sent by the data provider to the data center platform, and determine the target threat level corresponding to the transmission data sent by the data provider to the data center platform based on the vulnerability information list.

[0028] Specifically, based on vulnerabilities in data center platforms and considering their impact on transmission rates, the prediction of the risk of data leakage is more accurate, meaning the target threat level is more precise than the predicted threat level.

[0029] Furthermore, the predicted threat level is determined through the following steps:

[0030] S100: Obtain a list of transmission attribute information of the data sent by the data provider to the data center platform within the current time window W0. The list of transmission attribute information includes several transmission attribute information of a batch of transmission data. The transmission attribute information includes at least: the data update period T0 of the transmission data, the size S0 of the transmission data, and the encryption strategy of the transmission data; T0 is the time interval between two consecutive transmission data sent by the data provider to the data center platform.

[0031] In one embodiment of the present invention, the encryption strategy for transmitted data is a plurality of initial encryption strategies for transmitted data, wherein the initial encryption strategy is an encryption method; it can be understood that transmitted data may be encrypted by a combination of multiple initial encryption strategies, but the data provider does not want to disclose the combination of initial encryption strategies for reasons such as the security of transmitted data, and only discloses the initial encryption strategy for transmitted data.

[0032] S200: Based on the list of transmission attribute information, determine the predicted threat level of the transmission data sent by the data provider to the data center platform. The higher the predicted threat level, the greater the risk of the corresponding transmission data being leaked.

[0033] The S300 uses an AI model to issue early warnings to data providers based on predicted threat levels. Specifically, it uses an AI model to provide tiered early warnings based on predicted threat levels.

[0034] Specifically, S200 determines the predicted threat level of the transmitted data sent by the data provider to the data center platform based on the transmission attribute information list, and also includes:

[0035] S210, obtain the product of the normalized data update period, lg(S0+1), transmission anomaly value and preset weight factor C0, as the first threat quantity V1; the transmission anomaly value is the sum of 1 and the transmission anomaly behavior value A0, A0 is the sum of the preset scores corresponding to each anomaly behavior of all transmitted data in W0, and lg() is the logarithmic function.

[0036] Specifically, as those skilled in the art will know, any method of normalization in the prior art falls within the protection scope of this invention, and will not be elaborated further here.

[0037] Specifically, the first threat quantity V1 = ST0 × lg(S0+1) × C0 × (A0+1), where ST0 is the normalized data update cycle. It can be understood that rapid update behavior may mask theft behavior. For example, when the data provider updates the transmitted data, a theft request is initiated simultaneously. Since the data center platform is busy processing update traffic, the anomaly detection system may misjudge the theft traffic as update traffic. Therefore, the smaller the data update cycle, the larger the first threat quantity. Furthermore, the larger the transmitted data, the greater the harm of large-scale data leakage. Therefore, the larger the transmitted data, the larger the first threat quantity. It is set to lg(S0+1) to avoid failure when S0 is 0.

[0038] In one embodiment of the present invention, a preset score corresponding to the abnormal behavior is preset, the abnormal transmission behavior in W0 is obtained, the abnormal transmission behavior value is determined, and if there are multiple abnormal transmission behaviors in W0, the sum of the preset scores corresponding to the multiple abnormal transmission behaviors is obtained as the abnormal transmission behavior value.

[0039] Furthermore, the dimensions of abnormal behavior include at least: request rate, access rate during unusual time periods, and access rate from uncommon regions.

[0040] S220, determine the security attenuation value φ(E0) based on the complexity value E0 of the encryption strategy of the transmitted data, and obtain the product value of φ(E0) and V1 as the second threat quantity V2, where φ(E0) and E0 are inversely proportional.

[0041] Specifically, φ(E0) is equal to the sum of the attenuation index and the preset leakage probability a; the attenuation index is the negative x power of the natural constant e, where x is the product of the preset attenuation coefficient b and the specified value Y; the specified value Y is E0 raised to the power of γ, where γ is the preset adjustment factor.

[0042] Specifically, V2 = V1 × φ(E0), φ(E0) = e -x +a, x=b×Y, Y=(E0) γ The security attenuation value is determined by the encryption strategy of the transmitted data. When the encryption strategy of the transmitted data is complex, the larger E0 is, the smaller φ(E0) is, and the smaller V2 is. That is, the more complex the encryption strategy of the transmitted data is, the smaller the second threat quantity is.

[0043] In one embodiment of the present invention, the complexity level of each initial encryption strategy is predetermined to determine the complexity of each initial encryption strategy. Based on the encryption strategy of the transmitted data, all combinations of the initial encryption strategies are determined to determine the complexity of each combination. The maximum value among the complexities of the combinations is taken as the complexity value E0 of the encryption strategy of the transmitted data. In one embodiment of the present invention, the complexity of the combination is equal to the product of the complexities of all initial encryption strategies in the combination.

[0044] S230, based on V2, determines the predicted threat level corresponding to the transmission data sent by the data provider to the data center platform, wherein the value of the predicted threat level ranges from 0 to 1.

[0045] In summary, this invention obtains a list of transmission attribute information for data transmitted within the current time window W0. Based on this list, it determines the predicted threat level of data leakage for the data provider. Then, based on this predicted threat level, an AI model provides early warning to the data provider. Specifically, the product of the normalized data update cycle, transmission risk value, preset weight factor C0, and transmission anomaly value is used as the first threat quantity V1. A security attenuation value φ(E0) is determined based on the complexity value E0 of the encryption strategy for the transmitted data. The product of φ(E0) and V1 is used as the second threat quantity V2. Based on V2, the predicted threat level of data leakage for the data provider is determined. This invention uses multiple dimensions, such as the transmission data update cycle and data size, to more accurately determine the threat level of data leakage.

[0046] Specifically, after determining the predicted threat level of data leakage from the data provider, S200 also includes:

[0047] S201, Obtain the true threat level of data leakage from the data provider's transmission, where the true threat level ranges from 0 to 1. In one embodiment of the present invention, the true threat level of data leakage from the data provider's transmission is determined through expert opinion.

[0048] S202, construct a cross-entropy loss function based on the predicted threat level and the actual threat level, and update the preset parameters by minimizing the cross-entropy loss function. The preset parameters include at least: a preset weighting factor, a preset leakage probability, a preset decay coefficient, and a preset adjustment factor.

[0049] Furthermore, after determining the predicted threat level of data leakage from the data provider within W0, it also includes:

[0050] If the predicted threat level of the data provider's transmitted data leakage within W0 is greater than the preset threat threshold, and the predicted threat level of the transmitted data sent by the data provider to the data center platform within the y adjacent time windows before W0 is greater than the preset threat threshold, the length of the time window is updated to obtain the new length of the time window.

[0051] Furthermore, the length of the new time window is equal to the quotient of the current time window length divided by a preset proportion, where the preset proportion is the sum of 1 and η times y, and the time proportion η is equal to the quotient of the current time window length divided by T0. It can be understood that when the predicted threat levels of the time windows adjacent to y+1 are all greater than the preset threat threshold, the threat level of the currently transmitted data leakage is considered high, therefore the length of the observation time window is shortened, and close observation is conducted.

[0052] Furthermore, the preset threat threshold can be obtained through the following steps:

[0053] S010, Obtain a list of historical data attributes. This list includes a list of historical data attribute information sent by the data provider to the data center platform under several historical time windows. The list of historical data attribute information includes several historical data attribute information for a batch of historical data. The historical data attribute information includes at least: the historical data update period T1, the size of the historical data S1, and the encryption strategy of the historical data. The length of the historical time window is equal to the length of W0. T1 is the time interval between two consecutive historical data transmissions from the data provider to the data center platform.

[0054] S020, for a historical time window, obtain the product of the normalized data update period T1, lg(S1+1), preset weight factor and historical outlier, as the historical threat quantity Z1; the historical outlier is the sum of 1 and the historical outlier behavior value A1, where A1 is the sum of the preset scores corresponding to each outlier behavior in the historical data within the historical time window.

[0055] Specifically, Z1 = ST1 × lg(S1+1) × C0 × (A1+1), where ST1 is the normalized data update period.

[0056] For a given historical time window, S030 determines the security attenuation value φ(E1) based on the complexity E1 of the encryption strategy using historical data. The product of φ(E1) and the historical threat level is then used as the specified threat level, with φ(E1) being inversely proportional to E1. Z2 = Z1 × φ(E1), φ(E1) = e -p +a, p=b×Y, P=(E1) γ It can be understood that the method for calculating φ(E1) is the same as the method for calculating φ(E0).

[0057] S040, for a historical time window, determine the historical threat level of historical data leakage based on a specified threat level, where the historical threat level ranges from 0 to 1. Specifically, the method for determining the historical threat level of historical data leakage based on the specified threat level is the same as the method for determining the predicted threat level of transmitted data leakage based on a second threat level.

[0058] S050 determines the preset threat threshold based on the mean and standard deviation of the historical threat levels corresponding to all historical time windows.

[0059] Specifically, the preset threat threshold is equal to the sum of the mean of the historical threat levels corresponding to all historical time windows, β times the standard deviation of the historical threat levels corresponding to all historical time windows, and α times the exponential smoothing value, where β is the preset sensitivity, α is the preset weighting coefficient, and the exponential smoothing value is the weighted sum of the transmission anomaly behavior values ​​of the historical time window and the transmission anomaly behavior values ​​of the previous time window.

[0060] Furthermore, the weight of the transmission anomaly value in the historical time window is 0.2.

[0061] In summary, the historical data attribute list of the acquired historical data is used to determine the historical threat level Z1 for a given historical time window. The product of the normalized data update period T1, lg(S1+1), the preset weighting factor, and the historical abnormal behavior value is obtained. For a given historical time window, the security attenuation value φ(E1) is determined based on the complexity of the encryption strategy of the historical data, and the product of φ(E1) and the historical threat level is obtained as the specified threat level Z2. For a given historical time window, the historical threat level of historical data leakage is determined based on the specified threat level. A preset threat threshold is determined based on the mean and standard deviation of the historical threat levels corresponding to all historical time windows. This invention uses the mean and standard deviation of the specified threat level of historical data to more accurately determine the preset threat level.

[0062] Embodiments of the present invention also provide a non-transitory computer-readable storage medium that can be disposed in an electronic device to store a computer program related to implementing a method in the method embodiments, the computer program being loaded and executed by the processor to implement the method provided in the above embodiments.

[0063] Embodiments of the present invention also provide an electronic device, including: a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the method provided in the above embodiments.

[0064] Embodiments of the present invention also provide a computer program product including program code, which, when the program product is run on an electronic device, causes the electronic device to perform the steps of the methods described above in various exemplary embodiments of the present invention.

[0065] While specific embodiments of the invention have been described in detail by way of examples, those skilled in the art should understand that the examples are for illustrative purposes only and are not intended to limit the scope of the invention. Those skilled in the art should also understand that various modifications can be made to the embodiments without departing from the scope and spirit of the invention.

Claims

1. A vulnerability handling method, characterized in that, The method includes the following steps: A vulnerability scan is performed on the data center platform to obtain a vulnerability information list. This list includes information on several vulnerabilities, each including at least: vulnerability type, severity score, impact score, and threat score. The data center platform receives transmission data from a data provider. The vulnerability severity score is the base score (baceScore) normalized in the CVSS system, the impact score is the impact score (impactScore) normalized in the CVSS system, and the threat score is calculated using the Predictive Score System (EPSS). After obtaining the vulnerability information list, the following steps are also included: To obtain the predicted threat level of the transmitted data sent by the data provider to the data center platform, and based on the vulnerability information list, determine the target threat level of the transmitted data sent by the data provider to the data center platform. The predicted threat level of the data provider's transmitted data leakage is obtained through the following steps: Obtain a list of transmission attribute information for the data sent by the data provider to the data center platform within the current time window W0. The list of transmission attribute information includes several transmission attribute information for a batch of transmission data. The transmission attribute information includes at least: the data update period T0 of the transmission data, the size S0 of the transmission data, and the encryption strategy of the transmission data; T0 is the time interval between two consecutive transmission data sent by the data provider to the data center platform. Based on the list of transmission attribute information, the predicted threat level of the transmitted data sent by the data provider to the data center platform is determined. The higher the predicted threat level, the greater the risk of the transmitted data being leaked. Determining the predicted threat level of the transmitted data sent by the data provider to the data center platform based on the list of transmission attribute information also includes: Obtain the product of the normalized data update period, lg(S0+1), transmission anomaly value and preset weight factor as the first threat quantity V1; the transmission anomaly value is the sum of 1 and the transmission anomaly behavior value A0, where A0 is the sum of the preset scores corresponding to each anomaly behavior of all transmitted data within W0, and lg() is the logarithmic function. The security attenuation value φ(E0) is determined based on the complexity value E0 of the encryption strategy for transmitted data, and the product of φ(E0) and V1 is obtained as the second threat value V2, where φ(E0) and E0 are inversely proportional. Based on V2, the predicted threat level of the transmitted data sent by the data provider to the data center platform is determined, where the value of the predicted threat level ranges from 0 to 1. Based on the vulnerability type, a list of preset associated parameters that the vulnerability affects the data center platform is determined. The list of preset associated parameters includes several preset associated parameters. For each preset associated parameter in the preset associated parameter list, generate several optimized parameter values ​​to obtain a combination list of all optimized parameter values. The combination list includes several combinations, and each combination includes several optimized parameter values ​​corresponding to the preset associated parameter values. Based on the list of combinations of optimized parameter values, the security risk value of the data center platform under each combination is determined. The security risk value is equal to the product of the base score of the vulnerability in the CVSS system, the preset threat weight, and the reciprocal of the repair urgency of the vulnerability in the current combination of the data center platform. The repair urgency is determined based on the impact of the vulnerability in the current combination of the data center platform on the business. Optimize the data center platform using the combination that corresponds to the minimum security risk value.

2. The vulnerability handling method according to claim 1, characterized in that, After determining the predicted threat level of data leakage from the data provider within W0, the following is also included: If the predicted threat level of the data provider's transmitted data leakage within W0 is greater than the preset threat threshold, and the predicted threat level of the transmitted data sent by the data provider to the data center platform within the y adjacent time windows before W0 is greater than the preset threat threshold, the length of the time window is updated to obtain the new length of the time window.

3. The vulnerability handling method according to claim 2, characterized in that, The length of the new time window is equal to the quotient of the length of the current time window divided by a preset ratio value, where the preset ratio value is equal to the sum of 1 and η times y, and the time ratio value η is equal to the quotient of the length of the current time window divided by T0.

4. The vulnerability handling method according to claim 2, characterized in that, Obtain the preset threat threshold by following these steps: Obtain a list of historical data attributes, which includes a list of historical data attribute information sent by the data provider to the data center platform under several historical time windows. The list of historical data attribute information includes several historical data attribute information of a batch of historical data. The historical data attribute information includes at least: the data update period T1 of the historical data, the size S1 of the historical data, and the encryption strategy of the historical data; the length of the historical time window is equal to the length of W0; and T1 is the time interval between two consecutive historical data transmissions from the data provider to the data center platform. For a historical time window, the product of the normalized data update period T1, lg(S1+1), preset weight factor and historical outlier is obtained as the historical threat quantity; the historical outlier is the sum of 1 and the historical outlier behavior value A1, where A1 is the sum of the preset scores corresponding to each outlier behavior in the historical data within the historical time window. For a given historical time window, the security attenuation value φ(E1) is determined based on the complexity E1 of the encryption strategy for historical data, and the product of φ(E1) and the historical threat level is obtained as the specified threat level. φ(E1) and E1 are inversely proportional. For a given historical time window, the historical threat level of the historical data breach is determined based on a specified threat level, where the value of the historical threat level ranges from 0 to 1. The preset threat threshold is determined based on the mean and standard deviation of the historical threat levels corresponding to all historical time windows.

5. The vulnerability handling method according to claim 4, characterized in that, The preset threat threshold is equal to the sum of the mean of the historical threat levels corresponding to all historical time windows, β times the standard deviation of the historical threat levels corresponding to all historical time windows, and α times the exponential smoothing value, where β is the preset sensitivity, α is the preset weighting coefficient, and the exponential smoothing value is the weighted sum of the transmission anomaly behavior values ​​of the historical time window and the transmission anomaly behavior values ​​of the previous time window.

6. A non-transitory computer-readable storage medium, characterized in that, The storage medium stores a computer program, which is loaded and executed by a processor to implement the vulnerability handling method as described in any one of claims 1-5.

7. An electronic device, comprising: A processor, a memory, and a computer program stored in the memory and executable on the processor, characterized in that, when the processor executes the computer program, it implements the vulnerability handling method as described in any one of claims 1-5.