A network asset security analysis method and device, a storage medium and an electronic device

By combining network asset security analysis devices with global asset context analysis, the problems of time-consuming and labor-intensive manual monitoring and the inability of static rules to adapt to dynamic changes in network systems are solved. This enables automated and intelligent security analysis of network assets and improves the accuracy of security status levels.

CN122394946APending Publication Date: 2026-07-14BEIJING HONGTENG INTELLIGENT TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING HONGTENG INTELLIGENT TECH CO LTD
Filing Date
2026-05-19
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In existing technologies, relying on manual monitoring of network asset security is time-consuming, labor-intensive, and prone to human error. Furthermore, static rules cannot adapt to the dynamic changes in the network system, leading to security problems such as misjudgment of vulnerabilities.

Method used

The network asset security analysis device automatically detects network assets, performs contextual analysis of global assets, determines the security status level of the target network asset, and dynamically adjusts the security status level by analyzing vulnerability risks using asset attribute information, historical vulnerability databases, and upstream and downstream assets.

Benefits of technology

It enables automated and intelligent security analysis of network assets, improves the accuracy of security status levels, reduces the possibility of false alarms and misjudgments of vulnerabilities, and adapts to the dynamic changes of network systems.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394946A_ABST
    Figure CN122394946A_ABST
Patent Text Reader

Abstract

The application provides a network asset security analysis method and device, a storage medium and an electronic device. The method is applied to the technical field of computers and includes the following steps: determining a target network asset in a network system, obtaining asset attribute information of the target network asset, obtaining related vulnerability data of the target network asset based on the asset attribute information, performing context analysis and processing on the related vulnerability data based on global assets of the network system, and determining a security state level of the target network asset. The method can comprehensively detect the vulnerability of the target network asset by performing context analysis on the related vulnerability of the target network asset based on the global assets, thereby improving the accuracy of the obtained security state level.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of computer technology, and more specifically, to a method, apparatus, storage medium, and electronic device for network asset security analysis in the field of computer technology. Background Technology

[0002] With the development of computer network technology, many enterprises or organizations have built complex network systems to assist employees and customers in their operations. For example, they can build enterprise network systems to realize online office work. However, as the scale of network systems continues to expand, network assets in the network system also face many security threats. In the existing technology, the main method for monitoring the security of network assets is manual monitoring. However, due to the need to deal with a large amount of network data and asset information, manual monitoring is not only time-consuming and labor-intensive, but also prone to human error, which can lead to security problems such as misjudgment of vulnerabilities in the network system. Therefore, it is necessary to propose an intelligent network asset security analysis method that is targeted to the network system environment. Summary of the Invention

[0003] This application provides a network asset security analysis method, apparatus, storage medium, and electronic device. The method can perform contextual analysis of relevant vulnerabilities of target network assets by combining global assets, thereby comprehensively detecting the vulnerability issues of target network assets and improving the accuracy of the obtained security status level.

[0004] In a first aspect, embodiments of this application provide a method for network asset security analysis, the method comprising: Identify the target network asset in the network system and obtain the asset attribute information of the target network asset; Based on the asset attribute information, obtain relevant vulnerability data of the target network asset; Based on the global assets of the network system, contextual analysis is performed on the relevant vulnerability data to determine the security status level of the target network asset.

[0005] The above technical solution enables contextual analysis of relevant vulnerabilities in target network assets by combining global assets, thereby comprehensively detecting the vulnerability issues of target network assets and improving the accuracy of the obtained security status level.

[0006] In conjunction with the first aspect, in some possible implementations, obtaining relevant vulnerability data of the target network asset based on the asset attribute information includes: The target asset type of the target network asset is determined based on the asset attribute information; The target asset type is compared with the historical vulnerability database to obtain relevant vulnerability data of the target network asset.

[0007] The above technical solution can determine the asset type through asset attribute information, and then compare it with the historical vulnerability database to obtain the existing vulnerability data, thereby improving the efficiency of security analysis.

[0008] In conjunction with the first aspect, in some possible implementations, the step of performing contextual analysis processing on the relevant vulnerability data based on the global assets of the network system to determine the security status level of the target network asset includes: Asset usage analysis is performed on the target network asset to identify the upstream and downstream assets of the target network asset in the global assets of the network system. Based on the upstream and downstream assets, vulnerability risk analysis and processing are performed on the relevant vulnerability data to determine the security status level of the target network asset.

[0009] The above technical solution enables the determination of security status levels by combining upstream and downstream assets of the target network assets, thereby achieving adaptive security analysis for the current network system environment and improving the accuracy of the obtained security status levels.

[0010] In conjunction with the first aspect, in some possible implementations, the step of performing asset use analysis on the target network asset to determine the upstream and downstream assets of the target network asset within the global assets of the network system includes: Based on the asset attribute information, determine the type of use of the target network asset in the network system; Based on the usage type, the associated links of the target network asset are determined in the global assets of the network system; Identify the upstream and downstream assets of the target network asset in the associated link.

[0011] The above technical solution enables the identification of upstream and downstream assets in a network system based on the type of network asset usage, thereby improving the efficiency of upstream and downstream asset identification and thus enhancing the efficiency and accuracy of security analysis and processing.

[0012] In conjunction with the first aspect, in some possible implementations, the step of performing vulnerability risk analysis and processing based on the relevant vulnerability data of the upstream and downstream assets to determine the security status level of the target network asset includes: Based on the network exposure scenarios corresponding to the upstream and downstream assets, the data exposure scope corresponding to the relevant vulnerability data is determined; The security status level of the target network asset is determined based on the data exposure range.

[0013] The above technical solution can redetermine the potential data exposure scope caused by relevant vulnerability data by analyzing the network exposure scenarios of upstream and downstream assets. This allows for the determination of the security status level of the target network asset in conjunction with the actual architecture of the network system, thereby improving the accuracy of the obtained security status level and reducing false alarms and vulnerabilities.

[0014] In conjunction with the first aspect, in some possible implementations, determining the security status level of the target network asset based on the data exposure scope includes: Obtain the initial status level corresponding to the relevant vulnerability data; If the data exposure range includes a preset data leakage range, then the initial state level is upgraded to determine the security state level of the target network asset. If the data exposure range does not include the preset data leakage range, then the initial state level is downgraded to determine the security state level of the target network asset.

[0015] The above technical solution enables the adjustment of the initial state level by comparing the data exposure range, thereby obtaining a security state level that conforms to the current network system. This achieves early warning for high-risk data leakage scenarios, avoids false alarms in low-risk scenarios, and improves the accuracy of security state level determination.

[0016] In conjunction with the first aspect, in some possible implementations, the method further includes: Based on the relevant vulnerability data and security status level of the target network asset, a handling recommendation is generated.

[0017] Secondly, embodiments of this application provide a network asset security analysis device, the device comprising: The asset attribute acquisition unit is used to identify target network assets in the network system and acquire asset attribute information of the target network assets. The vulnerability data acquisition unit is used to acquire relevant vulnerability data of the target network asset based on the asset attribute information. The context analysis unit is used to perform context analysis processing on the relevant vulnerability data based on the global assets of the network system, and to determine the security status level of the target network asset.

[0018] Thirdly, embodiments of this application provide a computer storage medium storing a plurality of instructions adapted for loading by a processor and executing the above-described method steps.

[0019] Fourthly, embodiments of this application provide an electronic device that may include: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to execute the above-described method steps.

[0020] In one or more embodiments of this application, a target network asset is identified in the network system, and asset attribute information of the target network asset is obtained. Based on the asset attribute information, relevant vulnerability data of the target network asset is obtained. Contextual analysis processing is performed on the relevant vulnerability data based on the global assets of the network system to determine the security status level of the target network asset. By combining contextual analysis of relevant vulnerabilities of the target network asset with global assets, the vulnerability issues of the target network asset are comprehensively detected, thereby improving the accuracy of the obtained security status level. Attached Figure Description

[0021] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0022] Figure 1 This is a schematic diagram of the structure of a network system provided in an embodiment of this application; Figure 2 This is a flowchart illustrating a network asset security analysis method provided in an embodiment of this application; Figure 3 This is a schematic diagram of a process for obtaining relevant vulnerability data provided in an embodiment of this application; Figure 4 This is a schematic diagram of a context analysis process provided in an embodiment of this application; Figure 5 This is a schematic diagram of a process for determining upstream and downstream assets provided in an embodiment of this application; Figure 6 This is a schematic diagram of a process for determining a security status level provided in an embodiment of this application; Figure 7 This is a schematic diagram of a security status level correction process provided in an embodiment of this application; Figure 8 This is a schematic diagram of the structure of a network asset security analysis device provided in an embodiment of this application; Figure 9 This is a schematic diagram of the structure of a network asset security analysis device provided in an embodiment of this application; Figure 10This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0023] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0024] With the development of computer network technology, many enterprises and organizations have built complex network systems to assist employees and customers in their operations. For example, they can build enterprise network systems to realize online office work. In existing technologies, monitoring of network asset security mainly relies on manual monitoring. However, due to the large amount of network data and asset information involved, manual monitoring is not only time-consuming and labor-intensive but also prone to human error, leading to security problems such as misjudgment of vulnerabilities in the network system. Alternatively, preset static rules are used to judge the security status of network assets. However, static rules cannot adapt to the dynamic changes of the network system and cannot perform real-time analysis based on dynamic changes. If new security problems occur or network assets in the network system change, the static rules cannot be changed in time, thus failing to detect security risks. This application provides a network asset security analysis device that can automatically detect network assets in the network system and analyze their security status. The network asset security analysis method provided in this application can be implemented by a computer program and can run on a network asset security analysis device based on the von Neumann architecture. The computer program can be integrated into an application or run as a standalone tool application. The network asset security analysis device can be an intelligent agent used to execute network asset security analysis methods, and the network asset security analysis device can also use intelligent agents to execute network asset security analysis methods.

[0025] Please see also Figure 1 This application provides a schematic diagram of a network system structure. The network system can be an overall operating environment composed of various device nodes interconnected via communication links. Different device nodes can perform different business functions. The network system can be built by enterprises or organizations to assist employees, customers, or relevant personnel in operation. Network assets can be the various device nodes in the network system, such as servers, routers, or terminal devices. Terminal devices can be computers, mobile phones, tablets, or printers, etc., that can communicate and exchange data with other device nodes in the network system. Figure 1As shown, server A, server B, router, and terminal devices A, B, and C can all be network assets in a network system. Server A can form a communication link with the router, the router can form communication links with terminal devices A and B, and server B can form a communication link with terminal device C. The connection methods of network assets in the network system can be configured according to the needs of relevant users. The network asset security analysis device in this embodiment can automatically monitor network assets in the network system and, in conjunction with other network assets in the network system that have communication links with these network assets, perform security analysis on the network assets. This achieves automated analysis of network asset security and comprehensively detects vulnerabilities in the target network assets based on global asset coverage.

[0026] The network asset security analysis method provided in this application will be described in detail below with reference to specific embodiments.

[0027] Please see Figure 2 This is a flowchart illustrating a network asset security analysis method provided in this application embodiment. Figure 2 As shown, the method described in this application embodiment may include the following steps S101-S103.

[0028] S101, Identify the target network asset in the network system and obtain the asset attribute information of the target network asset.

[0029] Specifically, the network asset security analysis device can scan and identify target network assets in the network system. The target network assets are those that need to be security analyzed and processed. The device can also obtain the asset attribute information of the target network assets. The asset attribute information may include the network asset's identity identifier, related ports, version number, etc. The identity identifier may include Internet Protocol (IP) address, Media Access Control (MAC) address, and domain name, etc. The asset attribute information can be entered by users or relevant personnel, or it can be obtained by the network asset security analysis device from the database of the network system.

[0030] Optionally, the target network asset can be specified by the user or relevant personnel, or it can be automatically determined by the network asset security analysis device. For example, if the network asset security analysis device receives a global security analysis command for the network system, it can scan all network assets in the network system and perform security analysis. The target network asset can be a network asset in the network system that has not yet undergone security analysis. The global security analysis command can be sent by the user or relevant personnel, or it can be sent to the network asset security analysis device periodically, thereby enabling periodic global security analysis of the network system.

[0031] Optionally, the network asset security analysis device can detect asset changes in the network system in real time. If an asset change is detected in the target network asset, the device can obtain the asset attribute information of the target network asset and perform subsequent security analysis. The asset change may include the target network asset being newly added to the network system or the target network asset undergoing configuration changes.

[0032] S102, Obtain relevant vulnerability data of the target network assets based on asset attribute information.

[0033] Specifically, after obtaining the asset attribute information of the target network asset, it is possible to determine what kind of device the target network asset is, what functions it has, and what ports it has. The network asset security analysis device can determine the relevant vulnerability data of the target network asset based on past security analysis and processing experience. The relevant vulnerability data includes the vulnerabilities existing in the target network asset and the security problems that may be caused by the exploitation of these vulnerabilities.

[0034] S103, based on the global assets of the network system, performs contextual analysis and processing on relevant vulnerability data to determine the security status level of the target network assets.

[0035] Specifically, different network systems use different device connection relationships, provide different functions, and operate in different network environments. Therefore, the vulnerability data obtained based on asset attribute information may not necessarily match the current network system. Network asset security analysis devices can combine the global assets of the network system to perform contextual analysis on relevant vulnerability data. This contextual analysis can combine the target network asset's business functions and location within the network system, as well as other network assets with communication links to the target network asset, to further analyze the relevant vulnerability data of the target network asset. This determines the actual impact and threat level of the relevant vulnerability data within the network system, thereby determining the security status level of the target network asset. The security status level describes the potential security risks posed by the relevant vulnerability data of the target network asset within the network system. The security status level can be initially set by the network asset security analysis device or configured by users or relevant personnel. For example, security status levels can be divided into "safe," "slightly dangerous," "medium dangerous," and "severe dangerous."

[0036] In this embodiment, a target network asset is identified within the network system, and its asset attribute information is obtained. Based on the asset attribute information, relevant vulnerability data of the target network asset is acquired. Contextual analysis is then performed on the relevant vulnerability data based on the global assets of the network system to determine the security status level of the target network asset. By combining contextual analysis of the relevant vulnerabilities of the target network asset with global assets, the vulnerability issues of the target network asset are comprehensively detected, improving the accuracy of the obtained security status level.

[0037] Please see Figure 3 This document provides a flowchart illustrating the process of obtaining relevant vulnerability data in an embodiment of this application. Figure 3 As shown, in one or more embodiments of this application, step S102 may include the following steps S201-S202.

[0038] S201, Determine the target asset type of the target network asset based on asset attribute information.

[0039] Specifically, after obtaining the asset attribute information of the target network asset, the target asset type of the target network asset can be determined based on the content of the asset attribute information. The target asset type is the asset type of the target network asset, and the asset type can be used to indicate the type of equipment or system to which the network asset belongs.

[0040] Optionally, multiple attribute features of the target network asset can be obtained from the asset attribute information, and then the target asset type can be determined based on these multiple attribute features. These attribute features may include service protocol type, operating system type, open port type, component version number, etc. For example, if the target network asset's operating system is Linux, it runs SSH service with port 22 open, and has x86_64 architecture features, then the target network asset can be determined to be a Linux server. If the target network asset has a routing forwarding protocol, has multiple network interfaces, and runs an embedded network operating system, then the target network asset can be determined to be a router.

[0041] S202 involves comparing the target asset type against a historical vulnerability database to obtain relevant vulnerability data for the target network asset.

[0042] Specifically, the network asset security analysis device can build a historical vulnerability database. This database stores vulnerability data corresponding to various asset types. The vulnerability data for each asset type in the historical vulnerability database consists of vulnerabilities that have been previously detected for that asset type. This data can be entered by users or relevant personnel based on historical experience, or it can be obtained by the network asset security analysis device from internet databases. After determining the target asset type of the target network asset, a comparison can be performed on the target asset type in the historical vulnerability database to find all vulnerability data corresponding to the target asset type. This collection of vulnerability data constitutes the relevant vulnerability data for the target network asset.

[0043] In this embodiment, the target asset type of the target network asset is determined based on asset attribute information. The target asset type is then compared against a historical vulnerability database to obtain relevant vulnerability data for the target network asset. Determining the asset type through asset attribute information and then comparing it against the historical vulnerability database improves the efficiency of security analysis.

[0044] Please see Figure 4 This document provides a flowchart illustrating the context analysis and processing process in an embodiment of this application. Figure 4 As shown, in one or more embodiments of this application, step S103 may include the following steps S301-S302.

[0045] S301, perform asset usage analysis on the target network asset, and identify the upstream and downstream assets of the target network asset in the global assets of the network system.

[0046] Specifically, based on the asset attribute information of the target network asset, asset usage analysis can be performed on the target network asset to determine the function and role it provides in the network system. This allows for the identification of upstream and downstream assets of the target network asset within the global assets. The global assets are all network assets in the network system, while upstream and downstream assets are network assets in the network system that have communication links with the target network asset. For example, when the target network asset is in operation, the network asset to which the generated data flows is the downstream asset of the target network asset, and the network asset from which the obtained data originates is the upstream asset of the target network asset. Upstream and downstream assets include both upstream and downstream assets.

[0047] S302, based on upstream and downstream assets, performs vulnerability risk analysis and processing on relevant vulnerability data to determine the security status level of the target network assets.

[0048] Specifically, the relevant vulnerability data is obtained from a historical vulnerability database. Therefore, the vulnerabilities in the relevant vulnerability data can be inherent defects of network assets of the target asset type under general conditions, or vulnerabilities that appear in other network system environments. Due to the differences in network systems, the upstream and downstream assets involved, their functions, and their environments are also different. The scope and degree of threat brought about by the same vulnerability are also different. Therefore, in order to obtain a security status level that is suitable for the current network system, further vulnerability risk analysis and processing can be carried out on the relevant vulnerability data in conjunction with the upstream and downstream assets of the target network asset to determine the actual impact of the relevant vulnerability data in the current network system, thereby determining the security status level of the target network asset. Thus, the obtained security status level not only depends on the inherent severity of the vulnerability, but also combines the actual exploitable path of the vulnerability in the current network system environment and the cascading impact between the asset.

[0049] In this embodiment, an asset usage analysis is performed on the target network asset. The upstream and downstream assets of the target network asset are identified within the global assets of the network system. Based on these upstream and downstream assets, vulnerability risk analysis is conducted on relevant vulnerability data to determine the security status level of the target network asset. By combining the upstream and downstream assets of the target network asset to determine the security status level, adaptive security analysis tailored to the current network system environment is achieved, improving the accuracy of the obtained security status level.

[0050] Please see Figure 5 This application provides a schematic diagram of a process for determining upstream and downstream assets. For example... Figure 5 As shown, in one or more embodiments of this application, step S301 may include the following steps S401-S403.

[0051] S401, Based on asset attribute information, determine the type of use of the target network asset in the network system.

[0052] Specifically, based on asset attribute information, the type of use of the target network asset in the network system can be determined. User type is used to distinguish the use of different network assets in the network system, such as the functions provided, the functions undertaken, and the tasks to be completed.

[0053] S402, based on the usage type, determine the associated links of the target network asset in the global assets of the network system.

[0054] Specifically, once the purpose of the target network asset in the network system is determined, the associated links of the target network asset in the network system can be determined. The links in the network system consist of communication links between various device nodes. Links can be used to indicate the flow of data in the network system, and different links can also be used to implement different business functions. The associated links corresponding to the target network asset are the links that include the target network asset node. There can be one or multiple associated links. It can be understood that when the target network asset plays a role in multiple business functions, the target network asset may appear in multiple links. The associated links can show which network assets the target network asset obtains data from and which network assets it sends data to.

[0055] Optionally, the network system can be constructed according to a preset rule base. The preset rule base can contain link templates corresponding to different types of uses. The link templates are the connection methods of network assets and communication links of different asset types required to achieve the type of use. The preset rule base can be set by users or relevant personnel. After the type of use of the target network asset is determined, the corresponding link template can be found in the preset rules, and then the associated links can be determined in the global assets of the network system according to the link template.

[0056] Optionally, if the network system is already running, the relevant data flow of the target network asset can be queried in the network system. The relevant data flow is the data flow that has passed through the target network asset during the operation of the network system. Then, the associated links can be determined in the global assets of the network system based on the relevant data flow.

[0057] S403, Identify the upstream and downstream assets of the target network asset in the associated link.

[0058] Specifically, the associated links include other network assets that have communication links with the target network asset. The downstream network assets to which data generated by the target network asset flows can be identified within these links, as can the upstream network assets from which data received by the target network asset originates. These upstream and downstream network assets are considered the target network asset's upstream and downstream assets. Upstream and downstream assets are network assets that have communication links with the target network asset and can directly exchange data. They are closely related to the target network asset's security, improving the comprehensiveness of subsequent security analysis results. Identifying related links by usage type further identifies upstream and downstream assets, avoiding blindly traversing all assets to find them and improving the efficiency of security analysis.

[0059] In this embodiment, based on asset attribute information, the usage type of the target network asset in the network system is determined. Based on the usage type, the associated links of the target network asset are determined in the global assets of the network system, and the upstream and downstream assets of the target network asset are determined in the associated links. Determining upstream and downstream assets in the network system by using the usage type of the network asset improves the efficiency of upstream and downstream asset determination, thereby improving the efficiency and accuracy of security analysis and processing.

[0060] Please see Figure 6 This document provides a flowchart illustrating the process of determining a security status level in an embodiment of this application. Figure 6 As shown, in one or more embodiments of this application, step S302 may include the following steps S501-S502.

[0061] S501 determines the data exposure scope corresponding to relevant vulnerability data based on the network exposure scenarios of upstream and downstream assets.

[0062] Specifically, after identifying the upstream and downstream assets of the target network asset, the network exposure scenarios corresponding to these assets can be obtained. The network exposure scenario refers to the exposure surface of the network asset within the network. For example, it can include the network location, accessibility, and isolation status of the network asset. Network location can include whether the network asset is on a public network or a private network. A public network can be a globally interconnected public computer network environment, such as the Internet. A private network can be a private computer network environment built by an enterprise, company, or related personnel. Accessibility determines whether the network asset can be directly accessed from an external network. Isolation status indicates whether there are isolation settings between the network asset and its upstream and downstream assets. Isolation settings can include firewalls and gateways. Based on the network exposure environment corresponding to the upstream and downstream assets, the data exposure scope corresponding to the relevant vulnerability data can be further determined. The data exposure scope refers to the network range to which data in the network system might be exposed after the vulnerability data of the target network asset is exploited.

[0063] S502 determines the security status level of target network assets based on the scope of data exposure.

[0064] Specifically, after obtaining the data exposure range, the security status level of the target network asset can be determined based on the data exposure range. For example, the security status level can be determined based on the size of the data exposure range. If the size of the security status level is positively correlated with the degree of danger, that is, the higher the security status level, the more dangerous the vulnerability of the target network asset, then the larger the data exposure range, the higher the security status level, and the smaller the data exposure range, the lower the security status level.

[0065] In this embodiment, based on the network exposure scenarios corresponding to upstream and downstream assets, the data exposure range corresponding to relevant vulnerability data is determined, and the security status level of the target network asset is determined based on the data exposure range. By re-determining the potential data exposure range caused by relevant vulnerability data through the network exposure scenarios of upstream and downstream assets, and thus combining the actual architecture of the network system to determine the security status level of the target network asset, the accuracy of the obtained security status level is improved, and the occurrence of false alarms and vulnerabilities is reduced.

[0066] Please see Figure 7 This document provides a schematic diagram of a security status level correction process in an embodiment of this application. Figure 7 As shown, in one or more embodiments of this application, step S502 may include the following steps S601-S603.

[0067] S601, obtain the initial status level corresponding to the relevant vulnerability data.

[0068] Specifically, the initial status level corresponding to the relevant vulnerability data can be obtained. The initial status level can be the initial setting of the network asset security analysis device, or it can be set by the user or relevant personnel.

[0069] Optionally, the historical vulnerability database may store the initial status level of relevant vulnerability data. The initial status level may be the degree of impact caused when the relevant vulnerability data is exploited under general conditions, or it may be the degree of impact caused when the relevant vulnerability data has been exploited in the past.

[0070] S602, if the data exposure range includes the preset data leakage range, then the initial state level is upgraded to determine the security state level of the target network asset.

[0071] Specifically, if the data scope includes a preset data exposure range, the initial state level can be upgraded to obtain the security state level of the target network asset. The preset data exposure range is used to determine whether the initial state level needs to be upgraded or downgraded. It can be the initial setting of the network asset security analysis device, or it can be set by the user or relevant personnel. For example, the preset data leakage range can be the public network. If the data exposure range includes the public network, the initial state level will be upgraded. It is understandable that if relevant data in the network system is leaked into the preset data leakage range, it may cause serious data leakage problems.

[0072] S603 If the data exposure range does not include the preset data leakage range, the initial state level is downgraded to determine the security state level of the target network asset.

[0073] Specifically, if the data exposure scope does not include the preset data exposure scope, the initial state level can be downgraded to determine the security state level of the target network asset. For example, if the relevant vulnerability data contains an OpenSSH username enumeration vulnerability, attackers may be able to access data in the network system using username enumeration. The initial state level could be "severely dangerous." However, by examining the network exposure scenarios of upstream and downstream assets, it can be determined that both upstream and downstream assets are located on internal networks. This indicates that the data exposure scope of the relevant vulnerability data is within the internal network, while the preset data leakage scope is the public network. In other words, the data exposure scope does not include the preset data leakage scope, and the initial state level can be downgraded to determine the security state level of the target network asset as "medium dangerous."

[0074] In this embodiment, the initial state level corresponding to the relevant vulnerability data is obtained. If the data exposure range includes a preset data leakage range, the initial state level is upgraded to determine the security state level of the target network asset. If the data exposure range does not include the preset data leakage range, the initial state level is downgraded to determine the security state level of the target network asset. By adjusting the initial state level based on the data exposure range, a security state level consistent with the current network system is obtained. This achieves early warning for high-risk data leakage scenarios and avoids false alarms in low-risk scenarios, thus improving the accuracy of security state level determination.

[0075] In one or more embodiments of this application, the network asset security analysis method may further include the following steps: Based on the relevant vulnerability data and security status level of the target network assets, generate disposal recommendations.

[0076] Specifically, intelligent agents can be used to analyze and process relevant vulnerability data and security status levels to generate disposal suggestions for resolving or avoiding relevant vulnerability data. For example, if the relevant vulnerability data includes an OpenSSH username enumeration vulnerability, the disposal suggestion could be "update the OpenSSH version, restrict access permissions, and regularly review system logs." The network asset security analysis device can send the disposal suggestions to users or relevant personnel to alert them to network system risks and provide recommendations.

[0077] Optionally, the network asset security analysis device can perform early warning processing based on security status levels. It can obtain the target prompting method corresponding to the security status level and then send handling suggestions to system maintenance personnel based on the target prompting method. System maintenance personnel can be users or relevant staff. Different security status levels can be set with different prompting methods. The prompting method can be the initial setting of the network asset security analysis device or can be set by relevant staff. For example, security status levels can be divided into "safe," "slightly dangerous," "medium dangerous," and "severe dangerous," etc. If the security status level is "safe," no early warning processing is required. If the security level is "Minor Risk", the notification method can be to send a message without pop-up to the system maintenance personnel's terminal device. If the security level is "Minor Risk", the notification method can be to send a pop-up message to the system maintenance personnel's terminal device. If the security level is "Medium Risk", the notification method can be to send a pop-up message to the system maintenance personnel's terminal device and output a prompt sound. If the security level is "Severe Risk", the notification method can be to send a pop-up message to the system maintenance personnel and continuously output a prompt sound until the Xiyong maintenance personnel confirm on the terminal device. Both the pop-up message and the message without pop-up can display relevant vulnerability data, security level and handling suggestions.

[0078] Optionally, a security analysis interface can be displayed on the terminal device of the system maintenance personnel. The security analysis interface can display the reasoning process of the network asset security analysis device using intelligent agents to perform security analysis. For example, it can display the identified target network assets and asset attribute information, and further display the target asset type, upstream and downstream assets, data exposure scope, security status level and disposal suggestions, so that the system maintenance personnel can check the progress of security analysis and processing.

[0079] The following will be combined with the appendix Figure 8 - Appendix Figure 9 This application provides a detailed description of the network asset security analysis device provided in its embodiments. It should be noted that the appendix... Figure 8 - Appendix Figure 9 The network asset security analysis device in the present application is used to perform the network asset security analysis. Figures 1-7 The methods shown in the embodiments are illustrated for ease of explanation, showing only the parts relevant to the embodiments of this application. For specific technical details not disclosed, please refer to this application. Figures 1-7 The example shown.

[0080] Please see Figure 8 This illustration shows a schematic diagram of a network asset security analysis device provided in an exemplary embodiment of this application. The network asset security analysis device can be implemented as all or part of a device through software, hardware, or a combination of both. The device 1 includes an asset attribute acquisition unit 11, a vulnerability data acquisition unit 12, and a context analysis unit 13.

[0081] The asset attribute acquisition unit 11 is used to determine the target network asset in the network system and acquire the asset attribute information of the target network asset. Vulnerability data acquisition unit 12 is used to acquire relevant vulnerability data of the target network asset based on the asset attribute information; Optionally, the vulnerability data acquisition unit 12 is specifically used to determine the target asset type of the target network asset based on the asset attribute information; The target asset type is compared with the historical vulnerability database to obtain relevant vulnerability data of the target network asset.

[0082] The context analysis unit 13 is used to perform context analysis processing on the relevant vulnerability data based on the global assets of the network system, and to determine the security status level of the target network asset.

[0083] Optionally, the context analysis unit 13 is specifically used to perform asset usage analysis processing on the target network asset and determine the upstream and downstream assets of the target network asset in the global assets of the network system. Based on the upstream and downstream assets, vulnerability risk analysis and processing are performed on the relevant vulnerability data to determine the security status level of the target network asset.

[0084] Optionally, the context analysis unit 13 is specifically used to determine the usage type of the target network asset in the network system based on the asset attribute information; Based on the usage type, the associated links of the target network asset are determined in the global assets of the network system; Identify the upstream and downstream assets of the target network asset in the associated link.

[0085] Optionally, the context analysis unit 13 is specifically used to determine the data exposure range corresponding to the relevant vulnerability data based on the network exposure scenario corresponding to the upstream and downstream assets; The security status level of the target network asset is determined based on the data exposure range.

[0086] Optionally, the context analysis unit 13 is specifically used to obtain the initial state level corresponding to the relevant vulnerability data; If the data exposure range includes a preset data leakage range, then the initial state level is upgraded to determine the security state level of the target network asset. If the data exposure range does not include the preset data leakage range, then the initial state level is downgraded to determine the security state level of the target network asset.

[0087] The disposal suggestion unit 14 is used to generate disposal suggestions based on the relevant vulnerability data and the security status level of the target network asset.

[0088] In this embodiment, a target network asset is identified within the network system, and its asset attribute information is obtained. Based on this asset attribute information, relevant vulnerability data for the target network asset is acquired. Contextual analysis is then performed on the relevant vulnerability data based on the global assets of the network system to determine the security status level of the target network asset. By combining contextual analysis of the relevant vulnerabilities of the target network asset with global assets, a comprehensive detection of the target network asset's vulnerabilities is achieved, improving the accuracy of the obtained security status level.

[0089] Please see Figure 9 This illustration shows a schematic diagram of a network asset security analysis device provided in an exemplary embodiment of this application. The network asset security analysis device can be implemented as all or part of a device through software, hardware, or a combination of both. The device 1 includes an asset attribute acquisition unit 11, a vulnerability data acquisition unit 12, a context analysis unit 13, and a handling suggestion unit 14.

[0090] The asset attribute acquisition unit 11 is used to determine the target network asset in the network system and acquire the asset attribute information of the target network asset. Vulnerability data acquisition unit 12 is used to acquire relevant vulnerability data of the target network asset based on the asset attribute information; The context analysis unit 13 is used to perform context analysis processing on the relevant vulnerability data based on the global assets of the network system, and to determine the security status level of the target network asset.

[0091] In this embodiment, a target network asset is identified within the network system, and its asset attribute information is obtained. Based on this information, the target asset type is determined. The target asset type is then compared against a historical vulnerability database to obtain relevant vulnerability data. Determining the asset type through asset attribute information and comparing it against the historical vulnerability database improves security analysis efficiency. Asset usage analysis is performed on the target network asset. Upstream and downstream assets are identified within the global assets of the network system. Based on these assets, vulnerability risk analysis is conducted on relevant vulnerability data to determine the target network asset's security status level. By combining upstream and downstream assets to determine the security status level, adaptive security analysis tailored to the current network system environment is achieved, improving the accuracy of the obtained security status level.

[0092] Based on asset attribute information, the usage type of the target network asset within the network system is determined. Based on this usage type, the associated links of the target network asset are identified within the global assets of the network system, and the upstream and downstream assets of the target network asset are determined within these links. Identifying upstream and downstream assets through the usage type of the network asset improves the efficiency of this process, thereby enhancing the efficiency and accuracy of security analysis and processing. Based on the network exposure scenarios corresponding to the upstream and downstream assets, the data exposure scope corresponding to relevant vulnerability data is determined, and the security status level of the target network asset is determined based on this data exposure scope. By re-determining the potential data exposure scope caused by relevant vulnerability data through the network exposure scenarios of upstream and downstream assets, and combining this with the actual architecture of the network system, the security status level of the target network asset is determined, improving the accuracy of the obtained security status level and reducing false positives and vulnerabilities. The initial status level corresponding to the relevant vulnerability data is obtained. If the data exposure scope includes a preset data leakage scope, the initial status level is increased to determine the security status level of the target network asset; if the data exposure scope does not include the preset data leakage scope, the initial status level is decreased to determine the security status level of the target network asset. By adjusting the initial security status level based on the data exposure range, a security status level consistent with the current network system is obtained. This enables early warning for high-risk data leakage scenarios and avoids false alarms in low-risk scenarios, thus improving the accuracy of security status level determination. Furthermore, by combining global assets with contextual analysis of relevant vulnerabilities in the target network assets, a comprehensive detection of vulnerabilities in the target network assets is achieved, further enhancing the accuracy of the obtained security status level.

[0093] It should be noted that the network asset security analysis device provided in the above embodiments is only illustrated by the division of the above functional modules when executing the network asset security analysis method. In practical applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the device can be divided into different functional modules to complete all or part of the functions described above. In addition, the network asset security analysis device and the network asset security analysis method embodiments provided in the above embodiments belong to the same concept, and the implementation process is detailed in the method embodiments, which will not be repeated here.

[0094] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0095] This application also provides a computer storage medium that can store multiple instructions, which are adapted to be loaded and executed by a processor as described above. Figures 1-7 The network asset security analysis method described in the illustrated embodiment can be found in the following documentation for its specific execution process. Figures 1-7 The specific details of the illustrated embodiments will not be elaborated here.

[0096] This application also provides a computer program product storing at least one instruction, which is loaded and executed by the processor as described above. Figures 1-7 The network asset security analysis method described in the illustrated embodiment can be found in the following documentation for its specific execution process. Figures 1-7 The specific details of the illustrated embodiments will not be elaborated here.

[0097] Please refer to Figure 10 This diagram illustrates a structural block diagram of an electronic device provided in an exemplary embodiment of this application. The electronic device in this application may include one or more components such as a processor 110, a memory 120, an input device 130, an output device 140, and a bus 150. The processor 110, memory 120, input device 130, and output device 140 may be connected via the bus 150.

[0098] Processor 110 may include one or more processing cores. Processor 110 connects to various parts of the electronic device using various interfaces and lines, and performs various functions of the terminal and processes data by running or executing instructions, programs, code sets, or instruction sets stored in memory 120, and by calling data stored in memory 120. Optionally, processor 110 may be implemented using at least one hardware form of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), or Programmable Logic Array (PLA). Processor 110 may integrate one or more of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), and a modem. The CPU primarily handles the operating system, user page, and applications; the GPU is responsible for rendering and drawing the displayed content; and the modem handles wireless communication. It is understood that the modem may also not be integrated into processor 110 and may be implemented separately using a communication chip.

[0099] The memory 120 may include random access memory (RAM) or read-only memory (ROM). Optionally, the memory 120 may include non-transitory computer-readable storage medium. The memory 120 may be used to store instructions, programs, code, code sets, or instruction sets. The memory 120 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for implementing at least one function (such as touch function, sound playback function, image playback function, etc.), instructions for implementing the various method embodiments described above, etc. The operating system may be the Android system, including systems deeply developed based on the Android system, the iOS system developed by Apple Inc., including systems deeply developed based on the iOS system, or other systems.

[0100] The memory 120 can be divided into operating system space and user space. The operating system runs in the operating system space, while native and third-party applications run in user space. To ensure that different third-party applications can achieve good running performance, the operating system allocates corresponding system resources for each application. However, different application scenarios within the same third-party application have different requirements for system resources. For example, in local resource loading scenarios, third-party applications have high requirements for disk read speed; in animation rendering scenarios, third-party applications have high requirements for GPU performance. Since the operating system and third-party applications are independent of each other, the operating system often cannot promptly perceive the current application scenario of a third-party application, resulting in the operating system's inability to adapt system resources accordingly.

[0101] In order for the operating system to distinguish the specific application scenarios of third-party applications, it is necessary to establish data communication between the third-party applications and the operating system. This would allow the operating system to obtain the current scenario information of the third-party applications at any time, and then perform targeted system resource adaptation based on the current scenario.

[0102] The input device 130 is used to receive input instructions or data, and includes, but is not limited to, a keyboard, mouse, camera, microphone, or touch device. The output device 140 is used to output instructions or data, and includes, but is not limited to, a display device and a speaker. In one example, the input device 130 and the output device 140 can be combined, and the input device 130 and the output device 140 can be a touch display screen.

[0103] The touch display screen can be designed as a full-screen, curved screen, or irregularly shaped screen. It can also be designed as a combination of a full-screen and a curved screen, or a combination of an irregularly shaped screen and a curved screen; however, this application does not limit the specific design in this regard.

[0104] In addition, those skilled in the art will understand that the structure of the electronic device shown in the above figures does not constitute a limitation on the electronic device. The electronic device may include more or fewer components than shown, or combine certain components, or have different component arrangements. For example, the electronic device may also include radio frequency circuits, input units, sensors, audio circuits, Wireless Fidelity (WiFi) modules, power supplies, Bluetooth modules, etc., which will not be described in detail here.

[0105] exist Figure 10 In the illustrated electronic device, the processor 110 can be used to call the network asset security analysis application stored in the memory 120, and specifically perform the following operations: Identify the target network asset in the network system and obtain the asset attribute information of the target network asset; Based on the asset attribute information, obtain relevant vulnerability data of the target network asset; Based on the global assets of the network system, contextual analysis is performed on the relevant vulnerability data to determine the security status level of the target network asset.

[0106] In one embodiment, when the processor 110 executes the process of obtaining relevant vulnerability data of the target network asset based on the asset attribute information, it specifically performs the following operations: The target asset type of the target network asset is determined based on the asset attribute information; The target asset type is compared with the historical vulnerability database to obtain relevant vulnerability data of the target network asset.

[0107] In one embodiment, when the processor 110 performs context analysis processing based on the global assets of the network system to determine the security status level of the target network asset, it specifically performs the following operations: Asset usage analysis is performed on the target network asset to identify the upstream and downstream assets of the target network asset in the global assets of the network system. Based on the upstream and downstream assets, vulnerability risk analysis and processing are performed on the relevant vulnerability data to determine the security status level of the target network asset.

[0108] In one embodiment, when the processor 110 performs asset usage analysis processing for the target network asset and determines the upstream and downstream assets of the target network asset in the global assets of the network system, it specifically performs the following operations: Based on the asset attribute information, determine the type of use of the target network asset in the network system; Based on the usage type, the associated links of the target network asset are determined in the global assets of the network system; Identify the upstream and downstream assets of the target network asset in the associated link.

[0109] In one embodiment, when the processor 110 performs vulnerability risk analysis based on the upstream and downstream assets for the relevant vulnerability data and determines the security status level of the target network asset, it specifically performs the following operations: Based on the network exposure scenarios corresponding to the upstream and downstream assets, the data exposure scope corresponding to the relevant vulnerability data is determined; The security status level of the target network asset is determined based on the data exposure range.

[0110] In one embodiment, when the processor 110 determines the security status level of the target network asset based on the data exposure range, it specifically performs the following operations: Obtain the initial status level corresponding to the relevant vulnerability data; If the data exposure range includes a preset data leakage range, then the initial state level is upgraded to determine the security state level of the target network asset. If the data exposure range does not include the preset data leakage range, then the initial state level is downgraded to determine the security state level of the target network asset.

[0111] In one embodiment, when executing the network asset security analysis method, the processor 110 also performs the following operations: Based on the relevant vulnerability data and security status level of the target network asset, a handling recommendation is generated.

[0112] In this embodiment, a target network asset is identified within the network system, and its asset attribute information is obtained. Based on this information, the target asset type is determined. The target asset type is then compared against a historical vulnerability database to obtain relevant vulnerability data. Determining the asset type through asset attribute information and comparing it against the historical vulnerability database improves security analysis efficiency. Asset usage analysis is performed on the target network asset. Upstream and downstream assets are identified within the global assets of the network system. Based on these assets, vulnerability risk analysis is conducted on relevant vulnerability data to determine the target network asset's security status level. By combining upstream and downstream assets to determine the security status level, adaptive security analysis tailored to the current network system environment is achieved, improving the accuracy of the obtained security status level.

[0113] Based on asset attribute information, the usage type of the target network asset within the network system is determined. Based on this usage type, the associated links of the target network asset are identified within the global assets of the network system, and the upstream and downstream assets of the target network asset are determined within these links. Identifying upstream and downstream assets through the usage type of the network asset improves the efficiency of this process, thereby enhancing the efficiency and accuracy of security analysis and processing. Based on the network exposure scenarios corresponding to the upstream and downstream assets, the data exposure scope corresponding to relevant vulnerability data is determined, and the security status level of the target network asset is determined based on this data exposure scope. By re-determining the potential data exposure scope caused by relevant vulnerability data through the network exposure scenarios of upstream and downstream assets, and combining this with the actual architecture of the network system, the security status level of the target network asset is determined, improving the accuracy of the obtained security status level and reducing false positives and vulnerabilities. The initial status level corresponding to the relevant vulnerability data is obtained. If the data exposure scope includes a preset data leakage scope, the initial status level is increased to determine the security status level of the target network asset; if the data exposure scope does not include the preset data leakage scope, the initial status level is decreased to determine the security status level of the target network asset. By adjusting the initial security status level based on the data exposure range, a security status level consistent with the current network system is obtained. This enables early warning for high-risk data leakage scenarios and avoids false alarms in low-risk scenarios, thus improving the accuracy of security status level determination. Furthermore, by combining global assets with contextual analysis of relevant vulnerabilities in the target network assets, a comprehensive detection of vulnerabilities in the target network assets is achieved, further enhancing the accuracy of the obtained security status level.

[0114] Those skilled in the art will understand that all or part of the processes in the above embodiments can be implemented by a computer program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. The storage medium can be a magnetic disk, optical disk, read-only memory, or random access memory, etc.

[0115] The above-disclosed embodiments are merely preferred embodiments of this application and should not be construed as limiting the scope of this application. Therefore, any equivalent variations made in accordance with the claims of this application shall still fall within the scope of this application.

[0116] It should be noted that the information (including but not limited to user device information, user personal information, etc.), data (including but not limited to data used for analysis, stored data, displayed data, etc.), and signals involved in the embodiments of this specification are all authorized by the user or fully authorized by all parties, and the collection, use, and processing of related data must comply with the relevant laws, regulations, and standards of the relevant countries and regions. For example, the asset attribute information, related vulnerability data, and data exposure scope involved in this specification were all obtained under full authorization.

Claims

1. A method for network asset security analysis, characterized in that, The method includes: Identify the target network asset in the network system and obtain the asset attribute information of the target network asset; Based on the asset attribute information, obtain relevant vulnerability data of the target network asset; Based on the global assets of the network system, contextual analysis is performed on the relevant vulnerability data to determine the security status level of the target network asset.

2. The method according to claim 1, characterized in that, The process of obtaining relevant vulnerability data of the target network asset based on the asset attribute information includes: The target asset type of the target network asset is determined based on the asset attribute information; The target asset type is compared with the historical vulnerability database to obtain relevant vulnerability data of the target network asset.

3. The method according to claim 1, characterized in that, The process of performing contextual analysis on the relevant vulnerability data based on the global assets of the network system to determine the security status level of the target network asset includes: Asset usage analysis is performed on the target network asset to identify the upstream and downstream assets of the target network asset in the global assets of the network system. Based on the upstream and downstream assets, vulnerability risk analysis and processing are performed on the relevant vulnerability data to determine the security status level of the target network asset.

4. The method according to claim 3, characterized in that, The asset use analysis process for the target network asset, which identifies the upstream and downstream assets of the target network asset within the global assets of the network system, includes: Based on the asset attribute information, determine the type of use of the target network asset in the network system; Based on the usage type, the associated links of the target network asset are determined in the global assets of the network system; Identify the upstream and downstream assets of the target network asset in the associated link.

5. The method according to claim 3, characterized in that, The process of performing vulnerability risk analysis and processing based on the upstream and downstream assets for the relevant vulnerability data, and determining the security status level of the target network asset, includes: Based on the network exposure scenarios corresponding to the upstream and downstream assets, the data exposure scope corresponding to the relevant vulnerability data is determined; The security status level of the target network asset is determined based on the data exposure range.

6. The method according to claim 5, characterized in that, Determining the security status level of the target network asset based on the data exposure range includes: Obtain the initial status level corresponding to the relevant vulnerability data; If the data exposure range includes a preset data leakage range, then the initial state level is upgraded to determine the security state level of the target network asset. If the data exposure range does not include the preset data leakage range, then the initial state level is downgraded to determine the security state level of the target network asset.

7. The method according to claim 1, characterized in that, The method further includes: Based on the relevant vulnerability data and security status level of the target network asset, a handling recommendation is generated.

8. A network asset security analysis device, characterized in that, The device includes: The asset attribute acquisition unit is used to identify target network assets in the network system and acquire asset attribute information of the target network assets. The vulnerability data acquisition unit is used to acquire relevant vulnerability data of the target network asset based on the asset attribute information. The context analysis unit is used to perform context analysis processing on the relevant vulnerability data based on the global assets of the network system, and to determine the security status level of the target network asset.

9. A computer storage medium, characterized in that, The computer storage medium stores a plurality of instructions, which are adapted to be loaded by a processor and executed as method steps as claimed in any one of claims 1 to 7.

10. An electronic device, characterized in that, include: A processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and executed the method steps as claimed in any one of claims 1 to 7.