CN117014178A - Vulnerability detection system for network security - Google Patents
Vulnerability detection system for network security Download PDFInfo
- Publication number
- CN117014178A CN117014178A CN202310656424.2A CN202310656424A CN117014178A CN 117014178 A CN117014178 A CN 117014178A CN 202310656424 A CN202310656424 A CN 202310656424A CN 117014178 A CN117014178 A CN 117014178A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- application program
- monitoring
- data
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 95
- 238000012544 monitoring process Methods 0.000 claims abstract description 106
- 230000003993 interaction Effects 0.000 claims abstract description 52
- 238000000034 method Methods 0.000 claims abstract description 38
- 230000008439 repair process Effects 0.000 claims abstract description 11
- 210000002569 neuron Anatomy 0.000 claims abstract description 8
- 238000004891 communication Methods 0.000 claims abstract description 4
- 230000002159 abnormal effect Effects 0.000 claims description 36
- 230000008569 process Effects 0.000 claims description 32
- 238000013515 script Methods 0.000 claims description 21
- 230000005856 abnormality Effects 0.000 claims description 2
- 238000002347 injection Methods 0.000 claims description 2
- 239000007924 injection Substances 0.000 claims description 2
- 210000001503 joint Anatomy 0.000 abstract description 3
- 238000012986 modification Methods 0.000 abstract 1
- 230000004048 modification Effects 0.000 abstract 1
- 239000000243 solution Substances 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 241001494479 Pecora Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a vulnerability detection system for network security, which relates to the technical field of vulnerability detection and comprises a cloud management platform, wherein the cloud management platform is in communication connection with a device information acquisition module, a device monitoring module, a vulnerability detection module and a vulnerability restoration module; according to the method, related information of the application programs in the equipment is collected, a plurality of data monitoring nodes are arranged for all the application programs, data interaction and monitoring butt joint are carried out in a neuron mode among the data monitoring nodes, further when the application programs carry out data interaction or data modification, the data monitoring nodes generate application program operation records in real time and send the application program operation records to the vulnerability detection module, the vulnerability detection module judges whether the vulnerability detection module has a vulnerability according to the application program operation records, if the vulnerability detection module has the vulnerability, the vulnerability repair module generates a vulnerability repair data packet and sends the vulnerability repair data packet to corresponding equipment to carry out vulnerability repair, and tracing inquiry is carried out on vulnerability generation, so that intelligent vulnerability detection and vulnerability repair of the application programs are achieved.
Description
Technical Field
The application relates to the technical field of vulnerability detection, in particular to a vulnerability detection system for network security.
Background
With the continuous development of internet technology, networks have become an indispensable part of daily life and production of people, but with the continuous development of the internet and the openness thereof, various network security layers are endless, and network hackers illegally steal information and data of a target network through technical means such as monitoring, detection and the like, for example, unauthorized access, confidential information theft and the like are carried out on the target network, diversified network environments and daily and lunar network attack means bring great challenges to network security problems;
the existing network security protection means generally lack of management and control technology and are in a static architecture, network topology is easy to occur, once a target network or equipment is implanted with malicious application programs, even if the target network or equipment does not have important data information, the target network or equipment can be used as a springboard to perform vulnerability analysis on other equipment so as to perform data theft, hysteresis exists in traditional vulnerability restoration, and the traditional vulnerability restoration is similar to the situation of being the same as the security of a fatigued sheep, and therefore, the vulnerability detection system for network security is provided.
Disclosure of Invention
In order to solve the above technical problems, an object of the present application is to provide a vulnerability detection system for network security.
In order to achieve the above object, the present application provides the following technical solutions:
the vulnerability detection system for network security comprises a cloud management platform, wherein the cloud management platform is in communication connection with a device information acquisition module, a device monitoring module, a vulnerability detection module and a vulnerability restoration module;
the equipment information acquisition module is used for acquiring the network position information of the equipment and further sending an equipment information acquisition instruction to the equipment information acquisition module to acquire the application program information in the equipment;
the device monitoring module is used for traversing application program information in the device, injecting a monitoring script into the application program, and further monitoring the data interaction process of the application program in real time;
the vulnerability detection module is used for judging that the operation of the application program is abnormal according to the operation record of the application program and generating a vulnerability detection record according to the vulnerability detection request;
the vulnerability restoration module is used for generating a corresponding vulnerability restoration data packet according to the vulnerability detection record, sending the corresponding vulnerability restoration data packet to corresponding equipment, tracing the vulnerability generation process through a monitoring script and generating the vulnerability restoration record.
Further, the process for collecting the application program information includes:
the device information acquisition module is used for matching the device information in the trusted device information base according to the network position information and the basic information of the device, marking the corresponding device as trusted device if the device information is matched with the device information, marking the corresponding device as untrusted device if the device information is matched with the device information, and deleting the network position information and the basic information sent by the device information;
for the equipment marked as the trusted equipment, the equipment information acquisition module sends an equipment information acquisition instruction to the corresponding equipment according to the IP address of the equipment information acquisition module, so that the application program information in the equipment is acquired.
Further, the injection process of the monitoring script comprises the following steps:
the device receives and installs the vulnerability monitoring program from the device monitoring module, and then the vulnerability monitoring program traverses the application programs in the device and sets monitoring scripts for the application programs, and sets a plurality of data monitoring nodes according to the authority information of the application programs, and a user can set the monitoring scripts for all the application programs in the device by default through manually setting an application program list needing to set the monitoring scripts.
Furthermore, the monitoring script consists of a plurality of data monitoring nodes, and the data monitoring nodes in the application programs are mutually related by adopting a neuron structure because the application programs in the equipment have function handover or data interaction functions;
the data monitoring node is used for collecting and recording various operation records of the application program and extracting keyword information of interaction data when the data interaction is carried out.
Further, the monitoring process for the data interaction process of the application program includes:
after the data interaction or the function handover of the application program is completed, the vulnerability monitoring program temporarily stops the operation of the application program, after receiving a vulnerability detection record judgment result from the device monitoring module, the vulnerability monitoring program makes corresponding operation according to the application program operation judgment result in the vulnerability detection record, if the vulnerability detection record is judged to be normal, the operation stopping operation of the application program is canceled, if the vulnerability detection record is judged to be abnormal, the application program operation is restored, a vulnerability detection request is generated and sent to the device monitoring module, and the device monitoring module sends the vulnerability detection request to the vulnerability detection module;
the data monitoring node sends the operation record of the application program and the keyword information of the interaction data to the vulnerability monitoring program, and the vulnerability monitoring program establishes the operation record of the application program according to the operation record sent by each data monitoring node and the keyword information of the interaction data.
Further, the judging process of the application program operation record includes:
the vulnerability detection module acquires the authority information of the application program from the application program operation record, compares the authority information with the operation record and the keyword information of the interaction data in the application program operation record, further judges whether the operation of the application program exceeds the authority of the application program, and judges that the operation record of the application program is normal if the operation of the application program does not exceed the authority;
if the operation of the application program is judged to exceed the authority, the operation record abnormality of the application program is judged.
Further, the generating process of the vulnerability detection record includes:
the vulnerability detection module traces the source of the abnormal operation or abnormal data interaction process of the application program according to the vulnerability detection request, matches the type of the vulnerability of the abnormal operation or abnormal data interaction process of the application program according to the tracing result, and further generates a vulnerability detection record and sends the vulnerability detection record to the vulnerability repair module.
Further, the generating process of the vulnerability repair data packet includes:
the vulnerability monitoring module acquires a corresponding vulnerability restoration patch from an application program developer network according to the vulnerability detection record, and generates a vulnerability restoration data packet by taking the vulnerability restoration patch as a reference and combining an operation record of the application program;
the vulnerability restoration data packet comprises a vulnerability restoration patch, a device name, an application program name and a vulnerability tracing instruction, wherein the vulnerability tracing instruction is used for calling a data monitoring node in the application program so as to trace the generation of the vulnerability.
Further, the process of tracing the vulnerability generation includes:
after the device receives the vulnerability restoration data packet, vulnerability restoration is carried out on the application program through the vulnerability restoration patch, meanwhile, data monitoring nodes in the application program are called according to a vulnerability tracing instruction in the vulnerability data packet, further, the data monitoring nodes in the application program are connected with other data monitoring nodes in a neuron mode, when all the data monitoring nodes in the device are traversed to obtain data interaction records of the application program generating the vulnerability, and further, abnormal data interaction records causing the vulnerability generation are found.
Compared with the prior art, the application has the beneficial effects that:
1. according to the application, by traversing the application program in the device, a plurality of data monitoring nodes are further arranged according to the data interaction port of the application program, meanwhile, the data monitoring nodes in the application program are mutually connected in a neuron mode, and when the application program performs data interaction, the data monitoring nodes at the two ends of the data exchange port are pre-connected, so that the monitoring strength of the application program in the device is improved, and the flexibility of the monitoring process is improved;
2. according to the method, the related information of all the application programs in the equipment is collected, the known security holes are obtained from the developer of the application programs according to the related information of the application programs, the new hole repairing patch is built by combining the abnormal operation of the application programs, meanwhile, the generation of the holes is traced through the data monitoring nodes, reference is provided for the follow-up equipment to encounter the same security holes, and the data security level of the equipment is improved to a certain extent.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
Fig. 1 is a schematic diagram of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail below. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, based on the examples herein, which are within the scope of the application as defined by the claims, will be within the scope of the application as defined by the claims.
As shown in fig. 1, a vulnerability detection system for network security comprises a cloud management platform, wherein the cloud management platform is in communication connection with a device information acquisition module, a device monitoring module, a vulnerability detection module and a vulnerability restoration module;
the device information acquisition module is used for acquiring network position information of the device and further sending device information acquisition instructions to the device information acquisition module to acquire application program information in the device, and the specific process comprises the following steps:
the equipment sends network position information and basic information to the equipment information acquisition module, wherein the network position information comprises an IP address and a current physical address of the equipment, and the basic information comprises the name, the model and a port MAC address of the equipment;
the device information acquisition module is preset with a trust device information base, wherein the trust device information base comprises the name, the model, the IP address and the port MAC address of the trust device;
the device information acquisition module further matches the device information in the trusted device information base according to the network position information and the basic information sent by the device, if the device information is matched with the network position information and the basic information, the corresponding device is marked as trusted device, if the device information is matched with the network position information and the basic information, the corresponding device is marked as untrusted device, and the network position information and the basic information sent by the device are deleted;
further, for the equipment marked as trusted equipment, the equipment information acquisition module sends an equipment information acquisition instruction to the corresponding equipment according to the IP address of the equipment;
after receiving the equipment information acquisition instruction, the equipment acquires the internal application program information according to the equipment information acquisition instruction and sends the application program information to the equipment information acquisition module;
the internal application information comprises the name, authority information, version level and program developer name of an application program;
the device information acquisition module sends the received application program information to the device monitoring module.
The device monitoring module is used for injecting a monitoring script into the device according to the application program information in the device, so as to monitor the data interaction process of the application program in real time, and the specific process comprises the following steps:
after receiving the application program information from the device information acquisition module, the device monitoring module acquires the known security holes of the version level of the application program from the program developer network according to the name, the version level and the program developer name of the application program in the application program information, and sends the known security holes to the hole detection module and the hole repair module;
further, the device monitoring module sends a vulnerability monitoring program to the device, wherein the vulnerability monitoring program is used for setting a monitoring script in an application program in the device and blocking the operation of the application program provided with the monitoring script, and the monitoring script consists of a plurality of data monitoring nodes;
the device receives and installs the vulnerability monitoring program, and then the vulnerability monitoring program traverses the application programs in the device and sets monitoring scripts for the application programs, and sets a plurality of data monitoring nodes according to authority information of the application programs, and a user can set the monitoring scripts for all the application programs in the device by default through manually setting an application program list needing to set the monitoring scripts; for example, the authority of an application program comprises reading and modifying the data of the equipment database and interacting with other application programs, and then the data monitoring node is arranged on an application interface when the equipment database is accessed or modified and on a data port used when the data monitoring node interacts with other application programs;
the data monitoring node is used for collecting and recording various operation records of the application program and extracting keyword information of interaction data when the application program performs data interaction;
furthermore, because the application programs in the device have function handover or data interaction, the data monitoring nodes in the application programs are related by adopting a neuron structure, for example, when one application program and the other application program perform data interaction, the data monitoring nodes at two ends of a data port used during the data interaction perform monitoring butt joint firstly, and after the data interaction of the two application programs is completed, the two ends of the data port further perform secondary monitoring butt joint to indicate the end of monitoring;
after the data interaction or the function handover of the application program is completed, the vulnerability monitoring program temporarily stops the operation of the application program, after receiving a vulnerability detection record judging result from the device monitoring module, the vulnerability monitoring program makes corresponding operation according to the application program operation judging result in the vulnerability detection record, if the vulnerability detection record is judged to be normal, the operation stopping operation of the application program is canceled, if the vulnerability detection record is judged to be abnormal, the application program operation is restored, and a vulnerability detection request is generated and sent to the device monitoring module, and the device monitoring module sends the vulnerability detection request to the vulnerability detection module, wherein the vulnerability detection request comprises the whole process of acquiring the abnormal operation of the application program, the starting and ending time of the abnormal operation, the application program name contained in the corresponding operation and the corresponding version level;
the data monitoring node sends the operation record of the application program and the keyword information of the interaction data to the vulnerability monitoring program, and the vulnerability monitoring program establishes the operation record of the application program and sends the operation record to the equipment monitoring module according to the operation record sent by each data monitoring node and the keyword information of the interaction data;
the application program operation records comprise operation time, application program names, version grades, operation authorities, keyword information of interaction data and operation records;
the device monitoring module receives the application program operation record, adds the IP address and the name of the device into the application program operation record, and sends the application program operation record to the vulnerability detection module.
The vulnerability detection module is used for judging whether the operation of the corresponding application program is abnormal according to the operation record of the application program, and generating a vulnerability detection record according to a vulnerability detection request, and the specific process comprises the following steps:
the vulnerability detection module receives the application program operation record from the equipment monitoring module, and matches the known security vulnerabilities of the corresponding application programs in the equipment from the equipment monitoring module according to the equipment names in the application program operation record and the names and version grades of the application programs;
and then, judging whether the operation of the application program is abnormal or not by combining the authority of the application program in the operation record of the application program, the operation record and the keyword information of the interaction data;
specifically, the vulnerability detection module acquires authority information of the application program from the application program operation record, compares the authority information with the operation record and the keyword information of the interaction data in the application program operation record, further judges whether the operation of the application program exceeds the authority of the application program, for example, the authority information of the application program indicates specific data which can only be interacted, the data in the equipment database is not modified, and further compares the authority information with the operation record of the application program, and if the keyword information of the interaction data, including the specific data which can be interacted in the authority information, is displayed, the operation record of the application program is judged to be normal;
if the keyword information of the interactive data is displayed when the application program data is interacted, the specific data which can be interacted in the authority information is not included, or the operation of modifying the data in the equipment database is carried out, judging that the operation record of the application program is abnormal;
further, the vulnerability detection module sends an application program operation record judgment prompt to the equipment monitoring module, so that vulnerability detection is carried out according to a vulnerability detection request sent by the equipment monitoring module, and a vulnerability detection record is generated and sent to the vulnerability repair module;
according to the historical vulnerability detection records, the vulnerability detection module classifies the vulnerabilities into three types: unauthorized access holes, path traversal holes, and abnormal command execution holes;
the method comprises the steps that an unauthorized access vulnerability indicates that an application program obtains unauthorized rights of the application program through an illegal means, and then illegal access is performed to tamper equipment data or illegal data transmission operation is performed;
the path crossing vulnerability indicates that the application program bypasses the data access authority, directly accesses or falsifies the equipment data, or directly performs illegal data transmission operation;
the abnormal command execution vulnerability indicates that under the condition that an application program receives an operation instruction generated by non-equipment, access in the authority of the application program is performed to modify equipment data or illegal data transmission operation is performed;
the vulnerability detection module traces the abnormal operation or abnormal data interaction process of the application program according to the whole process of the abnormal operation of the application program in the vulnerability detection request and the starting and stopping time of the abnormal operation, matches the type of the vulnerability of the abnormal operation or abnormal data interaction process of the application program according to the tracing result, and further generates a vulnerability detection record and sends the vulnerability detection record to the vulnerability restoration module;
wherein the vulnerability detection record comprises an application program name, an operation record, an application program version level and a vulnerability type.
The vulnerability restoration module is used for generating a corresponding vulnerability restoration data packet according to the vulnerability detection record and sending the corresponding vulnerability restoration data packet to corresponding equipment, tracing the vulnerability generation and generating the vulnerability restoration record, and the specific process comprises the following steps:
after the vulnerability monitoring module receives the vulnerability detection record, matching the corresponding known security vulnerabilities according to the names and version levels of the application programs in the vulnerability detection record, and simultaneously matching the vulnerability types in the vulnerability detection record with the known security vulnerabilities, so that the vulnerability repairing module obtains corresponding vulnerability repairing patches from the application program developer functional network, takes the vulnerability repairing patches as references, combines the operation record of the application program to generate a vulnerability repairing data packet, and sends the vulnerability repairing data packet to a device monitoring module, and the vulnerability monitoring module sends the vulnerability repairing data packet to corresponding devices according to the device names in the vulnerability repairing data packet;
the vulnerability restoration data packet comprises a vulnerability restoration patch, a device name, an application program name and a vulnerability tracing instruction, wherein the vulnerability tracing instruction is used for calling a data monitoring node in the application program so as to trace the generation of the vulnerability;
after the device receives the vulnerability restoration data packet, vulnerability restoration is carried out on the application program through the vulnerability restoration patch, meanwhile, data monitoring nodes in the application program are called according to a vulnerability tracing instruction in the vulnerability data packet, the data monitoring nodes in the application program are connected with other data monitoring nodes in a neuron mode, when all the data monitoring nodes in the device are traversed to obtain data interaction records of the application program generating the vulnerability, the corresponding abnormal data interaction records are searched by taking the vulnerability type as a reference, and then an abnormal IP address for transmitting abnormal interaction data is placed in a data interaction blacklist, and meanwhile, the abnormal IP address and the abnormal data interaction record are transmitted to a vulnerability restoration module;
and the bug fix module establishes a bug fix record, wherein the bug fix record comprises an application program name, an abnormal IP address, a bug fix patch and an abnormal data interaction record, and the bug fix record is used for directly sending the corresponding bug fix patch to corresponding equipment for bug fix after the subsequent bug fix module receives the related bug problem.
The above embodiments are only for illustrating the technical method of the present application and not for limiting the same, and it should be understood by those skilled in the art that the technical method of the present application may be modified or substituted without departing from the spirit and scope of the technical method of the present application.
Claims (9)
1. The vulnerability detection system for network security comprises a cloud management platform, and is characterized in that the cloud management platform is in communication connection with a device information acquisition module, a device monitoring module, a vulnerability detection module and a vulnerability restoration module;
the equipment information acquisition module is used for acquiring the network position information of the equipment and further sending an equipment information acquisition instruction to the equipment information acquisition module to acquire the application program information in the equipment;
the device monitoring module is used for traversing application program information in the device, injecting a monitoring script into the application program, and further monitoring the data interaction process of the application program in real time;
the vulnerability detection module is used for judging whether the operation of the application program is abnormal according to the operation record of the application program and generating a vulnerability detection record according to the vulnerability detection request;
the vulnerability restoration module is used for generating a corresponding vulnerability restoration data packet according to the vulnerability detection record, sending the corresponding vulnerability restoration data packet to corresponding equipment, tracing the vulnerability generation process through a monitoring script and generating the vulnerability restoration record.
2. The vulnerability detection system of claim 1, wherein the application information collection process comprises:
the device information acquisition module is used for matching the device information in the trusted device information base according to the network position information and the basic information of the device, marking the corresponding device as trusted device if the device information is matched with the device information, marking the corresponding device as untrusted device if the device information is matched with the device information, and deleting the network position information and the basic information sent by the device information;
for the equipment marked as the trusted equipment, the equipment information acquisition module sends an equipment information acquisition instruction to the corresponding equipment according to the IP address of the equipment information acquisition module, so that the application program information in the equipment is acquired.
3. The vulnerability detection system of claim 1, wherein the injection process of the monitoring script comprises:
the device receives and installs the vulnerability monitoring program from the device monitoring module, and then the vulnerability monitoring program traverses the application programs in the device and sets monitoring scripts for the application programs, and sets a plurality of data monitoring nodes according to the authority information of the application programs, and a user can set the monitoring scripts for all the application programs in the device by default through manually setting an application list needing to set the monitoring scripts.
4. A vulnerability detection system for network security according to claim 3, wherein the monitoring script is composed of a plurality of data monitoring nodes, and the data monitoring nodes in the application program are related to each other by adopting a neuron structure because of the function handover or data interaction function between the application programs in the device;
the data monitoring node is used for collecting and recording various operation records of the application program and extracting keyword information of interaction data when the data interaction is carried out.
5. A vulnerability detection system as recited in claim 3, wherein the listening process for the application's data interaction process comprises:
after the data interaction or the function handover of the application program is completed, the vulnerability monitoring program temporarily stops the operation of the application program, after receiving a vulnerability detection record judgment result from the device monitoring module, the vulnerability monitoring program makes corresponding operation according to the application program operation judgment result in the vulnerability detection record, if the vulnerability detection record is judged to be normal, the operation stopping operation of the application program is canceled, if the vulnerability detection record is judged to be abnormal, the application program operation is restored, a vulnerability detection request is generated and sent to the device monitoring module, and the device monitoring module sends the vulnerability detection request to the vulnerability detection module;
the data monitoring node sends the operation record of the application program and the keyword information of the interaction data to the vulnerability monitoring program, and the vulnerability monitoring program establishes the operation record of the application program according to the operation record sent by each data monitoring node and the keyword information of the interaction data.
6. The vulnerability detection system of claim 5, wherein the determining process of the application operation record comprises:
the vulnerability detection module acquires the authority information of the application program from the application program operation record, compares the authority information with the operation record and the keyword information of the interaction data in the application program operation record, further judges whether the operation of the application program exceeds the authority of the application program, and judges that the operation record of the application program is normal if the operation of the application program does not exceed the authority;
if the operation of the application program is judged to exceed the authority, the operation record abnormality of the application program is judged.
7. The vulnerability detection system of claim 5, wherein the generating process of the vulnerability detection record comprises:
the vulnerability detection module traces the abnormal operation or abnormal data interaction process of the application program according to the vulnerability detection request, matches the type of the vulnerability of the abnormal operation or abnormal data interaction process of the application program according to the tracing result, and further generates a vulnerability detection record and sends the vulnerability detection record to the vulnerability repair module.
8. The vulnerability detection system of claim 7, wherein the generating process of the vulnerability repair data packet comprises:
the vulnerability monitoring module acquires a corresponding vulnerability restoration patch according to the vulnerability detection record, and generates a vulnerability restoration data packet by taking the vulnerability restoration patch as a reference and combining an operation record of an application program;
the vulnerability restoration data packet comprises a vulnerability restoration patch, a device name, an application program name and a vulnerability tracing instruction, wherein the vulnerability tracing instruction is used for calling a data monitoring node in the application program so as to trace the generation of the vulnerability.
9. The vulnerability detection system of claim 8, wherein the process of tracing vulnerability generation comprises:
after the device receives the vulnerability restoration data packet, vulnerability restoration is carried out on the application program through the vulnerability restoration patch, meanwhile, data monitoring nodes in the application program are called according to a vulnerability tracing instruction in the vulnerability data packet, further, the data monitoring nodes in the application program are connected with other data monitoring nodes in a neuron mode, when all the data monitoring nodes in the device are traversed to obtain data interaction records of the application program generating the vulnerability, and further, abnormal data interaction records causing the vulnerability generation are found.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310656424.2A CN117014178B (en) | 2023-06-05 | 2023-06-05 | Vulnerability detection system for network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310656424.2A CN117014178B (en) | 2023-06-05 | 2023-06-05 | Vulnerability detection system for network security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117014178A true CN117014178A (en) | 2023-11-07 |
| CN117014178B CN117014178B (en) | 2024-06-18 |
Family
ID=88564372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310656424.2A Active CN117014178B (en) | 2023-06-05 | 2023-06-05 | Vulnerability detection system for network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117014178B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107784230A (en) * | 2017-02-16 | 2018-03-09 | 平安科技(深圳)有限公司 | The restorative procedure and device of page leak |
| CN109684847A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Self-repairing method, device, equipment and the storage medium of script loophole |
| US10277619B1 (en) * | 2015-10-23 | 2019-04-30 | Nationwide Mutual Insurance Company | System and methods of identifying system vulnerabilities |
| CN110674506A (en) * | 2019-09-10 | 2020-01-10 | 深圳开源互联网安全技术有限公司 | Method and system for rapidly verifying vulnerability state of application program |
| CN112182588A (en) * | 2020-10-22 | 2021-01-05 | 中国人民解放军国防科技大学 | Operating system vulnerability analysis and detection method and system based on threat intelligence |
| CN112329021A (en) * | 2020-11-09 | 2021-02-05 | 杭州安恒信息技术股份有限公司 | Method and device for checking application bugs, electronic device and storage medium |
| CN113760339A (en) * | 2020-07-01 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Vulnerability repair method and device |
-
2023
- 2023-06-05 CN CN202310656424.2A patent/CN117014178B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10277619B1 (en) * | 2015-10-23 | 2019-04-30 | Nationwide Mutual Insurance Company | System and methods of identifying system vulnerabilities |
| CN107784230A (en) * | 2017-02-16 | 2018-03-09 | 平安科技(深圳)有限公司 | The restorative procedure and device of page leak |
| CN109684847A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Self-repairing method, device, equipment and the storage medium of script loophole |
| CN110674506A (en) * | 2019-09-10 | 2020-01-10 | 深圳开源互联网安全技术有限公司 | Method and system for rapidly verifying vulnerability state of application program |
| CN113760339A (en) * | 2020-07-01 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Vulnerability repair method and device |
| CN112182588A (en) * | 2020-10-22 | 2021-01-05 | 中国人民解放军国防科技大学 | Operating system vulnerability analysis and detection method and system based on threat intelligence |
| CN112329021A (en) * | 2020-11-09 | 2021-02-05 | 杭州安恒信息技术股份有限公司 | Method and device for checking application bugs, electronic device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117014178B (en) | 2024-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114978584B (en) | Network security protection security method and system based on unit units | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| CN107273748A (en) | A kind of method that Android system Hole Detection is realized based on leak poc | |
| Johari et al. | Penetration testing in IoT network | |
| CN113315767A (en) | Electric power Internet of things equipment safety detection system and method | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| CN117527412A (en) | Data security monitoring method and device | |
| Deng et al. | {NAUTILUS}: Automated {RESTful}{API} Vulnerability Detection | |
| CN108809950B (en) | Wireless router protection method and system based on cloud shadow system | |
| Morais et al. | A model-based attack injection approach for security validation | |
| CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
| CN117014178B (en) | Vulnerability detection system for network security | |
| CN116318783B (en) | Network industrial control equipment safety monitoring method and device based on safety index | |
| CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
| Permann et al. | Cyber assessment methods for SCADA security | |
| CN115795484A (en) | Vulnerability detection method and device for Internet of things equipment and equipment | |
| CN115314481B (en) | IEC101/IEC 104-based communication method and system for simulating master station | |
| CN118381675B (en) | Data processing method and device and electronic equipment | |
| Rao et al. | On Running Disabled Networking Features: A Taxonomy with Security Implications | |
| Widerberg Palmfeldt et al. | Testing IoT Security: A comparison of existing penetration testing frameworks and proposing a generic framework | |
| CN107196905B (en) | Trusted network access client and access method for Windows platform | |
| Collins | Pen Testing Framework for IoT Devices | |
| CN116561754A (en) | System and method for fusing media terminal security scanning | |
| Trimananda | Understanding and Guaranteeing Security, Privacy, and Safety of Smart Homes | |
| CN118802249A (en) | Unauthorized access vulnerability detection method, device and equipment for Internet of things equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |