CN111049827A - Network system safety protection method, device and related equipment - Google Patents
Network system safety protection method, device and related equipment Download PDFInfo
- Publication number
- CN111049827A CN111049827A CN201911276538.4A CN201911276538A CN111049827A CN 111049827 A CN111049827 A CN 111049827A CN 201911276538 A CN201911276538 A CN 201911276538A CN 111049827 A CN111049827 A CN 111049827A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- network
- network system
- attack
- security protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a network system safety protection method, which comprises the steps of collecting information according to a received protection instruction to obtain network system information; detecting the vulnerability of the network system information to obtain a network vulnerability; attacking the network vulnerability by using a preset automatic attack model; obtaining an attack result corresponding to the network vulnerability which is successfully attacked; performing vulnerability repair on the network vulnerability according to the attack result; the network system safety protection method can effectively realize automation, verifiability, high-efficiency and high-precision penetration test and real-time system defense. The application also discloses a network system safety protection device, a system and a computer readable storage medium, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a network system security protection method, and further, to a network system security protection apparatus, system, and computer-readable storage medium.
Background
Due to the rapid development of information-based construction, the requirements on the efficiency and accuracy of attack defense of an online system are continuously improved, and the traditional manual intervention mode cannot meet the complex security requirements of modern security attack protection.
At present, in the aspect of security monitoring of cloud, management platform, terminal and internet environment, an effective and targeted technical means is lacked, the service requirement of real-time attack defense can be well met, the system security condition and the attack defense capability cannot be comprehensively mastered, the existing security risk cannot be clearly and accurately judged, early warning is effectively carried out in advance, and the occurring security event cannot be processed in a standard and effective manner. For example, when there is a network attack in an online operation scenario of an enterprise, problems such as information leakage, override control, system denial of service, command execution, etc. are likely to occur, thereby resulting in enterprise economy and reputation loss; when internal and external network attacks exist in an online operation scene of a school network management system, problems of data tampering, batch student information leakage, academic confidential information leakage and the like easily occur, and further accidents occur in student management and state latest research secret leakage and the like are caused.
In the prior art, in order to solve the above problems, foreign manufacturers are security threat research based on a simple network environment, and basically, no relevant platform system which can completely provide automatic attack and defense drilling for a complex network environment, so as to provide automatic penetration test and security defense and completely meet the requirements of information security level protection construction and inspection in China exists; however, all domestic manufacturers can not fully meet the requirements of all levels included in the construction of an automatic attack and defense drilling platform and the construction of a safety technology under a big data complex network environment from the aspects of data mining, safety accumulation, industry understanding and the like.
Therefore, how to effectively realize automation, verifiable, high-efficiency and high-precision penetration test and real-time system defense is a problem to be solved by those skilled in the art.
Disclosure of Invention
The method can effectively realize automation, verifiability, high-efficiency and high-precision penetration test and real-time system defense; another object of the present application is to provide a network system security device, a system and a computer readable storage medium, which also have the above advantages.
In order to solve the above technical problem, the present application provides a network system security protection method, where the network system security protection method includes:
acquiring information according to the received protection instruction to obtain network system information;
detecting the vulnerability of the network system information to obtain a network vulnerability;
attacking the network vulnerability by using a preset automatic attack model;
obtaining an attack result corresponding to the network vulnerability which is successfully attacked;
and carrying out vulnerability repair on the network vulnerability according to the attack result.
Preferably, the acquiring information according to the received protection instruction to obtain the network system information includes:
and when the protection instruction is received, carrying out full-network asset scanning by using a protocol cracking technology to obtain the network system information.
Preferably, the performing vulnerability detection on the network system information to obtain a network vulnerability includes:
and detecting the vulnerability of the network system information by using a fuzzy test technology to obtain the network vulnerability.
Preferably, the network system security protection method further includes:
and constructing a model by using a decision tree algorithm to obtain the preset automatic attack model.
Preferably, the performing vulnerability repair on the network vulnerability according to the attack result includes:
and according to the attack result, performing vulnerability repair on the network vulnerability by using a hot patch technology.
Preferably, the network system security protection method further includes:
generating an attack report according to the attack result;
and sending the attack report to a display interface for displaying.
Preferably, the network system security protection method further includes:
and when the network vulnerability attack is successful, sending an alarm instruction to alarm equipment.
In order to solve the above technical problem, the present application further provides a network system security device, where the network system security device includes:
the information acquisition module is used for acquiring information according to the received protection instruction to obtain network system information;
the vulnerability detection module is used for carrying out vulnerability detection on the network system information to obtain a network vulnerability;
the automatic attack module is used for attacking the network vulnerability by utilizing a preset automatic attack model;
the attack feedback module is used for acquiring an attack result corresponding to the network vulnerability which is successfully attacked;
and the vulnerability repairing module is used for repairing the vulnerability of the network according to the attack result.
In order to solve the above technical problem, the present application further provides a network system security protection system, where the network system security protection system includes:
a memory for storing a computer program;
and the processor is used for realizing the steps of any network system safety protection method when the computer program is executed.
In order to solve the above technical problem, the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of any one of the above network system security protection methods are implemented.
The network system safety protection method comprises the steps of collecting information according to a received protection instruction to obtain network system information; detecting the vulnerability of the network system information to obtain a network vulnerability; attacking the network vulnerability by using a preset automatic attack model; obtaining an attack result corresponding to the network vulnerability which is successfully attacked; and carrying out vulnerability repair on the network vulnerability according to the attack result.
Therefore, the network system safety protection method provided by the application actively attacks the detected whole network vulnerability based on the preset automatic attack model and repairs the successfully attacked network vulnerability, so that the automatic attack and defense drilling of the online network system is realized, namely, the defense capability of the system can be automatically enhanced in real time and the vulnerability of the system can be repaired in the process of attack and defense drilling.
The network system safety protection device, system and computer readable storage medium provided by the application all have the beneficial effects, and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flow chart of a network system security protection method provided in the present application;
FIG. 2 is a block diagram of an automated offensive and defensive exercise platform of a network system according to the present application;
FIG. 3 is a block diagram of a vulnerability discovery engine provided herein;
FIG. 4 is a block diagram of an implementation framework for an automatic decision-making technique provided in the present application;
fig. 5 is a schematic structural diagram of a network system safety protection device provided in the present application;
fig. 6 is a schematic structural diagram of a network system security protection system provided in the present application.
Detailed Description
The core of the application is to provide a network system safety protection method which can effectively realize automation, verifiability, high-efficiency and high-precision penetration test and real-time system defense; at the other core of the present application, there is provided a network system security protection apparatus, system and computer readable storage medium, which also have the above beneficial effects.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of a network system security protection method provided in the present application, where the network system security protection method may include:
s101: acquiring information according to the received protection instruction to obtain network system information;
the step aims to realize the whole network information acquisition, and the whole network information is the network system information. Specifically, when the master controller receives a protection instruction for the network system, the information acquisition function is immediately started to acquire information of the network system, and the information of the network system can be acquired. The network system information is all information generated in the operation process of the network system, including but not limited to relevant information of monitoring equipment, internet of things equipment, servers, gateways and other equipment in the network system. In addition, the protection instruction may be initiated by a technician through a corresponding client, or may be automatically responded according to a preset trigger condition, such as a timing condition, and the like, which is not limited in the present application.
Preferably, the acquiring information according to the received protection instruction to obtain the network system information may include: and when the protection instruction is received, carrying out full-network asset scanning by using a protocol cracking technology to obtain network system information.
The preferred embodiment provides a more specific method for acquiring network system information, that is, scanning the assets of the whole network based on a protocol cracking technology to obtain the assets of the whole network, that is, the network system information. The protocol cracking technology is used for realizing the analysis and cracking of all protocols in the whole complex network, including but not limited to http protocol, ftp protocol, dns protocol, mail protocol, database protocol, industrial control protocol and the like, so as to ensure that comprehensive network system information is obtained.
S102: detecting the vulnerability of the network system information to obtain the network vulnerability;
this step is intended to implement vulnerability detection to detect and obtain a network vulnerability existing in the network system according to the network system information, the network vulnerability including but not limited to vulnerabilities of a host operating system, a Web application, a database system, etc. In addition, vulnerability display can be carried out on the network vulnerability, the display form is not unique, and the vulnerability can be displayed according to the severity level, vulnerability distribution, trend and the like of the vulnerability, and the vulnerability display method is not limited in the application.
Preferably, the detecting the vulnerability of the network system information to obtain the network vulnerability may include: and detecting the vulnerability of the network system information by using a fuzzy test technology to obtain the network vulnerability.
The preferred embodiment provides a more specific vulnerability detection method, namely vulnerability detection based on a fuzzy test technology, specifically, the fuzzy test technology is a method for discovering software vulnerabilities by providing unexpected input to a target system and monitoring abnormal results, known vulnerability detection and unknown vulnerability discovery of a network system can be automatically realized, and the method has higher execution efficiency and lower false alarm rate.
S103: attacking the network vulnerability by using a preset automatic attack model;
the method comprises the following steps of aiming at realizing vulnerability attack, specifically, automatically attacking the network vulnerability in a network system by utilizing a preset automatic attack model, wherein the preset automatic attack model can be obtained by carrying out attack behavior modeling through manual or artificial intelligence technology, and any one of the prior art can be adopted as a specific modeling method without limitation; furthermore, after the modeling is completed, the data can be stored in a preset storage space and can be directly called when the network system is subjected to security protection.
Preferably, the network system security protection method may further include: and (5) carrying out model construction by using a decision tree algorithm to obtain a preset automatic attack model.
The preferred embodiment provides a specific construction method of a preset automatic attack model, namely, the construction method is realized based on a decision tree algorithm. Specifically, the decision tree algorithm is a method for approximating a discrete function value, firstly, data is processed, readable rules and decision trees are generated by utilizing an inductive algorithm, then new data is analyzed by using a decision, and the process is essentially a process for classifying the data through a series of rules; further, the construction process of the preset automatic attack model based on the decision tree algorithm is only required to refer to the prior art, and the details are not repeated herein.
S104: obtaining an attack result corresponding to the successfully attacked network vulnerability;
the step aims to realize the statistics of the attack result, the statistical process of the attack result aims at the network vulnerability which is successfully attacked, and it can be understood that if the network vulnerability is successfully attacked, the network vulnerability has higher security risk, so that the attack result is obtained aiming at the network vulnerability which is successfully attacked, and the subsequent vulnerability repair is convenient to carry out.
S105: and carrying out vulnerability repair on the network vulnerability according to the attack result.
The method comprises the steps of analyzing attack results and performing vulnerability repair on network vulnerabilities according to analysis results, so that vulnerability repair on the network vulnerabilities existing in the network system is achieved, and automatic attack and defense drilling of the online network system is achieved. The bug fixing process can be realized by any bug fixing technology in the prior art, and the selected type does not influence the implementation of the technical scheme.
Preferably, the performing vulnerability repair on the network vulnerability according to the attack result may include: and according to the attack result, performing vulnerability repair on the network vulnerability by using a hot patch technology.
The preferred embodiment provides a more specific vulnerability fixing method, namely, the vulnerability fixing method is realized by using a hot patch technology. Specifically, hot patching is a way to repair defects of a product software version quickly and at low cost, and has a main advantage that services currently running in a device are not interrupted, that is, the defects of the current software version of the device can be repaired without restarting the device.
Preferably, the network system security protection method may further include: generating an attack report according to the attack result; and sending the attack report to a display interface for displaying.
The preferred embodiment aims to realize the display of the attack information, namely, a corresponding attack report can be generated based on the attack result, the specific content of the attack report can comprise the network vulnerability type and the corresponding attack method, attack result and the like, and further, the attack report is sent to a display interface to be displayed, so that technical personnel can more intuitively obtain all relevant information in the network system security protection process. In addition, attack reports can be saved to facilitate later system maintenance.
Preferably, the network system security protection method may further include: and when the network vulnerability attack is successful, sending an alarm instruction to alarm equipment.
The preferred embodiment aims to realize vulnerability warning, namely, for a network vulnerability successfully attacked, a warning instruction can be sent to warning equipment, and the warning equipment carries out vulnerability warning so that technical personnel can know the current operating condition of a network system in time.
According to the network system safety protection method, active attack is conducted on the whole detected and obtained network loopholes based on the preset automatic attack model, the network loopholes which are successfully attacked are repaired, automatic attack and defense drilling of the online network system is achieved, namely, in the process of attack and defense drilling, the defense capacity of the system can be automatically enhanced in real time, the vulnerability of the system can be repaired, one-key automatic penetration can be achieved, user intervention is not needed in the whole process, and the method has the advantages of high efficiency, high accuracy, real-time performance and verifiability.
On the basis of the above embodiments, the embodiments of the present application provide a more specific network system security protection method, which utilizes an automated attack and defense drilling platform to implement security protection on an online complex network system.
Referring to fig. 2, fig. 2 is a structural framework diagram of an automated offensive and defensive exercise platform of a network system provided in the present application, which specifically implements the following functions:
(1) automated asset detection and discovery techniques
The asset detection comprises active detection and passive detection, the whole network asset scanning is realized through a protocol cracking technology, and target protocols to be cracked comprise common internet server application protocols such as http, ftp, dns, vpn, rdp, mail protocols and database protocols and special protocols such as industrial control protocols; the final target assets needing to be counted comprise a server, a gateway, monitoring equipment, Internet of things equipment and the like; concurrent scanning is realized in a self-defined protocol stack mode so as to improve the speed, and an autonomous research and development defense udp flood attack algorithm is combined so as to improve the scanning performance and accuracy of the scanner; through the decoupling technology of a protocol layer and a transmission layer, the asset scanning aiming at a new protocol is quickly compatible; user-defined scanning behavior is also supported based on the probe template.
(2) Automated vulnerability detection and discovery techniques
Referring to fig. 3, fig. 3 is a structural framework diagram of a vulnerability discovery engine provided by the present application, and an automation technology for known vulnerability discovery and unknown vulnerability discovery is implemented by using a fuzzy testing technology, so that high heuristic, high strength and interactive detection of general vulnerabilities developed for a host operating system, a Web application, a database system and an information system security baseline can be implemented, the technology effectively avoids a problem of false alarm, a problem of path state explosion in theoretical derivation and formula calculation and symbol execution technologies, and the automation degree is high, and a large amount of manual participation is not required in a reverse engineering process; the applied technology mainly comprises regular expressions, lexical analysis, data flow analysis, control flow analysis, safety analysis, pollution propagation analysis and the like; in addition, the final vulnerability presentation may include vulnerability lists, severity levels, current vulnerability statistics and distribution, historical vulnerability trends, and other information.
(3) Automated penetration behavior modeling technique
Specifically, various complex network attack behaviors can be described through analysis and formalization, and automatic behavior modeling (preset automatic attack model) is performed in the modeling process by means of attack graphs, state transition graphs, attack nets, attack trees and other methods. In the model, possible attack states are represented by attack graph nodes, and the node contents comprise attack efficiency, user authority, a host and the like; the executor can be a backdoor program, a common user, an attacker and the like; the input may be an attack template, an attacker profile, a configuration file, etc.; the configuration file may include router configuration, network topology, network type, system information, etc.; the attack target represents the known attack step, the ability information of the attacker, and is represented by the attacker profile; the state of the system is represented by nodes, including state, attacker capability, vulnerability, user authority and the like; the attack action is represented by an edge. The attack graph of the system is generated reversely from a target state, the attack template library is traversed from a target node, an attack target which is the same as the target node is searched, and for each matched template, if the node in the template is matched with the target node and all constraint conditions are met, the edge-tail node is generated and removed from the queue; using recursive operations, an attacker's initial node can be reached. In addition, in the initialization process and the maximum access authority, all machines can be grouped into basic clusters according to the authority, and then each cluster is subdivided according to the network segment; in order to quantitatively evaluate the attack effect and realize automatic evaluation and analysis, the parameter change before and after the attack can be pre-judged to be used as an automatic judgment basis.
(4) Automatic decision making technique for vulnerability exploitation
Because the complete network intrusion process is attacked by the combined vulnerabilities, the network intrusion process can be divided into a plurality of stages, and each stage has a staged target; furthermore, the modeling is respectively carried out on the several stages, and the complexity of constructing the attack tree can be greatly reduced through the staged modeling. Specifically, the intrusion process can be divided into the following seven stages:
(i) host investigation: searching a certain host as an attacked target;
(ii) and (3) vulnerability discovery: discovering security vulnerabilities on a target host;
(iii) target permeation: obtaining unauthorized access authority by using the security vulnerability of the target host;
(iv) and (4) permission promotion: obtaining privilege authority on a target host;
(v) latent hiding: covering the active row trace so as to enter the target host again next time;
(vi) capturing information: acquiring and modifying data and information on a target host;
(vii) springboard attack: and (4) utilizing the controlled host as a springboard to launch attacks on other target hosts.
Referring to fig. 4, fig. 4 is a frame diagram for implementing an automatic decision technology provided by the present application, and according to the above-mentioned stage division of the attack process, each stage can be used as a root node of an attack tree to construct an attack tree for each stage of a network attack.
(5) Extensible security analysis plug-in modularization technology
Specifically, a Lambda big data architecture can be adopted to provide a real-time analysis module and an offline batch analysis module, wherein the real-time analysis module mainly comprises a Storm cluster, and the offline batch analysis module mainly comprises an interactive analysis Elastic search, a Hadoop and an autonomously developed task scheduling system. Further, based on a module dynamic expansion technology, the platform can use each calculation and analysis function as a functional module to realize expansion of module level, for example, when some new security analysis detection functions need to be added, only newly developed functions need to be dynamically incorporated into the analysis calculation engine according to certain rules and interfaces, and then expansion of the analysis functions can be dynamically realized.
(6) Intelligent self-learning abnormal behavior analysis and capture key technology
Specifically, comprehensive attacker behavior characteristics, internally discovered abnormal behaviors and external threat information are comprehensively considered, and through attacker behavior characteristic analysis in a long time window, IP similarity and credibility analysis of an attacker IP, weights of different attacker characteristic behaviors can be automatically updated according to correlation analysis results, and finally the abnormal behavior analysis capture model with self-learning capability is realized.
(7) Intelligent protection patch technology
Automatic consolidation of the system may be achieved through hot-patch technology. Specifically, the application program can be protected from being attacked by detecting inbound traffic, virtual patch protection is performed on bugs in the application program and the operating system, and patch installation and real-time protection are automatically completed in the real-time monitoring process of the traffic and the system by synchronously and timely notifying the bugs and patch notification and combining a deep packet detection module. Different from the traditional patch technology, the hot patch used by the technical scheme runs on the outer layers of the operating system and the application program, can independently check the data before entering the system and filter the threat aiming at the bug, namely, the hot patch can effectively protect the bug without increasing the risk to change the operating system with terminated support. In addition, the hot patch can make up the deficiency of the traditional software patch program management, strive for time for technicians, and prevent the system from known vulnerability attacks.
Therefore, the network system safety protection method provided by the embodiment of the application realizes an automatic attack and defense drilling platform which is fully covered by various devices in a target network environment through complex protocol cracking and active or passive detection technologies of various terminal devices, servers and redundant devices; the offline batch processing technology, the real-time data association analysis technology and the multidimensional situation visualization technology are provided through the big data analysis technology, the accuracy and the efficiency of vulnerability discovery are guaranteed, and the requirements of different service safety can be met through association analysis, a GBM machine learning model, a deep learning model and an unsupervised clustering analysis technology; the system also has the capabilities of automatically crawling and updating latest vulnerabilities and abnormally capturing self-learning vulnerability detection, and can automatically detect and repair part of latest security vulnerabilities; the hot patch technology is utilized to realize automatic reinforcement of the system, the safety characteristic of the online system is met, and the defense capability of the system can be automatically enhanced in real time and the vulnerability of the system can be repaired in the process of attack and defense drilling.
To solve the above problem, please refer to fig. 5, fig. 5 is a schematic structural diagram of a network system security device provided in the present application, where the network system security device may include:
the information acquisition module 10 is used for acquiring information according to the received protection instruction to obtain network system information;
the vulnerability detection module 20 is used for carrying out vulnerability detection on the network system information to obtain a network vulnerability;
the automatic attack module 30 is used for attacking the network vulnerability by using a preset automatic attack model;
the attack feedback module 40 is used for acquiring an attack result corresponding to the network vulnerability which is successfully attacked;
and the vulnerability repairing module 50 is used for performing vulnerability repairing on the network vulnerability according to the attack result.
As a preferred embodiment, the information collection module 10 may be specifically configured to, when receiving a protection instruction, perform full-network asset scanning by using a protocol cracking technology to obtain network system information.
As a preferred embodiment, the vulnerability detection module 20 may be specifically configured to perform vulnerability detection on network system information by using a fuzzy test technique to obtain a network vulnerability.
As a preferred embodiment, the network system security protection device may further include a model construction module, configured to perform model construction using a decision tree algorithm to obtain a preset automatic attack model.
As a preferred embodiment, the vulnerability fixing module 50 may be specifically configured to perform vulnerability fixing on a network vulnerability by using a hot patch technology according to an attack result.
As a preferred embodiment, the network system security protection device may further include a report display module, configured to generate an attack report according to the attack result; and sending the attack report to a display interface for displaying.
As a preferred embodiment, the network system security protection apparatus may further include a vulnerability alarm module, configured to send an alarm instruction to an alarm device when the network vulnerability attack is successful.
For the introduction of the apparatus provided in the present application, please refer to the above method embodiments, which are not described herein again.
To solve the above problem, please refer to fig. 6, fig. 6 is a schematic structural diagram of a network system security protection system provided in the present application, where the network system security protection system includes:
a memory 1 for storing a computer program;
the processor 2 is configured to implement the steps of any one of the above-mentioned network system security protection methods when executing the computer program.
For the introduction of the system provided by the present application, please refer to the above method embodiment, which is not described herein again.
In order to solve the above problem, the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of any one of the above network system security protection methods can be implemented.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
For the introduction of the computer-readable storage medium provided in the present application, please refer to the above method embodiments, which are not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The network system security protection method, device, system and computer readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and these improvements and modifications also fall into the elements of the protection scope of the claims of the present application.
Claims (10)
1. A network system security protection method is characterized by comprising the following steps:
acquiring information according to the received protection instruction to obtain network system information;
detecting the vulnerability of the network system information to obtain a network vulnerability;
attacking the network vulnerability by using a preset automatic attack model;
obtaining an attack result corresponding to the network vulnerability which is successfully attacked;
and carrying out vulnerability repair on the network vulnerability according to the attack result.
2. The network system security protection method of claim 1, wherein the acquiring information according to the received protection command to obtain the network system information comprises:
and when the protection instruction is received, carrying out full-network asset scanning by using a protocol cracking technology to obtain the network system information.
3. The method for protecting network system according to claim 1, wherein said detecting the vulnerability of the network system information to obtain the network vulnerability comprises:
and detecting the vulnerability of the network system information by using a fuzzy test technology to obtain the network vulnerability.
4. The network system security protection method of claim 1, further comprising:
and constructing a model by using a decision tree algorithm to obtain the preset automatic attack model.
5. The network system security protection method according to any one of claims 1 to 4, wherein the performing vulnerability fixing on the network vulnerability according to the attack result comprises:
and according to the attack result, performing vulnerability repair on the network vulnerability by using a hot patch technology.
6. The network system security protection method of claim 1, further comprising:
generating an attack report according to the attack result;
and sending the attack report to a display interface for displaying.
7. The network system security protection method of claim 1, further comprising:
and when the network vulnerability attack is successful, sending an alarm instruction to alarm equipment.
8. A network system security protection device, comprising:
the information acquisition module is used for acquiring information according to the received protection instruction to obtain network system information;
the vulnerability detection module is used for carrying out vulnerability detection on the network system information to obtain a network vulnerability;
the automatic attack module is used for attacking the network vulnerability by utilizing a preset automatic attack model;
the attack feedback module is used for acquiring an attack result corresponding to the network vulnerability which is successfully attacked;
and the vulnerability repairing module is used for repairing the vulnerability of the network according to the attack result.
9. A network system security protection system, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the network system security protection method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the network system security protection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911276538.4A CN111049827A (en) | 2019-12-12 | 2019-12-12 | Network system safety protection method, device and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911276538.4A CN111049827A (en) | 2019-12-12 | 2019-12-12 | Network system safety protection method, device and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111049827A true CN111049827A (en) | 2020-04-21 |
Family
ID=70235837
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911276538.4A Pending CN111049827A (en) | 2019-12-12 | 2019-12-12 | Network system safety protection method, device and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111049827A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112615836A (en) * | 2020-12-11 | 2021-04-06 | 杭州安恒信息技术股份有限公司 | Industrial control network safety protection simulation system |
| CN112671741A (en) * | 2020-12-16 | 2021-04-16 | 平安普惠企业管理有限公司 | Network protection method, device, terminal and storage medium |
| CN113965416A (en) * | 2021-12-21 | 2022-01-21 | 江苏移动信息系统集成有限公司 | Website security protection capability scheduling method and system based on workflow |
| CN114189349A (en) * | 2021-10-19 | 2022-03-15 | 广东南方通信建设有限公司 | Safety monitoring and early warning platform, safety monitoring and early warning method and storage medium |
| CN114780967A (en) * | 2022-05-23 | 2022-07-22 | 天津科思互联网科技有限公司 | Mining evaluation method based on big data vulnerability mining and AI vulnerability mining system |
| EP4254869A3 (en) * | 2022-04-01 | 2023-11-01 | Vectra AI, Inc. | Method, product, and system for generating a software representation that embodies network configuration and policy data of a computer network for use in security management |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013184099A1 (en) * | 2012-06-05 | 2013-12-12 | Empire Technology Development, Llc | Cross-user correlation for detecting server-side multi-target intrusion |
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN107426227A (en) * | 2017-08-02 | 2017-12-01 | 江苏省邮电规划设计院有限责任公司 | One kind automation safe penetration method of testing |
| CN109145579A (en) * | 2018-08-18 | 2019-01-04 | 北京航空航天大学 | Intelligent network joins automobile information secure authentication testing method and system |
-
2019
- 2019-12-12 CN CN201911276538.4A patent/CN111049827A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013184099A1 (en) * | 2012-06-05 | 2013-12-12 | Empire Technology Development, Llc | Cross-user correlation for detecting server-side multi-target intrusion |
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN107426227A (en) * | 2017-08-02 | 2017-12-01 | 江苏省邮电规划设计院有限责任公司 | One kind automation safe penetration method of testing |
| CN109145579A (en) * | 2018-08-18 | 2019-01-04 | 北京航空航天大学 | Intelligent network joins automobile information secure authentication testing method and system |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112615836A (en) * | 2020-12-11 | 2021-04-06 | 杭州安恒信息技术股份有限公司 | Industrial control network safety protection simulation system |
| CN112671741A (en) * | 2020-12-16 | 2021-04-16 | 平安普惠企业管理有限公司 | Network protection method, device, terminal and storage medium |
| CN112671741B (en) * | 2020-12-16 | 2022-10-18 | 平安普惠企业管理有限公司 | Network protection method, device, terminal and storage medium |
| CN114189349A (en) * | 2021-10-19 | 2022-03-15 | 广东南方通信建设有限公司 | Safety monitoring and early warning platform, safety monitoring and early warning method and storage medium |
| CN113965416A (en) * | 2021-12-21 | 2022-01-21 | 江苏移动信息系统集成有限公司 | Website security protection capability scheduling method and system based on workflow |
| EP4254869A3 (en) * | 2022-04-01 | 2023-11-01 | Vectra AI, Inc. | Method, product, and system for generating a software representation that embodies network configuration and policy data of a computer network for use in security management |
| EP4254868A3 (en) * | 2022-04-01 | 2023-11-01 | Vectra AI, Inc. | Method, product, and system for analyzing a computer network to identify attack paths using a software representation that embodies network configuration and policy data for security management |
| CN114780967A (en) * | 2022-05-23 | 2022-07-22 | 天津科思互联网科技有限公司 | Mining evaluation method based on big data vulnerability mining and AI vulnerability mining system |
| CN114780967B (en) * | 2022-05-23 | 2023-01-17 | 中咨数据有限公司 | Mining evaluation method based on big data vulnerability mining and AI vulnerability mining system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111049827A (en) | Network system safety protection method, device and related equipment | |
| CN111245793A (en) | Method and device for analyzing abnormity of network data | |
| CN113660296B (en) | Method and device for detecting anti-attack performance of industrial control system and computer equipment | |
| CN117879970B (en) | Network security protection method and system | |
| CN113240116B (en) | Wisdom fire prevention cloud system based on class brain platform | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN111510339B (en) | Industrial Internet data monitoring method and device | |
| CN112491860A (en) | Industrial control network-oriented collaborative intrusion detection method | |
| Sen et al. | On using contextual correlation to detect multi-stage cyber attacks in smart grids | |
| CN117294517A (en) | Network security protection method and system for solving abnormal traffic | |
| CN116781412A (en) | Automatic defense method based on abnormal behaviors | |
| CN117527412A (en) | Data security monitoring method and device | |
| Sun | A New Perspective on Cybersecurity Protection: Research on DNS Security Detection Based on Threat Intelligence and Data Statistical Analysis | |
| EP4009586A1 (en) | A system and method for automatically neutralizing malware | |
| CN118337540B (en) | Internet of things-based network intrusion attack recognition system and method | |
| CN118018231A (en) | Security policy management method, device, equipment and storage medium for isolation area | |
| Katasev et al. | Neural network diagnosis of anomalous network activity in telecommunication systems | |
| CN117792733A (en) | Network threat detection method and related device | |
| Zaghdoud et al. | Contextual fuzzy cognitive map for intrusion response system | |
| Betancourt et al. | Linking intrusion detection system information and system model to redesign security architecture | |
| Ayoughi et al. | Enhancing Automata Learning with Statistical Machine Learning: A Network Security Case Study | |
| CN117648689B (en) | Automatic response method for industrial control host safety event based on artificial intelligence | |
| CN116684122A (en) | Network attack and defense platform for network loopholes | |
| CN118890211A (en) | APT attack behavior detection method, system and readable storage medium | |
| CN118171269A (en) | DevOps container threat detection method and system based on generation countermeasure network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200421 |