[go: up one dir, main page]

CN118869366B - Component composite vulnerability detection method, device, equipment, medium and product - Google Patents

Component composite vulnerability detection method, device, equipment, medium and product Download PDF

Info

Publication number
CN118869366B
CN118869366B CN202411345305.6A CN202411345305A CN118869366B CN 118869366 B CN118869366 B CN 118869366B CN 202411345305 A CN202411345305 A CN 202411345305A CN 118869366 B CN118869366 B CN 118869366B
Authority
CN
China
Prior art keywords
vulnerability
component
components
detected
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411345305.6A
Other languages
Chinese (zh)
Other versions
CN118869366A (en
Inventor
刘琳渤
肖华
岳贯集
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Peking University Software Engineering Co ltd
Original Assignee
Beijing Peking University Software Engineering Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Peking University Software Engineering Co ltd filed Critical Beijing Peking University Software Engineering Co ltd
Priority to CN202411345305.6A priority Critical patent/CN118869366B/en
Publication of CN118869366A publication Critical patent/CN118869366A/en
Application granted granted Critical
Publication of CN118869366B publication Critical patent/CN118869366B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Stored Programmes (AREA)

Abstract

The application discloses a method, a device, equipment, a medium and a product for detecting a component composite vulnerability, and relates to the field of network security; the method comprises the steps of determining a vulnerability data table based on vulnerability information, obtaining vulnerability array fields based on the vulnerability data table, wherein the vulnerability array fields are used for storing vulnerability components, storing the vulnerability array fields into a local database to obtain a component composite vulnerability data table, obtaining components to be detected of equipment to be detected, comparing the components to be detected with the vulnerability components one by one, and determining whether the equipment to be detected has the vulnerability. The application solves the problem of loopholes caused by the mutual influence among different components.

Description

Method, device, equipment, medium and product for detecting component composite loopholes
Technical Field
The present application relates to the field of network security, and in particular, to a method, an apparatus, a device, a medium, and a product for detecting a component composite vulnerability.
Background
In the current digital age, the network security problem is increasingly prominent, and the development of various fields is threatened. In network security, component vulnerabilities pose a serious threat to network security. Component vulnerabilities refer to security flaws that exist in individual components of software or hardware.
Dependencies introduced in developing projects or software running on a computer do not present security issues when alone, but may cause vulnerabilities when the software runs on a particular version of the operating system. Two open source components introduced in the software development process cannot generate loopholes when any one of the two components is introduced independently, but the loopholes are caused when the two components are introduced simultaneously. The vulnerability problem due to the influence of multiple factors is called compound vulnerability.
The existing vulnerability detection method is mainly aimed at running software and hardware, and vulnerabilities caused by interaction among different components are not considered.
Disclosure of Invention
The application aims to provide a method, a device, equipment, a medium and a product for detecting component compound loopholes, which can solve the loopholes caused by the mutual influence among different components.
In order to achieve the above object, the present application provides the following solutions:
in a first aspect, the present application provides a method for detecting a component composite vulnerability, including:
Obtaining vulnerability information;
determining a vulnerability data table based on the vulnerability information;
Acquiring a vulnerability array field based on the vulnerability data table, wherein the vulnerability array field is used for storing a vulnerability component, and storing the vulnerability array field into a local database to obtain a component composite vulnerability data table;
And obtaining a component to be detected of equipment to be detected, wherein the component to be detected comprises a software component to be detected and a hardware component to be detected, comparing the component to be detected with the vulnerability component one by one, and determining whether the equipment to be detected has vulnerabilities.
In a second aspect, the present application provides a device for detecting a component composite vulnerability, including:
the first acquisition module is used for acquiring vulnerability information;
The determining module is used for determining a local vulnerability data table based on the vulnerability information;
The second acquisition module is used for acquiring a vulnerability array field based on the local hole data table, wherein the vulnerability array field is used for storing vulnerability component information, and the vulnerability array field is stored in a local database to obtain a component composite vulnerability data table;
the comparison module is used for obtaining a component to be detected of equipment to be detected, wherein the component to be detected comprises software component information to be detected and hardware component information to be detected, the component to be detected and the vulnerability component are compared one by one, and whether the equipment to be detected has vulnerabilities or not is determined.
In a third aspect, the present application provides a computer device comprising a memory, a processor to store a computer program on the memory and executable on the processor, the processor executing the computer program to implement the steps of the method for detecting component composite vulnerabilities of any of the above.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the component composite vulnerability detection method of any of the above.
In a fifth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method for detecting a component composite vulnerability of any one of the above.
According to the specific embodiment provided by the application, the application discloses the following technical effects:
The application provides a method, a device, equipment, a medium and a product for detecting a component composite vulnerability, which are characterized in that a vulnerability data table is determined through acquired vulnerability information, a vulnerability array field is acquired through the vulnerability data table, the vulnerability array field is used for storing a vulnerability component, the component composite vulnerability data table is obtained through storing the vulnerability array field into a local database, all component sets which cause the occurrence of the component composite vulnerability between software and between software and hardware are obtained, vulnerability searching efficiency is improved, and searching of the component composite vulnerability is perfected. The detection of the component composite loopholes is realized by acquiring the components to be detected of the equipment to be detected, wherein the components to be detected comprise the software components to be detected and the hardware components to be detected, comparing the components to be detected with the loopholes one by one, and determining whether the loopholes exist in the equipment to be detected.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is an application environment diagram of a method for detecting component composite vulnerabilities in an embodiment of the present application;
FIG. 2 is a flow chart of a method for detecting component composite vulnerabilities according to an embodiment of the present application;
FIG. 3 is a diagram illustrating a single data structure in a vulnerability data table vulnerable _module according to one embodiment of the present application;
FIG. 4 is a flowchart of determining whether a device to be detected has a vulnerability according to an embodiment of the present application;
FIG. 5 is a flowchart of determining whether a component to be detected and a vulnerability component are matched according to an embodiment of the present application;
FIG. 6 is a flowchart of a method for processing a vulnerability of a device to be detected according to an embodiment of the present application;
FIG. 7 is a schematic structural diagram of a device for detecting component composite vulnerabilities according to an embodiment of the present application;
Fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The foregoing objects, features, and advantages of the application will be more readily apparent from the following detailed description of the application when taken in conjunction with the accompanying drawings and detailed description.
The method for detecting the component composite vulnerability can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be provided separately, may be integrated on the server 104, or may be placed on a cloud or other server. The terminal 102 can send the obtained vulnerability information to the server 104, the server 104 determines a vulnerability data table based on the obtained vulnerability information after receiving the obtained vulnerability information, obtains a vulnerability array field based on the vulnerability data table, stores the vulnerability array field into a local database by the server 104 to obtain a component composite vulnerability data table, and obtains a component to be detected of the device to be detected by the server 104, wherein the component to be detected comprises a software component to be detected and a hardware component to be detected, compares the component to be detected with the vulnerability component one by one, and determines whether the device to be detected has a vulnerability. The server 104 may feed back a detection result of whether the device to be detected has the vulnerability to the terminal 102. In addition, in some embodiments, the method for detecting the component composite vulnerability may be implemented by the server 104 or the terminal 102 alone, for example, the terminal 102 may directly obtain vulnerability information, compare the component to be detected with the vulnerability component one by one, determine whether the device to be detected has a vulnerability, or obtain the vulnerability information from the data storage system by the server 104, and compare the component to be detected with the vulnerability component one by one, determine whether the device to be detected has a vulnerability.
The terminal 102 may be, but not limited to, various desktop computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 104 may be implemented as a stand-alone server or a server cluster composed of a plurality of servers, or may be a cloud server.
In an exemplary embodiment, as shown in fig. 2, a method for detecting a component composite vulnerability is provided, where the method is executed by a computer device, specifically, may be executed by a computer device such as a terminal or a server, or may be executed by the terminal and the server together, and in an embodiment of the present application, the method is applied to the server 104 in fig. 1, and is described as an example, and includes the following steps 210 to 240. Wherein:
Step 210, obtaining vulnerability information.
In one implementation, the method for obtaining vulnerability information includes, but is not limited to, the following:
Crawler programs are written through a web crawler tool (such as Scrapy framework of Python), and vulnerability information of a national information security vulnerability influence platform (https:// www.cnvd.org.cn /), a national information security vulnerability database (https:// www.cnnvd.org.cn /) and an American vulnerability database (https:// nvd. Nist. Gov /) is crawled in a directional mode. 2. Downloading the vulnerability information file, wherein a part of the vulnerability database can provide the downloading function of the vulnerability information file. For example, the U.S. vulnerability database NVD provides the option to download vulnerability information in XML, CSV, or the like format. Users can select a proper format to download vulnerability information according to requirements.
Step 220, determining a vulnerability data table based on the vulnerability information.
Specifically, component composite vulnerability information caused by interaction between software and software, component composite vulnerability information caused by interaction between software and hardware, and component composite vulnerability information caused by interaction between hardware and hardware are extracted from the vulnerability information obtained in step 210. Extracting component information of a vulnerability component according to the extracted component composite vulnerability information, wherein the component information comprises vulnerability id, vulnerability name, vulnerability source, release time publishedDate, vulnerability description descriptions, related link references, component manufacturer vendor, component product name product, component version, logical relationship operator among components, vulnerability source, vulnerability name, vulnerability release time publishedDate, vulnerability description descriptions, related link references and other data.
It can be appreciated that, since the component version information disclosed by the security hole website and the component version information actually published by the component can be distinguished, the component version information disclosed by the security hole website cannot be automatically identified and compared by a computer. Therefore, the component version information is subjected to normalization processing. The normalization algorithm processing of the component versions can convert various versions into a format which can be uniformly identified and compared by a computer, so that the component composite loophole searching is computerized, meanwhile, after the loophole component comprising the component data structure is stored in a local database, the loophole can be quickly searched through a database searching technology, and the loophole searching efficiency is improved.
Illustratively, the component version information is serialized into a string, which comprises the following specific steps:
Step 2201, unifying the characters in the component version information into lowercase characters, and removing the component Vendor information and the product information contained in the component version information, wherein the component Vendor information and the product information contain uppercase information and lowercase information.
At step 2202, the non-arabic letters and non-numeric characters in the string in the vulnerability component version information are collectively replaced with a braille "", and a plurality of consecutive braille characters are one braille character.
Step 2203, the following characters contained in the case-less marked vulnerability component version information are not distinguished :Pre-alpha,Dev,alpha,α,beta,β,Release Candidate,RC,GA,General Availability,Stable,Maintenance Release,Patch,LTS,Long Term Support.
In step 2204, a section is set between every two dot characters "", and a section is set between the beginning and the end of the character string. And according to the version character string from front to back, each interval less than 16 characters is subjected to zero padding according to the front, the first 16 characters are reserved in the interval exceeding 16 characters, if the character string is less than 8 intervals, the subsequent zero padding is unified, and finally, the character string '99' is unified and added at the tail of the character string. Each version of the string is processed into a fixed 130 character string.
Illustratively, component version 1.22.333 is processed according to the steps described above as follows:
000000010000002200000333000000000000000000000000000000000000000099。
In step 2205, the last two character strings are replaced with 01,02,03, 09, respectively, according to Pre-alpha<Dev<alpha/α<beta/β<Release Candidate/RC<GA/General Availability/Stable/<Maintenance Release<Patch<LTS/Long Term Support for the character strings marked in step 1203.
Illustratively, the component version 1.22.33-beta is processed according to the above steps as follows:
0000000100000022000003330000000000000000000000000000000000000000004。
and after normalizing the vulnerability component version information, obtaining a component data structure of the vulnerability component version information, and storing the vulnerability component comprising the component data structure into a local database to obtain a vulnerability data table vulnerable. The vulnerability data table includes three structures vulnerable, node, module. Where node is a presentation of a single node structure in the vulnerable table, where a single node is extracted from the node set nodes, and module is a presentation of a single component module structure in a single node, where a single component module is extracted from the component set modules. The vulnerability data table vulnerable mentioned above is shown in table 1:
TABLE 1
Step 230, obtaining a vulnerability array field based on the vulnerability data table, where the vulnerability array field is used to store the vulnerability component, and store the vulnerability array field in the local database to obtain a component composite vulnerability data table vulnerable-module, as shown in table 2:
TABLE 2
In an exemplary embodiment, node data is extracted from the vulnerability data table, all combinations of the vulnerability components are listed according to the logical relationships characterized in the node data, and each combination of the vulnerability components corresponds to a vulnerability array field. When the logical relationship is characterized as AND, acquiring the vulnerability components in all the vulnerability array fields to determine a combination of the vulnerability components; when the logical relationship is characterized as OR, obtaining one of the vulnerability components from each of all of the vulnerability array fields determines a combination of the vulnerability components.
Specifically, each node data in the node set nodes in the vulnerable data table is extracted, all combinations of the vulnerability array field childs and the vulnerability array field modules are listed according to the logical relationship of the and or represented by the operators in the node data, and each combination of the vulnerability components corresponds to one vulnerability array field. When the logical relationship of the operator token is "and", it indicates that the vulnerability components in the vulnerability array field childs and the vulnerability array field modules exist simultaneously, and when the logical relationship of the operator token is "or", it indicates that only one of the vulnerability components in the vulnerability array field childs and the vulnerability array field modules exists, it generates a vulnerability. And storing all the vulnerability array fields into a local database to form a component composite vulnerability data table vulnerable _module. The node data represents node data, and the module data represents vulnerability component data. The whole component composite vulnerability data table shows all component sets which cause component composite vulnerabilities to appear between software and hardware, and can quickly find the vulnerabilities by using a database retrieval technology, so that vulnerability finding efficiency is improved, and finding of the component composite vulnerabilities is perfected.
For example, as shown in fig. 3, fig. 3 is a schematic diagram of a single data structure in the vulnerability data table vulnerable _module according to one embodiment of the present application. According to the logical relationship "or" represented by the operator in node1, the vulnerability components module1 and module2 in the vulnerability array field childs and the vulnerability component module3 in the vulnerability array field modules are ored, and it can be known from the logical relationship "or" that the simultaneous existence of module1 and module3 can generate a vulnerability, or that the simultaneous existence of module2 and module3 can generate a vulnerability. Furthermore, if the logical relationship is "and", the coexistence of Module1, module2 and Module3 may produce vulnerabilities. The logically operated modules 1,2 and 3 form a component composite vulnerability data table vulnerable _module data 1 and vulnerable _module data 2, and 3 pieces of data of the component composite vulnerability data table vulnerable _module are shown in table 3:
TABLE 3 Table 3
Step 240, obtaining a component to be detected of the device to be detected, where the component to be detected includes a software component to be detected and a hardware component to be detected, comparing the component to be detected with the vulnerability component one by one, and determining whether the device to be detected has the vulnerability.
Specifically, software component analysis (Software Composition Analysis, SCA) technology is used to acquire software component information contained in the operation of the equipment to be detected, hardware information acquisition (Hardware Profiling) technology is used to acquire hardware information of the equipment to be detected, the components to be detected and the vulnerability components are compared one by one, and whether the vulnerability exists in the equipment to be detected is determined, specifically, the method comprises the following steps:
in step 2401, when the vulnerability array field modules contains only one vulnerability component, if the component to be detected matches the one vulnerability component, the device to be detected has a vulnerability.
In step 2402, when the vulnerability array field modules contains a plurality of vulnerability components, if the component to be detected is matched with the plurality of vulnerability components, the device to be detected has a vulnerability.
Exemplary, as shown in fig. 4, fig. 4 is a flowchart of determining whether a device to be detected has a vulnerability according to an embodiment of the present application. The components a, b, and c to be detected are detected using a software component analysis (Software Composition Analysis, SCA) technique and a hardware information acquisition (Hardware Profiling) technique, and the components a, b, and c to be detected may be any one of a hardware component and a software component, respectively. The method comprises the steps of searching for matches in a loophole array field modules in a composite loophole data table vulnerable _module one by one, searching for matches in a loophole array field modules if the component a to be detected is matched with a loophole component in the loophole array field modules, searching for matches in a loophole array field modules if only the component a exists in the loophole array field modules, checking whether other components except the component a in the loophole array field modules can find matches in the components b and c detected in the loophole array field modules if the components a do not exist, if the matches can be found, then, if the matches are not found, then, the loophole does not exist, and searching for matches in the loophole array field modules in the composite loophole data table vulnerable _module according to the steps, and if the components a, b and c do not match with the components in the loophole array field modules one by one.
Exemplary, as shown in fig. 5, fig. 5 is a flowchart for determining whether a component to be detected and a vulnerability component are matched according to an embodiment of the present application. Searching and matching the component to be detected and the vulnerability array field modules of the compound vulnerability data table vulnerable _module, comparing the information of the component to be detected with the information in the compound vulnerability data table vulnerable _module table, firstly comparing whether the component product name product and the component manufacturer vendor of the component to be detected are the same, judging whether the component version of the component to be detected is contained in the table field versionEnum if the component version of the component to be detected is the same, and if the component version of the component to be detected is contained in the table field versionEnum, matching the component to be detected with the vulnerability component in the compound vulnerability data table vulnerable _module, wherein versionEnum indicates that the component contains vulnerability version enumeration; judging whether the table field versionEnum contains the component version of the component to be detected or not, judging whether the table field excludeVersion contains the component version of the component to be detected or not, if the table field excludeVersion contains the component version of the component to be detected, the component to be detected is not matched with the vulnerability component in the compound vulnerability data table vulnerable _module, wherein excludeVersion represents enumeration of the version without vulnerability, if the table field excludeVersion contains no component version of the component to be detected, carrying out normalization processing on the component version of the component to be detected, comparing and searching the normalized component version in the table field intervals [ startVersion, endVersion ] according to the character string size, determining the inclusion relation of the left side and the right side of the intervals according to the fields startinclude and endinclude, if the normalized component version can be searched in the table field intervals according to the character string size, the component to be detected is matched with the component in the compound vulnerability data table vulnerable _module, endVersion represents ending version with the vulnerability, startinclude represents whether the initial vulnerability is contained, endinclude indicates whether an ending version is included, if the normalized component version is not found in the table field section according to the string size comparison and search mode, the component to be detected is not matched with the vulnerability component in the compound vulnerability data table vulnerable _module.
In another exemplary embodiment of the present application, when a vulnerability exists in a device to be detected, a repair suggestion needs to be fed back to a user, and the method for detecting a component vulnerability provided in this embodiment includes the following steps:
Step 2501, if the device to be detected has a vulnerability, determining at least one group of components to be detected corresponding to the vulnerability, wherein each group of components to be detected corresponds to a current version, when only one group of components to be detected exists, searching whether the current version corresponding to the group of components to be detected is accompanied by an official repair suggestion, and when a plurality of groups of components to be detected exist, searching whether the current version corresponding to the groups of components to be detected is accompanied by an official repair suggestion.
Step 2502, if the current version is accompanied by an official repair suggestion, feeding back all the official repair suggestions to the user;
Step 2503, if the current version is not accompanied by the official repair suggestion, querying a higher version corresponding to the current version, wherein the higher version is obtained by using a component library used in a software component analysis (Software Composition Analysis, SCA) technology.
Step 2504, if no higher version corresponding to the current version is found, the current version is the highest version.
Step 2505, if a higher version corresponding to the current version is found, comparing at least one group of higher version vulnerability components obtained by combining at least one group of to-be-detected components with the vulnerability components one by one, if the higher version vulnerability components do not have vulnerabilities, sending all the combinations of the higher versions to a user as repair suggestions, if the higher version vulnerability components have vulnerabilities, calculating total vulnerability scores of the higher version vulnerability components of each group, and feeding back the combinations of the higher versions corresponding to the higher version vulnerability components with the lowest total vulnerability scores to the user as repair suggestions.
Fig. 6 is a flowchart of a method for processing a vulnerability of a device to be detected according to an embodiment of the present application. The component to be detected a, b, c, d, e, f is detected using a software component analysis (Software Composition Analysis, SCA) technique and a hardware information acquisition (Hardware Profiling) technique, and the component to be detected a, b, c, d, e, f may be any one of a hardware component and a software component, respectively. And obtaining vulnerability component combinations a and b, vulnerability component combinations g and h and vulnerability component combinations e and g in the component composite vulnerability data table. The method comprises the steps of comparing a to-be-detected component a, b, c, d, e, f with a vulnerability component combination a, b, a vulnerability component combination g, h and a vulnerability component combination e, g respectively, checking whether a vulnerability exists in a current version and an official repair suggestion, if the current version is attached with the official repair suggestion, feeding back the official repair suggestion attached to the current version to a user, if the current version is not attached with the official repair suggestion, combining the switched versions, namely, inquiring a higher version corresponding to the current version, if the highest version corresponding to the current version is not inquired, the current version is the highest version, and if the higher version corresponding to the current version is inquired, wherein each current version corresponds to at least one higher version, each group of to-be-detected components corresponds to at least one higher version, comparing a group of higher version components obtained by a group of to-be-detected components with the vulnerability components one by one, or comparing a plurality of groups of higher version components and components one by combining the groups of to the vulnerability components until the last combination comparison is finished. If the vulnerability components of the higher versions exist, calculating the total score of the vulnerability scores of the vulnerability components of each group, and sending the combination of the higher versions corresponding to the vulnerability components of the higher versions with the lowest total score of the vulnerability scores to the user as a restoration suggestion. By searching all version combinations containing the vulnerability components, a scheme with the smallest influence on the system is found according to the vulnerability scores of different version combinations, and the lower the vulnerability score is, the lower the hazard of the version combination to the system is.
The application also provides an application scene, which applies the method for detecting the component composite vulnerability. Specifically, in the method for detecting the component composite vulnerability provided by the embodiment, the acquired component name of the device to be detected is component a, and the manufacturer is Microsoft and the version is 1.0. The component information can be directly compared with the component information of the vulnerability component to determine whether the vulnerability exists in the component to be detected. If a vulnerability exists, we need to provide a repair suggestion, looking up a higher version of component a, say 2.0. At this time, a new component information is formed, the name of the component is component a, the manufacturer is Microsoft, the version is 2.0, and the new component information is compared with the component information of the vulnerability component again to determine whether the vulnerability exists in the component to be detected. If the vulnerability exists, and the version of the component a higher than 1.0 is only 2.0, which vulnerability score of the 1.0 and 2.0 versions of the component a is the lowest, and which version is used as the repair suggestion to be sent to the user.
Based on the same inventive concept, the embodiment of the application also provides a detection device for realizing the component composite vulnerability. The implementation scheme of the device for solving the problem is similar to that described in the above method, so the specific limitation in the embodiment of the device for detecting the composite vulnerability of one or more components provided below can be referred to the limitation of the method for detecting the composite vulnerability of a component hereinabove, and will not be repeated here.
In an exemplary embodiment, as shown in fig. 7, there is provided a device for detecting a component composite vulnerability, including:
On the other hand, as shown in fig. 7, a schematic structural diagram of a device for detecting component composite vulnerabilities according to an embodiment of the present application is shown in fig. 7, where the device 700 includes:
a first obtaining module 710, configured to obtain vulnerability information;
a determining module 720, configured to determine a local vulnerability data table based on the vulnerability information;
A second obtaining module 730, configured to obtain a vulnerability array field based on the local hole data table, where the vulnerability array field is used to store vulnerability component information, and store the vulnerability array field into a local database to obtain a component composite vulnerability data table;
The comparison module 740 is configured to obtain a component to be detected of the device to be detected, where the component to be detected includes information of a software component to be detected and information of a hardware component to be detected, and compare the component to be detected with a vulnerability component one by one, so as to determine whether the device to be detected has a vulnerability.
As an optional implementation manner, the prediction model construction device provided by the embodiment of the present application, the determining module 720 is specifically configured to:
Extracting component composite vulnerability information based on vulnerability information, wherein the component composite vulnerability information comprises software and software
Component composite vulnerability information caused by the interaction between software and hardware, and component composite vulnerability information caused by the interaction between hardware and hardware;
Extracting component information of a vulnerability component based on component composite vulnerability information, wherein the component information comprises a component manufacturer, a component product name and a component version, normalizing the component version to obtain a component data structure of the component version, and storing the vulnerability component containing the component data structure into a local database to obtain a vulnerability data table.
As an optional implementation manner, the prediction model building apparatus provided in the embodiment of the present application, the second obtaining module 730 is specifically configured to:
Extracting node data from the vulnerability data table, listing all combinations of vulnerability components according to the logical relationship characterized in the node data, wherein each combination of the vulnerability components corresponds to a vulnerability array field.
As an optional implementation manner, the prediction model construction device provided by the embodiment of the present application, the comparison module 740 is specifically configured to:
When the vulnerability array field only comprises one vulnerability component, if the component to be detected is matched with the vulnerability component, the device to be detected has a vulnerability;
When the vulnerability array field contains a plurality of vulnerability components, if the components to be detected are matched with the vulnerability components, the device to be detected has a vulnerability.
In an exemplary embodiment, a computer device, which may be a server or a terminal, is provided, and an internal structure thereof may be as shown in fig. 8. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing video tag processing data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a method for detecting component composite vulnerabilities.
It will be appreciated by those skilled in the art that the structure shown in FIG. 8 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In an exemplary embodiment, a computer device is also provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In an exemplary embodiment, a computer-readable storage medium is provided, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method embodiments described above.
In an exemplary embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to meet the related regulations.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic RandomAccess Memory, DRAM), etc.
The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The principles and embodiments of the present application have been described herein with reference to specific examples, which are intended to facilitate an understanding of the principles and concepts of the application and are to be varied in scope and detail by persons of ordinary skill in the art based on the teachings herein. In view of the foregoing, this description should not be construed as limiting the application.

Claims (7)

1.一种组件复合漏洞的检测方法,其特征在于,所述组件复合漏洞的检测方法包括:1. A method for detecting a composite vulnerability of a component, characterized in that the method for detecting a composite vulnerability of a component comprises: 获取漏洞信息;Get vulnerability information; 基于所述漏洞信息确定漏洞数据表;Determine a vulnerability data table based on the vulnerability information; 基于所述漏洞数据表获取漏洞数组字段,所述漏洞数组字段用于储存漏洞组件,将所述漏洞数组字段存入本地数据库中得到组件复合漏洞数据表;Based on the vulnerability data table, a vulnerability array field is obtained, where the vulnerability array field is used to store vulnerability components, and the vulnerability array field is stored in a local database to obtain a component composite vulnerability data table; 获取待检测设备的待检测组件,所述待检测组件包括待检测软件组件与待检测硬件组件,将所述待检测组件与所述漏洞组件进行逐一对比,确定所述待检测设备是否存在漏洞;Obtaining components to be detected of the device to be detected, the components to be detected including software components to be detected and hardware components to be detected, comparing the components to be detected with the vulnerability components one by one, and determining whether the device to be detected has a vulnerability; 所述基于漏洞信息确定漏洞数据表,具体包括:Determining the vulnerability data table based on the vulnerability information specifically includes: 基于所述漏洞信息提取组件复合漏洞信息,其中,所述组件复合漏洞信息包Extract component composite vulnerability information based on the vulnerability information, wherein the component composite vulnerability information includes 括软件与软件之间相互影响而导致的所述组件复合漏洞信息,软件与硬件之间相互影响而导致的所述组件复合漏洞信息,所述硬件与硬件之间相互影响而导致的所述组件复合漏洞信息;Including composite vulnerability information of the components caused by the mutual influence between software and software, composite vulnerability information of the components caused by the mutual influence between software and hardware, and composite vulnerability information of the components caused by the mutual influence between hardware and hardware; 基于所述组件复合漏洞信息提取出所述漏洞组件的组件信息,所述组件信息包括组件厂商、组件产品名称和组件版本,将所述组件版本进行归一化处理,得到所述组件版本的组件数据结构,将包含所述组件数据结构的漏洞组件存入本地数据库中得到漏洞数据表;Extracting component information of the vulnerable component based on the component composite vulnerability information, the component information including component manufacturer, component product name and component version, normalizing the component version to obtain a component data structure of the component version, and storing the vulnerable component including the component data structure in a local database to obtain a vulnerability data table; 所述基于所述漏洞数据表获取漏洞数组字段,具体包括:The obtaining of vulnerability array fields based on the vulnerability data table specifically includes: 从所述漏洞数据表中提取出节点数据,根据所述节点数据中表征的逻辑关系列举出所述漏洞组件的所有组合,所述漏洞组件的每一种组合对应一个漏洞数组字段;Extracting node data from the vulnerability data table, and listing all combinations of the vulnerability components according to the logical relationship represented in the node data, wherein each combination of the vulnerability components corresponds to a vulnerability array field; 所述根据所述节点数据中表征的逻辑关系列举出所述漏洞组件的所有组合,具体包括:The step of listing all combinations of the vulnerability components according to the logical relationship represented in the node data specifically includes: 当所述逻辑关系表征为与时,获取所有所述漏洞数组字段中的所述漏洞组件确定所述漏洞组件的一种组合;When the logical relationship is characterized by AND, obtaining the vulnerability components in all the vulnerability array fields to determine a combination of the vulnerability components; 当所述逻辑关系表征为或时,从所有所述漏洞数组字段中各获取一个所述漏洞组件确定所述漏洞组件的一种组合。When the logical relationship is represented by "or", one vulnerability component is obtained from each of all the vulnerability array fields to determine a combination of the vulnerability components. 2.根据权利要求1所述的组件复合漏洞的检测方法,其特征在于,所述将所述待检测组件与所述漏洞组件进行逐一对比,确定所述待检测设备是否存在漏洞,具体包括:2. The component composite vulnerability detection method according to claim 1 is characterized in that the step of comparing the component to be detected with the vulnerable component one by one to determine whether the device to be detected has a vulnerability specifically comprises: 当所述漏洞数组字段中仅包含一个所述漏洞组件时,若所述待检测组件与所述漏洞组件匹配,所述待检测设备存在漏洞;When the vulnerability array field contains only one vulnerability component, if the component to be detected matches the vulnerability component, the device to be detected has a vulnerability; 当所述漏洞数组字段中包含多个所述漏洞组件时,若所述待检测组件与所述漏洞组件均匹配,所述待检测设备存在漏洞。When the vulnerability array field contains a plurality of vulnerability components, if the component to be detected matches the vulnerability component, the device to be detected has a vulnerability. 3.根据权利要求1所述的组件复合漏洞的检测方法,其特征在于,所述组件复合漏洞的检测方法还包括:3. The component composite vulnerability detection method according to claim 1, characterized in that the component composite vulnerability detection method further comprises: 若所述待检测设备存在漏洞,根据引发漏洞的所述待检测组件,查找所述待检测组件的当前版本是否附带官方修复建议;If the device to be detected has a vulnerability, find out whether the current version of the component to be detected comes with an official repair suggestion based on the component to be detected that causes the vulnerability; 若所述当前版本附带所述官方修复建议,将所述官方修复建议反馈至用户;If the current version comes with the official repair suggestion, feeding back the official repair suggestion to the user; 若所述当前版本没有附带所述官方修复建议,查询所述当前版本对应的更高版本;If the current version does not come with the official repair suggestion, query a higher version corresponding to the current version; 若没有查找到所述当前版本对应的更高版本,则所述当前版本为最高版本;If no higher version corresponding to the current version is found, the current version is the highest version; 若查找到所述当前版本对应的更高版本,将至少一组所述待检测组件进行组合后得到的至少一组更高版本漏洞组件与所述漏洞组件进行逐一对比,如果所述更高版本漏洞组件不存在漏洞,将所有所述更高版本的组合作为修复建议发送至用户;如果所述更高版本漏洞组件存在漏洞,计算各组所述更高版本漏洞组件的总漏洞评分,将所述总漏洞评分最低的更高版本漏洞组件对应的更高版本的组合作为修复建议反馈至用户。If a higher version corresponding to the current version is found, at least one group of higher version vulnerability components obtained by combining at least one group of components to be detected are compared one by one with the vulnerability components; if the higher version vulnerability components do not have vulnerabilities, all combinations of the higher versions are sent to the user as repair suggestions; if the higher version vulnerability components have vulnerabilities, the total vulnerability scores of each group of the higher version vulnerability components are calculated, and the higher version combination corresponding to the higher version vulnerability components with the lowest total vulnerability score is fed back to the user as a repair suggestion. 4.一种组件复合漏洞的检测装置,其特征在于,所述组件复合漏洞的检测装置包括:4. A component composite vulnerability detection device, characterized in that the component composite vulnerability detection device comprises: 第一获取模块,用于获取漏洞信息;A first acquisition module is used to obtain vulnerability information; 确定模块,用于基于所述漏洞信息确定本地漏洞数据表,还用于:A determination module is used to determine a local vulnerability data table based on the vulnerability information, and is also used to: 基于所述漏洞信息提取组件复合漏洞信息,其中,所述组件复合漏洞信息包括软件与软件之间相互影响而导致的所述组件复合漏洞信息,软件与硬件之间相互影响而导致的所述组件复合漏洞信息,所述硬件与硬件之间相互影响而导致的所述组件复合漏洞信息;Extracting component composite vulnerability information based on the vulnerability information, wherein the component composite vulnerability information includes the component composite vulnerability information caused by the mutual influence between software and software, the component composite vulnerability information caused by the mutual influence between software and hardware, and the component composite vulnerability information caused by the mutual influence between hardware and hardware; 基于所述组件复合漏洞信息提取出漏洞组件的组件信息,所述组件信息包括组件厂商、组件产品名称和组件版本,将所述组件版本进行归一化处理,得到所述组件版本的组件数据结构,将包含所述组件数据结构的漏洞组件存入本地数据库中得到漏洞数据表;Extracting component information of the vulnerable component based on the component composite vulnerability information, the component information including the component manufacturer, component product name and component version, normalizing the component version to obtain a component data structure of the component version, and storing the vulnerable component including the component data structure in a local database to obtain a vulnerability data table; 第二获取模块,用于基于所述本地漏洞数据表获取漏洞数组字段,所述漏洞数组字段用于储存漏洞组件信息,将所述漏洞数组字段存入本地数据库中得到组件复合漏洞数据表,还用于:The second acquisition module is used to acquire a vulnerability array field based on the local vulnerability data table, the vulnerability array field is used to store vulnerability component information, and the vulnerability array field is stored in the local database to obtain a component composite vulnerability data table, and is also used to: 从所述漏洞数据表中提取出节点数据,根据所述节点数据中表征的逻辑关系列举出所述漏洞组件的所有组合,所述漏洞组件的每一种组合对应一个漏洞数组字段;Extracting node data from the vulnerability data table, and listing all combinations of the vulnerability components according to the logical relationship represented in the node data, wherein each combination of the vulnerability components corresponds to a vulnerability array field; 当所述逻辑关系表征为与时,获取所有所述漏洞数组字段中的所述漏洞组件确定所述漏洞组件的一种组合;When the logical relationship is characterized by AND, obtaining the vulnerability components in all the vulnerability array fields to determine a combination of the vulnerability components; 当所述逻辑关系表征为或时,从所有所述漏洞数组字段中各获取一个所述漏洞组件确定所述漏洞组件的一种组合;When the logical relationship is represented by "or", obtaining one vulnerability component from each of all vulnerability array fields to determine a combination of vulnerability components; 对比模块,用于获取待检测设备的待检测组件,所述待检测组件包括待检测软件组件信息与待检测硬件组件信息,将所述待检测组件与所述漏洞组件进行逐一对比,确定所述待检测设备是否存在漏洞。The comparison module is used to obtain the components to be detected of the device to be detected, wherein the components to be detected include software component information to be detected and hardware component information to be detected, and compare the components to be detected with the vulnerability components one by one to determine whether the device to be detected has a vulnerability. 5.一种计算机设备,包括:存储器、处理器以存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序以实现权利要求1-3中任一项所述的组件复合漏洞的检测方法的步骤。5. A computer device, comprising: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of the component composite vulnerability detection method described in any one of claims 1 to 3. 6.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该计算机程序被处理器执行时实现权利要求1-3中任一项所述的组件复合漏洞的检测方法的步骤。6. A computer-readable storage medium having a computer program stored thereon, characterized in that when the computer program is executed by a processor, the steps of the component composite vulnerability detection method described in any one of claims 1 to 3 are implemented. 7.一种计算机程序产品,包括计算机程序,其特征在于,该计算机程序被处理器执行时实现权利要求1-3中任一项所述的组件复合漏洞的检测方法的步骤。7. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, the steps of the component composite vulnerability detection method described in any one of claims 1 to 3 are implemented.
CN202411345305.6A 2024-09-26 2024-09-26 Component composite vulnerability detection method, device, equipment, medium and product Active CN118869366B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411345305.6A CN118869366B (en) 2024-09-26 2024-09-26 Component composite vulnerability detection method, device, equipment, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411345305.6A CN118869366B (en) 2024-09-26 2024-09-26 Component composite vulnerability detection method, device, equipment, medium and product

Publications (2)

Publication Number Publication Date
CN118869366A CN118869366A (en) 2024-10-29
CN118869366B true CN118869366B (en) 2025-01-21

Family

ID=93181197

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411345305.6A Active CN118869366B (en) 2024-09-26 2024-09-26 Component composite vulnerability detection method, device, equipment, medium and product

Country Status (1)

Country Link
CN (1) CN118869366B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115033894A (en) * 2022-08-12 2022-09-09 中国电子科技集团公司第三十研究所 Software component supply chain safety detection method and device based on knowledge graph
CN116167056A (en) * 2023-02-27 2023-05-26 绿盟科技集团股份有限公司 Open source component risk detection method and device, electronic equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170310700A1 (en) * 2016-04-20 2017-10-26 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. System failure event-based approach to addressing security breaches

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115033894A (en) * 2022-08-12 2022-09-09 中国电子科技集团公司第三十研究所 Software component supply chain safety detection method and device based on knowledge graph
CN116167056A (en) * 2023-02-27 2023-05-26 绿盟科技集团股份有限公司 Open source component risk detection method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN118869366A (en) 2024-10-29

Similar Documents

Publication Publication Date Title
US8468146B2 (en) System and method for creating search index on cloud database
US20140244564A1 (en) Pattern-recognition processor with matching-data reporting module
US10592672B2 (en) Testing insecure computing environments using random data sets generated from characterizations of real data sets
JP5558997B2 (en) Method, information processing system, and computer program for mutual search and alert (mutual search and alert between structured and unstructured data sources)
CN114327374A (en) Business process generation method, device and computer equipment
US20240430273A1 (en) Machine learning techniques for identifying anomalous vulnerability data
US20100205411A1 (en) Handling complex regex patterns storage-efficiently using the local result processor
US9201937B2 (en) Rapid provisioning of information for business analytics
CN118869366B (en) Component composite vulnerability detection method, device, equipment, medium and product
US12174987B2 (en) System and method for representing and verifying a data set using a tree-based data structure
CA3153550A1 (en) Core recommendation method, device and system
EP4339817A1 (en) Anomalous command line entry detection
CN111222833B (en) Algorithm configuration combination platform based on data lake server
CN118409956A (en) Performance test method, apparatus, computer device, storage medium, and program product
CN114490415B (en) Business testing method, computer device, storage medium and computer program product
CN118113356A (en) System startup method, system mainboard, computer device and storage medium
CN117376410A (en) Service pushing method, device, computer equipment and storage medium
CN116756022A (en) Data preparation methods, devices, computer equipment and storage media
CN116155597A (en) Access request processing method and device and computer equipment
CN115203500A (en) Method and device for enriching user tags, computer equipment and storage medium
US20250335581A1 (en) Undesired operation identification from log entry matching on a directed acyclic graph
CN116069991B (en) Server data acquisition method, device, computer equipment and storage medium
CN119903099B (en) Data information processing method, device, electronic device and storage medium
CN118839350B (en) Code repair method, device, equipment and medium
CN116702024B (en) Method, device, computer equipment and storage medium for identifying type of stream data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant