CN106357664B - Vulnerability detection method and device - Google Patents
Vulnerability detection method and device Download PDFInfo
- Publication number
- CN106357664B CN106357664B CN201610875416.7A CN201610875416A CN106357664B CN 106357664 B CN106357664 B CN 106357664B CN 201610875416 A CN201610875416 A CN 201610875416A CN 106357664 B CN106357664 B CN 106357664B
- Authority
- CN
- China
- Prior art keywords
- scanning
- virtual machine
- functional components
- functional
- network interaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 24
- 230000003993 interaction Effects 0.000 claims abstract description 73
- 238000000034 method Methods 0.000 claims abstract description 53
- 238000012360 testing method Methods 0.000 claims description 35
- 238000012545 processing Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000006854 communication Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a vulnerability detection method and device, relates to the technical field of internet, and aims to solve the problem that the existing vulnerability scanning mode cannot meet the scanning requirement in a cloud environment. The method of the invention comprises the following steps: scanning network interaction among all functional components in a cloud environment by a scanning virtual machine, wherein the scanning virtual machine is positioned in the cloud environment; receiving scanning result data returned by each functional component; and comparing the scanning result data with a preset vulnerability triggering condition to determine the security of the network interaction. The vulnerability scanning method and device are applied to the vulnerability scanning process of network interaction between different functional components in the cloud environment.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a vulnerability detection method and device.
Background
With the rapid development of internet technology and the demand of big data, new internet technology cloud technology appears. The cloud technology is the development of distributed processing, parallel processing and network computing, and refers to a hosting technology for unifying series resources such as hardware, software and networks in a wide area network or a local area network to realize the computation, storage and sharing of data.
A hosting platform corresponding to the cloud technology is called a cloud platform or a cloud environment. Hosts in the cloud environment are all virtual machines, and different virtual machines are managed through a cloud host management platform. The existing common cloud host management platform is Openstack, Close stack, etc. Network communication is required to be carried out between each virtual machine or each functional component in the cloud environment, and some vulnerabilities may exist in the process of network interaction of each functional component. In order to ensure the security of network interaction, it is necessary to scan the vulnerability of the network interaction process.
In the prior art, a vulnerability scanning mode based on a network is as follows: scanning software acquires an Internet Protocol (IP) address of a page to be scanned, and scans vulnerabilities of the corresponding page after the IP address is acquired. If the existing scanning mode is applied to the framework of the novel cloud host management platform for vulnerability scanning, only a cloud platform management interface can be scanned, and vulnerabilities possibly existing in network communication among all functional components in the cloud platform cannot be scanned. Therefore, the existing vulnerability scanning mode cannot meet the scanning requirement under the novel cloud environment.
Disclosure of Invention
In view of the above, the present invention is proposed in order to provide a vulnerability detection method and apparatus that overcomes or at least partially solves the above mentioned problems.
In order to solve the above technical problem, in one aspect, the present invention provides a vulnerability detection method, including:
scanning network interaction among all functional components in a cloud environment by a scanning virtual machine, wherein the scanning virtual machine is positioned in the cloud environment;
receiving scanning result data returned by each functional component;
and comparing the scanning result data with a preset vulnerability triggering condition to determine the security of the network interaction.
In another aspect, the present invention provides a vulnerability detection apparatus, including:
the scanning unit is used for scanning network interaction among all functional components in a cloud environment by a scanning virtual machine, and the scanning virtual machine is positioned in the cloud environment;
the receiving unit is used for receiving scanning result data returned by each functional component;
and the comparison unit is used for comparing the scanning result data with a preset vulnerability triggering condition so as to determine the security of the network interaction.
By means of the technical scheme, the vulnerability detection method and the vulnerability detection device provided by the invention can scan network interaction among all functional components in a cloud environment through the scanning virtual machine, wherein the scanning virtual machine is positioned in the cloud environment; then receiving scanning result data returned by each functional component; and comparing the scanning result data with a preset vulnerability triggering condition to find out the possible vulnerabilities of the functional components in the network interaction process, and determining the security of the functional components in the cloud environment during network interaction. Compared with the prior art, the method and the system have the advantages that the scanning virtual machine can be placed in the cloud environment to scan the network interaction among the functional components in the cloud environment, and the security of the functional components in the network interaction process is determined by comparing the received scanning result data with the preset vulnerability triggering conditions. Therefore, the vulnerability detection method can meet the requirement of vulnerability scanning in the network interaction process between different functional components in the cloud environment.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 shows a flowchart of a vulnerability detection method provided in an embodiment of the present invention;
fig. 2 is a flowchart illustrating another vulnerability detection method provided in an embodiment of the present invention;
fig. 3 is a block diagram illustrating a vulnerability detection apparatus according to an embodiment of the present invention;
fig. 4 is a block diagram illustrating another vulnerability detection apparatus according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to solve the problem that the existing vulnerability scanning mode cannot meet the scanning requirement in the cloud environment, the embodiment of the invention provides a vulnerability detection method, as shown in fig. 1, the method comprises the following steps:
101. the scanning virtual machine scans network interaction between the functional components in the cloud environment.
The scanning virtual machine in this embodiment is obtained by purchasing a virtual machine from a cloud service manufacturer having a cloud service and installing or designing scanning software on the purchased virtual machine. The scan virtual machine in this embodiment includes a scan engine, a database, a file verification tool, and the like. The scanning engine is based on virtual layer and network layer to scan, and the existing scanning engine can only scan based on network layer.
Since the virtual machine itself is located in the cloud environment, the scanning virtual machine can scan for network interactions between functional components in the cloud environment. Usually, each functional component corresponds to different functional nodes in the network interaction process, and the different functional nodes correspond to different virtual machines. Specific examples are given for the definition of the different functional nodes: suppose that a network interaction process involves two functional modules, namely account login and account authentication, and a network interaction exists between the two functional modules, for example, the account login module needs to send the received account information to the account authentication module, so that the authentication module authenticates the received account information. In this example two different modules correspond to two functional nodes, respectively.
102. And receiving scanning result data returned by each functional component.
For the scanning performed by the scanning virtual machine for the network interaction between the functional components in step 101, the scanning virtual machine receives corresponding scanning result data, and the scanning result data is returned by the functional components. When scanning the network interaction among the components, the scanning virtual machine respectively scans the functional components involved in the corresponding network interaction process, so that the received scanning result data is the data returned by the corresponding functional components.
103. And comparing the scanning result data with a preset vulnerability triggering condition to determine the security of network interaction.
And comparing the scanning result data returned by each functional component received in the step 102 with a preset vulnerability triggering condition. If the scanning result data meet the corresponding preset vulnerability triggering conditions, the vulnerability exists in the corresponding functional components when corresponding network interaction is carried out; and if the scanning result data do not accord with the corresponding preset vulnerability triggering conditions, the corresponding functional components are relatively safe when performing corresponding network interaction.
According to the vulnerability detection method provided by the embodiment, network interaction among all functional components in a cloud environment can be scanned through the scanning virtual machine, wherein the scanning virtual machine is located in the cloud environment; then receiving scanning result data returned by each functional component; and comparing the scanning result data with a preset vulnerability triggering condition to find out the possible vulnerabilities of the functional components in the network interaction process, and determining the security of the functional components in the cloud environment during network interaction. Compared with the prior art, the embodiment can enable the scanning virtual machine to scan the network interaction between the functional components in the cloud environment by placing the scanning virtual machine in the cloud environment, and compares the received scanning result data with the preset vulnerability triggering conditions to determine the security of the functional components in the network interaction process. Therefore, the vulnerability-based detection method can meet the requirement of vulnerability scanning on the network interaction process among different functional components in the cloud environment.
Further, as refinement and extension of the method shown in fig. 1, another embodiment of the present invention further provides a vulnerability detection method. As shown in fig. 2, the method includes:
201. determining a scanning range for scanning the virtual machine.
Determining a scanning range of the scanning virtual machine in the corresponding cloud environment, wherein the scanning virtual machine is located in the cloud environment as in the embodiment of fig. 1. In order to determine a range that can be scanned in a cloud environment, a scan virtual machine needs to determine an IP port of a host corresponding to the scan virtual machine. The IP port of the host is determined to be obtained through a preset algorithm, which in this embodiment is a backtracking algorithm, and may be other algorithms similar to the backtracking algorithm. After the IP port of the host is determined, the corresponding scanning range can be determined according to the IP port of the host. The specific method for determining the scanning range comprises the following steps: the other virtual machines that are the same as the IP ports of the host function as the scan scope. In this embodiment, different virtual machines in the cloud environment correspond to different function nodes, and the different function nodes correspond to different function components. The definition of the functional node is the same as that in step 101 of fig. 1, and is not described herein again. In addition, determining the scan range determines the "attack range" of the scanning virtual machine in the cloud environment.
202. The scanning virtual machine scans network interaction among the functional components in the scanning range.
After the scanning range of the scanning virtual machine is determined, scanning network interaction among all functional components in the scanning range, wherein the specific scanning process comprises the following steps:
first, the type of each functional component is determined.
Determining the type of each functional component refers to the functional type, and since the test packets for scanning corresponding to different functional types are different, the functional types of different functional components must be determined before sending the test packets to each functional component. The specific process for determining the type of the functional component comprises the following steps:
first, the type identification of each functional component is obtained. The types of different functional components are distinguished by different type identifications. The manner of obtaining the type identifier in this embodiment includes two ways: an acquisition mode, which extracts the type identification corresponding to each functional component from the network interaction data packet among the functional components; the specific process is to monitor the network communication among the functional components in real time, capture the interactive data packets in the communication process of the functional components in a network packet capturing mode, then perform data analysis on the captured interactive data packets, find the fields corresponding to the type identifications, and extract the corresponding type identifications from the fields. In another obtaining mode, the type identifier of the functional component is directly obtained from the setting information, wherein the setting information is information sent to the scanning virtual machine by the management platform corresponding to each functional component. The "administrator" who is equivalent to managing each functional component directly "informs" the scan virtual machine of the type identifier of each functional component in the scan range.
Secondly, determining the type of each functional component according to the type identification. And the database of the scanning virtual machine contains mapping tables of different types and corresponding type identifications. Therefore, the type corresponding to each functional component can be determined by comparing the type identifier obtained in the first step with the type identifier in the mapping table.
And secondly, sending test data packets of corresponding types to each functional component.
And after determining the type corresponding to each functional component, sending the test data packet corresponding to the type to the corresponding functional component. The database of the scan virtual machine also contains a mapping table of one-to-one correspondence between types and test packets. In addition, the test data packet comprises a preset vulnerability test packet of the functional component with the corresponding type. Different functional components have different possible vulnerabilities when interacting with other functional components in a network, so that preset vulnerability test packets contained in different test data packets are different. The number of the preset vulnerability test packets included in the test data packet may be one or more, and is specifically set according to actual test requirements. A specific example is given to explain the preset vulnerability test packages corresponding to the functional components of different types: if the type of a certain functional component is identity authentication, the preset vulnerability test package is used for testing whether the functional component illegally acquires the identity information of part or all of users in the network interaction process with other functional components or testing whether the identity information of the users is illegally tampered. Or assuming that the type of a certain functional component is storage, the function of the functional component is to store the online image files of the virtual machines corresponding to other functional components, and the preset vulnerability test package corresponding to the functional component is to determine whether the image files exceeding a preset threshold are stored in the component, where the preset threshold may be 2G, 3G, and the like, and the preset threshold may be set according to actual service requirements.
In addition, when sending the test data packet of the corresponding type to each functional component, the internet protocol IP address of the virtual machine corresponding to the functional component needs to be determined, and then the test data packet is sent according to the corresponding IP address.
203. And receiving scanning result data returned by each functional component.
For the scan result data returned by each functional component, which is received after the test data packet of the corresponding type is sent to the functional component in step 202, the corresponding scan result data is received. This step is implemented in the same way as in step 102 of fig. 1. And in addition, the scanning result data is the result data returned by aiming at the preset loophole data packet in the test data packet.
204. And comparing the scanning result data with a preset vulnerability triggering condition to determine the security of network interaction.
The specific manner of comparing the scanning result data with the preset vulnerability triggering condition to determine the security of the network interaction is the same as that in step 103 in fig. 1, and is not described herein again.
In addition, for the purpose of describing the process of determining security in the network interaction process in detail, examples of the functional components given in step 202 are respectively described. Specifically, the method comprises the following steps: when the type of the functional component is identity authentication, the preset vulnerability triggering condition is that the identity information of part of or all users in the functional component is illegally acquired, so that if the returned scanning result data is that the identity information of part or all users is illegally acquired in the network interaction process of the functional component and other functional components and meets the preset vulnerability triggering condition, it can be determined that the functional component has a vulnerability in the network interaction process with other functional components, and the network interaction is unsafe. And when the type of the functional component is storage, presetting vulnerability triggering conditions as that online image files which are larger than a preset threshold value are stored in the functional component by other functional components, if the returned scanning result data indicates that other functional components exist, storing the online image files which exceed the preset threshold value into the functional component, and determining that the vulnerability exists in the process of network interaction between the functional component and other functional components and the network interaction is unsafe if the returned scanning result data conforms to the triggering conditions of the preset vulnerability.
Further, as an implementation of the foregoing embodiments, another embodiment of the embodiments of the present invention further provides a vulnerability detection apparatus, which is used for implementing the methods described in fig. 1 and fig. 2. As shown in fig. 3, the apparatus includes: a scanning unit 31, a receiving unit 32 and a comparing unit 33.
The scanning unit 31 is configured to scan network interaction between functional components in a cloud environment by a scanning virtual machine, where the scanning virtual machine is located in the cloud environment;
a receiving unit 32, configured to receive scan result data returned by each functional component;
and the comparison unit 33 is configured to compare the scanning result data with a preset vulnerability triggering condition to determine security of network interaction.
Further, as shown in fig. 4, the scanning unit 31 includes:
a type determining module 311, configured to determine types of the functional components;
the sending module 312 is configured to send a test data packet of a corresponding type to each functional component, where the test data packet corresponds to the type of the functional component one to one, and the test data packet includes a preset vulnerability test packet of the functional component of the corresponding type.
Further, the type determining module 311 is configured to:
acquiring type identification of each functional component;
and determining the type of each functional component according to the type identifier.
Further, the type determining module 311 is configured to:
extracting type identifications corresponding to the functional components from network interaction data packets among the functional components;
and directly acquiring the type identification of the functional component from the setting information, wherein the setting information is the information sent to the scanning virtual machine by the management platform corresponding to each functional component.
Further, as shown in fig. 4, the apparatus further includes:
a determining unit 34, configured to determine a scanning range of the scanning virtual machine before the scanning virtual machine scans network interactions between functional components in the cloud environment;
the scanning unit 31 is configured to:
the scanning virtual machine scans network interaction among the functional components in the scanning range.
Further, as shown in fig. 4, the determining unit 34 includes:
a port determining module 341, configured to determine, according to a preset algorithm, an IP port of an internet protocol of a host corresponding to a scanning virtual machine;
the range determining module 342 is configured to determine a scanning range according to the IP port of the host.
The vulnerability detection device provided by the embodiment can scan network interaction among all functional components in a cloud environment through the scanning virtual machine, wherein the scanning virtual machine is located in the cloud environment; then receiving scanning result data returned by each functional component; and comparing the scanning result data with a preset vulnerability triggering condition to find out the possible vulnerabilities of the functional components in the network interaction process, and determining the security of the functional components in the cloud environment during network interaction. Compared with the prior art, the embodiment can enable the scanning virtual machine to scan the network interaction between the functional components in the cloud environment by placing the scanning virtual machine in the cloud environment, and compares the received scanning result data with the preset vulnerability triggering conditions to determine the security of the functional components in the network interaction process. Therefore, the vulnerability detection device can meet the requirement of vulnerability scanning on the network interaction process among different functional components in the cloud environment.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in the title of the invention (e.g., vulnerability detection apparatus) according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
1. A vulnerability detection method, the method comprising:
scanning network interaction among all functional components in a cloud environment by a scanning virtual machine, wherein the scanning virtual machine is positioned in the cloud environment; each functional component respectively corresponds to different functional nodes in the network interaction process, and the scanning virtual machine scans based on a virtual layer and a network layer;
receiving scanning result data returned by each functional component, wherein the scanning result data is returned by aiming at a preset bug data packet in a test data packet corresponding to each functional component;
comparing the scanning result data with a preset vulnerability triggering condition to determine the security of the network interaction;
the method further comprises the following steps:
determining an Internet Protocol (IP) port of a host corresponding to the scanning virtual machine according to a preset algorithm;
determining the scanning range according to the IP port of the host;
the scanning virtual machine scans network interaction among the functional components in the cloud environment, and comprises:
and the scanning virtual machine scans network interaction among the functional components in the scanning range.
2. The method of claim 1, wherein the scanning virtual machine scans for network interactions between functional components in a cloud environment, comprising:
determining the type of each functional component;
and sending test data packets of corresponding types to the functional components, wherein the test data packets correspond to the types of the functional components one to one, and the test data packets comprise preset vulnerability test packets of the functional components of corresponding types.
3. The method of claim 2, wherein determining the type of each functional component comprises:
acquiring the type identification of each functional component;
and determining the type of each functional component according to the type identification.
4. The method according to claim 3, wherein the obtaining the type identifier of each functional component comprises:
extracting type identifications corresponding to the functional components from the network interaction data packets among the functional components; or,
and directly acquiring the type identification of the functional component from setting information, wherein the setting information is information sent to the scanning virtual machine by the management platform corresponding to each functional component.
5. The method of claim 1, wherein prior to the scanning virtual machine scanning network interactions between functional components in a cloud environment, the method further comprises:
determining a scanning range of the scanning virtual machine;
the scanning virtual machine scans network interaction among the functional components in the cloud environment, and comprises:
and the scanning virtual machine scans network interaction among the functional components in the scanning range.
6. A vulnerability detection apparatus, the apparatus comprising:
the scanning unit is used for scanning network interaction among all functional components in a cloud environment by a scanning virtual machine, and the scanning virtual machine is positioned in the cloud environment; each functional component respectively corresponds to different functional nodes in the network interaction process, and the scanning virtual machine scans based on a virtual layer and a network layer;
the receiving unit is used for receiving scanning result data returned by each functional component, wherein the scanning result data is returned by aiming at a preset bug data packet in a test data packet corresponding to each functional component;
the comparison unit is used for comparing the scanning result data with a preset vulnerability triggering condition so as to determine the security of the network interaction;
the determination unit includes:
the port determining module is used for determining an Internet Protocol (IP) port of a host corresponding to the scanning virtual machine according to a preset algorithm;
a range determination module, configured to determine the scanning range according to an IP port of the host;
and the scanning unit is used for scanning the network interaction between the functional components in the scanning range by the scanning virtual machine.
7. The apparatus of claim 6, wherein the scanning unit comprises:
the type determining module is used for determining the types of the functional components;
and the sending module is used for sending test data packets of corresponding types to the functional components, the test data packets correspond to the types of the functional components one to one, and the test data packets comprise preset vulnerability test packets of the functional components of corresponding types.
8. The apparatus of claim 7, wherein the type determination module is configured to:
acquiring the type identification of each functional component;
and determining the type of each functional component according to the type identification.
9. The apparatus of claim 8, wherein the type determination module is configured to:
extracting type identifications corresponding to the functional components from the network interaction data packets among the functional components;
and directly acquiring the type identification of the functional component from setting information, wherein the setting information is information sent to the scanning virtual machine by the management platform corresponding to each functional component.
10. The apparatus of claim 6, further comprising:
the system comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for determining the scanning range of the scanning virtual machine before the scanning virtual machine scans network interaction among functional components in a cloud environment;
the scanning unit is used for:
and the scanning virtual machine scans network interaction among the functional components in the scanning range.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610875416.7A CN106357664B (en) | 2016-09-30 | 2016-09-30 | Vulnerability detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610875416.7A CN106357664B (en) | 2016-09-30 | 2016-09-30 | Vulnerability detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106357664A CN106357664A (en) | 2017-01-25 |
| CN106357664B true CN106357664B (en) | 2020-07-21 |
Family
ID=57866051
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610875416.7A Active CN106357664B (en) | 2016-09-30 | 2016-09-30 | Vulnerability detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106357664B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109257348A (en) * | 2018-09-13 | 2019-01-22 | 杭州安恒信息技术股份有限公司 | A kind of cluster bug excavation method and device based on industrial control system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
| CN103118036A (en) * | 2013-03-07 | 2013-05-22 | 上海电机学院 | Cloud end based intelligent security protection system and method |
| CN103136101A (en) * | 2012-12-31 | 2013-06-05 | 博彦科技(上海)有限公司 | Software automated testing unified operation platform |
| US8528086B1 (en) * | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
| CN104244108A (en) * | 2014-09-24 | 2014-12-24 | 上海网达软件股份有限公司 | Live method and system |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
-
2016
- 2016-09-30 CN CN201610875416.7A patent/CN106357664B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8528086B1 (en) * | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
| CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
| CN103136101A (en) * | 2012-12-31 | 2013-06-05 | 博彦科技(上海)有限公司 | Software automated testing unified operation platform |
| CN103118036A (en) * | 2013-03-07 | 2013-05-22 | 上海电机学院 | Cloud end based intelligent security protection system and method |
| CN104244108A (en) * | 2014-09-24 | 2014-12-24 | 上海网达软件股份有限公司 | Live method and system |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106357664A (en) | 2017-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103269389B (en) | Check and repair the method and apparatus that malice DNS arranges | |
| CN106899604B (en) | Processing method and device for data packet filtering rules | |
| US10257222B2 (en) | Cloud checking and killing method, device and system for combating anti-antivirus test | |
| US20090217353A1 (en) | Method, system and device for network access control supporting quarantine mode | |
| CN106657010B (en) | Method, device and system for accessing data | |
| CN111796858A (en) | Method, system and related equipment for access detection of application programs in Kubernetes cluster | |
| CN110971569A (en) | Network access authority management method and device and computing equipment | |
| CN104580553B (en) | Method and device for identifying network address translation equipment | |
| CN111131310A (en) | Access control method, device, system, computer device and storage medium | |
| CN111898124B (en) | Process access control method and device, storage medium and electronic equipment | |
| EP3799386A1 (en) | System and method for detecting and blocking malicious attacks on a network | |
| CN110968848B (en) | User-based rights management method and device and computing equipment | |
| CN111182537A (en) | Network access method, device and system for mobile application | |
| CN111147625B (en) | Method, device and storage medium for acquiring local external network IP address | |
| CN107623693B (en) | Domain name resolution protection method, device, system, computing equipment and storage medium | |
| CN105429996A (en) | Method for intelligently finding and locating address translation equipment | |
| CN112804222B (en) | Data transmission method, device, equipment and storage medium based on cloud deployment | |
| CN112583841B (en) | Virtual machine safety protection method and system, electronic equipment and storage medium | |
| CN104468862B (en) | A kind of method, apparatus and system of IP address binding | |
| CN106357664B (en) | Vulnerability detection method and device | |
| CN112688899A (en) | In-cloud security threat detection method and device, computing equipment and storage medium | |
| CN116723020A (en) | Network service simulation method and device, electronic equipment and storage medium | |
| CN105516148B (en) | The method and apparatus of terminal access server | |
| CN110971570A (en) | Network access authority control method and device and computing equipment | |
| CN111385293B (en) | Network risk detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |