CN117240609B - Network security monitoring method and system based on vulnerability dynamic verification - Google Patents
Network security monitoring method and system based on vulnerability dynamic verification Download PDFInfo
- Publication number
- CN117240609B CN117240609B CN202311494518.0A CN202311494518A CN117240609B CN 117240609 B CN117240609 B CN 117240609B CN 202311494518 A CN202311494518 A CN 202311494518A CN 117240609 B CN117240609 B CN 117240609B
- Authority
- CN
- China
- Prior art keywords
- key
- client
- return
- server
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 65
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000012544 monitoring process Methods 0.000 title claims abstract description 23
- 230000007123 defense Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 description 12
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of network security monitoring, and particularly discloses a network security monitoring method and a system based on vulnerability dynamic verification, wherein a key server selects at least one from a plurality of system index data, generates target instruction data and sends the target instruction data to a server and an administrator, the server encrypts return data based on a first preset encryption mode and sends the return data to a common user, the return data is generated based on a system index data value of a target type locally stored by the server, the return data is encrypted based on a second preset encryption mode according to the first key and sent to the administrator, and the administrator generates a second key based on a system index data value of the target type locally stored by a client according to the target instruction data to decrypt the return data corresponding to a request message, so that vulnerability dynamic verification is completed, and the problem of how to perform network security monitoring based on vulnerability dynamic verification and guaranteeing data security under the condition that a system works normally is solved.
Description
Technical Field
The invention relates to the technical field of network security monitoring, in particular to a network security monitoring method and system based on vulnerability dynamic verification.
Background
Vulnerability dynamic verification is a technology for discovering and verifying vulnerabilities existing in a system by simulating a real attack scenario. It determines vulnerabilities and security vulnerabilities present in the system by simulating various attacks, including code injection, unauthorized access, denial of service, etc. The importance of the dynamic verification of the loopholes is that the dynamic verification of the loopholes can help organizations to discover and repair the loopholes in the system in advance, so that the safety and the protection capability of the system are improved, and the risk of being attacked is reduced.
However, current vulnerability dynamic verification generally needs to be performed in a state where system upgrades, version release, and the like are not running. In this case, the system fails to perform comprehensive verification at the actual running time, which may result in some vulnerabilities not being found in time. However, since the dynamic vulnerability verification simulates real network attack behavior, if the dynamic vulnerability verification is performed during normal operation of the system, the system may return a message containing key data to the dynamic vulnerability verification message of the vulnerability verification under the condition that the system has the vulnerability that can be detected by the dynamic vulnerability verification, so that the risk of data leakage is increased.
Therefore, a network security monitoring method capable of dynamically verifying and guaranteeing data security based on loopholes under the condition that a system works normally is needed.
Disclosure of Invention
The invention aims to provide a network security monitoring method and system based on vulnerability dynamic verification, which solve the following technical problems:
and under the condition that the system works normally, performing vulnerability-based dynamic verification and ensuring network security monitoring of data security.
The aim of the invention can be achieved by the following technical scheme:
a network security monitoring method based on vulnerability dynamic verification comprises the following steps:
the key server selects at least one of the multiple system index data as a target type, generates target indication data for representing the target type, and sends the target indication data to the server and a client with a user identity as an administrator;
the server acquires a request message sent by the client and obtains the user identity of the client according to the request message;
the server judges whether the user identity of the client is a common user or an administrator;
if the user identity of the client is a common user, the server encrypts return data corresponding to the request message based on a first preset encryption mode, so as to obtain a first return message and send the first return message to the client;
if the user identity of the client is an administrator and the request message is a vulnerability verification message, the server generates a first key based on a system index data value of a target type locally stored by the server according to target indication data, encrypts return data corresponding to the request message based on a second preset encryption mode according to the first key, and obtains a second return message and sends the second return message to the client;
the client generates a second key based on the system index data value of the target type stored locally by the client according to the target indication data, decrypts the second return message according to the second key to obtain return data corresponding to the request message, and obtains a vulnerability verification result according to the return data corresponding to the request message.
As a further aspect of the present invention, the system index data value of the target category locally stored by the server includes a first category data value and a second category data value; the generating a first key based on the system index data value of the target category stored locally by the server comprises:
acquiring a first kind of data value;
encoding the first kind of data value based on the SHA-256 hash function to obtain a first code;
combining the first code and the second kind of data value to obtain a second code;
encoding the second code based on the SHA-256 hash function to obtain an initial key;
and intercepting the numerical value of the pre-preset digit of the initial key to obtain the first key.
As a further aspect of the present invention, the encrypting, according to the first key, the return data corresponding to the request message based on the second preset encryption mode, to obtain the second return message, and sending the second return message to the client, includes:
generating an initial state vector using the first key as a seed;
generating a key stream according to the initial state vector and the first key;
and carrying out byte-by-byte exclusive OR on the return data corresponding to the encryption request message and the key stream to obtain a second return message, and sending the second return message to the client.
As a further aspect of the present invention, the plurality of system index data includes a registered user number, a member duration, a click-through amount, an access amount, a sales amount, a transaction amount, and a download number.
As a further aspect of the present invention, the method further includes:
the client generates a security policy adjustment scheme according to the vulnerability verification result and sends the security policy adjustment scheme to the server;
and the server adjusts the network security defense strategy according to the security strategy adjustment scheme.
As a further aspect of the present invention, the method further includes:
if the user identity of the client is a common user and the request message is a vulnerability verification message, obtaining user information data according to the request message, and recording the user information data in a risk list.
The network security monitoring system based on vulnerability dynamic verification comprises a key server, a server and a client, wherein:
the key server selects at least one of the multiple system index data as a target type, generates target indication data for representing the target type, and sends the target indication data to the server and a client with a user identity as an administrator;
the server acquires a request message sent by the client and obtains the user identity of the client according to the request message;
the server judges whether the user identity of the client is a common user or an administrator;
if the user identity of the client is a common user, the server encrypts return data corresponding to the request message based on a first preset encryption mode, so as to obtain a first return message and send the first return message to the client;
if the user identity of the client is an administrator and the request message is a vulnerability verification message, the server generates a first key based on a system index data value of a target type locally stored by the server according to target indication data, encrypts return data corresponding to the request message based on a second preset encryption mode according to the first key, and obtains a second return message and sends the second return message to the client;
the client generates a second key based on the system index data value of the target type stored locally by the client according to the target indication data, decrypts the second return message according to the second key to obtain return data corresponding to the request message, and obtains a vulnerability verification result according to the return data corresponding to the request message.
The invention has the beneficial effects that:
(1) The system for operating the method of the invention communicates with the common user through the first preset encryption mode and communicates with the administrator through the second preset encryption mode, thus when the administrator sends the vulnerability verification message, the return data containing key data is encrypted into the second return message to be sent out, the common user with the first preset encryption mode can not decrypt to obtain correct data, only the administrator who grasps the correct key can decrypt, the security of the data is ensured, and the vulnerability dynamic verification is carried out under the condition that the normal operation of the system is not influenced;
(2) In the invention, the client and the server both generate the secret key based on the locally stored system index data value of the target type, so that the server and the client are required to store the same system index data value to ensure that the first secret key and the second secret key generated by the server and the client are the same, and obviously, only an administrator can have correct data. On the other hand, the system indication data has a plurality of types, and the key server is required to be designated uniformly when the key is generated based on the data, and only the client side which obtains the target indication data can generate the second key which is the same as the first key, so that the data security is further improved.
Drawings
The invention is further described below with reference to the accompanying drawings.
FIG. 1 is a flow chart of a method for monitoring network security based on vulnerability dynamic verification.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, the present invention is a network security monitoring method based on vulnerability dynamic verification, comprising:
s101, a key server selects at least one of a plurality of system index data as a target type, generates target indication data for representing the target type, and sends the target indication data to a server and a client with a user identity as an administrator;
s102, a server acquires a request message sent by a client and obtains the user identity of the client according to the request message;
s103, the server judges whether the user identity of the client is a common user or an administrator;
s104, if the user identity of the client is a common user, the server encrypts return data corresponding to the request message based on a first preset encryption mode, so as to obtain a first return message and send the first return message to the client;
s105, if the user identity of the client is an administrator and the request message is a vulnerability verification message, the server generates a first key based on a system index data value of a target type locally stored by the server according to target indication data, encrypts return data corresponding to the request message based on a second preset encryption mode according to the first key, and obtains a second return message and sends the second return message to the client;
s106, the client generates a second key based on the system index data value of the target type stored locally by the client according to the target instruction data, decrypts the second return message according to the second key to obtain return data corresponding to the request message, and obtains a vulnerability verification result according to the return data corresponding to the request message.
In the invention, in the process of dynamic verification of the loopholes, a loophole verification message is generally required to be sent to a target system to verify the security loopholes in the system. These vulnerability verification messages typically include one of a variety of load data such as XSS, verification information, SQL injection, etc. to simulate possible attack behavior. When the target system receives the load data, some returned data, such as HTTP response messages, database query results and the like, are generated according to the corresponding processing flow. By analyzing the returned data, results about vulnerability verification, such as whether the vulnerability exists, the vulnerability type, the vulnerability level and the like, can be obtained. At the same time, the process may expose some sensitive information in the system, such as system configuration, user information, etc., so that corresponding measures need to be taken to protect the security of the sensitive information. In order to more comprehensively verify security vulnerabilities in a system, different attack scenes need to be simulated in a target system in the dynamic vulnerability verification process, for example, attack events are manufactured by means of tampering with HTTP requests, injecting malicious codes and the like, so that the security performance and the protection capability of the system are verified.
In the present invention, the system index data is a key inventory index of the target system, and includes data of which the number of registered users, the number of member users, and the like change at any time. Obviously, only authorized administrators can fully obtain this data via the backend system to maintain the proper functioning and management of the target system. In a preferred embodiment, the plurality of system index data includes the number of registered users, the number of member users, the length of member time, the number of clicks, the amount of access, sales, the amount of transactions, the number of downloads, and the like.
In step S101 of this embodiment, the key server selects at least one of these system index data as a basis for generating the first key and the second key subsequently, and only the client capable of communicating with the key server can grasp the correct target instruction data, thereby ensuring the security of the system.
Further, in step S102 in this embodiment, the user identity of the client may be obtained according to the key information such as the IP address, the device identifier, the login credential, etc. in the request message. In step S103, the user identity type of the client may be determined by determining the user group to which the user identity belongs, such as a general user group and an administrator group. It should be understood that the foregoing is merely illustrative, and in actual implementation, both the step S102 and the step S103 may be implemented by any prior art, so that they are not described herein too much.
In step 104 of the present embodiment, the first preset encryption mode may be any existing encryption mode, and only needs to be different from the second preset encryption mode.
Further, in a preferred embodiment, in the step S105, the system index data value of the target category locally stored by the server includes a first category data value and a second category data value; the generating a first key based on the system index data value of the target category stored locally by the server comprises:
acquiring a first kind of data value;
encoding the first kind of data value based on the SHA-256 hash function to obtain a first code;
combining the first code and the second kind of data value to obtain a second code;
encoding the second code based on the SHA-256 hash function to obtain an initial key;
and intercepting the numerical value of the pre-preset digit of the initial key to obtain the first key.
In the process, two different system index data, namely the first type data and the second type data, are adopted for encryption, so that only a client knowing the two system index data can correctly decrypt the data, and the safety is further improved.
The present invention also provides a more detailed embodiment for clearly illustrating the above process:
in this embodiment, the length and complexity requirements of the first key to be generated are set as follows: 16 bits (i.e., a preset number of bits) containing letters, numbers and special symbols.
Assuming that the number of users currently in the system (first-kind data value) is 100, the number of downloads of a certain object is selected as a second-kind data value (hereinafter referred to as Seed). Then, the SHA-256 hash function is used for encoding the number of users to generate a unique hash value:
the number of users after encoding (i.e., the first encoding) is:
SHA-256(100)=dca57869499486257678adff0f71f89c2e7a8be9f38d1d398523330d6a49b229;
and then generating a first key by using the number of the coded users, namely combining the first code with the second type of data value and generating the first key again by using an SHA-256 hash function, wherein the specific process is as follows:
combining the first code and the second kind of data value to obtain a second code:
dca57869499486257678adff0f71f89c2e7a8be9f38d1d398523330d6a49b229+Seed;
the first key generated is:
SHA-256(dca57869499486257678adff0f71f89c2e7a8be9f38d1d398523330d6a49b229+Seed) = 2c97807afe7b77d3;
the first 16 bits of the generated key are then extracted as the final key, i.e. the final key is:
2c97807afe7b77d3。
it can be appreciated that in step S106, the process of generating the second key by the client is the same as the above process, and thus will not be described in detail herein.
Further, in a preferred embodiment, in step S105, the encrypting, according to the first key, the return data corresponding to the request message based on the second preset encryption manner, to obtain a second return message, and sending the second return message to the client, includes:
generating an initial state vector using the first key as a seed;
generating a key stream according to the initial state vector and the first key;
and carrying out byte-by-byte exclusive OR on the return data corresponding to the encryption request message and the key stream to obtain a second return message, and sending the second return message to the client.
The RC4 algorithm is adopted in the process, has a high running speed, can ensure the running efficiency of the method while ensuring the data safety, and improves the user experience. It is to be understood that the terms such as state vector and key stream in the above process are all related art that can be understood by those skilled in the art, and thus will not be described herein.
Further, in a preferred embodiment, the network security monitoring method based on vulnerability dynamic verification further includes:
the client generates a security policy adjustment scheme according to the vulnerability verification result and sends the security policy adjustment scheme to the server;
and the server adjusts the network security defense strategy according to the security strategy adjustment scheme.
In the process, the client generates a security policy adjustment scheme for network security according to the vulnerability verification result. The purpose of the scheme is to reduce or eliminate the influence of the loopholes as much as possible and improve the safety of the system. The client sends the adjustment schemes to the server, and after receiving the schemes, the server automatically parses and analyzes the information. Based on this information, the server can evaluate the current network security state and autonomously adjust the network security defense policy.
The self-adaptive capability of the server enables the server to make effective security policy adjustments according to actual conditions. For example, if a particular vulnerability is found to be more threatening the system, the server may immediately take appropriate action, such as blocking the relevant IP address or applying a particular access control rule, to limit entry by potential attackers. Similarly, the server can dynamically modify network configuration, strengthen authentication mechanism, strengthen intrusion detection and prevention and other operations according to the vulnerability verification result and the security policy adjustment scheme so as to ensure the security of the system. The adaptivity can quickly adapt to changing threat and attack environments, and the effectiveness and the persistence of the network security defense system are ensured.
Further, in a preferred embodiment, the network security monitoring method based on vulnerability dynamic verification further includes:
if the user identity of the client is a common user and the request message is a vulnerability verification message, obtaining user information data according to the request message, and recording the user information data in a risk list.
The meaning of the above process is that whether the vulnerability verification message comes from an administrator or a common user is judged by the source of the vulnerability verification message. If the vulnerability verification message is found to come from not an administrator but a common user, it is likely that the vulnerability verification message is a real network attack. In this case, it is necessary to acquire information data of the source user as much as possible from the request message and store the data in the risk list. By storing the information data of the user in the risk list, the vigilance of the user can be improved, and appropriate safety measures can be taken to ensure the safety of the system and realize the early warning effect.
Storing the user's information data in a risk list helps track and monitor potential attackers. The behavior of these users can be further analyzed and studied to provide more information and clues to the security team to timely address and guard against similar attacks. Through the enhancement of vigilance and effective risk management, the system can better cope with known attackers and unknown threats and timely take corresponding protective measures. The early warning mechanism can help discover possible attack signals in advance, reduce loss caused by potential attacks, and improve the overall safety of the system.
The invention also provides a network security monitoring system based on vulnerability dynamic verification, which comprises a key server, a server and a client, wherein:
the key server selects at least one of the multiple system index data as a target type, generates target indication data for representing the target type, and sends the target indication data to the server and a client with a user identity as an administrator;
the server acquires a request message sent by the client and obtains the user identity of the client according to the request message;
the server judges whether the user identity of the client is a common user or an administrator;
if the user identity of the client is a common user, the server encrypts return data corresponding to the request message based on a first preset encryption mode, so as to obtain a first return message and send the first return message to the client;
if the user identity of the client is an administrator and the request message is a vulnerability verification message, the server generates a first key based on a system index data value of a target type locally stored by the server according to target indication data, encrypts return data corresponding to the request message based on a second preset encryption mode according to the first key, and obtains a second return message and sends the second return message to the client;
the client generates a second key based on the system index data value of the target type stored locally by the client according to the target indication data, decrypts the second return message according to the second key to obtain return data corresponding to the request message, and obtains a vulnerability verification result according to the return data corresponding to the request message.
According to the network security monitoring method and system based on the vulnerability dynamic verification, the network security monitoring method and system based on the vulnerability dynamic verification are communicated with the common users through the first preset encryption mode, and communicated with the administrators through the second preset encryption mode, so that when the administrators send vulnerability verification messages, return data containing key data are encrypted to be sent out as second return messages, the common users with the first preset encryption mode cannot decrypt to obtain correct data, only the administrators with the right secret key can decrypt, the security of the data is guaranteed, and vulnerability dynamic verification is carried out under the condition that the normal operation of the system is not affected.
In the invention, the client and the server both generate the secret key based on the locally stored system index data value of the target type, so that the server and the client are required to store the same system index data value to ensure that the first secret key and the second secret key generated by the server and the client are the same, and obviously, only an administrator can have correct data. On the other hand, the system indication data has a plurality of types, and the key server is required to be designated uniformly when the key is generated based on the data, and only the client side which obtains the target indication data can generate the second key which is the same as the first key, so that the data security is further improved.
The foregoing describes one embodiment of the present invention in detail, but the description is only a preferred embodiment of the present invention and should not be construed as limiting the scope of the invention. All equivalent changes and modifications within the scope of the present invention are intended to be covered by the present invention.
Claims (5)
1. A network security monitoring method based on vulnerability dynamic verification is characterized by comprising the following steps:
the key server selects at least one of the multiple system index data as a target type, generates target indication data for representing the target type, and sends the target indication data to the server and a client with a user identity as an administrator;
the server acquires a request message sent by the client and obtains the user identity of the client according to the request message;
the server judges whether the user identity of the client is a common user or an administrator;
if the user identity of the client is a common user, the server encrypts return data corresponding to the request message based on a first preset encryption mode, so as to obtain a first return message and send the first return message to the client;
if the user identity of the client is an administrator and the request message is a vulnerability verification message, the server generates a first key based on a system index data value of a target type locally stored by the server according to target indication data, encrypts return data corresponding to the request message based on a second preset encryption mode according to the first key, and obtains a second return message and sends the second return message to the client;
the client generates a second key based on the system index data value of the target type stored locally by the client according to the target indication data, decrypts the second return message according to the second key to obtain return data corresponding to the request message, and obtains a vulnerability verification result according to the return data corresponding to the request message;
the system index data value of the target category locally stored by the server comprises a first category data value and a second category data value; the generating a first key based on the system index data value of the target category stored locally by the server comprises:
acquiring a first kind of data value;
encoding the first kind of data value based on the SHA-256 hash function to obtain a first code;
combining the first code and the second kind of data value to obtain a second code;
encoding the second code based on the SHA-256 hash function to obtain an initial key;
intercepting the numerical value of the pre-preset digit of the initial key to obtain a first key;
the encrypting the return data corresponding to the request message based on the second preset encryption mode according to the first key, obtaining a second return message and sending the second return message to the client, comprising:
generating an initial state vector using the first key as a seed;
generating a key stream according to the initial state vector and the first key;
and carrying out byte-by-byte exclusive OR on the return data corresponding to the encryption request message and the key stream to obtain a second return message, and sending the second return message to the client.
2. The method for dynamically verifying network security as recited in claim 1, wherein the plurality of system index data comprises a registered user number, a member time length, a click-through amount, an access amount, a sales amount, a transaction amount, and a download number.
3. The network security monitoring method based on vulnerability dynamic verification of claim 1, further comprising:
the client generates a security policy adjustment scheme according to the vulnerability verification result and sends the security policy adjustment scheme to the server;
and the server adjusts the network security defense strategy according to the security strategy adjustment scheme.
4. The network security monitoring method based on vulnerability dynamic verification of claim 1, further comprising:
if the user identity of the client is a common user and the request message is a vulnerability verification message, obtaining user information data according to the request message, and recording the user information data in a risk list.
5. The network security monitoring system based on vulnerability dynamic verification is characterized by comprising a key server, a server and a client, wherein:
the key server selects at least one of the multiple system index data as a target type, generates target indication data for representing the target type, and sends the target indication data to the server and a client with a user identity as an administrator;
the server acquires a request message sent by the client and obtains the user identity of the client according to the request message;
the server judges whether the user identity of the client is a common user or an administrator;
if the user identity of the client is a common user, the server encrypts return data corresponding to the request message based on a first preset encryption mode, so as to obtain a first return message and send the first return message to the client;
if the user identity of the client is an administrator and the request message is a vulnerability verification message, the server generates a first key based on a system index data value of a target type locally stored by the server according to target indication data, encrypts return data corresponding to the request message based on a second preset encryption mode according to the first key, and obtains a second return message and sends the second return message to the client;
the client generates a second key based on the system index data value of the target type stored locally by the client according to the target indication data, decrypts the second return message according to the second key to obtain return data corresponding to the request message, and obtains a vulnerability verification result according to the return data corresponding to the request message;
the system index data value of the target category locally stored by the server comprises a first category data value and a second category data value; the generating a first key based on the system index data value of the target category stored locally by the server comprises:
acquiring a first kind of data value;
encoding the first kind of data value based on the SHA-256 hash function to obtain a first code;
combining the first code and the second kind of data value to obtain a second code;
encoding the second code based on the SHA-256 hash function to obtain an initial key;
intercepting the numerical value of the pre-preset digit of the initial key to obtain a first key;
the encrypting the return data corresponding to the request message based on the second preset encryption mode according to the first key, obtaining a second return message and sending the second return message to the client, comprising:
generating an initial state vector using the first key as a seed;
generating a key stream according to the initial state vector and the first key;
and carrying out byte-by-byte exclusive OR on the return data corresponding to the encryption request message and the key stream to obtain a second return message, and sending the second return message to the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311494518.0A CN117240609B (en) | 2023-11-10 | 2023-11-10 | Network security monitoring method and system based on vulnerability dynamic verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311494518.0A CN117240609B (en) | 2023-11-10 | 2023-11-10 | Network security monitoring method and system based on vulnerability dynamic verification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117240609A CN117240609A (en) | 2023-12-15 |
| CN117240609B true CN117240609B (en) | 2024-01-26 |
Family
ID=89093116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311494518.0A Active CN117240609B (en) | 2023-11-10 | 2023-11-10 | Network security monitoring method and system based on vulnerability dynamic verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117240609B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294924A (en) * | 2016-04-01 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detection method, the device and system of leak |
| CN108400978A (en) * | 2018-02-07 | 2018-08-14 | 深圳壹账通智能科技有限公司 | Leak detection method, device, computer equipment and storage medium |
| CN110069916A (en) * | 2019-03-29 | 2019-07-30 | 郑州信大捷安信息技术股份有限公司 | A kind of cryptosecurity management system and method |
| CN110336770A (en) * | 2019-04-04 | 2019-10-15 | 平安科技(深圳)有限公司 | Method, apparatus, equipment and the storage medium of long-range monitoring loophole |
| CN112738020A (en) * | 2020-12-03 | 2021-04-30 | 西安交大捷普网络科技有限公司 | Linkage scanning method for loopholes |
| CN113468075A (en) * | 2021-08-14 | 2021-10-01 | 康剑萍 | Security testing method and system for server-side software |
| CN116389044A (en) * | 2023-02-17 | 2023-07-04 | 东方电气集团科学技术研究院有限公司 | Vulnerability management and customized scene verification system based on roles |
| US11695796B1 (en) * | 2020-12-10 | 2023-07-04 | Amazon Technologies, Inc. | Device vulnerability detection during device handshake |
-
2023
- 2023-11-10 CN CN202311494518.0A patent/CN117240609B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294924A (en) * | 2016-04-01 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Detection method, the device and system of leak |
| CN108400978A (en) * | 2018-02-07 | 2018-08-14 | 深圳壹账通智能科技有限公司 | Leak detection method, device, computer equipment and storage medium |
| CN110069916A (en) * | 2019-03-29 | 2019-07-30 | 郑州信大捷安信息技术股份有限公司 | A kind of cryptosecurity management system and method |
| CN110336770A (en) * | 2019-04-04 | 2019-10-15 | 平安科技(深圳)有限公司 | Method, apparatus, equipment and the storage medium of long-range monitoring loophole |
| CN112738020A (en) * | 2020-12-03 | 2021-04-30 | 西安交大捷普网络科技有限公司 | Linkage scanning method for loopholes |
| US11695796B1 (en) * | 2020-12-10 | 2023-07-04 | Amazon Technologies, Inc. | Device vulnerability detection during device handshake |
| CN113468075A (en) * | 2021-08-14 | 2021-10-01 | 康剑萍 | Security testing method and system for server-side software |
| CN116389044A (en) * | 2023-02-17 | 2023-07-04 | 东方电气集团科学技术研究院有限公司 | Vulnerability management and customized scene verification system based on roles |
Non-Patent Citations (1)
| Title |
|---|
| 工业控制***漏洞库设计与实现;杨盛明;;电子质量(12);第65-69页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117240609A (en) | 2023-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7393517B2 (en) | Systems and methods for ransomware detection and mitigation | |
| US9514300B2 (en) | Systems and methods for enhanced security in wireless communication | |
| JP6357158B2 (en) | Secure data processing with virtual machines | |
| US20170324555A1 (en) | System and method for preemptive self-healing security | |
| US20080037791A1 (en) | Method and apparatus for evaluating actions performed on a client device | |
| CN111464503B (en) | Network dynamic defense method, device and system based on random multidimensional transformation | |
| Calzavara et al. | Postcards from the post-http world: Amplification of https vulnerabilities in the web ecosystem | |
| US20170046530A1 (en) | Distributed Cloud Storage System (DCSS) for secure, reliable storage and retrieval of data and computing objects | |
| CN111585995B (en) | Secure wind control information transmission and processing method and device, computer equipment and storage medium | |
| CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
| Galibus et al. | Elements of cloud storage security: concepts, designs and optimized practices | |
| CN113395282A (en) | Method and system for preventing third party from accessing server resources | |
| CN116743470A (en) | Service data encryption processing method and device | |
| Said et al. | A multi-factor authentication-based framework for identity management in cloud applications | |
| CN117240609B (en) | Network security monitoring method and system based on vulnerability dynamic verification | |
| CN106971105B (en) | IOS-based application program defense method against false face attack | |
| CN112926101B (en) | Disk partition encryption method, system, device and computer readable medium | |
| EP3058498A1 (en) | Crm security core | |
| CN112261008A (en) | Authentication method based on temporary token, client and server | |
| Bajpai | Extracting ransomware's keys by utilizing memory forensics | |
| CN117521052B (en) | Protection authentication method and device for server privacy, computer equipment and medium | |
| CN115118455B (en) | Webpage security-oriented anti-crawler system and method based on attribute encryption access control | |
| CN117252599B (en) | Dual security authentication method and system for intelligent POS machine | |
| US20240205249A1 (en) | Protection of cloud storage devices from anomalous encryption operations | |
| Semancik et al. | Techniques to Maximize O-Level Cyber Security Protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |