检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘坤[1] LIU Kun(Institute of Software and Service Outsourcing,Suzhou Chine-shiung Institute of Technology,Taicang215411,China)
机构地区:[1]苏州健雄职业技术学院软件与服务外包学院,江苏太仓215411
出 处:《软件工程》2020年第12期27-29,23,共4页Software Engineering
摘 要:本文通过深入研究当前漏洞发现技术,分析常用漏洞发现技术的优劣势,以及应用领域。基于CVE漏洞库改进了现有NMAP源码设计,对其扫描流程进行改进,提升对已知漏洞扫描的能力。对未知漏洞挖掘,优化设计漏洞挖掘测试生成算法和漏洞挖掘算法,对目标工控测试系统进行网络漏洞挖掘,从而得到工控系统已知或未知的漏洞分析报告,形成工控系统安全评估报告及安全应对策略。This paper analyzes advantages and disadvantages of commonly used vulnerability detection technology and application areas through in-depth research on current vulnerability detection technology.The existing Nmap(Network Mapper)source code design is improved based on CVE(Common Vulnerabilities and Exposures)vulnerability library.Scanning process and ability to scan for known vulnerabilities are also improved.Known or unknown vulnerability analysis reports can be obtained in a few ways including mining unknown vulnerabilities,optimizing design of vulnerability mining test generation algorithms and vulnerability mining algorithms,and mining the target industrial control test system for network vulnerabilities.Industrial control system security assessment reports and security response strategies are also formed.
关 键 词:Fuzzing测试框架 漏洞扫描技术 漏洞发现技术 漏洞挖掘技术
分 类 号:TP312[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28