出 处:《计算机科学与应用》2022年第6期1587-1601,共15页Computer Science and Application
摘 要:随着新一代网络信息技术的迅速发展,信息资产的数量、企业数据的规模呈爆炸性增长,企业内部人员很难全面地了解资产的信息及业务系统当前的安全状况。虽然目前各企业购买大量安全产品,诸如WAF、防火墙等已进入常态化,但是传统的网络安全设备仅能提供网络级别的防护,无法发现和识别攻击者专业、灵活、多样的应用层攻击。为了尽早发现网络中的安全隐患,降低可能产生的影响和损失,漏洞检测技术应运而生。它模拟攻击者的攻击手段,在不影响目标系统正常运行的前提下,检测目标系统可能存在的脆弱性,协助安全管理人员进行安全隐患整改和清除,极大增强了网络环境的安全性。但是常规的漏洞检测引擎只会针对特定的目标进行检测,不会主动发现未知的资产信息,也不会自动扩大检测的覆盖面,并且往往采用单节点部署,扫描效率低下,不能满足及时发现安全风险的要求。本文针对漏洞产生的原理和检测方法进行研究,设计并实现一种综合资产信息探测技术、网络爬虫技术、漏洞检测技术和分布式技术的漏洞检测引擎。通过资产信息探测为漏洞检测提供更全面的信息支持,提高漏洞检测的准确率;通过宽度优先遍历策略和布隆过滤器算法提高爬取目标交互点的精准度;通过分布式引擎架构提高漏洞检测的速率和稳定性。为了有效验证该引擎漏洞检测的准确率和速率,搭建了测试环境;同时在保障基础配置资源环境一致的前提下,选取了多款漏洞扫描器进行对比测试。测试结果表明,该引擎在扫描速率和准确率上占据优势。With the rapid development of the new generation of network information technology, the number of information assets and the scale of enterprise data are explosive growth. It is difficult for enter-prise internal personnel to comprehensively understand the information of assets and the current security status of the business system. At present, enterprises purchase a large number of security products such as WAF and firewall. However, traditional network security devices can only provide network-level protection and cannot detect and identify professional, flexible, and diversified application-layer attacks. In order to find the potential security risks in the network as soon as possi-ble and reduce the possible impact and loss, vulnerability detection technology arises at the historical moment. It simulates the attacker’s attack means, detects the possible vulnerability of the target system without affecting the normal operation of the target system, and assists security managers in rectification and removal of security risks, greatly enhancing the security of the network environment. However, conventional vulnerability detection engines only detect specific targets, do not actively discover unknown asset information, and do not automatically expand the coverage of detection. In addition, single-node deployment is often adopted, and scanning efficiency is low, which cannot meet the requirements of timely detection of security risks. This paper studies the principle and detection method of vulnerability generation, designs and implements a vulnerability detection engine that integrates asset information detection technology, web crawler technology, vulnerability detection technology and distributed technology. Asset information detection can provide more comprehensive information support for vulnerability detection and improve the accuracy of vulnerability detection. The width first traversal strategy and Bloom filter algorithm were used to improve the accuracy of target interaction points. Improve the rate and
关 键 词:资产信息探测 漏洞检测 网络爬虫 宽度优先遍历 布隆过滤器算法 分布式技术
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
