Design And Implementation Of Vulnerability Detection System Based On CVE

With the miniaturization of computer technology can be portable development and pervasive connectivity data networks develop in depth, the information is no longer limited to the node connectivity, transmission of data, along with the increase of Internet information, the information itself gradually evolved into a resource, by major Internet giants battle between countries, information space with low latency and ignore ignore the cost of high reproducibility characteristics, some government departments, some of the Internet giant, martial arts sophisticated hacker, have the computer vulnerabilities interested, they use computer hidden loopholes, to the entire Internet order caused great damage, but also to the use of the Internet people to cast a shadow. Therefore, the analysis and research of software vulnerabilities in the computer field, data mining, defense, economic and other fields are imminent and to re-examine, intensify the place.This thesis introduces the theory of vulnerability research status at home and abroad, as well as vulnerability database of relevant information. Discusses the vulnerabilities related concepts, definitions and classifications, analyzes the causes of vulnerabilities and exploits nature analyzed and compared and summarized the current loopholes excavations in the more commonly used methods. Any kind of vulnerability discovery method has its advantages and disadvantages, and now the loophole mining scenarios are combined with the advantages of a variety of loopholes in mining methods, the software more comprehensive vulnerability analysis. Based on the study on the basis of vulnerability mining method proposed a general mining vulnerability framework and a common process and data flow analysis based on vulnerability detection methods, the process of the organic structure of the static and dynamic testing method detection methods combined to achieve the software vulnerabilities more comprehensive and thorough testing. Vulnerability Database vulnerability detection and excavation has been an important part of a comprehensive vulnerability database degree of maturity and largely determine the extent and vulnerability detection method can detect vulnerabilities. In terms of vulnerability database started late, low base, so to now have not yet formed a relatively complete their own vulnerability database system. While some companies have established their own vulnerability database, but has not been widely used and promoted, so research in this area is also more difficult. Based on the analysis of the three major loopholes in the current foreign mainstream database systems, and major international CVE vulnerability library reference standards, proposing a framework for vulnerability database model for research in vulnerability databases to provide some reference. Of course, this framework model is also far from perfect, but also need to continue to improve in the future work. Finally, this thesis analyzes software vulnerabilities existing technologies and development direction summary and outlook, this vulnerability database design and vulnerability detection overall framework while not perfect, but still give the future work to provide some reference value.