Passive Vulnerability Scanning Technology Based On Packet Analysis

With the rapid development of network technology, network security has become a hotspot in network technologies. Typically, hackers and viruses attack the target host system through the vulnerabilities of the system. Vulnerability scanning technology is used to detect the vulnerabilities and the security risks in the system, so that the user know the vulnerabilities of the system and take corresponding actions. The undetectable is of great significance for not leading to congestion, not consuming system services,not being blocked by the firewall and not being found in some special applications. But the current scanning technology, whether active or passive, fails to achieve complete concealment, since both need to interact with the target system.In this paper,passive vulnerability scanning technology based on the data packets analysis is introduced to improve the concealment. The possible vulnerabilities that exist in the target host system are scanned and found out via the analysis of network data packets. The method achieves almost complete concealment, because the required information is abstracted only through the captured traffic packets, and does not need to participate in any network traffic. As a means to scanning, it can improve the performance effectively through cooperation with other methods.First, the article introduces and analyzes the current development and various ways of vulnerability scanning. Then it focuses on the key technologies of scanning systems-application layer protocol and software identification based on packet capture. The method based on fuzzy matching algorithm is used in identifying software. The identification software to the FTP protocol is described, analyzed and tested next. And the browser version is joint identified with the numbers of requested resources in order to improve the accuracy. Then the software implementation processes and test results of the identification to HTTP, FTP, SSH is present. Next, the rest technologies have been studied and introduced, including the collection and integration of other information of the target system, the collection of vulnerabilities, the establishment of vulnerability database, and vulnerabilities matching technology. Finally, this paper introduces the overall framework and implementation processes of the vulnerability scanning system. The practical tests show that the scanning system has high accuracy as well as high concealment.