| With the global coverage of computer networks,a variety of computer software and hardware are increasingly applied to all aspects of daily work and life in society,and the vulnerabilities in these software and hardware are also related to computer network security.The gradual development of technology has burst out and continued to ferment,and during the outbreak,it has caused huge impacts on all aspects of society.However,in this era of frequent network security vulnerabilities,most companies and schools' computer system security protection measures have not been able to obtain the proper level of protection,such as the problem of stale systems,the slow update of vulnerability patches and the lack of Problems with necessary network security software.Therefore,the rapid detection and emergency response of major high-risk serious vulnerabilities that are related to the normal service operation of computer systems are particularly important and are the mainstream research direction.However,the currently used passive vulnerability detection system mainly adopts malicious traffic analysis technology,which has no defensive effect on new-type vulnerability exploitation.On the other hand,mainstream antivirus software and gateway defense systems are highly invasive to the computer system itself and are not cross-platform.They are often inoperable on some older systems.At the same time,the vulnerability detection required by this vulnerability detection method The output time is often long and the detection accuracy is low,and the false negative rate is relatively high.In order to solve the problems caused by the existing vulnerability detection system design in terms of intrusion,detection rate and timely response rate,this paper develops a distributed emergency detection system for loopholes.This system adopts the traditional C / S architecture,and is equipped with a central service platform.At the same time,it installs detection agents on some hosts in each target network segment.The agent hosts are used to implement the vulnerability detection and repair of the hosts in each intranet.In particular,some of the vulnerabilities that only support local detection are implemented by sending detection scripts to the target host,such as some local privilege escalation vulnerabilities.The vulnerability is mainly fixed by issuing a repair script to the target host locally and automatically.This method combines the advantages of host-based and network-based vulnerability scanning.It implements distributed vulnerability detection for large-scale multi-segment integration,and at the same time,it can issue and isolate computer hosts that cannot be repaired.Plug-ins are effectively isolated.In the experimental test process,the system has higher detection efficiency than traditional vulnerability scanners.At the same time,the combination of multiple detection methods makes it have a lower false positive rate and false negative rate,and distributed resources.The reasonable deployment of the system also significantly reduces the occupation of network resources by the system,and has a strong focus on vulnerability detection for specific emergency types.In addition,the system also has the advantages of component plug-in,strong extensibility,and convenient operation interface,which makes it easy to operate and high system security.It is suitable for large-scale network integration scene. |
PDF Full Text Request