浏览全部资源
扫码关注微信
UVDA:自动化融合异构安全漏洞库框架的设计与实现
UVDA:design and implementation of automation fusion framework of heterogeneous security vulnerability database
- 通信学报 2015年36卷第10期 页码:235-244
- 作者机构:
1. 西安电子科技大学 综合业务网理论及关键技术国家重点实验室,陕西 西安 710071
2. 中国科学院大学 国家计算机网络入侵防范中心,北京 101408
3. 中国科学院 信息工程研究所 信息安全国家重点实验室,北京 100093
- 作者简介:
[ "温涛(1986-),男,内蒙古巴彦淖尔人,西安电子科技大学博士生,主要研究方向为网络与信息系统安全,包括漏洞评估、漏洞管理、应急响应等。" ]
[ "张玉清(1966-),男,陕西宝鸡人,中国科学院大学教授、博士生导师,主要研究方向为网络与信息系统安全。" ]
[ "刘奇旭(1984-),男,江苏徐州人,中国科学院大学讲师,主要研究方向为网络与信息系统安全,包括漏洞挖掘、漏洞评估、漏洞管理、应急响应等。" ]
[ "杨刚(1991-),男,河北张家口人,中国科学院大学硕士生,主要研究方向为网络与信息系统安全,包括漏洞评估、漏洞管理、应急响应等。" ]
- 基金信息:国家自然科学基金资助项目(61272481);国家自然科学基金资助项目(61303239);国家自然科学基金资助项目(61572460);北京市自然科学基金资助项目(4122089);中国科学院信息工程研究所信息安全国家重点实验室开放课题基金资助项目(2015-MS-04)
DOI:10.11959/j.issn.1000-436x.2015218
中图分类号: TP309.1-
网络出版日期:2015-10,
纸质出版日期:2015-10-25
- 稿件说明:
移动端阅览
温涛, 张玉清, 刘奇旭, 等. UVDA:自动化融合异构安全漏洞库框架的设计与实现[J]. 通信学报, 2015,36(10):235-244.
Tao WEN, Yu-qing ZHANG, Qi-xu LIU, et al. UVDA:design and implementation of automation fusion framework of heterogeneous security vulnerability database[J]. Journal on communications, 2015, 36(10): 235-244.
温涛, 张玉清, 刘奇旭, 等. UVDA:自动化融合异构安全漏洞库框架的设计与实现[J]. 通信学报, 2015,36(10):235-244. DOI: 10.11959/j.issn.1000-436x.2015218.
Tao WEN, Yu-qing ZHANG, Qi-xu LIU, et al. UVDA:design and implementation of automation fusion framework of heterogeneous security vulnerability database[J]. Journal on communications, 2015, 36(10): 235-244. DOI: 10.11959/j.issn.1000-436x.2015218.
摘要
安全漏洞是网络安全的关键,漏洞库旨在收集、评估和发布安全漏洞信息。然而,漏洞库相互之间存在数据的冗余和异构,导致漏洞信息共享困难。针对上述问题,收集和分析了15个主流漏洞库共计84.2万条漏洞数据。基于文本挖掘技术提出了漏洞去除重复的规则(准确率为94.4%),以及漏洞数据库融合(UVDA
uniform vulnerability database alliance)框架。最后在多个漏洞库上,实现了UVDA框架,实现过程完全自动化。生成的UVDA数据库已经应用于国家安全漏洞库,并且可以按照产品型号和时间进行统一的检索,推进了漏洞信息发布机制标准化进程。
Abstract
Security vulnerability was the core of network security.Vulnerability database was designed to collect
assess and publish vulnerability information.However
there was redundant and heterogeneous data in vulnerability database which leads to sharing difficulty of vulnerability information among vulnerability database.15 main vulnerability database with a total of 842 thousands of vulnerability data items were connected and analyzed.Based on text mining technology
a rule of removing duplicate form vulnerabilities whose accuracy rate was 94.4% and vulnerability database fusion framework(UVDA)were proposed.Finally
three representative vulnerability database were used to realize UVDA framework
which made the process fully automatic.The generated UVDA vulnerability database has been used in national security vulnerability database and can be retrieved according to uniform product version and date time
promoting the standardization process of vulnerability information release mechanism.
关键词
Keywords
references
LIU Q X , ZHANG Y Q . VRSS:a new system for rating and scoring vulnerabilities [J ] . Computer Communications , 2011 , 34 ( 3 ): 264 - 273 .
ZHAO D Y , FURNELL S M,AL-AYED A . The research on a patch management system for enterprise vulnerability update [A ] . Proc of Information Engineering,WASE International Sonference:2 [C ] . Taiyuan,China , 2009 . 250 - 253 .
MUNIR R , AWAN I , MUFTI M R . A quantitative measure of the security risk level of enterprise networks [A ] . Proc of Broadband and Wireless Computing,Communication and Applications(BWCCA),2013 Eighth International Conference[C].Compiegne:IEEE . 2013 . 437 - 442 .
WU W , YIP F , YIU E , et al . Integrated vulnerability management system for enterprise networks [A ] . Proc of e-Technology,e-Commerce and e-Service,The 2005 IEEE International Conference [C ] . IEEE , 2005 . 698 - 703 .
SHAHZAD M , SHAFIQ M Z , LIU A X . A large scale exploratory analysis of software vulnerability life cycles [A ] . Software Engineering(ICSE),2012 34th International Conference [C ] . IEEE , 2012 . 771 - 781 .
BM internet security systems [EB/OL ] . http://xforce.iss.net/ http://xforce.iss.net/ .
NSFocus [EB/OL ] . http://www.nsfocus.net/ http://www.nsfocus.net/ .
National vulnerability database [EB/OL ] . http:// nvd.nist.gov http:// nvd.nist.gov .
张玉清 , 吴舒平 , 刘奇旭 , 等 . 国家安全漏洞库的设计与实现 [J ] . 通信学报 , 2011 , 32 ( 6 ): 93 - 100 .
ZHANG Y Q , WU S P , LIU Q X , et al . Design and implementation of national security vulnerability database [J ] . Journal on Communications , 2011 , 32 ( 6 ): 93 - 100 .
OKAMURA H , TOKUZANE M , DOHI T . Security evaluation for software system with vulnerability life cycle and user profiles [A ] . Dependable Transportation Systems/Recent Advances in Software Dependability(WDTS-RASD) [C ] . IEEE , 2012 . 39 - 44 .
LIU Q X , ZHANG Y Q , KONG Y , et al . Improving VRSS-based vulnerability prioritization uusing analytic hierarchy process [J ] . Journal of Systems and Software , 2012 , 85 ( 8 ): 1699 - 1708 .
WANG L Y K , SUSHIL J , ANOOP S , et al . K-zero day safety:a network security metric for measuring the risk of unknown vulnerabilities [J ] . IEEE Transactions on Dependable and Secure Computing , 2014 , 11 ( 1 ): 30 - 44 .
GHANI H , LUNA J , KHELIL A . Predictive vulnerability scoring in the context of insufficient information availability [A ] . Proc of Risks and Security of Internet and Systems(CRiSIS),2013 International Conference La Rochelle [C ] . IEEE , 2013 . 1 - 8 .
ALVI A K , ZULKERNINE M . A natural classification scheme for software security patterns [A ] . Dependable,Autonomic and Secure Computing(DASC),2011 IEEE Ninth International Conference [C ] . IEEE , 2011 . 113 - 120 .
VENTER H S , ELOFF J H P , LI Y L . Standardising vulnerability categories [J ] . Computers and Security , 2008 , 27 ( 3-4 ): 71 - 83 .
CHEN Z Q , ZHANG Y , CHEN Z R . A categorization framework for common computer vulnerabilities and exposures [J ] . The Computer Journal , 2010 , 53 ( 5 ): 551 - 580 .
TRIPATHI A , SINGH U K . On prioritization of vulnerability categories based on CVSS scores [A ] . Computer Sciences and Convergence Information Technology(ICCIT),2011 6th International Conference [C ] . IEEE , 2011 . 692 - 697 .
ZHENG C , ZHANG Y Q , SUN Y F , et al . IVDA:international vulnerability database alliance [A ] . Proc of Cybersecurity Summit(WCS),2011 Second Worldwide [C ] . London,UK , 2011 . 1 - 6 .
WANG J A , ZHOU L F , GUO M Z , et al . Measuring similarity for security vulnerabilities [A ] . Proc of System Sciences(HICSS),2010 43rd Hawaii International Conference [C ] . Honolulu , 2010 . 1 - 10 .
KOCATEKIN T , ISTANBUL T , UNAY D . Text mining in radiology reports [A ] . Proc of Signal Processing and Communications Applications Conference(SIU),2013 21st [C ] . Haspolat , 2013 . 1 - 4 .
ABDUL-RAHMAN S , MUTALIB S , KHANAFI N A . Exploring feature selection and support vector machine in text categorization [A ] . Proc of Computational Science and Engineering(CSE),2013 IEEE 16th International Conference [C ] . Sydney,NSW , 2013 . 1101 - 1104 .
Security content automation protocol [EB/OL ] . http://scap.nist.gov/ http://scap.nist.gov/ .
Common vulnerabilities and exposures [EB/OL ] . http://cve.mitre.org/ http://cve.mitre.org/ .
MELL P , SCARFONE K , ROMANOSKY S . Common vulnerability scoring system [J ] . Security and Privacy , 2006 , 4 ( 16 ): 85 - 89 .
ARNOLD A D , HYLA B M , ROWE N C . Automatically building an information-security vulnerability database [A ] . Proc of Automatically Building an Information-Security Vulnerability Database [C ] . West Point,NY , 2006 . 376 - 377 .
GU Y H , LI PEI . Design and research on vulnerability database [A ] . Proc of Information and Computing(ICIC),2010 Third International Conference:2 [C ] . Wuxi,China , 2010 . 209 - 212 .
王晓甜 , 张玉清 . 安全漏洞自动收集系统的设计与实现 [J ] . 计算机工程 , 2006 , 32 ( 20 ): 177 - 179 .
WANG X T , ZHANG Y Q . Design and implementation of security vulnerability auto-collection system [J ] . Computer Engineering , 2006 , 32 ( 20 ): 177 - 179 .
0
浏览量
1663
下载量
1
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答
鸿云智能
中文
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:151731