| The number of security vulnerabilities discovered in computer systems has increased explosively.Currently,in order to keep track of security alerts, system administrators rely on vulnerability databases, and leverage automation tools to detect and process the vulnerability.But now the databases are designed primarily to be read and understood by humans. Given the speed at which an exploit becomes available once vulnerability is known, and the frequency of occurrence of such vulnerabilities, manual human intervention is too slow, time-consuming and may not be effective.We propose the design of a new vulnerability description way which is oriented to be machine readable and process able rather than human oriented. This allows automated response to a vulnerability alert rather than relying on manual intervention of system administrators. With this approach, many kinds of automatic processing of alerts become feasible.We show the value of such a data constructing way by constructing a prototype sample scanner for windows system. We take a detailed description and analysis of the prototype's architecture, key class structure and process flow.Based on such vulnerability description way, we can make the vulnerability process which is drove by data to be more efficiency by basing on such vulnerability construction way .So vulnerability can be processed more efficiently and accurately. |
PDF Full Text Request