Vulnerability Detection And Risk Assessment Techniques For Study

With the development of computer net and the popularization of Internet, network information security has become the key element of keeping country's security and social stability. It is the urgent affairs to improve internet's ability of defence and keep the security of information. How to initiatively scan and detect different operation system or net communication, especially according to the result of detection to put up a risk analysis and assessment report has been to the hotspot in the research of net security. This paper laid a strong emphasis on the detection of net security. First of all, it elaborates on the causes, classification and all kinds of scan technology of vulnerability. On the basis of it, the vulnerabilities database is set up by abstracting and classifying its characters, which including 7 kinds of table-files such as register, Troy back doors, redundant services, FTP protocol, CGI protocol, Finger protocol and Ident protocol. Secondly, the conception, classification, method of risk analysis and assessment are introduced in the paper. Then the four factors about vulnerability risk level are set down by vulnerabilities detection and algorithm of vulnerability's risk analysis and assessment is proposed according to general standard of risk analysis and assessment Finally, taking into account its integrality, maintainability, authoritativeness and self-protection, system model, framework of net security detection and risk assessment system is designed. Most of function modules are implemented in this project. This system adopts the active detect method, in which detect program act as attacker so as to finding vulnerabilities. First, scan ports of target hosts using kinds of scan techniques, then search vulnerabilities detect code in the vulnerabilities character database according services that open ports provide. Next, send packages which include vulnerabilities detect code and wait for target's responses. At last, judge vulnerabilities exist or not base on the responses.After the detection finished, put vulnerabilities practically detected into the result database, make risk analysis and create evaluate report. This system can scan, detect, validate repair both on local and remote hosts, which dispays results in kinds of forms including text, table, hyper text, graph and so on. This system can make risk analysis and assessment based on vulnerabilities detected by analysis and assessment arithmetics, and then provides the integer security level of target hosts and security suggests.