The Design And Implementation Of Comprehensive Scanning System

With the continuous development of Internet technology,the network has brought great convenience to our daily life.However,at the same time,the problem of network security is becoming more and more serious.Malicious attackers use the vulnerabilities in the network to invade our network system,causing great damage to our property,which seriously affects the healthy development of the Internet.Therefore,if users want to effectively prevent malicious attackers attacking the system,the users need to use the vulnerability scanner to detect the potential security risks of the system in advance,and take appropriate solutions to solve these bugs in time.We have made a detailed compare and analysis of the current network scanning system,and found that different scanning systems more or less exist following several shortages: the port scanning often leaves traces,causing that scanning is easy to be found by the target host;the speed of scanning is slow,such as ping-scanning;the results of vulnerability scanning are not always accurate,which exists misdeclaration and missing alarm issues;scanning function is single,such as Nmap only for port scanning and operating system identification;the current scanning systems are mainly for website,the scanning for system are very little.To address the above problems,we propose a comprehensive scanning system design scheme based on system service vulnerability.In our scheme,the scanning system adopts modular design method divided by functionality.Modular scheme greatly reduces the overall complexity of the system design,which is the future development trend of the scanning system and design idea of many other software.The system has three modules: information collection module,vulnerability scanning module and result processing module.The information collection module can carry out host online scanning,port scanning,port service verifying and operating system identification.The vulnerability scanning module can detect the vulnerability of the target system which realizes the diversification of the scanning function.And,We take a combination of vulnerability prediction and vulnerability verification to detect a vulnerability.The information collecting module collects the basic information of the target system,mainly for the port service and operating system type information,and then these information will compare with the vulnerability characteristics stored on vulnerability database to predict the roughly scope of vulnerability,and finally,we will use the vulnerability plug-ins to verify that whether each predicted vulnerability exists.This combination of two scanning methods greatly reduces the false alarm rate of loopholes and improves the scanning accuracy of the system.In the implementation of the scanning system,we adopt a variety of techniques to improve the overall performance of the system.Such as the use of multithreading technology to improve the scanning efficiency,the use of plug-in technology to achieve scalability of the scanning system,and the use of scrambled port and random restart of the threads to elude filtering of the firewall of target system,etc.Finally,our scanning system successfully detects the existence of vulnerabilities on the target host in the system testing.