Vulnerability Automation Protection System For Warning Information

With the rapid development of the Internet,Web applications meet people's various needs and play a more and more important role in daily life.However,there are endless network security incidents,and it is often seen that well-known companies have suffered heavy losses due to some cyber-attacks.Although major security companies have introduced some protection systems,these systems have little protection against unknown exploits,many companies and government still suffer from exploit after the vulnerability warning.How to quickly respond to vulnerability warnings,quickly fix the problem,or take appropriate temporary measures has become an urgent problem to be solved.In normal circumstances,it can only rely on the manual analysis of the security engineer.The characteristics of the vulnerability attack are abstracted as rules to be applied to the firewall,but the rules may conflict with the normal business.This article uses the normal behavior call analysis and real-time call interception as a point to solve this problem.We use the vulnerability warning announcement as the start.Using the normal behavior call analysis to determine the impact of the scope of the vulnerability,to avoid affecting normal businesses.Using real-time call interception of the function call to check the parameters' value and scope,determine the abnormal call.On one hand,it improves the response speed,this method docs not require manual analysis and abstraction of firewall rules,and does not need to worry about affecting the normal services.On the other hand,it builds and trains a normal behavior model in the usual call analysis process to determine abnormalities during vulnerability warning.This paper designs and implements a system prototype of the vulnerability protection system for vulnerability warning information.It introduces the functions and implementation of each module of the system.This article selected seven different types of high-risk vulnerabilities in three popular PHP web applications to perform functional tests on the system prototype.After the training,the automatic protection system can automatically implement emergency response measures against the vulnerability based on the vulnerability warning information,successfully preventing the vulnerability exploitation attack.It illustrates the vulnerability protection capabilities of the automatic protection system.In the performance tests,the increase of the performance consumption of the system is 5.31%,indicating that it is practical.