Research On Key Technologies Of Network Vulnerability Scanning

With the rapid development of the Internet,the security problems in cyberspace are becoming more and more prominent.Network security vulnerabilities are one of the main breakthroughs in network attacks.In order to ensure the security of network systems and ensure that network vulnerabilities are not exploited by intruders,Internet users and administrators need to take many protective measures.Among them,network vulnerability scanning is one of the more important and effective means.Network security assessment and trend prediction technology can evaluate the security status of the network system,find the weaknesses of the system,and make targeted security configuration and policy adjustment of the network system.Among them,security vulnerability data,as a basic data of security assessment and prediction,participate in the calculation of security situation value.Therefore,the reasonable use of network security vulnerability scanning technology is also one of the effective means to collect network security vulnerability data.In this thesis,the principle of vulnerability,port scanning and vulnerability scanning are studied,and the implementation of common scanning technology is analyzed.The main work of this thesis is as follows.Firstly,on the basis of vulnerability security problems and network security assessment in network space,this thesis carries out the requirement analysis of network vulnerability scanning system,and defines the realization goal,function requirement and performance requirement of the system.Secondly,this thesis designs a vulnerability scanning system based on port scanning in network space,which can quickly and effectively scan certain vulnerabilities.Scanning of assets and vulnerability data is carried out by host computers in a wide range of networks.Then,a plug-in vulnerability database updating system is designed by combining plug-in technology,which can increase the flexibility and maintainability of the system.Finally,the detailed description of system architecture,the division of system functional modules and the description of function flow are carried out through system design and system implementation.? The system is tested to draw conclusions and verify the effectiveness of the system.In addition to this thesis,the final results include the design and development documents of the network vulnerability scanning system and the prototype system.The system has been tested in the experimental environment.The functions of the system are normal and effective,achieving the desired results,and can be successfully docked with the network security assessment system as a subsystem.