Research On Key Technology Of Vulnerability Management System

In recent years,with the popularization of information technology and network technology,the deepening of the development in life bring convenience to people but also for the Internet environment brings security problems,especially the current multiplied the number of assets under the Internet environment,the resulting risk of network security is becoming more and more high,this makes the people to put forward the deeper and higher level of network security requirements,so the effective management of network service assets,and monitoring to track the assets of the network security situation is particularly important.This article first analyzes the status quo of vulnerability management system,and then points out its insufficiency,finally combining with the present situation of network information system of high energy physics of Chinese academy of sciences,was designed and developed the vulnerability management system to closed loop hole processing,this system includes assets found,vulnerability information tracking and management,vulnerability handling,and data statistical analysis shows four function modules,the design has solved the traditional vulnerability management system cannot be the result of the vulnerability handling to monitor the trace of pain points.Secondly,a vulnerability threat assessment method based on the variable precision rough set theory is proposed,and the method is applied to the vulnerability management system in this paper to evaluate the vulnerability threat level.Finally,the effectiveness of the proposed algorithm is verified by experiments.The specific work of this paper is as follows:1: the accuracy and completeness of loophole threat assessment will directly affect the vulnerability handling dynamics,thus affecting assets security,this paper put forward based on variable precision rough set theory of threat assessment method,and applies this method to the vulnerability management system of the loopholes in the process of threat assessment,finally in the experiments prove the correctness and validity of the method.2: build a vulnerability management system core purpose is to ensure the security of assets,but previous asset management is a special asset management system maintenance,and asset size is too large,divided into the asset partition granularity is difficult to meet the demand of the current network security under the Internet environment,so considering the finer-grained assets safe protection,this paper will find and asset management module is embedded into the vulnerability management system,and the definition of assets into the service level,out of the defect of traditional assets management system partition size is too large.3: the vulnerability scanning results of known service assets,to monitor and track the status of vulnerability handling operations team insight into the effective method of overall assets security situation,this paper USES the work order management system implementation processing of state monitoring and tracking the result of the loopholes,and based on the repair order status online leak repair services,in the end the use of system operation results show that this technology can significantly improve the vulnerability handling efficiency.4: the deployment of vulnerability management system adopts the most popular docker containerization method in the industry.In addition,this system adopts the springboot development framework,which has a better adaptation to containerization deployment.Therefore,this method significantly improves the system deployment efficiency and lays a foundation for future continuous integration/delivery.This article embarks from the pain that is a fact of network information system,loopholes for assets is difficult to control and deal with problems such as not timely constructed in this paper,the vulnerability management system,and applies the system to the real environment of high energy physics research institute of Chinese academy of sciences,has been deployed,practical operation effect shows that the system can improve the efficiency of loopholes disposal,asset security situation in the quantitative research,and improve the existing network security protection system.