摘要
随着科技发展,软件也在日益更新,其功能和结构愈发复杂多变,从而伴生的软件配置漏洞导致的安全问题也日益增多。传统的人工对配置进行核查不仅耗费时间和精力,而且效率低下,无法满足及时高效确保软件配置安全的需求。知识图谱的发展在各个领域逐显成效,它具有能处理海量数据、建立知识间关联关系等优势,因此通过构建软件配置漏洞知识图谱,来整合存储软件配置漏洞数据,并达到可视化推理分析、关联查询等功能,以实现软件配置漏洞分析更加智能化的目标。
With the development of science and technology,the software is also updated day by day,its function and structure are more complex and changeable,and the security problems caused by the associated software configuration loopholes are also increasing day by day.The traditional manual configuration verification is not only time-consuming and energy-intensive,but also inefficient.It cannot meet the needs of ensuring the security of software configuration in a timely and efficient manner.The development of knowledge graphs is gradually showing results in various fields.There-fore,this paper integrates and stores software configuration vulnerability data by building a software configuration vulnerability knowledge map,and achieves functions such as visual reasoning analysis and correlation query,so as to achieve the goal of more intelligent software configuration vulnerability analysis.
作者
张慕榕
张尼
许凤凯
崔轲
魏利卓
邹志博
Zhang Murong;Zhang Ni;Xu Fengkai;Cui Ke;Wei Lizhuo;Zou Zhibo(National Computer System Engineering Research Institute of China,Beijing 100083,China)
出处
《信息技术与网络安全》
2022年第5期17-24,共8页
Information Technology and Network Security
关键词
知识图谱
安全配置
数据处理
知识融合
图谱构建
knowledge graph
security configuration
data processing
knowledge fusion
graph building