网络安全 频道
IT168首页 > 网络安全 > 网络安全应用 > 正文

一个评价入侵检测系统漏洞攻击检测覆盖面的指标(3)

作者:佚名 编辑: 李莲 2007-08-14 15:11
分享
2.3 计算漏洞覆盖面的评分指标

有了CVE名到相应CVSS评分的对应表和产品涉及到的CVE名,使用 caculate-score.pl 脚本即可得到评分。

上述几个产品的分析结果比较: CVE条目数 总威胁得分 CVE条目平均CVSS评分 时间因素修正后的总威胁得分RealSecure 7    979       6000.7     6.1                 2694.3Snort           550       3454.3     6.3                 1476.9IDP             311       1947.3     6.3                 796.6

由以上的数据,产品相关漏洞覆盖面的高下就很明显了。

3. 结论

事实上,由于威胁得分的计算是面向漏洞的,因此所有以漏洞处理为核心的安全产品比如漏洞数据库、安全评估、入侵检测类产品都,可以用计算“时间因素修正后的总威胁得分”指标的方法来评价。

附,评分计算相关的脚本工具:

extract-cve-score.pl

--------------------------------- 8< --------------------------------------

#!/usr/bin/perl

my $data = "";

my @cve_names = ("");

my @cve_scores = ("");

my $cve_name = "";

$data = readDBcontent($ARGV[0]);

$data =~ s/<entry /\n<entry /gi;

@cve_names = $data =~ m|<entry type="CVE" name="(CVE-\d\d\d\d-\d\d\d\d)" seq="\d\d\d\d-\d\d\d\d" published="\d\d\d\d-\d\d-\d\d" modified="\d\d\d\d-\d\d-\d\d" severity=".+" CVSS_score="\d{1,2}\.\d" |g;

@cve_scores = $data =~ m|<entry type="CVE" name="CVE-\d\d\d\d-\d\d\d\d" seq="\d\d\d\d-\d\d\d\d" published="\d\d\d\d-\d\d-\d\d" modified="\d\d\d\d-\d\d-\d\d" severity=".+" CVSS_score="(\d{1,2}\.\d)" |g;

for (my $i=0;$i<=$#cve_names;$i++) {

print $cve_names[$i]."\t".$cve_scores[$i]."\n";

}

sub readDBcontent {

my ($table) = @_;

my $dbcon = "";

open(TBL,"<$table")||die($table);

while (<TBL>) {

$dbcon .= $_ ;

}

close(TBL);

return ($dbcon);

}

--------------------------------- 8< --------------------------------------

extract-snort-cve.pl

--------------------------------- 8< --------------------------------------

#!/usr/bin/perl

#

my @issues = ("");

readDBcontent($ARGV[0],\@issues);

for (my $i=0;$i<@issues;$i++) {

my $issuetext = $issues[$i];

if ($issuetext =~ m/\|\| cve,(\d{4}-\d{4}) /) {

print "CVE-".$1."\n";

}

}

sub readDBcontent {

my ($table,$dbcon)=@_;

my $count=0;

open(TBL,"<$table")||die($table);

@{$dbcon}=<TBL>;

close(TBL);

for(my $i=0;$i<@{$dbcon};$i++) {

chomp(${$dbcon}[$i]);

if(${$dbcon}[$i] ne "") { $count++; }

}

return ($count);

}

--------------------------------- 8< --------------------------------------

get-iss-content.pl

--------------------------------- 8< --------------------------------------

#!/usr/bin/perl

#

my $flag = 0;

my $program = "lynx -source ";

my $url_b = "http://xforce.iss.net/xforce/xfdb/";

my @issues = ("");

$|++;

readDBcontent($ARGV[0],\@issues);

for (my $i=0;$i<@issues;$i++) {

my $issuetext = $issues[$i];

my ($aa,$bb,$cc,$vul_id) = split ('','',$issuetext);

if ($vul_id =~ m/^\d+/) {

my $iss_vuln = "$vul_id.txt";

# print $iss_vuln."\n";

if (!(-e $iss_vuln) || (-z $iss_vuln)) {

my $content = "";

$url = $url_b."${vul_id}";

$content = getSection();

open (DATAFILE,">$iss_vuln") or die ("$iss_vuln\n");

print DATAFILE $content;

close (DATAFILE);

}

}

}

sub getSection {

my @page;

my $section_con = "";

my $last = 0;

getPage("$url",\@page);

$section=uc("$section");

for ($i=0;$i<@page;$i++) {

if ($page[$i] =~ m/^<p>The information within this database may change without notice/) {$flag = 0};

if ($flag) {

$page[$i] = removeHtmltag ("$page[$i]");

if($page[$i] eq "") {

if(!$last) { $section_con .= "\n"; $last = 1;}

} else {

$section_con .= "$page[$i]\n";

$last = 0;

}

}

if ($page[$i] =~ m/X-Force Database Results/) {$flag = 1};

}



return $section_con;

}

sub getPage {

my ($url_section,$page_con) = @_;

open (EXECFILE, "$program ''$url_section'' |");

@{$page_con} = <EXECFILE>;

close (EXECFILE);

}

sub removeHtmltag {

my ($string)=@_;

$string =~ s/\t//g;

$string =~ s/\n//g;

$string =~ s/&nbsp;/ /g;

$string =~ s/"/"/g;

$string =~ s/<br><br>/\n/g;

$string =~ s/<br>/\n/g;

$string =~ s/<BR>/\n/g;

$string =~ s/<p>/\n/g;

$string =~ s/<P>/\n/g;

$string =~ s/<\/P>/\n/g;

$string =~ s/<\/p>/\n/g;

$string =~ s/<li>/---/g;

$string =~ s/<LI>/---/g;

$string =~ s/—/-/g;

$string =~ s/<\/OPTION>/\n/g;

$string =~ s/<[^<]*>//g;

$string =~ s/&lt;/</g;

$string =~ s/&gt;/>/g;

$string =~ s/&amp;/&/g;

$string =~ s/&quot;/"/g;

$string =~ s/\015//g;

$string =~ s/^\s*\n*//;

#    $string =~ s/\s*\n*$//;

return $string;

}    

sub readDBcontent {

my ($table,$dbcon)=@_;

my $count=0;

open(TBL,"<$table")||die($table);

@{$dbcon}=<TBL>;

close(TBL);

for(my $i=0;$i<@{$dbcon};$i++) {

chomp(${$dbcon}[$i]);

if(${$dbcon}[$i] ne "") { $count++; }

}

return ($count);

}

--------------------------------- 8< --------------------------------------

extract-iss-cve.pl

--------------------------------- 8< --------------------------------------

#!/usr/bin/perl

#

my @issues = ("");

readDBcontent($ARGV[0],\@issues);

for (my $i=0;$i<@issues;$i++) {

my $issuetext = $issues[$i];

my ($aa,$bb,$cc,$vul_id) = split ('','',$issuetext);

if ($vul_id =~ m/^\d+/) {

my $iss_vuln = "$vul_id.txt";

if ((-e $iss_vuln) && !(-z $iss_vuln)) {

my @contents = ("");

readDBcontent($iss_vuln,\@contents);

for (my $j=0;$j<@contents;$j++) {

if ($contents[$j] =~ m/^---(CVE-\d{4}-\d{4})/) {

print $1."\n";

}

}

}

}

}

sub readDBcontent {

my ($table,$dbcon)=@_;

my $count=0;

open(TBL,"<$table")||die($table);

@{$dbcon}=<TBL>;

close(TBL);

for(my $i=0;$i<@{$dbcon};$i++) {

chomp(${$dbcon}[$i]);

if(${$dbcon}[$i] ne "") { $count++; }

}

return ($count);

}

--------------------------------- 8< --------------------------------------

extract-idp-cve.pl

--------------------------------- 8< --------------------------------------

#!/usr/bin/perl

#

my @issues = ("");

readDBcontent($ARGV[0],\@issues);

for (my $i=0;$i<@issues;$i++) {

my $issuetext = $issues[$i];

if ($issuetext =~ m/:cve \((CVE-\d{4}-\d{4})\)/) {

print $1."\n";

}

}

sub readDBcontent {

my ($table,$dbcon)=@_;

my $count=0;

open(TBL,"<$table")||die($table);

@{$dbcon}=<TBL>;

close(TBL);

for(my $i=0;$i<@{$dbcon};$i++) {

chomp(${$dbcon}[$i]);

if(${$dbcon}[$i] ne "") { $count++; }

}

return ($count);

}

--------------------------------- 8< --------------------------------------

caculate-score.pl

--------------------------------- 8< --------------------------------------

#!/usr/bin/perl

if(scalar(@ARGV) < 2){

print "Usage: $0 CVES-LIST-FILE CVE-SCORE-PAIR-LIST-FILE\n";

exit 1;

}

my %cve_name_score = ();

my @score_data = ("");

readDBcontent($ARGV[1],\@score_data);

my $cur_name = "";

my $cur_score = 0.0;

foreach (@score_data) {

$_ =~ m/(.+)\t(.+)/;

$cur_name = $1;

$cur_score = $2;

$cve_name_score{$cur_name} = $cur_score;

}

my @cves = ("");

readDBcontent($ARGV[0],\@cves);

my $score = 0.0;

my $score1 = 0.0;

my $cve_count = 0;

my $year = 0;

my $score_modified = 0;

foreach (@cves) {

if ($_ ne "") {

if (defined($cve_name_score{$_})) {

$score += $cve_name_score{$_};

$cve_count++;

$_ =~ m/(\d\d\d\d)-\d\d\d\d/;

$year = $1;

$score_modified = $cve_name_score{$_} * ((8-(2006-$year))/8);

$score1 += $score_modified;

}

}

}

my $average = $score/$cve_count;

printf "%d\t%.1f\t%.1f\t%.1f", $cve_count,$score,$average,$score1;

sub readDBcontent {

my ($table,$dbcon)= @_;

my $count= 0;

open(TBL,"<$table")||die($table);

@{$dbcon}=<TBL>;

close(TBL);

for(my $i=0;$i<@{$dbcon};$i++) {

chomp(${$dbcon}[$i]);

if(${$dbcon}[$i] ne "") { $count++; }

}

return ($count);

}
0
相关文章
    盛拓传媒简介 关于IT168 广告服务 使用条款 投稿指南 联系我们
    北京盛拓优讯信息技术有限公司. 版权所有 中华人民共和国增值电信业务经营许可证 编号:京B2-20170206 北京市公安局海淀分局网监中心备案编号:11010802020118
    广播电视节目制作经营许可证:(京) 字第07177号 信息系统安全等级保护备案:11010813655-00001 测绘资质证书:乙测资字11005067 网络文化经营许可证:京网文(2018) 1456-138号
    违法和不良信息举报电话 :010-59548436,010-59544810,17352615267,17816876620,niuxiaotong@pcpop.com,jiachanjuan@126.com