Design and implementation of distributed vulnerability detection system

The current vulnerability detection tools have shortcomings of long-term detecting period and high false rate. Also, normal running of the system could be affected by using aggressive codes. To overcome these shortcomings, a distributed vulnerability detection system based on open vulnerability assessment language is proposed, which detects the security deficiency of the system by using deficiency detecting method based on host. The proposed system consists of two modules: a detecting agent and a central management subsystem. The former executes the function of making detecting plug-in to detect the deficiency of the target host system and the latter provides a definition of the security principles and the methodology of detection. Experimental results shows that the proposed system can achieve faster detection, higher precision, lower impact on the network system performance and higher extensibility than other vulnerability tools. This system is suitable for system vulnerability detection in large-scale local area network.