Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Automatic penetration testing method for information system security

A technology for penetration testing and information systems, applied in the field of automated penetration testing of information system security, it can solve problems such as high degree of manual participation, different data formats, and inability to interact autonomously, so as to improve integrity, efficiency and automation. Effect

Inactive Publication Date: 2014-01-22
706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
View PDF2 Cites 54 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This situation cannot meet the needs of efficient and automated penetration testing
[0006] Lack of an effective automated penetration testing platform. The data formats among the various tools required for testing are different, and independent interaction cannot be performed. Testers need to manually integrate data to drive the penetration testing process. The degree of manual participation is high and cannot meet the needs of automation. Penetration Testing Requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic penetration testing method for information system security
  • Automatic penetration testing method for information system security
  • Automatic penetration testing method for information system security

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The present invention will be further described below in conjunction with the accompanying drawings.

[0022] figure 1 It is a schematic diagram of the experimental configuration for automated penetration testing. The automated penetration testing network is deployed outside the network under test and connected to the LAN through a core switch. The LAN is composed of a server and several hosts. The server provides external services, and the host is connected to the server through the core switch. .

[0023] figure 2 It is a composition block diagram of a software system for realizing the testing method of the present invention, and is mainly composed of an information acquisition module, a vulnerability scanning module, an automatic penetration attack engine, and a report generation module.

[0024] A flow chart of an automated penetration testing method for information system security is shown in image 3 As shown, it specifically includes the following steps:

[...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security and discloses an automatic penetration testing method for information system security. A penetration testing platform is built to automatically scan the mainframe state of an information system and the security loopholes of a topological structure and the information system, to analyze the loophole information, to automatically transfer a verification script in a loophole verification base for attacking a target system, to obtain and improve the target control authority and to remove the access trace after finishing the penetration attack. Finally, the whole penetration testing process and result are recorded and analyzed to generate a testing report. According to the method, the penetration testing flow is comprehensively considered and the existing security analyzing tools are fully utilized to design various tools for packing an automatic penetration testing module, so that the automatic transfer and execution of the tools are achieved, and the completeness of the penetration testing process is improved. Through the exchange utilization of data among different modules and the automatic analysis and arrangement of the result output of the security analyzing tools, the efficiency and automatic degree of the penetration testing are improved.

Description

technical field [0001] The invention belongs to the technical field of network security, and relates to an automatic penetration testing method for information system security. Background technique [0002] With the rapid development of information technology, security vulnerabilities have caused great security risks to information systems, opened the door for malicious intrusion by attackers, and become the entrance and way for malicious codes such as Trojan horses to spread wantonly. With the development of information technology, the security problem of information system is becoming more and more prominent. In order to discover the security problems existing in the information system as early as possible and determine the degree of harm, it is necessary to conduct in-depth penetration tests on the security of the information system periodically. [0003] Penetration testing can simulate real attacks, use vulnerability discovery techniques and attack methods, conduct in-...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 温泉吴明杰王泽玉陈志浩常承伟张金生王晓程王斌王红艳
Owner 706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products