Network penetration testing method

A test method and network penetration technology, applied in electrical components, transmission systems, etc., can solve the problems of difficulty in penetration testing, no attack graph, and security testers spending a lot of time, etc., to achieve automation, reduce complexity, The effect of reducing complexity

Active Publication Date: 2016-08-17
NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
View PDF4 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, as the network environment becomes more and more complex, it becomes more and more difficult to complete the penetration test of the specified target system in the network environment
Under normal circumstances, security testers need to spend a lot of time planning attack paths and completing verification of vulnerabilities
Most of the existing penetration testing schemes only target the target hosts in a simple network environment, and are not effectively combined with the attack graph

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network penetration testing method
  • Network penetration testing method
  • Network penetration testing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0034] Example: such as figure 1 Shown is the penetration testing model, which includes four components: Penetration Testing Environment Description Language (PTDL), Single Vulnerability Exploitation Model (SVEM), Network Attack Graph Model, and Automatic Attack Model.

[0035] The penetration test environment description language uses XML to describe, including two sub-parts: network environment description and host vulnerability information description. The network description part is a series of descriptions for specific networks. Each specific network includes network ID, network segment and adjacency reachability. Network ID; host vulnerability information description includes a series of specific host information, including host ID, host IP, host network ID and a series of host vulnerability lists, each vulnerability includes vulnerability CVE number, vulnerability type, vulnerability attacker privilege And exploits to gain access.

[0036] figure 2 Shown is the flowc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a network penetration testing method. The method comprises the steps that 1, a network attack path is established according to the accessibility among different network segments on the basis of an existing network topology and vulnerability information list; 2, the network attack path is traversed, every two adjacent network segments belong to a group, and a single-vulnerability exploitation model (SVEM) is constructed for each vulnerability of an attack target by taking one host in the previous network segment as an attacker and taking one host in the latter network segment as the attack target; 3, the SVEM is synthesized on the basis of a backward search algorithm, and an attack graph from the attaching host to the target host is constructed; 4, all possible attack paths are decomposed according to the attack graph, and attacking is conducted for vulnerabilities in all the paths to obtain an effective attack path. According to the network penetration testing method, the attack path can be automatically planned according to a network environment, an automatic penetration attacking scheme can be achieved, penetration testing is rapidly and efficiently conducted on a target system, and a large quantity of manpower and material resources are saved.

Description

technical field [0001] The invention relates to the field of computer information security, in particular to a network penetration testing method. Background technique [0002] With the development and application of the network, people rely more and more on the computer network. At the same time, the security problems of the network system are becoming more and more prominent. Penetration testing, as a method of simulating attackers to conduct security tests on target systems, is also being used more and more widely. However, as the network environment becomes more and more complex, it becomes more and more difficult to complete the penetration test of the specified target system in the network environment. Normally, security testers need to spend a lot of time planning attack paths and completing verification of vulnerabilities. Most of the existing penetration testing schemes only target the target hosts in a simple network environment, and are not effectively combined...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/1483
Inventor 栾俊超王箭薛明富陈梦珽
Owner NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products