Unlock instant, AI-driven research and patent intelligence for your innovation.

Permeation test comprehensive effect evaluation method and system based on attack tree

A technology of penetration testing and attack effects, applied in the field of network security, can solve the problems of ignoring process decision-making, insufficient research on correlation, etc., and achieve the effect of strong flexibility and scalability

Pending Publication Date: 2022-03-29
中国人民解放军63891部队
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These evaluation methods have insufficient research on the correlation between the complexity of the network attack behavior itself and the effectiveness of the attack, focusing more on the attack results than the attack process, ignoring the decision-making nature of the process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Permeation test comprehensive effect evaluation method and system based on attack tree
  • Permeation test comprehensive effect evaluation method and system based on attack tree
  • Permeation test comprehensive effect evaluation method and system based on attack tree

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The technical solution of the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

[0044] Such as figure 1 As shown, an attack tree-based penetration test comprehensive effect evaluation method, the steps are: execute the corresponding network penetration attack based on the preset penetration test task and obtain the attack data, and obtain the original attack result index data; Attacks are carried out in stages, which are represented as attack subtrees at different stages in the attack tree model; therefore, it is necessary to extract the index data corresponding to the attack subtree, and use the method of combining subjective weighting and objective weighting to analyze each index According to the index type, select the corresponding evaluation model, including the gray relational evaluation model, the evaluation model approaching the ideal solution, and the fuzzy comprehensive evaluation model....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a penetration test comprehensive effect evaluation method based on an attack tree, and the method comprises the steps: dividing a penetration test into a plurality of attack stages based on an attack chain model, building a network attack sub-tree for each attack stage, and combining the attack sub-trees into a complete attack tree according to the relation between the attack stages; calculating the attack effect of each leaf node; evaluating the comprehensive effect of the whole penetration test process according to the relationship among the nodes in the attack tree; meanwhile, the invention discloses a penetration test comprehensive effect evaluation system based on the attack tree. According to the method, the whole process of the attack can be well described, so that the evaluation of the penetration test effect not only pays attention to the final attack effect, the characteristics of each stage of the attack can be better reflected, and the method has more guiding significance for evaluating the security of a network system.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an attack tree-based penetration testing comprehensive effect evaluation method and system. Background technique [0002] With the continuous development of network and information technology, computer network plays an increasingly important role in various fields of people's work and life. Along with the development of the network, various network security problems have also arisen. Understanding and mastering various security threats faced by the network, preventing and eliminating these threats, and ensuring network security have become the focus of attention in various fields. Penetration testing uses relevant technical methods and some professional tools to simulate real network attacks and detect security holes and vulnerabilities of the target system to evaluate the security of the network system. The comprehensive effect evaluation of the penetration test is to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40H04L41/14
CPCH04L63/1416H04L63/1441H04L41/145
Inventor 秦富童刘义袁学军刘迎龙王震苗泉强石鹏飞王鹏樊永文吴皓敏
Owner 中国人民解放军63891部队