Automatic penetration testing method and system based on knowledge graph

Abstract

The invention discloses an automatic penetration testing method and system based on a knowledge graph, and belongs to the technical field of vulnerability detection. The method comprises the following steps: constructing an expert knowledge base, wherein the expert knowledge base comprises a weak password knowledge base and a vulnerability knowledge base; wherein weak passwords are stored in the weak password knowledge base, and vulnerability information and corresponding vulnerability detection methods are stored in the vulnerability knowledge base; scanning a target host located in a test network to obtain fingerprint information of the target host, and matching the fingerprint information with vulnerability information in the vulnerability knowledge base to obtain a matched vulnerability and a corresponding vulnerability detection method; and sorting the matched vulnerabilities based on the vulnerability risk values, and according to the sorting, calling the corresponding vulnerability detection methods in sequence to detect the matched vulnerabilities. The method and the system disclosed by the invention are used for improving the efficiency and the result accuracy in a vulnerability analysis process and reducing repeated labor of manual analysis.

Description

technical field [0001] The invention belongs to the technical field of vulnerability detection, and in particular relates to an automatic penetration testing method and system based on a knowledge graph. Background technique [0002] As cyberspace has become the fifth largest activity space after sea, land, and air, cyberspace security is closely related to national security and the interests of the people, and maintaining cybersecurity is imminent. Network security intelligence is full of massive multi-source heterogeneous information. Therefore, how to extract threat subjects, detection methods, and defense measures from vulnerability intelligence, threat intelligence, and asset intelligence has become a research hotspot in threat analysis. In 2012, Google took the lead in proposing knowledge graph technology to improve the user's search experience, using the graph structure idea of ​​knowledge graph to improve data collection efficiency and content matching speed when col...

AI Technical Summary

Problems solved by technology

The DE framework was developed by the Japanese MBSD company and is currently a well-known automated penetration testing framework. The DE framework communicates with Metasploit through the RPC protocol to call Metasploit for penetration testing. Its core lies in the use of the reinforcement learning algorithm A3C (Asynchronous Advantage Actor- Critic) algorithm, but the framework has low availability and low efficiency, and can only support a limited number of vulnerabilities; the AP framework automatically generates an attack graph based on MulVAL for the target network, and uses the attack graph as a reinforcement learning algorithm DQN (Deep Q-Learning Network) The input to obtain the best penetration testing path, its essence is still the extended application of the attack graph, the process of constructing the attack graph is complex and poor in practicability; the MPACT framework developed by CoreSecurity Technologies has a multi-level agent model and automation traces The cleaning module has a complete wizard function, but the framework can only run on the Windows platform, and the applicable scenarios are limited

Images