Method and system for automatically generating a network security testing mission profile based on subject matter
By automatically generating network security test task outlines using Bi-LSTM+CRF technology and network security knowledge graphs, the problem of time-consuming and labor-intensive manual outline writing in existing technologies is solved, achieving efficient and accurate test outline generation and improving testing efficiency and operability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- NO 50 RES INST OF CHINA ELECTRONICS TECH GRP
- Filing Date
- 2022-12-19
- Publication Date
- 2026-06-05
AI Technical Summary
Current cybersecurity testing relies on manually writing test outlines, which consumes a lot of testers' time and energy and requires a high level of knowledge from testers, thus affecting testing efficiency and accuracy.
The system uses Bi-LSTM+CRF technology to analyze the indicator requirements, utilizes a cybersecurity knowledge graph to obtain cybersecurity indicator keywords, and displays the correspondence between them and subjects through a mind map to automatically generate a cybersecurity test task outline.
It lowers the knowledge requirements for testers, improves the efficiency and accuracy of test outline generation, enhances visibility and operability, optimizes traditional workflows, and improves the efficiency of the testing process.
Smart Images

Figure CN116187293B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of network security testing, and more specifically, to a method and system for automatically generating network security test task outlines based on subjects. Background Technology
[0002] With the rapid development of network technology, cyberattacks have become increasingly complex and frequent, posing a growing threat to cyberspace security. The growing severity of cybersecurity issues impacts social stability and national security, prompting nations to place greater emphasis on cybersecurity. Therefore, evaluating systems or equipment through cybersecurity testing to enhance cybersecurity defense capabilities has become increasingly important.
[0003] Currently, cybersecurity testing is typically conducted based on test outlines and detailed test rules, which are usually drafted by testers after consulting relevant cybersecurity materials. Because cybersecurity involves a vast amount of knowledge, including vulnerabilities, attack methods, defense methods, and attack tools, testers are required to have a high level of knowledge and be familiar with cybersecurity concepts and the information related to the system under test. Furthermore, to ensure the accuracy and reliability of the cybersecurity test outline, testers frequently need to consult relevant materials to obtain vulnerability attack and defense methods or information on the performance metrics of the system under test, which consumes a significant amount of their time and energy. These issues all have a certain impact on the conduct of cybersecurity testing. Summary of the Invention
[0004] To address the shortcomings of existing technologies, the purpose of this invention is to provide a method and system for automatically generating cybersecurity test task outlines based on subject areas.
[0005] A method for automatically generating a cybersecurity test task outline based on subjects, provided by the present invention, includes:
[0006] Step S1: Decompose the indicator requirements based on the task information file, and analyze the network security indicator keywords related to network security testing in the indicator requirements;
[0007] Step S2: Based on the keywords of network security indicators, use relevant entity discovery technology to obtain the recommended subjects corresponding to the indicators;
[0008] Step S3: Use mind maps to illustrate the correspondence between the tested system, indicators, and subjects;
[0009] Step S4: Based on the correspondence between the system under test, indicators, and subjects, automatically generate a test task outline using the network security test task outline template.
[0010] Preferably, step S1 employs:
[0011] Step S1.1: Decompose the indicator requirements based on the task information file, traverse the indicator requirements, and encode the words in the indicator requirements using One-Hot encoding to form word vectors;
[0012] Step S1.2: Use Bi-LSTM to perform matrix operations on word vectors to extract semantic feature information from the text that meets the index requirements;
[0013] Step S1.3: Use CRF technology to process the extracted semantic feature information and output the entity tag sequence that best matches the actual situation. The current entity tag sequence is the network security indicator keyword.
[0014] Preferably, step S2 employs:
[0015] Step S2.1: Network security indicator keywords are matched with knowledge graph nodes using fuzzy query statements through the network security knowledge graph, and nodes within the tag range are obtained by restricting node tags;
[0016] Step S2.2: Based on the network security knowledge graph, perform relationship and path queries on the acquired nodes to obtain information on other nodes associated with the node;
[0017] Step S2.3: Calculate the degree of correlation between nodes using relevant entity discovery technology, obtain the nodes related to the node, sort the relevant nodes according to the degree of correlation between nodes, and obtain the recommended subjects corresponding to the indicators based on the sorting.
[0018] Preferably, the degree of correlation adopts:
[0019] P(e|e s ,T,R)∝P(R|e s ,e)×P(e|e s )×P(T|e)
[0020] Where T represents type, R represents relation description, and e and e s Represents two entities;
[0021] The degree of entity co-occurrence P(e|e) s The calculation is as follows:
[0022]
[0023] Where, f(e, e) s ) is e and e s The co-occurrence frequency is estimated based on the number of times two entities co-occur in the corpus; E represents the set of entities;
[0024] Based on type correlation, P(T|e) represents the probability that e belongs to type T, and is calculated using the following formula:
[0025]
[0026] Among them, U e U is the set of neighboring entities of entity e. T It is a collection of entities of type T;
[0027] Relevance based on relation P(R|e) s e), is mainly used to identify the e that best matches the context of the relation description R. The specific calculation formula is as follows:
[0028]
[0029] Where t is a keyword in the relation description R, and n(t, R) is the number of times t appears in R. The calculation formula is as follows:
[0030]
[0031] Calculate P(e|e) s After sorting (T, R), the subjects most relevant to the indicator keywords are associated with the indicators, and the results are displayed using a mind map with visual controls. This indicates that it contains both entity e and entity e. s The set of statements, θ d This refers to statement d. This indicates that it contains both entity e and e'. s Statements.
[0032] Preferably, step S4 employs the following methods:
[0033] Step S4.1: Select a network security test outline template. The template content includes: task basis, test purpose, test time, test items, and test methods.
[0034] Step S4.2: Read the task information filled in by the user and stored in the database, including the task basis and test purpose, and use its value as the paragraph information after the title of the network security test outline template, forming a key-value pair format of {key, value}.
[0035] Step S4.3: Read the indicator subject information from the mind map and generate JSON format data;
[0036] Step S4.4: Read the task key-value pair information, and use the add_paragraph method in the Pydocx plugin to write the content of the outline task section, thereby completing the generation of the network security test task outline;
[0037] The testing items, methods, and requirements are populated based on the generated JSON data;
[0038] Iterate through each indicator and its corresponding test subject, detection target and detection method, and use the add_heading method in the Pydocx plugin to generate a subject title by using the test subject corresponding to the indicator as the name;
[0039] Use the add_paragraph method in the Pydocx plugin to generate paragraphs containing test items, test methods, etc., under a subject.
[0040] A system for automatically generating cybersecurity test task outlines based on subjects, according to the present invention, includes:
[0041] Module M1: Based on the task information file, decompose the indicator requirements and parse the network security indicator keywords related to network security testing in the indicator requirements;
[0042] Module M2: Based on network security indicator keywords, it uses related entity discovery technology to obtain recommended subjects corresponding to the indicators;
[0043] Module M3: Uses mind maps to illustrate the correspondence between the tested system, indicators, and subjects;
[0044] Module M4: Based on the correspondence between the system under test, indicators, and subjects, it automatically generates a test task outline using a network security test task outline template.
[0045] Preferably, module M1 adopts:
[0046] Module M1.1: Based on the task information file, decompose the indicator requirements, traverse the indicator requirements, and encode the words in the indicator requirements using One-Hot encoding to form word vectors;
[0047] Module M1.2: Uses Bi-LSTM to perform matrix operations on word vectors to extract semantic feature information from the text that meets the index requirements;
[0048] Module M1.3: Uses CRF technology to process the extracted semantic feature information and outputs the entity tag sequence that best matches the actual situation. The current entity tag sequence is the keyword of network security indicators.
[0049] Preferably, the module M2 adopts:
[0050] Module M2.1: Network security indicator keywords use fuzzy query statements to match knowledge graph nodes through the network security knowledge graph, and obtain nodes within the tag range by restricting node tags;
[0051] Module M2.2: Based on the network security knowledge graph, perform relationship and path queries on the acquired nodes to obtain information on other nodes associated with the node;
[0052] Module M2.3: Through related entity discovery technology, it calculates the degree of correlation between nodes, obtains the nodes related to the node, sorts the related nodes according to the degree of correlation between nodes, and obtains the recommended subjects corresponding to the indicators based on the sorting.
[0053] Preferably, the degree of correlation is:
[0054] P(e|e s ,T,R)∝P(R|e s ,e)×P(e|e s )×P(T|e)
[0055] Where T represents type, R represents relation description, and e and e s Represents two entities;
[0056] The degree of entity co-occurrence P(e|e s The calculation is as follows:
[0057]
[0058] Where, f(e, e) s ) is e and e s The co-occurrence frequency is estimated based on the number of times two entities co-occur in the corpus; E represents the set of entities;
[0059] Based on type correlation, P(T|e) represents the probability that e belongs to type T, and is calculated using the following formula:
[0060]
[0061] Among them, U e U is the set of neighboring entities of entity e. T It is a collection of entities of type T;
[0062] Relevance based on relation P(R|e) s e), is mainly used to identify the e that best matches the context of the relation description R. The specific calculation formula is as follows:
[0063]
[0064] Where t is a keyword in the relation description R, and n(t, R) is the number of times t appears in R. The calculation formula is as follows:
[0065]
[0066] Calculate P(e|e) s After sorting (T, R), the subjects most relevant to the indicator keywords are associated with the indicators, and the results are displayed using a mind map with visual controls. This indicates that it contains both entity e and entity e. s The set of statements, θ d This refers to statement d. This indicates that it contains both entity e and e'. s Statements.
[0067] Preferably, the module M4 adopts:
[0068] Module M4.1: Select a network security test outline template. The template content includes: task basis, test purpose, test time, test items, and test methods.
[0069] Module M4.2: Reads the task information filled in by the user and stored in the database, including the task basis and test purpose, and uses its value as the paragraph information after the title of the network security test outline template, which is the task basis and test purpose, forming a key-value pair format of {key, value}.
[0070] Module M4.3: Reads the indicator and subject information from the mind map and generates JSON format data;
[0071] Module M4.4: Reads task key-value pair information and uses the add_paragraph method in the Pydocx plugin to write the content of the outline task section, thereby completing the generation of the network security test task outline;
[0072] The testing items, methods, and requirements are populated based on the generated JSON data;
[0073] Iterate through each indicator and its corresponding test subject, detection target and detection method, and use the add_heading method in the Pydocx plugin to generate a subject title by using the test subject corresponding to the indicator as the name;
[0074] Use the add_paragraph method in the Pydocx plugin to generate paragraphs containing test items, test methods, etc., under a subject.
[0075] Compared with the prior art, the present invention has the following beneficial effects:
[0076] 1. This invention utilizes Bi-LSTM+CRF technology to obtain semantic feature information through a bidirectional long short-term memory network model (Bi-LSTM) and obtain network security entities through a conditional random field (CRF), thus achieving the technical effect of transforming indicator requirements into network security entities and completing the extraction of network security keywords from indicator requirements;
[0077] 2. This invention uses relevant entity discovery technology to obtain the subjects most relevant to the cybersecurity keywords required by the indicator, realizes automatic subject generation, and completes the correspondence between indicator requirements and subject information;
[0078] 3. This invention displays the correspondence between indicator requirements and subjects using mind maps, enhancing visibility and operability and reducing the operational difficulty for testers. Simultaneously, based on a cybersecurity knowledge graph, it utilizes knowledge retrieval to lower the cybersecurity knowledge requirements for testers.
[0079] 4. This invention utilizes the Pydocx plugin to generate a cybersecurity test outline from an indicator-subject mind map, enhancing the intelligence of outline design, reducing the workload of cybersecurity testers, greatly improving the efficiency of the testing process, optimizing traditional workflows, and promoting overall project progress. Attached Figure Description
[0080] Other features, objects, and advantages of the present invention will become more apparent from the following detailed description of non-limiting embodiments with reference to the accompanying drawings:
[0081] Figure 1 A flowchart illustrating the methodology for designing a network security testing task outline.
[0082] Figure 2 A schematic diagram of a cybersecurity knowledge entity extraction model.
[0083] Figure 3 This is a diagram of the Bi-LSTM+CRF model.
[0084] Figure 4 Automatically generate flowcharts for subjects. Detailed Implementation
[0085] The present invention will now be described in detail with reference to specific embodiments. These embodiments will help those skilled in the art to further understand the present invention, but do not limit the invention in any way. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all fall within the protection scope of the present invention.
[0086] The purpose of this invention is to provide a method and system for designing network security test task outlines based on automatic subject generation, which provides testers with test task outlines for testing systems or equipment, greatly improves the work efficiency of the testing process, optimizes traditional workflows, and promotes project progress as a whole.
[0087] To address the shortcomings of the prior art, the main technical problems to be solved by the present invention are as follows:
[0088] 1) Utilize relevant entity discovery technology to automatically generate accounts based on the decomposed indicators;
[0089] 2) Generate a network security test task outline by automatically generating the subject and using the network security test task outline design method.
[0090] Example 1
[0091] A method for automatically generating a cybersecurity test task outline based on subjects, provided by the present invention, includes:
[0092] Step S1: Decompose the indicator requirements based on the task information file, and analyze the network security indicator keywords related to network security testing in the indicator requirements;
[0093] Step S2: Based on the keywords of network security indicators, use relevant entity discovery technology to obtain the recommended subjects corresponding to the indicators;
[0094] Step S3: Use mind maps to illustrate the correspondence between the tested system, indicators, and subjects;
[0095] Step S4: Based on the correspondence between the system under test, indicators, and subjects, automatically generate a test task outline using the network security test task outline template.
[0096] Specifically, step S1 employs the following:
[0097] Step S1.1: Decompose the indicator requirements based on the task information file, traverse the indicator requirements, and encode the words in the indicator requirements using One-Hot encoding to form word vectors;
[0098] Step S1.2: Use Bi-LSTM to perform matrix operations on word vectors to extract semantic feature information from the text that meets the index requirements;
[0099] Step S1.3: Use CRF technology to process the extracted semantic feature information and output the entity tag sequence that best matches the actual situation. The current entity tag sequence is the network security indicator keyword.
[0100] Specifically, step S2 employs the following:
[0101] Step S2.1: Network security indicator keywords are matched with knowledge graph nodes using fuzzy query statements through the network security knowledge graph, and nodes within the tag range are obtained by restricting node tags;
[0102] Step S2.2: Based on the network security knowledge graph, perform relationship and path queries on the acquired nodes to obtain information on other nodes associated with the node. Here, entities are represented as nodes in the graph. Relationship queries can retrieve one or more other nodes related to the current node. Path queries can retrieve a path that the node exists on. For example: querying a node for a vulnerability; relationship query: finding a device that contains the vulnerability; path query: finding a device that contains the vulnerability.
[0103] Step S2.3: Calculate the degree of correlation between nodes using relevant entity discovery technology, obtain the nodes related to the node, sort the relevant nodes according to the degree of correlation between nodes, and obtain the recommended subjects corresponding to the indicators based on the sorting.
[0104] Specifically, the degree of correlation is determined by:
[0105] P(e|e s ,T,R)∝P(R|e s ,e)×P(e|e s )×P(T|e)
[0106] Where T represents type, R represents relation description, and e and e s Represents two entities;
[0107] The degree of entity co-occurrence P(e|e s The calculation is as follows:
[0108]
[0109] Where, f(e, e) s ) is e and e s The co-occurrence frequency is estimated based on the number of times two entities co-occur in the corpus; E represents the set of entities;
[0110] Based on type correlation, P(T|e) represents the probability that e belongs to type T, and is calculated using the following formula:
[0111]
[0112] Among them, U e U is the set of neighboring entities of entity e. T It is a collection of entities of type T;
[0113] Relevance based on relation P(R|e) s e), is mainly used to identify the e that best matches the context of the relation description R. The specific calculation formula is as follows:
[0114]
[0115] Where t is a keyword in the relation description R, and n(t, R) is the number of times t appears in R. The calculation formula is as follows:
[0116]
[0117] Calculate P(e|e) s After sorting (T, R), the subjects most relevant to the indicator keywords are associated with the indicators, and the results are displayed using a mind map with visual controls. This indicates that it contains both entity e and entity e. s The set of statements, θ d This refers to statement d. This indicates that it contains both entity e and e'. s Statements.
[0118] Specifically, step S4 employs the following:
[0119] Step S4.1: Select a network security test outline template. The template content includes: task basis, test purpose, test time, test items, and test methods.
[0120] Step S4.2: Read the task information filled in by the user and stored in the database, including the task basis and test purpose, and use its value as the paragraph information after the title of the network security test outline template, forming a key-value pair format of {key, value}.
[0121] Step S4.3: Read the indicator subject information from the mind map and generate JSON format data;
[0122] Step S4.4: Read the task key-value pair information, and use the add_paragraph method in the Pydocx plugin to write the content of the outline task section, thereby completing the generation of the network security test task outline;
[0123] The testing items, methods, and requirements are populated based on the generated JSON data;
[0124] Iterate through each indicator and its corresponding test subject, detection target and detection method, and use the add_heading method in the Pydocx plugin to generate a subject title by using the test subject corresponding to the indicator as the name;
[0125] Use the add_paragraph method in the Pydocx plugin to generate paragraphs containing test items, test methods, etc., under a subject.
[0126] A system for automatically generating cybersecurity test task outlines based on subjects, according to the present invention, includes:
[0127] Module M1: Decomposes the indicator requirements based on the task information file and parses the network security indicator keywords related to network security testing in the indicator requirements;
[0128] Module M2: Based on network security indicator keywords, it uses related entity discovery technology to obtain recommended subjects corresponding to the indicators;
[0129] Module M3: Uses mind maps to illustrate the correspondence between the tested system, indicators, and subjects;
[0130] Module M4: Based on the correspondence between the system under test, indicators, and subjects, it automatically generates a test task outline using a network security test task outline template.
[0131] Specifically, module M1 adopts:
[0132] Module M1.1: Based on the task information file, decompose the indicator requirements, traverse the indicator requirements, and encode the words in the indicator requirements using One-Hot encoding to form word vectors;
[0133] Module M1.2: Uses Bi-LSTM to perform matrix operations on word vectors to extract semantic feature information from the text that meets the index requirements;
[0134] Module M1.3: Uses CRF technology to process the extracted semantic feature information and outputs the entity tag sequence that best matches the actual situation. The current entity tag sequence is the keyword of network security indicators.
[0135] Specifically, module M2 adopts:
[0136] Module M2.1: Network security indicator keywords use fuzzy query statements to match knowledge graph nodes through the network security knowledge graph, and obtain nodes within the tag range by restricting node tags;
[0137] Module M2.2: Based on a network security knowledge graph, this module performs relationship and path queries on the acquired nodes to obtain information about other nodes associated with them. Entities are represented as nodes in the graph. Relationship queries can retrieve one or more nodes related to the current node. Path queries can retrieve a path that the current node can access. For example: querying a node for a vulnerability; relationship query: finding a device that contains the vulnerability; path query: finding a device that contains the vulnerability.
[0138] Module M2.3: Through related entity discovery technology, it calculates the degree of correlation between nodes, obtains the nodes related to the node, sorts the related nodes according to the degree of correlation between nodes, and obtains the recommended subjects corresponding to the indicators based on the sorting.
[0139] Specifically, the degree of correlation is determined by:
[0140] P(e|e s ,T,R)∝P(R|e s ,e)×P(e|e s )×P(T|e)
[0141] Where T represents type, R represents relation description, and e and e s Represents two entities;
[0142] The degree of entity co-occurrence P(e|e) s The calculation is as follows:
[0143]
[0144] Where, f(e, e) s ) is e and e s The co-occurrence frequency is estimated based on the number of times two entities co-occur in the corpus; E represents the set of entities;
[0145] Based on type correlation, P(T|e) represents the probability that e belongs to type T, and is calculated using the following formula:
[0146]
[0147] Among them, U e U is the set of neighboring entities of entity e. T It is a collection of entities of type T;
[0148] Relevance based on relation P(R|e) s e), is mainly used to identify the e that best matches the context of the relation description R. The specific calculation formula is as follows:
[0149]
[0150] Where t is a keyword in the relation description R, and n(t, R) is the number of times t appears in R. The calculation formula is as follows:
[0151]
[0152] Calculate P(e|e) s After sorting (T, R), the subjects most relevant to the indicator keywords are associated with the indicators, and the results are displayed using a mind map with visual controls. This indicates that it contains both entity e and entity e. s The set of statements, θ d This refers to statement d. This indicates that it contains both entity e and e'. sStatements.
[0153] Specifically, module M4 adopts:
[0154] Module M4.1: Select a network security test outline template. The template content includes: task basis, test purpose, test time, test items, and test methods.
[0155] Module M4.2: Reads the task information filled in by the user and stored in the database, including the task basis and test purpose, and uses its value as the paragraph information after the title of the network security test outline template, which is the task basis and test purpose, forming a key-value pair format of {key, value}.
[0156] Module M4.3: Reads the indicator and subject information from the mind map and generates JSON format data;
[0157] Module M4.4: Reads task key-value pair information and uses the add_paragraph method in the Pydocx plugin to write the content of the outline task section, thereby completing the generation of the network security test task outline;
[0158] The testing items, methods, and requirements are populated based on the generated JSON data;
[0159] Iterate through each indicator and its corresponding test subject, detection target and detection method, and use the add_heading method in the Pydocx plugin to generate a subject title by using the test subject corresponding to the indicator as the name;
[0160] Use the add_paragraph method in the Pydocx plugin to generate paragraphs containing test items, test methods, etc., under a subject.
[0161] Example 2
[0162] Example 2 is a preferred example of Example 1.
[0163] The technical solution of the present invention will now be clearly and completely described with reference to the accompanying drawings.
[0164] See Figure 1 This invention proposes a method for designing a cybersecurity test task outline based on automatically generated subject information. The method includes:
[0165] Step S100: Based on the indicator requirements decomposed from the task information files such as indicator documents and technical requirements, Bi-LSTM+CRF technology is used to parse out the indicator keywords related to network security testing in each indicator requirement. See details below. Figure 2The entity extraction model is illustrated below. It processes the training set to obtain word vectors and semantic features, then sequentially inputs these features into a Bi-LSTM layer and a CRF to obtain the most realistic entity tag sequence. After training the model, inputting data from the test set yields the most accurate entity tag sequence.
[0166] Step S100 includes:
[0167] Step S101: A tested system typically corresponds to multiple indicator requirements. Each indicator requirement is generally a sentence. Traverse the indicator requirements and encode the words using One-Hot encoding to form word vectors.
[0168] Step S102 involves using Bi-LSTM to perform matrix operations on the basic word vectors to extract semantic feature information from the text required by the metrics. Specifically, as follows... Figure 3 As shown, firstly, for the input layer, the sentence is given by the input sequence x = (x1, x2, ... x... n The input is n, where n represents the length of the sentence. Then, in the Bi-LSTM layer, two LSTMs are used to label each token of the past and future context learning sequences.
[0169] Step S103: Based on the extracted semantic feature information, the output of the Bi-LSTM layer is processed using CRF technology to output the entity tag sequence that best matches the actual situation, i.e., network security indicator keywords.
[0170] In step S200, following step S100, the recommended subjects corresponding to the network security indicator keywords are obtained using relevant entity discovery technology. The specific process of step S200 is as follows: Figure 4 As shown, it specifically includes:
[0171] Step S201: Input cybersecurity indicator keywords. Using the cybersecurity knowledge graph, match knowledge graph nodes using fuzzy query statements such as "~.", "startswith", "endswith", and "Contains". Retrieve nodes within a specified tag range by limiting node tags. For example, the tag range for output nodes can be categories such as "attack tools", "attack methods", "test subjects", and "devices". This generates subjects and related information that more closely resemble cybersecurity testing.
[0172] Step S202: Perform relationship and path queries on the obtained nodes based on the network security knowledge graph. Relationship queries can retrieve the name of the test subject for that metric. Path queries can retrieve information such as "using XX attack tools to attack XX device's XX vulnerability using XX attack methods." Based on the relationship and path queries, information on other nodes associated with that node can be obtained.
[0173] Step S203: Using relevant entity discovery technology, calculate the degree of association between entities, obtain entities related to the node, and sort the relevant entities according to the degree of association. The degree of association is P(e|e). s The three factors (T, R) are determined by the following formula:
[0174] P(e|e s ,T,R)∝P(R|e s ,e)×P(e|e s )×P(T|e)
[0175] Where T represents type, R represents relation description, and e and e s This represents two entities.
[0176] (1) The degree of entity co-occurrence P(e|e s The calculation is as follows:
[0177]
[0178] Where, f(e, e) s ) is e and e s The co-occurrence frequency is estimated based on the number of times the two entities co-occur in the corpus.
[0179] E represents a set of entities;
[0180] (2) Based on type correlation, P(T|e) represents the probability that e belongs to type T, and the calculation formula is as follows:
[0181]
[0182] Among them, U e U is the set of neighboring entities of entity e. T It is a collection of entities of type T.
[0183] (3) Relevance based on relation P(R|e s e), is mainly used to identify the e that best matches the context of the relation description R. The specific calculation formula is as follows:
[0184]
[0185] Where t is a keyword in the relation description R, and n(t, R) is the number of times t appears in R. The calculation formula is as follows:
[0186]
[0187] Calculate P(e|e) sAfter sorting (T, R), the subjects most relevant to the indicator keywords are associated with the indicators, and the results are displayed using a mind map with visual controls. This indicates that it contains both entity e and entity e. s The set of statements, θ d This refers to statement d. This indicates that it contains both entity e and e'. s Statements.
[0188] In step S300, following step S200, knowledge will be retrieved through a knowledge graph, and the subject will be modified using a mind map. Step S300 specifically includes:
[0189] Step S301: Use a mind map to illustrate the correspondence between the tested system, indicators, and subjects. For example, if the tested system is "fire extinguishing equipment in the computer room" and the indicator is "capable of fire extinguishing," then the subject is "fire prevention," and the test method is "it should be checked whether fire extinguishing equipment is provided in the computer room." This is one item in the mind map.
[0190] Step S302: The user performs knowledge queries as needed, and modifies the content, indicators, and correspondence between subjects based on the query results.
[0191] Following step S300, step 400 automatically generates a task outline based on the user-selected cybersecurity testing task outline template, using the modified subjects. Step S400 specifically includes:
[0192] Step S401: The user selects a network security test outline template. The template generally includes the task basis, test purpose, test time, test items, test methods, etc. The user can also select a historical test outline as a template and modify it according to the target being tested.
[0193] Step S402: Read the task information entered and stored by the user, including the task basis and test purpose, and use its values as paragraph information after the headings "Task Basis" and "Test Purpose" in the outline template, forming a key-value pair format of {key,value}. Next, read the indicator subject information from the mind map and form JSON format data.
[0194] Step S403: Read the task key-value pair information and use the `add_paragraph` method in the Pydocx plugin to write the content of the task outline. For the detection items, methods, and requirements, this is mainly based on the generated JSON data. Iterate through each indicator and its corresponding detection target and method, using the `add_heading` method in the Pydocx plugin to generate a subject title using the corresponding test subject as the name, and then use the `add_paragraph` method in the Pydocx plugin to generate paragraphs containing test items, test methods, etc., under each subject. This completes the generation of the cybersecurity testing task outline.
[0195] Those skilled in the art will understand that, in addition to implementing the system, apparatus, and their modules provided by this invention in purely computer-readable program code, the same program can be implemented in the form of logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded microcontrollers by logically programming the method steps. Therefore, the system, apparatus, and their modules provided by this invention can be considered a hardware component, and the modules included therein for implementing various programs can also be considered structures within the hardware component; alternatively, modules for implementing various functions can be considered both software programs implementing the method and structures within the hardware component.
[0196] Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the specific embodiments described above, and those skilled in the art can make various changes or modifications within the scope of the claims, which do not affect the essence of the present invention. Unless otherwise specified, the embodiments and features described in this application can be arbitrarily combined with each other.
Claims
1. A method for automatically generating cybersecurity test task outlines based on subjects, characterized in that, include: Step S1: Decompose the indicator requirements based on the task information file, and analyze the network security indicator keywords related to network security testing in the indicator requirements; Step S2: Based on the keywords of network security indicators, use relevant entity discovery technology to obtain the recommended subjects corresponding to the indicators; Step S3: Use mind maps to illustrate the correspondence between the tested system, indicators, and subjects; Step S4: Based on the correspondence between the system under test, indicators, and subjects, automatically generate a test task outline using the network security test task outline template; Step S1 adopts the following: Step S1.1: Decompose the indicator requirements based on the task information file, traverse the indicator requirements, and encode the words in the indicator requirements using One-Hot encoding to form word vectors; Step S1.2: Use Bi-LSTM to perform matrix operations on word vectors to extract semantic feature information from the text that meets the index requirements; Step S1.3: Process the extracted semantic feature information using CRF technology and output the entity tag sequence that best matches the actual situation. The current entity tag sequence is the network security indicator keyword. Step S4 employs the following: Step S4.1: Select a network security test outline template. The template content includes: task basis, test purpose, test time, test items, and test methods. Step S4.2: Read the task information filled in by the user and stored in the database, including the task basis and test purpose, and use its value as the paragraph information after the title of the network security test outline template, forming a key-value pair format of {key,value}. Step S4.3: Read the indicator subject information from the mind map and generate JSON format data; Step S4.4: Read the task key-value pair information, and use the add_paragraph method in the Pydocx plugin to write the content of the outline task section, thereby completing the generation of the network security test task outline; The testing items, methods, and requirements are populated based on the generated JSON data; Iterate through each indicator and its corresponding test subject, detection target and detection method, and use the add_heading method in the Pydocx plugin to generate a subject title by using the test subject corresponding to the indicator as the name; Use the add_paragraph method in the Pydocx plugin to generate paragraph content under each subject, including test items and test methods.
2. The method for automatically generating a cybersecurity test task outline based on subjects according to claim 1, characterized in that, Step S2 employs the following: Step S2.1: Network security indicator keywords are matched with knowledge graph nodes using fuzzy query statements through the network security knowledge graph, and nodes within the tag range are obtained by restricting node tags; Step S2.2: Based on the network security knowledge graph, perform relationship and path queries on the acquired nodes to obtain information on other nodes associated with the node; Step S2.3: Calculate the degree of correlation between nodes using relevant entity discovery technology, obtain the nodes related to the node, sort the relevant nodes according to the degree of correlation between nodes, and obtain the recommended subjects corresponding to the indicators based on the sorting.
3. A system for automatically generating cybersecurity test task outlines based on subjects, characterized in that, include: Module M1: Based on the task information file, decompose the indicator requirements and parse the network security indicator keywords related to network security testing in the indicator requirements; Module M2: Based on network security indicator keywords, it uses related entity discovery technology to obtain recommended subjects corresponding to the indicators; Module M3: Uses mind maps to illustrate the correspondence between the tested system, indicators, and subjects; Module M4: Based on the correspondence between the system under test, indicators, and subjects, automatically generates a test task outline using a network security test task outline template; The module M1 adopts: Module M1.1: Based on the task information file, decompose the indicator requirements, traverse the indicator requirements, and encode the words in the indicator requirements using One-Hot encoding to form word vectors; Module M1.2: Uses Bi-LSTM to perform matrix operations on word vectors to extract semantic feature information from the text that meets the index requirements; Module M1.3: Utilizes CRF technology to process the extracted semantic feature information and outputs the entity tag sequence that best matches reality. The current entity tag sequence is the keyword of network security indicators. The module M4 adopts: Module M4.1: Select a network security test outline template. The template content includes: task basis, test purpose, test time, test items, and test methods. Module M4.2: Reads the task information filled in by the user and stored in the database, including the task basis and test purpose, and uses its value as the paragraph information after the title of the network security test outline template, which is the task basis and test purpose, forming a key-value pair format of {key,value}. Module M4.3: Reads the indicator and subject information from the mind map and generates JSON format data; Module M4.4: Reads task key-value pair information and uses the add_paragraph method in the Pydocx plugin to write the content of the outline task section, thereby completing the generation of the network security test task outline; The testing items, methods, and requirements are populated based on the generated JSON data; Iterate through each indicator and its corresponding test subject, detection target and detection method, and use the add_heading method in the Pydocx plugin to generate a subject title by using the test subject corresponding to the indicator as the name; Use the add_paragraph method in the Pydocx plugin to generate paragraph content under each subject, including test items and test methods.
4. The system for automatically generating cybersecurity test task outlines based on subjects according to claim 3, characterized in that, The module M2 adopts: Module M2.1: Network security indicator keywords use fuzzy query statements to match knowledge graph nodes through the network security knowledge graph, and obtain nodes within the tag range by restricting node tags; Module M2.2: Based on the network security knowledge graph, perform relationship and path queries on the acquired nodes to obtain information on other nodes associated with the node; Module M2.3: Through related entity discovery technology, it calculates the degree of correlation between nodes, obtains the nodes related to the node, sorts the related nodes according to the degree of correlation between nodes, and obtains the recommended subjects corresponding to the indicators based on the sorting.