CN110933041B - Penetration testing method and related device - Google Patents
Penetration testing method and related device Download PDFInfo
- Publication number
- CN110933041B CN110933041B CN201911076146.3A CN201911076146A CN110933041B CN 110933041 B CN110933041 B CN 110933041B CN 201911076146 A CN201911076146 A CN 201911076146A CN 110933041 B CN110933041 B CN 110933041B
- Authority
- CN
- China
- Prior art keywords
- target
- attack
- edge
- attack chain
- penetration test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
The disclosure provides a penetration test method and a related device, relates to the technical field of information security, and can solve the problem that the existing penetration test is inflexible, increase the flexibility of the penetration test and improve the efficiency of the penetration test. The specific technical scheme is as follows: acquiring a plurality of different initial attack chains; performing penetration test on at least one test target by adopting a plurality of different initial attack chains to obtain statistical data of at least one target edge; and forming a target attack chain by at least one target edge according to the statistical data of each target edge. The invention is used for penetration testing.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a penetration test method and a related apparatus.
Background
Penetration testing is an assessment method for assessing computer network security by simulating the attack of a malicious hacker, which involves active analysis of any vulnerabilities, technical flaws, or vulnerabilities of the system from a location where an attacker may exist and conditionally and actively exploit the security vulnerabilities from this location. In other words, the penetration test means that penetration personnel test a specific network at different positions (such as an internal network position, an external network position and the like) by various means so as to discover and mine the existing vulnerabilities in the system, and then output and submit a penetration test report to a network owner. The network owner can clearly know the potential safety hazard and the problem existing in the system according to the penetration test report provided by the penetration tester. However, the existing penetration test system performs penetration tests according to test procedures generated by human experience, and has no flexibility, diversity and strong limitation.
Disclosure of Invention
The embodiment of the disclosure provides a penetration test method and a related device, which can solve the problem that the existing penetration test is inflexible, increase the flexibility of the penetration test, and improve the efficiency of the penetration test. The technical scheme is as follows:
according to a first aspect of embodiments of the present disclosure, there is provided a penetration test method, the method including:
acquiring a plurality of different initial attack chains, wherein each initial attack chain comprises a plurality of attack modules which are connected in sequence, and the connection and data transmission of two adjacent attack modules are represented by edges;
performing penetration test on at least one test target by adopting a plurality of different initial attack chains to obtain statistical data of at least one target edge, wherein the target edge is used for indicating the called edge of the initial attack chain in the penetration test, and the statistical data at least comprises calling times and calling parameters;
and forming a target attack chain by at least one target edge according to the statistical data of each target edge.
Compared with the traditional penetration test system, the penetration test platform disclosed by the embodiment of the invention can solve the problems that the penetration test method of the traditional penetration test platform is single and the penetration test method is not flexible enough, increase the flexibility of the penetration test and improve the efficiency of the penetration test.
In one embodiment, the forming at least one target edge into a target attack chain according to the statistics of each target edge comprises:
judging whether the calling frequency of each target edge is greater than a preset threshold value or not;
and forming a target attack chain by using the target edges with the calling times larger than a preset threshold value.
In one embodiment, the forming at least one target edge into a target attack chain according to the statistics of each target edge comprises:
and arranging the calling times of the target edges in a descending order and forming a target attack chain.
In one embodiment, the method further comprises: and performing penetration test on the test target by adopting the target attack chain, and increasing the attack weight of the target attack chain according to the calling information of the target edge in the target attack chain.
According to a second aspect of embodiments of the present disclosure, there is provided a penetration test apparatus comprising:
the first acquisition module is used for acquiring a plurality of different initial attack chains, each initial attack chain comprises a plurality of attack modules which are sequentially connected, and the connection and data transmission of two adjacent attack modules are represented by edges;
the second acquisition module is used for performing penetration test on at least one test target by adopting a plurality of different initial attack chains to acquire statistical data of at least one target edge, wherein the target edge is used for indicating an edge called by the initial attack chain in the penetration test, and the statistical data at least comprises calling times and calling parameters;
and the processing module is used for forming a target attack chain by at least one target edge according to the statistical data of each target edge.
In one embodiment, the penetration testing apparatus further comprises: a judgment module;
the judging module is used for judging whether the calling times of each target edge are larger than a preset threshold value or not;
and the processing module is used for forming a target attack chain by the target edges with the calling times larger than the preset threshold value.
In one embodiment, the processing module is configured to arrange the number of calls of the target edge in order from large to small and form a target attack chain.
In one embodiment, the processing module is configured to perform penetration testing on a test target by using a target attack chain, and increase an attack weight of the target attack chain according to call information of a target edge in the target attack chain.
According to a third aspect of embodiments of the present disclosure, there is provided an penetration testing apparatus comprising a processor and a memory, the memory having stored therein at least one computer instruction, the instruction being loaded and executed by the processor to implement the steps performed in the penetration testing method described in the first aspect and any of the embodiments of the first aspect.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored therein at least one computer instruction, which is loaded and executed by a processor to implement the steps performed in the penetration testing method described in the first aspect and any of the embodiments of the first aspect.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method of penetration testing provided by embodiments of the present disclosure;
FIG. 2 is a block diagram of an infiltration testing apparatus provided in an embodiment of the present disclosure;
fig. 3 is a structural diagram of an infiltration testing apparatus according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The embodiment of the present disclosure provides a penetration testing method, as shown in fig. 1, the penetration testing method includes the following steps:
101. a plurality of different initial attack chains are obtained.
Each initial attack chain comprises a plurality of attack modules which are connected in sequence, and the connection and data transmission of two adjacent attack modules are represented by edges. The attack chain is formed by connecting functional modules (namely attack modules) according to a certain rule (such as random, artificial experience and the like), transmitting output data of an upstream functional module to a downstream functional module as input data, and calling the connection of the modules and the transmission of the data as edges; and forming a topology by the functional module, the transmission data and the parameters, wherein the topology is an attack chain. In the embodiment of the present disclosure, the function module includes, but is not limited to, a code block of a function, such as a sub domain name query function module, a password blasting function module, a crawler function module, and the like.
102. And performing penetration test on at least one test target by adopting a plurality of different initial attack chains to obtain statistical data of at least one target edge.
The target edges are used for indicating the edges called in the penetration test, and the statistical data at least comprises the calling times and calling parameters of each target edge. Since the attack chain can execute the penetration test task, a plurality of penetration tests are carried out on a plurality of different test targets by different attack chains, and hit edges are recorded, wherein the hits include but are not limited to being used, triggered, activated and the like; meanwhile, the statistical data of the edge successfully called and the parameters called at that time are recorded.
103. And forming a target attack chain by at least one target edge according to the statistical data of each target edge.
In a first example, the forming at least one target edge into a target attack chain according to the statistics of each target edge comprises: and arranging the calling times of the target edges in a descending order and forming a target attack chain.
If the number of times of the target edge is hit is large, the target edge is considered to have high hit success rate and efficiency, therefore, the calling times of the target edge are arranged from large to small, and the corresponding target edge forms a target attack chain according to the arrangement sequence of the calling times.
In a second example, the forming at least one target edge into a target attack chain based on the statistics of each target edge comprises: judging whether the calling frequency of each target edge is greater than a preset threshold value or not; and forming a target attack chain by using the target edges with the calling times larger than a preset threshold value.
If the number of times of the target edge being hit is large, the target edge is considered to have high hit success rate and efficiency, therefore, by presetting a threshold value, the target edge with the calling number larger than the preset threshold value is used as a basis for establishing a target attack chain, and the target edge with the calling number larger than the preset threshold value is formed into the target attack chain according to the action or the execution sequence of an attack module.
If an edge is activated, it can be considered as an experience, and when the edge is activated multiple times (the experience is called multiple times), it can be considered as a useful experience, and the edge with higher use frequency can be called preferentially, so that higher success rate and efficiency can be achieved. Historical experience can provide recommendations when constructing new attack chains. Through the historical data of multiple times of calling, an attack chain with higher accuracy is recommended. Of course, when the experiences of multiple persons are recorded through the edges of the attack chain, the experiences of the multiple persons are combined together, and a more comprehensive penetration process can be formed.
Furthermore, when the target attack chain is used for penetration testing, if the edge of the target attack chain is hit, the attack weight of the target attack chain is increased according to the calling information of the target edge, so that when the attack chain is selected, the attack chain with higher attack weight can be preferentially selected for penetration testing.
The embodiment of the disclosure provides a penetration testing method, which obtains a plurality of different initial attack chains; performing penetration test on at least one test target by adopting a plurality of different initial attack chains to obtain statistical data of at least one target edge; and forming a target attack chain by at least one target edge according to the statistical data of each target edge. Compared with the traditional penetration test system, the penetration test platform disclosed by the embodiment of the invention can solve the problems that the penetration test method of the traditional penetration test platform is single and the penetration test method is not flexible enough, increase the flexibility of the penetration test and improve the efficiency of the penetration test.
Based on the penetration testing method described in the above embodiment corresponding to fig. 1, the following is an embodiment of the apparatus of the present disclosure, which may be used to perform an embodiment of the method of the present disclosure.
The disclosed embodiment provides a penetration test apparatus, as shown in fig. 2, the penetration test apparatus 20 includes: a first obtaining module 201, a second obtaining module 202 and a processing module 203;
a first obtaining module 201, configured to obtain multiple different initial attack chains, where each initial attack chain includes multiple attack modules connected in sequence, and a connection and data transmission of two adjacent attack modules are represented by an edge;
a second obtaining module 202, configured to perform a penetration test on at least one test target by using multiple different initial attack chains, and obtain statistical data of at least one target edge, where the target edge is used to indicate an edge of the initial attack chain that is called in the penetration test, and the statistical data at least includes a number of calls and a call parameter;
and the processing module 203 is configured to form a target attack chain from at least one target edge according to the statistical data of each target edge.
In one embodiment, as shown in fig. 3, the penetration testing apparatus 20 further comprises: a judging module 204;
the judging module 204 is configured to judge whether the calling frequency of each target edge is greater than a preset threshold;
and the processing module 203 is configured to form a target attack chain by using the target edges with the calling times greater than the preset threshold.
In one embodiment, the processing module 203 is configured to arrange the number of calls of the target edge in order from large to small and form a target attack chain.
In an embodiment, the processing module 203 is configured to perform penetration test on a test target by using a target attack chain, and increase an attack weight of the target attack chain according to call information of a target edge in the target attack chain.
The embodiment of the disclosure provides a penetration testing device, which acquires a plurality of different initial attack chains; performing penetration test on at least one test target by adopting a plurality of different initial attack chains to obtain statistical data of at least one target edge; and forming a target attack chain by at least one target edge according to the statistical data of each target edge. Compared with the traditional penetration test system, the penetration test platform disclosed by the embodiment of the invention can solve the problems that the penetration test method of the traditional penetration test platform is single and the penetration test method is not flexible enough, increase the flexibility of the penetration test and improve the efficiency of the penetration test.
The embodiment of the present disclosure further provides an penetration testing apparatus, where the penetration testing apparatus includes a receiver, a transmitter, a memory, and a processor, where the transmitter and the memory are respectively connected to the processor, the memory stores at least one computer instruction, and the processor is configured to load and execute the at least one computer instruction, so as to implement the penetration testing method described in the embodiment corresponding to fig. 1.
Based on the penetration testing method described in the embodiment corresponding to fig. 1, an embodiment of the present disclosure further provides a computer-readable storage medium, for example, the non-transitory computer-readable storage medium may be a Read Only Memory (ROM), a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores computer instructions for executing the penetration testing method described in the embodiment corresponding to fig. 1, which is not described herein again.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (10)
1. A penetration test method, comprising:
acquiring a plurality of different initial attack chains, wherein each initial attack chain comprises a plurality of attack modules which are connected in sequence, and the connection and data transmission of two adjacent attack modules are represented by edges;
performing penetration test on at least one test target by adopting the plurality of different initial attack chains to obtain statistical data of at least one target edge, wherein the target edge is used for indicating an edge called by the initial attack chain in the penetration test, and the statistical data at least comprises calling times and calling parameters;
and forming a target attack chain by the at least one target edge according to the statistical data of each target edge.
2. The method of claim 1, wherein the forming the at least one target edge into a target attack chain according to the statistics of each target edge comprises:
judging whether the calling frequency of each target edge is greater than a preset threshold value or not;
and forming a target attack chain by using the target edges with the calling times larger than a preset threshold value.
3. The method of claim 1, wherein the forming the at least one target edge into a target attack chain according to the statistics of each target edge comprises:
and arranging the calling times of the target edges in a descending order and forming the target attack chain.
4. The method of claim 1, further comprising:
and performing penetration test on a test target by adopting a target attack chain, and increasing the attack weight of the target attack chain according to the calling information of a target edge in the target attack chain.
5. An infiltration testing device, comprising:
the first acquisition module is used for acquiring a plurality of different initial attack chains, each initial attack chain comprises a plurality of attack modules which are sequentially connected, and the connection and data transmission of two adjacent attack modules are represented by edges;
a second obtaining module, configured to perform a penetration test on at least one test target by using the multiple different initial attack chains, and obtain statistical data of at least one target edge, where the target edge is used to indicate an edge of the initial attack chain that is called in the penetration test, and the statistical data at least includes a number of calls and a call parameter;
and the processing module is used for forming a target attack chain by the at least one target edge according to the statistical data of each target edge.
6. The apparatus of claim 5, wherein the permeation testing apparatus further comprises: a judgment module;
the judging module is used for judging whether the calling times of each target edge is greater than a preset threshold value or not;
and the processing module is used for forming a target attack chain by the target edges with the calling times larger than a preset threshold value.
7. The apparatus of claim 5,
and the processing module is used for arranging the calling times of the target edges in a descending order and forming the target attack chain.
8. The apparatus of claim 5,
and the processing module is used for performing penetration test on a test target by adopting a target attack chain and increasing the attack weight of the target attack chain according to the calling information of the target edge in the target attack chain.
9. An infiltration testing apparatus comprising a processor and a memory, the memory having stored therein at least one computer instruction that is loaded and executed by the processor to perform the steps performed in the infiltration testing method of any of claims 1 to 4.
10. A computer readable storage medium having stored therein at least one computer instruction, which is loaded and executed by a processor to perform the steps performed in the penetration test method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911076146.3A CN110933041B (en) | 2019-11-06 | 2019-11-06 | Penetration testing method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911076146.3A CN110933041B (en) | 2019-11-06 | 2019-11-06 | Penetration testing method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110933041A CN110933041A (en) | 2020-03-27 |
| CN110933041B true CN110933041B (en) | 2021-11-16 |
Family
ID=69853249
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911076146.3A Active CN110933041B (en) | 2019-11-06 | 2019-11-06 | Penetration testing method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110933041B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113992628A (en) * | 2021-12-30 | 2022-01-28 | 北京华云安信息技术有限公司 | Domain name blasting test method, device, equipment and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109067717A (en) * | 2018-07-20 | 2018-12-21 | 西安四叶草信息技术有限公司 | A kind of method and device detecting SQL injection loophole |
| CN109120643A (en) * | 2018-10-11 | 2019-01-01 | 北京知道创宇信息技术有限公司 | Penetration test method and device |
| CN109688004A (en) * | 2018-12-21 | 2019-04-26 | 西安四叶草信息技术有限公司 | Abnormal deviation data examination method and equipment |
| CN110213077A (en) * | 2019-04-18 | 2019-09-06 | 国家电网有限公司 | A kind of method, apparatus and system of determining electric power monitoring system security incident |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8490196B2 (en) * | 2009-08-05 | 2013-07-16 | Core Security Technologies | System and method for extending automated penetration testing to develop an intelligent and cost efficient security strategy |
| CN105871885B (en) * | 2016-05-11 | 2019-06-25 | 南京航空航天大学 | A kind of network penetration test method |
| CN109951455A (en) * | 2019-02-28 | 2019-06-28 | 中国人民解放军战略支援部队信息工程大学 | A kind of automation penetration test method and system |
| CN109873826B (en) * | 2019-02-28 | 2022-05-27 | 中国人民解放军战略支援部队信息工程大学 | Penetration path planning method and system based on dynamic feedback |
-
2019
- 2019-11-06 CN CN201911076146.3A patent/CN110933041B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109067717A (en) * | 2018-07-20 | 2018-12-21 | 西安四叶草信息技术有限公司 | A kind of method and device detecting SQL injection loophole |
| CN109120643A (en) * | 2018-10-11 | 2019-01-01 | 北京知道创宇信息技术有限公司 | Penetration test method and device |
| CN109688004A (en) * | 2018-12-21 | 2019-04-26 | 西安四叶草信息技术有限公司 | Abnormal deviation data examination method and equipment |
| CN110213077A (en) * | 2019-04-18 | 2019-09-06 | 国家电网有限公司 | A kind of method, apparatus and system of determining electric power monitoring system security incident |
Non-Patent Citations (1)
| Title |
|---|
| 基于攻击图的渗透测试方案自动生成方法;崔颖等;《计算机应用》;20100830;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110933041A (en) | 2020-03-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109361670B (en) | Device and method for capturing malicious sample by utilizing targeted dynamic deployment of honeypots | |
| US9350758B1 (en) | Distributed denial of service (DDoS) honeypots | |
| CN106295328A (en) | File test method, Apparatus and system | |
| CN105939311A (en) | Method and device for determining network attack behavior | |
| CN110851841B (en) | Penetration test method, device and storage medium | |
| CN109644184A (en) | For the clustering method from the DDOS Botnet on IPFIX Data Detection cloud | |
| CN104361285B (en) | The safety detection method and device of mobile device application program | |
| CN109344624A (en) | Penetration test method, platform, equipment and storage medium based on cloud cooperation | |
| CN111447167B (en) | Safety protection method and device for vehicle-mounted system | |
| CN117610026B (en) | Honey point vulnerability generation method based on large language model | |
| CN111783105A (en) | Penetration testing method, device, equipment and storage medium | |
| CN110096872A (en) | The detection method and server of homepage invasion script attack tool | |
| CN110933041B (en) | Penetration testing method and related device | |
| CN103914383A (en) | Fuzz testing system on basis of multi-swarm collaboration evolution genetic algorithm | |
| CN107705126B (en) | Transaction instruction processing method and device | |
| CN109120626A (en) | Security threat processing method, system, safety perception server and storage medium | |
| JP6380537B2 (en) | Analysis device, analysis method, and computer-readable recording medium | |
| KR102381277B1 (en) | Method And Apparatus for Providing Security for Defending Cyber Attack | |
| CN116170225A (en) | System testing method, device, equipment and storage medium based on network target range | |
| CN116436689A (en) | Vulnerability processing method and device, storage medium and electronic equipment | |
| CN114143052B (en) | Network defense system risk assessment method, device and storage medium based on controllable intrusion simulation | |
| CN105608381A (en) | Application test method and system | |
| CN112104674B (en) | Attack detection recall rate automatic test method, device and storage medium | |
| CN115865494A (en) | Safety test system and method | |
| CN106161338A (en) | For verifying the method and device of user identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |