基于攻击图的渗透测试方法

doi:10.16180/j.cnki.issn1007-7820.2019.10.015

摘要/Abstract

摘要：

传统的病毒检测系统、网络防火墙、入侵检测系统等技术只能够检测出已知的大部分威胁,但却无法检测出网络中存在的潜在的问题。为此,文中提出了一种基于攻击图的渗透测试方法。首先,考虑到攻击持续时间、攻击类型等方面因素,对现有的攻击图方法进行改进,提出一种新的攻击图技术;其次,基于实际应用,从攻击的路径、时间、代价、方式等方面综合考虑,提出攻击图最优攻击路径选择策略;最后,设计基于攻击图的渗透测试模型,并进行了试验测试。测试结果表明,该渗透测试算法能够更好的模拟现实世界中的真实攻击。同时能够对当前设备的安全状态进行评估,可以在实际渗透测试中进行应用。

关键词: 攻击图, 渗透测试, 攻击图最优攻击路径

Abstract:

Traditional virus detection systems, network firewalls, and intrusion detection systems can only detect most of the known threats, but cannot detect potential problems in the network. To this end, the paper proposed a penetration test method based on attack graph. Firstly, considering the factors such as attack duration and attack type, the existing attack graph method was improved, and a new attack graph technique was proposed. Secondly, based on the actual application, the path, time, cost and method of the attack were based on the actual application. Based on the comprehensive considerations, the optimal attack path selection strategy of attack graph was proposed. Finally, the penetration test model based on attack graph was designed and tested. The test results showed that the penetration test algorithm could better simulate real-world attacks in the real world, and could evaluate the current state of the device, which could be applied in the actual penetration test.

Key words: attack graph, penetration test, attack map optimal attack path

中图分类号:

TP91

杨本毅. 基于攻击图的渗透测试方法[J]. 电子科技, 2019, 32(10): 75-78.

YANG Benyi. Research on Corrosion Detection Technology of Power System Grounding Grid[J]. Electronic Science and Technology, 2019, 32(10): 75-78.

图/表 6

图1

图2

图3

表1

表2

表3

参考文献 16

[1]	宋超臣, 王希忠, 黄俊强 , 等. Web渗透测试流程研究[J]. 电子设计工程, 2014,22(17):162-167.
	Song Chaochen, Wang Xizhong, Huang Junqiang , et al. Research on Web penetration testin process[J]. Electronic Design Engineering, 2014,22(7):162-167.
[2]	王丽燕, 崔占中, 陈伟华 , 等. 电动汽车充电桩自动化渗透测试系统的研究和设计[J]. 中国电力, 2019,52(1):57-62.
	Wang Liyan, Cui Zhanzhong, Chen Weihua , et al. Research and design of automatic penetration testing system for electric vehicle charging piles[J]. Electric Power, 2019,52(1):57-62.
[3]	徐丙凤, 何高峰 . 基于攻击图的信息物理融合系统渗透测试方法[J]. 计算机科学, 2018,45(11):150-155.
	Xu Bingfeng, He Gaofeng . Penetration testing method of information physics fusion system based on attack graph[J]. Computer Science, 2018,45(11):150-155.
[4]	王世轶, 吴江, 张辉 . 渗透测试在网络安全等级保护测评中的应用[J]. 计算机应用与软件, 2018,35(11):196-199.
	Wang Shiyi, Wu Jiang, Zhang Hui . The application of penetration test in the evaluation of network security classified protection[J]. Computer Applications and Software, 2018,35(11):196-199.
[5]	王胜 . 基于攻击图的渗透测试系统设计与实现[D]. 重庆:重庆大学, 2012.
	Wang Sheng . Design and implementation of penetration testing system based on attack graph[D]. Chongqing:Chongqing University, 2012.
[6]	胡欣, 孙永林, 王勇军 . 一种基于网络安全梯度的攻击图生成并行化方法[J]. 计算机应用与软件, 2011,28(11):25-29.
	Hu Xin, Sun Yonglin, Wang Yongjun . A network security grade based attack graph generation parallel approach[J] Computer Applications and Software, 2011,28(11):25-29.
[7]	刘威歆, 郑康锋, 胡影 , 等. 一种基于目标攻击图的态势威胁评估方法[J]. 北京邮电大学学报, 2015(1):82-86.
	Liu Weixin, Zheng Kangfeng, Hu Ying , et al. Approach of goal-oriented attack graph-based threat evaluation for network security[J]. Journal of Beijing University of Posts and Telecommunications, 2015(1):82-86.
[8]	叶子维, 郭渊博, 王宸东 , 等. 攻击图技术应用研究综述[J]. 通信学报, 2017(11):125-136.
	Ye Ziwei, Guo Yuanbo, Wang Chendong , et al. Survey on application of attack graph technology[J]. Journal on Communications, 2017(11):125-136.
[9]	高妮, 高岭, 贺毅岳 , 等. 基于贝叶斯攻击图的动态安全风险评估模型[J]. 四川大学学报:工程科学版, 2016,48(1):111-118.
	Gao Ni, Gao Ling, He Yiyue , et al. Dynamic security risk assessment model based on bayesian attack graph[J]. Jounal of Sichuan University:Engineering Science Edition, 2016,48(1):111-118.
[10]	栾俊超 . 面向渗透测试的漏洞检测与攻击方法[D]. 南京:南京航空航天大学, 2017.
	Luan Junchao . Vulnerability detection and attack method for penetration testing[D]. Nanjing:Nanjing University of Aeronautics and Astronautics, 2017.
[11]	原锦明 . 面向工控网络安全和漏洞分析的攻击图生成研究[J]. 现代电子技术, 2016,39(11):103-107.
	Yuan Jinming . Research on attack graph generation for industrial control network security and vulnerability analysis[J]. Modern Electronics Technique, 2016,39(11):103-107.
[12]	李浩杰, 裘国永 . 基于自动化渗透测试的分析[J]. 电子设计工程, 2015,23(22):25-28.
	Li Haojie, Qiu Guoyong . Analysis based on automated penetaration testing[J]. Electronic Design Engineering, 2015,23(22):25-28.
[13]	顾明昌, 王丹, 赵文兵 , 等. 一种基于攻击向量自动生成的XSS漏洞渗透测试方法[J]. 软件导刊, 2016,15(7):173-177.
	Gu Mingchang, Wang Dan, Zhao Wenbing , et al. A vulnerability penetration test method for XSS based on automatic generation of attack vectors[J]. Software Guide, 2016,15(7):173-177.
[14]	康乾 . 基于攻击图的多源安全事件关联分析研究[D]. 杭州:杭州师范大学, 2016.
	Kang Qian . Multi-source security incident correlation analysis based on attack graph[D]. Hangzhou:Hangzhou Normal University, 2016.
[15]	胡浩, 叶润国, 张红旗 , 等. 基于攻击预测的网络安全态势量化方法[J]. 通信学报, 2017,38(10):122-134.
	Hu Hao, Ye Runguo, Zhang Hongqi , et al. Quantitative method for network securitysituation based on attack prediction[J]. Journal on Communications, 2017,38(10):122-134.
[16]	刘文彦, 霍树民, 仝青 , 等. 网络安全评估与分析模型研究[J]. 网络与信息安全学报, 2018,4(4):1-11.
	Liu Wenyan, Huo Shumin, Tong Qing , et al. Research on models of network security evaluation and analysis[J]. Chinese Journal of Network and Information Security, 2018,4(4):1-11.

用户名	运行服务	漏洞	攻击可行性
XY1	FTP	匿名访问	0.77
XY2	HTTP	远程溢出	0.86
XY3	终端	远程控制	0.94
XY4	办公软件	本地溢出	1.00
XY5	控制	可执行任意程序	0.62

攻击类型	成功复杂度	攻击类型	成功复杂度
A	0.3	E	0.9
B	0.8	F	0.3
C	0.6	G	0.5
D	0.1	H	0.4

方案	攻击步骤	长度	成功概率
1	XY1→ XY3→ XY5	3	0.193 6
2	XY1→XY4→XY5	3	0.245 3
3	XY1→XY3→XY2→XY5	4	0.452 3
4	XY1→XY4→XY2→XY5	4	0.665 9