摘要
路径规划是渗透测试过程中非常重要的步骤。面对完全信息条件下的大规模网络渗透测试,传统的规划方法存在路径规划耗时长、规划的路径执行效果不好的问题。针对该问题提出一种在并行条件下基于漏洞利用程序评分的规划方法。该方法基于Metasploit框架对现有的漏洞利用程序建立量化评分模型,并以漏洞利用程序评分为标准,建立网络连接关系图,利用并行化的最短路径算法进行路径规划。对比实验结果表明该方法能够更加快速有效地实现大规模网络的渗透测试路径规划。
Path planning is an important step in penetration testing.In order to solve the problem that the path planning for penetration test of large-scale network under the condition of complete information takes a long time and the effect is not good,this paper proposes a parallel attack planning method based on the score of exploit program.This method established a scoring model based on the Metasploit framework for existing exploit programs,established a connection diagram with the exploit score as a standard and used the parallelized Dijkstra algorithm for path planning.Comparative experimental results show that this method can carry out path planning for large-scale network penetration test more quickly and effectively.
作者
王晓凡
周天阳
臧艺超
朱俊虎
Wang Xiaofan;Zhou Tianyang;Zang Yichao;Zhu Junhu(State Key Laboratory of Mathematical Engineering and Advanced Computing,Information&Engineering University,Zhengzhou 450001,Henan,China;National Engineering Technology Research Center of the National Digital Switching System,Zhengzhou 450001,Henan,China)
出处
《计算机应用与软件》
北大核心
2023年第5期324-330,共7页
Computer Applications and Software
基金
国家自然科学基金项目(61502528)。
