CN111355688A - Core method and device for automatic infiltration and analysis based on AI technology - Google Patents
Core method and device for automatic infiltration and analysis based on AI technology Download PDFInfo
- Publication number
- CN111355688A CN111355688A CN201811572875.3A CN201811572875A CN111355688A CN 111355688 A CN111355688 A CN 111355688A CN 201811572875 A CN201811572875 A CN 201811572875A CN 111355688 A CN111355688 A CN 111355688A
- Authority
- CN
- China
- Prior art keywords
- information
- infiltration
- technology
- analysis
- automatic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000005516 engineering process Methods 0.000 title claims abstract description 16
- 230000008595 infiltration Effects 0.000 title claims description 30
- 238000001764 infiltration Methods 0.000 title claims description 30
- 238000012360 testing method Methods 0.000 claims abstract description 34
- 230000035515 penetration Effects 0.000 claims abstract description 29
- 230000008569 process Effects 0.000 claims abstract description 17
- 238000001514 detection method Methods 0.000 claims abstract description 10
- 230000002155 anti-virotic effect Effects 0.000 claims description 3
- 230000008260 defense mechanism Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000012854 evaluation process Methods 0.000 claims description 2
- 238000007596 consolidation process Methods 0.000 claims 2
- 238000010200 validation analysis Methods 0.000 claims 1
- 238000007689 inspection Methods 0.000 abstract description 3
- 230000009545 invasion Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 238000012937 correction Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention relates to the technical field of penetration testing, and provides a core method and a core device for automatic penetration and analysis based on an AI technology, which comprises a safety assessment system, a configuration checking system and a vulnerability database, wherein the safety assessment system is used for system safety assessment and potential safety hazard determination, the safety configuration checking system is used for carrying out configuration checking on the system, the vulnerability database is matched with the whole network for real-time updating, and the safety assessment process of automatic penetration and analysis comprises information acquisition, vulnerability scanning and configuration checking, penetration testing, retesting and test report generation; the invention can realize automatic and comprehensive detection of the network system at any time by the automatic penetration testing step consisting of information acquisition, vulnerability scanning and configuration inspection, penetration testing and retesting and test report generation and the vulnerability database updated in real time, and can automatically generate a detection report and a solution suggestion text, thereby realizing the high-efficiency and intelligent protection of the security of the network system.
Description
Technical Field
The invention relates to the technical field of penetration testing, in particular to a core method and a core device for automatic penetration and analysis based on an AI technology.
Background
Penetration test (penetration test) has no standard definition, and a common expression agreed by some security organizations abroad is that penetration test is an evaluation method for evaluating the security of a computer network system by simulating an attack method of a malicious hacker. This process involves an active analysis of any vulnerability, technical flaw or vulnerability of the system from a location where an attacker may exist and conditionally exploit the security vulnerability.
Penetration testing can help one unit to understand the current security condition by identifying security problems, which causes many units to develop operation plans to reduce the threat of attack or misuse, and with the development of artificial intelligence and big data, how to automatically penetrate test and analyze the system and ensure the security of the network system in real time is a difficult problem to be solved urgently.
Disclosure of Invention
Solves the technical problem
Aiming at the defects of the prior art, the invention provides a core method and a core device for automatic penetration and analysis based on an AI technology, aiming at providing a method for carrying out automatic penetration test and analysis on a system and protecting the safety of a network system in real time.
Technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme:
a core method of automatic infiltration and analysis based on AI technology, the safety evaluation process of automatic infiltration and analysis comprises the following operation steps:
information acquisition: acquiring various system information of a target in an active scanning or open search mode;
vulnerability scanning and configuration checking: searching contents including system bugs, Web application bugs, Web server bugs, other port service bugs and the like, and simultaneously carrying out configuration check to find out non-compliant configuration items existing in hardware equipment;
and (3) penetration test: the weak points of the system are fully excavated and exposed, and the threats faced by the system are revealed;
and (4) retesting: rechecking the found loopholes after rectification;
and generating a test report.
The device comprises a safety assessment system, a configuration checking system and a vulnerability database, wherein the safety assessment system is used for system safety assessment and determining potential safety hazards, the safety configuration checking system is used for carrying out configuration checking on the system, and the vulnerability database is matched with the whole network for real-time updating.
Further, the penetration test includes penetration preparation, penetration invasion, and information collation.
Still further, the infiltration preparation comprises the following operative steps:
bypassing defense mechanisms: determining whether devices such as a firewall and the like exist and a bypass mode;
customizing an attack path: determining a tool path according to the weak entrance and the high intranet authority position;
bypass detection mechanism: flow monitoring, antivirus, malicious code detection and the like are carried out;
an attack code is determined.
Furthermore, the penetration invasion attacks through attack codes, internal information including network connection, vpn, routing, topology and the like is obtained, and intranet invasion is further performed.
Furthermore, the information arrangement comprises arrangement of codes, poc, exp and the like used in the infiltration process, information collected in the infiltration process and position information of various loopholes encountered in the infiltration process.
Further, the system information includes basic information, system information, application information, version information, service information, personnel information, protection information, and the like.
Furthermore, the test report analyzes the cause of the vulnerability, the verification process and the brought hazards, and provides a reasonable, efficient and safe solution to all the generated problems.
Advantageous effects
The invention provides a core method and a core device for automatic infiltration and analysis based on AI technology, compared with the prior known technology, the invention has the following beneficial effects:
1. the automatic penetration testing step consisting of information acquisition, vulnerability scanning and configuration inspection, penetration testing and retesting and test report generation is matched with the vulnerability database updated in real time, so that automatic and comprehensive detection on the network system can be realized at any time, and the detection report and the solution suggestion text can be automatically generated, thereby realizing the high-efficiency and intelligent protection on the safety of the network system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of the permeation test of the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example (b):
the core method and the core device based on automatic infiltration and analysis of the AI technology comprise a security assessment system, a configuration checking system and a vulnerability database, wherein the security assessment system is used for system security assessment and determining potential safety hazards, the security configuration checking system is used for carrying out configuration checking on the system, the vulnerability database is matched with the whole network for real-time updating, and the automatic infiltration and analysis security assessment process comprises the following operation steps:
1. information acquisition: acquiring various system information of a target in an active scanning or open search mode; including basic information (IP, network segment, domain name, port), system information (operating system version), application information (application of each port, e.g., web application, mail application, etc.), version information, service information, personnel information (domain name registrant information, id of site poster in web application, administrator name, etc.), guard information, etc
2. Vulnerability scanning and configuration checking: searching contents including system bugs, Web application bugs, Web server bugs, other port service bugs and the like, and simultaneously carrying out configuration check to find out non-compliant configuration items existing in hardware equipment;
3. and (3) penetration test: the weak points of the system are fully excavated and exposed, and the threats faced by the system are revealed;
4. and (4) retesting: rechecking the found loopholes after rectification; retesting is an important test stage, and a client research and development department corrects problems found by the penetration test, whether the correction is successful needs retesting and rechecking, and whether the correction is necessary for the high-risk and medium-risk loopholes or not is determined according to the actual condition of the client for the low-risk loopholes.
5. Generating a test report (the test report comprises a vulnerability scanning report, a configuration inspection report and a penetration test report formed by system vulnerabilities and service vulnerabilities discovered through tests); meanwhile, the test report analyzes the cause, the verification process and the brought harm of the bug, and provides a reasonable, efficient and safe solution for all generated problems.
The automatic penetration test comprises penetration preparation, penetration invasion and information arrangement.
The specific operation steps are as follows:
bypassing defense mechanisms: determining whether devices such as a firewall and the like exist and a bypass mode; customizing an attack path: determining a tool path according to the weak entrance and the high intranet authority position; bypass detection mechanism: flow monitoring, antivirus, malicious code detection and the like are carried out; an attack code is determined.
The penetration invasion implements attack through the attack code, and obtains internal information including network connection, vpn, routing, topology and the like, and further performs intranet invasion.
The information arrangement comprises arrangement of codes, poc, exp and the like used in the infiltration process, information collected in the infiltration process and various loophole position information encountered in the infiltration process.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (8)
1. A core method for automatic infiltration and analysis based on AI technology is characterized in that the safety evaluation process of automatic infiltration and analysis comprises the following operation steps:
information acquisition: acquiring various system information of a target in an active scanning or open search mode;
vulnerability scanning and configuration checking: searching contents including system bugs, Web application bugs, Web server bugs, other port service bugs and the like, and simultaneously carrying out configuration check to find out non-compliant configuration items existing in hardware equipment;
and (3) penetration test: the weak points of the system are fully excavated and exposed, and the threats faced by the system are revealed;
and (4) retesting: rechecking the found loopholes after rectification;
and generating a test report.
2. The AI-technology-based automatic infiltration and analysis core method according to claim 1, wherein the infiltration test comprises infiltration preparation, infiltration intrusion and information collation.
3. The AI-technology-based automatic infiltration, analysis core method according to claim 2, characterized in that the infiltration preparation comprises the following operating steps:
bypassing defense mechanisms: determining whether devices such as a firewall and the like exist and a bypass mode;
customizing an attack path: determining a tool path according to the weak entrance and the high intranet authority position;
bypass detection mechanism: flow monitoring, antivirus, malicious code detection and the like are carried out;
an attack code is determined.
4. The core method based on AI technology automatic infiltration and analysis of claim 2, characterized in that the infiltration intrusion implements attack through attack code and obtains internal information including network connection, vpn, routing, topology, etc. to further perform intranet intrusion.
5. The AI-technology-based core method for automatic infiltration and analysis according to claim 2, wherein the information consolidation includes consolidation of codes, poc, exp, etc. used in the infiltration process, information collected in the infiltration process, and location information of various vulnerabilities encountered in the infiltration process.
6. The AI-technology-based core method for automatic infiltration and analysis according to claim 1, wherein the system information includes basic information, system information, application information, version information, service information, personnel information, protection information, and the like.
7. The AI-technology-based core method of automated infiltration and analysis of claim 1, wherein the test report analyzes vulnerability causes, validation procedures and hazards and provides a reasonably efficient and safe solution to all issues generated.
8. The device is characterized by comprising a safety assessment system, a configuration checking system and a vulnerability database, wherein the safety assessment system is used for system safety assessment and determining potential safety hazards, the safety configuration checking system is used for configuration checking of the system, and the vulnerability database is matched with the whole network for real-time updating.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811572875.3A CN111355688A (en) | 2018-12-21 | 2018-12-21 | Core method and device for automatic infiltration and analysis based on AI technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811572875.3A CN111355688A (en) | 2018-12-21 | 2018-12-21 | Core method and device for automatic infiltration and analysis based on AI technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111355688A true CN111355688A (en) | 2020-06-30 |
Family
ID=71197080
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811572875.3A Pending CN111355688A (en) | 2018-12-21 | 2018-12-21 | Core method and device for automatic infiltration and analysis based on AI technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111355688A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115348178A (en) * | 2022-08-29 | 2022-11-15 | 安天科技集团股份有限公司 | Node control scheme generation method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242279A (en) * | 2008-03-07 | 2008-08-13 | 北京邮电大学 | Automatic penetration testing system and method for WEB system |
WO2018084808A1 (en) * | 2016-11-04 | 2018-05-11 | Singapore University Of Technology And Design | Computer-implemented method and data processing system for testing device security |
-
2018
- 2018-12-21 CN CN201811572875.3A patent/CN111355688A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242279A (en) * | 2008-03-07 | 2008-08-13 | 北京邮电大学 | Automatic penetration testing system and method for WEB system |
WO2018084808A1 (en) * | 2016-11-04 | 2018-05-11 | Singapore University Of Technology And Design | Computer-implemented method and data processing system for testing device security |
Non-Patent Citations (2)
Title |
---|
花米徐: "渗透测试的8个步骤—转载", 《HTTP://BLOG.CSDN.NET/XL_LX/ARTICLE/DETAILS/78399746》 * |
陈威 等: "如何做好信息系统上线前安全测试", 《华北电力技术》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115348178A (en) * | 2022-08-29 | 2022-11-15 | 安天科技集团股份有限公司 | Node control scheme generation method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108696473B (en) | Attack path restoration method and device | |
CN104811447B (en) | One kind is based on the associated safety detection method of attack and system | |
CN104077531B (en) | System vulnerability appraisal procedure, device and system based on open vulnerability assessment language | |
CN105208000B (en) | The method and Network Security Device of network analysis attack backtracking | |
CN106650436B (en) | A kind of safety detection method and device based on local area network | |
CN104009881A (en) | Method and device for system penetration testing | |
CN107493256B (en) | Security event defense method and device | |
KR101788410B1 (en) | An analysis system of security breach with analyzing a security event log and an analysis method thereof | |
CN106027559A (en) | Network session statistical characteristic based large-scale network scanning detection method | |
CN106506545A (en) | A kind of network security threats assessment system and method | |
CN113992386A (en) | Method and device for evaluating defense ability, storage medium and electronic equipment | |
CN105791323A (en) | Novel defending method and device for unknown malicious software | |
CN114050937B (en) | Mailbox service unavailability processing method and device, electronic equipment and storage medium | |
Saputra et al. | Network forensics analysis of man in the middle attack using live forensics method | |
CN111355688A (en) | Core method and device for automatic infiltration and analysis based on AI technology | |
KR20180130630A (en) | Vulnerability diagnosing and managing system and method of information system using automatic diagnosis tool | |
Kim et al. | A study on a cyber threat intelligence analysis (CTI) platform for the proactive detection of cyber attacks based on automated analysis | |
CN115694965A (en) | Network security close network system for power industry | |
CN115766051A (en) | Host safety emergency disposal method and system, storage medium and electronic equipment | |
Yu et al. | Mining anomaly communication patterns for industrial control systems | |
Nursidiq et al. | Cyber Threat Hunting to Detect Unknown Threats in the Enterprise Network | |
Achille et al. | Obtaining digital evidence from intrusion detection systems | |
JP7150425B2 (en) | COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM | |
Choi et al. | Two-step hierarchical scheme for detecting detoured attacks to the web server | |
KR102330404B1 (en) | Method And Apparatus for Diagnosing Integrated Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200630 |