CN111488587A - Automatic penetration test system based on AI - Google Patents
Automatic penetration test system based on AI Download PDFInfo
- Publication number
- CN111488587A CN111488587A CN202010303651.3A CN202010303651A CN111488587A CN 111488587 A CN111488587 A CN 111488587A CN 202010303651 A CN202010303651 A CN 202010303651A CN 111488587 A CN111488587 A CN 111488587A
- Authority
- CN
- China
- Prior art keywords
- module
- information
- attack
- vulnerability
- penetration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Evolutionary Computation (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an automatic penetration test system based on AI, which comprises an information collecting module (100) for collecting attack surface and information of a network target and analyzing the vulnerability of the network target to generate vulnerability information, and a penetration attack module (200) for utilizing the vulnerability and attacking the network target to acquire the access right or the information of the network target; the system comprises a back penetration module (300) used for carrying out right extraction and intelligence information on a network target and carrying out detection and springboard attack on other objects in a network related to the network target, and an artificial intelligence module (400) used for generating an attack method according to an attack face and the intelligence information, vulnerability information, access right or information, authority information and intelligence information and generating a driving instruction according to the attack method. The automatic penetration test system based on the AI can effectively improve the stability and efficiency of the penetration test.
Description
Technical Field
The invention relates to the technical field of network data security, in particular to an automatic penetration testing system based on AI.
Background
The Penetration Test (pennetration Test) is an attack technology and a vulnerability discovery technology which are completely simulated and possibly used by hackers, deeply probes the security of a target system, discovers the most vulnerable link of the system, discovers complex and interrelated security problems and deeper vulnerabilities, and reports the invasion process and details to a user. The penetration testing work flow is mainly divided into three stages: pre-attack phase, post-attack phase. A pre-attack stage: the purpose is to perform information collection work. Information is generally obtained by detecting and analyzing a target through tools such as basic network information acquisition and conventional vulnerability scanning. And (3) attack stage: the method aims to attack a target and acquire certain authority of the system. This is typically done by means of general-purpose device, database, operating system and application based attacks, password guessing techniques, etc. And (3) post-attack stage: the purpose is to maintain a certain authority over the target and to perform lateral penetration. Generally, the purpose can be achieved by means of methods such as privilege escalation, password cracking, jump board attack and the like.
Currently, permeation testing works generally in two ways:
(1) and (4) a manual service mode. And performing non-destructive simulated attack on an operating system, network equipment, an application system and the like in the network by an experienced security engineer through manual experience by using a network security scanner and a special security testing tool. However, the human resources required to be invested are large, the requirement on the professional skills of the testers is high, the value of the penetration test report directly depends on the professional skills of the testers, and the standardized penetration test service cannot be provided. Meanwhile, the problem of shortage of penetration test service personnel exists for a long time.
(2) Automated tool mode. By using a vulnerability Framework such as Metasplait Framework (MSF for short), a test task can be established through a penetration test task configuration guide. The automatic tool can automatically collect network target information, select matched attack components to attack the target according to the target fingerprint, and then output a penetration test report based on the test result. However, the penetration test object has limitations, does not support identification and extraction of information, cannot detect related risks for a WEB application system, does not support iterative attack, and does not support vulnerability risk priority ranking based on actual business risks. To exert its ability, it still needs quite experienced penetration tester to operate and use.
Disclosure of Invention
The invention aims to solve the technical problems existing in the prior art when the penetration test uses artificial services and automatic tools, and provides an automatic penetration test system based on AI, which can effectively improve the stability and efficiency of the penetration test service and reduce the dependence on external penetration test service personnel.
The invention provides an automatic penetration testing system based on AI, comprising:
an information collection module: the system comprises a penetration attack module, an artificial intelligence module, a network target, a data acquisition module, a data transmission module and a data transmission module, wherein the penetration attack module is used for acquiring the attack face and information of the network target, analyzing and generating the loophole information of the network target, transmitting the attack face, information and loophole information to the;
and a penetration attack module: the system comprises a post penetration module, an artificial intelligence module, an information collection module, a post penetration module and a post penetration module, wherein the post penetration module is used for receiving an attack face, information and loophole information transmitted by the information collection module, verifying the loophole information, attacking a network target by using a loophole, acquiring access right or information of the network target, transmitting the access right or information to the post penetration module and the artificial intelligence module, and receiving a driving instruction transmitted by the artificial intelligence module;
a rear infiltration module: the system comprises an artificial intelligence module, an access right or information receiving module, an access right and information extracting module, an authority extracting module, an information extracting module, an authority detecting module, an artificial intelligence module and a driving instruction receiving module, wherein the access right or information receiving module is used for receiving access right or information transmitted by the penetration attack module, extracting information from a network target, detecting other objects in a network related to the network target and carrying out springboard attack;
an artificial intelligence module: the system comprises an information acquisition module, a penetration module, a back penetration module, a drive module and a data processing module, wherein the information acquisition module is used for acquiring the information of the penetration module, the penetration module is used for acquiring the information of the penetration module, the information of the penetration module and the information of the penetration module, the information of the penetration module is used for acquiring the information of the penetration module, and the information of the penetration module is used for acquiring the information of the penetration module.
The invention relates to an automatic penetration test system based on AI, as the preferred mode, the information collection module includes:
the crawler module is used for crawling the static page and the dynamic page in a full scale according to a breadth-first or depth-first strategy aiming at a domain name or WEB application target of a network target, identifying the HTM L page code content of the static page and the dynamic page, analyzing attack faces and information which can be used for attack, transmitting the attack faces and the information to the vulnerability scanning module, and receiving a driving instruction transmitted by the artificial intelligence module;
the blasting module is used for blasting the domain name, the UR L path, the weak password and the webshell entrance of the network target and acquiring attack face and information through subdomain blasting, UR L blasting, path blasting, weak password blasting and webshell blasting, transmitting the attack face and information to the vulnerability scanning module and receiving the driving instruction transmitted by the artificial intelligence module;
vulnerability scanning module: the system comprises a crawler module, a penetration attack module, an artificial intelligence module and a driving instruction receiving module, wherein the crawler module is used for receiving attack face and information transmitted by the crawler module, receiving the attack face and information transmitted by the blasting module, scanning a vulnerability of a network target according to the attack face and information and generating vulnerability information, transmitting the attack face, information and vulnerability information to the penetration attack module, and receiving the driving instruction transmitted by the artificial intelligence module.
The invention relates to an automatic penetration testing system based on AI, as the preferred mode, the artificial intelligence module includes:
an expert system module: the system comprises a decision brain module, a decision memory module and a decision memory module, wherein the decision memory module is used for storing decision knowledge and transmitting the decision knowledge to the decision brain module;
a decision brain module: the system comprises a decision-making module, an information acquisition module, a penetration attack module, a post penetration module and an expert system module, wherein the decision-making module is used for receiving decision-making knowledge transmitted by the expert system module, carrying out attack modeling according to the decision-making knowledge, receiving attack face, information and vulnerability information transmitted by the information acquisition module, receiving access right or information of a network target transmitted by the penetration attack module, receiving authority information and information transmitted by the post penetration module, inputting the attack face, information and vulnerability information, access right or information of the network target, authority information and information into the attack modeling to generate a driving instruction, and sending the driving instruction to the information acquisition module, the penetration attack module and the post penetration module;
special intelligent module: for providing decision support to the decision brain module according to different scenarios.
Decision brain attack modeling includes the following processes:
1) the object and purpose of the modeling are determined. The modeling object is the relationship between the optimal attack action and the influence factors. The goal of the modeling is to select the optimal atomic attack method under a particular influence factor.
2) And selecting the influencing factors. Based on experience gained in practical penetration tests, the choice of optimal attack action is generally related to the following factors: target authority, target vulnerability, target service, auxiliary attack intelligence (such as account number and password), and network filtering rules.
3) Sample data is collected. Sample data collected in the actual penetration test.
4) And designing a neuron network. The model is a nonlinear fitting problem and adopts a multilayer forward network. The number of input nodes is 5, the number of output layers is 2, and the atomic attack method and the success probability are adopted. According to empirical formulas, the number of hidden layer nodes is taken to be 2-3 times the number of input layers, here 10. The neural network is directly simulated by adopting a high-level language.
5) And training a neural network. And selecting a neural network learning method and training the neural network. The BP algorithm, the classical learning method of the multi-layer neuron network, is selected here. By utilizing the learning method, sample data is input into the neuron network, the network output is calculated layer by layer, and the network output is compared with a standard optimal atomic attack set. And if the sample is in the range of the optimal atomic attack method set, ending the training of the sample and entering the training of the next sample. Otherwise, reversely calculating errors of each layer, and then adjusting the full time of the network layer by layer to enable the final output to fall into the range of the optimal attack method set. And when all the samples are trained, the whole training process is finished.
6) And (5) verifying the model. Inputting non-training sample data, inputting a neuron network, comparing the network output with the ideal sample output, and if the output is within the range of the optimal atomic attack method set, accepting the model. Otherwise, the samples need to be recollected, the network design repeated, and the training repeated until satisfactory results are obtained.
7) And (4) application of the model. The verified model can be applied to actual production. The method comprises the following specific steps: inputting each actually measured influence factor into a neural network, outputting an atomic attack method and success probability by the neural network, and executing attack by a penetration attack module so as to effectively attack the target.
The invention relates to an automatic penetration test system based on AI, as the preferred mode, the special intelligent module comprises:
an information collection decision module: the method is used for making decisions on the process of collecting attack surfaces and information;
picture spirit confrontation module: the system is used for identifying the character verification code in the WEB application system login interface;
intelligence discernment and extraction module: identifying and extracting informative data helpful to the attack according to the informative information;
fingerprint analysis decision module: when the network target fingerprint and version information are modified to hide the real information of the system, based on multi-dimensional fingerprint information analysis, fuzzy decision is made to match with more attack components which are likely to be used;
the data analysis and attack load generation decision module comprehensively decides, splices and dynamically adjusts parameters to generate attack loads according to attack targets and network environment information, explains a data structure of UR L for WEB application to generate targeted vulnerability utilization and attack loads, judges whether attacks are correct according to a result returned after each attack execution, analyzes the reason of attack failure, and provides a basis for next attack load generation decision.
As a preferred mode, attack surface and information comprise IP, domain names, side domains, ports, UR L, API entry paths, database link access ports, mailbox addresses, names, telephone numbers, annotated paths, background login entries, foreground login entries, file uploading entries, services, operating system versions, middleware versions, database versions, network equipment versions, application component versions, application frameworks, development languages, WEBhell, credential information (account numbers and passwords), weak passwords, sensitive information and absolute path information, and vulnerability information comprises system vulnerabilities, WEB application vulnerabilities and unsafe configurations.
As an optimal mode, the access right or information of the network target comprises system authority, database table structure information of a database and traversal directory information.
As an optimal mode, the system authority comprises a target where the authority is located, system information, a user name and a shell remote control system.
The automatic penetration test system based on the AI is used as an optimal mode, and the intelligence information comprises user/user groups, password information, tokens, sensitive information and network information.
As a preferred mode, the automatic penetration testing system based on AI according to the present invention further includes:
vulnerability risk priority resetting module: the system comprises a risk value calculation module, a risk value adjustment module and a risk classification module, wherein the risk value calculation module is used for calculating a risk value according to an actual risk caused by a vulnerability to a network target, adjusting the risk value according to a CVSS value of the vulnerability, whether the vulnerability is successfully utilized, the risk caused after the vulnerability is successfully utilized and the risk finally caused by iterative utilization based on the vulnerability, and sequencing the risk degree of the vulnerability according to the adjusted risk value;
penetration test reporting module: and the penetration test report is generated according to the output data of the artificial intelligence module and the vulnerability risk priority resetting module.
The invention comprises the following steps in the using process:
s1, setting a penetration test task: setting a penetration target and parameters, judging whether the automatic springboard attack occurs or not, and starting a task;
s2, collecting attack face and intelligence data and vulnerability information: the decision brain module generates a driving instruction according to a target IP or a domain name set by the penetration test task and sends the driving instruction to the information collection module, and the information collection module collects attack face and information data and vulnerability information according to the driving instruction and transmits the attack face and information data and vulnerability information to the decision brain module; step S2 further includes the steps of:
s21, the decision brain module judges the type of the penetration test task, and when the set target is an IP address or an IP address field, the step S22 is carried out, and when the set target is UR L or a domain name, the step S23 is carried out;
s22, the decision brain module generates a driving instruction and transmits the driving instruction to the information collection module, the information collection module scans the port and the service of the network target according to the driving instruction, detects all possible WEB application entries and enters the step S24;
s23, the decision brain module generates a driving instruction and transmits the driving instruction to the information collection module, the information collection module checks the IP address of the network target, scans the port and the service of the network target, detects all possible WEB application entries and enters the step S24;
s24, when UR L or a domain name entrance exists, the decision brain module generates a driving instruction and transmits the driving instruction to the crawler module, the crawler module conducts full UR L crawling and page HTM L code content crawling according to the driving instruction, and crawling data are transmitted to the special intelligent module;
s25, carrying out information identification and extraction on the page HTM L code by the special intelligent module, and providing information data for the blasting module and the penetration attack module;
s26, when the domain name exists, the decision brain module generates a driving instruction and transmits the driving instruction to the blasting module, the blasting module carries out sub-domain name blasting according to the driving instruction, the intelligence data and the domain name dictionary and transmits the data to the vulnerability scanning module;
s27, when a UR L path exists, the decision brain module generates a driving instruction and transmits the driving instruction to the blasting module, the blasting module conducts UR L path blasting according to the driving instruction, intelligence data and a UR L path dictionary, and data are transmitted to the vulnerability scanning module;
s28, when access entries such as SMB, Rlogin, RDP, ftp, telnet, SSH, SNMP, database service, management background and webshell exist, a decision-making brain module generates a driving instruction and transmits the driving instruction to a blasting module, the blasting module conducts weak password blasting according to the driving instruction, information data and a weak password dictionary, and if a login page has a one-time verification code, a turing countermeasure module identifies and automatically fills the verification code and transmits data to a vulnerability scanning module;
s29, the vulnerability scanning module carries out system vulnerability scanning, web application vulnerability scanning and security configuration scanning on the target IP, domain name or UR L, generates vulnerability information and transmits the vulnerability information to the artificial intelligence module;
s3, penetration attack: the decision brain module generates a driving instruction according to the vulnerability information and transmits the driving instruction to the penetration attack module, and the penetration attack module performs penetration attack according to the driving instruction and outputs a vulnerability verification result and a vulnerability utilization result to the decision brain module; step S3 further includes the steps of:
s31, judging attack types, and entering step S32 when the system is subjected to penetration attack, and entering step S35 when the WEB application is subjected to penetration attack;
s32, the decision brain module establishes attack branch nodes according to the attack surface, the intelligence data and the vulnerability information decision, and carries out priority sequencing according to the vulnerability utilization success rate;
s33, starting from the vulnerability with the highest priority, generating single or multiple attack loads according to the data analysis of the special intelligent module and the attack load generation decision to detect the vulnerabilities one by one, judging whether the attack utilization of all vulnerabilities is unsuccessful, if so, entering the step S34, and if not, entering the step S38;
s34, the special intelligent module integrates all fingerprint information to perform fingerprint analysis decision, matches out other loopholes in a fuzzy matching mode, and returns to the step S32;
s35, the decision brain module establishes attack branch nodes according to the attack surface, the intelligence data and the vulnerability information and carries out priority sequencing according to the vulnerability utilization success rate;
s36, starting from the bug with the highest priority, performing data interpretation on the related UR L according to data analysis of the special intelligent module and an attack load generation decision, splicing into a single or a plurality of attack loads to detect the bugs one by one, and judging whether the bugs are successfully utilized, if so, entering the step S38, and if not, entering the step S37;
s37, analyzing the feedback information by the special intelligent module, and returning to the step S36 after optimizing and adjusting parameters;
s38, recording a vulnerability verification result and an attack utilization result: recording the result of the utilization failure; recording the sensitive information under the condition that the sensitive information is obtained by using the successful result; rebounding the shell under the condition that the authority is obtained by using the successful result, and obtaining the access authority of the network target;
s4, iterative attack judgment: the special intelligent module carries out iteration decision according to the vulnerability verification result and the vulnerability utilization result, if the next round of attack utilization is judged, the step S33 or S36 is carried out, if the next round of attack utilization is judged, the step S2 is carried out, and if the judgment result is that the new attack target is not detected, the step S5 is carried out; step S4 further includes the steps of:
s41, the decision brain module generates an iterative attack decision according to the vulnerability verification result and the vulnerability utilization result in the step S3 and judges whether to carry out iterative attack, if so, the decision brain module enters the step S42, and if not, the decision brain module enters the step S5;
s42, when judging the next round of attack utilization, the method goes to step S33 or S36; when it is judged that the new attack target detection is performed, the process proceeds to step S2;
s5, post-infiltration: the decision brain module carries out right-raising or sensitive information detection and extraction on the network target according to the obtained authority, judges whether iterative attack is carried out or not, if so, returns to the step S2, S33 or S36, further judges whether springboard attack is carried out or not, if so, returns to the step S2 for the adjacent network target, otherwise, enters the step S6; step S5 further includes the steps of:
s51, after recognizing that the current shell is a common authority, the post-infiltration module automatically performs privilege escalation through loophole utilization;
s52, the post-infiltration module automatically extracts password data from the memory;
s53, the post-infiltration module automatically traverses the file system, and the special intelligent module identifies the files of the sensitive data according to the content of the file system and extracts the sensitive information;
s54, the decision brain module judges whether iterative attack is needed or not according to the sensitive information, if so, the decision brain module returns to the step S2, S33 or S36, and if not, the decision brain module enters the step S55;
and S55, the decision brain module judges whether the springboard attack is carried out, if so, the step S2 is returned to the adjacent network target, and if not, the step S6 is carried out.
S6, bug fix priority: the vulnerability risk priority resetting module resets vulnerability repair priority according to the vulnerability utilization result;
s7, generating a penetration test report: the penetration test report module generates a test report based on the data generated by the above process.
The invention has the following advantages:
(1) compared with a manual service mode
1) The robot program is used for simulating an attack technology/method and a vulnerability discovery technology which are possibly used by a hacker to carry out non-destructive aggressive test on a system and a network, so that the penetration test service standardization is realized, the service level is stable, and the influence of uncertain factors of people is avoided;
2) the robot program is internally provided with comprehensive vulnerability verification and vulnerability utilization components, and comprehensively covers objects such as WEB application, a host, a database, middleware, network equipment, a big data platform, a cloud computing platform, a virtualization system, an industrial control system, Internet of things equipment and the like, so that the robot program has the global technical capability and few knowledge plane blind spots;
3) the robot program can be copied infinitely, the copying cost is low, and the defect of talent shortage does not exist;
4) the robot program can be copied infinitely, the copying cost is low, and the requirement of penetration test of a large number of IT systems can be met;
5) the robot program can be copied infinitely, the copying cost is low, all systems can perform penetration tests at shorter intervals, and the risk exposure window is greatly reduced;
6) the method has the advantages that the safety risk of introducing external people is avoided, the penetration test range and the penetration test process are controllable, the penetration test process can be audited, the risks of data leakage or the aspects of concealing and reporting valuable safety loopholes and the like are avoided, and the dependence of third-party safety service personnel is reduced.
(2) Compared with the existing automation tool
1) The automatic penetration test of the universe object is supported, the automatic penetration test of system objects such as an operating system, network equipment, a database, middleware and the like is supported, the automatic penetration test of WEB application targets can be effectively supported, the penetration test of general vulnerabilities such as SQ L injection and upload vulnerabilities is also supported, and the output effect is excellent;
2) for the penetration target which conceals the real condition of the target intentionally by modifying the fingerprint/version number of the target, the existing loopholes can be accurately analyzed under the condition of increasing the limited attack calculation force: providing a comprehensive evaluation and analysis attack actual effect of the vulnerability exploitation result, providing fingerprint analysis decision support when the attack effect is not expected, and carrying out fuzzy decision by analyzing the multidimensional fingerprint information to match more verification or utilization components which are possibly applicable, carrying out more comprehensive vulnerability attack exploitation and ensuring that the target risk can be correctly identified;
3) and (3) supporting comprehensive information identification and extraction: providing information collection decision support, and making a decision on the information collection process of the attack plane so as to decide what information is collected and how to collect; providing information identification and extraction support, supporting identification and extraction of information from a target, such as account number and password information, mailbox information, telephone numbers, names, database link access ports and the like, so as to perform penetration test on the information attached to the actual service environment;
4) automatically evaluating, optimizing and correcting and dynamically generating attack payload, namely providing data analysis and attack load generation decision support for WEB application, explaining a data structure of UR L to generate targeted vulnerability utilization and attack load, evaluating vulnerability utilization result information according to a result returned after each attack execution to continuously optimize and adjust the attack load and improve vulnerability utilization success rate;
5) supporting automatic iterative attack: on the basis of single-point verification or utilization of each vulnerability, iterative attack decision support is provided, and autonomous planning and decision on an attack path and an attack method based on target intelligence information are supported. The method supports independent joint utilization based on information and vulnerabilities, supports independent joint utilization based on 2 or more vulnerabilities, and supports independent utilization of acquired information, authority and the like for iterative attack. Complex and interrelated security problems can be found, and deep risks can be found;
6) supporting vulnerability risk priority resetting based on actual business risk: the actual risks caused by the service system are directly subjected to priority ranking according to the vulnerabilities, and the security vulnerability repair efficiency and utility are effectively improved;
7) supporting the automatic springboard attack: after the target host authority is obtained, the method supports automatic detection and springboard attack on other objects in the associated network based on the host, and the process does not need manual participation;
8) tuling antagonism: whether the disposable verification code exists in the login interface of the WEB application system is automatically identified, if so, the verification code is automatically identified and is automatically printed.
Drawings
FIG. 1 is a schematic diagram of an AI-based automated permeability test system;
FIG. 2 is a block diagram of an AI-based automated penetration test system information collection module;
FIG. 3 is a block diagram of an artificial intelligence module of an AI-based automated penetration testing system;
FIG. 4 is a diagram of a specific intelligent module of the AI-based automatic penetration testing system;
FIG. 5 is a flow chart of an AI-based automated penetration testing system;
FIG. 6 is a flow chart of a data collection method for an AI-based automated penetration test system;
FIG. 7 is a flow chart of a penetration attack method for an AI-based automated penetration test system;
FIG. 8 is a flowchart of an iterative attack method for an AI-based automated penetration test system;
fig. 9 is a flow chart of a post-infiltration method for an AI-based automated infiltration testing system.
Reference numerals:
100. an information collection module; 110. a crawler module; 120. a blasting module; 130. a vulnerability scanning module; 200. a penetration attack module; 300. a post-infiltration module; 400. an artificial intelligence module; 410. an expert system module; 420. a decision brain module; 430. a specialized intelligent module; 431. an information collection decision module; 432. a picture game module; 433. an information identification and extraction module; 434. a fingerprint analysis decision module; 435. a data analysis and attack load generation decision module; 500. a vulnerability risk priority resetting module; 600. and a penetration test reporting module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Example 1
As shown in fig. 1, an AI-based automated penetration test system includes:
the information collection module 100 is used for collecting attack surface and information of a network target, analyzing vulnerability clinic existing in the network target, transmitting the attack surface and information and vulnerability information to the penetration attack module 200 and the artificial intelligence module 400, and receiving a driving instruction transmitted by the artificial intelligence module 400, wherein the attack surface and information comprises IP, domain name, side domain, port, UR L, API entry path, database link access port, mailbox address, name, telephone number, annotated path, background entry, foreground entry, file uploading entry, service, operating system version, middleware version, database version, network equipment version, application component version, application framework, development language, Bswell, credential information (account number, password), weak password, sensitive information and absolute path information, the vulnerability information comprises system vulnerability, WEB application and unsafe configuration, and as shown in FIG. 2, the information collection module 100 comprises:
the crawler module 110 is used for crawling the static pages and the dynamic pages in a full scale by a breadth-first or depth-first strategy aiming at the domain names or WEB application targets of the network targets, identifying the HTM L page code contents of the static pages and the dynamic pages, analyzing attack faces and information which can be used for attack, transmitting the attack faces and the information to the vulnerability scanning module 130, and receiving the driving instructions transmitted by the artificial intelligence module 400;
the blasting module 120 is used for blasting the domain name, the UR L path, the weak password and the webshell entrance of the network target and acquiring attack face and information through subdomain blasting, UR L blasting, path blasting, weak password blasting and webshell blasting, transmitting the attack face and information to the vulnerability scanning module 130 and receiving the driving instruction transmitted by the artificial intelligence module 400;
vulnerability scanning module 130: the system comprises a crawler module 100, an attack face and intelligence module, a vulnerability scanning module 200, a penetration attack module 120, an artificial intelligence module 400 and a vulnerability scanning module, wherein the crawler module 100 is used for receiving attack face and intelligence information transmitted by the crawler module 100, receiving attack face and intelligence information transmitted by the blasting module 120, scanning vulnerabilities of network targets according to the attack face and intelligence information and generating vulnerability information, transmitting the attack face, intelligence information and vulnerability information to the penetration attack module 200, and receiving driving instructions transmitted by the artificial intelligence module 400;
penetration attack module 200: the system comprises a post-penetration module 300 and an artificial intelligence module 400, and is used for receiving attack face, information and vulnerability information transmitted by an information collection module 100, verifying the vulnerability information, attacking a network target by using the vulnerability, acquiring access right or information of the network target, transmitting the access right or information to the post-penetration module 300 and the artificial intelligence module 400, and receiving a driving instruction transmitted by the artificial intelligence module 400; the access right or information of the network target comprises the target where the authority is located, system information, a user name, system authorities such as a shell remote control system and the like, base table structure information and traversal directory information of a database;
the rear infiltration module 300: the system is used for receiving access rights or information transmitted by the penetration attack module 200, for performing rights extraction and intelligence information extraction on a network target, for performing detection and springboard attack on other objects in a network related to the network target, for transmitting the rights information and the intelligence information to the artificial intelligence module 400, and for receiving a driving instruction transmitted by the artificial intelligence module 400, wherein the intelligence information comprises user/user group, password information, a token, sensitive information and network information;
the artificial intelligence module 400: the system comprises a data acquisition module 100, a penetration attack module 300, a data transmission module 100, a data transmission module 300 and a data transmission module, wherein the data acquisition module is used for receiving attack face and intelligence information and vulnerability information transmitted by the data acquisition module 100, receiving access right or information of a network target transmitted by the penetration attack module 200, receiving authority information and intelligence information transmitted by the penetration attack module 300, generating an attack method according to the attack face and intelligence information, vulnerability information, access right or information, authority information and intelligence information, generating a driving instruction according to the attack method, and transmitting the driving instruction to the data acquisition module 100, the penetration attack module 200; as shown in FIG. 3, the artificial intelligence module 400 includes:
expert systems module 410: for storing decision knowledge, for communicating the decision knowledge to the decision brain module 420;
decision brain module 420: the system comprises a decision-making module 410, an information collecting module 100, a penetration attack module 200, a post penetration module 300, a driver module and an expert system module, wherein the decision-making module is used for receiving decision-making knowledge transmitted by the expert system module 410, carrying out attack modeling according to the decision-making knowledge, receiving attack face and information and vulnerability information transmitted by the information collecting module 100, receiving access right or information of a network target transmitted by the penetration attack module 200, receiving authority information and information transmitted by the post penetration module 300, inputting the attack face and information, vulnerability information, access right or information of the network target, authority information and information into the attack modeling to generate a driving instruction, and transmitting the driving instruction to the information collecting module 100, the penetration attack module 200 and the post penetration module 300;
the special intelligent module 430: for providing decision support to the decision brain module 420 according to different scenarios; as shown in fig. 4, the special intelligence module 430 includes:
the information collection decision module 431: the method is used for making decisions on the process of collecting attack surfaces and information;
the picture spirit confrontation module 432: the system is used for identifying the character verification code in the WEB application system login interface;
the intelligence identification and extraction module 433: identifying and extracting informative data helpful to the attack according to the informative information;
fingerprint analysis decision module 434: when the network target fingerprint and version information are modified to hide the real information of the system, based on multi-dimensional fingerprint information analysis, fuzzy decision is made to match with more attack components which are likely to be used;
a data analysis and attack load generation decision module 435, which carries out comprehensive decision, splicing and dynamic parameter adjustment to generate attack load according to the attack target and network environment information, explains the data structure of UR L for WEB application to generate targeted vulnerability utilization and attack load, judges whether the attack is correct according to the result returned after each attack execution, analyzes the reason of attack failure, and provides basis for the next attack load generation decision;
vulnerability risk priority resetting module 500: the system comprises a risk value calculation module, a risk value adjustment module and a risk classification module, wherein the risk value calculation module is used for calculating a risk value according to an actual risk caused by a vulnerability to a network target, adjusting the risk value according to a CVSS value of the vulnerability, whether the vulnerability is successfully utilized, the risk caused after the vulnerability is successfully utilized and the risk finally caused by iterative utilization based on the vulnerability, and sequencing the risk degree of the vulnerability according to the adjusted risk value;
penetration test reporting module 600: for generating a penetration test report according to the output data of the artificial intelligence module 400 and the vulnerability risk priority resetting module 500.
As shown in fig. 5, the present embodiment includes the following steps in the using process:
s1, setting a penetration test task: setting a penetration target and parameters, judging whether the automatic springboard attack occurs or not, and starting a task;
s2, collecting attack face and intelligence data and vulnerability information: the decision brain module 420 generates a driving instruction according to a target IP or a domain name set by the penetration test task and sends the driving instruction to the information collection module 100, and the information collection module 100 collects attack face and information data and vulnerability information according to the driving instruction and sends the attack face and information data and vulnerability information to the decision brain module 420; as shown in fig. 6, step S2 further includes the steps of:
s21, the decision brain module 420 judges the type of penetration test task, and when the set target is IP address or IP address field, the step goes to S22, and when the set target is UR L or domain name, the step goes to S23;
s22, the decision brain module 420 generates a driving instruction and transmits the driving instruction to the information collection module 100, the information collection module 100 scans the port and the service of the network target according to the driving instruction, detects all possible WEB application entries, and enters step S24;
s23, the decision brain module 420 generates a driving instruction and transmits the driving instruction to the information collection module 100, the information collection module 100 checks the IP address of the network target, scans the port and the service of the network target, detects all possible WEB application entries, and then enters step S24;
s24, when UR L or a domain name entrance exists, the decision brain module 420 generates a driving instruction and transmits the driving instruction to the crawler module 110, the crawler module 110 conducts full UR L crawling and page HTM L code content crawling according to the driving instruction, and transmits the crawling data to the special intelligent module 430;
s25, the special intelligent module 430 identifies and extracts the intelligence of the page HTM L code, and provides intelligence data for the blasting module 120 and the penetration attack module 200;
s26, when there is a domain name, the decision brain module 420 generates a driving instruction and transmits the driving instruction to the blasting module 120, the blasting module 120 performs sub-domain blasting according to the driving instruction, the intelligence data and the domain name dictionary, and transmits the data to the vulnerability scanning module 130;
s27, when there is UR L path, the decision brain module 420 generates driving command and transmits the driving command to the blasting module 120, the blasting module 120 performs UR L path blasting according to the driving command, intelligence data and UR L path dictionary, and transmits the data to the vulnerability scanning module 130;
s28, when SMB, Rlogin, RDP, ftp, telnet, SSH, SNMP, database service, management background, webshell and other access entries exist, the decision-making brain module 420 generates a driving instruction and transmits the driving instruction to the blasting module 120, the blasting module 120 conducts weak password blasting according to the driving instruction, information data and a weak password dictionary, and if a one-time verification code exists in a login page, the turing countermeasure module 432 identifies and automatically fills the verification code and transmits the data to the vulnerability scanning module 130;
s29, the vulnerability scanning module 130 performs system vulnerability scanning, web application vulnerability scanning and security configuration scanning on the target IP, domain name or UR L, generates vulnerability information and transmits the vulnerability information to the artificial intelligence module 400;
s3, penetration attack: the decision brain module 420 generates a driving instruction according to the vulnerability information and transmits the driving instruction to the penetration attack module 200, the penetration attack module 200 performs penetration attack according to the driving instruction and outputs a vulnerability verification result and a vulnerability utilization result to the decision brain module 420; as shown in fig. 7, step S3 further includes the steps of:
s31, judging attack types, and entering step S32 when the system is subjected to penetration attack, and entering step S35 when the WEB application is subjected to penetration attack;
s32, the decision brain module 420 establishes attack branch nodes according to the attack surface, the intelligence data and the vulnerability information decision, and carries out priority ranking through vulnerability utilization success rate;
s33, starting from the vulnerability with the highest priority, generating single or multiple attack loads according to the data analysis of the special intelligent module 430 and the attack load generation decision to detect the vulnerabilities one by one, judging whether the utilization of all vulnerability attacks is unsuccessful, if so, entering the step S34, and if not, entering the step S38;
s34, the special intelligent module 430 synthesizes all fingerprint information to perform fingerprint analysis decision, matches out other loopholes by adopting a fuzzy matching mode, and returns to the step S32;
s35, the decision brain module 420 establishes attack branch nodes according to the attack surface, the intelligence data and the vulnerability information and carries out priority ranking through vulnerability utilization success rate;
s36, starting from the bug with the highest priority, performing data interpretation on the related UR L according to the data analysis of the special intelligent module 430 and the attack load generation decision, splicing into a single or a plurality of attack loads to detect the bugs one by one, and judging whether the bugs are successfully utilized, if so, entering the step S38, and if not, entering the step S37;
s37, the special intelligent module 430 analyzes the feedback information, and returns to the step S36 after optimizing and adjusting parameters;
s38, recording a vulnerability verification result and an attack utilization result: recording the result of the utilization failure; recording the sensitive information under the condition that the sensitive information is obtained by using the successful result; rebounding the shell under the condition that the authority is obtained by using the successful result, and obtaining the access authority of the network target;
s4, iterative attack judgment: the special intelligent module 430 judges whether iterative attack is needed or not according to the vulnerability verification result and the vulnerability utilization result, if so, the step S33 or S36 is performed, if so, the step S2 is performed, otherwise, the step S5 is performed; as shown in fig. 8, step S4 further includes the steps of:
s41, the decision brain module 420 generates an iterative attack decision according to the vulnerability verification result and the vulnerability utilization result in the step S3 and judges whether to carry out iterative attack, if so, the step S42 is carried out, and if not, the step S5 is carried out;
s42, when judging the next round of attack use, the method goes to step S33 or S36, and when finding a new attack target, the method goes to step S2;
s5, post-infiltration: the decision brain module 420 performs right-raising or sensitive information extraction on the network target according to the obtained authority, judges whether to perform iterative attack, if so, returns to the step S2, S33 or S36, further judges whether to perform springboard attack, if so, returns to the step S2 for an adjacent network target, otherwise, enters the step S6; as shown in fig. 9, step S5 further includes the steps of:
s51, after recognizing that the current shell is a common authority, the post-infiltration module 300 automatically performs privilege escalation through loophole utilization;
s52, the post-infiltration module 300 automatically extracts account password data from the memory;
s53, the post-infiltration module 300 automatically traverses the file system, and the special intelligent module 430 identifies the file of the sensitive data according to the content of the file system to generate sensitive information;
s54, the decision brain module 420 judges whether iterative attack is needed according to the sensitive information, if so, the step returns to S2, S33 or S36, and if not, the step enters S55;
and S55, the decision brain module 420 judges whether the springboard attack is carried out, if so, the step S2 is returned to the adjacent network target, and if not, the step S6 is carried out.
S6, bug fix priority: the vulnerability risk priority resetting module 500 resets vulnerability repair priorities according to the vulnerability utilization results;
s7, generating a penetration test report: the penetration test report module 600 generates a test report based on the data generated by the above-described process.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (9)
1. An automatic penetration test system based on AI, its characterized in that: the method comprises the following steps:
information collection module (100): the system comprises a penetration attack module (200) and an artificial intelligence module (400), a drive module and a data acquisition module, wherein the penetration attack module (200) is used for acquiring attack face and intelligence information of a network target, analyzing and generating vulnerability information existing in the network target, transmitting the attack face and intelligence information and the vulnerability information to the penetration attack module (200) and the artificial intelligence module (400), and receiving a drive instruction transmitted by the artificial intelligence module (400);
penetration attack module (200): the system comprises an information collection module (100), a post-infiltration module (300), an artificial intelligence module (400), a post-infiltration module (300), a post-penetration module and a post-penetration module, wherein the information collection module is used for receiving the attack face and intelligence information and the vulnerability information transmitted by the information collection module (100), verifying the vulnerability information and attacking the network target by utilizing the vulnerability information, acquiring the access right or information of the network target, and transmitting the access right or information to the post-penetration module (300) and the artificial intelligence module (400) for receiving a driving instruction transmitted by the artificial intelligence module (400);
rear osmosis module (300): the system is used for receiving the access right or the information transmitted by the penetration attack module (200), for carrying out authorization extraction and intelligence information extraction on the network target, for carrying out detection and springboard attack on other objects in the network target associated network, for transmitting the authority information and the intelligence information to the artificial intelligence module (400), and for receiving a driving instruction transmitted by the artificial intelligence module (400);
artificial intelligence module (400): the system comprises an information collection module (100), an attack face and intelligence information and vulnerability information, wherein the attack face and intelligence information and the vulnerability information are used for receiving the access right or the information of the network target transmitted by the penetration attack module (200), the authority information and the intelligence information are used for receiving the information transmitted by the post penetration module (300), an attack method is generated according to the attack face and intelligence information, the vulnerability information, the access right or the information, the authority information and the intelligence information, a driving instruction is generated according to the attack method, and the driving instruction is sent to the information collection module (100), the penetration attack module (200) and the post penetration module (300).
2. The AI-based automated penetration testing system of claim 1, wherein: the information collection module (100) comprises:
the crawler module (110) is used for crawling static pages and dynamic pages in a full scale according to a breadth-first or depth-first strategy aiming at domain names or WEB application targets of the network targets, identifying HTM L page code contents of the static pages and the dynamic pages, analyzing attack faces and intelligence information which can be used for attack, transmitting the attack faces and intelligence information to the vulnerability scanning module (130), and receiving the driving instructions transmitted by the artificial intelligence module (400);
the blasting module (120) is used for blasting the domain name, the UR L path, the weak password and the webshell entrance of the network target through subdomain blasting, UR L blasting, path blasting, weak password blasting and webshell blasting and acquiring attack face and intelligence information, transmitting the attack face and intelligence information to the vulnerability scanning module (130), and receiving the driving instruction transmitted by the artificial intelligence module (400);
vulnerability scanning module (130): the system comprises an attack face and intelligence information receiving module (110), a blasting module (120), a penetration attack module (200), a crawler module (110), a vulnerability scanning module and a vulnerability information receiving module, wherein the attack face and intelligence information receiving module is used for receiving the attack face and intelligence information transmitted by the crawler module (110), receiving the attack face and intelligence information transmitted by the blasting module (120), scanning vulnerabilities of network targets according to the attack face and intelligence information and generating the vulnerabilities information, transmitting the attack face and intelligence information to the penetration attack module (200), and receiving the driving instructions transmitted by the artificial intelligence module (400).
3. The AI-based automated penetration testing system of claim 1, wherein: the artificial intelligence module (400) comprising:
expert system module (410): for storing decision knowledge for communicating the decision knowledge to a decision brain module (420);
decision brain module (420): the system comprises an expert system module (410), an information collection module, a penetration attack module (200), an authority module and a post penetration module (300), wherein the expert system module is used for receiving decision knowledge transmitted by the expert system module (410), carrying out attack modeling according to the decision knowledge, receiving attack face and intelligence information and vulnerability information transmitted by the information collection module, receiving access right or information of a network target transmitted by the penetration attack module (200), receiving authority information and intelligence information transmitted by the post penetration module (300), inputting the attack face and intelligence information, the vulnerability information, access right or information of the network target, the authority information and the intelligence information into the attack modeling to generate a driving instruction, and transmitting the driving instruction to the information collection module (100), the penetration attack module (200) and the post penetration module (300);
specialized intelligence module (430): for providing decision support to the decision brain module according to different scenarios.
4. The AI-based automated penetration test system of claim 3, wherein: the specialized intelligence module (430) includes:
information collection decision module (431): the method is used for making decisions on the process of collecting attack surfaces and information;
turing confrontation module (432): the system is used for identifying the character verification code in the WEB application system login interface;
an intelligence identification and extraction module (433): identifying and extracting informative data helpful to the attack according to the informative information;
fingerprint analysis decision module (434): when the network target fingerprint and version information are modified to hide system real information, based on multi-dimensional fingerprint information analysis, fuzzy decision is made to match more usable attack components;
and a data analysis and attack load generation decision module (435) for comprehensively making a decision, splicing and dynamically adjusting parameters to generate an attack load according to the attack target and the network environment information, explaining the data structure of the UR L for WEB application to generate a targeted vulnerability utilization and an attack load, judging whether the attack is correct according to the result returned after each attack execution, analyzing the cause of attack failure, and providing a basis for the next attack load generation decision.
5. The AI-based automated penetration test system of claim 1, wherein the attack face and intelligence information comprises IP, domain name, side domain, port, UR L, API entry path, database link entry, mailbox address, name, phone number, annotated path, background login entry, foreground login entry, file upload entry, services, operating system version, middleware version, database version, network device version, application component version, application framework, development language, WEBhell, credential information, weak password, sensitive information, absolute path information, and wherein the vulnerability information comprises system vulnerabilities, WEB application vulnerabilities, and insecure configuration.
6. The AI-based automated penetration testing system of claim 1, wherein: the access right or information comprises system authority, database table structure information of the database and traversal directory information.
7. The AI-based automated penetration test system of claim 4, wherein: the system authority comprises a target where the authority is located, system information, a user name and a shell remote control system.
8. The AI-based automated penetration testing system of claim 1, wherein: the intelligence information includes user/user groups, password information, tokens, sensitive information, and network information.
9. An AI-based automated penetration test system according to any of claims 1 to 8, wherein: the automated penetration testing system further comprises:
vulnerability risk priority resetting module (500): the risk value calculation module is used for calculating a risk value according to the actual risk caused by the vulnerability to the network target, adjusting the risk value according to the CVSS value of the vulnerability, whether the vulnerability is successfully utilized, the risk caused after the vulnerability is successfully utilized and the risk finally caused by the iterative utilization based on the vulnerability, and sequencing the risk degree of the vulnerability according to the adjusted risk value;
penetration test reporting module (600): for generating a penetration test report from output data of the artificial intelligence module (400) and the vulnerability risk priority resetting module (500).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010303651.3A CN111488587B (en) | 2020-04-17 | 2020-04-17 | Automatic penetration test system based on AI |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010303651.3A CN111488587B (en) | 2020-04-17 | 2020-04-17 | Automatic penetration test system based on AI |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111488587A true CN111488587A (en) | 2020-08-04 |
| CN111488587B CN111488587B (en) | 2023-08-15 |
Family
ID=71811083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010303651.3A Active CN111488587B (en) | 2020-04-17 | 2020-04-17 | Automatic penetration test system based on AI |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111488587B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112398829A (en) * | 2020-11-04 | 2021-02-23 | 国网辽宁省电力有限公司电力科学研究院 | Network attack simulation method and system for power system |
| CN112560029A (en) * | 2020-12-25 | 2021-03-26 | 中国南方电网有限责任公司超高压输电公司 | Website content monitoring and automatic response protection method based on intelligent analysis technology |
| CN113312627A (en) * | 2021-04-22 | 2021-08-27 | 北京墨云科技有限公司 | Joint utilization method, device and system based on knowledge graph |
| CN113923007A (en) * | 2021-09-30 | 2022-01-11 | 绿盟科技集团股份有限公司 | Safety penetration testing method and device, electronic equipment and storage medium |
| CN113992628A (en) * | 2021-12-30 | 2022-01-28 | 北京华云安信息技术有限公司 | Domain name blasting test method, device, equipment and computer readable storage medium |
| CN115296936A (en) * | 2022-10-08 | 2022-11-04 | 四川安洵信息技术有限公司 | Automatic method and system for assisting detection of anti-network crime |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104809404A (en) * | 2015-04-17 | 2015-07-29 | 广东电网有限责任公司信息中心 | Data layer system of information security attack-defense platform |
| US20160314302A1 (en) * | 2015-04-21 | 2016-10-27 | Sap Se | Multi-context exploit test management |
| CN110221977A (en) * | 2019-06-03 | 2019-09-10 | 江苏亨通工控安全研究院有限公司 | Website penetration test method based on ai |
-
2020
- 2020-04-17 CN CN202010303651.3A patent/CN111488587B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104809404A (en) * | 2015-04-17 | 2015-07-29 | 广东电网有限责任公司信息中心 | Data layer system of information security attack-defense platform |
| US20160314302A1 (en) * | 2015-04-21 | 2016-10-27 | Sap Se | Multi-context exploit test management |
| CN110221977A (en) * | 2019-06-03 | 2019-09-10 | 江苏亨通工控安全研究院有限公司 | Website penetration test method based on ai |
Non-Patent Citations (3)
| Title |
|---|
| 3GPP: "Meeting Report for TSG SA WG3 meeting: 66" * |
| 谢鑫: "基于边坡锚固荷载监测数据的反分析方法研究" * |
| 高宏佳;李世明;: "基于自动化的渗透测试" * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112398829A (en) * | 2020-11-04 | 2021-02-23 | 国网辽宁省电力有限公司电力科学研究院 | Network attack simulation method and system for power system |
| CN112560029A (en) * | 2020-12-25 | 2021-03-26 | 中国南方电网有限责任公司超高压输电公司 | Website content monitoring and automatic response protection method based on intelligent analysis technology |
| CN113312627A (en) * | 2021-04-22 | 2021-08-27 | 北京墨云科技有限公司 | Joint utilization method, device and system based on knowledge graph |
| CN113312627B (en) * | 2021-04-22 | 2022-07-08 | 北京墨云科技有限公司 | Joint utilization method, device and system based on knowledge graph |
| CN113923007A (en) * | 2021-09-30 | 2022-01-11 | 绿盟科技集团股份有限公司 | Safety penetration testing method and device, electronic equipment and storage medium |
| CN113992628A (en) * | 2021-12-30 | 2022-01-28 | 北京华云安信息技术有限公司 | Domain name blasting test method, device, equipment and computer readable storage medium |
| CN115296936A (en) * | 2022-10-08 | 2022-11-04 | 四川安洵信息技术有限公司 | Automatic method and system for assisting detection of anti-network crime |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111488587B (en) | 2023-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111581645B (en) | Iterative attack method of automatic penetration test system based on AI | |
| CN111475817B (en) | Data collection method of automatic penetration test system based on AI | |
| CN111488587B (en) | Automatic penetration test system based on AI | |
| CN111488588B (en) | Automatic penetration test method based on AI | |
| CN111475818B (en) | Penetration attack method of automatic penetration test system based on AI | |
| Sommestad et al. | The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures | |
| CN110221977B (en) | Ai-based website penetration test method | |
| CN106961419A (en) | WebShell detection methods, apparatus and system | |
| Mirjalili et al. | A survey on web penetration test | |
| CN111783105B (en) | Penetration test method, device, equipment and storage medium | |
| CN111488586B (en) | Automatic permeation testing system post-permeation method based on AI | |
| CN110598418A (en) | Method and system for dynamically detecting vertical override based on IAST test tool | |
| Tyagi et al. | Evaluation of static web vulnerability analysis tools | |
| Román Muñoz et al. | Enlargement of vulnerable web applications for testing | |
| CN110096013A (en) | A kind of intrusion detection method and device of industrial control system | |
| Alhassan et al. | A fuzzy classifier-based penetration testing for web applications | |
| CN116545687A (en) | Automatic network simulation attack framework based on attack tree and deep reinforcement learning | |
| CN113660241B (en) | Automatic penetration test method based on deep reinforcement learning | |
| CN115499164A (en) | Multi-feature fusion block chain intelligent contract vulnerability detection method and device based on graph neural network, computer and storage medium | |
| Ani et al. | Design considerations for building credible security testbeds: A systematic study of industrial control system use cases | |
| Adebiyi et al. | Security Assessment of Software Design using Neural Network | |
| CN113923007A (en) | Safety penetration testing method and device, electronic equipment and storage medium | |
| Xiong et al. | Model-based penetration test framework for web applications using TTCN-3 | |
| Deptula | Automation of cyber penetration testing using the detect, identify, predict, react intelligence automation model | |
| Ziro et al. | Improved Method for Penetration Testing of Web Applications. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |