CN114036314B - Knowledge-graph-based permeation path identification method and system - Google Patents
Knowledge-graph-based permeation path identification method and system Download PDFInfo
- Publication number
- CN114036314B CN114036314B CN202111348570.6A CN202111348570A CN114036314B CN 114036314 B CN114036314 B CN 114036314B CN 202111348570 A CN202111348570 A CN 202111348570A CN 114036314 B CN114036314 B CN 114036314B
- Authority
- CN
- China
- Prior art keywords
- permeation
- preset
- knowledge
- graph
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/36—Creation of semantic tools, e.g. ontology or thesauri
- G06F16/367—Ontology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computational Linguistics (AREA)
- Animal Behavior & Ethology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a knowledge-graph-based permeation path identification method and a knowledge-graph-based permeation path identification system, wherein the method comprises the following steps: acquiring parameter information of a penetration target; inputting the parameter information into a preset permeation path association knowledge graph in sequence, and identifying association data of the parameter information; re-inputting the associated data into a preset penetration path associated knowledge graph to obtain new associated data corresponding to the associated data; repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until new associated data cannot be found; and drawing a permeation path of the permeation target according to the associated data. The success rate of the penetration test is improved by implementing the invention.
Description
Technical Field
The invention relates to the field of information security, in particular to a knowledge-graph-based permeation path identification method and system.
Background
With the rapid development of information technology, the informatization degree of domestic enterprises is higher and higher, the dependency degree of more companies on the information technology is higher and higher, the basic roles of a network and an information system are enhanced, and the information security becomes an important means for promoting informatization to go deep and guaranteeing informatization results and becomes an important component part of the safety production of the companies.
Currently existing scanning tools generally identify components and vulnerabilities that may exist in a penetration target based only on the scan results. The method has higher accuracy, but when the related information of some components or loopholes which cannot be scanned, such as the components, is hidden by artificial modification, the existence of the components cannot be found by the traditional scanning tool; vulnerabilities may also be undetected using conventional means because writers do confusing operations on related features.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to overcome the defect that in the prior art, when the permeation operation is carried out on the permeation target, certain components and holes on the permeation target are difficult to discover due to the reasons of tampering of characteristics, hiding of ports and the like, so that the permeation path identification method and system based on the knowledge graph are provided.
In order to achieve the above purpose, the present invention provides the following technical solutions:
in a first aspect, an embodiment of the present invention provides a knowledge-graph-based permeation path identifying method, including: acquiring parameter information of a penetration target; inputting the parameter information into a preset permeation path association knowledge graph in sequence, and identifying association data of the parameter information; re-inputting the associated data into the preset penetration path associated knowledge graph to obtain new associated data corresponding to the associated data; repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until new associated data cannot be found; and drawing a permeation path of the permeation target according to the association data.
Optionally, the construction process of the preset permeation path associated knowledge graph includes: acquiring permeation data of a permeation target; establishing corresponding component nodes and vulnerability nodes according to the association relation between each component and vulnerability in the penetration data; and assigning weights to the connection edges of the component nodes and the vulnerability nodes according to the relation degree between the component nodes and the vulnerability nodes.
Optionally, the updating process of the preset penetration path associated knowledge graph includes: obtaining an actual permeation result; and updating the relation weight corresponding to the preset permeation path associated knowledge graph according to the actual permeation result.
Optionally, the inputting the parameter information into a preset permeation path association knowledge graph in turn, and identifying the association data of the parameter information includes: inputting the parameter information into a preset permeation path associated knowledge graph in sequence; finding out a node corresponding to the parameter information in the preset permeation path associated knowledge graph; acquiring all nodes connected with the node; and filtering all the nodes, and identifying the associated data of the parameter information.
Optionally, the filtering processing is performed on all nodes, and identifying the associated data of the parameter information includes: when the weight of the node connecting edge is smaller than a preset threshold value, removing the node; and when the weight of the node connecting edge is not smaller than a preset threshold value, the node is reserved, and the associated data of the parameter information are obtained.
Optionally, the parameter information includes port information, service information, fingerprint information, middleware information, system information corresponding to the penetration target, and tags of corresponding URLs obtained by sensitive path scanning and crawlers.
In a second aspect, an embodiment of the present invention provides a knowledge-graph-based permeation path identification system, including: the acquisition module is used for acquiring parameter information of the penetration target; the identification module is used for sequentially inputting the parameter information into a preset permeation path association knowledge graph and identifying association data of the parameter information; the processing module is used for inputting the associated data into the preset penetration path associated knowledge graph again to obtain new associated data corresponding to the associated data; the circulation module is used for repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until new associated data cannot be found; and the drawing module is used for drawing the permeation path of the permeation target according to the associated data.
In a third aspect, an embodiment of the present invention provides a computer readable storage medium, where computer instructions are stored, where the computer instructions are configured to cause the computer to perform the method for identifying a permeation path based on a knowledge-graph according to the first aspect of the present invention.
In a fourth aspect, an embodiment of the present invention provides a computer apparatus, including: the system comprises a memory and a processor, wherein the memory and the processor are in communication connection, the memory stores computer instructions, and the processor executes the computer instructions so as to execute the knowledge-graph-based penetration path identification method according to the first aspect of the invention.
The technical scheme of the invention has the following advantages:
the invention provides a knowledge-graph-based permeation path identification method, which comprises the following steps: acquiring parameter information of a penetration target; inputting the parameter information into a preset permeation path association knowledge graph in sequence, and identifying association data of the parameter information; re-inputting the associated data into a preset penetration path associated knowledge graph to obtain new associated data corresponding to the associated data; repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until new associated data cannot be found; and drawing a permeation path of the permeation target according to the associated data. The obtained associated data are continuously identified through the knowledge graph, new unknown vulnerabilities and information are predicted, and then all possible penetration processes of the target site are completed, so that hidden components and vulnerabilities can be detected and identified, the detection rate of the components and the vulnerabilities is improved, and the success rate of penetration tests is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a specific example of a knowledge-based permeation pathway identification method in an embodiment of the present invention;
FIG. 2 is a schematic block diagram of a specific example of a knowledge-based permeation pathway identification system in an embodiment of the present invention;
fig. 3 is a composition diagram of a specific example of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present invention, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; the two components can be directly connected or indirectly connected through an intermediate medium, or can be communicated inside the two components, or can be connected wirelessly or in a wired way. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
In addition, the technical features of the different embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
The embodiment of the invention provides a knowledge-graph-based permeation path identification method, as shown in fig. 1, comprising the following steps:
step S10: and acquiring parameter information of the penetration target.
In a specific embodiment, basic information collection is performed on the target site, and parameter information of the penetration target is obtained. The parameter information comprises port information, service information, fingerprint information, middleware information and system information corresponding to the penetration target, and labels of corresponding URLs obtained by sensitive path scanning and crawlers.
Step S11: and sequentially inputting the parameter information into a preset permeation path association knowledge graph, and identifying association data of the parameter information.
In a specific embodiment, the collected parameter information including the corresponding port information, service information, fingerprint information, middleware information, system information, and the labels of the corresponding URLs obtained by the sensitive path scanning and the crawler are sequentially input into a preset permeation path association knowledge graph established in advance. The map can predict and display the most frequently occurring components of the target, on one hand, supplements the information which is not found by the conventional scanning, and on the other hand, predicts the possible loopholes and information of the target, and guides the user to find, identify and utilize. For example, after the PHPMySQL application in the target host is collected, PHPMySQL nodes are found in the knowledge graph, and the node with the highest corresponding edge weight connected with the node is found to be MySQL.
Step S12: and re-inputting the associated data into a preset penetration path associated knowledge graph to obtain new associated data corresponding to the associated data.
In a specific embodiment, the associated data is re-input into a preset penetration path associated knowledge graph to obtain new unknown vulnerabilities and information, and new associated data corresponding to the associated data is obtained.
Step S13: and repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until new associated data cannot be found.
In a specific embodiment, the newly acquired penetration data is continuously input into the knowledge graph again, new unknown vulnerabilities and information are predicted, and until new information and vulnerabilities cannot be predicted through the knowledge graph or predicted vulnerabilities and information cannot be successfully found out at the target site, the target site is considered to have been penetrated, and all possible penetration processes of the target site are completed.
Step S14: and drawing a permeation path of the permeation target according to the associated data.
In a specific embodiment, after all possible penetration of the target site is completed, the penetration path of the penetration target is drawn according to the obtained association relationship of the association data (i.e. penetration data). The recognition and drawing of the permeation path are formed through the knowledge graph, so that the time cost and the labor cost are reduced, and the permeation efficiency is improved.
The pseudo code corresponding to the above process is:
the invention provides a knowledge-graph-based permeation path identification method, which comprises the following steps: acquiring parameter information of a penetration target; inputting the parameter information into a preset permeation path association knowledge graph in sequence, and identifying association data of the parameter information; re-inputting the associated data into a preset penetration path associated knowledge graph to obtain new associated data corresponding to the associated data; repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until new associated data cannot be found; and drawing a permeation path of the permeation target according to the associated data. The obtained associated data are continuously identified through the knowledge graph, new unknown vulnerabilities and information are predicted, and then all possible penetration processes of the target site are completed, so that hidden components and vulnerabilities can be detected and identified, the detection rate of the components and the vulnerabilities is improved, and the success rate of penetration tests is improved.
In an embodiment, the construction process of the preset permeation path associated knowledge graph includes the following steps:
step S20: and obtaining penetration data of the penetration target.
In one embodiment, existing information is collected as a result of building a permeation pathway correlation knowledge graph. The method is characterized in that firstly, the existing relevant penetration data are collected, one part of the relevant penetration data are accumulated from daily penetration operation of the relevant penetration data, and the other part of the relevant penetration data are obtained from the existing relevant data on the internet, and relevant vulnerability information of basic information such as relevant ports, services, fingerprints, middleware, systems, applications and the like existing on a target site is mainly collected.
Step S21: and establishing corresponding component nodes and vulnerability nodes according to the association relation between each component and vulnerability in the penetration data.
In a specific embodiment, in a single penetration target, association relations among components, loopholes and loopholes are counted, and for each component and loophole in each collected penetration target, corresponding component nodes and loophole nodes are established in a knowledge graph.
Step S22: and weighting the connection edges of the component nodes and the vulnerability nodes according to the relation degree between the component nodes and the vulnerability nodes.
In a specific embodiment, at this time, a connection is made between a component node and a vulnerability node that exist simultaneously in a single penetration target, so as to form an edge, where the edge has a weight, which indicates the degree of relationship between two nodes connected by the edge, and is initially 1. If a connection already exists, the weight is increased by 1. The method is used for finishing the input of the knowledge graphs of the relationships among the components in all the permeation targets, the components, the loopholes and the loopholes, and finishing the initialization of the permeation path associated knowledge graphs. For example, for the PHPMySQL application and MySQL service in the collected single penetration target, if the two nodes do not exist in the knowledge graph at the moment, the two nodes are newly built in the knowledge graph and connected, and the weight of the connected edge is 1; if a connection already exists, the weight of the edge of the connection is increased by 1.
In an embodiment, the updating process of the preset permeation path association knowledge graph includes the following steps:
step S30: and obtaining an actual permeation result.
Step S31: and updating the corresponding relation weight of the preset permeation path associated knowledge graph according to the actual permeation result.
In a specific embodiment, after the penetration test of the target site is completed, updating the constructed knowledge graph according to the obtained component and vulnerability information existing in the penetration target, wherein the updating comprises newly establishing component nodes or vulnerability nodes existing in the penetration target but not existing in the knowledge graph, newly establishing the relationships among the nodes existing in the penetration target but not existing in the knowledge graph, and updating the weights of the relationships among the nodes. When updating the weight of the relation between the nodes, for each relation between the component node and the vulnerability node in the component and vulnerability correspondence knowledge graph existing in the penetration target, if the relation exists in the penetration target, the weight of the corresponding relation is added with 1; if the corresponding relation does not exist in the penetration target, the weight of the corresponding relation is reduced by 1. For example, when updating the knowledge graph according to the scanning result of the target site, if a component MySQL in the penetration target is found, a connection relationship between a node in the knowledge graph corresponding to the component and PHPMySQL exists, and the connection relationship does not exist in the penetration target, i.e. PHPMySQL is not found in the penetration target, then subtracting 1 from the weight of the connection relationship; otherwise, if the connection relation exists in the penetration target, namely PHPMySQL is found in the penetration target, the weight of the connection relation is added with 1. The updating of the corresponding relation weight of all nodes in the penetration target is completed by the method.
In an embodiment, the parameter information is sequentially input into a preset permeation path association knowledge graph, and associated data of the parameter information is identified, including the following steps:
step S110: and sequentially inputting the parameter information into a preset permeation path associated knowledge graph.
Step S111: and finding out the node corresponding to the parameter information in a preset permeation path associated knowledge graph.
Step S112: all nodes connected with the node are obtained.
Step S113: and filtering all the nodes, and identifying the associated data of the parameter information.
In a specific embodiment, filtering is performed on all nodes, and identifying associated data of parameter information includes:
step one: and removing the node when the weight of the node connecting edge is smaller than a preset threshold value.
Step two: and when the weight of the node connecting edge is not smaller than a preset threshold value, the node is reserved, and the associated data of the parameter information is obtained.
In the embodiment of the invention, the constructed knowledge graph is utilized for prediction, and after the knowledge graph is constructed, the permeation path associated knowledge graph can be utilized for path prediction. For an input port, service, fingerprint, middleware, system, application and other components or vulnerabilities, firstly, finding out corresponding nodes in the permeation path association knowledge graph, and then obtaining all nodes connected with the corresponding nodes. All the connection nodes are filtered, nodes with the weight of the connection edge lower than a certain value are removed, and only nodes with high simultaneous occurrence times are selected as prediction results and output.
The embodiment of the invention also provides a knowledge-graph-based permeation path identification system, as shown in fig. 2, which comprises:
and the acquisition module 1 is used for acquiring parameter information of the penetration target. The details are referred to in the above description of step S10 in the method embodiment, and are not repeated here.
The identification module 2 is used for sequentially inputting the parameter information into a preset permeation path association knowledge graph and identifying the association data of the parameter information. The details are referred to in the above description of step S11 in the method embodiment, and are not repeated here.
And the processing module 3 is used for inputting the associated data into the preset penetration path associated knowledge graph again to acquire new associated data corresponding to the associated data. The details are referred to in the above description of step S12 in the method embodiment, and are not repeated here.
And the circulation module 4 is used for repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until the new associated data cannot be found. The details are referred to in the above description of step S13 in the method embodiment, and are not repeated here.
And the drawing module 5 is used for drawing the permeation path of the permeation target according to the associated data. The details are referred to in the above description of step S14 in the method embodiment, and are not repeated here.
Embodiments of the present invention also provide a computer device, as shown in fig. 3, which may include a processor 61 and a memory 62, where the processor 61 and the memory 62 may be connected by a bus or otherwise, fig. 3 being an example of a connection by a bus.
The processor 61 may be a central processing unit (Central Processing Unit, CPU). Processor 61 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or a combination of the above.
The memory 62 serves as a non-transitory computer readable storage medium that may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as corresponding program instructions/modules in embodiments of the present invention. The processor 61 executes various functional applications of the processor and data processing by running non-transitory software programs, instructions and modules stored in the memory 62, i.e., implements the knowledge-graph-based percolation path recognition method in the above-described method embodiment.
Memory 62 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store data created by the processor 61, etc. In addition, the memory 62 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 62 may optionally include memory located remotely from processor 61, which may be connected to processor 61 via a network. Examples of such networks include, but are not limited to, the internet, intranets, mobile communication networks, and combinations thereof.
One or more modules are stored in the memory 62 that, when executed by the processor 61, perform the knowledge-graph based permeation pathway identification method provided by embodiments of the present invention.
The details of the above computer device may be understood correspondingly with respect to the corresponding relevant descriptions and effects in the embodiment shown in fig. 1, which are not repeated here.
It will be appreciated by those skilled in the art that a program implementing all or part of the above-described embodiment method may be implemented by a computer program to instruct related hardware, and the program may be stored in a computer readable storage medium, and when executed, may include the above-described embodiment method flow. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. And obvious variations or modifications thereof are contemplated as falling within the scope of the present invention.
Claims (8)
1. The knowledge-graph-based permeation path identification method is characterized by comprising the following steps of:
acquiring parameter information of a penetration target;
inputting the parameter information into a preset permeation path association knowledge graph in sequence, and identifying association data of the parameter information, wherein the construction process of the preset permeation path association knowledge graph comprises the following steps: acquiring permeation data of a permeation target; establishing corresponding component nodes and vulnerability nodes according to the association relation between each component and vulnerability in the penetration data; weighting the connection edges of the component nodes and the vulnerability nodes according to the relation degree between the component nodes and the vulnerability nodes;
re-inputting the associated data into the preset penetration path associated knowledge graph to obtain new associated data corresponding to the associated data;
repeating the step of re-inputting the associated data into the preset permeation path associated knowledge graph until new associated data cannot be found;
and drawing a permeation path of the permeation target according to the association data.
2. The knowledge-graph-based permeation path identification method according to claim 1, wherein the updating process of the preset permeation path association knowledge graph comprises:
obtaining an actual permeation result;
and updating the relation weight corresponding to the preset permeation path associated knowledge graph according to the actual permeation result.
3. The knowledge-graph-based permeation path identification method according to claim 1, wherein the sequentially inputting the parameter information into a preset permeation path association knowledge graph, and identifying association data of the parameter information, includes:
inputting the parameter information into a preset permeation path associated knowledge graph in sequence;
finding out a node corresponding to the parameter information in the preset permeation path associated knowledge graph;
acquiring all nodes connected with the node;
and filtering all the nodes, and identifying the associated data of the parameter information.
4. The knowledge-graph-based permeation path identification method according to claim 3, wherein said filtering all nodes to identify associated data of said parameter information includes:
when the weight of the node connecting edge is smaller than a preset threshold value, removing the node;
and when the weight of the node connecting edge is not smaller than a preset threshold value, the node is reserved, and the associated data of the parameter information are obtained.
5. The knowledge-graph-based penetration path recognition method according to claim 1, wherein the parameter information includes port information, service information, fingerprint information, middleware information, system information corresponding to the penetration target, and labels of corresponding URLs obtained by sensitive path scanning and crawlers.
6. A knowledge-graph-based permeation path recognition system, comprising:
the acquisition module is used for acquiring parameter information of the penetration target;
the identification module is used for sequentially inputting the parameter information into a preset permeation path association knowledge graph and identifying association data of the parameter information, wherein the construction process of the preset permeation path association knowledge graph comprises the following steps: acquiring permeation data of a permeation target; establishing corresponding component nodes and vulnerability nodes according to the association relation between each component and vulnerability in the penetration data; weighting the connection edges of the component nodes and the vulnerability nodes according to the relation degree between the component nodes and the vulnerability nodes;
a processing module, configured to reenter the association data into the preset permeation path association knowledge graph, obtain new association data corresponding to the association data,
the circulation module is used for returning to the step of inputting the associated data into the preset permeation path associated knowledge graph again until new associated data cannot be found;
and the drawing module is used for drawing the permeation path of the permeation target according to the associated data.
7. A computer-readable storage medium storing computer instructions for causing the computer to perform the knowledge-graph-based permeation path identification method according to any one of claims 1-5.
8. A computer device, comprising: a memory and a processor, the memory and the processor are in communication connection, the memory stores computer instructions, and the processor executes the computer instructions, thereby executing the knowledge-graph-based permeation path identification method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348570.6A CN114036314B (en) | 2021-11-15 | 2021-11-15 | Knowledge-graph-based permeation path identification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348570.6A CN114036314B (en) | 2021-11-15 | 2021-11-15 | Knowledge-graph-based permeation path identification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114036314A CN114036314A (en) | 2022-02-11 |
| CN114036314B true CN114036314B (en) | 2023-09-26 |
Family
ID=80144396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111348570.6A Active CN114036314B (en) | 2021-11-15 | 2021-11-15 | Knowledge-graph-based permeation path identification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114036314B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116405325B (en) * | 2023-06-07 | 2023-09-12 | 鹏城实验室 | Network security testing method based on security knowledge graph and related equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108933793A (en) * | 2018-07-24 | 2018-12-04 | 中国人民解放军战略支援部队信息工程大学 | The attack drawing generating method and its device of knowledge based map |
| CN111026660A (en) * | 2019-12-05 | 2020-04-17 | 国网浙江省电力有限公司电力科学研究院 | Penetration testing method based on expert system knowledge base |
| CN113312627A (en) * | 2021-04-22 | 2021-08-27 | 北京墨云科技有限公司 | Joint utilization method, device and system based on knowledge graph |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2145281B1 (en) * | 2007-04-12 | 2013-11-20 | Core Sdi, Incorporated | System, method and computer readable medium for providing network penetration testing |
-
2021
- 2021-11-15 CN CN202111348570.6A patent/CN114036314B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108933793A (en) * | 2018-07-24 | 2018-12-04 | 中国人民解放军战略支援部队信息工程大学 | The attack drawing generating method and its device of knowledge based map |
| CN111026660A (en) * | 2019-12-05 | 2020-04-17 | 国网浙江省电力有限公司电力科学研究院 | Penetration testing method based on expert system knowledge base |
| CN113312627A (en) * | 2021-04-22 | 2021-08-27 | 北京墨云科技有限公司 | Joint utilization method, device and system based on knowledge graph |
Non-Patent Citations (2)
| Title |
|---|
| 一种基于知识图谱的工业互联网安全漏洞研究方法;陶耀东;贾新桐;吴云坤;;信息技术与网络安全(第01期);10-17+22 * |
| 一种智能高效的最优渗透路径生成方法;王硕;王建华;汤光明;裴庆祺;张玉臣;刘小虎;;计算机研究与发展(第05期);25-37 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114036314A (en) | 2022-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109241711B (en) | User behavior identification method and device based on prediction model | |
| JP6411661B2 (en) | Vulnerability scanning method and apparatus | |
| CN111368289B (en) | Malicious software detection method and device | |
| CN113032792A (en) | System service vulnerability detection method, system, equipment and storage medium | |
| CN114866358B (en) | Automatic penetration testing method and system based on knowledge graph | |
| CN114036314B (en) | Knowledge-graph-based permeation path identification method and system | |
| CN111338692A (en) | Vulnerability classification method and device based on vulnerability codes and electronic equipment | |
| CN111447224A (en) | Web vulnerability scanning method and vulnerability scanner | |
| CN115603973B (en) | Heterogeneous security monitoring method and system based on government information network | |
| CN112818352A (en) | Database detection method and device, storage medium and electronic device | |
| CN108574681B (en) | Intelligent server scanning method and device | |
| CN114462040A (en) | Malicious software detection model training method, malicious software detection method and malicious software detection device | |
| CN112165498B (en) | Intelligent decision-making method and device for penetration test | |
| KR20180060616A (en) | RBA based integrated weak point diagnosis method | |
| CN116136950B (en) | Chip verification method, device, system, electronic equipment and storage medium | |
| CN112926054A (en) | Malicious file detection method, device, equipment and storage medium | |
| CN110691090B (en) | Website detection method, device, equipment and storage medium | |
| CN117220957A (en) | Attack behavior response method and system based on threat information | |
| CN116208416A (en) | Attack link mining method and system for industrial Internet | |
| US20180020012A1 (en) | Malware analysis system, malware analysis method, and malware analysis program | |
| RU168346U1 (en) | VULNERABILITY IDENTIFICATION DEVICE | |
| US20190156024A1 (en) | Method and apparatus for automatically classifying malignant code on basis of malignant behavior information | |
| CN113238971A (en) | Automatic penetration testing system and method based on state machine | |
| CN115391230A (en) | Test script generation method, test script penetration method, test script generation device, test penetration device, test equipment and test medium | |
| CN113923007A (en) | Safety penetration testing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant after: State Grid Smart Grid Research Institute Co.,Ltd. Address before: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant before: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |