CN114615081A - Remote penetration test method and device - Google Patents
Remote penetration test method and device Download PDFInfo
- Publication number
- CN114615081A CN114615081A CN202210349631.9A CN202210349631A CN114615081A CN 114615081 A CN114615081 A CN 114615081A CN 202210349631 A CN202210349631 A CN 202210349631A CN 114615081 A CN114615081 A CN 114615081A
- Authority
- CN
- China
- Prior art keywords
- penetration test
- version information
- tested
- remote
- penetration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000035515 penetration Effects 0.000 title claims abstract description 146
- 238000010998 test method Methods 0.000 title claims abstract description 13
- 238000012360 testing method Methods 0.000 claims abstract description 149
- 238000000034 method Methods 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 7
- 238000012423 maintenance Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000004140 cleaning Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Abstract
The invention provides a remote penetration test method and a remote penetration test device, belongs to the technical field of network security, and solves the problem of low effectiveness of penetration test in the prior art. The remote penetration test method comprises the following steps: acquiring version information of a system to be tested; generating a penetration test strategy according to the version information; loading a corresponding penetration test instruction according to the penetration test strategy to generate a penetration test execution file; and operating the penetration test execution file on the system to be tested to generate a penetration test result.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a remote penetration testing method and device.
Background
With the development of mobile network technology, network security is more and more paid attention and concerned by people, and related security tests are a crucial link. The remote penetration test is an effective safe test mode, in order to improve the accuracy and the test coverage rate of the penetration test, various tests need to be carried out on a system to be tested, and testers can simulate hackers to attack and carry out the penetration test on the system to be tested.
Compared with the prior semi-automatic penetration test or manual penetration test, the current automatic penetration test scheme improves the test efficiency to a certain degree. However, the automatic penetration test uses a predetermined rule to perform the penetration test, and the characteristics and requirements of the system to be tested are different, which may result in some invalid tests, so the prior art has a problem of low effectiveness of the penetration test.
Disclosure of Invention
The invention aims to provide a remote penetration test method and a remote penetration test device, which solve the problem of low effectiveness of penetration tests in the prior art.
In a first aspect, the present invention provides a remote penetration test method, comprising:
acquiring version information of a system to be tested;
generating a penetration test strategy according to the version information;
loading a corresponding penetration test instruction according to the penetration test strategy to generate a penetration test execution file;
and operating the penetration test execution file on the system to be tested to generate a penetration test result.
Further, the method further comprises:
creating a penetration test instruction library in advance; the penetration test instruction library comprises a plurality of penetration test instructions.
Further, the step of generating the penetration testing strategy according to the version information comprises:
inquiring the matching coefficient of each penetration test instruction in the penetration test instruction library and the version information;
and extracting the penetration test instruction with the matching coefficient higher than a preset threshold value to generate a penetration test strategy.
Further, the penetration test instruction comprises: one or more of port scanning, vulnerability attack, privilege-granting maintenance and log cleaning.
Further, the step of obtaining the version information of the system to be tested includes:
searching a memory image file of a system to be tested, and acquiring the position of the KPCR in the memory image file;
and obtaining version information of the system to be tested from the KPCR.
In a second aspect, the present invention also provides a remote penetration testing apparatus comprising:
the acquisition module is used for acquiring the version information of the system to be tested;
the strategy module is used for generating a penetration test strategy according to the version information;
the loading module is used for loading a corresponding penetration test instruction according to the penetration test strategy and generating a penetration test execution file;
and the test module is used for operating the penetration test execution file on the system to be tested to generate a penetration test result.
In a third aspect, the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program operable on the processor, and the processor implements the steps of the above method when executing the computer program.
In a fourth aspect, the present invention also provides a computer readable storage medium having stored thereon machine executable instructions which, when invoked and executed by a processor, cause the processor to carry out the method described above.
The remote penetration test method provided by the invention comprises the steps of firstly obtaining version information of a system to be tested, then generating a penetration test strategy according to the version information, loading corresponding penetration test instructions according to the penetration test strategy, and generating a penetration test execution file, wherein the penetration test execution file comprises a plurality of penetration test instructions matched with the version information. And finally, operating a penetration test execution file on the system to be tested to generate a penetration test result. By acquiring and analyzing the version information of the system to be tested in advance, a penetration test strategy and a penetration test execution file can be generated in a targeted manner according to the characteristics and the requirements of the system to be tested, so that invalid tests in the penetration test process can be reduced, and the problem of low effectiveness of the penetration test in the prior art is solved.
Accordingly, the remote penetration testing device, the electronic equipment and the computer-readable storage medium provided by the embodiment of the invention also have the technical effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart of a remote penetration testing method provided by an embodiment of the present invention;
FIG. 2 is a detailed flowchart of step S2 according to the present invention;
FIG. 3 is a detailed flowchart of step S1 according to the present invention;
fig. 4 is a schematic diagram of a remote penetration testing apparatus according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "comprising" and "having," and any variations thereof, as referred to in embodiments of the present invention, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
As shown in fig. 1, an embodiment of the present invention provides a remote penetration testing method, including the following steps:
s1: and acquiring version information of the system to be tested.
S2: and generating a penetration test strategy according to the version information.
S3: and loading a corresponding penetration test instruction according to the penetration test strategy to generate a penetration test execution file.
S4: and operating a penetration test execution file on the system to be tested to generate a penetration test result.
The remote penetration test method provided by the embodiment of the invention comprises the steps of firstly obtaining version information of a system to be tested, then generating a penetration test strategy according to the version information, loading corresponding penetration test instructions according to the penetration test strategy, and generating a penetration test execution file, wherein the penetration test execution file comprises a plurality of penetration test instructions matched with the version information. And finally, operating a penetration test execution file on the system to be tested to generate a penetration test result. By acquiring and analyzing the version information of the system to be tested in advance, a penetration test strategy and a penetration test execution file can be generated in a targeted manner according to the characteristics and the requirements of the system to be tested, so that invalid tests in the penetration test process can be reduced, and the problem of low effectiveness of the penetration test in the prior art is solved.
In one possible embodiment, the method may further comprise the steps of:
s01: a penetration test instruction library is created in advance.
The penetration test instruction library comprises a plurality of penetration test instructions, each penetration test instruction is provided with a matching coefficient list, and matching coefficients between the penetration test instruction and a plurality of versions of information of a system to be tested are recorded in the matching coefficient list.
For example, if the system to be tested has n versions, n matching coefficients are recorded in the matching coefficient list and respectively represent the matching coefficients between the penetration test instruction and the information of each version. These matching coefficients are normalized, and the value of the matching coefficient is between 0 and 1.
As shown in fig. 2, in a possible implementation, the step S2 specifically includes:
s201: and inquiring the matching coefficient of each penetration test instruction in the penetration test instruction library and the version information.
For example, if the version information of the system to be tested is m, the matching coefficient between each penetration test instruction in the penetration test instruction library and m is queried.
S202: and extracting the penetration test instruction with the matching coefficient higher than a preset threshold value to generate a penetration test strategy.
For example, if the preset threshold is 0.8, the penetration test instruction with the matching coefficient higher than 0.8 is extracted, and a penetration test strategy containing the extracted penetration test instruction is generated. And in the subsequent steps, loading the extracted penetration test instruction according to a penetration test strategy, generating a penetration test execution file, and performing penetration test on the system to be tested to generate a penetration test result.
As shown in fig. 3, in a possible implementation, the step S1 specifically includes:
s101: and searching the memory image file of the system to be tested, and acquiring the position of the KPCR in the memory image file.
S102: and obtaining version information of the system to be tested from the KPCR.
For example, a physical memory analysis method based on a Processor Control Region (KPCR) structure may be used to search a memory image file according to a KPCR structure feature of an operating system, find a location of the KPCR structure in the memory image file, and then obtain version information of the operating system from a current memory image file.
In one possible embodiment, the penetration test instructions include: one or more of port scanning, vulnerability attack, privilege-granting maintenance and log cleaning. The step S4 may specifically include the following steps:
creating and maintaining a vulnerability library
Creating and maintaining a vulnerability library to provide a basis for remote vulnerability scanning, wherein the vulnerability library collects vulnerability types including but not limited to the following: network devices (e.g., switches, routers, etc.), operating systems (e.g., Windows, Linux, Sun, etc.), databases (e.g., MS-SQL, MySql, etc.), web services middleware (e.g., IIS, Apache, etc.), web applications (e.g., Java, etc.).
Two, port scanning, vulnerability scanning
The system to be tested is responsible for configurable vulnerability scanning of a target network address, the back end of the system to be tested is connected with a vulnerability database, and vulnerability scanning is carried out on the system to be tested according to vulnerability information in the vulnerability database and configuration of an enterprise, and specific scanning modes can include multithread concurrent scanning and multitask concurrent scanning.
The multi-thread concurrent scan is: and aiming at a certain target, multi-thread concurrent scanning can be carried out, and the scanning speed is improved.
The multitask concurrent scanning is as follows: and multithreading concurrent scanning can be simultaneously carried out on a plurality of enterprises according to different requirements.
Third, penetration test
The penetration test is a process that a tester simulates vulnerability discovery technology and an attack means used by an attacker as completely as possible, and performs deep non-destructive vulnerability attack on the safety of a target network, a system and a host application from the perspective of the attacker to discover the most vulnerable link of the system. Penetration testing generally reflects the current security situation of a system with very obvious and intuitive results, and aims to enable managers to intuitively know problems faced by own networks.
The penetration test can achieve the following effects:
1. the method and the proposal for improving the communication between the intruder and the communication terminal are provided.
2. The existing network device (router, switch, etc.) security policy is checked.
3. The existing information security device (firewall, IDS, etc.) security policy is checked.
4. And evaluating and suggesting the safety of professional information for the safety of the important host.
5. And finding out the servers or hosts which cannot be mastered by the IT personnel for investigation.
6. The security status of the system and the network is known.
7. And checking the current information security policy.
8. Blind spots of the existing information security policy are found.
9. The overall security of the existing system is verified.
The penetration test is not used in the penetration test in order to prevent damage, damage or tampering to a test target and for some attack methods and means which may cause negative influence on a test object, and specifically comprises the following steps: social engineering, distributed denial of service attacks, spreading viruses (including trojans, malicious code, etc.), attacks on instant messaging tools, phishing, and the like.
Fourthly, maintaining right-lifting authority
For example: and upgrading the web authority to the server system authority by using the system overflow vulnerability test authority.
1. And acquiring an uploading cmd through the disk authority, and breaking the situation that the cmd cannot be executed.
2. Execution of the bounce is performed by the bounce exe generated by msf.
3. And receiving the rebound session, performing exp screening and then executing.
For another example: and upgrading the web authority to the server authority by using the web authority, and upgrading the authority by using the website database.
Conditions are as follows: the password of the highest user of the database.
1. And acquiring the database type mysql on the server through the probe.
2. And obtaining the root password by checking the configuration file of the website database or the directory file of the database.
Fifth, log cleaning
The main contents of log cleaning include:
1. attacks and intrusions are difficult to completely delete traces, and no log record is an intrusion characteristic.
2. Deleting or cleaning the local log of the intrusion system does not represent deleting the trace, and records are still kept on network equipment, security equipment and a centralized log system.
3. The remaining back door itself has information about the attacker.
4. The agent or the springboard used may be hacked.
5. Before the operation, whether an administrator logs in is checked.
6. And deleting the uploaded tool and deleting by using a disk overwriting function.
7. And (3) operating the log: a log list, a recent access file, a browser access log such as an IE, and a file access log.
8. Logging in a log: system application log-security log, etc.
As shown in fig. 4, an embodiment of the present invention further provides a remote penetration testing apparatus, including:
the acquisition module 1 is used for acquiring version information of a system to be tested.
And the strategy module 2 is used for generating a penetration test strategy according to the version information.
And the loading module 3 is used for loading the corresponding penetration test instruction according to the penetration test strategy and generating a penetration test execution file.
And the test module 4 is used for operating a penetration test execution file on the system to be tested and generating a penetration test result.
Corresponding to the method, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program that can be executed on the processor, and the processor implements the steps of the method when executing the computer program.
In accordance with the above method, embodiments of the present invention also provide a computer readable storage medium storing machine executable instructions, which when invoked and executed by a processor, cause the processor to perform the steps of the above method.
The remote penetration testing device, the electronic equipment and the computer readable storage medium provided by the embodiment of the invention have the same technical characteristics as the remote penetration testing method provided by the embodiment, so the same technical problems can be solved, and the same technical effects can be achieved.
The apparatus provided by the embodiment of the present invention may be specific hardware on the device, or software or firmware installed on the device, etc. The device provided by the embodiment of the present invention has the same implementation principle and technical effect as the method embodiments, and for the sake of brief description, reference may be made to the corresponding contents in the method embodiments without reference to the device embodiments. It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the system, the apparatus and the unit described above may all refer to the corresponding processes in the method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
For another example, the division of the unit is only one division of logical functions, and there may be other divisions in actual implementation, and for another example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; and the modifications, changes or substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention. Are intended to be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A remote penetration test method, comprising:
acquiring version information of a system to be tested;
generating a penetration test strategy according to the version information;
loading a corresponding penetration test instruction according to the penetration test strategy to generate a penetration test execution file;
and operating the penetration test execution file on the system to be tested to generate a penetration test result.
2. The remote penetration test method of claim 1, further comprising:
creating a penetration test instruction library in advance; the penetration test instruction library comprises a plurality of penetration test instructions.
3. The remote penetration test method of claim 2, wherein the step of generating a penetration test strategy based on the version information comprises:
inquiring the matching coefficient of each penetration test instruction in the penetration test instruction library and the version information;
and extracting the penetration test instruction with the matching coefficient higher than a preset threshold value to generate a penetration test strategy.
4. The remote penetration test method of claim 2, wherein the penetration test instructions comprise: one or more of port scanning, vulnerability attack, privilege authority maintenance and log clearing.
5. The remote penetration test method of claim 1, wherein the step of obtaining version information of the system under test comprises:
searching a memory image file of a system to be tested, and acquiring the position of the KPCR in the memory image file;
and obtaining version information of the system to be tested from the KPCR.
6. A remote permeation testing device, comprising:
the acquisition module is used for acquiring the version information of the system to be tested;
the strategy module is used for generating a penetration test strategy according to the version information;
the loading module is used for loading a corresponding penetration test instruction according to the penetration test strategy and generating a penetration test execution file;
and the test module is used for operating the penetration test execution file on the system to be tested to generate a penetration test result.
7. An electronic device comprising a memory and a processor, wherein the memory stores a computer program operable on the processor, and wherein the processor implements the steps of the method of any of claims 1 to 5 when executing the computer program.
8. A computer readable storage medium having stored thereon machine executable instructions which, when invoked and executed by a processor, cause the processor to execute the method of any of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210349631.9A CN114615081A (en) | 2022-04-02 | 2022-04-02 | Remote penetration test method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210349631.9A CN114615081A (en) | 2022-04-02 | 2022-04-02 | Remote penetration test method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114615081A true CN114615081A (en) | 2022-06-10 |
Family
ID=81866297
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210349631.9A Pending CN114615081A (en) | 2022-04-02 | 2022-04-02 | Remote penetration test method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114615081A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101128007A (en) * | 2007-09-21 | 2008-02-20 | 中兴通讯股份有限公司 | Testing method for mobile communication terminal |
CN106250317A (en) * | 2016-08-10 | 2016-12-21 | 英业达科技有限公司 | Electronic equipment and the method for testing of application thereof and system |
US10038711B1 (en) * | 2017-01-30 | 2018-07-31 | XM Ltd. | Penetration testing of a networked system |
US20180219903A1 (en) * | 2017-01-30 | 2018-08-02 | XM Ltd. | Systems and methods for selecting a lateral movement strategy for a penetration testing campaign |
CN109634840A (en) * | 2018-10-25 | 2019-04-16 | 平安科技(深圳)有限公司 | Method for testing software, device, equipment and storage medium |
CN111309611A (en) * | 2020-02-16 | 2020-06-19 | 苏州浪潮智能科技有限公司 | Multi-version testing method and system for software product |
US20200241865A1 (en) * | 2019-01-29 | 2020-07-30 | Salesforce.Com, Inc. | Release orchestration for performing pre-release, version specific testing to validate application versions |
CN111488586A (en) * | 2020-04-17 | 2020-08-04 | 北京墨云科技有限公司 | Post-infiltration method of automatic infiltration testing system based on AI |
CN112131099A (en) * | 2020-08-12 | 2020-12-25 | 新华三大数据技术有限公司 | Version upgrading test method and device |
CN113704129A (en) * | 2021-09-03 | 2021-11-26 | 中国农业银行股份有限公司 | Regression testing method, device, storage medium and equipment |
-
2022
- 2022-04-02 CN CN202210349631.9A patent/CN114615081A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101128007A (en) * | 2007-09-21 | 2008-02-20 | 中兴通讯股份有限公司 | Testing method for mobile communication terminal |
CN106250317A (en) * | 2016-08-10 | 2016-12-21 | 英业达科技有限公司 | Electronic equipment and the method for testing of application thereof and system |
US10038711B1 (en) * | 2017-01-30 | 2018-07-31 | XM Ltd. | Penetration testing of a networked system |
US20180219903A1 (en) * | 2017-01-30 | 2018-08-02 | XM Ltd. | Systems and methods for selecting a lateral movement strategy for a penetration testing campaign |
CN109634840A (en) * | 2018-10-25 | 2019-04-16 | 平安科技(深圳)有限公司 | Method for testing software, device, equipment and storage medium |
US20200241865A1 (en) * | 2019-01-29 | 2020-07-30 | Salesforce.Com, Inc. | Release orchestration for performing pre-release, version specific testing to validate application versions |
CN111309611A (en) * | 2020-02-16 | 2020-06-19 | 苏州浪潮智能科技有限公司 | Multi-version testing method and system for software product |
CN111488586A (en) * | 2020-04-17 | 2020-08-04 | 北京墨云科技有限公司 | Post-infiltration method of automatic infiltration testing system based on AI |
CN112131099A (en) * | 2020-08-12 | 2020-12-25 | 新华三大数据技术有限公司 | Version upgrading test method and device |
CN113704129A (en) * | 2021-09-03 | 2021-11-26 | 中国农业银行股份有限公司 | Regression testing method, device, storage medium and equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xiong et al. | CONAN: A practical real-time APT detection system with high accuracy and efficiency | |
CN108881211B (en) | Illegal external connection detection method and device | |
US8789171B2 (en) | Mining user behavior data for IP address space intelligence | |
Alata et al. | Lessons learned from the deployment of a high-interaction honeypot | |
Tien et al. | KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches | |
US20150256554A1 (en) | Attack analysis system, cooperation apparatus, attack analysis cooperation method, and program | |
US10142343B2 (en) | Unauthorized access detecting system and unauthorized access detecting method | |
US10033761B2 (en) | System and method for monitoring falsification of content after detection of unauthorized access | |
CN110868403B (en) | Method and equipment for identifying advanced persistent Attack (APT) | |
CN110602032A (en) | Attack identification method and device | |
CN110677381A (en) | Penetration testing method and device, storage medium and electronic device | |
Hatada et al. | Empowering anti-malware research in Japan by sharing the MWS datasets | |
US20040030931A1 (en) | System and method for providing enhanced network security | |
CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
CN110879889A (en) | Method and system for detecting malicious software of Windows platform | |
US20170351859A1 (en) | System and method of detecting malicious computer systems | |
RU2661533C1 (en) | System and method of detecting the signs of computer attacks | |
Stoleriu et al. | Cyber attacks detection using open source ELK stack | |
KR20170091989A (en) | System and method for managing and evaluating security in industry control network | |
JP5613000B2 (en) | Application characteristic analysis apparatus and program | |
CN110768950A (en) | Permeation instruction sending method and device, storage medium and electronic device | |
Mohammadmoradi et al. | Making whitelisting-based defense work against badusb | |
EP3252645B1 (en) | System and method of detecting malicious computer systems | |
CN115688100A (en) | Method, device, equipment and medium for placing bait file | |
CN114615081A (en) | Remote penetration test method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |