CN117714159A - Automatic penetration test method and equipment based on behavior tree - Google Patents
Automatic penetration test method and equipment based on behavior tree Download PDFInfo
- Publication number
- CN117714159A CN117714159A CN202311729443.XA CN202311729443A CN117714159A CN 117714159 A CN117714159 A CN 117714159A CN 202311729443 A CN202311729443 A CN 202311729443A CN 117714159 A CN117714159 A CN 117714159A
- Authority
- CN
- China
- Prior art keywords
- behavior
- attack
- penetration
- penetration test
- behavior tree
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000035515 penetration Effects 0.000 title claims abstract description 100
- 238000010998 test method Methods 0.000 title claims abstract description 16
- 238000012360 testing method Methods 0.000 claims abstract description 67
- 230000009471 action Effects 0.000 claims abstract description 34
- 238000000034 method Methods 0.000 claims abstract description 32
- 230000008569 process Effects 0.000 claims abstract description 23
- 230000002776 aggregation Effects 0.000 claims abstract description 6
- 238000004220 aggregation Methods 0.000 claims abstract description 6
- 230000006399 behavior Effects 0.000 claims description 105
- 238000010276 construction Methods 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 230000003542 behavioural effect Effects 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 claims description 6
- 238000005034 decoration Methods 0.000 claims description 4
- 230000003044 adaptive effect Effects 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 2
- 238000001514 detection method Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000000354 decomposition reaction Methods 0.000 description 2
- 230000008595 infiltration Effects 0.000 description 2
- 238000001764 infiltration Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Abstract
The invention provides an automatic penetration test method based on a behavior tree, which comprises the following steps: and (3) building a behavior tree model: according to the requirements, the penetration attack flow is generalized and extracted from various test business scenes; classifying and disassembling the penetration attack flow into behavior actions of different levels; constructing a behavior subtree by utilizing various nodes according to the logic relation between behavior actions; performing class aggregation of subtrees according to a class classification process to form a complete behavior tree model; automated penetration testing: and receiving a control instruction, instantiating a behavior tree model each time of penetration test attack, acquiring attack feedback data, and continuously triggering the attack by the attack feedback data until a new attack feedback data position cannot be acquired, and collecting data to generate a penetration test report. According to the invention, the behavior tree model is used for deciding and calling the penetration test tool to automatically complete penetration attack tasks in each stage, so that the penetration test efficiency, the vulnerability detection rate and the test comprehensiveness are improved, and the vulnerability false alarm rate is reduced.
Description
Technical Field
The invention relates to the field of network security, in particular to an automatic penetration test method and equipment based on a behavior tree.
Background
With the development of information technology, security problems caused by network system defects are increasingly prominent. Penetration testing evaluates system flaws by simulating attacks, an effective method for verifying defensive performance and evaluating network security.
Modern enterprise or organization computer network systems are large and complex, where various software running is constantly changing in terms of updates, modifications, deletions, migration, etc., and relying solely on security specialists and security analysts to conduct penetration tests is impractical. The current common penetration testing tools have two main problems. On the one hand, the expert knowledge is very dependent, and an operator needs to have relevant expertise of penetration test to implement the test by using the tool; on the other hand, the test tools are various, a large number of test tools with different functions are needed in the whole penetration test flow, the learning cost of the tools is huge, and the test personnel are difficult to fuse various tool characteristics for high-efficiency test.
Disclosure of Invention
Aiming at the problems existing in the prior art, the automatic penetration test method and the device based on the behavior tree are provided, the penetration test activity is expressed in an abstract way as a behavior tree model, the behavior is decision-making behavior from top to bottom, the execution process is from bottom to top, the jumping of the behavior tree is utilized, a large number of penetration test tools are integrated, and the automatic decision, the dispatching, the control and the execution of the penetration test task are realized, so that the penetration test is more efficient, comprehensive and accurate.
The first aspect of the invention provides an automatic penetration test method based on a behavior tree, which comprises the following steps:
and (3) building a behavior tree model: according to the requirements, the penetration attack flow is generalized and extracted from various test business scenes; classifying and disassembling the penetration attack flow into behavior actions of different levels; constructing a behavior subtree by utilizing various nodes according to the logic relation between behavior actions; performing class aggregation of subtrees according to a class classification process to form a complete behavior tree model;
automated penetration testing: and receiving a control instruction, executing penetration attack actions, instantiating a behavior tree model each time of penetration test attack, acquiring attack feedback data, and continuously triggering the attack by the attack feedback data until a new attack feedback data position cannot be acquired, and collecting data to generate a penetration test report.
Further, the generalized extraction process is: and combing the flow, tactics, techniques and modes involved in the actual test service scene of the penetration attack flow by adopting ATT & CK or Kill-Chain, carrying out standardized description on the attack mode by utilizing the behavior tree leaf node combination, and drawing a corresponding flow chart.
Further, the classifying and disassembling process is as follows: the behavior with the same property is classified into a category, and the behavior is specifically disassembled into a penetration stage, an attack tactic, an attack technology, an attack mode, a layer 1 sub-behavior, a layer 2 sub-behavior and a layer … -n sub-behavior.
Further, the construction method of the behavior subtree comprises the following steps: and constructing a behavior subtree by utilizing various nodes according to the classification result, controlling a traversal path by means of the combination node and the decoration node when constructing the behavior subtree, and executing the behavior action by means of the leaf node.
Further, in the construction process of the behavior subtree, if the general node cannot meet the requirement, a new node is defined, and the node type and the logic function are defined.
Further, after the construction of the behavior subtree is completed, sub behaviors are clustered, wherein the clustering mode corresponds to the classes, and clustering is carried out layer by layer in a mode from bottom to top and from leaf to root until the behavior tree model is successfully constructed.
Further, the clustering process has consistency with the classification result and correctness of the logical structure.
Further, the automated penetration test is specifically as follows: each penetration test is to instantiate a new behavior tree model, traverse the behavior tree, take adaptive attack actions, acquire more attack feedback data, trigger more attacks according to the more attack feedback data, so that the penetration test is continuously advanced from an information collection stage to a penetration attack stage and advanced to a post penetration attack stage until the new attack feedback data cannot be acquired, finally collect data and generate a penetration test report.
Further, in the traversing process of the behavior tree, the traversing is performed in a depth-first mode and with a fixed frequency.
A second aspect of the present invention proposes an apparatus comprising a memory and a processor, said memory having stored thereon a computer program capable of being loaded by the processor and performing the above-described behavioral tree-based automated penetration testing method.
Compared with the prior art, the beneficial effects of adopting the technical scheme are as follows: the invention formally describes the attack technology and the mode by means of the node combination of the action tree, clusters the attack technology and the mode subtrees layer by layer from bottom to top and from leaf to root according to the attack flow and tactics, and abstracts and represents the penetration test activity as a action tree model. And the behavior tree model is used for deciding and calling the penetration test tool to automatically complete penetration attack tasks of each stage, so that the penetration test efficiency, the vulnerability detection rate and the test comprehensiveness are improved, and the vulnerability false alarm rate is reduced.
Drawings
FIG. 1 is a diagram illustrating a process for constructing a behavioral tree model according to an embodiment of the invention.
FIG. 2 is a schematic diagram illustrating interaction between a behavioral tree model and a penetration test tool according to an embodiment of the invention.
FIG. 3 is a flow chart of port scanning in an embodiment of the invention.
Fig. 4 is a diagram illustrating a behavior disassembly of a port scan attack mode according to an embodiment of the present invention.
FIG. 5 is a diagram of a preconditioning sub-tree in accordance with one embodiment of the present invention.
FIG. 6 is a subtree of an attack action in an embodiment of the invention.
FIG. 7 is a sub-tree of a port scan attack pattern in accordance with one embodiment of the present invention.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar modules or modules having like or similar functions throughout. The embodiments described below by referring to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application. On the contrary, the embodiments of the present application include all alternatives, modifications, and equivalents as may be included within the spirit and scope of the appended claims.
In order to realize the penetration test, the embodiment of the invention provides an automatic penetration test method based on a behavior tree, which realizes the automation of penetration stages such as information collection, threat modeling, vulnerability analysis, penetration attack, post-penetration attack, report generation and the like, so that the penetration test is more efficient, comprehensive and accurate. The method comprises two parts of behavior tree model construction and automatic penetration test, and specifically comprises the following steps:
the behavior tree is a directed tree structure with root nodes, one behavior tree generally comprises sequence, selection and parallel control nodes, conditions, action leaf nodes, decoration nodes and the like, complex tasks are decomposed in a layering manner, and switching between agent task logics is described in a modularized manner.
Referring to fig. 1, before a behavior tree model is built, a penetration attack flow is generalized and extracted from various test service scenes according to requirements; classifying and disassembling the penetration attack flow into behavior actions of different levels; constructing a behavior subtree by utilizing various nodes according to the logic relation between behavior actions; and carrying out class aggregation of subtrees according to the class classification process to form a complete behavior tree model.
When the penetration test is carried out, a control instruction is received, a penetration attack action is executed, a behavior tree model is instantiated for each penetration test attack, attack feedback data are obtained, then the attack is continuously triggered by the attack feedback data until a new attack feedback data position cannot be obtained, and data are collected to generate a penetration test report. Wherein the interaction of the behavior tree model with the penetration test tool is shown in fig. 1.
The following is a detailed description of behavioral tree model construction and automated penetration testing.
(one) behavior Tree model construction
1. Process refinement
Since the actual penetration test is usually complex and changeable, not linear, but a reciprocating attack process, such as information collection- > threat modeling- > vulnerability analysis- > re-information collection- > re-threat modeling- > re-vulnerability analysis- > penetration attack- > re-threat modeling- > … - > …, the modeling complexity is high and difficult to implement directly.
Therefore, in this embodiment, from the actual penetration test scenario, the process, tactics, and technology are combed by combining frames/models such as ATT & CK or Kill-Chain, and the attack mode is normalized and described by using the behavior tree leaf node combination, and a corresponding flowchart is drawn.
Taking port scanning as an example, the flow refinement process is further described below, and the purpose of the attack of the port scanning is to bypass the firewall and detect the port open state on the target host as hidden as possible. Referring to fig. 3, a specific attack procedure is to acquire a target host IP from a blackboard, screen an active host, detect the active host by using an Nmap tool with ACK low-frequency scanning parameters, acquire a detection result, analyze the detection result, and set relevant data on the blackboard.
2. Behavior dismantling
In order to facilitate the construction and combination of the behavior subtrees, in this embodiment, after analyzing the flow of the penetration attack, the behaviors involved in the flow need to be disassembled step by step into simple and easy-to-implement behavior actions, and through the decomposition of the behaviors, the penetration flow is more detailed, so that the code implementation of a programmer is more convenient. Experience rules are mostly adopted when the behavior classification is carried out, classification rules and standards of different behavior tree designers are different, classification results are different, and the constructed behavior tree is different. But generally should follow the principle of classifying the behavior of the same nature into one category, so as to avoid the situations of intersection, contradiction, mutual exclusion and the like. In this embodiment, the infiltration process may be decomposed into "infiltration stage-attack tactics-attack technique-attack mode- (1-layer sub-behavior) - (2-layer sub-behavior) … (n-layer sub-behavior)", and the higher the behavior decomposition level is, the higher the granularity of the model constructed is, and the higher the control accuracy is.
Taking port scanning as an example, the behavior disassembly process will be further described. Referring to fig. 4, on the basis of task determination, the determined attack flow is represented as an attack pattern subtree of port scanning, where the behaviors included therein include preconditions and attack actions. And classifying the two types of behaviors, wherein the pre-conditions are divided into acquisition of active host computer IP and verification of the pre-conditions, and the attack actions are divided into splicing of Nmap command line parameters, execution of the attack actions by a calling tool, acquisition of results, analysis and setting of relevant data on a blackboard.
3. Construction of behavioural subtrees
After the behavior is disassembled, various nodes can be utilized to construct a behavior subtree according to classification results, the traversal path is controlled by means of the combination nodes and the decoration nodes when the behavior subtree is constructed, and the behavior action is executed by means of the leaf nodes.
In one embodiment, if the general node cannot meet the requirement, a new node is defined, and the node type and the logic function need to be defined during definition so as to support the node implementation of the subsequent behavior tree developer.
Continuing with the port scan as an example, the construction process of the behavior subtree is further described. According to the behavior class diagram and the complexity degree of the actual subtree, a precondition and an attack action subtree can be respectively constructed. Wherein fig. 5 shows a preconditioned subtree comprising sequence nodes: precondition, behavior node: acquiring an active host IP, and a conditional node: and checking the precondition. FIG. 6 illustrates an attack action subtree comprising sequence nodes: and (3) an attack action, namely splicing Nmap command line parameters, calling a tool to execute the attack action, acquiring a result, analyzing and setting related data on the blackboard by the action node.
4. Behavior tree model construction
After the behavior subtree is built, sub behaviors need to be clustered to realize a specific command control flow. The class aggregation mode corresponds to the class, and the class aggregation mode is clustered layer by layer from bottom to top and from leaf to root until the whole command control flow behavior tree model is successfully constructed. It should be noted that the clustering process should ensure consistency with the classification results and correctness of the logical structure.
Taking port scanning as an example, the behavior tree model construction process will be further described. Referring to fig. 7, a port scan attack pattern sub-tree diagram is shown, comprising sequence nodes: port scan, sequence node: the precondition node comprises a behavior node: acquiring an active host IP, and a conditional node: checking the pre-condition; the attack action node comprises the following steps: and the behavior node is used for splicing Nmap command line parameters, calling a tool to execute attack actions, acquiring results, analyzing and setting related data on the blackboard.
Thus, the construction of the behavior tree model is completed.
(II) automated penetration testing
In this embodiment, please refer to fig. 2, the behavior tree model is mainly responsible for decision, scheduling and control of the penetration attack task, and the penetration test tool is responsible for receiving the control command and executing the penetration attack action.
During each penetration test, a new behavior tree model is instantiated, the behavior tree is traversed in a depth-first mode at a fixed frequency (such as 5 Hz) so as to periodically re-evaluate and analyze attack feedback data, and adaptive attack actions are adopted to further acquire more attack feedback data. As the attack acquires data and the data triggers more attacks, the penetration test can continuously advance from the information collection stage to the penetration attack stage and advance to the post penetration attack stage until new attack feedback data can not be acquired, and finally, the data is collected and a penetration test report is generated.
The invention utilizes the behavior tree node combination to formally describe various attack flows, tactics, techniques, modes and means, abstracts and represents the penetration test activity into a behavior tree model, utilizes the behavior tree model to automatically make decisions, schedule and control, and invokes various tools to complete penetration test tasks of each stage.
Further, the invention proposes an apparatus comprising a memory and a processor, said memory having stored thereon a computer program capable of being loaded by the processor and performing the above-mentioned automated penetration test method based on a behavior tree.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts.
It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented by means of software, or may be implemented by means of hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
As another aspect, the present application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the automated behavior tree-based penetration test method described in the above embodiment.
As another aspect, the present application also provides a computer-readable medium that may be contained in the electronic device described in the above embodiment; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement the behavioral tree-based automated penetration testing method described in the above embodiments.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit, in accordance with embodiments of the present application. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a touch terminal, or a network device, etc.) to perform the method according to the embodiments of the present application. The specific meaning of the above terms in the present invention will be understood in detail by those skilled in the art; the accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.
Claims (10)
1. An automated penetration testing method based on a behavior tree, comprising:
and (3) building a behavior tree model: according to the requirements, the penetration attack flow is generalized and extracted from various test business scenes; classifying and disassembling the penetration attack flow into behavior actions of different levels; constructing a behavior subtree by utilizing various nodes according to the logic relation between behavior actions; performing class aggregation of subtrees according to a class classification process to form a complete behavior tree model;
automated penetration testing: and receiving a control instruction, executing penetration attack actions, instantiating a behavior tree model each time of penetration test attack, acquiring attack feedback data, and continuously triggering the attack by the attack feedback data until a new attack feedback data position cannot be acquired, and collecting data to generate a penetration test report.
2. The automated penetration test method based on the behavior tree of claim 1, wherein the generalized extraction process is: and combing the flow, tactics, techniques and modes involved in the actual test service scene of the penetration attack flow by adopting ATT & CK or Kill-Chain, carrying out standardized description on the attack mode by utilizing the behavior tree leaf node combination, and drawing a corresponding flow chart.
3. The automated behavioral tree-based penetration testing method of claim 1 or 2, wherein the classification disassembly process is: the behavior with the same property is classified into a category, and the behavior is specifically disassembled into a penetration stage, an attack tactic, an attack technology, an attack mode, a layer 1 sub-behavior, a layer 2 sub-behavior and a layer … -n sub-behavior.
4. The automated penetration test method based on the behavior tree according to claim 1, wherein the construction method of the behavior subtree is as follows: and constructing a behavior subtree by utilizing various nodes according to the classification result, controlling a traversal path by means of the combination node and the decoration node when constructing the behavior subtree, and executing the behavior action by means of the leaf node.
5. The automated penetration test method based on a behavior tree according to claim 4, wherein in the construction process of the behavior subtree, if the general node cannot meet the requirement, a new node is defined, and the node type and the logic function are defined.
6. The automated penetration test method based on the behavior tree according to claim 1, wherein after the construction of the behavior subtree is completed, sub-behaviors are clustered in a class-clustering manner corresponding to the classes, and the sub-behaviors are clustered layer by layer from bottom up and from leaf to root until the behavior tree model is successfully constructed.
7. The automated penetration test method of claim 6, wherein the clustering process has consistency with class results and correctness of logical structure.
8. The automated penetration test method based on a behavior tree according to claim 1, characterized in that the automated penetration test is specifically as follows: each penetration test is to instantiate a new behavior tree model, traverse the behavior tree, take adaptive attack actions, acquire more attack feedback data, trigger more attacks according to the more attack feedback data, so that the penetration test is continuously advanced from an information collection stage to a penetration attack stage and advanced to a post penetration attack stage until the new attack feedback data cannot be acquired, finally collect data and generate a penetration test report.
9. The automated penetration test method of claim 8, wherein the traversing the behavior tree is performed in a depth-first manner at a fixed frequency.
10. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program capable of being loaded by the processor and performing the behavioral tree-based automated penetration testing method according to any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311729443.XA CN117714159A (en) | 2023-12-15 | 2023-12-15 | Automatic penetration test method and equipment based on behavior tree |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311729443.XA CN117714159A (en) | 2023-12-15 | 2023-12-15 | Automatic penetration test method and equipment based on behavior tree |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117714159A true CN117714159A (en) | 2024-03-15 |
Family
ID=90161889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311729443.XA Pending CN117714159A (en) | 2023-12-15 | 2023-12-15 | Automatic penetration test method and equipment based on behavior tree |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117714159A (en) |
-
2023
- 2023-12-15 CN CN202311729443.XA patent/CN117714159A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10901727B2 (en) | Monitoring code sensitivity to cause software build breaks during software project development | |
| US10310968B2 (en) | Developing software project plans based on developer sensitivity ratings detected from monitoring developer error patterns | |
| CN110659173B (en) | Operation and maintenance system and method | |
| US7895565B1 (en) | Integrated system and method for validating the functionality and performance of software applications | |
| CN111400198B (en) | Self-adaptive software testing system | |
| CN112783793B (en) | Automatic interface test system and method | |
| CN109408351A (en) | A kind of method and apparatus of AI environment measuring and deep learning environment automatic deployment | |
| CN112380255A (en) | Service processing method, device, equipment and storage medium | |
| US11704186B2 (en) | Analysis of deep-level cause of fault of storage management | |
| CN109918296A (en) | Automatic software test method and device | |
| CN109743286A (en) | A kind of IP type mark method and apparatus based on figure convolutional neural networks | |
| Martino et al. | Temporal outlier analysis of online civil trial cases based on graph and process mining techniques | |
| Oster | Feature model-based software product line testing | |
| CN110147312A (en) | Software development test method, device, computer installation and storage medium | |
| CN110245077A (en) | A kind of response method and equipment of program exception | |
| CN114626069A (en) | Threat modeling method and device | |
| CN106528429A (en) | UI testing method and device | |
| KR102411291B1 (en) | Method of evaluating quality of smart factory data | |
| CN117493188A (en) | Interface testing method and device, electronic equipment and storage medium | |
| CN116523263A (en) | Intelligent data processing method, system and storage medium | |
| CN114780967B (en) | Mining evaluation method based on big data vulnerability mining and AI vulnerability mining system | |
| CN117714159A (en) | Automatic penetration test method and equipment based on behavior tree | |
| Průcha | Aspect optimalization of robotic process automation | |
| CN112860587B (en) | UI automatic test method and device | |
| Franceschini et al. | Challenges for automation in adaptive abstraction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |