Search

CN-122001614-A - Penetration test method, apparatus, device, storage medium, and computer program product

CN122001614ACN 122001614 ACN122001614 ACN 122001614ACN-122001614-A

Abstract

The application discloses a penetration test method, a device, equipment, a storage medium and a computer program product, which are used for solving the problems that the existing penetration test method generally lacks dynamic evaluation capability on the probability of success of attack and the output value of attack, cannot intelligently adjust an attack strategy according to the real-time attack state, and has low efficiency and low success rate of penetration test. The method comprises the steps of obtaining asset information and attack surface information of a system to be detected, generating penetration test tasks according to the asset information and the attack surface information, preprocessing the asset information and the attack surface information to obtain standardized first feature vectors, respectively determining detection priorities of the penetration test tasks according to the first feature vectors based on a pre-trained prediction rating model, determining penetration test paths according to the test priorities, and executing corresponding penetration test tasks according to the penetration test paths to complete penetration test of the system to be detected.

Inventors

  • YANG BIN
  • TANG JIANJUN
  • REN MIN
  • ZOU MINGMING
  • WU SHUAI
  • LI QIANKUN
  • WANG XIAOZHOU
  • LIU YANG
  • ZHAO ZHANJUN
  • BU ZHONGGUI
  • WEI WEI
  • Ji Xiangchuan
  • ZHANG XUESHAN

Assignees

  • 中国移动通信集团设计院有限公司
  • 中国移动通信集团有限公司

Dates

Publication Date
20260508
Application Date
20251222

Claims (10)

  1. 1. A penetration test method, comprising: Acquiring asset information and attack surface information of a system to be detected, wherein the asset information comprises open port data, a network topology structure, an operating system and system service information; Generating a penetration test task according to the asset information and the attack surface information; preprocessing the asset information and the attack surface information to obtain a standardized first feature vector; Based on a pre-trained prediction rating model, respectively determining the detection priority of each penetration test task according to the first feature vector; And determining a penetration test path according to the test priority, and executing a corresponding penetration test task according to the penetration test path to finish penetration test of the system to be detected.
  2. 2. The method of claim 1, wherein the attack surface information is characteristic data that can be counted and quantified based on the operation of the system to be detected.
  3. 3. The method of claim 2, wherein the attack surface information includes at least one of a number of background login entries, a number of dynamic URL average parameters, and a number of file upload entries.
  4. 4. The method according to claim 1, wherein the preprocessing the asset information and the attack surface information specifically includes: converting the asset information into numerical characteristics according to One-Hot codes; And carrying out normalization processing on the attack surface information according to a standard normalization method.
  5. 5. The method of claim 1, wherein the prediction rating model is a deep crossover network DCN model.
  6. 6. The method of claim 5, wherein pre-training the predictive rating model comprises: According to the obtained historical attack data of the system to be detected, a training sample set is constructed, wherein each piece of the historical attack data comprises a second characteristic vector corresponding to an attack state and a priority value corresponding to a penetration test task under the attack state; And training an original Depth Crossover Network (DCN) model by taking the second feature vector as input and the priority value as a prediction target according to the training sample set to obtain the prediction rating model.
  7. 7. A penetration testing apparatus, comprising: The information acquisition unit is used for acquiring asset information and attack surface information of a system to be detected, wherein the asset information comprises open port data, a network topology structure, an operating system and system service information; The test task generating unit is used for generating a penetration test task according to the asset information and the attack surface information; The preprocessing unit is used for preprocessing the asset information and the attack surface information to obtain a standardized first feature vector; The rating unit is used for respectively determining the detection priority of each penetration test task according to the first feature vector based on a pre-trained prediction rating model; And the testing unit is used for determining a penetration testing path according to the testing priority, and executing a corresponding penetration testing task according to the penetration testing path to complete penetration testing of the system to be detected.
  8. 8. A penetration testing apparatus comprising: processor, and A memory arranged to store computer executable instructions that, when executed, cause the processor to: Acquiring asset information and attack surface information of a system to be detected, wherein the asset information comprises open port data, a network topology structure, an operating system and system service information; Generating a penetration test task according to the asset information and the attack surface information; preprocessing the asset information and the attack surface information to obtain a standardized first feature vector; Based on a pre-trained prediction rating model, respectively determining the detection priority of each penetration test task according to the first feature vector; And determining a penetration test path according to the test priority, and executing a corresponding penetration test task according to the penetration test path to finish penetration test of the system to be detected.
  9. 9. A computer readable storage medium storing one or more programs, which when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the penetration test method of any of claims 1-6.
  10. 10. A computer program product comprising a computer program which, when executed by a processor, implements the penetration test method according to any one of claims 1-6.

Description

Penetration test method, apparatus, device, storage medium, and computer program product Technical Field The present application relates to the field of wireless communication technology, and in particular, to a penetration test method, apparatus, device, storage medium, and computer program product. Background In the field of network security, penetration testing is an important security assessment tool for discovering and verifying security vulnerabilities in a system. The traditional automatic penetration test method is mostly dependent on a predefined rule and a component matching mechanism, and the assets and the vulnerabilities of the target system are matched through a preset rule base, so that corresponding attack plug-ins are selected to execute the test. However, in practical applications, especially in complex intranet environments or multi-stage attack scenarios, there are significant limitations to the matching method based on static rules. Because the coverage range of the rule base is limited, the rule base is difficult to comprehensively adapt to changeable network environments and attack states, and partial effective attack components can not be recalled easily, so that the continuity and the integrity of subsequent attack paths are affected. In addition, the existing penetration test method generally lacks dynamic evaluation capability for the probability of success of attack and the output value of attack, and cannot intelligently adjust the attack strategy according to the real-time attack state, so that the penetration test has low efficiency and low success rate. Therefore, how to realize an automatic penetration test method capable of dynamically planning an attack path and adaptively adjusting an attack strategy becomes a technical problem to be solved in the prior art. Disclosure of Invention The embodiment of the application provides a penetration test method, which is used for solving the problems that the existing penetration test method generally lacks dynamic evaluation capability for attack success probability and attack output value, and cannot intelligently adjust an attack strategy according to a real-time attack state, so that the penetration test efficiency is low and the success rate is low. The embodiment of the application also provides a penetration test device which is used for solving the problems that the existing penetration test method generally lacks dynamic evaluation capability for the probability of success of attack and the output value of attack, and cannot intelligently adjust the attack strategy according to the real-time attack state, so that the penetration test efficiency is low and the success rate is low. The embodiment of the application also provides a penetration test device, which is used for solving the problems that the existing penetration test method generally lacks dynamic evaluation capability for the probability of success of attack and the output value of attack, and cannot intelligently adjust the attack strategy according to the real-time attack state, so that the penetration test efficiency is lower and the success rate is not high. The embodiment of the application also provides a computer readable storage medium for solving the problems that the existing penetration test method generally lacks dynamic evaluation capability on the probability of success of the attack and the output value of the attack, cannot intelligently adjust the attack strategy according to the real-time attack state, and has low efficiency and low success rate of the penetration test. A computer program product is used for solving the problems that the existing penetration test method generally lacks dynamic evaluation capability for the probability of success of attack and the output value of attack, and cannot intelligently adjust attack strategies according to the real-time attack state, so that the penetration test is low in efficiency and low in success rate. The embodiment of the application adopts the following technical scheme: A penetration test method comprises the steps of obtaining asset information and attack surface information of a system to be tested, wherein the asset information comprises open port data, a network topological structure, an operating system and system service information, generating penetration test tasks according to the asset information and the attack surface information, preprocessing the asset information and the attack surface information to obtain standardized first feature vectors, respectively determining the detection priority of each penetration test task according to the first feature vectors based on a pre-trained prediction rating model, determining a penetration test path according to the test priority, and executing corresponding penetration test tasks according to the penetration test path to finish penetration test of the system to be tested. The penetration test device comprises an information acquisition unit