| Attack Resistance Test is a reverse security test technique, which evaluates the target system's resistance ability against network attacks by the way of implementing attacks against target system. Attack stimulation realizes attack testing on target system by the interpretation and implementation of attack scripts. The instantaneity and comprehensiveness of attack scripts realization affects the effect of test and the result of evaluation greatly. But the disadvantage of lower efficiency and fewer varieties, which attack scripts in attack stimulation have as a result of depending on manual programming, restricts the prevalence and application of ART technique.In order to solve the programming problem of mass attack scripts in ART and improve the efficiency of ART, the main research work of this paper as follows:1. An attack scripts generation common model is constructed. Based on the Code Generation Model in software engineering, attack template and attack feature are defined to represent the common structure and variables affecting attack's realization, attack feature configure attack template to generate the attack scripts. A three-layer attack scripts generation model is constructed to show the theory basis in attack scripts generation, the relationship between basic components and the generation process of attack scripts.2. Attack scripts generation mechanism based on Snort rules is constructed. According to the need of attack feature value in attack scripts generation, the mechanism obtains attack feature value by parsing Snort rules and solve the transform problems from Snort rules to AASL attack scripts: automata is built to obtain attack feature by judging whether the Snort rule describes is network attack or not; process attack feature value to meet the need of attack scripts generation; four attack feature transformation strategies are put forward to invade the detection of Snort; attack template are generated according to the relationship between attack atom and attack template restriction and attack scripts are finally generated using processed attack feature value to configure attack template.3. Attack scripts automatic generation system based on Snort rules is constructed. Consistent with the attack scripts generation mechanism, the system is composed of man-machine interactive module, feature obtaining module, feature process module, template generation module and attack scripts generation module, while attack atoms are encapsulated as AASL function library to provide the basic input for the system. |
PDF Full Text Request