Research On Penetration Testing Method Based On Low Cost Attack Graph

Penetration testing is an important means of current network security assessment.Each penetration test requires an analysis method as a guide.The current analysis methods for penetration testing are based on attack trees,attack graphs,and Petri nets.The penetration test method based on attack graphs is the focus of research.The existing research on attack graphs mainly focuses on how to detect the attack path from the attacking host to the destination host,and how to solve the state explosion problem inherent in the attack graph.However,the standpoint is to find all the paths from the attack host to the target host,without quantitative evaluation of the path.Although the generated attack graph will be more comprehensive,it is difficult to quickly find the most vulnerable link in the network,lack of pertinence,and can not provide more valuable guidance for the implementation of subsequent penetration testing.In order to solve the existing problems,this thesis proposes the concept of low-cost attack graph,and uses the CVSS scoring system and the limitation of the attack step size to find out the associated path of the attack path with low difficulty.In this thesis,two methods are proposed for the generation of low-cost attack graphs,which are attack graph generation method based on defined threshold and attack graph generation method based on heuristic search strategy.The first method is based on the threshold set by the user.The depth-first traversal is used to find the attack path,and the threshold is extended while the node is extended.Finally,all attack paths within the threshold range are formed to form a low-cost attack map.The second way uses the idea of heuristic search,under the guidance of the valuation function,the edge detection of the node is extended,and finally the attack graph with the lowest cost is directly generated.The first method can find the attack path with a certain degree of vulnerability,and the second method can directly find the weakest link in the network.The attack graphs generated by these two methods are clearly targeted,and the generation efficiency is greatly improved.At the same time,the scale of the attack graph is further reduced,which provides a clearer guiding basis for the implementation of the penetration test.