Research On Attack Path Planning And Evaluation Method In Penetration Testing

As cyber attacks develop towards modularity,intelligence,and orientation,penetration testing has become an important means of measuring the security of network systems.Compared with the manual implementation of the penetration testing process,the automation of the entire penetration testing process can get rid of the dependence on expert experience,save time and cost,gradually becoming the future development direction of the penetration testing field.In the process of implementing automated penetration testing,automatic attack path planning is an essential part of it.At present,there are many researches on attack path planning methods in the global static environment.Such environmental assumptions are difficult to satisfy in reality.Therefore,it is of great significance to study how to conduct attack path planning in an uncertain environment.When planning the attack path,the attacker's limited knowledge of the environment prevents him from guaranteeing the accuracy of the initial model and related parameters.Therefore,it is necessary to evaluate the attack path and provide timely and effective feedback for the planning process.Focusing on the realistic requirements of path planning in the field of penetration testing,Firstly the attack path planning method is researched from the background of the following two problems: one is dynamic penetration testing environment under complete information conditions;the other is unknown penetration testing environment.Then,the attack path evaluation is a supplement to the path planning research.This article proposes a method of attack path evaluation from a more comprehensive and objective perspective.The main research contents are as follows:1.Aiming at the problem that the attack path may be invalid in the dynamic penetration test environment and the repeated planning efficiency is not high,an attack path planning method based on the two-way ant colony algorithm is proposed.This method adopts the re-planning mechanism to realize the path planning of the local area after the failure of the path node.At the same time,in order to alleviate the algorithm performance challenges caused by the continuous growth of the state space,the ant colony algorithm has been improved,including the use of different two-way search strategies,cross-optimization operations and new pheromone update methods.The experimental comparison with the classic ant colony algorithm and the elite ant colony algorithm verifies the effectiveness of the algorithm improvement.Through experiments with existing planning algorithms Metric-FF and D*,it is verified that the calculation and storage costs of the algorithm increase slightly in larger network scales,and the scalability is stronger.2.For attack path planning in unknown penetration test environment,an attack path planning method based on deep reinforcement learning is proposed.First,describe the state space and action space of the penetration test problem,and introduce information gathering actions to enhance the perception of the environment.Then,the agent learns through autonomous interaction with the environment and finds the optimal strategy to maximize long-term benefits to guide the attacker in path planning.Reinforcement learning algorithms have problems such as difficulty in convergence and long training time.This has been improved,including the design path inspiring information to guide the initial training process,reducing the blindness of the preliminary search,and the action selection strategy of depth-first penetration is used to prune the action space to accelerate the learning process of the agent.Through comparison with other deep reinforcement learning algorithms under the same experimental conditions,it is verified that the algorithm converges faster and the running time is shortened by more than 30%.3.In the unknown penetration test environment,the attacker cannot obtain network connection and configuration information at the initial moment,and the existing planning methods cannot solve the problems well,so an attack path planning method based on deep reinforcement learning is proposed.First,assume that there is an ideal virtual defender in the network,and the defender has comprehensive environmental information;then,a model of the game between the two parties is constructed to quantify the offensive and defensive benefits.Finally,according to the attack strategy set composed of different attack paths,the defender's defense strategy set is designed.By solving the optimal attack and defense strategy under the Nash equilibrium condition,the attack path is analyzed and compared,and the quality of the attack path is evaluated.The construction of the non-zero-sum static game model considers a large number of offensive and defensive factors and indicators,which increases the objectivity and rationality of the evaluation.The strategy set of an ideal virtual defender is usually more than that of the attack strategy set,which is in line with the reality that the information of the offensive and defensive parties is often unequal.The calculation and analysis of the simulation experiment environment verify the effectiveness and feasibility of the attack path evaluation method.