基于时间Petri网的渗透测试攻击模型研究

针对攻击模型会因为描述的攻击参数不完备,导致实际应用价值降低的问题,提出一种以漏洞为基本粒度,基于时间Petri网的渗透测试攻击模型及构建方法. 该方法对已知漏洞列表构建单漏洞利用模型,通过整合形成渗透测试攻击模型,并提供快速和稳定的漏洞利用方案选择算法,获得相应攻击方案,以及完成一次渗透攻击所需最短时间. 实验结果表明,该模型及算法可以有效地描述攻击时间和攻击稳定性,可实际应用于渗透测试. 

Researches on Penetration Attacking Model Based on Timed Petri Nets

Penetration test is a generally acknowledged and effective security testing method, while the phase of attack is the significant execution of penetration test. Due to incomplete attack parameters, the attacking model can often not be applied in practical. A penetration attacking model based on timed Petri nets was put forward in this paper, the basic granularity of which was vulnerability. First, the single vulnerability exploitation model was constructed by a list of known vulnerabilities. Then the penetration attacking model was constructed by integrating them, and the rapid and stable vulnerability exploitation selection algorithms were proposed. The corresponding attacking schemes as well as the shortest time that completing a penetration attack requires can be obtained. The experimental results show that the model can describe the attacking time and stability effectively. Furthermore, the method can be applied to the penetration test in practical.