基于机器学习优化策略的漏洞检测技术研究

Research on vulnerability detection technology based on machine learning optimization strategy

文中研究了渗透测试中漏洞规则库的优化问题。针对利用漏洞规则库进行漏洞检测中高效率、低损耗的需求,文中通过对漏洞规则库的工作机制进行研究分析,完成了漏洞规则库的构造,并提出了基于机器学习的优化策略。通过执行机器学习模型和学习算法,完成对攻击参数的威胁定级,以此优化模拟攻击时攻击规则的匹配顺序,达到提高测试效率、降低系统占用的目的。实验表明,基于机器学习的漏洞规则库优化策略是可行有效的,并且能够使渗透测试保持在一个高效率、低损耗的状态。

This paper studies the optimization problem of loophole rule base in penetration test. Aiming at the low efficiency and high cost of loophole testing,this paper proposed to apply machine learning into the improvement of loophole rule base,and builds a rule base that includes attacking rule threat assessments. It puts forward the optimization strategy based on machine learning. By performing a machine learning model and learning algorithms,it completes the grading,the threat of attack parameters to optimize simulation attack against rules matching order. According to the experiments,the improved loophole base is feasible and effective,can save system costs and thus increases the efficiency during penetration tests.