自动化渗透测试应用研究综述

渗透测试对目标网络系统的安全进行评估,能够有效地预防网络攻击,保护目标系统。传统渗透测试依赖测试人员的专业知识,人力和时间成本大。自动化渗透测试是当前研究的热点,不仅降低了人工参与程度,还能够全面地发现并验证网络中潜在的威胁,提高了渗透测试的成功率。文中针对自动化渗透测试应用进行深入研究。首先,介绍了传统渗透测试和自动化渗透测试的概念和流程,对比了两种方法各自的特点。其次,从基于漏洞组合的自动化攻击链、基于攻击图的攻击路径分析及基于人工智能的自动化渗透3个角度归纳了当前自动化渗透测试技术研究,创新性地总结了自动化攻击链的组合方法并划分基于图论的攻击路径分析研究,最后对渗透测试的发展和未来挑战进行总结和展望。

基于粗糙集理论的主机安全评估方法

针对大多数安全评估系统不能评估漏洞的组合对网络安全危害的缺陷 ,提出采用粗糙集理论进行主机安全评估的方法 .该方法利用历史评估记录 ,把漏洞作为安全要素 ,在基于粗糙集理论的属性约简能力上 ,建立了安全评估模型以及具有安全要素、服务和主机 3个层次的安全风险度量模型 ,再结合安全要素和服务重要性因子进行加权 ,计算主机的安全风险 ,进而评估、分析系统的安全态势 .与其他方法相比 ,该方法能够自动建立基于规则的安全评估模型 ,评估单个安全要素和安全要素的组合对系统安全的威胁 ,且能够监控因系统配置改变引起的系统安全状态的变化 .通过仿真实验建立了系统安全态势曲线 ,从 7天的实验记录中还发现了 9条有用的评估规则 ,这表明采用该方法的评估结果更加准确。

Optimal configuration of firewall, IDS and vulnerability scan by game theory

The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system （IDS） and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are low, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases. Moreover, the interactions between IDS ＆ vulnerability scan and firewall ＆ IDS are discussed in detail.