[1]葛昕,岳敏楠,金江涛.基于校园网的自动化渗透测试框架研究[J].深圳大学学报理工版,2020,37(增刊1):68-72.[doi:10.3724/SP.J.1249.2020.99068]
 GE Xin,YUE Minnan,and JIN Jiangtao.Automatic penetration testing framework based on campus network[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):68-72.[doi:10.3724/SP.J.1249.2020.99068]
点击复制

基于校园网的自动化渗透测试框架研究()
分享到:

《深圳大学学报理工版》[ISSN:1000-2618/CN:44-1401/N]

卷:
第37卷
期数:
2020年增刊1
页码:
68-72
栏目:
网络空间安全
出版日期:
2020-11-20

文章信息/Info

Title:
Automatic penetration testing framework based on campus network
文章编号:
202099013
作者:
葛昕1岳敏楠2金江涛2
1)上海理工大学信息化办公室,上海200093
2)上海理工大学能源与动力工程学院,上海200093
Author(s):
GE Xin1 YUE Minnan2 and JIN Jiangtao2
1)Information Office, University of Shanghai for Science and Technology, Shanghai 200093, P.R.China
2)School of Energy and Power Engineering, University of Shanghai for Science and Technology, Shanghai 200093, P.R.China
关键词:
人工智能自动化渗透测试黑客威胁建模
Keywords:
artificial intelligence automation penetration test hack threat model
分类号:
TP393.08
DOI:
10.3724/SP.J.1249.2020.99068
文献标志码:
A
摘要:
传统渗透测试是专业安全人员使用漏扫、渗透工具,结合自身的经验,模拟黑客攻击来寻找网络中的脆弱点,这种方式依赖人员素质,周期较长,易受外界干扰.校园网应用系统众多,业务日趋复杂,所有业务进行渗透测试,周期很长,成本很高,定期检测更是难以实现.自动化渗透测试具有操作简易、稳定性高和可连续开展等特点,但目前渗透测试平台多为单一方向渗透或半自动化,综合性和灵活性较差.本研究提出了一种新的渗透框架AAPF,松耦合、易扩展,通过深度学习和人工智能,解决渗透过程中自动化过程的多个关键问题,通过在校园网络中的测试,该平台在提升渗透测试成功率的同时可大幅缩短渗透时间.
Abstract:
The traditional penetration test is using the tools of scan and penetration by professional security personnels to simulate hacker attacks and find the vulnerable points in the network. It depends on the ability of personnels, especially their own experience, and may take a longtime. There are many systems in campus networks, and they are becoming more and more complex. One needs to take a long period and cost to carry out penetration tests for these services, so it is difficult to complete detections throughfully. Automatic penetration test is easy to operate, and can be carried out continuously. However, most penetration test platforms are single direction penetration or semi-automatic, lack comprehensive and flexible. In this paper, we propose a new automatic penetration testing framework (AAPF), which is loosely coupled and easily expanded. Using deep learning and artificial intelligence, AAPF can solve many key problems in the process of penetration automation. The tests in campus network show that the platform can improve the success rate of penetration test and significantly shorten the penetration time.

参考文献/References:

[1] ALI S,HERIYANTO T. Backtrack 4:assuing security by penetration testing[M]. Birmingham, UK: Packt Publishing,2011.37-38.
[2] PTES. Penetration testing execution standard[EB/OL]. (2014-08-16)[2020-09-10]. http://www.pentest-standard.org/index.php/Main_Page.

相似文献/References:

[1]潘长城,徐晨,李国.解全局优化问题的差分进化策略[J].深圳大学学报理工版,2008,25(2):211.
 PAN Chang-cheng,XU Chen,and LI Guo.Differential evolutionary strategies for global optimization[J].Journal of Shenzhen University Science and Engineering,2008,25(增刊1):211.
[2]骆剑平,李霞.求解TSP的改进混合蛙跳算法[J].深圳大学学报理工版,2010,27(2):173.
 LUO Jian-ping and LI Xia.Improved shuffled frog leaping algorithm for solving TSP[J].Journal of Shenzhen University Science and Engineering,2010,27(增刊1):173.
[3]蔡良伟,李霞.基于混合蛙跳算法的作业车间调度优化[J].深圳大学学报理工版,2010,27(4):391.
 CAI Liang-wei and LI Xia.Optimization of job shop scheduling based on shuffled frog leaping algorithm[J].Journal of Shenzhen University Science and Engineering,2010,27(增刊1):391.
[4]张重毅,刘彦斌,于繁华,等.CDA市场环境模型进化研究[J].深圳大学学报理工版,2010,27(4):413.
 ZHANG Zhong-yi,LIU Yan-bin,YU Fan-hua,et al.Research on the evolution model of CDA market environment[J].Journal of Shenzhen University Science and Engineering,2010,27(增刊1):413.
[5]屈军乐,周藩,邵永红,等.双光子吸收截面自动化测量系统研究[J].深圳大学学报理工版,2013,30(No.2(111-220)):122.[doi:10.3724/SP.J.1249.2013.02122]
 Qu Junle,Zhou Fan,Shao Yonghong,et al.Development of an automated two-photon absorption cross section spectrometer[J].Journal of Shenzhen University Science and Engineering,2013,30(增刊1):122.[doi:10.3724/SP.J.1249.2013.02122]
[6]姜建国,周佳薇,郑迎春,等.一种双菌群细菌觅食优化算法[J].深圳大学学报理工版,2014,31(1):43.[doi:10.3724/SP.J.1249.2014.01043]
 Jiang Jianguo,Zhou Jiawei,Zheng Yingchun,et al.A double flora bacteria foraging optimization algorithm[J].Journal of Shenzhen University Science and Engineering,2014,31(增刊1):43.[doi:10.3724/SP.J.1249.2014.01043]
[7]蔡良伟,刘思麒,李霞,等.基于蚁群优化的正则表达式分组算法[J].深圳大学学报理工版,2014,31(3):279.[doi:10.3724/SP.J.1249.2014.03279]
 Cai Liangwei,Liu Siqi,Li Xia,et al.Regular expression grouping algorithm based on ant colony optimization[J].Journal of Shenzhen University Science and Engineering,2014,31(增刊1):279.[doi:10.3724/SP.J.1249.2014.03279]
[8]宁剑平,王冰,李洪儒,等.递减步长果蝇优化算法及应用[J].深圳大学学报理工版,2014,31(4):367.[doi:10.3724/SP.J.1249.2014.04367]
 Ning Jianping,Wang Bing,Li Hongru,et al.Research on and application of diminishing step fruit fly optimization algorithm[J].Journal of Shenzhen University Science and Engineering,2014,31(增刊1):367.[doi:10.3724/SP.J.1249.2014.04367]
[9]刘万峰,李霞.车辆路径问题的快速多邻域迭代局部搜索算法[J].深圳大学学报理工版,2015,32(2):196.[doi:10.3724/SP.J.1249.2015.02000]
 Liu Wanfeng,and Li Xia,A fast multi-neighborhood iterated local search algorithm for vehicle routing problem[J].Journal of Shenzhen University Science and Engineering,2015,32(增刊1):196.[doi:10.3724/SP.J.1249.2015.02000]
[10]蔡良伟,程璐,李军,等.基于遗传算法的正则表达式规则分组优化[J].深圳大学学报理工版,2015,32(3):281.[doi:10.3724/SP.J.1249.2015.03281]
 Cai Liangwei,Cheng Lu,Li Jun,et al.Regular expression grouping optimization based on genetic algorithm[J].Journal of Shenzhen University Science and Engineering,2015,32(增刊1):281.[doi:10.3724/SP.J.1249.2015.03281]

备注/Memo

备注/Memo:
Received:2020-09-27
Foundation:Project of Teacher Teaching Development of University of Shanghai for Technology (CFTD203064)
Corresponding author:Lecturer YUE Minnan. E-mail: ymn@usst.edu.cn
Citation:GE Xin, YUE Minnan, JIN Jiangtao. Automatic penetration testing framework based on campus network[J]. Journal of Shenzhen University Science and Engineering, 2020, 37(Suppl.1): 68-72.(in Chinese)
基金项目:上海理工大学教师教学发展研究资助项目(CFTD203064)
作者简介:葛昕(1976—),上海理工大学工程师.研究方向:网络安全和人工智能.E-mail:gexin@usst.edu.cn
引文:葛昕,岳敏楠,金江涛. 基于校园网的自动化渗透测试框架研究[J]. 深圳大学学报理工版,2020,37(增刊1):68-72.
更新日期/Last Update: 2020-11-26