Research On Penetration Testing Based On Graph

With the development of network and communication,a number of other network applications, such as the Internet of things, cloud computing, big data, will completely change people’s way of thinking, so as to promote the social civilization and the progress of science and technology. Although the development of network technology brings benefits to society, we must alert to cyber threats caused us problems. Traditional firewalls,intrusion detection systems and other security technology can detect most of known attacks and threats, but they can’t detect the potential security risks of computer network system.Penetration testing acts as an important way of assessing network security, it can effectively detect the potential technical defects and threats to computer network system,which can obviously improve the security of computer systems.Traditional penetration testing mainly relies on professional penetration testers to complete, and it has a great relationship with the professional skills of testers. because the testers uneven shills, it results in the different effectiveness of evaluation; The relevance of hosts and vulnerabilities is not considered by traditional penetration testing. Accordingly,automatic intelligent penetration testing research has important significance.This paper deeply researches penetration testing based on the analysis of penetration testing standards, processes and technology. Firstly, this paper briefly introduces the status of the penetration testing and emphasizes the importance of penetration testing for network information security, then introduces the penetration testing concept, process, significance.This paper deeply analyzes the related technologies and tools of penetration testing introduce a detailed description of the principle. Secondly, this paper introduces penetration testing based on the attack tree and attack graph and researches the application of attack tree and attack graph on penetration testing,then refines the attack graph. More factors that affect the penetration testing, such as the successful probability of attack, the cost of attack, are introduced. This paper builds penetration testing model base on graph and designs a algorithm of path generation based on attack graph, then giving experimental testing. The test results showed that, the algorithm can better simulate real attack and can be applied to actual penetration testing.