Research On Automated Penetration Method Based On Attack Grap

With the continuous development of network information technologies such as big data,cloud computing and artificial intelligence,the internet has become the infrastructure of information construction in China.At the same time,the network security of countries,enterprises and even individuals is also faced with severe challenges.Wrongdoers carry out network attacks through software application loopholes and insecure network protocols,causing incalculable losses to users.As a method to simulate an attacker’s attack on the target,penetration testing technology can effectively realize network security assessment.However,due to its characteristics such as high operational difficulty,high complexity and tedious steps,it is necessary to design a penetration testing and analysis system with high degree of automation and good scalability for researchers to use,based on an efficient attack model.As an effective mean of network security analysis and evaluation,attack graph technology has high application and research value in guiding the process of automated penetration testing.Therefore,it is of great significance to study the automatic penetration test method based on attack graph.In this paper,automatic penetration testing,attack path planning and analysis based on attack graph and homologous detection of malicious code are studied deeply in the field of network security.An innovative attack path planning and analysis model based on absorbing Markov chain attack graph is proposed,and a malicious code detection method based on code visualization is proposed.Finally,based on the above theory and method,an automatic penetration and analysis system is designed and implemented.The main research work of this paper is as follows,among which(2),(3)and(4)are the innovative work of this paper:(1)The research background,significance,relevant theoretical knowledge and technical basis of the subject are introduced.The research status of automated penetration testing and malicious code detection at home and abroad is analyzed and summarized.(2)An attack path planning and analysis model based on absorbed Markov chain attack graph is proposed,which solved the problem that existing attack graph modeling methods do not consider factors other than basic network environment information when evaluating the path quantitatively,and at the same time can realize the comprehensive evaluation of the target network security.Firstly,a state transition probability normalization algorithm based on vulnerability life cycle is designed in the model,and the general attack graph is mapped to the absorbed Markov chain attack graph.Secondly,combined with the mapped attack graph model and its state transition probability matrix,the attack path planning is carried out,and the security of the target network is comprehensively evaluated from three aspects: node threat degree,attack path length and expected impact.Finally,the effectiveness and feasibility of the attack path planning and analysis model are proved through the analysis and verification in the simulation environment.(3)In the security analysis strategy,the malicious code homology detection model based on code visualization is proposed in view of the common code reuse phenomenon of the same malicious family.In this model,a visualization algorithm is designed to convert the original malicious code files into image samples,which simplifies the process of preprocessing.Secondly,data enhancement technology was used to expand the sample set,and training was conducted on the improved Goog Le Net,and weighted Focal loss was designed to alleviate the influence of model overfitting.Finally,the experimental results on real data sets show that the proposed model can effectively complete the homology detection of malicious codes.(4)Based on the above theories and methods,an automatic penetration and analysis system is designed and implemented,which solves the problems of the existing penetration test system,such as lack of attack model guidance,low degree of automation,and lack of comprehensive security analysis of the target.After identifying the attack target,the system first collects the target network information,constructs the general attack graph model of the target network,takes the attack path planning and analysis model as the guidance,matches the attack load and penetration tool corresponding to the vulnerability in the Arsenal,and implements automatic penetration attack on the host in the attack path.Finally,the system analyzes and displays the attack path distribution,node threat degree and expected impact of the target network,as well as the homologous detection results of malicious codes in the penetration process,so as to realize the security evaluation of the target network.