基于知識(shí)庫(kù)的滲透測(cè)試評(píng)估方法研究與實(shí)現(xiàn)
發(fā)布時(shí)間:2018-08-25 08:38
【摘要】:如今各個(gè)領(lǐng)域都已與網(wǎng)絡(luò)有著千絲萬(wàn)縷的聯(lián)系,網(wǎng)絡(luò)的發(fā)展給大家?guī)?lái)便利的同時(shí),行走在網(wǎng)絡(luò)空間中的“黑客”已成為嚴(yán)重威脅網(wǎng)絡(luò)安全的問題,滲透測(cè)試技術(shù)就是這些行走在網(wǎng)絡(luò)空間中的“黑客”安身立命的本領(lǐng)所在。早至凱文·米特尼克這樣的第一批“黑客”,近至牟取非法利益而從事地下黑色產(chǎn)業(yè)鏈的“黑帽子黑客”,他們通常都對(duì)自身的滲透測(cè)試技術(shù)守口如瓶,或者只在一個(gè)利益共同體中進(jìn)行交流與切磋。然而“白帽子黑客”打破了這種舊有的格局,在取得授權(quán)的先決前提下,對(duì)目標(biāo)系統(tǒng)或網(wǎng)絡(luò)進(jìn)行滲透測(cè)試的實(shí)踐評(píng)估。隨著一些對(duì)安全性需求很高的企業(yè)開始采納這種方式來(lái)對(duì)自己的業(yè)務(wù)、網(wǎng)絡(luò)及系統(tǒng)進(jìn)行評(píng)估,滲透測(cè)試安全評(píng)估方法逐漸發(fā)展成為一個(gè)熱門的領(lǐng)域。 本文對(duì)滲透測(cè)試技術(shù)和安全評(píng)估方法進(jìn)行研究,滲透測(cè)試是一種實(shí)際環(huán)境的攻擊模擬,通過它能發(fā)現(xiàn)影響業(yè)務(wù)的安全隱患。而安全評(píng)估方法是一種安全風(fēng)險(xiǎn)分析方法,,它的任務(wù)是評(píng)估業(yè)務(wù)的安全隱患及給出相應(yīng)的升級(jí)策略。通過調(diào)研發(fā)現(xiàn)其實(shí)兩者有很多共性點(diǎn),如前期對(duì)系統(tǒng)脆弱性分析、系統(tǒng)威脅的建模等,同時(shí)兩者也存在以下幾個(gè)方面的問題: (1)滲透測(cè)試的對(duì)抗性和定制性一般要求很高,需要滲透測(cè)試團(tuán)隊(duì)在不斷的滲透操作中進(jìn)行分析,自動(dòng)化的滲透測(cè)試工具只有商業(yè)化版本; (2)安全評(píng)估方法中有很多不確定性的參數(shù),如一個(gè)特定企業(yè)的網(wǎng)絡(luò)系統(tǒng)中發(fā)現(xiàn)一處漏洞,但并不能確定是否有攻擊能對(duì)其造成影響,或者不能確定企業(yè)防御措施是否能抵御漏洞的威脅; (3)國(guó)內(nèi)滲透測(cè)試領(lǐng)域、安全評(píng)估領(lǐng)域都與國(guó)外有較大差距。 基于以上幾個(gè)問題為出發(fā)點(diǎn),本文通過構(gòu)建知識(shí)庫(kù)的方式來(lái)實(shí)現(xiàn)滲透測(cè)試過程的自動(dòng)化執(zhí)行及通過滲透測(cè)試結(jié)果來(lái)增加安全評(píng)估的準(zhǔn)確性,結(jié)合這兩方面內(nèi)容,研究基于知識(shí)庫(kù)的滲透測(cè)試評(píng)估方法。 首先,在深入研究滲透測(cè)試技術(shù)的基礎(chǔ)上,結(jié)合規(guī)則樹方法,構(gòu)建知識(shí)庫(kù)的信息,知識(shí)庫(kù)中每條鏈存儲(chǔ)了一個(gè)完整的滲透攻擊過程,通過前期目標(biāo)與脆弱性信息收集,調(diào)用知識(shí)庫(kù)中內(nèi)容,實(shí)現(xiàn)了滲透測(cè)試的自動(dòng)化執(zhí)行。 其次,深入研究了安全評(píng)估方法,基于滲透測(cè)試的返回結(jié)果,在滿足NIST指南的情況下,重新設(shè)計(jì)了安全評(píng)估過程,使安全評(píng)估的某些脆弱性的評(píng)估值確定化。同時(shí)應(yīng)用了漏洞生命周期思想,理論上加強(qiáng)了評(píng)估值的正確性,安全評(píng)估的正確性也能隨著知識(shí)庫(kù)的不斷擴(kuò)充而得到加強(qiáng)。
[Abstract]:Nowadays, all fields have been inextricably linked to the network. While the development of the network has brought convenience to everyone, "hackers" who walk in cyberspace have become a serious threat to network security. Penetration testing is the ability of these hackers to survive in cyberspace. As early as the first "hackers" such as Kevin Mitnick, "black hat hackers" who were engaged in underground black industry chains for illegal profits, they usually kept their own penetration testing techniques in a bottle. Or only in a community of interests for exchanges and exchanges. However, White Hat Hacker breaks this old pattern and evaluates the target system or network penetration test on the premise of obtaining authorization. As some enterprises with high security requirements begin to adopt this method to evaluate their own business, network and system, penetration testing security evaluation method has gradually developed into a hot field. In this paper, the penetration testing technology and security evaluation method are studied. Penetration testing is a kind of attack simulation in real environment. The security assessment method is a kind of security risk analysis method. Its task is to evaluate the security hidden trouble of the business and give the corresponding upgrade strategy. Through the investigation, we found that there are many common points between the two, such as the early analysis of system vulnerability, the modeling of system threat, and so on. At the same time, there are also some problems in the following aspects: (1) the resistance and customization of penetration testing are very high, which need to be analyzed by the penetration test team during the continuous penetration operation. Automated penetration testing tools are available only in commercial versions; (2) there are many uncertain parameters in security assessment methods, such as the discovery of a vulnerability in a particular enterprise's network system, However, it is not certain whether there is an attack that can affect it, or whether the enterprise defense measures can resist the threat of vulnerability; (3) there is a big gap between domestic penetration test field and security evaluation field compared with foreign countries. Based on the above questions, this paper constructs the knowledge base to realize the automatic execution of penetration test process and to increase the accuracy of safety assessment through the results of penetration test, which are combined with these two aspects. The method of penetration test evaluation based on knowledge base is studied. First of all, on the basis of in-depth study of penetration testing technology, combined with rule tree method, the information of knowledge base is constructed. Each chain of knowledge base stores a complete process of penetration attack. The automatic execution of penetration test is realized by calling the contents of knowledge base. Secondly, the security assessment method is deeply studied. Based on the return results of the penetration test, the process of security assessment is redesigned under the condition of satisfying the NIST guidelines, so that the assessment value of some vulnerabilities of the security assessment can be determined. At the same time, the theory of vulnerability life cycle is applied to strengthen the correctness of the evaluation value, and the correctness of the security assessment can be enhanced with the continuous expansion of the knowledge base.
【學(xué)位授予單位】:吉林大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2202348
[Abstract]:Nowadays, all fields have been inextricably linked to the network. While the development of the network has brought convenience to everyone, "hackers" who walk in cyberspace have become a serious threat to network security. Penetration testing is the ability of these hackers to survive in cyberspace. As early as the first "hackers" such as Kevin Mitnick, "black hat hackers" who were engaged in underground black industry chains for illegal profits, they usually kept their own penetration testing techniques in a bottle. Or only in a community of interests for exchanges and exchanges. However, White Hat Hacker breaks this old pattern and evaluates the target system or network penetration test on the premise of obtaining authorization. As some enterprises with high security requirements begin to adopt this method to evaluate their own business, network and system, penetration testing security evaluation method has gradually developed into a hot field. In this paper, the penetration testing technology and security evaluation method are studied. Penetration testing is a kind of attack simulation in real environment. The security assessment method is a kind of security risk analysis method. Its task is to evaluate the security hidden trouble of the business and give the corresponding upgrade strategy. Through the investigation, we found that there are many common points between the two, such as the early analysis of system vulnerability, the modeling of system threat, and so on. At the same time, there are also some problems in the following aspects: (1) the resistance and customization of penetration testing are very high, which need to be analyzed by the penetration test team during the continuous penetration operation. Automated penetration testing tools are available only in commercial versions; (2) there are many uncertain parameters in security assessment methods, such as the discovery of a vulnerability in a particular enterprise's network system, However, it is not certain whether there is an attack that can affect it, or whether the enterprise defense measures can resist the threat of vulnerability; (3) there is a big gap between domestic penetration test field and security evaluation field compared with foreign countries. Based on the above questions, this paper constructs the knowledge base to realize the automatic execution of penetration test process and to increase the accuracy of safety assessment through the results of penetration test, which are combined with these two aspects. The method of penetration test evaluation based on knowledge base is studied. First of all, on the basis of in-depth study of penetration testing technology, combined with rule tree method, the information of knowledge base is constructed. Each chain of knowledge base stores a complete process of penetration attack. The automatic execution of penetration test is realized by calling the contents of knowledge base. Secondly, the security assessment method is deeply studied. Based on the return results of the penetration test, the process of security assessment is redesigned under the condition of satisfying the NIST guidelines, so that the assessment value of some vulnerabilities of the security assessment can be determined. At the same time, the theory of vulnerability life cycle is applied to strengthen the correctness of the evaluation value, and the correctness of the security assessment can be enhanced with the continuous expansion of the knowledge base.
【學(xué)位授予單位】:吉林大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前4條
1 王航;高強(qiáng);莫毓昌;;基于攻擊圖和安全度量的網(wǎng)絡(luò)脆弱性評(píng)價(jià)[J];計(jì)算機(jī)工程;2010年03期
2 丁衛(wèi)平;施詮;管致錦;;一種基于事務(wù)規(guī)則樹的高效關(guān)聯(lián)規(guī)則挖掘算法[J];計(jì)算機(jī)應(yīng)用研究;2007年05期
3 常艷;王冠;;網(wǎng)絡(luò)安全滲透測(cè)試研究[J];信息網(wǎng)絡(luò)安全;2012年11期
4 胡亮;趙劍明;解男男;努爾布力;;多步攻擊的規(guī)則樹檢測(cè)及可視化[J];中國(guó)圖象圖形學(xué)報(bào);2013年03期
本文編號(hào):2202348
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2202348.html
最近更新
教材專著
