摘要
渗透测试的核心是发现渗透路径,但并不是所有的渗透路径都能够成功,所以需要基于当前系统环境选择最优渗透路径.在此背景下,首先,本文基于攻击图将环境建模为马尔可夫决策过程(Markov decision process,MDP)图,使用价值迭代算法寻找最优渗透路径.其次,对于渗透测试过程中存在的渗透动作失效问题,提出了一种新的重规划算法,可以在MDP图中有效处理失效渗透动作,重新寻找最优渗透路径.最后,基于渗透测试过程中存在多个攻击目标的情况,本文提出了面向MDP图的多目标全局最优渗透路径算法.实验证明,本文提出的算法在重规划任务方面,表现出了更高的效率和稳定性,在多目标任务方面,体现出了算法的有效性,可以避免不必要的渗透动作被执行.
The core of penetration testing is to discover penetration paths,but not all penetration paths can be successful.Therefore,the optimal penetration path needs to be chosen based on the current system environment.In this context,firstly,this study models the environment as a Markov decision process(MDP)graph based on the attack graph and uses a value iteration algorithm to find the optimal penetration path.Secondly,a new replanning algorithm is proposed to deal with the failure of penetration actions in the MDP graph and find the optimal penetration path again.Finally,in view of the existence of multiple attack targets in the penetration testing process,this study proposes a multi-objective global optimal penetration path algorithm for MDP graphs.Experimentally,the proposed algorithm shows higher efficiency and stability in replanning tasks and is effective in multi-objective tasks,which can prevent unnecessary penetration actions from being executed.
作者
马琦
刘杨
吴贤生
曲芸
王佰玲
刘红日
MA Qi;LIU Yang;WU Xian-Sheng;QU Yun;WANG Bai-Ling;LIU Hong-Ri(School of Computer Science and Technology,Harbin Institute of Technology at Weihai,Weihai 264200,China;Network and Information Center,Harbin Institute of Technology at Weihai,Weihai 264200,China;Weihai Cyberguard technologies Co.Ltd.,Weihai 264200,China)
出处
《计算机系统应用》
2023年第12期197-204,共8页
Computer Systems & Applications
基金
国家自然科学基金面上项目(62272129)。
关键词
渗透测试
价值迭代
最优渗透路径
重规划
多目标任务
penetration testing
value iteration
optimal penetration path
replanning
multi-objective task
