###

计算机系统应用英文版:2023,32(12):197-204

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

基于价值迭代算法的最优渗透路径发现

马琦¹, 刘杨¹, 吴贤生¹, 曲芸², 王佰玲¹, 刘红日^1,3

(1.哈尔滨工业大学(威海) 计算机科学与技术学院, 威海 264200;2.哈尔滨工业大学(威海) 网络与信息中心, 威海 264200;3.威海天之卫网络空间安全科技有限公司, 威海 264200)

Optimal Penetration Path Discovery Based on Value Iterative Algorithm

MA Qi¹, LIU Yang¹, WU Xian-Sheng¹, QU Yun², WANG Bai-Ling¹, LIU Hong-Ri^1,3

(1.School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China;2.Network and Information Center, Harbin Institute of Technology at Weihai, Weihai 264200, China;3.Weihai Cyberguard technologies Co. Ltd., Weihai 264200, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 411次下载 1171次
Received:June 27, 2023 Revised:July 27, 2023

中文摘要: 渗透测试的核心是发现渗透路径, 但并不是所有的渗透路径都能够成功, 所以需要基于当前系统环境选择最优渗透路径. 在此背景下, 首先, 本文基于攻击图将环境建模为马尔可夫决策过程(Markov decision process, MDP)图, 使用价值迭代算法寻找最优渗透路径. 其次, 对于渗透测试过程中存在的渗透动作失效问题, 提出了一种新的重规划算法, 可以在MDP图中有效处理失效渗透动作, 重新寻找最优渗透路径. 最后, 基于渗透测试过程中存在多个攻击目标的情况, 本文提出了面向MDP图的多目标全局最优渗透路径算法. 实验证明, 本文提出的算法在重规划任务方面, 表现出了更高的效率和稳定性, 在多目标任务方面, 体现出了算法的有效性, 可以避免不必要的渗透动作被执行.

中文关键词: 渗透测试价值迭代最优渗透路径重规划多目标任务

Abstract:The core of penetration testing is to discover penetration paths, but not all penetration paths can be successful. Therefore, the optimal penetration path needs to be chosen based on the current system environment. In this context, firstly, this study models the environment as a Markov decision process (MDP) graph based on the attack graph and uses a value iteration algorithm to find the optimal penetration path. Secondly, a new replanning algorithm is proposed to deal with the failure of penetration actions in the MDP graph and find the optimal penetration path again. Finally, in view of the existence of multiple attack targets in the penetration testing process, this study proposes a multi-objective global optimal penetration path algorithm for MDP graphs. Experimentally, the proposed algorithm shows higher efficiency and stability in replanning tasks and is effective in multi-objective tasks, which can prevent unnecessary penetration actions from being executed.

keywords: penetration testing value iteration optimal penetration path replanning multi-objective task

文章编号： 中图分类号： 文献标志码：

基金项目:国家自然科学基金面上项目（62272129）

Author Name	Affiliation	E-mail
MA Qi	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
LIU Yang	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
WU Xian-Sheng	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
QU Yun	Network and Information Center, Harbin Institute of Technology at Weihai, Weihai 264200, China
WANG Bai-Ling	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
LIU Hong-Ri	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China Weihai Cyberguard technologies Co. Ltd., Weihai 264200, China	liuhr@hit.edu.cn

Author Name	Affiliation	E-mail
MA Qi	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
LIU Yang	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
WU Xian-Sheng	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
QU Yun	Network and Information Center, Harbin Institute of Technology at Weihai, Weihai 264200, China
WANG Bai-Ling	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China
LIU Hong-Ri	School of Computer Science and Technology, Harbin Institute of Technology at Weihai, Weihai 264200, China Weihai Cyberguard technologies Co. Ltd., Weihai 264200, China	liuhr@hit.edu.cn

引用文本：
马琦,刘杨,吴贤生,曲芸,王佰玲,刘红日.基于价值迭代算法的最优渗透路径发现.计算机系统应用,2023,32(12):197-204
MA Qi,LIU Yang,WU Xian-Sheng,QU Yun,WANG Bai-Ling,LIU Hong-Ri.Optimal Penetration Path Discovery Based on Value Iterative Algorithm.COMPUTER SYSTEMS APPLICATIONS,2023,32(12):197-204