{"title":"远程渗透测试的自动化计划","authors":"Lloyd G. Greenwald, R. Shanley","doi":"10.1109/MILCOM.2009.5379852","DOIUrl":null,"url":null,"abstract":"In this work we consider the problem of automatically designing a penetration test plan that can be executed remotely, without prior knowledge of the target machine or network. We develop a methodology for generating and executing remote testing plans that takes into account the uncertainty of using remote tools both to gain knowledge of the system and to provide the penetration testing actions. Our solution provides automated generation of multi-step penetration test plans that are robust to uncertainty during execution. We tackle this problem by making use of modeling techniques from partially observable Markov decision processes (POMDPs). We automate this process by taking advantage of efficient solutions for solving POMDPs, and further, automatically derive these models through automated access to vulnerability databases such as the national vulnerabilities database (NVD). We demonstrate our implemented solution on a series of example problems.","PeriodicalId":338641,"journal":{"name":"MILCOM 2009 - 2009 IEEE Military Communications Conference","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Automated planning for remote penetration testing\",\"authors\":\"Lloyd G. Greenwald, R. Shanley\",\"doi\":\"10.1109/MILCOM.2009.5379852\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this work we consider the problem of automatically designing a penetration test plan that can be executed remotely, without prior knowledge of the target machine or network. We develop a methodology for generating and executing remote testing plans that takes into account the uncertainty of using remote tools both to gain knowledge of the system and to provide the penetration testing actions. Our solution provides automated generation of multi-step penetration test plans that are robust to uncertainty during execution. We tackle this problem by making use of modeling techniques from partially observable Markov decision processes (POMDPs). We automate this process by taking advantage of efficient solutions for solving POMDPs, and further, automatically derive these models through automated access to vulnerability databases such as the national vulnerabilities database (NVD). We demonstrate our implemented solution on a series of example problems.\",\"PeriodicalId\":338641,\"journal\":{\"name\":\"MILCOM 2009 - 2009 IEEE Military Communications Conference\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-10-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2009 - 2009 IEEE Military Communications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM.2009.5379852\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2009 - 2009 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2009.5379852","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In this work we consider the problem of automatically designing a penetration test plan that can be executed remotely, without prior knowledge of the target machine or network. We develop a methodology for generating and executing remote testing plans that takes into account the uncertainty of using remote tools both to gain knowledge of the system and to provide the penetration testing actions. Our solution provides automated generation of multi-step penetration test plans that are robust to uncertainty during execution. We tackle this problem by making use of modeling techniques from partially observable Markov decision processes (POMDPs). We automate this process by taking advantage of efficient solutions for solving POMDPs, and further, automatically derive these models through automated access to vulnerability databases such as the national vulnerabilities database (NVD). We demonstrate our implemented solution on a series of example problems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
