Automatic penetration testing method and system based on knowledge graph

Automatic penetration testing method and system based on knowledge graph

The invention discloses an automatic penetration testing method and system based on a knowledge graph, and belongs to the technical field of vulnerability detection. The method comprises the following steps: constructing an expert knowledge base, wherein the expert knowledge base comprises a weak pa...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: ZHANG KAI, ZHANG YUE, HOU DONGDONG, ZHOU SHICHENG, YANG GUOZHENG, WANG YONGJIE, LIU JINGJU
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator ZHANG KAI
ZHANG YUE
HOU DONGDONG
ZHOU SHICHENG
YANG GUOZHENG
WANG YONGJIE
LIU JINGJU
description The invention discloses an automatic penetration testing method and system based on a knowledge graph, and belongs to the technical field of vulnerability detection. The method comprises the following steps: constructing an expert knowledge base, wherein the expert knowledge base comprises a weak password knowledge base and a vulnerability knowledge base; wherein weak passwords are stored in the weak password knowledge base, and vulnerability information and corresponding vulnerability detection methods are stored in the vulnerability knowledge base; scanning a target host located in a test network to obtain fingerprint information of the target host, and matching the fingerprint information with vulnerability information in the vulnerability knowledge base to obtain a matched vulnerability and a corresponding vulnerability detection method; and sorting the matched vulnerabilities based on the vulnerability risk values, and according to the sorting, calling the corresponding vulnerability detection methods in
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN114866358A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN114866358A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN114866358A3</originalsourceid><addsrcrecordid>eNrjZPBwLC3Jz00syUxWKEjNSy0pAjLz8xRKUotLMvPSFXJTSzLyUxQS81IUiiuLS1JzFZISi1NTFIBKsvPyy3NSU9JTFdKLEgsyeBhY0xJzilN5oTQ3g6Kba4izh25qQX58anFBYjLI-HhnP0NDEwszM2NTC0djYtQAAN45NLg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Automatic penetration testing method and system based on knowledge graph</title><source>esp@cenet</source><creator>ZHANG KAI ; ZHANG YUE ; HOU DONGDONG ; ZHOU SHICHENG ; YANG GUOZHENG ; WANG YONGJIE ; LIU JINGJU</creator><creatorcontrib>ZHANG KAI ; ZHANG YUE ; HOU DONGDONG ; ZHOU SHICHENG ; YANG GUOZHENG ; WANG YONGJIE ; LIU JINGJU</creatorcontrib><description>The invention discloses an automatic penetration testing method and system based on a knowledge graph, and belongs to the technical field of vulnerability detection. The method comprises the following steps: constructing an expert knowledge base, wherein the expert knowledge base comprises a weak password knowledge base and a vulnerability knowledge base; wherein weak passwords are stored in the weak password knowledge base, and vulnerability information and corresponding vulnerability detection methods are stored in the vulnerability knowledge base; scanning a target host located in a test network to obtain fingerprint information of the target host, and matching the fingerprint information with vulnerability information in the vulnerability knowledge base to obtain a matched vulnerability and a corresponding vulnerability detection method; and sorting the matched vulnerabilities based on the vulnerability risk values, and according to the sorting, calling the corresponding vulnerability detection methods in</description><language>chi ; eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2022</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20220805&amp;DB=EPODOC&amp;CC=CN&amp;NR=114866358A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20220805&amp;DB=EPODOC&amp;CC=CN&amp;NR=114866358A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>ZHANG KAI</creatorcontrib><creatorcontrib>ZHANG YUE</creatorcontrib><creatorcontrib>HOU DONGDONG</creatorcontrib><creatorcontrib>ZHOU SHICHENG</creatorcontrib><creatorcontrib>YANG GUOZHENG</creatorcontrib><creatorcontrib>WANG YONGJIE</creatorcontrib><creatorcontrib>LIU JINGJU</creatorcontrib><title>Automatic penetration testing method and system based on knowledge graph</title><description>The invention discloses an automatic penetration testing method and system based on a knowledge graph, and belongs to the technical field of vulnerability detection. The method comprises the following steps: constructing an expert knowledge base, wherein the expert knowledge base comprises a weak password knowledge base and a vulnerability knowledge base; wherein weak passwords are stored in the weak password knowledge base, and vulnerability information and corresponding vulnerability detection methods are stored in the vulnerability knowledge base; scanning a target host located in a test network to obtain fingerprint information of the target host, and matching the fingerprint information with vulnerability information in the vulnerability knowledge base to obtain a matched vulnerability and a corresponding vulnerability detection method; and sorting the matched vulnerabilities based on the vulnerability risk values, and according to the sorting, calling the corresponding vulnerability detection methods in</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2022</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZPBwLC3Jz00syUxWKEjNSy0pAjLz8xRKUotLMvPSFXJTSzLyUxQS81IUiiuLS1JzFZISi1NTFIBKsvPyy3NSU9JTFdKLEgsyeBhY0xJzilN5oTQ3g6Kba4izh25qQX58anFBYjLI-HhnP0NDEwszM2NTC0djYtQAAN45NLg</recordid><startdate>20220805</startdate><enddate>20220805</enddate><creator>ZHANG KAI</creator><creator>ZHANG YUE</creator><creator>HOU DONGDONG</creator><creator>ZHOU SHICHENG</creator><creator>YANG GUOZHENG</creator><creator>WANG YONGJIE</creator><creator>LIU JINGJU</creator><scope>EVB</scope></search><sort><creationdate>20220805</creationdate><title>Automatic penetration testing method and system based on knowledge graph</title><author>ZHANG KAI ; ZHANG YUE ; HOU DONGDONG ; ZHOU SHICHENG ; YANG GUOZHENG ; WANG YONGJIE ; LIU JINGJU</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN114866358A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2022</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>ZHANG KAI</creatorcontrib><creatorcontrib>ZHANG YUE</creatorcontrib><creatorcontrib>HOU DONGDONG</creatorcontrib><creatorcontrib>ZHOU SHICHENG</creatorcontrib><creatorcontrib>YANG GUOZHENG</creatorcontrib><creatorcontrib>WANG YONGJIE</creatorcontrib><creatorcontrib>LIU JINGJU</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>ZHANG KAI</au><au>ZHANG YUE</au><au>HOU DONGDONG</au><au>ZHOU SHICHENG</au><au>YANG GUOZHENG</au><au>WANG YONGJIE</au><au>LIU JINGJU</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Automatic penetration testing method and system based on knowledge graph</title><date>2022-08-05</date><risdate>2022</risdate><abstract>The invention discloses an automatic penetration testing method and system based on a knowledge graph, and belongs to the technical field of vulnerability detection. The method comprises the following steps: constructing an expert knowledge base, wherein the expert knowledge base comprises a weak password knowledge base and a vulnerability knowledge base; wherein weak passwords are stored in the weak password knowledge base, and vulnerability information and corresponding vulnerability detection methods are stored in the vulnerability knowledge base; scanning a target host located in a test network to obtain fingerprint information of the target host, and matching the fingerprint information with vulnerability information in the vulnerability knowledge base to obtain a matched vulnerability and a corresponding vulnerability detection method; and sorting the matched vulnerabilities based on the vulnerability risk values, and according to the sorting, calling the corresponding vulnerability detection methods in</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language chi ; eng
recordid cdi_epo_espacenet_CN114866358A
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Automatic penetration testing method and system based on knowledge graph
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T21%3A39%3A18IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=ZHANG%20KAI&rft.date=2022-08-05&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN114866358A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true