Abstract
Faced with the heterogeneous, intelligent and interconnected massive power Web system environment, it is difficult to meet the needs of existing and incremental services in efficiency by mining and verifying vulnerabilities manually. Therefore, an automated penetration testing framework for power Web system is proposed. Integrating property information and expert experience, the framework guides vulnerability mining path and vulnerability exploiting method selection, and realizing automatic vulnerability verification and exploitation of Web system through autonomous decision module. The experimental results show that the framework can simulate real attack behavior and efficiently verify and exploit common Web system vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Jiang, J., Chen, X., Chen, L.: A vulnerability scanning framework based on monitoring agents for IaaS Platforms. J. Sichuan Univ. 46, 116–121 (2014)
Chen, T., Xiaoqi, L., Xiapu, L., et al.: System-level attacks against android by exploiting asynchronous programming. Softw. Qual. J. 26, 1037–1062 (2018). https://doi.org/10.1007/s11219-017-9374-6
Gascon, H., Yamaguchi, F., Arp, D., et al.: Structural detection of android malware using embedded call graphs. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, pp. 45–54. ACM, New York (2013)
Shastry, B., Leutner, M., Fiebig, T., et al.: Static program analysis as a fuzzing aid. In: Research in Attacks, Intrusions, and Defenses, pp. 26–47. Springer, Cham (2017)
Wressnegger, C., Freeman, K., Yamaguchi, F., et al.: Automatically inferring malware signatures for anti-virus assisted attacks. In: Proceeding of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 587–598. ACM, New York (2017)
Yamaguchi, F., Golde, N., Arp, D., et al.: Modeling and discovering vulnerabilities with code property graphs. In: Proceeding of the 2014 IEEE Symposium on Security and Privacy, pp. 590–604. IEEE, Piscataway (2014)
Yamaguchi, F., Maier, A., Gascon, H., et al.: Automatic inference of search patterns for taint-style vulnerabilities. In: Proceeding of the 2015 IEEE Symposium on Security and Privacy, pp. 797–812. IEEE, Piscataway (2015)
Qi, S.: Research on Web Script Attack and Preventive Detection. Shanghai Jiao Tong University (2010)
Zhengqiang, X.: Research on Network Information Security Penetration Test Platform. Guangdong University of Technology (2009)
Wenzhe, Z.: Research and Implementation of Comprehensive Experimental Platform for Network Penetration Testing. National University of Defense Science and Technology (2014)
Acknowledgements
This work was supported by the science and technology project of State Grid Corporation of China: “Research on Intelligent Detection and Verification Technology of Security Hidden Dangers in Power Information Network” (Contract Number: SGTJDK00DWJS1900105).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xi, Z., Cui, J., Zhang, B. (2021). Research on Automated Penetration Testing Framework for Power Web System Integrating Property Information and Expert Experience. In: Liu, Q., Liu, X., Li, L., Zhou, H., Zhao, HH. (eds) Proceedings of the 9th International Conference on Computer Engineering and Networks . Advances in Intelligent Systems and Computing, vol 1143. Springer, Singapore. https://doi.org/10.1007/978-981-15-3753-0_83
Download citation
DOI: https://doi.org/10.1007/978-981-15-3753-0_83
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-3752-3
Online ISBN: 978-981-15-3753-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)