[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

TW202117620A - Penetration test case suggesting method and system utilizes data mining algorithm to analyze th relevance among the filtered log files so as to enhance the efficiency of penetration test - Google Patents

Penetration test case suggesting method and system utilizes data mining algorithm to analyze th relevance among the filtered log files so as to enhance the efficiency of penetration test Download PDF

Info

Publication number
TW202117620A
TW202117620A TW108138229A TW108138229A TW202117620A TW 202117620 A TW202117620 A TW 202117620A TW 108138229 A TW108138229 A TW 108138229A TW 108138229 A TW108138229 A TW 108138229A TW 202117620 A TW202117620 A TW 202117620A
Authority
TW
Taiwan
Prior art keywords
filtered
attack
log file
attack information
log files
Prior art date
Application number
TW108138229A
Other languages
Chinese (zh)
Other versions
TWI726455B (en
Inventor
陳文婷
黃秋樺
陳俊廷
洪琳美
廖秋銘
Original Assignee
臺灣銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣銀行股份有限公司 filed Critical 臺灣銀行股份有限公司
Priority to TW108138229A priority Critical patent/TWI726455B/en
Application granted granted Critical
Publication of TW202117620A publication Critical patent/TW202117620A/en
Publication of TWI726455B publication Critical patent/TWI726455B/en

Links

Images

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

A penetration test case suggesting system, includes a network information collecting module acquiring and storing a plurality of online attack information from at least one server side; a data preprocessing module filtering a plurality of log files to obtain a plurality of filtered log files and filtering the online attack information to obtain a plurality of filtered online attack information; a data analysis module analyzing relevance among the filtered log files by using a data exploration algorithm to acquire and store a log file analysis result; a recommendation module generating recommendation test attack information according to the log file analysis result, predetermined attack information, the filtered log files, and the filtered online attack information. In addition, this invention further provides a penetration test case suggesting method.

Description

滲透測試個案建議方法及系統Penetration test case suggestion method and system

本發明是有關於一種滲透測試服務,特別是指一種滲透測試個案建議方法及系統。The present invention relates to a penetration testing service, in particular to a penetration testing case suggestion method and system.

伴隨著網際網路系統的蓬勃發展,網路安全機制逐漸成為重要一環,不論大型或小型企業,都願意花費時間及金錢建立完善的網路安全機制,以防止企業本身的資訊遭到他人的侵害。影響資訊安全的因素包含:未經授權侵入系統,竊取或更改資料甚至更動原系統設定;資料在傳輸過程中被攔截或變更內容;散播惡意程式等。面對各種影響資訊安全的因素,網站管理者通常會採取滲透測試(Penetration Test)。With the vigorous development of Internet systems, network security mechanisms have gradually become an important part. Both large and small enterprises are willing to spend time and money to establish a complete network security mechanism to prevent the company’s own information from being infringed by others. . Factors affecting information security include: unauthorized intrusion into the system, stealing or changing data or even changing the original system settings; data being intercepted or changed during transmission; spreading malicious programs, etc. Faced with various factors that affect information security, website administrators usually adopt a penetration test (Penetration Test).

滲透測試是指一個具備資安知識與經驗、技術人員受僱主所託,為僱主的網路裝置、主機,類比駭客的手法對網路或主機進行攻擊測試,為的是發掘系統漏洞、並提出改善方法。Penetration testing refers to a technical staff with information and security knowledge and experience entrusted by the employer to conduct attack tests on the network or the host for the employer’s network device and host, analogous to hackers, in order to discover system vulnerabilities, and Propose ways to improve.

然而,滲透測試的測試過程耗費人力及時間,目前,執行一次標準的滲透測試專案大約需要1個月,包括收集需求、進行測試與報告撰寫,有些大型專案可能需要2~3個月的時間,非常耗時且需要大量的人力成本。However, the testing process of penetration testing consumes manpower and time. At present, it takes about 1 month to execute a standard penetration testing project, including requirements collection, testing and report writing. Some large projects may take 2 to 3 months. It is very time-consuming and requires a lot of labor costs.

因此,本發明的目的,即在提供一種縮短滲透測試時間降低人力成本的滲透測試個案建議方法。Therefore, the purpose of the present invention is to provide a penetration test case suggestion method that shortens the penetration test time and reduces the labor cost.

於是,本發明滲透測試個案建議方法,由一滲透測試個案建議系統來實施,該滲透測試個案建議系統儲存多筆相關於多個攻擊事件的預定攻擊資訊及多筆相關於在執行網頁所發生事件的記錄檔,該滲透測試個案建議方法包含一步驟(A)、一步驟(B)、一步驟(C)、一步驟(D),及一步驟(E)。Therefore, the penetration test case suggestion method of the present invention is implemented by a penetration test case suggestion system. The penetration test case suggestion system stores multiple predetermined attack information related to multiple attack events and multiple events related to the execution of the webpage. The log file of the penetration test case proposal method includes one step (A), one step (B), one step (C), one step (D), and one step (E).

在該步驟(A)中,該滲透測試個案建議系統經由一通訊網路從至少一對應至少一紀錄攻擊行為的網站的伺服端獲得並儲存多筆相關於多個攻擊行為的線上攻擊資訊。In this step (A), the penetration test case suggestion system obtains and stores multiple pieces of online attack information related to multiple attack actions from at least one server corresponding to at least one website that records attack actions via a communication network.

在該步驟(B)中,該滲透測試個案建議系統將該等記錄檔進行濾除處理,以獲得多筆濾除後記錄檔,每一濾除後記錄檔至少包括多個具有多個存取點的存取路徑及多個語法參數。In this step (B), the penetration test case suggests that the system filter these log files to obtain multiple filtered log files. Each filtered log file includes at least multiple files with multiple accesses. Point's access path and multiple syntax parameters.

在該步驟(C)中,該滲透測試個案建議系統將該等線上攻擊資訊進行濾除處理,以獲得多筆濾除後線上攻擊資訊。In this step (C), the penetration test case suggests that the system filter out the online attack information to obtain multiple filtered online attack information.

在該步驟(D)中,該滲透測試個案建議系統利用資料探勘演算法分析該等濾除後記錄檔的關聯性,對於每一濾除後記錄檔,獲得並儲存一包括該濾除後記錄檔所包括的存取點的關聯性及多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法的關聯性的記錄檔分析結果。In this step (D), the penetration test case suggestion system analyzes the relevance of the filtered log files using data mining algorithms, and for each filtered log file, obtains and saves a record that includes the filtered log file The relevance of the access points included in the file and the log file analysis results of the relevance of a plurality of offensive feature grammars related to the grammatical parameters included in the filtered log file.

在該步驟(E)中,該滲透測試個案建議系統根據該記錄檔分析結果、該等預定攻擊資訊、該等濾除後記錄檔,及該等濾除後線上攻擊資訊,產生一包括該等預定攻擊資訊及該等濾除後線上攻擊資訊之其中至少一者的推薦測試攻擊資訊。In this step (E), the penetration test case proposal system generates a report that includes the analysis results of the log file, the predetermined attack information, the filtered log files, and the filtered online attack information. The predetermined attack information and the recommended test attack information of at least one of the filtered online attack information.

本發明的另一目的,即在提供一種縮短滲透測試時間降低人力成本的滲透測試個案建議系統。Another object of the present invention is to provide a penetration test case suggestion system that shortens the penetration test time and reduces labor costs.

於是,本發明滲透測試個案建議系統包含一儲存模組、一網路資訊收集模組、一資料預處理模組、一資料分析模組,及一推薦模組。Therefore, the penetration test case suggestion system of the present invention includes a storage module, a network information collection module, a data preprocessing module, a data analysis module, and a recommendation module.

該儲存模組儲存多筆相關於多個攻擊事件的預定攻擊資訊及多筆相關於在執行網頁所發生事件的記錄檔。The storage module stores a plurality of predetermined attack information related to a plurality of attack events and a plurality of log files related to an event occurring in the execution of the webpage.

該網路資訊收集模組電連接該儲存模組,用以經由一通訊網路從至少一對應至少一紀錄攻擊行為的網站的伺服端獲得並儲存多筆相關於多個攻擊行為的線上攻擊資訊至該儲存模組。The network information collection module is electrically connected to the storage module for obtaining and storing a plurality of online attack information related to a plurality of attack behaviors from at least one server corresponding to at least one website that records attack behaviors via a communication network The storage module.

該資料預處理模組電連接該儲存模組,用以將該等記錄檔進行濾除處理,以獲得多筆濾除後記錄檔,每一濾除後記錄檔至少包括多個具有多個存取點的存取路徑及多個分別對應該等存取路徑的語法參數,且將該等線上攻擊資訊進行濾除處理,多筆濾除後線上攻擊資訊。The data preprocessing module is electrically connected to the storage module for filtering the log files to obtain multiple filtered log files, and each filtered log file includes at least multiple files with multiple storage files. The access path of the point and a plurality of grammatical parameters corresponding to the access path are taken, and the online attack information is filtered out, and the online attack information after multiple filtering is performed.

該資料分析模組電連接該儲存模組,用以利用資料探勘演算法分析該等濾除後記錄檔的關聯性,對於每一濾除後記錄檔,獲得並儲存一包括該濾除後記錄檔所包括的存取點的關聯性及多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法的關聯性的記錄檔分析結果至該儲存模組。The data analysis module is electrically connected to the storage module to analyze the relevance of the filtered log files using data mining algorithms, and for each filtered log file, obtain and store a record including the filtered log file The relevance of the access points included in the file and a plurality of log file analysis results related to the relevance of the attack feature grammar of the grammatical parameters included in the filtered log file are sent to the storage module.

該推薦模組電連接該儲存模組,用以根據該記錄檔分析結果、該等預定攻擊資訊、該等濾除後記錄檔,及該等濾除後線上攻擊資訊,產生一包括該等預定攻擊資訊及該等濾除後線上攻擊資訊之其中至少一者的推薦測試攻擊資訊。The recommendation module is electrically connected to the storage module to generate a report including the predetermined attack information based on the analysis result of the log file, the predetermined attack information, the filtered log files, and the filtered online attack information Attack information and recommended test attack information for at least one of the filtered online attack information.

本發明之功效在於:該資料分析模組利用資料探勘演算法分析該等濾除後記錄檔的關聯性,使該推薦模組推薦具有關聯性的該推薦測試攻擊資訊,以提高滲透測試的效率。The effect of the present invention is that the data analysis module uses a data mining algorithm to analyze the relevance of the filtered log files, so that the recommendation module recommends the relevance of the recommended test attack information, so as to improve the efficiency of penetration testing. .

參閱圖1,本發明滲透測試個案建議系統的一實施例,包含一資料輸入模組11、一儲存模組12、一網路資訊收集模組13、一資料預處理模組14、一資料分析模組15、一推薦模組16,及一回饋模組17。Referring to Figure 1, an embodiment of the penetration test case suggestion system of the present invention includes a data input module 11, a storage module 12, a network information collection module 13, a data preprocessing module 14, and a data analysis module. Module 15, a recommendation module 16, and a feedback module 17.

該資料輸入模組11電連接該儲存模組12及該回饋模組17。The data input module 11 is electrically connected to the storage module 12 and the feedback module 17.

該儲存模組12電連接該網路資訊收集模組13、該資料預處理模組14、該資料分析模組15、該推薦模組16,及該回饋模組17,該儲存模組12儲存多筆相關於多個攻擊事件的及多筆相關於在執行網頁所發生事件的記錄檔。值得注意的是,在本實施例中,該等預定攻擊資訊及該等記錄檔係由一使用者經由該資料輸入模組11輸入,每一預定攻擊資訊包括一日期時間、多個語法參數、一使用的工具,及一攻擊所屬類別,每一記錄檔包括一使用者名稱、一通信期(Session)、一交易(Transaction)、多個具有多個存取點的存取路徑、多個語法參數、多個分別對應該等存取路徑的來源位址、多個分別對應該等存取路徑的目的位址,及多個分別對應該等存取路徑的日期時間。The storage module 12 is electrically connected to the network information collection module 13, the data preprocessing module 14, the data analysis module 15, the recommendation module 16, and the feedback module 17. The storage module 12 stores Multiple log files related to multiple attack events and multiple log files related to events that occurred during the execution of the webpage. It is worth noting that in this embodiment, the predetermined attack information and the log files are input by a user through the data input module 11. Each predetermined attack information includes a date and time, a plurality of grammatical parameters, A tool used, and a category of the attack. Each log file includes a user name, a session (Session), a transaction (Transaction), multiple access paths with multiple access points, and multiple syntaxes. Parameters, multiple source addresses corresponding to the access paths, multiple destination addresses corresponding to the access paths, and multiple dates and times corresponding to the access paths.

該網路資訊收集模組13經由一通訊網路100連接一對應一紀錄攻擊行為的網站的伺服端101。值得注意的是,該通訊網路100例如為網際網路(Internet),在其他實施方式中,該網路資訊收集模組13亦可連接多個伺服端。The network information collection module 13 is connected via a communication network 100 to a server 101 corresponding to a website that records attack behaviors. It is worth noting that the communication network 100 is, for example, the Internet. In other embodiments, the network information collection module 13 may also be connected to multiple servers.

參閱圖1、2,本發明滲透測試個案建議方法的一實施例是由圖1所示的本發明滲透測試個案建議系統的該實施例來實現。以下詳述該滲透測試個案建議方法的該實施例的各個步驟。Referring to FIGS. 1 and 2, an embodiment of the penetration test case suggestion method of the present invention is implemented by the embodiment of the penetration test case suggestion system of the present invention shown in FIG. 1. The steps of this embodiment of the proposed method of the penetration test case are described in detail below.

在步驟21中,該網路資訊收集模組13經由該通訊網路從該伺服端獲得並儲存多筆相關於多個攻擊行為的線上攻擊資訊至該儲存模組12。值得注意的是,該網路資訊收集模組13係利用例如網路爬蟲(Web Crawler)或應用程式介面(Application Programming Interface, API)技術從該伺服端獲得該等線上攻擊資訊,每一線上攻擊資訊包括一資料來源位址、一日期時間、多個語法參數、一擷圖、一攻擊所屬類別、一修補建議,及一事件敘述。In step 21, the network information collection module 13 obtains and stores multiple pieces of online attack information related to multiple attack behaviors to the storage module 12 from the server via the communication network. It is worth noting that the network information collection module 13 uses technologies such as Web Crawler or Application Programming Interface (API) to obtain the online attack information from the server. Each online attack The information includes a data source address, a date and time, multiple grammatical parameters, a screenshot, a category of an attack, a repair suggestion, and an event description.

在步驟22中,該資料預處理模組14將該等記錄檔進行濾除處理,以獲得多筆濾除後記錄檔。搭配參閱圖3,步驟22包括子步驟221~224,以下說明步驟22所包括的子步驟。In step 22, the data preprocessing module 14 performs filtering processing on the log files to obtain multiple filtered log files. Referring to FIG. 3 in conjunction, step 22 includes sub-steps 221 to 224. The sub-steps included in step 22 are described below.

在步驟221中,該資料預處理模組14從該等記錄檔中,去除符合一預定條件的記錄檔,以獲得多筆候選記錄檔。值得注意的是,在本實施例中,該預定條件例如為所包括的存取路徑具有以多媒體檔案(例如.jpg、.gif、.png)為結尾的存取點。In step 221, the data preprocessing module 14 removes the log files that meet a predetermined condition from the log files to obtain multiple candidate log files. It is worth noting that, in this embodiment, the predetermined condition is, for example, that the included access path has an access point ending in a multimedia file (such as .jpg, .gif, and .png).

在步驟222中,該資料預處理模組14根據該等候選記錄檔所包括的使用者名稱、通信期,交易進行分群,將同一使用者的候選記錄檔分成同一群。In step 222, the data preprocessing module 14 groups the candidate log files of the same user into the same group according to the user name, communication period, and transaction included in the candidate log files.

在步驟223中,該資料預處理模組14根據該等候選記錄檔及該等網站路徑,從該等候選記錄檔中,獲得多筆目標記錄檔。值得注意的是,在本實施例中,該等目標記錄檔的存取路徑與該等網站路徑存在一匹配。In step 223, the data preprocessing module 14 obtains multiple target log files from the candidate log files according to the candidate log files and the website paths. It is worth noting that, in this embodiment, there is a match between the access paths of the target log files and the paths of the websites.

在步驟224中,對於每一目標記錄檔,該資料預處理模組14從該目標記錄檔擷取多個具有多個存取點的存取路徑、多個語法參數、多個分別對應該等存取路徑的來源位址、多個分別對應該等存取路徑的目的位址,及多個分別對應該等存取路徑的日期時間,以獲得一截取後目標記錄檔。In step 224, for each target log file, the data preprocessing module 14 retrieves from the target log file a plurality of access paths with a plurality of access points, a plurality of syntax parameters, and a plurality of corresponding ones respectively. Source addresses of the access paths, multiple destination addresses corresponding to the access paths, and multiple dates and times respectively corresponding to the access paths to obtain an intercepted target log file.

在步驟225中,該資料預處理模組14將該等截取後目標記錄檔的存取路徑進行編碼轉換,以獲得該等濾除後記錄檔。值得注意的是,在本實施例中,該資料預處理模組14係將存取路徑中屬於統一資源定位符(Uniform Resource Locator, URL)編碼百分比表示的部分轉換為ASCII編碼。In step 225, the data preprocessing module 14 performs encoding conversion on the access paths of the intercepted target log files to obtain the filtered log files. It is worth noting that, in this embodiment, the data preprocessing module 14 converts the portion of the access path that belongs to the uniform resource locator (URL) encoding percentage representation into ASCII encoding.

在步驟23中,該資料預處理模組14將該等線上攻擊資訊進行濾除處理,以獲得多筆濾除後線上攻擊資訊。值得注意的是,在本實施例中,對於每一線上攻擊資訊,該資料預處理模組14係從該線上攻擊資訊擷取一資料來源位址、一日期時間、多個語法參數、一擷圖,及一攻擊所屬類別,以進行濾除處理。In step 23, the data preprocessing module 14 performs filtering processing on the online attack information to obtain multiple pieces of filtered online attack information. It is worth noting that, in this embodiment, for each online attack information, the data preprocessing module 14 extracts a data source address, a date and time, multiple syntax parameters, and a capture from the online attack information. Figure, and a category to which an attack belongs for filtering processing.

在步驟24中,該資料分析模組15利用資料探勘(Data Mining)演算法分析該等濾除後記錄檔的關聯性,對於每一濾除後記錄檔,該資料分析模組15獲得並儲存一包括該濾除後記錄檔所包括的存取點的關聯性及多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法的關聯性的記錄檔分析結果至該儲存模組12。搭配參閱圖4,步驟24包括子步驟241~244,以下說明步驟24所包括的子步驟。In step 24, the data analysis module 15 uses a data mining algorithm to analyze the relevance of the filtered log files. For each filtered log file, the data analysis module 15 obtains and stores A log file analysis result including the relevance of the access points included in the filtered log file and the relevance of a plurality of attack feature grammars related to the grammatical parameters included in the filtered log file to the storage module 12. With reference to FIG. 4, step 24 includes sub-steps 241 to 244, and the sub-steps included in step 24 are described below.

在步驟241中,對於每一濾除後記錄檔,該資料分析模組15根據該濾除後記錄檔所包括的存取點,利用一關聯規則探勘(association-rule-miming-based)演算法,獲得該濾除後記錄檔所包括的存取點的關聯性。值得注意的是,在本實施例中,該資料分析模組15係將每一存取點給予不重複的編碼,例如product給予代碼A,car為代碼B,則/product/car得到代碼AB。接著,該資料分析模組15利用該關聯規則探勘演算法找出符合最小支持度(min support)與最小可信度(min confidance)要求的關聯性。舉例來說,由於在步驟22中獲得分成多群的濾除後記錄檔,每一群的濾除後記錄檔對應一使用者,從該等濾除後記錄檔例如可分析出60%使用者的記錄檔存取/product(代碼A)也會存取/product/car(代碼AB)。In step 241, for each filtered log file, the data analysis module 15 uses an association-rule-miming-based algorithm according to the access points included in the filtered log file To obtain the relevance of the access points included in the filtered log file. It is worth noting that in this embodiment, the data analysis module 15 assigns unique codes to each access point. For example, product gives code A, car is code B, and /product/car gets code AB. Then, the data analysis module 15 uses the association rule exploration algorithm to find the association that meets the requirements of the minimum support (min support) and the minimum confidence (min confidance). For example, since the filtered log files divided into multiple groups are obtained in step 22, the filtered log files of each group correspond to a user. From the filtered log files, for example, 60% of the users’ records can be analyzed. Log file access /product (code A) will also access /product/car (code AB).

在步驟242中,對於每一濾除後記錄檔,該資料分析模組15根據該濾除後記錄檔所包括的語法參數,利用一循序樣本探勘(Sequential-pattern-miming-based)演算法,獲得多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法。舉例來說,對於apache平臺的記錄檔分析出>(a),(c)>字串,a代表select,c代表@@version,表示select之後會出現@@version的攻擊特徵語法。In step 242, for each filtered log file, the data analysis module 15 uses a sequential-pattern-miming-based algorithm according to the syntax parameters included in the filtered log file. Obtain a plurality of attack characteristic grammars related to the grammatical parameters included in the filtered log file. For example, analyzing the log files of the apache platform> (a), (c)> string, a represents select, and c represents @@version, which means that the attack signature syntax of @@version will appear after select.

在步驟243中,該資料分析模組15根據該等攻擊特徵語法,利用該關聯規則探勘演算法,獲得該等攻擊特徵語法的關聯性。舉例來說,「../」語法後會出現「select, @@version」語法。In step 243, the data analysis module 15 uses the association rule exploration algorithm according to the attack characteristic syntax to obtain the relevance of the attack characteristic syntax. For example, after the "../" syntax, the "select, @@version" syntax will appear.

在步驟244中,該資料分析模組15產生該記錄檔分析結果。In step 244, the data analysis module 15 generates the log file analysis result.

在步驟25中,該回饋模組17在接收到經由該使用者的利用該資料輸入模組11所產生的一相關於該等預定攻擊資訊及該等濾除後線上攻擊資訊的初始評分的初始評分訊號後,產生並儲存多個對應該等預定攻擊資訊及該等濾除後線上攻擊資訊的初始分數至該儲存模組12。值得注意的是,在本實施例中,該使用者係參考最新版本的OWASP十大網站安全風險排名(OWASP TOP TEN)、CVSS弱點風險等級進行評分。In step 25, the feedback module 17 receives an initial score related to the predetermined attack information and the filtered online attack information generated by the user using the data input module 11 After the scoring signal, a plurality of initial scores corresponding to the predetermined attack information and the filtered online attack information are generated and stored in the storage module 12. It is worth noting that, in this embodiment, the user refers to the latest version of the OWASP Top Ten Website Security Risk Ranking (OWASP TOP TEN) and CVSS vulnerability risk level for scoring.

在步驟26中,對於每一濾除後記錄檔,該推薦模組16根據該濾除後記錄檔的語法參數、該等預定攻擊資訊的語法參數、該等濾除後線上攻擊資訊的語法參數,及該等初始分數至少進行關鍵字分析,獲得一對應該濾除後記錄檔對應的攻擊所屬類別。舉例來說,含有alert、>script>關鍵字者在該等預定攻擊資訊的語法參數及該等濾除後線上攻擊資訊的語法參數中屬於A3. XSS類別。值得注意的是,在本實施例中,若該推薦模組16無法以進行關鍵字分析出該濾除後記錄檔對應的攻擊所屬類別,則會進行相似度計算,該濾除後記錄檔的語法參數與該等預定攻擊資訊的語法參數及該等濾除後線上攻擊資訊的語法參數相似度高於一預定門檻值時(例如70%),則決定出該濾除後記錄檔對應的攻擊所屬類別,相似度不高於該預定門檻值時,則該濾除後記錄檔對應的攻擊所屬類別為空值(null)。要再注意的是,在本實施例中,該推薦模組16根據該等初始分數決定所對應的該等預定攻擊資訊的語法參數及該等濾除後線上攻擊資訊的語法參數關鍵字分析及相似度計算的優先順序。In step 26, for each filtered log file, the recommendation module 16 according to the grammatical parameters of the filtered log file, the grammatical parameters of the predetermined attack information, and the grammatical parameters of the filtered online attack information , And at least perform keyword analysis on these initial scores to obtain a pair of attack categories that should be filtered out. For example, those with alert and >script> keywords belong to the A3. XSS category in the grammatical parameters of the predetermined attack information and the grammatical parameters of the filtered online attack information. It is worth noting that, in this embodiment, if the recommendation module 16 is unable to perform keyword analysis to find out the attack category corresponding to the filtered log file, it will perform similarity calculation. When the similarity between the grammatical parameters and the grammatical parameters of the predetermined attack information and the grammatical parameters of the filtered online attack information is higher than a predetermined threshold (for example, 70%), the attack corresponding to the filtered log is determined The category, when the similarity is not higher than the predetermined threshold, the category of the attack corresponding to the filtered log file is null. It should be noted again that in this embodiment, the recommendation module 16 determines the corresponding grammatical parameters of the predetermined attack information and the grammatical parameters of the filtered online attack information according to the initial scores. Keyword analysis and keyword analysis The priority order of similarity calculation.

在步驟27中,該推薦模組16根據該記錄檔分析結果、該等預定攻擊資訊、該等濾除後記錄檔、該等濾除後記錄檔對應的攻擊所屬類別,及該等濾除後線上攻擊資訊,產生一包括該等預定攻擊資訊及該等濾除後線上攻擊資訊之其中至少一者的推薦測試攻擊資訊。搭配參閱圖5,步驟27包括子步驟271~273,以下說明步驟28所包括的子步驟。In step 27, the recommendation module 16 is based on the analysis result of the log file, the predetermined attack information, the filtered log files, the attack category corresponding to the filtered log files, and the filtered log files. The online attack information generates a recommended test attack information including at least one of the predetermined attack information and the filtered online attack information. Referring to FIG. 5 in conjunction, step 27 includes sub-steps 271 to 273. The sub-steps included in step 28 are described below.

在步驟271中,該推薦模組16根據該等濾除後記錄檔、該等濾除後記錄檔對應的攻擊所屬類別、該記錄檔分析結果的該等濾除後記錄檔所包括的存取點的關聯性及一篩選條件,獲得多個推薦存取路徑。該篩選條件例如為時間區間、網站、平臺、語言類型,及需要的資料筆數。In step 271, the recommendation module 16 is based on the filtered log files, the attack category corresponding to the filtered log files, and the access included in the filtered log files of the log file analysis result. The relevance of points and a screening condition can obtain multiple recommended access paths. The filtering conditions are, for example, time interval, website, platform, language type, and the number of required data.

在步驟272中,該推薦模組16對該等推薦存取路徑對應的語法參數進行關鍵字分析及相似度計算,並根據該記錄檔分析結果的該等攻擊特徵語法的關聯性,以獲得多個對應該等推薦存取路徑的歷史攻擊特徵語法。舉例來說,一推薦存取路徑對應的語法參數「../../../../etc/passwd」,由關鍵字分析及相似度計算可知屬於「../」類的攻擊,再由該記錄檔分析結果的該等攻擊特徵語法的關聯性可知歷史攻擊特徵語法為「../」及「select @@version」。In step 272, the recommendation module 16 performs keyword analysis and similarity calculation on the grammatical parameters corresponding to the recommended access paths, and obtains more information based on the relevance of the attack feature grammars of the log file analysis result. A historical attack feature syntax corresponding to the recommended access paths. For example, the syntax parameter "../../../../etc/passwd" corresponding to a recommended access path can be found to belong to the "../" type of attack through keyword analysis and similarity calculation. From the relevance of the attack feature syntax from the analysis result of the log file, it can be seen that the historical attack feature syntax is "../" and "select @@version".

在步驟273中,該推薦模組16根據該等歷史攻擊特徵語法、該等預定攻擊資訊,及該等濾除後線上攻擊資訊,產生該推薦測試攻擊資訊。舉例來說,若歷史攻擊特徵語法為「../」及「select @@version」,則該推薦模組16從該等預定攻擊資訊及該等濾除後線上攻擊資訊找出符合「../」及「select @@version」的資訊。In step 273, the recommendation module 16 generates the recommended test attack information according to the historical attack feature syntax, the predetermined attack information, and the filtered online attack information. For example, if the historical attack feature syntax is "../" and "select @@version", then the recommendation module 16 finds the match ".." from the predetermined attack information and the filtered online attack information. /" and "select @@version" information.

在步驟28中,該回饋模組17在接收到經由該使用者的利用該資料輸入模組11所產生的一相關該推薦測試攻擊資訊的回饋分數的回饋評分訊號後,根據該回饋評分訊號更新該等初始分數。值得注意的是,在本實施例中,更新後的初始分數為初始分數與回饋分數的平均,在其他實施方式中,可以依據權重調整,不以此為限。In step 28, after the feedback module 17 receives a feedback score signal related to the feedback score of the recommended test attack information generated by the user using the data input module 11, it updates according to the feedback score signal These initial scores. It is worth noting that in this embodiment, the updated initial score is the average of the initial score and the feedback score. In other implementations, it can be adjusted according to the weight, and is not limited to this.

綜上所述,本發明滲透測試個案建議方法及系統,藉由該網路資訊收集模組13從該伺服端獲得該等線上攻擊資訊,以自動蒐集資料,該資料預處理模組14該等預定攻擊資訊、該等記錄檔,及該等線上攻擊資訊進行濾除處理,以濾除非必要的內容,該資料分析模組15利用資料探勘演算法分析該等濾除後記錄檔的關聯性,使該推薦模組16推薦具有關聯性的該推薦測試攻擊資訊,以提高滲透測試的效率,此外,該回饋模組17根據該使用者的回饋更新該等初始分數,使該推薦模組16提高產生該推薦測試攻擊資訊的效率,故確實能達成本發明的目的。In summary, the penetration test case suggestion method and system of the present invention uses the network information collection module 13 to obtain the online attack information from the server to automatically collect data. The data preprocessing module 14 The predetermined attack information, the log files, and the online attack information are filtered to filter out non-necessary content. The data analysis module 15 uses a data mining algorithm to analyze the relevance of the filtered log files. The recommendation module 16 is made to recommend the relevant recommendation test attack information to improve the efficiency of the penetration test. In addition, the feedback module 17 updates the initial scores according to the user's feedback, so that the recommendation module 16 improves The efficiency of generating the recommended test attack information can indeed achieve the purpose of the invention.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the foregoing are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, all simple equivalent changes and modifications made in accordance with the scope of the patent application of the present invention and the content of the patent specification still belong to Within the scope covered by the patent of the present invention.

11:資料輸入模組 12:儲存模組 13:網路資訊收集模組 14:資料預處理模組 15:資料分析模組 16:推薦模組 17:回饋模組 100:通訊網路 101:伺服端 21~28:步驟 221~225:步驟 241~244:步驟 271~273:步驟11: Data input module 12: Storage module 13: Network information collection module 14: Data preprocessing module 15: Data analysis module 16: recommended module 17: Feedback module 100: Communication network 101: server 21~28: Steps 221~225: Steps 241~244: Steps 271~273: Steps

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,說明本發明滲透測試個案建議系統的一實施例; 圖2是一流程圖,說明是本發明滲透測試個案建議方法的一實施例; 圖3是一流程圖,輔助說明圖2步驟23的子步驟; 圖4是一流程圖,輔助說明圖2步驟25的子步驟;及 圖5是一流程圖,輔助說明圖2步驟28的子步驟。Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, in which: Figure 1 is a block diagram illustrating an embodiment of the penetration test case suggestion system of the present invention; Figure 2 is a flowchart illustrating an embodiment of the penetration test case suggestion method of the present invention; Figure 3 is a flowchart to assist in explaining the sub-steps of step 23 in Figure 2; Figure 4 is a flowchart to assist in explaining the sub-steps of step 25 in Figure 2; and Fig. 5 is a flowchart to assist in explaining the sub-steps of step 28 in Fig. 2.

11:資料輸入模組11: Data input module

12:儲存模組12: Storage module

13:網路資訊收集模組13: Network information collection module

14:資料預處理模組14: Data preprocessing module

15:資料分析模組15: Data analysis module

16:推薦模組16: recommended module

17:回饋模組17: Feedback module

100:通訊網路100: Communication network

101:伺服端101: server

Claims (14)

一種滲透測試個案建議方法,由一滲透測試個案建議系統來實施,該滲透測試個案建議系統儲存多筆相關於多個攻擊事件的預定攻擊資訊及多筆相關於在執行網頁所發生事件的記錄檔,該滲透測試個案建議方法包含以下步驟: (A)經由一通訊網路從至少一對應至少一紀錄攻擊行為的網站的伺服端獲得並儲存多筆相關於多個攻擊行為的線上攻擊資訊; (B)將該等記錄檔進行濾除處理,以獲得多筆濾除後記錄檔,每一濾除後記錄檔至少包括多個具有多個存取點的存取路徑及多個語法參數; (C)將該等線上攻擊資訊進行濾除處理,以獲得多筆濾除後線上攻擊資訊; (D)利用資料探勘演算法分析該等濾除後記錄檔的關聯性,對於每一濾除後記錄檔,獲得並儲存一包括該濾除後記錄檔所包括的存取點的關聯性及多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法的關聯性的記錄檔分析結果;及 (E)根據該記錄檔分析結果、該等預定攻擊資訊、該等濾除後記錄檔,及該等濾除後線上攻擊資訊,產生一包括該等預定攻擊資訊及該等濾除後線上攻擊資訊之其中至少一者的推薦測試攻擊資訊。A penetration test case suggestion method implemented by a penetration test case suggestion system. The penetration test case suggestion system stores multiple scheduled attack information related to multiple attack events and multiple log files related to events that occur on the execution webpage , The suggested method for this penetration test case includes the following steps: (A) Obtain and store multiple pieces of online attack information related to multiple attacks from at least one server corresponding to at least one website that records attack behaviors via a communication network; (B) Perform filtering processing on these log files to obtain multiple filtered log files, each filtered log file including at least multiple access paths with multiple access points and multiple grammatical parameters; (C) Filter the online attack information to obtain multiple filtered online attack information; (D) Use data mining algorithms to analyze the relevance of the filtered log files, and for each filtered log file, obtain and store a relevance including the access points included in the filtered log file and A plurality of log file analysis results related to the relevance of the attack feature grammar of the grammatical parameters included in the filtered log file; and (E) Based on the analysis result of the log file, the predetermined attack information, the filtered log files, and the filtered online attack information, generate a report that includes the predetermined attack information and the filtered online attacks Recommended test attack information for at least one of the information. 如請求項1所述的滲透測試個案建議方法,該滲透測試個案建議系統還儲存多個網站路徑,其中,步驟(B)包括以下子步驟: (B-1)從該等記錄檔中,去除符合一預定條件的記錄檔,以獲得多筆候選記錄檔; (B-2)將該等候選記錄檔進行分群; (B-3)根據該等候選記錄檔及該等網站路徑,從該等候選記錄檔中,獲得多筆目標記錄檔; (B-4)對於每一目標記錄檔,從該目標記錄檔擷取該等存取路徑、該等語法參數、多個分別對應該等存取路徑的來源位址、多個分別對應該等存取路徑的目的位址,及多個分別對應該等存取路徑的日期時間,以獲得一截取後目標記錄檔;及 (B-5)將該等截取後目標記錄檔的存取路徑進行編碼轉換,以獲得該等濾除後記錄檔。For the penetration test case suggestion method described in claim 1, the penetration test case suggestion system also stores multiple website paths, wherein step (B) includes the following sub-steps: (B-1) From these log files, remove log files that meet a predetermined condition to obtain multiple candidate log files; (B-2) Group these candidate records into groups; (B-3) According to the candidate log files and the website paths, obtain multiple target log files from the candidate log files; (B-4) For each target log file, retrieve the access paths, the syntax parameters, multiple source addresses corresponding to the access paths, and multiple source addresses corresponding to the target log files from the target log file. The destination address of the access path, and multiple dates and times corresponding to the access paths respectively, to obtain an intercepted target log file; and (B-5) Transcoding the access paths of the intercepted target log files to obtain the filtered log files. 如請求項1所述的滲透測試個案建議方法,其中,在步驟(C)中對於每一線上攻擊資訊,從該線上攻擊資訊擷取一資料來源位址、一日期時間、多個語法參數、一擷圖,及一攻擊所屬類別,以獲得一濾除後線上攻擊資訊。The penetration test case suggestion method according to claim 1, wherein, for each online attack information in step (C), a data source address, a date and time, a plurality of grammatical parameters, A screenshot and a category of the attack to obtain a filtered online attack information. 如請求項1所述的滲透測試個案建議方法,其中,步驟(D)包括以下子步驟: (D-1)對於每一濾除後記錄檔,根據該濾除後記錄檔所包括的存取點,利用一關聯規則探勘演算法,獲得該濾除後記錄檔所包括的存取點的關聯性; (D-2)對於每一濾除後記錄檔,根據該濾除後記錄檔所包括的語法參數,利用一循序樣本探勘演算法,獲得多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法; (D-3)根據該等攻擊特徵語法,利用該關聯規則探勘演算法,獲得該等攻擊特徵語法的關聯性;及 (D-4)產生該記錄檔分析結果。The penetration test case suggestion method as described in claim 1, wherein step (D) includes the following sub-steps: (D-1) For each filtered log file, based on the access points included in the filtered log file, use an association rule mining algorithm to obtain the access points included in the filtered log file Relevance (D-2) For each filtered log file, according to the grammatical parameters included in the filtered log file, a sequential sample exploration algorithm is used to obtain multiple grammars related to the filtered log file The attack signature syntax of the parameters; (D-3) According to the attack characteristic grammar, use the association rule exploration algorithm to obtain the relevance of the attack characteristic grammar; and (D-4) Generate the log file analysis result. 如請求項1所述的滲透測試個案建議方法,其中,步驟(E)包括以下子步驟: (E-1)根據該等濾除後記錄檔、該記錄檔分析結果的該等濾除後記錄檔所包括的存取點的關聯性及一篩選條件,獲得多個推薦存取路徑; (E-2)對該等推薦存取路徑對應的語法參數進行關鍵字分析及相似度計算,並根據該記錄檔分析結果的該等攻擊特徵語法的關聯性,獲得多個對應該等推薦存取路徑的歷史攻擊特徵語法; (E-3)根據該等歷史攻擊特徵語法、該等預定攻擊資訊,及該等濾除後線上攻擊資訊,產生該推薦測試攻擊資訊。The penetration test case suggestion method as described in claim 1, wherein step (E) includes the following sub-steps: (E-1) Obtain multiple recommended access paths based on the filtered log files, the relevance of the access points included in the filtered log files of the log file analysis result and a filter condition; (E-2) Perform keyword analysis and similarity calculations on the grammatical parameters corresponding to the recommended access paths, and obtain multiple corresponding to the recommended memory according to the relevance of the attack feature grammar of the log file analysis result Take the historical attack characteristic grammar of the route; (E-3) According to the historical attack characteristic syntax, the predetermined attack information, and the filtered online attack information, the recommended test attack information is generated. 如請求項1所述的滲透測試個案建議方法,在步驟(E)之前還包含以下步驟: (F)對於每一濾除後記錄檔,根據該濾除後記錄檔的語法參數、該等預定攻擊資訊的語法參數,及該等濾除後線上攻擊資訊的語法參數至少進行關鍵字分析,獲得一對應該濾除後記錄檔的攻擊所屬類別; 其中,在步驟(E)中,還根據該等濾除後記錄檔對應的攻擊所屬類別產生該推薦測試攻擊資訊。The proposed method of penetration testing individual cases as described in claim 1, before step (E), also includes the following steps: (F) For each filtered log file, perform at least keyword analysis based on the grammatical parameters of the filtered log file, the grammatical parameters of the predetermined attack information, and the grammatical parameters of the filtered online attack information, Obtain a pair of attack categories that should be filtered out; Wherein, in step (E), the recommended test attack information is also generated according to the category of the attack corresponding to the filtered log files. 如請求項6所述的滲透測試個案建議方法,在步驟(F)之前還包含以下步驟: (G)在接收到經由一使用者的一輸入操作所產生的一相關於該等預定攻擊資訊及該等濾除後線上攻擊資訊的初始評分訊號後,產生並儲存多個對應該等預定攻擊資訊及該等濾除後線上攻擊資訊的初始分數; 其中,在步驟(F)中還根據該等初始分數獲得該攻擊所屬類別,在步驟(E)後還包含以下步驟: (H)在接收到經由該使用者的一輸入操作所產生的一相關該推薦測試攻擊資訊的回饋評分訊號後,根據該回饋評分訊號更新該等初始分數。The proposed method of penetration test case as described in claim 6, before step (F), also includes the following steps: (G) After receiving an initial scoring signal related to the predetermined attack information and the filtered online attack information generated by an input operation of a user, generate and store multiple corresponding predetermined attacks Information and the initial score of the filtered online attack information; Wherein, in step (F), the category of the attack is also obtained according to the initial scores, and after step (E), the following steps are further included: (H) After receiving a feedback score signal related to the recommended test attack information generated by an input operation of the user, update the initial scores according to the feedback score signal. 一種滲透測試個案建議系統,包含: 一儲存模組,儲存多筆相關於多個攻擊事件的預定攻擊資訊及多筆相關於在執行網頁所發生事件的記錄檔; 一網路資訊收集模組,電連接該儲存模組,用以經由一通訊網路從至少一對應至少一紀錄攻擊行為的網站的伺服端獲得並儲存多筆相關於多個攻擊行為的線上攻擊資訊至該儲存模組; 一資料預處理模組,電連接該儲存模組,用以將該等記錄檔進行濾除處理,以獲得多筆濾除後記錄檔,每一濾除後記錄檔至少包括多個具有多個存取點的存取路徑及多個分別對應該等存取路徑的語法參數,且將該等線上攻擊資訊進行濾除處理,多筆濾除後線上攻擊資訊; 一資料分析模組,電連接該儲存模組,用以利用資料探勘演算法分析該等濾除後記錄檔的關聯性,對於每一濾除後記錄檔,獲得並儲存一包括該濾除後記錄檔所包括的存取點的關聯性及多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法的關聯性的記錄檔分析結果至該儲存模組;及 一推薦模組,電連接該儲存模組,用以根據該記錄檔分析結果、該等預定攻擊資訊、該等濾除後記錄檔,及該等濾除後線上攻擊資訊,產生一包括該等預定攻擊資訊及該等濾除後線上攻擊資訊之其中至少一者的推薦測試攻擊資訊。A penetration test case suggestion system, including: A storage module that stores multiple predetermined attack information related to multiple attack events and multiple log files related to events that occurred during the execution of the webpage; A network information collection module, electrically connected to the storage module, for obtaining and storing multiple pieces of online attack information related to multiple attack actions from at least one server corresponding to at least one website that records attack actions via a communication network To the storage module; A data preprocessing module, electrically connected to the storage module, for filtering the log files to obtain multiple filtered log files. Each filtered log file includes at least multiple The access path of the access point and a plurality of grammatical parameters corresponding to the access paths, and the online attack information is filtered out, and the online attack information after multiple filtering is performed; A data analysis module, electrically connected to the storage module, is used to analyze the relevance of the filtered log files using a data mining algorithm, and for each filtered log file, obtain and store a data including the filtered log file The relevance of the access points included in the log file and a plurality of log file analysis results related to the relevance of the attack feature grammar of the grammatical parameters included in the filtered log file to the storage module; and A recommended module, which is electrically connected to the storage module, is used to generate a report including the analysis results of the log file, the predetermined attack information, the filtered log files, and the filtered online attack information The predetermined attack information and the recommended test attack information of at least one of the filtered online attack information. 如請求項8所述的滲透測試個案建議系統,其中,該資料預處理模組從該等記錄檔中,去除符合一預定條件的記錄檔,以獲得多筆候選記錄檔,並根據該等候選記錄檔及該等網站路徑,從該等候選記錄檔中,獲得多筆目標記錄檔,對於每一目標記錄檔,該資料預處理模組從該目標記錄檔擷取該等存取路徑、該等語法參數、多個分別對應該等存取路徑的來源位址、多個分別對應該等存取路徑的目的位址,及多個分別對應該等存取路徑的日期時間,以獲得一截取後目標記錄檔,且將該等截取後目標記錄檔的存取路徑進行編碼轉換,以獲得該等濾除後記錄檔。The penetration test case suggestion system according to claim 8, wherein the data preprocessing module removes the log files that meet a predetermined condition from the log files to obtain multiple candidate log files, and based on the candidate log files Log files and the website paths. From the candidate log files, multiple target log files are obtained. For each target log file, the data preprocessing module retrieves the access paths, the Equal grammatical parameters, multiple source addresses corresponding to the access paths, multiple destination addresses corresponding to the access paths, and multiple dates and times corresponding to the access paths to obtain an interception After the target log file, and the access path of the intercepted target log file is encoded and converted to obtain the filtered log file. 如請求項8所述的滲透測試個案建議系統,其中,對於每一線上攻擊資訊,該資料預處理模組從該線上攻擊資訊擷取一資料來源位址、一日期時間、多個語法參數、一擷圖,及一攻擊所屬類別,以獲得一濾除後線上攻擊資訊。The penetration test case suggestion system according to claim 8, wherein, for each online attack information, the data preprocessing module extracts a data source address, a date and time, a plurality of grammatical parameters, from the online attack information A screenshot and a category of the attack to obtain a filtered online attack information. 如請求項8所述的滲透測試個案建議系統,其中,對於每一濾除後記錄檔,該資料分析模組根據該濾除後記錄檔所包括的存取點,利用一關聯規則探勘演算法,獲得該濾除後記錄檔所包括的存取點的關聯性,且對於每一濾除後記錄檔,該資料分析模組根據該濾除後記錄檔所包括的語法參數,利用一循序樣本探勘演算法,獲得多個相關於該濾除後記錄檔所包括的語法參數的攻擊特徵語法,再根據該等攻擊特徵語法,利用該關聯規則探勘演算法,獲得該等攻擊特徵語法的關聯性,以產生該記錄檔分析結果。The penetration test case suggestion system according to claim 8, wherein, for each filtered log file, the data analysis module uses an association rule exploration algorithm according to the access points included in the filtered log file , Obtain the relevance of the access points included in the filtered log file, and for each filtered log file, the data analysis module uses a sequential sample based on the syntax parameters included in the filtered log file The exploration algorithm obtains a plurality of attack characteristic grammars related to the grammatical parameters included in the filtered log file, and then according to the attack characteristic grammar, the association rule exploration algorithm is used to obtain the relevance of the attack characteristic grammar , To generate the log analysis result. 如請求項8所述的滲透測試個案建議系統,其中,該推薦模組根據該等濾除後記錄檔、該記錄檔分析結果的該等濾除後記錄檔所包括的存取點的關聯性及一篩選條件,獲得多個推薦存取路徑,且該推薦模組對該等推薦存取路徑對應的語法參數進行關鍵字分析及相似度計算,並根據該記錄檔分析結果的該等攻擊特徵語法的關聯性,獲得多個對應該等推薦存取路徑的歷史攻擊特徵語法,再根據該等歷史攻擊特徵語法、該等預定攻擊資訊,及該等濾除後線上攻擊資訊,產生該推薦測試攻擊資訊。The penetration test case suggestion system according to claim 8, wherein the recommendation module is based on the filtered log files and the relevance of the access points included in the filtered log files based on the log file analysis results And a filter condition to obtain a plurality of recommended access paths, and the recommendation module performs keyword analysis and similarity calculation on the syntax parameters corresponding to the recommended access paths, and the attack characteristics according to the log file analysis result Based on the correlation of the grammar, a plurality of historical attack characteristic grammars corresponding to the recommended access paths are obtained, and the recommended test is generated based on the historical attack characteristic grammar, the predetermined attack information, and the filtered online attack information Attack information. 如請求項8所述的滲透測試個案建議系統,其中,對於每一濾除後記錄檔,該推薦模組根據該濾除後記錄檔的語法參數、該等預定攻擊資訊的語法參數,及該等濾除後線上攻擊資訊的語法參數至少進行關鍵字分析,獲得一對應該濾除後記錄檔的攻擊所屬類別,還根據該等濾除後記錄檔對應的攻擊所屬類別產生該推薦測試攻擊資訊。The penetration test case suggestion system according to claim 8, wherein, for each filtered log file, the recommendation module is based on the grammatical parameters of the filtered log file, the grammatical parameters of the predetermined attack information, and the After filtering the grammatical parameters of the online attack information, perform at least keyword analysis to obtain a pair of attack categories that should be filtered out. The recommended test attack information is also generated according to the attack category corresponding to the filtered log files. . 如請求項13所述的滲透測試個案建議系統,其中,該回饋模組在接收到經由該使用者的利用該資料輸入模組所產生的一相關於該等預定攻擊資訊及該等濾除後線上攻擊資訊的初始評分訊號後,產生並儲存多個對應該等預定攻擊資訊及該等濾除後線上攻擊資訊的初始分數至該儲存模組,且在該回饋模組接收到經由該使用者的一輸入操作所產生的一相關該推薦測試攻擊資訊的回饋評分訊號後,根據該回饋評分訊號更新該等初始分數。The penetration test case suggestion system according to claim 13, wherein the feedback module receives a piece of information related to the predetermined attack and the filtered information generated by the user using the data input module After the initial score signal of the online attack information, a plurality of initial scores corresponding to the predetermined attack information and the filtered online attack information are generated and stored in the storage module, and the feedback module is received by the user After an input operation generates a feedback score signal related to the recommended test attack information, the initial scores are updated according to the feedback score signal.
TW108138229A 2019-10-23 2019-10-23 Penetration test case suggestion method and system TWI726455B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108138229A TWI726455B (en) 2019-10-23 2019-10-23 Penetration test case suggestion method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108138229A TWI726455B (en) 2019-10-23 2019-10-23 Penetration test case suggestion method and system

Publications (2)

Publication Number Publication Date
TW202117620A true TW202117620A (en) 2021-05-01
TWI726455B TWI726455B (en) 2021-05-01

Family

ID=77020574

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108138229A TWI726455B (en) 2019-10-23 2019-10-23 Penetration test case suggestion method and system

Country Status (1)

Country Link
TW (1) TWI726455B (en)

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101682626A (en) * 2007-05-24 2010-03-24 爱维技术解决方案私人有限公司 Method and system for simulating a hacking attack on a network
CA2691666C (en) * 2007-06-26 2014-03-18 Core Sdi Incorporated System and method for simulating computer network attacks
CN102136051B (en) * 2011-05-06 2013-02-20 南开大学 Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model
TW201426578A (en) * 2012-12-27 2014-07-01 Ind Tech Res Inst Generation method and device and risk assessment method and device for anonymous dataset
US9298913B2 (en) * 2013-11-12 2016-03-29 Macau University Of Science And Technology Method of detecting intrusion based on improved support vector machine
TW201627906A (en) * 2015-01-27 2016-08-01 中華電信股份有限公司 Auxiliary devices and methods for information security tests
EP3545418A4 (en) * 2016-11-22 2020-08-12 AON Global Operations PLC, Singapore Branch Systems and methods for cybersecurity risk assessment
TWI610196B (en) * 2016-12-05 2018-01-01 財團法人資訊工業策進會 Network attack pattern determination apparatus, determination method, and computer program product thereof
US20200106792A1 (en) * 2017-10-19 2020-04-02 Circadence Corporation Method and system for penetration testing classification based on captured log data
JP6636226B2 (en) * 2018-01-12 2020-01-29 三菱電機株式会社 Countermeasure planning support device, countermeasure planning support method, and countermeasure planning support program

Also Published As

Publication number Publication date
TWI726455B (en) 2021-05-01

Similar Documents

Publication Publication Date Title
JP7073343B2 (en) Security vulnerabilities and intrusion detection and repair in obfuscated website content
CN110602029B (en) Method and system for identifying network attack
US12021894B2 (en) Phishing detection based on modeling of web page content
CN111104579A (en) Identification method and device for public network assets and storage medium
CN109905276B (en) Cloud service quality monitoring method and system
CN112887341B (en) External threat monitoring method
US11556640B1 (en) Systems and methods for automated cybersecurity analysis of extracted binary string sets
CN107426148B (en) Crawler-resisting method and system based on running environment feature recognition
CN113704328B (en) User behavior big data mining method and system based on artificial intelligence
US11470114B2 (en) Malware and phishing detection and mediation platform
US11297091B2 (en) HTTP log integration to web application testing
CN113704772B (en) Safety protection processing method and system based on user behavior big data mining
Dodia et al. Exposing the rat in the tunnel: Using traffic analysis for tor-based malware detection
US12072946B2 (en) Optimizing scraping requests through browsing profiles
Burda et al. Characterizing the redundancy of DarkWeb. onion services
Alghamdi Effective penetration testing report writing
CN108804501B (en) Method and device for detecting effective information
CN110598397A (en) Deep learning-based Unix system user malicious operation detection method
TWI726455B (en) Penetration test case suggestion method and system
Periyasamy et al. Prediction of future vulnerability discovery in software applications using vulnerability syntax tree (PFVD-VST).
Munir et al. {PURL}: Safe and Effective Sanitization of Link Decoration
Lazarine et al. Exploring the propagation of vulnerabilities from GitHub repositories hosted by major technology organizations
Yapa et al. AI Based Monitoring System for Social Engineering
TWM591195U (en) Penetration testing for case suggestion system
WO2021133592A1 (en) Malware and phishing detection and mediation platform