@inbook{bde5902d6e74474aab7c6572cbbe1e51,
title = "Automated vulnerability modeling and verification for penetration testing using petri nets",
abstract = "With the increase of network size, there are more and more potential vulnerabilities, which makes it difficult to conduct penetration testing in multihost networks. Attack graph is a useful tool for penetration testing to analyze the relevance of vulnerabilities between hosts and provides a visual view for attack path planning. However, previous works on attack graph generation are inefficient and not applicable to practical penetration testing process. In this paper, we propose an automated vulnerability modeling and verification approach for penetration testing, which generates attack graph efficiently and can be applied to attack process. Petri net is adopted for vulnerability modeling and attack graph synthesis. We implement a prototype system named Automatic Penetration Testing System to verify our method. The system is tested in real networks and the experiment results show the efficiency of our approach.",
keywords = "Attack graph, Penetration testing, Petri net, Vulnerability modeling, Vulnerability verification",
author = "Junchao Luan and Jian Wang and Mingfu Xue",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2016.",
year = "2016",
doi = "10.1007/978-3-319-48674-1\_7",
language = "英语",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "71--82",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
address = "德国",
}