Automatic Generation Algorithm of Penetration Graph in Penetration Testing

Penetration graph is a kind of attack graph which is widely used in penetration testing. It is an import tool to analyze security vulnerabilities in the network. However, the previous research on the generation methods of penetration graph have met a lot of challenges. Some methods are out of date and not applicable for practical scenarios, some may possibly leave out the import attack paths, some do not consider the probability of exploitation of each attack path and some failed to solve the problem of circle path and combination exploitation. We propose an automatic generation algorithm of penetration graph that optimizes the network topology before generating the penetration graph, which can reduce the redundant information effectively. We combine the penetration graph generation method with the CVSS (Common Vulnerability Scoring System) information together, increase the reliability of each attack path. Experiment result shows that the method can generates multi-path correctly and effectively, which can clearly show the structure of network, facilitates the testers' analysis of the target network, and provides reference for executing penetration testing.