Penetration testing automation assessment method based on rule tree

With the application to assess the network and system security in some key fields, penetration testing assessment methods have been evolving into a popular research topic. However, the automation degree of penetration testing is at a lower level, and many parameters of security assessment method is uncertain. For these two problems above, we use rule trees method to achieve the automation process of penetration testing, and each chain of rule trees stores a complete the attack process. By using the result of penetration testing, we propose the security assessment process to meet the NIST guidelines, and it can make some uncertain parameters of security assessment clear. With the constant expansion of rule trees, the proposed method can improve the accuracy and effectiveness of security assessment.