• DocumentCode
    2413104
  • Title

    Network Penetration Testing Scheme Description Language

  • Author

    Dai, Zhiyong ; Lv, Liangshuang ; Liang, Xiaoyan ; Bo, Yang

  • fYear
    2011
  • fDate
    21-23 Oct. 2011
  • Firstpage
    804
  • Lastpage
    808
  • Abstract
    Penetration testing is widely used to help ensure the security of the network. Traditional penetration testings were manually performed by tester according to scheme, the process is usually complex resulting in that it is labor-intensive and requires tester to be familiar with all kind of tools. So it is very desirable to use a unified method to describe the scheme which can be identified by computer, then the computer can be used to substitute for tester to perform penetration testing. A new method is presented to describe penetration testing scheme. We propose a language for tester to describe the penetration testing scheme. Based on the conceptual model of penetration testing scheme we design the penetration testing scheme description language (PTSDL) and outline the important EBNF. PTSDL is declarative abstracting the process of penetration testing which makes this language flexible, extensible and adaptable to new penetration testing method. Use of this language is illustrated by an experimental study, which shows that the language can effectively describe the penetration testing scheme.
  • Keywords
    Analytical models; Computers; Concrete; Information security; Solid modeling; Testing; language; penetration testing; scheme;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computational and Information Sciences (ICCIS), 2011 International Conference on
  • Conference_Location
    Chengdu, China
  • Print_ISBN
    978-1-4577-1540-2
  • Type

    conf

  • DOI
    10.1109/ICCIS.2011.181
  • Filename
    6086322