부산대학교 도서관

The security issues of power information systems are becoming more and more severe. Actively discovering system vulnerabilities is of great significance to improve system security. To realize the automation of penetration testing, in this paper a penetration testing method based on knowledge graph is proposed for power information systems. The method uses knowledge graph to represent and infer network topology, asset information and vulnerability information to guide the automated execution of penetration testing. Firstly, the knowledge graph information extraction and framework construction are completed to realize knowledge inference; secondly, an attack graph generation framework based on knowledge graph is constructed, penetration testing algorithms and penetration paths are designed to realize path searching and optimization; finally, penetration path automatic planning is realized based on attack condition inference of knowledge graph. The method can realize the automation of customized penetration testing path search and decision-making for power information systems, significantly improving the testing efficiency.