Researches on penetration attacking model based on timed Petri Nets

Penetration test is a generally acknowledged and effective security testing method, while the phase of attack is the significant execution of penetration test. Due to incomplete attack parameters, the attacking model can often not be applied in practical. A penetration attacking model based on timed Petri nets was put forward in this paper, the basic granularity of which was vulnerability. First, the single vulnerability exploitation model was constructed by a list of known vulnerabilities. Then the penetration attacking model was constructed by integrating them, and the rapid and stable vulnerability exploitation selection algorithms were proposed. The corresponding attacking schemes as well as the shortest time that completing a penetration attack requires can be obtained. The experimental results show that the model can describe the attacking time and stability effectively. Furthermore, the method can be applied to the penetration test in practical.