Enhancing Network Security with Biotechnological Strategies: Applying Attack Tree Theory in Penetration Testing

Abstract

This paper firstly discusses the strategies and processes under network information security penetration testing techniques, and extends the attack countermeasure tree using attack tree theory. Secondly, the probability of the attack countermeasure tree model is calculated and the model is generated, and the network information security penetration testing model is constructed based on the attack countermeasure tree. Finally, the real attack machine and target machine are built on the virtual platform with the engineer station network as an example to simulate the penetration testing process. The results show that: in network information security, the probability of occurrence of attacks through network switch reserved interface access, obtaining system driver and USB interface access in three ways are 0.548, 0.492 and 0.475 respectively. The way with the greatest attack effect is to execute SQL injection attack through windows vulnerability, and its evaluation result is 0.9834. Thus it shows that using attack tree theory can be effective penetration testing of network information security, and in this way to help network information security to provide targeted protection recommendations.