PTVis: Visual Narrative and Auxiliary Decision to Assist in Comprehending the Penetration Testing Process

Due to the complexity of network penetration and the diversity of penetration methods, traditional analysis approaches analyse only a single penetration method or part of the network penetration process. Moreover, the lack of customized exploration makes it difficult to discover and analyse network...

Full description

Bibliographic Details
Main Authors: Sijie Zheng, Yadong Wu, Song Wang, Yong Wei, Dongsheng Mu, Huan He, Dongxuan Han, Jing Liao, Huarong Chen
Format: Article
Language:English
Published: IEEE 2020-01-01
Series:IEEE Access
Subjects:
Online Access:https://ieeexplore.ieee.org/document/9237998/
Description
Summary:Due to the complexity of network penetration and the diversity of penetration methods, traditional analysis approaches analyse only a single penetration method or part of the network penetration process. Moreover, the lack of customized exploration makes it difficult to discover and analyse network penetration behaviors. Characterizing and summarizing the penetration testing process based on an interpretive visual analysis approach can enhance researchers' comprehension of penetration testing and further promote the development of network security technologies. To assist with this process, we design PTVis, a visual approach for the penetration testing process summarization based on visual narrative and auxiliary decision. PTVis consists of two primary components: (1) a visual interface that displays customized penetration testing paths, and (2) a component that effectively displays the results of penetration testing. To design PTVis, penetration testing paths that combine penetration testing methods and tools are built via cooperative multi-view and customized exploration, which facilitates the exploration of penetration testing. For evaluation, a qualitative user study is performed on two groups. The feedback from the study demonstrates that PTVis can enhance the user's knowledge of the penetration testing process.
ISSN:2169-3536