Abstract
Due to the complexity of network penetration and the diversity of penetration methods, traditional analysis approaches analyse only a single penetration method or part of the network penetration process. Moreover, the lack of customized exploration makes it difficult to discover and analyse network penetration behaviors. Characterizing and summarizing the penetration testing process based on an interpretive visual analysis approach can enhance researchers' comprehension of penetration testing and further promote the development of network security technologies. To assist with this process, we design PTVis, a visual approach for the penetration testing process summarization based on visual narrative and auxiliary decision. PTVis consists of two primary components: (1) a visual interface that displays customized penetration testing paths, and (2) a component that effectively displays the results of penetration testing. To design PTVis, penetration testing paths that combine penetration testing methods and tools are built via cooperative multi-view and customized exploration, which facilitates the exploration of penetration testing. For evaluation, a qualitative user study is performed on two groups. The feedback from the study demonstrates that PTVis can enhance the user's knowledge of the penetration testing process.
Highlights
Finding the worst cyber threat culprits through security assessment is of great significance for network security [1]
The evaluation of PTVis is divided into an objective evaluation and a subjective evaluation to compare PTVis and the text-based summary
The study consisted of two stages: (1) G1 viewed the penetration testing text summary, while G2 adopted PTVis to explore the penetration testing process
Summary
Finding the worst cyber threat culprits through security assessment is of great significance for network security [1]. S. Zheng et al.: PTVis: Visual Narrative and Auxiliary Decision to Assist in Comprehending the Penetration Testing Process method. With the improvement in network penetration methods, to promote research on new attack technologies and to have a deeper comprehension of network penetration activities, an increasing amount of work is focusing on the visual analysis of penetration testing processes and methods (e.g., [8], [9]). Based on this research motivation, we designed PTVis: a lightweight, intuitive, and informative visual interface for describing and summarizing the main characteristics of penetration testing. The main contributions of our work include the following: A systematic analysis, that based on the main characteristics of the penetration testing process, identifies a set of interpretive elements to enhance comprehension. A qualitative experiment that assesses the effectiveness of the system in supporting the interpretability and comprehensibility of the penetration testing process
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
