Automated Post-Breach Penetration Testing through Reinforcement Learning
Autor: | Sujita Chaudhary, Austin O'Brien, Shengjie Xu |
---|---|
Rok vydání: | 2020 |
Předmět: |
Exploit
Process (engineering) business.industry Computer science Vulnerability Security domain 020206 networking & telecommunications 02 engineering and technology Computer security computer.software_genre Automation Penetration (warfare) 0202 electrical engineering electronic engineering information engineering Reinforcement learning 020201 artificial intelligence & image processing business computer Hacker |
Zdroj: | CNS |
Popis: | Predicting cyber attacks to networks is ever present challenges in the security domain. Rapid growth of Artificial Intelligence (AI) has made this even more challenging as machine learning algorithms are now used to attack such systems while defense systems continue to protect them with traditional approaches. Penetration testing (pentest) has long been one way to prevent security breaches by mimicking black hat hackers to expose possible exploits and vulnerabilities. Using trained machine learning agents to automate this process is an important research area that still needs to be explored. The objective of this paper is to apply machine learning in the post-exploitation phase of penetration testing to assess the vulnerability of the system and hence, contribute to the automation process of penetration testing. We train the agent using reinforcement learning by providing an appropriate environment to explore a compromised network and find sensitive files. By utilizing several different network environments during training, we hope to generalize our agent as much as possible, allowing for more widespread application. Extended research may include training our agent for further lateral exploration and exploitation in the system. |
Databáze: | OpenAIRE |
Externí odkaz: |