At the same time, cyber security threats are more frequent and commonplace, prompting security professionals to add more security layers and policies (He & Bode, 2006). Modern networks are generally becoming larger and more complex due to increasingly sophisticated applications. The results suggest that IAPTF is a promising approach to offload work from and ultimately replace human pen testing. Another advantage of IAPTF is the ease of repetition for retesting similar networks, which is often encountered in real PT. The results show that IAPTF with hierarchical network modeling outperforms previous approaches as well as human performance in terms of time, number of tested vectors and accuracy, and the advantage increases with the network size. This approach is tested through simulations of networks of various sizes. This was overcome by representing networks hierarchically as a group of clusters and treating each cluster separately. A major difficulty encountered was solving large POMDPs resulting from large networks.
Penetration testing tasks are treated as a partially observed Markov decision process (POMDP) which is solved with an external POMDP-solver using different algorithms to identify the most efficient options. The proposed approach called Intelligent Automated Penetration Testing Framework (IAPTF) utilizes model-based RL to automate sequential decision making.
This paper investigates reinforcement learning (RL) to make penetration testing more intelligent, targeted, and efficient. In large networks, penetration testing becomes repetitive, complex and resource consuming despite the use of automated tools. Penetration testing (PT) is a method for assessing and evaluating the security of digital assets by planning, generating, and executing possible attacks that aim to discover and exploit vulnerabilities.
0 kommentar(er)
