Penetration testing (pen-testing) aims to assess vulnerabilities in a computer network by emulating possible attacks. Autonomous pen-testing allows frequent and regular pen-testing to be performed, which is increasingly necessary as networks become larger and more complex. Autonomous pen-testing is a planning under uncertainty problem, where the uncertainty is caused by partial observability of the network, lack of reliability of attack tools, and possible changes in the network that are triggered by the network administrator (the defender). Approaches that account for the first two causes of uncertainty have been developed based on the mathematically principled framework, Partially Observable Markov Decision Process (POMDP). However, they do not account for the third type of uncertainty. On the other hand, work that accounts for the defender's actions do not account for both partial observability and unreliability of the attack tools. This paper proposes a POMDP-based autonomous pen-testing framework that accounts for the defender's behaviour, thereby accounting for all of the above three causes of uncertainty. Key to our model is the observation that the defender's actions can be abstracted into two types: Network analysis, which does not alter the network, and active defence operations, which alter the network. This observation enables us to represent the defender's behaviour as a single variable: An information decay factor. This variable is based on the expected time the defender takes to move from analysing to actively defending the network, and therefore represents the decay of a pen-tester's knowledge about the network. We propose D-PenTesting, which assumes the decay factor is known prior to execution, and LD-PenTesting, which learns the decay factor as it attempts to break into the network. Simulation tests on two benchmark scenarios indicate that D-PenTesting and LD-PenTesting outperform existing POMDP-based pen-tester and is more robust than one that incorporates a POMDP-based defender.
Sensor fusion is the notion of combining the data from two or more sensors in order to obtain enhanced performance compared with that of the individual sensors. In addition, Signal Detection Theory can be used to monitor how well a sensor operates. That is, through the number of hits, misses, false alarms and correct rejections a sensor registers, we gain a better understanding as to how reliably it performs. Typically, the performance of a sensor is given in terms of its probability of detection and probability of false alarm, which may not be well characterised. In this paper, we use the Transferable Belief Model to fuse two sensors where there is uncertainty in their performance, so that if two sensors give a report, for example, we can estimate the likelihood of the target being present. We also show that when we have known prior probabilities our result is equivalent to the Bayesian case. A numerical example, as well as entropy measures, are also discussed.
In Electronic Support, receivers must maintain surveillance over the very wide portion of the electromagnetic spectrum in which threat emitters operate. A common approach is to use a receiver with a relatively narrow bandwidth which sweeps its centre frequency over the threat bandwidth to search for emitters. The sequence and timing of changes in the centre frequency constitute a search strategy. The search can be expedited if there is intelligence about the operational parameters of the emitters that are likely to be found. However, it can happen that the intelligence is deficient, untrustworthy or absent. In this case, what is the best search strategy to use? We propose a random search strategy based on a continuous-time Markov chain (CTMC). When the search is conducted for emitters with a periodic scan, we show that there is an optimal configuration for the CTMC. It is optimal in the sense that the expected time to intercept an emitter approaches linearity most quickly with respect to the emitter's scan period. A fast and smooth approach to linearity is important since other strategies can exhibit considerable and abrupt variations in the intercept time as a function of scan period. In theory and in numerical examples, we compare the optimum CTMC strategy with other strategies to demonstrate its superior properties.
The nonlinear congruential method is an attractive alternative to the classical linear congruential method for pseudorandom number generation. In this paper we present a new type of discrepancy bound for sequences of s-tuples of successive nonlinear congruential pseudorandom numbers over a ring of integers ℤM.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.