Penetration testing (PT) is an efficient network testing and vulnerability mining tool by simulating a hacker's attack for valuable information applied in some areas, e.g., the host's operating and database systems. Compared with manual PT, intelligent PT has become a dominating mainstream due to less time-consuming and lower labor costs. Among the already proposed intelligent PT methods, reinforcement learning (RL) based PT has achieved state-of-the-art (SOTA) performance. Unfortunately, RLbased PT is still challenged in real exploitation scenarios because the agent's action space is usually high-dimensional discrete, thus leading to algorithm convergence difficulty. Besides, most PT methods still rely on the decisions of security experts. Addressing the challenges, for the first time, we introduce expert knowledge to guide the agent to make better decisions in RL-based PT, and propose a Generative Adversarial Imitation Learning based generic intelligent Penetration Testing framework, denoted as GAIL-PT, to solve the problems of higher labor costs due to the involvement of security experts and highdimensional discrete action space. Specifically, first, we manually collect the state-action pairs to construct an expert knowledge base when the pre-trained RL / DRL model executes successful penetration testings. Second, we input the expert knowledge and the state-action pairs generated online by the different RL / DRL models into the discriminator of GAIL for training. At last, we apply the output reward of the discriminator to guide the agent to perform the action with a higher penetration success rate to improve PT's performance. Extensive experiments conducted on the real target host and simulated network scenarios show that GAIL-PT achieves SOTA penetration performance against DeepExploit in exploiting actual target Metasploitable2 and Q-learning in optimizing penetration path, not only in small-scale with or without honey-pot network environments, but also in the large-scale simulated network environment.The code of GAIL-PT is open-sourced at https://github.com/Shulong98/GAIL-PT//.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.