Automated Post-Breach Penetration Testing through Reinforcement Learning

Chaudhary, Sujita; O'Brien, Austin; Xu, Shengjie

doi:10.1109/cns48642.2020.9162301

Cited by 33 publications

(14 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The shift from manually constructed MDPs [2]- [5] to CVSS-based MDPs [6]- [8] marks an emphasis on scaling the construction of attack-graph-based MDPs. Our methodology maintains an automated, scale-oriented approach to constructing MDPs, while introducing notions of cyber terrain that help ground RL agent behavior to reality.…”

Section: Discussionmentioning

confidence: 99%

“…Paper Network Description(s) Ghanem and Chen [2] 100 machine local area network Schwartz and Kurniawati [3] 50 machines with unknown services and 18 machines with 50 services Ghanem and Chen [4] 100 machine local area network Chaudhary et al [5] Not reported Yousefi et al [6] Attack graph with 44 vertices and 43 edges Chowdary et al [7] Attack graph with 109 vertices, edges unknown, and a 300 host flat network Hu et al [8] Attack graph with 44 vertices and 52 edges Our network…”

Section: Penetration Testingmentioning

confidence: 99%

“…Unlike most previous work in RL for penetration testing [2]- [5], but similar to Yousefi et al, Hu et al, and Chowdary et al [6]- [8], we use vulnerability information to construct the MDP. In particular, we use the Common Vulnerability Scoring System (CVSS) [9].…”

Section: Reinforcement Learning For Penetration Testingmentioning

confidence: 99%

“…Reinforcement learning (RL) for penetration testing has shown this to be feasible given constraints on attack graph representation such as scale and observability. However, existing literature constructs attack graphs either with no vulnerability information [2]- [5] or entirely with vulnerability information [6]- [8].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Using Cyber Terrain in Reinforcement Learning for Penetration Testing

Gangupantulu¹,

Cody²,

Park³

et al. 2021

Preprint

View full text Add to dashboard Cite

Reinforcement learning (RL) has been applied to attack graphs for penetration testing, however, trained agents do not reflect reality because the attack graphs lack operational nuances typically captured within the intelligence preparation of the battlefield (IPB) that include notions of (cyber) terrain. In particular, current practice constructs attack graphs exclusively using the Common Vulnerability Scoring System (CVSS) and its components. We present methods for constructing attack graphs using notions from IPB on cyber terrain analysis of obstacles, avenues of approach, key terrain, observation and fields of fire, and cover and concealment. We demonstrate our methods on an example where firewalls are treated as obstacles and represented in (1) the reward space and (2) the state dynamics. We show that terrain analysis can be used to bring realism to attack graphs for RL.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Penetration Testingmentioning

confidence: 99%

Section: Reinforcement Learning For Penetration Testingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Using Cyber Terrain in Reinforcement Learning for Penetration Testing

Gangupantulu¹,

Cody²,

Park³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…While some authors in RL for penetration testing use alternative methods [2]- [5], CVSS is emerging as a standard approach to modeling MDPs over attack graphs for RL [6]- [10]. Gangupantulu et al draw from the literature to define a vanilla CVSS-MDP for point-to-point network traversal [9].…”

Section: Mdps From Attack Graphsmentioning

confidence: 99%

Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs

Cody¹,

Rahman²,

Redino³

et al. 2022

Preprint

View full text Add to dashboard Cite

Reinforcement learning (RL), in conjunction with attack graphs and cyber terrain, are used to develop reward and state associated with determination of optimal paths for exfiltration of data in enterprise networks. This work builds on previous crown jewels (CJ) identification that focused on the target goal of computing optimal paths that adversaries may traverse toward compromising CJs or hosts within their proximity. This work inverts the previous CJ approach based on the assumption that data has been stolen and now must be quietly exfiltrated from the network. RL is utilized to support the development of a reward function based on the identification of those paths where adversaries desire reduced detection. Results demonstrate promising performance for a sizable network environment.

show abstract

Cybersecurity in the Era of Artificial Intelligence

2022

Cybersecurity in Intelligent Networking Systems

View full text Add to dashboard Cite

Automated Post-Breach Penetration Testing through Reinforcement Learning

Cited by 33 publications

References 4 publications

Using Cyber Terrain in Reinforcement Learning for Penetration Testing

Using Cyber Terrain in Reinforcement Learning for Penetration Testing

Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs

Cybersecurity in the Era of Artificial Intelligence

Contact Info

Product

Resources

About