Discovering Exfiltration Paths Using Reinforcement Learning with Attack Graphs

Cody, Tyler; Rahman, Abdul; Redino, Christopher; Huang, Lanxiao; Clark, Ryan; Akshay, Kakkar,; Kushwaha, Deepak; Park, Paul; Beling, Peter A.; Bowen, Edward

doi:10.48550/arxiv.2201.12416

Cited by 1 publication

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another line of research focuses on developing more specific penetration testing tasks. A number of authors define more specific tasks by reward engineering and other modifications to the MDP including formulations of capture the flag [22], crown jewel analysis [16], and discovering exfiltration paths [17]. This paper extends this line of research with a methodology for exposing SDR.…”

Section: Related Workmentioning

confidence: 97%

“…Hu et al extend the use of the CVSS by proposing to use exploitability scores weight rewards [14]. Gangupantulu et al [15], [16] and Cody et al [17] explicitly extend the methods of Hu et al with concepts of terrain. Gangupantulu et al advocate defining models of terrain in terms of the rewards and transition probabilities of MDPs, first in the case of firewalls as obstacles [15], then in the case of lateral pivots nearby key terrain [16].…”

Section: Related Workmentioning

confidence: 99%

“…Gangupantulu et al advocate defining models of terrain in terms of the rewards and transition probabilities of MDPs, first in the case of firewalls as obstacles [15], then in the case of lateral pivots nearby key terrain [16]. Cody et al apply these concepts to exfiltration [17]. Other authors either handcraft the MDP or do not remark on how its components are estimated.…”

Section: Related Workmentioning

confidence: 99%

“…Gangupantulu et al [15] proposed that cyber terrain can be modeled into CVSS-MDPs by adding transition probabilities for traversing firewalls and negative rewards for different protocols. Cody et al [17] later modeled the services-based defensive terrain in CVSS-MDPs based on the assumption that the attackers can infer the presence of defenses terrain based on the services running on a host. We adopt their methods and classify the services into four categories: authentication, data, security and common.…”

Section: A Defensive Terrain In Cvss-mdpsmentioning

confidence: 99%

“…The same network framework as in Cody et al [17] is used for our experiment but with different configurations in defense mechanism. To simulate real-world network conditions, there are layers of defenses between the Internet and the innermost private network.…”

Section: A Network Descriptionmentioning

confidence: 99%

See 4 more Smart Citations

Exposing Surveillance Detection Routes via Reinforcement Learning, Attack Graphs, and Cyber Terrain

Huang¹,

Cody²,

Redino³

et al. 2022

Preprint

View full text Add to dashboard Cite

Reinforcement learning (RL) operating on attack graphs leveraging cyber terrain principles are used to develop reward and state associated with determination of surveillance detection routes (SDR). This work extends previous efforts on developing RL methods for path analysis within enterprise networks. This work focuses on building SDR where the routes focus on exploring the network services while trying to evade risk. RL is utilized to support the development of these routes by building a reward mechanism that would help in realization of these paths. The RL algorithm is modified to have a novel warm-up phase which decides in the initial exploration which areas of the network are safe to explore based on the rewards and penalty scale factor.

show abstract

Section: Related Workmentioning

confidence: 97%