渗透测试:分类、权衡和适应性策略

IF 4.9 3区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Sitanshu Kapur, Praneet Saurabh
{"title":"渗透测试:分类、权衡和适应性策略","authors":"Sitanshu Kapur,&nbsp;Praneet Saurabh","doi":"10.1016/j.compeleceng.2025.110686","DOIUrl":null,"url":null,"abstract":"<div><div>Modern cybersecurity faces increasing complexity due to the growth of cloud-native platforms, legacy systems, and the proliferation of IoT devices. Traditional penetration testing methods, such as manual exploits and signature-based scanners, offer precision, but lack scalability and adaptability. Conversely, AI-based approaches, which employ techniques such as machine learning, reinforcement learning, and large language models to automate specific phases of the penetration testing workflow, introduce adaptability but also face significant challenges, including data dependency, limited interpretability, and high computational cost. This review focuses on three core questions: the comparative strengths and weaknesses of conventional and AI-based penetration testing, the influence of deployment contexts such as cloud and IoT, and how hybrid strategies can balance automation with human oversight. In this review, we focus mainly on the literature from 2010 to 2025, with inclusion criteria based on empirical validation, relevance, and impact. We conclude by proposing a research agenda focused on explainable AI, efficient model deployment, and standardized evaluation benchmarks for next-generation penetration testing systems.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"128 ","pages":"Article 110686"},"PeriodicalIF":4.9000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Penetration testing: Taxonomies, trade-offs, and adaptive strategies\",\"authors\":\"Sitanshu Kapur,&nbsp;Praneet Saurabh\",\"doi\":\"10.1016/j.compeleceng.2025.110686\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Modern cybersecurity faces increasing complexity due to the growth of cloud-native platforms, legacy systems, and the proliferation of IoT devices. Traditional penetration testing methods, such as manual exploits and signature-based scanners, offer precision, but lack scalability and adaptability. Conversely, AI-based approaches, which employ techniques such as machine learning, reinforcement learning, and large language models to automate specific phases of the penetration testing workflow, introduce adaptability but also face significant challenges, including data dependency, limited interpretability, and high computational cost. This review focuses on three core questions: the comparative strengths and weaknesses of conventional and AI-based penetration testing, the influence of deployment contexts such as cloud and IoT, and how hybrid strategies can balance automation with human oversight. In this review, we focus mainly on the literature from 2010 to 2025, with inclusion criteria based on empirical validation, relevance, and impact. We conclude by proposing a research agenda focused on explainable AI, efficient model deployment, and standardized evaluation benchmarks for next-generation penetration testing systems.</div></div>\",\"PeriodicalId\":50630,\"journal\":{\"name\":\"Computers & Electrical Engineering\",\"volume\":\"128 \",\"pages\":\"Article 110686\"},\"PeriodicalIF\":4.9000,\"publicationDate\":\"2025-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Electrical Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0045790625006299\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625006299","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

由于云原生平台、遗留系统和物联网设备的激增,现代网络安全面临着越来越复杂的问题。传统的渗透测试方法,如手动漏洞利用和基于签名的扫描器,提供了精度,但缺乏可伸缩性和适应性。相反,基于人工智能的方法,采用诸如机器学习、强化学习和大型语言模型等技术来自动化渗透测试工作流的特定阶段,引入了适应性,但也面临着重大挑战,包括数据依赖性、有限的可解释性和高计算成本。本文主要关注三个核心问题:传统渗透测试和基于人工智能的渗透测试的比较优势和劣势,部署环境(如云和物联网)的影响,以及混合策略如何平衡自动化与人为监督。在这篇综述中,我们主要关注2010年至2025年的文献,纳入标准基于经验验证、相关性和影响。最后,我们提出了一个研究议程,重点关注可解释的人工智能、有效的模型部署,以及下一代渗透测试系统的标准化评估基准。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Penetration testing: Taxonomies, trade-offs, and adaptive strategies
Modern cybersecurity faces increasing complexity due to the growth of cloud-native platforms, legacy systems, and the proliferation of IoT devices. Traditional penetration testing methods, such as manual exploits and signature-based scanners, offer precision, but lack scalability and adaptability. Conversely, AI-based approaches, which employ techniques such as machine learning, reinforcement learning, and large language models to automate specific phases of the penetration testing workflow, introduce adaptability but also face significant challenges, including data dependency, limited interpretability, and high computational cost. This review focuses on three core questions: the comparative strengths and weaknesses of conventional and AI-based penetration testing, the influence of deployment contexts such as cloud and IoT, and how hybrid strategies can balance automation with human oversight. In this review, we focus mainly on the literature from 2010 to 2025, with inclusion criteria based on empirical validation, relevance, and impact. We conclude by proposing a research agenda focused on explainable AI, efficient model deployment, and standardized evaluation benchmarks for next-generation penetration testing systems.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Electrical Engineering
Computers & Electrical Engineering 工程技术-工程:电子与电气
CiteScore
9.20
自引率
7.00%
发文量
661
审稿时长
47 days
期刊介绍: The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信