Xiaotong Guo;Jing Ren;Jiangong Zheng;Jianxin Liao;Chao Sun;Hongxi Zhu;Tongyu Song;Sheng Wang;Wei Wang
{"title":"通过深度强化学习实现细粒度控制的自动化渗透测试","authors":"Xiaotong Guo;Jing Ren;Jiangong Zheng;Jianxin Liao;Chao Sun;Hongxi Zhu;Tongyu Song;Sheng Wang;Wei Wang","doi":"10.23919/JCIN.2023.10272349","DOIUrl":null,"url":null,"abstract":"Penetration testing (PT) is an active method of evaluating the security of a network by simulating various types of cyber attacks in order to identify and exploit vulnerabilities. Traditional PT involves a time-consuming and labor-intensive process that is prone to errors and cannot be easily formulated. Researchers have been investigating the potential of deep reinforcement learning (DRL) to develop automated PT (APT) tools. However, using DRL in APT is challenged by partial observability of the environment and the intractability problem of the huge action space. This paper introduces RLAPT, a novel DRL approach that directly overcomes these challenges and enables intelligent automation of the PT process with precise control. The proposed method exhibits superior efficiency, stability, and scalability in finding the optimal attacking policy on the simulated experiment scenario.","PeriodicalId":100766,"journal":{"name":"Journal of Communications and Information Networks","volume":"8 3","pages":"212-220"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Automated Penetration Testing with Fine-Grained Control through Deep Reinforcement Learning\",\"authors\":\"Xiaotong Guo;Jing Ren;Jiangong Zheng;Jianxin Liao;Chao Sun;Hongxi Zhu;Tongyu Song;Sheng Wang;Wei Wang\",\"doi\":\"10.23919/JCIN.2023.10272349\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Penetration testing (PT) is an active method of evaluating the security of a network by simulating various types of cyber attacks in order to identify and exploit vulnerabilities. Traditional PT involves a time-consuming and labor-intensive process that is prone to errors and cannot be easily formulated. Researchers have been investigating the potential of deep reinforcement learning (DRL) to develop automated PT (APT) tools. However, using DRL in APT is challenged by partial observability of the environment and the intractability problem of the huge action space. This paper introduces RLAPT, a novel DRL approach that directly overcomes these challenges and enables intelligent automation of the PT process with precise control. The proposed method exhibits superior efficiency, stability, and scalability in finding the optimal attacking policy on the simulated experiment scenario.\",\"PeriodicalId\":100766,\"journal\":{\"name\":\"Journal of Communications and Information Networks\",\"volume\":\"8 3\",\"pages\":\"212-220\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Communications and Information Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10272349/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Communications and Information Networks","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10272349/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automated Penetration Testing with Fine-Grained Control through Deep Reinforcement Learning
Penetration testing (PT) is an active method of evaluating the security of a network by simulating various types of cyber attacks in order to identify and exploit vulnerabilities. Traditional PT involves a time-consuming and labor-intensive process that is prone to errors and cannot be easily formulated. Researchers have been investigating the potential of deep reinforcement learning (DRL) to develop automated PT (APT) tools. However, using DRL in APT is challenged by partial observability of the environment and the intractability problem of the huge action space. This paper introduces RLAPT, a novel DRL approach that directly overcomes these challenges and enables intelligent automation of the PT process with precise control. The proposed method exhibits superior efficiency, stability, and scalability in finding the optimal attacking policy on the simulated experiment scenario.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
