Abstract:
Penetration testing is a well known methodology assessing security vulnerabilities by executing complex steps which form an attack. Professional pentesting is an expensiv...Show MoreMetadata
Abstract:
Penetration testing is a well known methodology assessing security vulnerabilities by executing complex steps which form an attack. Professional pentesting is an expensive service that sometimes cannot fit in the budget of Small and Medium Enterprises. Automating this process means it can be executed even by inexperienced system administrators while it saves time for professionals. The difficulty of this problem consists in the heterogeneity of networks and systems so the techniques need to be adapted each time. Our approach is based on identifying system characteristics, search for existing vulnerabilities and applying machine learning for selecting the most appropriate exploit. The model was trained using data collected from exploited machines on the “Hack the Box” learning platform and delivers exploits from the Metasploit framework. The evaluation shows that the proposed framework can exploit a fair number of systems and can be extended to support new classes of exploits and new pentesting methodologies.
Published in: 2020 IEEE 16th International Conference on Intelligent Computer Communication and Processing (ICCP)
Date of Conference: 03-05 September 2020
Date Added to IEEE Xplore: 26 November 2020
ISBN Information: