Abstract:
Security Assessment of large networks is a challenging task. Penetration testing (pentesting) is a method of analyzing the attack surface of a network to find security vu...Show MoreMetadata
Abstract:
Security Assessment of large networks is a challenging task. Penetration testing (pentesting) is a method of analyzing the attack surface of a network to find security vulnerabilities. Current network pentesting techniques involve a combination of automated scanning tools and manual exploitation of security issues to identify possible threats in a network. The solution scales poorly on a large network. We propose an autonomous security analysis and penetration testing framework (ASAP) that creates a map of security threats and possible attack paths in the network using attack graphs. Our framework utilizes: (i) state of the art reinforcement learning algorithm based on Deep-Q Network (DQN) to identify optimal policy for performing pentesting testing, and (ii) incorporates domain-specific transition matrix and reward modeling to capture the importance of security vulnerabilities and difficulty inherent in exploiting them. ASAP framework generates autonomous attack plans and validates them against real-world networks. The attack plans are generalizable to complex enterprise network, and the framework scales well on a large network. Our empirical evaluation shows that ASAP identifies non-intuitive attack plans on an enterprise network. The DQN planning algorithm employed scales well on a large network ~ 60 -70(s) for generating an attack plan for network with 300 hosts.
Date of Conference: 17-19 December 2020
Date Added to IEEE Xplore: 07 April 2021
ISBN Information:
Keywords assist with retrieval of results and provide a means to discovering other relevant content. Learn more.
- IEEE Keywords
- Index Terms
- Penetration Test ,
- Autonomous Security ,
- Learning Algorithms ,
- Complex Network ,
- Large Networks ,
- Optimal Policy ,
- Reinforcement Learning Algorithm ,
- Security Vulnerabilities ,
- Real-world Networks ,
- Network Path ,
- Deep Q-network ,
- Security Assessment ,
- Attack Surface ,
- Enterprise Network ,
- Reward Model ,
- Deep Neural Network ,
- Transition State ,
- Web Server ,
- Transition Probabilities ,
- Large-scale Networks ,
- Reinforcement Learning Framework ,
- Domain-specific Models ,
- Static Graph ,
- Database Server ,
- Target Environment ,
- S1 State ,
- Threat Model ,
- Personal Details ,
- Graph Generation ,
- Types Of Attacks
- Author Keywords
Keywords assist with retrieval of results and provide a means to discovering other relevant content. Learn more.
- IEEE Keywords
- Index Terms
- Penetration Test ,
- Autonomous Security ,
- Learning Algorithms ,
- Complex Network ,
- Large Networks ,
- Optimal Policy ,
- Reinforcement Learning Algorithm ,
- Security Vulnerabilities ,
- Real-world Networks ,
- Network Path ,
- Deep Q-network ,
- Security Assessment ,
- Attack Surface ,
- Enterprise Network ,
- Reward Model ,
- Deep Neural Network ,
- Transition State ,
- Web Server ,
- Transition Probabilities ,
- Large-scale Networks ,
- Reinforcement Learning Framework ,
- Domain-specific Models ,
- Static Graph ,
- Database Server ,
- Target Environment ,
- S1 State ,
- Threat Model ,
- Personal Details ,
- Graph Generation ,
- Types Of Attacks
- Author Keywords