Autonomous Security Analysis and Penetration Testing | IEEE Conference Publication | IEEE Xplore

Autonomous Security Analysis and Penetration Testing


Abstract:

Security Assessment of large networks is a challenging task. Penetration testing (pentesting) is a method of analyzing the attack surface of a network to find security vu...Show More

Abstract:

Security Assessment of large networks is a challenging task. Penetration testing (pentesting) is a method of analyzing the attack surface of a network to find security vulnerabilities. Current network pentesting techniques involve a combination of automated scanning tools and manual exploitation of security issues to identify possible threats in a network. The solution scales poorly on a large network. We propose an autonomous security analysis and penetration testing framework (ASAP) that creates a map of security threats and possible attack paths in the network using attack graphs. Our framework utilizes: (i) state of the art reinforcement learning algorithm based on Deep-Q Network (DQN) to identify optimal policy for performing pentesting testing, and (ii) incorporates domain-specific transition matrix and reward modeling to capture the importance of security vulnerabilities and difficulty inherent in exploiting them. ASAP framework generates autonomous attack plans and validates them against real-world networks. The attack plans are generalizable to complex enterprise network, and the framework scales well on a large network. Our empirical evaluation shows that ASAP identifies non-intuitive attack plans on an enterprise network. The DQN planning algorithm employed scales well on a large network ~ 60 -70(s) for generating an attack plan for network with 300 hosts.
Date of Conference: 17-19 December 2020
Date Added to IEEE Xplore: 07 April 2021
ISBN Information:
Conference Location: Tokyo, Japan

I. Introduction

Penetration Testing (Pentesting) involves skilled cybersecurity professionals generating plans of attacks to find and exploit vulnerabilities in the networks and applications. The current procedure used in pentesting is semi-automated at best and requires significant human effort. The total cybersecurity spending by the year 2021 will be 1 Trillion USD [1], and the global pentesting market size is projected to grow from USD 1.7 billion in 2020 to USD 4.5 billion by 2025 [2]. The information security industry will experience a shortage of cybersecurity workforce by 3.5M by year 2021 [3]. About 65% of organizations have reported a shortage of cybersecurity staff, and 36% of organizations reported a lack of trained cybersecurity professionals.

Contact IEEE to Subscribe

References

References is not available for this document.