TY - GEN
T1 - Smart Security Audit
T2 - 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2020
AU - Pozdniakov, Konstantin
AU - Alonso, Eduardo
AU - Stankovic, Vladimir
AU - Tam, Kimberly
AU - Jones, Kevin
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/6
Y1 - 2020/6
N2 - A significant challenge in modern computer security is the growing skill gap as intruder capabilities increase, making it necessary to begin automating elements of penetration testing so analysts can contend with the growing number of cyber threats. In this paper, we attempt to assist human analysts by automating a single host penetration attack. To do so, a smart agent performs different attack sequences to find vulnerabilities in a target system. As it does so, it accumulates knowledge, learns new attack sequences and improves its own internal penetration testing logic. As a result, this agent (AgentPen for simplicity) is able to successfully penetrate hosts it has never interacted with before. A computer security administrator using this tool would receive a comprehensive, automated sequence of actions leading to a security breach, highlighting potential vulnerabilities, and reducing the amount of menial tasks a typical penetration tester would need to execute. To achieve autonomy, we apply an unsupervised machine learning algorithm, Q-learning, with an approximator that incorporates a deep neural network architecture. The security audit itself is modelled as a Markov Decision Process in order to test a number of decision-making strategies and compare their convergence to optimality. A series of experimental results is presented to show how this approach can be effectively used to automate penetration testing using a scalable, i.e. not exhaustive, and adaptive approach.
AB - A significant challenge in modern computer security is the growing skill gap as intruder capabilities increase, making it necessary to begin automating elements of penetration testing so analysts can contend with the growing number of cyber threats. In this paper, we attempt to assist human analysts by automating a single host penetration attack. To do so, a smart agent performs different attack sequences to find vulnerabilities in a target system. As it does so, it accumulates knowledge, learns new attack sequences and improves its own internal penetration testing logic. As a result, this agent (AgentPen for simplicity) is able to successfully penetrate hosts it has never interacted with before. A computer security administrator using this tool would receive a comprehensive, automated sequence of actions leading to a security breach, highlighting potential vulnerabilities, and reducing the amount of menial tasks a typical penetration tester would need to execute. To achieve autonomy, we apply an unsupervised machine learning algorithm, Q-learning, with an approximator that incorporates a deep neural network architecture. The security audit itself is modelled as a Markov Decision Process in order to test a number of decision-making strategies and compare their convergence to optimality. A series of experimental results is presented to show how this approach can be effectively used to automate penetration testing using a scalable, i.e. not exhaustive, and adaptive approach.
KW - audit
KW - deep neural network
KW - Pentesting
KW - Q-learning
KW - reinforcement learning
UR - http://www.scopus.com/inward/record.url?scp=85089237377&partnerID=8YFLogxK
U2 - 10.1109/CyberSA49311.2020.9139683
DO - 10.1109/CyberSA49311.2020.9139683
M3 - Conference proceedings published in a book
AN - SCOPUS:85089237377
T3 - 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2020
BT - 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 15 June 2020 through 19 June 2020
ER -