Simulated Penetration Testing And Attack Automation Using Deep Reinforcement Learning
MetadataShow full item record
Currently, most penetration testing is done manually and it significantly relies on the pentesters’ experiences. However, manual penetration is both time and effort consuming and exposes some of the weakness system points. On the other hand, automating the penetration testing decreases the spent of time and effort as well as it hides the weakness points of the system. This work is related to simulating the automation process of penetration testing using deep reinforcement learning. We implemented a testing methodology that is composed of 5 stages: virtualization technology, information gathering using nmap tool, attack modeling by generating attack graphs, applying deep reinforcement learning algorithms (Deep Q-Learning Network) and finally, the automated attack execution. The output of applying these stages is threat dependency graph with a set of paths to be evaluated in terms of their success or failure with respect to the penetration testing. The conducted experimental test emphasizes a promising technique.