Multilayer Action Representation based on MITRE ATT&CK for Automated Penetration Testing

  • Nguyen Hoang Viet
    Graduate School of Information Science and Engineering, Ritsumeikan University
  • Uehara Tetsutaro
    College of Information Science and Engineering, Ritsumeikan University

抄録

<p>Penetration testing is among the most efficient techniques to improve network system defense and search for potential weaknesses. Applying penetration testing with reinforcement learning can enhance automation and accuracy and reduce dependence on human labor. However, this approach still encounters obstacles in intricate network systems, such as large ones, where compromising is challenging. The lack of modeling derived from a specific common cybersecurity knowledge base also complicates effective applications in practice. Therefore, based on MITRE ATT&CK knowledge, we propose a multilayer action representation to improve the performance, accuracy, and applicability of penetration testing on complex networks. The multilayer action representation's goal is to embody actions in penetration testing as n-dimensional vectors while faithfully capturing their characteristics and relationships. Therefore, it directly improves the performance of reinforcement learning agents in large and complicated network scenarios. For faster training, we also use an epsilon-Wolpertinger architecture. We conducted experiments on four difficulty levels with three network configurations and 119 system scenarios and compared our approach with four different reinforcement learning techniques. Our approach not only represents and models actions with high accuracy but also improves the ability of reinforcement learning agents in a variety of difficult levels of network systems.</p>

収録刊行物

参考文献 (20)*注記

もっと見る

詳細情報 詳細情報について

問題の指摘

ページトップへ