Multilayer Action Representation based on MITRE ATT&CK for Automated Penetration Testing
-
- Nguyen Hoang Viet
- Graduate School of Information Science and Engineering, Ritsumeikan University
-
- Uehara Tetsutaro
- College of Information Science and Engineering, Ritsumeikan University
抄録
<p>Penetration testing is among the most efficient techniques to improve network system defense and search for potential weaknesses. Applying penetration testing with reinforcement learning can enhance automation and accuracy and reduce dependence on human labor. However, this approach still encounters obstacles in intricate network systems, such as large ones, where compromising is challenging. The lack of modeling derived from a specific common cybersecurity knowledge base also complicates effective applications in practice. Therefore, based on MITRE ATT&CK knowledge, we propose a multilayer action representation to improve the performance, accuracy, and applicability of penetration testing on complex networks. The multilayer action representation's goal is to embody actions in penetration testing as n-dimensional vectors while faithfully capturing their characteristics and relationships. Therefore, it directly improves the performance of reinforcement learning agents in large and complicated network scenarios. For faster training, we also use an epsilon-Wolpertinger architecture. We conducted experiments on four difficulty levels with three network configurations and 119 system scenarios and compared our approach with four different reinforcement learning techniques. Our approach not only represents and models actions with high accuracy but also improves the ability of reinforcement learning agents in a variety of difficult levels of network systems.</p>
収録刊行物
-
- Journal of Information Processing
-
Journal of Information Processing 31 (0), 562-577, 2023
一般社団法人 情報処理学会
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1390015984923520128
-
- ISSN
- 18826652
-
- 本文言語コード
- en
-
- データソース種別
-
- JaLC
- Crossref
-
- 抄録ライセンスフラグ
- 使用不可