TY - JOUR
T1 - Simulated penetration testing as contingent planning
AU - Shmaryahu, Dorin
AU - Shani, Guy
AU - Hoffmann, Joerg
AU - Steinmetz, Marcel
N1 - Funding Information:
We thank the reviewers for their useful comments. This work was partially supported by the Cyber Security Research Center at Ben-Gurion University of the Negev, by ISF Grant 933/13, and by the Helmsley Charitable Trust through the Agricultural, Biological and Cognitive Robotics Center of Ben-Gurion University of the Negev.
Funding Information:
In the future we intend to create smarter heuristics for ordering actions given states, to achieve better expected rewards. We also intend to construct automated methods to draw conclusions from the plan graph, such as which vulnerabilities to fix first. Acknowledgments: We thank the reviewers for their useful comments. This work was partially supported by the Cyber Security Research Center at Ben-Gurion University of the Negev, by ISF Grant 933/13, and by the Helmsley Charitable Trust through the Agricultural, Biological and Cognitive Robotics Center of Ben-Gurion University of the Negev.
Publisher Copyright:
Copyright © 2018, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.
PY - 2018/1/1
Y1 - 2018/1/1
N2 - In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.
AB - In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.
UR - http://www.scopus.com/inward/record.url?scp=85054966285&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:85054966285
SN - 2334-0835
VL - 2018-June
SP - 241
EP - 249
JO - Proceedings International Conference on Automated Planning and Scheduling, ICAPS
JF - Proceedings International Conference on Automated Planning and Scheduling, ICAPS
T2 - 28th International Conference on Automated Planning and Scheduling, ICAPS 2018
Y2 - 24 June 2018 through 29 June 2018
ER -