Simulated penetration testing as contingent planning

Dorin Shmaryahu, Guy Shani, Joerg Hoffmann, Marcel Steinmetz

Research output: Contribution to journalConference articlepeer-review

12 Scopus citations

Abstract

In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.

Original languageEnglish
Pages (from-to)241-249
Number of pages9
JournalProceedings International Conference on Automated Planning and Scheduling, ICAPS
Volume2018-June
StatePublished - 1 Jan 2018
Event28th International Conference on Automated Planning and Scheduling, ICAPS 2018 - Delft, Netherlands
Duration: 24 Jun 201829 Jun 2018

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Simulated penetration testing as contingent planning'. Together they form a unique fingerprint.

Cite this