Simulated penetration testing as contingent planning

Dorin Shmaryahu; Guy Shani; Joerg Hoffmann; Marcel Steinmetz

doi:10.1609/icaps.v28i1.13902

Simulated penetration testing as contingent planning

Dorin Shmaryahu
, Guy Shani
, Joerg Hoffmann
, Marcel Steinmetz

Research output: Contribution to journal › Conference article › peer-review

17 Scopus citations

Abstract

In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.

Original language	English
Pages (from-to)	241-249
Number of pages	9
Journal	Proceedings International Conference on Automated Planning and Scheduling, ICAPS
Volume	2018-June
DOIs	https://doi.org/10.1609/icaps.v28i1.13902
State	Published - 1 Jan 2018
Event	28th International Conference on Automated Planning and Scheduling, ICAPS 2018 - Delft, Netherlands Duration: 24 Jun 2018 → 29 Jun 2018

ASJC Scopus subject areas

Artificial Intelligence
Computer Science Applications
Information Systems and Management

Access to Document

10.1609/icaps.v28i1.13902

Cite this

@article{86d3daa23dda40e9b2a25087ec200fc2,

title = "Simulated penetration testing as contingent planning",

abstract = "In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.",

author = "Dorin Shmaryahu and Guy Shani and Joerg Hoffmann and Marcel Steinmetz",

note = "Publisher Copyright: Copyright {\textcopyright} 2018, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; 28th International Conference on Automated Planning and Scheduling, ICAPS 2018 ; Conference date: 24-06-2018 Through 29-06-2018",

year = "2018",

month = jan,

day = "1",

doi = "10.1609/icaps.v28i1.13902",

language = "English",

volume = "2018-June",

pages = "241--249",

journal = "Proceedings International Conference on Automated Planning and Scheduling, ICAPS",

issn = "2334-0835",

publisher = "Association for the Advancement of Artificial Intelligence",

}

TY - JOUR

T1 - Simulated penetration testing as contingent planning

AU - Shmaryahu, Dorin

AU - Shani, Guy

AU - Hoffmann, Joerg

AU - Steinmetz, Marcel

PY - 2018/1/1

Y1 - 2018/1/1

N2 - In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.

AB - In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.

UR - https://www.scopus.com/pages/publications/85054966285

U2 - 10.1609/icaps.v28i1.13902

DO - 10.1609/icaps.v28i1.13902

M3 - Conference article

AN - SCOPUS:85054966285

SN - 2334-0835

VL - 2018-June

SP - 241

EP - 249

JO - Proceedings International Conference on Automated Planning and Scheduling, ICAPS

JF - Proceedings International Conference on Automated Planning and Scheduling, ICAPS

T2 - 28th International Conference on Automated Planning and Scheduling, ICAPS 2018

Y2 - 24 June 2018 through 29 June 2018

ER -

Simulated penetration testing as contingent planning

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this