TY - GEN
T1 - Autonomous security analysis and penetration testing
AU - Chowdhary, Ankur
AU - Huang, Dijiang
AU - Mahendran, Jayasurya Sevalur
AU - Romo, Daniel
AU - Deng, Yuli
AU - Sabur, Abdulhakim
N1 - Funding Information:
This research is supported in part by following research grants: Naval Research Lab N0017319-1-G002, NSF DGE-1723440, OAC-1642031.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/12
Y1 - 2020/12
N2 - Security Assessment of large networks is a challenging task. Penetration testing (pentesting) is a method of analyzing the attack surface of a network to find security vulnerabilities. Current network pentesting techniques involve a combination of automated scanning tools and manual exploitation of security issues to identify possible threats in a network. The solution scales poorly on a large network. We propose an autonomous security analysis and penetration testing framework (ASAP) that creates a map of security threats and possible attack paths in the network using attack graphs. Our framework utilizes: (i) state of the art reinforcement learning algorithm based on Deep-Q Network (DQN) to identify optimal policy for performing pentesting testing, and (ii) incorporates domain-specific transition matrix and reward modeling to capture the importance of security vulnerabilities and difficulty inherent in exploiting them. ASAP framework generates autonomous attack plans and validates them against real-world networks. The attack plans are generalizable to complex enterprise network, and the framework scales well on a large network. Our empirical evaluation shows that ASAP identifies non-intuitive attack plans on an enterprise network. The DQN planning algorithm employed scales well on a large network ~ 60 -70(s) for generating an attack plan for network with 300 hosts.
AB - Security Assessment of large networks is a challenging task. Penetration testing (pentesting) is a method of analyzing the attack surface of a network to find security vulnerabilities. Current network pentesting techniques involve a combination of automated scanning tools and manual exploitation of security issues to identify possible threats in a network. The solution scales poorly on a large network. We propose an autonomous security analysis and penetration testing framework (ASAP) that creates a map of security threats and possible attack paths in the network using attack graphs. Our framework utilizes: (i) state of the art reinforcement learning algorithm based on Deep-Q Network (DQN) to identify optimal policy for performing pentesting testing, and (ii) incorporates domain-specific transition matrix and reward modeling to capture the importance of security vulnerabilities and difficulty inherent in exploiting them. ASAP framework generates autonomous attack plans and validates them against real-world networks. The attack plans are generalizable to complex enterprise network, and the framework scales well on a large network. Our empirical evaluation shows that ASAP identifies non-intuitive attack plans on an enterprise network. The DQN planning algorithm employed scales well on a large network ~ 60 -70(s) for generating an attack plan for network with 300 hosts.
KW - Attack Graphs
KW - Cloud Network
KW - Deep-Q Network (DQN)
KW - Internet of Things (IoT)
KW - Penetration Testing
KW - Reinforcement Learning
UR - http://www.scopus.com/inward/record.url?scp=85104667414&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85104667414&partnerID=8YFLogxK
U2 - 10.1109/MSN50589.2020.00086
DO - 10.1109/MSN50589.2020.00086
M3 - Conference contribution
AN - SCOPUS:85104667414
T3 - Proceedings - 2020 16th International Conference on Mobility, Sensing and Networking, MSN 2020
SP - 508
EP - 515
BT - Proceedings - 2020 16th International Conference on Mobility, Sensing and Networking, MSN 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 16th International Conference on Mobility, Sensing and Networking, MSN 2020
Y2 - 17 December 2020 through 19 December 2020
ER -