Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network
With the continuous development and widespread application of network technology, network security issues have become increasingly prominent.Penetration testing has emerged as an important method for assessing and enhancing network security.However, traditional manual penetration testing methods suf...
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | https://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2023091 |
| _version_ | 1827318262815260672 |
|---|---|
| author | Cheng FAN, Guoqing HU, Taojie DING, Zhanhua ZHANG |
| author_facet | Cheng FAN, Guoqing HU, Taojie DING, Zhanhua ZHANG |
| author_sort | Cheng FAN, Guoqing HU, Taojie DING, Zhanhua ZHANG |
| collection | DOAJ |
| description | With the continuous development and widespread application of network technology, network security issues have become increasingly prominent.Penetration testing has emerged as an important method for assessing and enhancing network security.However, traditional manual penetration testing methods suffer from inefficiency,human error, and tester skills, leading to high uncertainty and poor evaluation results.To address these challenges, an autonomous security analysis and penetration testing framework called ASAPT was proposed, based on attack graphs and deep Q-learning networks (DQN).The ASAPT framework was consisted of two main components:training data construction and model training.In the training data construction phase, attack graphs were utilized to model the threats in the target network by representing vulnerabilities and possible attacker attack paths as nodes and edges.By integrating the common vulnerability scoring system (CVSS) vulnerability database, a “state-action”transition matrix was constructed, which depicted the attacker’s behavior and transition probabilities in different states.This matrix comprehensively captured the attacker’s capabilities and network security status.To reduce computational complexity, a depth-first search (DFS) algorithm was innovatively applied to simplify the transition matrix, identifying and preserving all attack paths that lead to the final goal for subsequent model training.In the model training phase, a deep reinforcement learning algorithm based on DQN was employed to determine the optimal attack path during penetration testing.The algorithm interacted continuously with the environment, updating the Q-value function to progressively optimize the selection of attack paths.Simulation results demonstrate that ASAPT achieves an accuracy of 84% in identifying the optimal path and exhibits fast convergence speed.Compared to traditional Q-learning, ASAPT demonstrates superior adaptability in dealing with large-scale network environments, which could provide guidance for practical penetration testing. |
| first_indexed | 2024-04-24T23:56:10Z |
| format | Article |
| id | doaj.art-79bbdf7f05de4ec5985daee3d56e5ff0 |
| institution | Directory Open Access Journal |
| issn | 2096-109X |
| language | English |
| last_indexed | 2024-04-24T23:56:10Z |
| publishDate | 2023-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj.art-79bbdf7f05de4ec5985daee3d56e5ff02024-03-14T12:26:39ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-12-019616617510.11959/j.issn.2096-109x.2023091Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning networkCheng FAN, Guoqing HU, Taojie DING, Zhanhua ZHANGWith the continuous development and widespread application of network technology, network security issues have become increasingly prominent.Penetration testing has emerged as an important method for assessing and enhancing network security.However, traditional manual penetration testing methods suffer from inefficiency,human error, and tester skills, leading to high uncertainty and poor evaluation results.To address these challenges, an autonomous security analysis and penetration testing framework called ASAPT was proposed, based on attack graphs and deep Q-learning networks (DQN).The ASAPT framework was consisted of two main components:training data construction and model training.In the training data construction phase, attack graphs were utilized to model the threats in the target network by representing vulnerabilities and possible attacker attack paths as nodes and edges.By integrating the common vulnerability scoring system (CVSS) vulnerability database, a “state-action”transition matrix was constructed, which depicted the attacker’s behavior and transition probabilities in different states.This matrix comprehensively captured the attacker’s capabilities and network security status.To reduce computational complexity, a depth-first search (DFS) algorithm was innovatively applied to simplify the transition matrix, identifying and preserving all attack paths that lead to the final goal for subsequent model training.In the model training phase, a deep reinforcement learning algorithm based on DQN was employed to determine the optimal attack path during penetration testing.The algorithm interacted continuously with the environment, updating the Q-value function to progressively optimize the selection of attack paths.Simulation results demonstrate that ASAPT achieves an accuracy of 84% in identifying the optimal path and exhibits fast convergence speed.Compared to traditional Q-learning, ASAPT demonstrates superior adaptability in dealing with large-scale network environments, which could provide guidance for practical penetration testing.https://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2023091autonomous penetration testingreinforcement learningattack graphdeep q-learning network |
| spellingShingle | Cheng FAN, Guoqing HU, Taojie DING, Zhanhua ZHANG Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network 网络与信息安全学报 autonomous penetration testing reinforcement learning attack graph deep q-learning network |
| title | Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network |
| title_full | Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network |
| title_fullStr | Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network |
| title_full_unstemmed | Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network |
| title_short | Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network |
| title_sort | autonomous security analysis and penetration testing model based on attack graph and deep q learning network |
| topic | autonomous penetration testing reinforcement learning attack graph deep q-learning network |
| url | https://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2023091 |
| work_keys_str_mv | AT chengfanguoqinghutaojiedingzhanhuazhang autonomoussecurityanalysisandpenetrationtestingmodelbasedonattackgraphanddeepqlearningnetwork |