TY - GEN
T1 - SoK
T2 - 19th International Conference on Availability, Reliability and Security, ARES 2024
AU - Simon, Raphael
AU - Mees, Wim
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/7/30
Y1 - 2024/7/30
N2 - In the still growing field of cyber security, machine learning methods have largely been employed for detection tasks. Only a small portion revolves around offensive capabilities. Through the rise of Deep Reinforcement Learning, agents have also emerged with the goal of actively assessing the security of systems by the means of penetration testing. Thus learning the usage of different tools to emulate humans. In this paper we present an overview, and comparison of different autonomous penetration testing agents found within the literature. Various agents have been proposed, making use of distinct methods, but several factors such as modelling of the environment and scenarios, different algorithms, and the difference in chosen methods themselves, make it difficult to draw conclusions on the current state and performance of those agents. This comparison also lets us identify research challenges that present a major limiting factor, such as handling large action spaces, partial observability, defining the right reward structure, and learning in a real-world scenario.
AB - In the still growing field of cyber security, machine learning methods have largely been employed for detection tasks. Only a small portion revolves around offensive capabilities. Through the rise of Deep Reinforcement Learning, agents have also emerged with the goal of actively assessing the security of systems by the means of penetration testing. Thus learning the usage of different tools to emulate humans. In this paper we present an overview, and comparison of different autonomous penetration testing agents found within the literature. Various agents have been proposed, making use of distinct methods, but several factors such as modelling of the environment and scenarios, different algorithms, and the difference in chosen methods themselves, make it difficult to draw conclusions on the current state and performance of those agents. This comparison also lets us identify research challenges that present a major limiting factor, such as handling large action spaces, partial observability, defining the right reward structure, and learning in a real-world scenario.
KW - Deep Reinforcement Learning
KW - Penetration Testing
KW - Reinforcement Learning
KW - Security Automation
UR - http://www.scopus.com/inward/record.url?scp=85200365304&partnerID=8YFLogxK
U2 - 10.1145/3664476.3664484
DO - 10.1145/3664476.3664484
M3 - Conference contribution
AN - SCOPUS:85200365304
T3 - ACM International Conference Proceeding Series
BT - ARES 2024 - 19th International Conference on Availability, Reliability and Security, Proceedings
PB - Association for Computing Machinery
Y2 - 30 July 2024 through 2 August 2024
ER -