Construction of network pentest-defense adversarial environment based on NASim

Construction of network pentest-defense adversarial environment based on NASim

연구 분야: Networking

학회: International Journal of Information Security

Current network pentest simulations lack dynamic defense mechanisms, limiting realism and effectiveness. To address this, we propose a novel adversarial environment extending the NASim framework by integrating a probabilistic defender capable of fixing vulnerabilities. Through rigorous mathematical analysis, we establish that vulnerability discovery and patching probabilities inherently follow the Beta distribution, whose bounded characteristics align precisely with the vulnerability lifecycle. This forms the foundation for our probability-based adjustable defense strategy. We implement the SecuMark framework to enable realistic bidirectional attacker-defender interactions within NASim. Experiments across diverse network topologies evaluate RL algorithms under varying defense intensities. Key findings indicate that defender intervention significantly reduces pentest success rates, exemplified by reductions of 30–50% under high defense levels. DQN and standard Q-Learning maintain relatively high success rates under low-to-moderate defenses, while Q-Learning augmented with experience replay demonstrates superior adaptability under intense defensive pressure. Furthermore, the specific parameters ( , ) of the Beta distribution critically influence the performance volatility of RL algorithms. SecuMark enhances simulation authenticity, provides a robust testbed for adversarial strategy optimization.