The Usage of Machine Learning on Penetration Testing Automation

The Usage of Machine Learning on Penetration Testing Automation

연구 분야: Strategies

학회: 2023 3rd International Conference on Electronic and Electrical Engineering and Intelligent System (ICE3IS)

Penetration testing is a method to assess the security within a network by performing or simulating a real-world cyber-attack on the network. It has been one of the best ways preferred by organizations to strengthen their network defenses against cyber threats. However, penetration testing proves that it has several drawbacks such as requiring a significant number of skills and time to perform. A survey made by The International Information System Security Certification Consortium also shows that the world is lacking cybersecurity workforces. To address this problem, this paper conducts research regarding the usage of machine learning to automate penetration testing activity. To start off, automated penetration testing tools will be created using machine learning algorithms, specifically reinforcement learning and deep reinforcement learning algorithms. The second step is to put the tools in a learning stage where it will be provided with the MITRE ATT&CK Framework. This framework will be the base for the attacks and exploitations used within the tools. The third step is to conduct a series of automated penetration testing over different target networks. The result will be then compared and analyzed with a manual penetration testing report to see how efficient and better it is compared to a manual penetration test. Lastly, the final data will then be collected for future developments and recommendations.