Metasploit Based Automated Penetration Testing Using Reinforcement Learning

Metasploit Based Automated Penetration Testing Using Reinforcement Learning

연구 분야: Strategies

학회: 2024 First International Conference for Women in Computing (InCoWoCo)

It's clear that in today's digital age, where threats are rapidly evolving in both scale and complexity, traditional manual penetration testing methods are unable to keep up. This study introduces a novel approach designed to automate the process of vulnerability detection and exploitation, addressing the need for automated penetration testing. This method integrates three key tools: Nmap for network scanning, the Metasploit framework for exploit execution, and reinforcement learning through Proximal Policy Optimization (PPO) to efficiently determine the best exploit paths. Unlike prior methods, this model continually learns from real-time interactions with the target system, adapting to changes in security environments. The results show that PPO not only automates but also significantly speeds up the penetration testing process, providing a resource-efficient and high-performance alternative to traditional security testing. This research bridges the gap between automated penetration testing and dynamic exploit execution, showing great potential for future advancements in cybersecurity.