AutoRed: Automating Red Team Assessment via Strategic Thinking Using Reinforcement Learning

AutoRed: Automating Red Team Assessment via Strategic Thinking Using Reinforcement Learning

연구 분야: Infrastructure

학회: CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy

As security risks to network systems have grown, red team assessment has emerged as a powerful methodology for discovering vulnerabilities. Such assessments are difficult to master because technical knowledge and experience are needed. Automating the vulnerability assessment of network systems is expected to help network system administrators conduct these assessments easily. The challenges for automating these assessments include accurately addressing many actions, observing network states, and generalizing agent models. In this paper, we propose a framework, called AutoRed, for the automation of red team assessment via strategic thinking using reinforcement learning (RL). Our framework addresses the following challenges: (1) facilitating action determination by adopting a hierarchical RL model via strategic thinking, (2) establishing a method to observe network systems using graph neural networks (GNNs), and (3) investigating the reusability and generalization ability of the proposed model through experiments. We further evaluate the proposed model in an emulated environment constructed on a virtual machine platform. The experimental results demonstrate that the proposed model trained on three scenarios simultaneously can be applied 10-40 times more efficiently to various scenarios, including unseen scenarios during training, than the state-of-the-art hierarchical model.