{"title":"HER-PT: An intelligent penetration testing framework with Hindsight Experience Replay","authors":"Mingda Li, Tiantian Zhu, Haoqi Yan, Tieming Chen, Mingqi Lv","doi":"10.1016/j.cose.2025.104357","DOIUrl":null,"url":null,"abstract":"<div><div>Penetration testing (PT) is an active method to evaluate the security of computer systems. With the continuous expansion of the scale of the network, the difficulty of penetration testing increases sharply, and at the same time, it relies heavily on expert experience. Therefore, AI-based techniques such as Deep Reinforcement Learning (DRL) will be an effective solution to automate penetration testing and reduce labor costs. However, in the existing DRL-based PT work, the attacker has a large number of low feedback behaviors, and it is difficult to collect enough successful experiences and positive learning rewards, that is, the sparse reward problem. In addition, existing works on automatic penetration based on MSF in real environments mainly focus on single-host scenarios and have not been extended to multi-host networks. In this paper, we propose a new intelligent PT framework “<span>HER-PT</span>” that integrates Hindsight Experience Replay (HER) techniques into DRL-based PT models in the hope of solving sparse reward problems in reinforcement learning and applying penetration testing to real multi-host scenarios. We constructed several network scenarios, trained <span>HER-PT</span> model agents in the cyber attack simulator Nasim for autonomous penetration testing experiments, and tried different reinforcement learning optimization schemes. Experimental results show that <span>HER-PT</span> can converge within 500 episodes in a medium scenario of 16 hosts, which is about 50% faster than other models. It can still maintain a success rate of 85.76% in the medium frequency dynamic change scene. The results show that <span>HER-PT</span> can effectively accelerate the training of the model and shorten the training period.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104357"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482500046X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Penetration testing (PT) is an active method to evaluate the security of computer systems. With the continuous expansion of the scale of the network, the difficulty of penetration testing increases sharply, and at the same time, it relies heavily on expert experience. Therefore, AI-based techniques such as Deep Reinforcement Learning (DRL) will be an effective solution to automate penetration testing and reduce labor costs. However, in the existing DRL-based PT work, the attacker has a large number of low feedback behaviors, and it is difficult to collect enough successful experiences and positive learning rewards, that is, the sparse reward problem. In addition, existing works on automatic penetration based on MSF in real environments mainly focus on single-host scenarios and have not been extended to multi-host networks. In this paper, we propose a new intelligent PT framework “HER-PT” that integrates Hindsight Experience Replay (HER) techniques into DRL-based PT models in the hope of solving sparse reward problems in reinforcement learning and applying penetration testing to real multi-host scenarios. We constructed several network scenarios, trained HER-PT model agents in the cyber attack simulator Nasim for autonomous penetration testing experiments, and tried different reinforcement learning optimization schemes. Experimental results show that HER-PT can converge within 500 episodes in a medium scenario of 16 hosts, which is about 50% faster than other models. It can still maintain a success rate of 85.76% in the medium frequency dynamic change scene. The results show that HER-PT can effectively accelerate the training of the model and shorten the training period.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
