{"title":"Whole Campaign Emulation with Reinforcement Learning for Cyber Test","authors":"Tyler Cody, Emma Meno, P. Beling, Laura Freeman","doi":"10.1109/MIM.2023.10208253","DOIUrl":null,"url":null,"abstract":"Cyber-attacks pose existential, nation-level threats and directly challenge societal stability. The breadth of targets (small businesses to nation-states) and continuous nature of cyber-attacks make automated cyber test and evaluation (T&E) crucial to national security and domestic prosperity. Importantly, automation lowers the cost and increases the frequency of cyber T&E, thereby simultaneously increasing cyber test availability and coverage. Spurred by market demand as well as advancements in artificial intelligence (AI), automated approaches to penetration testing have seen a resurgence of interest in the academic literature. Yet to date, this burgeoning research community lacks a shared, long-term vision. Recently, we proposed a concept of whole campaign emulation (WCE) as a challenge problem and framework for automated penetration testing with reinforcement learning (RL) [1]. In this article, we review the state-of-the-art in RL-based automated penetration testing, assess its relation to WCE, and provide a case study using the open-source Network Attack Simulator (NASim) [2].","PeriodicalId":55025,"journal":{"name":"IEEE Instrumentation & Measurement Magazine","volume":null,"pages":null},"PeriodicalIF":1.6000,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Instrumentation & Measurement Magazine","FirstCategoryId":"5","ListUrlMain":"https://doi.org/10.1109/MIM.2023.10208253","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0
Abstract
Cyber-attacks pose existential, nation-level threats and directly challenge societal stability. The breadth of targets (small businesses to nation-states) and continuous nature of cyber-attacks make automated cyber test and evaluation (T&E) crucial to national security and domestic prosperity. Importantly, automation lowers the cost and increases the frequency of cyber T&E, thereby simultaneously increasing cyber test availability and coverage. Spurred by market demand as well as advancements in artificial intelligence (AI), automated approaches to penetration testing have seen a resurgence of interest in the academic literature. Yet to date, this burgeoning research community lacks a shared, long-term vision. Recently, we proposed a concept of whole campaign emulation (WCE) as a challenge problem and framework for automated penetration testing with reinforcement learning (RL) [1]. In this article, we review the state-of-the-art in RL-based automated penetration testing, assess its relation to WCE, and provide a case study using the open-source Network Attack Simulator (NASim) [2].
期刊介绍:
IEEE Instrumentation & Measurement Magazine is a bimonthly publication. It publishes in February, April, June, August, October, and December of each year. The magazine covers a wide variety of topics in instrumentation, measurement, and systems that measure or instrument equipment or other systems. The magazine has the goal of providing readable introductions and overviews of technology in instrumentation and measurement to a wide engineering audience. It does this through articles, tutorials, columns, and departments. Its goal is to cross disciplines to encourage further research and development in instrumentation and measurement.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
