Constructing Plan Trees for Simulated Penetration Testing. Shani, G., Hoffmann, J., Shmaryahu, D., & Steinmetz, M. In
abstract   bibtex   
Penetration Testing (pentesting), where networks are automatically attacked to identify and fix their vulnerabilities, has recently received attention from the AI community. Smart algorithms that can identify robust and efficient attack plans can imitate human hackers better than simple protocols. Current classical planning methods for pentesting model poorly the real world, where the attacker has only partial information concerning the network. On the other hand POMDP-based approaches provide a strong model, but fail to scale up to reasonable model sizes. In this paper we offer a more realistic model of the problem, allowing for partial observability and non-deterministic action effects, by modeling pentesting as a partially observable contingent problem. We suggest several optimization criteria, including worst case, best case, and fault tolerance. We experiment with benchmark networks, showing contingent planning to produce plan trees, scaling up to large networks.
@InProceedings{spark16-11,
  author =   {Guy Shani and Joerg Hoffmann and Dorin Shmaryahu and Marcel Steinmetz},
  title =    {Constructing Plan Trees for Simulated Penetration Testing},
  abstract = {Penetration Testing (pentesting), where networks are automatically attacked to identify and fix their vulnerabilities, has recently received attention from the AI community. Smart algorithms that can identify robust and efficient attack plans can imitate human hackers better than simple protocols. Current classical planning methods for pentesting model poorly the real world, where the attacker has only partial information concerning the network. On the other hand POMDP-based approaches provide a strong model, but fail to scale up to reasonable model sizes. 
In this paper we offer a more realistic model of the problem, allowing for partial observability and non-deterministic action effects, by modeling pentesting as a partially observable contingent problem. We suggest several optimization criteria, including worst case, best case, and fault tolerance. We experiment with benchmark networks, showing contingent planning to produce plan trees, scaling up to large networks.},
  keywords = {Pentesting, Planning, Contingent Planning}
}

Downloads: 0