APRIL: towards Scalable and Transferable Autonomous Penetration Testing in Large Action Space via Action Embedding

APRIL: towards Scalable and Transferable Autonomous Penetration Testing in Large Action Space via Action Embedding

Penetration testing (pentesting) assesses cybersecurity through simulated attacks, while the conventional manual-based method is costly, time-consuming, and personnelconstrained. Reinforcement learning (RL) provides an agentenvironment interaction learning paradigm, making it a promising way for aut...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on dependable and secure computing 2024-12, p.1-17
Hauptverfasser: Zhou, Shicheng, Liu, Jingju, Lu, Yuliang, Yang, Jiahai, Hou, Dongdong, Zhang, Yue, Hu, Shulong
Format: Artikel
Sprache:eng
Schlagworte:
action embedding
Cyberspace
large action space
Manuals
Network security
Penetration testing
Planning
policy transfer
Reinforcement learning
Scalability
Semantics
Testing
Training
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 17
container_issue
container_start_page 1
container_title IEEE transactions on dependable and secure computing
container_volume
creator Zhou, Shicheng
Liu, Jingju
Lu, Yuliang
Yang, Jiahai
Hou, Dongdong
Zhang, Yue
Hu, Shulong
description Penetration testing (pentesting) assesses cybersecurity through simulated attacks, while the conventional manual-based method is costly, time-consuming, and personnelconstrained. Reinforcement learning (RL) provides an agentenvironment interaction learning paradigm, making it a promising way for autonomous pentesting. However, agents' scalability in large action spaces and policy transferability across scenarios limit the applicability of RL-based autonomous pentesting. To address these challenges, we present a novel autonomous pentesting framework based on reinforcement learning (namely APRIL) to train agents that are scalable and transferable in large action spaces. In APRIL, we construct realistic, bounded, host-level state space via embedding techniques to avoid the complexities of dealing with unbounded network-level information. We employ semantic correlations between pentesting actions as prior knowledge to represent discrete action space into a continuous and semantically meaningful embedding space. Agents are then trained to reason over actions within the action embedding space, where two key methods are applied: an upper-confidence bound-based action refinement method to encourage efficient exploration, and a distance-aware loss to improve learning efficiency and generalization performance. We conduct experiments in simulated scenarios constructed based on virtualized vulnerable environments. The results demonstrate APRIL's scalability in large action spaces and its ability to facilitate policy transfer across diverse scenarios.
doi_str_mv 10.1109/TDSC.2024.3518500
format Article
fullrecord <record><control><sourceid>ieee_RIE</sourceid><recordid>TN_cdi_ieee_primary_10804006</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10804006</ieee_id><sourcerecordid>10804006</sourcerecordid><originalsourceid>FETCH-ieee_primary_108040063</originalsourceid><addsrcrecordid>eNqFisFqwkAUAPegoLX9AMHD-wHj25htE29iLS14kCb38ExewkqyK7trS_--Qeq5p4GZEWIuMZISs1Xxmu-iGOMkWiuZKsSRmEqVqKXKXuREPHh_xqGmWTIVbnv8_DhsINhvcrWHvKKOTh0DmRoKR8Y37G5iew3W2N5ePRzZcHAUtDVQsA_atKANHMi1w1fdfH6hiuFL013s-xPX9bA-inFDneenP87E4m1f7N6XmpnLi9M9uZ9SYooJ4vP6n_wLK_5J2g</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>APRIL: towards Scalable and Transferable Autonomous Penetration Testing in Large Action Space via Action Embedding</title><source>IEEE Electronic Library (IEL)</source><creator>Zhou, Shicheng ; Liu, Jingju ; Lu, Yuliang ; Yang, Jiahai ; Hou, Dongdong ; Zhang, Yue ; Hu, Shulong</creator><creatorcontrib>Zhou, Shicheng ; Liu, Jingju ; Lu, Yuliang ; Yang, Jiahai ; Hou, Dongdong ; Zhang, Yue ; Hu, Shulong</creatorcontrib><description>Penetration testing (pentesting) assesses cybersecurity through simulated attacks, while the conventional manual-based method is costly, time-consuming, and personnelconstrained. Reinforcement learning (RL) provides an agentenvironment interaction learning paradigm, making it a promising way for autonomous pentesting. However, agents' scalability in large action spaces and policy transferability across scenarios limit the applicability of RL-based autonomous pentesting. To address these challenges, we present a novel autonomous pentesting framework based on reinforcement learning (namely APRIL) to train agents that are scalable and transferable in large action spaces. In APRIL, we construct realistic, bounded, host-level state space via embedding techniques to avoid the complexities of dealing with unbounded network-level information. We employ semantic correlations between pentesting actions as prior knowledge to represent discrete action space into a continuous and semantically meaningful embedding space. Agents are then trained to reason over actions within the action embedding space, where two key methods are applied: an upper-confidence bound-based action refinement method to encourage efficient exploration, and a distance-aware loss to improve learning efficiency and generalization performance. We conduct experiments in simulated scenarios constructed based on virtualized vulnerable environments. The results demonstrate APRIL's scalability in large action spaces and its ability to facilitate policy transfer across diverse scenarios.</description><identifier>ISSN: 1545-5971</identifier><identifier>DOI: 10.1109/TDSC.2024.3518500</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>IEEE</publisher><subject>action embedding ; Cyberspace ; large action space ; Manuals ; Network security ; Penetration testing ; Planning ; policy transfer ; Reinforcement learning ; Scalability ; Semantics ; Testing ; Training</subject><ispartof>IEEE transactions on dependable and secure computing, 2024-12, p.1-17</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed><orcidid>0000-0001-9686-3836 ; 0000-0002-4400-4295 ; 0000-0001-6109-6737 ; 0000-0002-8502-9907</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10804006$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10804006$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Zhou, Shicheng</creatorcontrib><creatorcontrib>Liu, Jingju</creatorcontrib><creatorcontrib>Lu, Yuliang</creatorcontrib><creatorcontrib>Yang, Jiahai</creatorcontrib><creatorcontrib>Hou, Dongdong</creatorcontrib><creatorcontrib>Zhang, Yue</creatorcontrib><creatorcontrib>Hu, Shulong</creatorcontrib><title>APRIL: towards Scalable and Transferable Autonomous Penetration Testing in Large Action Space via Action Embedding</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Penetration testing (pentesting) assesses cybersecurity through simulated attacks, while the conventional manual-based method is costly, time-consuming, and personnelconstrained. Reinforcement learning (RL) provides an agentenvironment interaction learning paradigm, making it a promising way for autonomous pentesting. However, agents' scalability in large action spaces and policy transferability across scenarios limit the applicability of RL-based autonomous pentesting. To address these challenges, we present a novel autonomous pentesting framework based on reinforcement learning (namely APRIL) to train agents that are scalable and transferable in large action spaces. In APRIL, we construct realistic, bounded, host-level state space via embedding techniques to avoid the complexities of dealing with unbounded network-level information. We employ semantic correlations between pentesting actions as prior knowledge to represent discrete action space into a continuous and semantically meaningful embedding space. Agents are then trained to reason over actions within the action embedding space, where two key methods are applied: an upper-confidence bound-based action refinement method to encourage efficient exploration, and a distance-aware loss to improve learning efficiency and generalization performance. We conduct experiments in simulated scenarios constructed based on virtualized vulnerable environments. The results demonstrate APRIL's scalability in large action spaces and its ability to facilitate policy transfer across diverse scenarios.</description><subject>action embedding</subject><subject>Cyberspace</subject><subject>large action space</subject><subject>Manuals</subject><subject>Network security</subject><subject>Penetration testing</subject><subject>Planning</subject><subject>policy transfer</subject><subject>Reinforcement learning</subject><subject>Scalability</subject><subject>Semantics</subject><subject>Testing</subject><subject>Training</subject><issn>1545-5971</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNqFisFqwkAUAPegoLX9AMHD-wHj25htE29iLS14kCb38ExewkqyK7trS_--Qeq5p4GZEWIuMZISs1Xxmu-iGOMkWiuZKsSRmEqVqKXKXuREPHh_xqGmWTIVbnv8_DhsINhvcrWHvKKOTh0DmRoKR8Y37G5iew3W2N5ePRzZcHAUtDVQsA_atKANHMi1w1fdfH6hiuFL013s-xPX9bA-inFDneenP87E4m1f7N6XmpnLi9M9uZ9SYooJ4vP6n_wLK_5J2g</recordid><startdate>20241213</startdate><enddate>20241213</enddate><creator>Zhou, Shicheng</creator><creator>Liu, Jingju</creator><creator>Lu, Yuliang</creator><creator>Yang, Jiahai</creator><creator>Hou, Dongdong</creator><creator>Zhang, Yue</creator><creator>Hu, Shulong</creator><general>IEEE</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><orcidid>https://orcid.org/0000-0001-9686-3836</orcidid><orcidid>https://orcid.org/0000-0002-4400-4295</orcidid><orcidid>https://orcid.org/0000-0001-6109-6737</orcidid><orcidid>https://orcid.org/0000-0002-8502-9907</orcidid></search><sort><creationdate>20241213</creationdate><title>APRIL: towards Scalable and Transferable Autonomous Penetration Testing in Large Action Space via Action Embedding</title><author>Zhou, Shicheng ; Liu, Jingju ; Lu, Yuliang ; Yang, Jiahai ; Hou, Dongdong ; Zhang, Yue ; Hu, Shulong</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-ieee_primary_108040063</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>action embedding</topic><topic>Cyberspace</topic><topic>large action space</topic><topic>Manuals</topic><topic>Network security</topic><topic>Penetration testing</topic><topic>Planning</topic><topic>policy transfer</topic><topic>Reinforcement learning</topic><topic>Scalability</topic><topic>Semantics</topic><topic>Testing</topic><topic>Training</topic><toplevel>online_resources</toplevel><creatorcontrib>Zhou, Shicheng</creatorcontrib><creatorcontrib>Liu, Jingju</creatorcontrib><creatorcontrib>Lu, Yuliang</creatorcontrib><creatorcontrib>Yang, Jiahai</creatorcontrib><creatorcontrib>Hou, Dongdong</creatorcontrib><creatorcontrib>Zhang, Yue</creatorcontrib><creatorcontrib>Hu, Shulong</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Zhou, Shicheng</au><au>Liu, Jingju</au><au>Lu, Yuliang</au><au>Yang, Jiahai</au><au>Hou, Dongdong</au><au>Zhang, Yue</au><au>Hu, Shulong</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>APRIL: towards Scalable and Transferable Autonomous Penetration Testing in Large Action Space via Action Embedding</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2024-12-13</date><risdate>2024</risdate><spage>1</spage><epage>17</epage><pages>1-17</pages><issn>1545-5971</issn><coden>ITDSCM</coden><abstract>Penetration testing (pentesting) assesses cybersecurity through simulated attacks, while the conventional manual-based method is costly, time-consuming, and personnelconstrained. Reinforcement learning (RL) provides an agentenvironment interaction learning paradigm, making it a promising way for autonomous pentesting. However, agents' scalability in large action spaces and policy transferability across scenarios limit the applicability of RL-based autonomous pentesting. To address these challenges, we present a novel autonomous pentesting framework based on reinforcement learning (namely APRIL) to train agents that are scalable and transferable in large action spaces. In APRIL, we construct realistic, bounded, host-level state space via embedding techniques to avoid the complexities of dealing with unbounded network-level information. We employ semantic correlations between pentesting actions as prior knowledge to represent discrete action space into a continuous and semantically meaningful embedding space. Agents are then trained to reason over actions within the action embedding space, where two key methods are applied: an upper-confidence bound-based action refinement method to encourage efficient exploration, and a distance-aware loss to improve learning efficiency and generalization performance. We conduct experiments in simulated scenarios constructed based on virtualized vulnerable environments. The results demonstrate APRIL's scalability in large action spaces and its ability to facilitate policy transfer across diverse scenarios.</abstract><pub>IEEE</pub><doi>10.1109/TDSC.2024.3518500</doi><orcidid>https://orcid.org/0000-0001-9686-3836</orcidid><orcidid>https://orcid.org/0000-0002-4400-4295</orcidid><orcidid>https://orcid.org/0000-0001-6109-6737</orcidid><orcidid>https://orcid.org/0000-0002-8502-9907</orcidid></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1545-5971
ispartof IEEE transactions on dependable and secure computing, 2024-12, p.1-17
issn 1545-5971
language eng
recordid cdi_ieee_primary_10804006
source IEEE Electronic Library (IEL)
subjects action embedding
Cyberspace
large action space
Manuals
Network security
Penetration testing
Planning
policy transfer
Reinforcement learning
Scalability
Semantics
Testing
Training
title APRIL: towards Scalable and Transferable Autonomous Penetration Testing in Large Action Space via Action Embedding
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T21%3A25%3A47IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=APRIL:%20towards%20Scalable%20and%20Transferable%20Autonomous%20Penetration%20Testing%20in%20Large%20Action%20Space%20via%20Action%20Embedding&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Zhou,%20Shicheng&rft.date=2024-12-13&rft.spage=1&rft.epage=17&rft.pages=1-17&rft.issn=1545-5971&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2024.3518500&rft_dat=%3Cieee_RIE%3E10804006%3C/ieee_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10804006&rfr_iscdi=true